Age | Commit message (Collapse) | Author |
|
openvpn: T5269: add a deprecation warning for shared-secret (backport #2296)
|
|
(cherry picked from commit 4bbbaab60d56bfd6f3a145378027642b4c47adee)
|
|
On first boot after an upgrade /etc/hostname and FRR configuration is not
populated. FRR determines the system hostname once during startup and does not
repect changes of the hostname CLI value.
Thus after an upgrade of VyOS FRR started with a hostname of debian that was
propagated to peers.
The commit retrieves the hostname from the CLI and presets this before FRR is
initially started.
(cherry picked from commit ac21a4e69fac27504b62927a20d0a6a273abb034)
|
|
(cherry picked from commit 56d3f75de487c1dcfd075cf7b65cb16b6501d0ca)
|
|
isis: T5597: add new features from FRR 9 (backport #2285)
|
|
* Add BGP Software Version capability (draft-abraitis-bgp-version-capability)
set protocols bgp neighbor 192.0.2.1 capability software-version
* Add BGP neighbor path-attribute treat-as-withdraw command
set protocols bgp neighbor 192.0.2.1 path-attribute treat-as-withdraw
(cherry picked from commit d285355716708a46767c18661976906812da8a3c)
|
|
* Add support for IS-IS advertise-high-metrics
set protocols isis advertise-high-metrics
* Add support for IS-IS advertise-passive-only
set protocols isis advertise-passive-only
(cherry picked from commit f7d35c15256ea74ab32c9b978a5c6fdbd659a7a0)
|
|
T5594: vrrp: extend function is_ipv6_tentative (backport #2281)
|
|
address, and not only global ipv6 address. This allows to configure ipv6 link local address on vrrp hello-source-address parameter.
(cherry picked from commit b6ae59354b5d69751cc7ea75e0aa4ac0070afa47)
|
|
T5561: nat: inbound|outbound interface should not be mandatory (backport #2253)
|
|
frr: T2472: disable EIGRP daemon
|
|
There is no EIGRP support in VyOS 1.4/sagitta
|
|
ddclient: T5585: Fix file access mode for dynamic dns configuration (backport #2270)
|
|
T5575: ARP/NDP table-size isnt set properly (backport #2255)
|
|
op mode: T5582: Add 'force ntp synchronization' (backport #2262)
|
|
T5586: Disable by default SNMP for Keeplived VRRP service (backport #2273)
|
|
AgentX does not work stable. From time to time we see the system
service crashing/degrading if something is wrong with SNMP from
util net-snmp.
We should disable it by default and enable it only if configured.
set high-availability vrrp snmp
(cherry picked from commit 47875457cd8b176f7f23a3141175d745aeb14d8a)
|
|
After commit 976f82785 ("T5575: ARP/NDP table-size isnt set properly") the
system bootup process got interrupted as both system-ip.py and system-ipv6.py
tried to talk to FRR which was yet not started.
This has been fixed by using a conditional path to only execute when FRR service
has been enabled. This is safe to do as the initial commit call will has FRR
service running and the path will be executed.
(cherry picked from commit 22d5cd42f082fb11060edc51128f0b246198d2c1)
|
|
ddclient.conf file is expected to have permission 600. We need to set
the permission explicitly while creating the file.
(cherry picked from commit 7a66413d6010485dd913832f54167bce38c12250)
|
|
while configuring dNAT|sNAT rule
(cherry picked from commit ec5437913e489f40fea6bab89a6bb5f565cd1ab7)
|
|
frr: T5239: fix process startup order (backport #2245)
|
|
(cherry picked from commit 976f827859102a4e453b38bc6d2a628c66c9b582)
|
|
(cherry picked from commit 9391fc273ce95ff92a6b40b2dee4a688d3048f9f)
|
|
(cherry picked from commit c27b0ca1816bc9fcbb88b05ae3193d765b798d81)
|
|
(cherry picked from commit 8e5931c94a4ee409424ba092777a1a9ce03768d7)
|
|
T671: do not preserve old tech-support report implementation (backport #2260)
|
|
op-mode: T5581: add "show ip nht" command (IPv4 nexthop tracking table) (backport #2257)
|
|
T5480: Ability to disable SNMP for keepalived service VRRP
|
|
T5576: Add BGP remove-private-as all option (backport #2252)
|
|
(cherry picked from commit d1ec84877f8ca0a78f1ab37d21ff43d212644fd6)
|
|
Add the ability to use the option all for remove-private-as.
