Age | Commit message (Collapse) | Author |
|
container: T4834: Limit network names to 11 characters (15 char max including "cni-" prefix)
|
|
including "cni-" prefix)
* Error: unable to start container "<id>": plugin type="bridge" failed (add): cni plugin bridge failed: failed to create bridge "cni-thisismorethan15chars": could not add "cni-thisismorethan15chars": numerical result out of range
|
|
Catch expiration error and return error-specific message instead of
general 'not authenticated'.
|
|
A misreading of the makefun docs seemed to indicate Optional was not
supported; it is.
|
|
load_as_module was added to util.py for T4821; prefer over local copy
|
|
T4823: Fix IPsec transport mode remote TS
|
|
Remote TS for transport mode GRE must be remote-address and
not peer name
|
|
IPsec: T4829: tunnel argument to 'reset_peer' should have type hint Optional
|
|
|
|
|
|
T4812: Add op-mode Show vpn ipsec connections
|
|
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added
the implementation for the new standardized op-mode definitions/implementation.
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be
generated.
|
|
|
|
T4827: Route-map state continue must be with action permit only
|
|
route-map action 'deny' cannot be used for "continue"
as FRR does not validate it
r14(config)# route-map FOO permit 100
r14(config-route-map)# route-map FOO deny 50
r14(config-route-map)# on-match goto 100
% Configuration failed.
Error type: validation
r14(config-route-map)#
|
|
|
|
vyos.template.bracketize_ipv6() has a build-in check if the supplied address
is of IPv6 AFI. No need to code an external check arround that.
|
|
T4830: nat66: fix how nat66 rules are written in nftables
|
|
works as expected
|
|
IPsec: T4828: raise op-mode error on incorrect value
|
|
|
|
T4826: Fix login pubkey key type ed25519-sk ecdsa-sk
|
|
Requires full key type name like sk-ecdsa-sha2-nistp256@openssh.com
and sk-ssh-ed25519@openssh.com
|
|
firewall: T4821: correct calling of conf_mode script dependencies
|
|
T4793: Added warning about disable-route-autoinstall
|
|
Added warning message about disable-route-autoinstall
when ipsec vti is used.
|
|
policy: T2199: T4605: Migrate policy route interface node
|
|
|
|
|
|
T4819: Allow printing Warning messages in multiple lines with \n
|
|
T4794: Fix show show firewall name
|
|
show firewall name <name> will output an error as explained in
https://phabricator.vyos.net/T4794
|
|
|
|
skopeo does not support overwriting an image - simply remove and readd it.
|
|
Allow printing Warning messages and DeprecationWarning
in multiple lines with \n
|
|
|
|
This reverts commit 44df1cea1ebc3296844c5c35cf053a92cda4b944.
|
|
This reverts commit 726cdf8bfd27d751737383102fa205f3c082710c.
|
|
Add op-mode CLI "show vpn ipsec connections"
Add the ability to show all configured connections/tunnels and
their states.
Ability to get --raw data
|
|
T4815: ip-up/down scripts needs the executable bit
|
|
ip-up/down scripts added in https://github.com/vyos/vyos-1x/pull/1656
need the executable bit.
|
|
migration: T4808: add details of configtree operations to migration log
|
|
T4813: Add L3vpn over gre option from route-map
|
|
T4815: Fix various name server config issues
|
|
1. When a PPPoE session is connected, `pppd` will update
`/etc/resolv.conf` regardless of `system name-server` option unless `no-peer-dns` is set.
This is because `pppd` vendors scripts `/etc/ppp/ip-up.d/0000usepeerdns` and `/etc/ppp/ip-down.d/0000usepeerdns`,
which updates `/etc/resolv.conf` on PPPoE connection and reverts the change on disconnection.
This PR removes those scripts and adds custom scripts to update name server entries through `vyos-hostsd` instead.
2. There is a typo in `/etc/dhcp/dhclient-enter-hooks.d/04-vyos-resolvconf, which misspells variable name `new_dhcp6_name_servers` as `new_dhcpv6_name_servers`.
This causes IPv6 name server entries in `vyos-hostsd` not updated
when dhclient receives nameservers from DHCPv6.
3. Regular expressions in scripts under `/etc/dhcp/dhclient-enter-hooks.d` and
`/etc/dhcp/dhclient-exit-hooks.d/` are not enclosed in `^$`, so those
IPv4 related branches (like `BOUND`) could be mistakenly executed when an IPv6
reason (like `BOUND6`) is given.
|
|
|
|
|
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
|
|
|