Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 9e626ce7bad2bd846826822a3622fedf2d937e09)
|
|
openvpn: T3686: Fix for check local-address in script and tmpl
|
|
vrrp: T1972: Ability to set IP address on not vrrp interface
|
|
VLAN isolation can not be "set" when interface is of type wifi.
(cherry picked from commit 1ceaed55a629c92cf42baccdef4106e8d0e4914e)
|
|
|
|
Ability to set virtual_address on not vrrp-listen interface
Add ability don't track primary vrrp interface "exclude-vrrp-interface"
Add ability to set tracking (state UP/Down) on desired interfaces
For example eth0 is used for vrrp and we want to track another eth1
interface that not belong to any vrrp-group
set high-avail vrrp group WAN interface 'eth0'
set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2'
set high-avail vrrp group WAN track exclude-vrrp-interface
set high-avail vrrp group WAN track interface 'eth1'
|
|
dhcpv6-server: T3494: Get address from network to correct sorting
|
|
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
(cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
|
|
.sort() is an inplace operation and return None...
|
|
|
|
|
|
Adds support for `ip -6 rule` policy based routing.
Also, extends the existing ipv4 implemenation with a
`destination` key, which is translated as
`ip rule add to x.x.x.x/x` rules.
https://phabricator.vyos.net/T4151
|
|
(cherry picked from commit 122c7a53575f67759f157e02eca776f799658dc1)
|
|
interface
It is impossible for the OS kernel to distinguish multiple GRE tunnels when no
"gre key" is configured when sourcing tunnels from the same interface.
(cherry picked from commit 6f1326d6b68f6dcb83843374c876407ef2922bd1)
|
|
We always mangled and worked on the "ip rule" singleton even when nothing
needed to be changed. This resulted in a VRF hickup when the same VRF was added
and removed multiple times.
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
delete interfaces ethernet eth1 vrf
delete vrf
commit
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
broke reachability on eth1 - a reboot was required.
This change will now only alter the ip rule tables once when VRF instances
are created for the first time and will not touch the Kernel "ip rule"
representation afterwards.
(cherry picked from commit 2cec431e5caf9df85640f707cd6dc3077c17c238)
|
|
(cherry picked from commit b40315b3c5051888f499961e63410e14c5d1bad7)
|
|
(cherry picked from commit 812d9770619b968b04961aebf3944fde13df491b)
|
|
(cherry picked from commit d96bab4e6da517f07133667834cd6f8bcfb5160f)
|
|
conntrack-sync: T4237: Fix checks for listen-address list to str
|
|
Verify section conntrack_sync.py funciton 'is_addr_assigned'
should checks address as string not as list
|
|
As INFLUX_TOKEN is present in override.conf.tmpl environment we expect
variable "$INFLUX_TOKEN" in the telegraf template and config but not
value of the token
(cherry picked from commit 19f65290529ac642da419ac77003ddaa70d0cc67)
|
|
OpenVPN can't start if it depends on VRRP virtual-address as
virtual-address is not yet assigned by HA (openvpn and ha
in one commit) as we have checks "if address assigned"
It depends on commit priorities:
460 interfaces/openvpn
800 high-availability
Replace check if local-host address assigned from raise ConfigError
to print (just notification)
Allow to bind OpenVPN service to nonlocal address
|
|
monitoring: T3872: Add new feature service monitoring telegraf
|
|
|
|
|
|
|
|
|
|
|
|
(cherry picked from commit b4185f8356d69476292906ebe32daf1c4867601a)
|
|
(cherry picked from commit 5e7e96380b314587bbd8bd584848d39caef86f3f)
|
|
(cherry picked from commit 11a900e706db59459314622050ced7d4117f090b)
|
|
firewall-bridge: T4193: Add op-mode for firewall policy
|
|
There is spelling mistake in "advertisement" of hello-time option's
completion help
(cherry picked from commit b10baca3c8663e7e56eb9abfb3c03ce576c34f1f)
|
|
|
|
DHCP: T4196: fix client-prefix-length parameter
|
|
|
|
(cherry picked from commit 3ef881fcc3aada5846e3dd9ec20054c0e7261f46)
|
|
Drop the overcomplex function get_config_value() to search for NTPd
configuration values. Rather assemble the required string and probe for
its presence in the configuration like we do on most other smoketests.
(cherry picked from commit ba9dc4c2ff89a7a71b84bc84db20e89f604919f2)
|
|
ntp: T4184: Fix allow-clients address 1.3
|
|
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
(cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a)
|
|
T4183: T4110: Ability to set IPv6-link-local addresses for services and wg
|
|
Add ability to set for services like "SSH/NTP" listen IPv6 link-local
addresses
|
|
Allow setting ipv6-link-local addresses as peer address for
wireguard interfaces
Add validator "ipv6-link-local"
|
|
|
|
squid: T3299: Add listen address 0.0.0.0
|
|
(cherry picked from commit 5a73c946000902f6e445b0803ca090f7fc6e0954)
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
(cherry picked from commit 2a279f48e208b90c91eac5d6c5855e65cee39018)
|
|
(cherry picked from commit 1a74e6b3ce061f3c866bcb3f119ee5c73b0c6796)
|
|
(cherry picked from commit 0a91c5de32b52235f4c9c12a6ec34c017011c3df)
|