| Age | Commit message (Collapse) | Author |
|---|
|
T5586: delete old systemd unit keepalived service
|
|
|
|
The custom systemd unit is not required as we generate 10-override
which was implemented in https://github.com/vyos/vyos-1x/pull/2310/commits/5a6938a2e14373dfaa72211fe18deeb257d3ba12
|
|
bfd: T5967: add minimum-ttl option
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
(partially cherry-picked from 1f07dcbddfcfdbb9079936ec479c5633934dd547)
|
|
(cherry picked from commit 32183aa0f0f9c51126d21693db0eafa256419b31)
|
|
ethernet: T4638: deleting parent interface does not delete underlying VIFs (backport #2850)
|
|
(cherry picked from commit 7ba47f027f3a9441125c13a927eb23cee2de041b)
|
|
wireguard: T5924: harden migration script logic 22-to-23
|
|
|
|
The original commit 2c1c36135 ("wireguard: T5413: Blocked adding the peer with
the router's public key") did not honor the fact that there might be no
private-key CLI node defined for a WireGuard interface. If this is the case,
private-key defaults to "default". This fact needs to be handled in the
migration script.
|
|
console: T4646: Fixed USB console issues (backport #1508)
|
|
* fixed the `systemctl restart` command that used a value from config instead
converted to `ttyUSBX`
* moved systemd units from `/etc/` to `/run/`
(cherry picked from commit ad1236e8d72ff29e0e2215df175b6f032fba75eb)
|
|
T1297: vrrp: backport VRRP GARP options to Equuleus
|
|
|
|
ddclient: T5852: add missing priority (backport #2703)
|
|
Running ddclient on a VLAN interface will fail during reboot as there is no
discrete priority to tell that the dynamic DNS service needs to be started
after the interfaces.
(cherry picked from commit ef237a7555843226e9bf48e552ed5feb5df581f4)
|
|
T5796:backport-add/fixed OCSERV HTTP security headers
|
|
|
|
T5817: Fix for show openvpn server
|
|
In some cases we can get error:
```
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module>
data = get_status(args.mode, intf)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status
client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address
tunnel_ip = lst[0].split(',')[0]
IndexError: list index out of range
```
|
|
wireguard: T5413: Blocked adding the peer with the router's public key
|
|
|
|
https: T5772: Move API key check to http-api.py
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
|
|
This reverts commit 57ba2fa91573ad2ecd03f0c2eb89507dfc397f1e.
|
|
T5714: op-cmd: Fix for "show log vpn ipsec/all"
|
|
https: T5772: remove the default API key
|
|
The new verification code prevents it from being used,
but it's not a reason to keep it
|
|
pppoe: T5630: make MRU default to MTU if unspecified (backport #2527)
|
|
T5763: fix imprecise check for remote file name (backport #2511)
|
|
(cherry picked from commit fe9b08665367b8e7d9b906a0760d44efc9b5cafb)
|
|
Disabled adding the peer with the same public key as the router has.
Backport from current
https://github.com/vyos/vyos-1x/pull/2122
|
|
smoketest: tftp: T4012: disable VRF based tests due to false positives
|
|
https api: T5772: check if keys are configured unless PAM auth is enabled for GraphQL (backport #2522)
|
|
TFTP VRF support is working on a live system but the smoketests tend to fail.
This commit removes the VRF based smoketests for TFTP server, to make
the equuleus Jenkins builds work again.
|
|
This fixes the implementation in e062a8c11 ("pppoe: T5630: allow to specify MRU
in addition to already configurable MTU") and restores the bahavior that MRU
defaults to MTU if MRU is not explicitly set.
This was the behavior in VyOS 1.3.3 and below before we added ability to define
the MRU value.
(cherry picked from commit ffd7339e2ea3eafdd97ac0763ca4a3913fe71bf3)
|
|
unless PAM auth is enabled for GraphQL
(cherry picked from commit 8c450ea7f538beb0b2cd21d35c05d18db49a1802)
|
|
PAM: T5577: Optimized RADIUS PAM config (backport from circinus)
|
|
- Added system `radius` group
- Added `mandatory` and `optional` modes for RADIUS
- Improved PAM config for RADIUS
New modes:
- `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be
stopped and access denied immediately.
- `optional` (default) - if RADIUS answers with `Access-Reject`, authentication
continues using the next module.
In `mandatory` mode authentication will be stopped only if RADIUS clearly
answered that access should be denied (no user in RADIUS database, wrong
password, etc.). If RADIUS is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
`optional` mode.
|
|
T4940: new interfaces debugging command equuleus
|
|
|
|
No results shown for this command "show log vpn ipsec"
Changed to journalctl
|
|
scripts: T4269: node.def generator should automatically add default values (backport)
|
|
bridge: T5670: add missing constraint on "member interface" node
|
|
correct include filename extension
|
|
T5586: Disable by default SNMP for Keeplived VRRP service
|
|
bridge: T5670: add missing constraint on "member interface" node
|
|
One could specify a bridge member of VXLAN1 interface, but it is not possible
to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN
interface name validator.
Add missing interface-name validator code
(cherry picked from commit 45dc149e4e3c0c294deac6fd541bb027d2280ea1)
(cherry picked from commit e619b23b8889543465b61eb00d5b0d3c8063ae95)
|
