Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
|
|
This option is mandatory and must be user configurable as it needs to match
on both sides.
(cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
|
|
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
|
|
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given
pool. In order to use the same CLI syntax this should be renamed to name-server,
which is already the case for DHCPv6.
(cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
|
|
vyos@vyos# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 192.168.10.0/24 {
next-hop 10.0.0.2
}
static-route 192.168.20.0/24 {
router 10.0.0.2
}
}
}
(cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
|
|
Restarting DHCPv6 server should not be possible when service is not configured
on the CLI.
(cherry picked from commit 224f0b8042f439b8dcc0eb32730da669e8b163af)
|
|
(cherry picked from commit 5d4c75d7fdecc56a8864a3ef76ead3f6121a0cff)
|
|
(cherry picked from commit 83f9d4b8bac6b5d401dfea19d4f9d61b7e638a47)
|
|
(cherry picked from commit 41807725cad3266bf426a9de411bb693b914395e)
|
|
(cherry picked from commit 60f34805d72973e510d1381e4b67a73d0a0952f4)
|
|
OpenConnect: T3837: Fix typo in help property
|
|
|
|
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer")
introduced Python3 f'ormatted strings but missed the "f" keyword.
(cherry picked from commit dda9f655f94968b07043887a03e3bba176eb94d5)
|
|
(cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25)
|
|
(cherry picked from commit 6b48900358ce9b01eaa78e3a086e95a26064f0df)
|
|
Commit b8bb9f586 ("T3822: set the OpenVPN key file owner to openvpn:openvpn")
changed the permissions only for file present in the "fix_permissions" list.
The list did not contain all required certificates - this has been fixed.
|
|
T3822: set the OpenVPN key file owner to openvpn:openvpn
|
|
|
|
|
|
|
|
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
|
|
(cherry picked from commit d39567c977c84f1c16998947e16d397edbb015be)
|
|
|
|
|
|
states
Turns out an AX88179 USB 3.0 NIC does not support reading back the speed and
duplex settings in every operating state. While the NIC is beeing
initialized, reading the speed setting will return:
$ cat /sys/class/net/eth6/speed
cat: /sys/class/net/eth6/speed: Invalid argument
Thus if this happens, we simply tell the system that the current NIC speed
matches the requested speed and nothing is changed at this point in time.
|
|
Move the two implementations to get the driver name of a NIC from ethernet.py
and ethtool.py to only ethtool.py.
|
|
|
|
This change is required and currently only impacts WireGuards peer configuration,
so that the peers name is not mangled.
(cherry picked from commit 4d2201eed00ac4780d0196abf53dd9b7cb943a09)
|
|
(cherry picked from commit 2647edc30f1e02840cae62fde8b44345d35ac720)
|
|
(cherry picked from commit 84e912ab2f583864e637c2df137f62f3d4cbeb14)
|
|
process_node() processes the XML tree in a fixed order, "node" before "tagNode"
before "leafNode". If the generator created a "node.def" file, it can no longer
be overwritten - else we would have some stale "node.def" files with an empty
help string (T2555). Without the fixed order this would resulted in a case
where we get a node and a tagNode with the same name, e.g. "show interfaces
ethernet" and "show interfaces ethernet eth0" that the node implementation
was not callable from the CLI, rendering this command useless (T3807).
This can be fixed by forcing the "node", "tagNode", "leafNode" order by sorting
the input XML file automatically (sorting from https://stackoverflow.com/a/46128043)
thus adding no additional overhead to the user.
(cherry picked from commit 7623e37c918c65418d8dfc521f976bb91f0594c0)
|
|
(cherry picked from commit bd2c79ebb8abbd844f4b0568110c7bcea0d8f4f1)
|
|
This patch allows the use of `"` in ssh public-key options which
unlocks the ability to set the `from` option in a way that sshd will
accept to limit what hosts a user can connect from.
(cherry picked from commit 6b52387190f8213e7e02060e894c6ddd4fb7cb3d)
|
|
tunnel: T2920: Add checks tun with same source addr and keys
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
(cherry picked from commit 84a429b41175b95634ec9492e0cf3a564a47abdd)
|
|
2 tunnels with the same local-address should has different keys
Check existing tunnels (source-address key) with new tunnel.
|
|
(cherry picked from commit e211cdbb375dba13af33d6ad6c3addab707f2870)
|
|
(cherry picked from commit 7546e249708de3e0b4bf8f89912caf73265edd60)
|
|
syslog: T3396: Fix template for remote IPv6 host
|
|
|
|
implementations
(cherry picked from commit 9d0c37fbbc91acc9f2c0f2abaab360479e451f0f)
|
|
message
(cherry picked from commit 10814c4d3360598262e991e4b20768dfcde91d75)
|
|
T3804 changed how DHCP servers from DHCP interfaces are read in and passed to
the system. The config migrator is tested with this addition.
(cherry picked from commit 0a82936aff8bbfcc6253f4767ea82805525c47ec)
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
|
|
T3697: fix the deadlock in IPsec options script
|
|
The root cause is that the ipsec-settings.py script is run _twice_:
first from "vpn ipsec options", then from the top level "vpn" node.
The case when it's not required is when:
* "vpn ipsec" configuration doesn't exist yet
* user configured it with "vpn ipsec options"
* the ipsec-settings.py script is run first time, from "vpn ipsec options"
Trying to restart charon at that stage leads to a deadlock.
|
|
Commit 27e53fbc ("op-mode: T3619: bugfix "show interfaces" for VLANs") fixed
the op-mode command for the "show interfaces" operation, but if a user was
interested in all the ethernet or bridge interfaces, the command "show
interfaces <type> detail" did not yield any output.
The filtered_interfaces() function was further generalized to only operate on
base components and call itself recusively if required.
(cherry picked from commit 5e1f76d16332a917bfd99c6f2bffcd73e61d934d)
|
|
Commit 31169fa8a7 ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") always instantiated an object of the Ethtool class for an
ethernet object - this is right as a real ethernet interface is managed by
Ethtool.
Unfortunately the script used for "show interface" determindes the "base class"
for an interface by its name, so eth0 -> Ethernet, eth0.10 -> Ethernet. This
assumption is incorrect as a VLAN interface can not have the physical parameters
changed of its underlaying interface. This can only be done for eth0.
There is no need for the op-mode script to determine the implementation class
for an interface at this level, as we are only interested in the state of the
interface and it's IP addresses - which is a common operation valid for every
interface on VyOS.
(cherry picked from commit 27e53fbcd843c3aad27db9e97f9060ae6dfcc5ee)
|
|
(cherry picked from commit 5bde11aceffd3d7fca99e582b16555fc0c584410)
|
|
openvpn: T690: Add metric for pushed routes
|