Age | Commit message (Collapse) | Author |
|
After e7bb65894 ("vrf: T6189: render FRR L3VNI configuration when creating VRF
instance") we need to ensure that the VRF L3VNI configuration is removed in FRR
prior to removing the BGP VRF instance.
The reason is [1] where FRR only allows VRF BGP instance to be removed when
there is NO VNI configured anymore.
1: https://github.com/FRRouting/frr/blob/064c3494527b9e84260410006768ed38e57e1de7/bgpd/bgp_vty.c#L1646-L1650
|
|
When adding and removing VRF instances on the fly it was noticed that the vni
statement under the VRF instance in FRR vanishes. This was caused by a race
condition which was previously designed to fix another bug.
The wierd design of a Python helper below the VRF tree to only generate the
VNI configuration nodes is now gone and all is rendered in the proper place.
|
|
vyos.utils: T6244: add whitespace after time unit in uptime
|
|
T6237: IPSec remote access VPN: ability to set EAP ID of clients
|
|
|
|
$ touch /tmp/vyos.smoketest.debug
will enable dynamic debugging of the smoketests - showing the appropriate CLI
commands on stdout
|
|
T6246: improve haproxy http check configuration
|
|
|
|
We only supported calculating seconds to weeks but not seconds to years. This
has been added.
Testcase:
from vyos.utils.convert import seconds_to_human
minute = 60
hour = minute * 60
day = hour * 24
week = day * 7
year = day * 365.25
for separator in ['', ' ', '-', '/']:
print(f'----- Using separator "{separator}" -----')
print(seconds_to_human(10, separator))
print(seconds_to_human(5* minute, separator))
print(seconds_to_human(3* hour, separator))
print(seconds_to_human(4* day, separator))
print(seconds_to_human(7 * week, separator))
print(seconds_to_human(10 * year, separator))
print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator))
print()
cpo@LR1.wue3:~$ ./foo.py
----- Using separator "" -----
10s
5m
3h
4d
7w
10y
5y4w3d2h1m5s
----- Using separator " " -----
10s
5m
3h
4d
7w
10y
5y 4w 3d 2h 1m 5s
----- Using separator "-" -----
10s
5m
3h
4d
7w
10y
5y-4w-3d-2h-1m-5s
----- Using separator "/" -----
10s
5m
3h
4d
7w
10y
5y/4w/3d/2h/1m/5s
|
|
When handling optional separators rather build up a list and join the list
with the requested delimiter to form the resulting human readable time string.
|
|
|
|
|
|
T6246: basic haproxy http-check configuration
|
|
openvpn: T6245: return 'n/a' if client info not available
|
|
|
|
T6221: Return default ip rule values after deleting VRF
|
|
pki: T6241: do not call dependency before its initialization
|
|
|
|
Fix for restoring default ip rule values after deleting VRF
Defult values:
```
$ ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
```
After adding and deleting a VRF we get unexpected values:
```
$ ip rule
1000: from all lookup [l3mdev-table]
2000: from all lookup [l3mdev-table] unreachable
32765: from all lookup local
32766: from all lookup main
32767: from all lookup default
```
|
|
|
|
T6191: do not append action policy route|route6 when its not specified
|
|
image-tools: T6154: installer prompts to confirm password
|
|
|
|
specified, in order to ensure same behavior as in Equuleus
|
|
T5722: Failover route add option onlink
|
|
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates
|
|
server certificates
|
|
pki: T6241: Fix dependency updates on PKI changes
|
|
onlink pretend that the nexthop is directly attached to this link,
even if it does not match any interface prefix.
Useful when gateway not in the same interface network
set interfaces ethernet eth0 vif 10 address '10.20.30.1/32'
set protocols static route 10.20.30.0/32 interface eth0.10
set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink
```
vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover
Error: Nexthop has invalid gateway.
[edit]
vyos@r4#
[edit]
vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover
[edit]
vyos@r4#
```
|
|
T5535: firewall: migrate command <set system ip disable-directed-broadcast> to firewall global-optinos
|
|
|
|
T5734: OpenVPN check PKI DH name exists if DH configured
|
|
to firewall global-optinos
|
|
Check if DH is configured for OpenVPN but does not exist in the
PKI section
```
set pki dh dh-correct parameters 'xxxx'
set interfaces openvpn vtun10 tls dh-params 'dh-fake'
File "/usr/libexec/vyos/conf_mode/interfaces_openvpn.py", line 208, in verify_pki
pki_dh = pki['dh'][tls['dh_params']]
~~~~~~~~~^^^^^^^^^^^^^^^^^^
KeyError: 'dh-fake'
```
|
|
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt
|
|
T6100: Added NAT migration from IP/Netmask to Network/Netmask
|
|
T5872: fix ipsec dhclient hook uses "exit" instead of "return"
|
|
|
|
T6235: Git update actions-label-merge-conflict version
|
|
Update `actions-label-merge-conflict` due to `Node.js 16 actions are deprecated.`
|
|
Added params for configuration red on the shaper policy
|
|
fails (#3296)
|
|
Added NAT migration from IP/Netmask to Network/Netmask.
In 1.3 allowed using IP/Netmask in Nat rules.
In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask.
|
|
T5871: ipsec remote access VPN: specify "cacerts" for client auth
|
|
|
|
T6222: VRRP show prefix for long rfc3768-compatibility interfaces allow prefix vrrp
|
|
firewall: T6216: replace plus symbols (allowed by IPset but not NFT) in group names with underscores
|
|
T5169: Add PoC for generating CGNAT rules rfc6888
|
|
T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i>
|
|
errors when using character <+> in 1.3 in firewall groups and custom firewall chains.
|