Age | Commit message (Collapse) | Author |
|
|
|
This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix
default action 'drop' for the firewall") in a way that we can now also use the
XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This
is a much cleaner approach which also adds the default value automatically to
the CLIs completion helper ("?").
|
|
The CLI command was a duplicate of the "show dns forwarding" command and did
not follow or re-trigger the commadn to watch it. It produced 1:1 the same
output as "show dns forwarding".
|
|
|
|
|
|
opmode: T4657: fixed opmode with return type hints
|
|
firewall: T4655: Fix default action 'drop' for the firewall
|
|
nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf
|
|
console: T4646: Fixed USB console issues
|
|
This commit excludes `return` from `typing.get_type_hints()` output,
which allows generate argparse arguments for function properly.
|
|
* fixed the `systemctl restart` command that used a value from config instead
converted to `ttyUSBX`
* moved systemd units from `/etc/` to `/run/`
|
|
Commit 31169fa8a763e ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") added the new implementation which handles NIC offloading.
Unfortunately every single implementation was copied from "gro" which resulted
in a change to gro for each offloading option - thus options like lro, sg, tso
had no effect at all.
It all comes down to copy/paste errors ... one way or another.
|
|
For some reason after firewall rewriting we are having default
action 'accept' for 1.4 and default action 'drop' for 1.3
Fix this issue, set default action 'drop'
|
|
Move nftables nat configuration from /tmp to /run
As we have for other services like firewall, conntrack
Don't remove the config file '/run/nftables_nat.conf' after commit
|
|
rpki: T4654: Fix RPKI cache description
|
|
Fix wrong descriptions for the RPKI server
It was mentioned about the NTP server
|
|
|
|
|
|
|
|
graphql: T4640: add schema defs and resolver support for op-mode errors
|
|
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
|
|
is set
Adds a sysctl parameter to ignore the default router obtained from router
advertisements when pppoe no-default-route is set.
|
|
|
|
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39.
|
|
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459.
|
|
Section.interface()
Commit cfde4b49 ("ifconfig: T2223: add vlan switch for Section.interfaces()")
added the functionality of the local get_interfaces() function to the base
class so all other parts in the system can query for interface names of a given
type including or excluding their vlan sub-interfaces.
|
|
nat66: T4631: Add port and protocol to nat66 conf
|
|
nat: nat66: T4650: Rewrite op-mode nat translation
|
|
smoketest: T4643: Delete vpn sstp from config as we have HTTP
|
|
Rewrite op-moe "show nat|nat66 translation" to vyos.opmode format
Ability to get machine-readable format "raw"
|
|
Fixed creating IPSEC tunnel to Hub. Added continues of execution
generator functions.
|
|
|
|
HTTP and sstp cannot work together and in the test config
1.4-rolling-202106290839 we didnot have configurable port for
such services
So we shoud delete sstp from this smoketest config test
In fact it is never working at all 'smoketest/configs/pki-misc'
It commits without errors before but in the real life we get 3
services (https openconnect sstp) that bound the same port
|
|
|
|
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format
|
|
|
|
Sometimes we are only interested in the parent interfaces without any VLAN
subinterfaces. Extend the API with a vlan argument that defaults to True to
keep the current behavior in place.
|
|
|
|
|
|
|
|
|
|
op-mode: T4645: Show nat source statistics missing argument --family
|
|
smoketest: T4643: Change openconnect default port
|
|
sstp: T4644: Check SSTP bind port before commit
|
|
As we use in commit 8d4205a9 argument '--family' for the
function '_get_raw_data_rules(direction, family)' we must use it
and for 'nat.py show_statistics' as it get raw data from the same
function
|
|
By default SSTP bind port '443' and this port can be used by
another service like 'service https' or 'vpn openconnect'
Check if port bound to another service
|
|
Change openconnect port as both ocserv and sstp bind
by default the same port 443
|
|
firewall: T4622: Add TCP MSS option
|
|
A macsec interface requires a dedicated source interface, it can not be
shared with another macsec or a pseudo-ethernet interface.
set interfaces macsec macsec10 address '192.168.2.1/30'
set interfaces macsec macsec10 security cipher 'gcm-aes-256'
set interfaces macsec macsec10 security encrypt
set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4'
set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6'
set interfaces macsec macsec10 source-interface 'eth1'
commit
set interfaces pseudo-ethernet peth0 source-interface eth1
commit
Reuslts in
FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private
returned:
exit code: 2
noteworthy:
cmd 'ip link add peth0 link eth1 type macvlan mode private'
returned (out):
returned (err):
RTNETLINK answers: Device or resource busy
[[interfaces pseudo-ethernet peth0]] failed
Commit failed
|
|
nat66: T4626: Rewrite op-mode show nat66 rules
|