Age | Commit message (Collapse) | Author |
|
T5925: Containers change systemd KillMode
|
|
T5857: Fix op-mode show interfaces wireless info unconf message
|
|
By default we use mode `none` for containers
Unit uses KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update the
service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
|
|
When a router does not have wireless interfaces the proper
unconfigured message must be exist
|
|
bgp: T5306: fix verify_remote_as() to support v6only interface with peer-group
|
|
To test:
set protocols bgp neighbor eth0 interface v6only peer-group 'fabric'
set protocols bgp peer-group fabric address-family ipv4-unicast
set protocols bgp peer-group fabric address-family ipv6-unicast
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'
set protocols bgp system-as 64496
|
|
T5922: firewall: fix intra-zone filtering parsing rules; update firew…
|
|
image-tools: T5910: explicitly set transmission speed of serial console
|
|
smoketest
|
|
This reverts commit 800c85a20a00278ab07bbcccd85b753b1ca31e21.
|
|
GRUB defaults to 9600 in case of serial console; explicitly set to
115200.
|
|
T5791: T5918: use genetic pattern to detect dynamic interfaces for ipsec and dynamic dns
|
|
syslog: T1487: store all journald log files also in syslog
|
|
T5919: firewall: fix <show firewall ipv6 ..> command
|
|
Fix after commit 8452d8f4921 ("T5918: Fix typo in verify vpn ipsec interface")
so that dynamic interfaces can be used by ipsec but a warning is issued that
this will only work after they are available on the system.
PPPoE interfaces are the best example for this, as they are down during system
bootup and will be available anytime after the boot once we've dialed into
the BRAS.
|
|
|
|
This uses a more common pattern froma base class while the original code from
0a1c9bc38 ("T5791: DNS dynamic exclude check for dynamic interfaces PPPoE") is
still retained.
|
|
This is useful to send the journal logs to external syslog servers
|
|
firewall: T5814: Retain legacy 'accept' behaviour and re-order migration
|
|
the lease file (#2796)
|
|
T5918: Fix typo in verify vpn ipsec interface
|
|
The correct CLI command is `interface` and not `interfaces`
```
set vpn ipsec interface xxx
```
|
|
T5688: Changed 'range' to multi in 'client-ip-pool' for accell-ppp
|
|
bgp: T5913: allow peer-group support for ipv4|6-labeled-unicast SAFI
|
|
|
|
T5915: firewall: re-add opmode command for zone based firewall
|
|
dhcp: T3316: T5787: T5912: Extend scope of DHCP options, bugfixes
|
|
image-tools: T5917: annotate image list with (running)/(default boot)
|
|
Pre-1.4 firewall 'accept' action acted as a 'return'. This change ensures the migrated rules meet the expected behaviour.
This commit also re-orders migrated in/out/local jumps ordered by direction instead of interface.
|
|
|
|
|
|
T5916: Added segment routing check for index size and SRGB size
|
|
|
|
|
|
|
|
|
|
supported by Kea
|
|
|
|
https: T5902: remove virtual-host configuration
|
|
Changed node 'range' to multi in 'client-ip-pool' for accell-ppp
services.
Added completionHelp to default-pool and next-pool.
Fixed verification in vpn l2tp config script.
|
|
This extends commit 86d1291ec5 ("[boot-config-loader] T1622: Add failsafe
and back trace") and adds missing groups to the vyos user. Without this
change the vyos user will only have operator (vyos@vyos>) privileges,
even if this level is discontinued.
One could hack himself up as the user has sudo rights, but rather place
the user in the right groups from the beginning.
NOTE: This user is only added if booted with "vyos-config-debug" and
an error when the configuration can not be loaded at all.
|
|
hyphen (-)
When testing for changed PKI certificates using node_changed(), we should not
use key_mangling=('-', '_'), as this will make certificate updates with a hypen
not possible.
|
|
We have not seen the adoption of the https virtual-host CLI option.
What it did?
* Create multiple webservers each listening on a different IP/port
(but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
the default host
This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.
Changes
Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
|
|
pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()
|
|
smoketest: T5195: fix BasicInterfaceTest tearDown() timeout penalty
|
|
Commit ad9bdfc24 ("T5195: add timeout argument to process_named_running()")
added a 2*10 seconds penalty for every interface test (dhcp and dhcpv6).
This leads to long runs of "make test" after an ISO build.
There is no need to wait 10 seconds for a test that checks for a process
not running. The timeout is there to give the process some time to startup.
|
|
image: T5898: fix kernel-level partition rescan
|
|
This fixes a priority inversion when doing initial certificate commits.
* pki subsystem is executed with priority 300
* vti uses priority 381
* ipsec uses priority 901
On commit pki.py will be executed first, detecting a change in dependencies
for vpn_ipsec.py which will be executed second. The VTI interface was yet not
created leading to ConfigError('VTI interface XX for site-to-site peer YY does
not exist!')
The issue is caused by this new line of code in commit b8db1a9d7ba ("pki:
T5886: add support for ACME protocol (LetsEncrypt)") file src/conf_mode/pki.py
line 139 which triggers the dependency update even if a key is newly added.
This commit changes the "detection" based on the cerbot configuration on disk.
|
|
|
|
|