Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
T6712: Add nonproduction banner
|
|
|
|
(cherry picked from commit 2f52106dc160f217d6e27da45674c0231a93382a)
Co-authored-by: khramshinr <khramshinr@gmail.com>
|
|
(cherry picked from commit 17c9b444ecc7883f1d8af01fefc8d00f6f1ef49b)
Co-authored-by: Nataliia S. <81954790+natali-rs1985@users.noreply.github.com>
|
|
Systemd comes with a default of 5 restarts in 10 seconds policy, this limit can
be hit by this reastart sequence, slow down a bit.
(cherry picked from commit 810d9a819ee378460a05ed6c7e064fb105058fc2)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
static: T4283: fix missing f'ormat string (backport #4131)
|
|
T6759: add support for italian keymap (backport #4132)
|
|
pki: T6481: auto import ACME certificate chain into CLI (backport #4118)
|
|
When using an ACME based certificate with VyOS we provide the necessary PEM
files opaque in the background when using the internal tools. This however will
not properly work with the CA chain portion, as the system is based on the
"pki certificate <name> acme" CLI node of a certificate but CA chains reside
under "pki ca".
This adds support for importing the PEM data of a CA chain issued via ACME into
the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by
other daemons. Importing the chain only happens, when the chain was not already
added manually by the user.
ACME certificate chains that are automatically added to the CLI are all prefixed
using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds
a safeguard when the intermediate CA changes, the referenced name on the CLI
stays consitent for any pending daemon updates.
(cherry picked from commit 875764b07f937fc599e2e62c667e7b811ddc2ed3)
|
|
set system option keyboard-layout it
(cherry picked from commit 1c83b39f30880b7e5297db3fffc3afd2cd699f55)
|
|
This fixes the error message:
Can not use both blackhole and reject for prefix "{prefix}"!
Added in commit bb78f3a9ad28 ("static: T4283: support "reject" routes - emit an
ICMP unreachable when matched")
(cherry picked from commit 490ee3ec5ba7ea28002890841eab8e46f775a129)
|
|
T6763: Delete Jenkins file (backport #4126)
|
|
(cherry picked from commit a3b79255fae48dea35b6fd240c6671e226382cfe)
|
|
T6687: add fqdn support to nat rules. (backport #4024)
|
|
(cherry picked from commit 4c3d037f036e84c77333a400b35bb1a628a1a118)
|
|
policy: T6751: add missing completion helpers for community-list (backport #4112)
|
|
syslog: T5367: add format option to include timezone in message (backport #4061)
|
|
dhclient: T6667: Added workaround for communication with FRR (backport #4002)
|
|
Add all missing, well-known values for the community-list regex.
(cherry picked from commit 3e94e5e318b852dfca36e64d078728d4f5d5304c)
|
|
Add CLI option to include the systems timezone in the syslog message sent to
a collector. This can be enabled using:
set system syslog host <hostname> format include-timezone
(cherry picked from commit 042be39ccabb43a766e04a447207610ff017bd7d)
|
|
To increase the chance for dhclient to configure routes in FRR, added a
workaround. Now 10 attempts are performed with 1 second delay and only after
this dhclient gives up.
(cherry picked from commit da64a7246e9b12d5bd84287517cfbfa59e364c28)
|
|
bridge: T6675: VXLAN Interface configuration lost due to improper bridge detachment (backport #4086)
|
|
syslog: T6719: fix the behavior of "syslog global preserve-fqdn" (backport #4079)
|
|
(cherry picked from commit c196c6d9207ef112e478f44923b2d0bc8a15b3c9)
|
|
detachment
(cherry picked from commit 7dbd07657c914d5a46eed101ae44d73ba3b4c6f0)
|
|
lldp: T6727: add missing input validation for interface names (backport #4091)
|
|
There is no input CLI validation on the interface name passed to the LLDP
service.
(cherry picked from commit 82ba669c2632ae554528b13efd6489ced3e39964)
|
|
wireless: T6709: fix missing wpa_supplicant configuration (backport #4087)
|
|
Commit 0ee8d5e35 ("ethernet: T6709: move EAPoL support to common framework")
added support to also have EAPoL on other interface types then ethernet. This
introduced a regression where the wireless interface wpa_supplicant configuration
would get deleted.
(cherry picked from commit 58dfd957fd8ec24caeca73105f7823148ef8c8bf)
|
|
T6496: Added support for WPA-Enterprise client-mode (backport #3711)
|
|
(cherry picked from commit 0c9499c5b3f7cc053c1f29ecf28d679c1a3156e2)
|
|
(cherry picked from commit 5a6ac65fe0684fc5298de3daa8582294ac387b46)
|
|
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`
fix: incorrect bssid mapping
fix: use the correct jinja templating (I think)
fix: “remote blank space
fix: attempt to fix the formatting in j2
fix: attempt to fix the formatting in j2
feat: rename enterprise username and password + add checks in conf mode.
fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part
fix: fix indentation on `wpa_supplicant.conf.j2`
(cherry picked from commit fc4263021acb72d2d8afb165922d9cb7e11b2bf1)
|
|
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers (backport #3823)
|
|
T6486: use data-ciphers instead of ncp-ciphers in "run generate openvpn client-config" (backport #3930)
|
|
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
|
|
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers
were replaced with `data-ciphers`
fix template for "generate openvpn client-config"
(cherry picked from commit ffbc04c591b534188cb08bf3991fadac4aa386a8)
|
|
T6539: add logging options to load-balancer reverse-proxy (backport #3753)
|
|
(cherry picked from commit dd5908eac390294ea178953fc0e6821d803d62f6)
|
|
Remove the lines of code that checked if the kernel had offloading
enabled and was then forcing the config to set it to "on." The
behavior now mirrors the config and offloading will only be enabled
if the config is explicitly set to enabled.
Note: the code is still present to disable the offloading, in the
config, if the kernel doesn't support it.
Note(2): Allow the previous behavior where the offload settings get set,
based on the Kernel, if the boot is a live boot.
(cherry picked from commit b6c2a7476bbd20bebc3e901cc55c17965ebfc423)
Co-authored-by: Dave Vogel <dvogel@greylogic.com>
|
|
* ethernet: T6709: move EAPoL support to common framework
Instead of having EAPoL (Extensible Authentication Protocol over Local Area
Network) support only available for ethernet interfaces, move this to common
ground at vyos.ifconfig.interface making it available for all sorts of
interfaces by simply including the XML portion
#include <include/interface/eapol.xml.i>
(cherry picked from commit 0ee8d5e35044e7480dac6a23e92d43744b8c5d36)
* bond: T6709: add EAPoL support
(cherry picked from commit 8eeb1bdcdfc104ffa77531f270a38cda2aee7f82)
---------
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
op-mode: T6715: manually changing time/date is not synced into hardware clock (backport #4071)
|
|
When not using NTP and adjusting the current system time/date using set date
the time is not saved across a reboot into the hardware RTC. This commit
explicitly syncs the current time after a change into the systems RTC.
Most routers do not run without NTP (which is even a VyOS default) so the
priority is pretty low.
(cherry picked from commit 835126e249c1a8b7ae87ac169a8eb9d2df979249)
|
|
op-mode: T6682: Fix for show vpn ike sa peer that always shows all SAs (backport #4057)
|
|
(cherry picked from commit 8c6a57124af37ba410dd01797e9242b3a79f171a)
|
|
T6703: Adds option to configure AMD pstate driver (backport #4046)
|
|
T6674: Actions fix variable for trigger build reuse repo (backport #4067)
|