Remove private ASNs in outbound updates.
all - Apply to all AS numbers
set protocols bgp neighbor <tag> address-family ipv4-unicast remove-private-as all
(cherry picked from commit d72024b11e127cc11931cfaee4d07944dceb1ea9)
|
|
vyos@vyos:~$ show ip nht
172.18.254.202
resolved via ospf
via 172.18.201.254, eth0.201 (vrf default), weight 1
Client list: bgp(fd 28)
(cherry picked from commit 138e60831842ea9366655fde7acf929d8c9f645b)
|
|
(cherry picked from commit d4b9b2aa5f5dda6a11b7038ab0ab52653531183d)
|
|
- Reuse existing utility functions to check if a boot is ongoing
(boot_configuration_complete())
- Run system_frr.py script to configure FRR daemon before initial launch
- Add safety net to always have FRR running on the system
This does yet not solve the error in T5239 but it's a small step towards
the solution.
(cherry picked from commit df74a09b80df0c2ec769a10ef4f7bac01f50eb2d)
|
|
T3655: Fix NAT problem with VRF
|
|
T5562: Cleanup netns for smoketest load-balancing wan
|
|
Cleanup nets for the smoketest load-balancing
Remove deleting container interfaces from default netns as those
interfaces leave inly in netns.
(cherry picked from commit 849499f44f6e50c591e250cf40b5ab0115839b53)
|
|
T5564: Fix show firewall group and show firewall summary (backport #2235)
|
|
The `rule` key could be not exists in the entry of the dictionary
for examppe `{'default_action': 'drop'}`
Fix it
(cherry picked from commit 9daac1632df96b6d2089244e3c7a7b42ae682eb9)
|
|
config-mgmt: T5353: normalize archive updates and commit log entries
|
|
(cherry picked from commit af398c51f7d06cdf582b347a35b1e5c867aaea58)
|
|
(cherry picked from commit e46afa2c58eea2d81df84e2630a6f346f1f51c2a)
|
|
T5533: Fix for vrrp dict key if virtual-server is used
|
|
Linux netfilter patch https://patchwork.ozlabs.org/project/netfilter-devel/patch/d0f84a97f9c86bec4d537536a26d0150873e640d.1439559328.git.daniel@iogearbox.net/
adds direction support for conntrack zones, which makes it possible to
do NAT with conflicting IP address/port tuples from multiple, isolated tenants on a host.
According to the description of the kernel patch:
> ... overlapping tuples can be made unique with the zone identifier in
original direction, where the NAT engine will then allocate a unique
tuple in the commonly shared default zone for the reply direction.
I did some basic tests in my lab and it worked fine to forward packets
from eth0 to pppoe0.
- eth0 192.168.1.1/24 in VRF red
- pppoe0 dynamic public IP from ISP VRF default
- set vrf name red protocols static route 0.0.0.0/0 interface pppoe0 vrf 'default'
- set protocols static route 192.168.1.0/24 interface eth0 vrf 'red'
`conntrack -L` shows something like:
```
tcp 6 113 ESTABLISHED src=192.168.1.2 dst=1.1.1.1 sport=58946 dport=80 zone-orig=250 packets=6 bytes=391 src=1.1.1.1 dst=<my-public-ip> sport=80 dport=58946 packets=4 bytes=602 [ASSURED] mark=0 helper=tns use=1
```
It would be much appreciated if someone could test this with more
complex VRF setup.
|
|
webproxy service
(cherry picked from commit 4401c6920fed08050832a00041021137e9efae54)
|
|
Revert "Create build.yml"
|
|
This reverts commit 7a99a59b338fecd73d34819a0a95646c054a0f12.
SonarCloud is not configured for now properly. Revert this
commit until we confiugre all properly if we'll use it in
the future.
(cherry picked from commit a0e3d29ee33e6c5b773e29ccd5a226e7f6c3bfd1)
|
|
container: T5563 Fix environment replaced by label
|
|
(cherry picked from commit 79a46675b031a4edc0ea925a45066077c0804b9b)
|
|
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when
working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI
is configured against a container VXLAN interface which is referred to as a
'Single VXLAN device (SVD)'.
Multiple VLAN to VNI mappings can be configured against the same SVD. This
allows for a significant scaling of the number of VNIs since a separate VXLAN
interface is no longer required for each VNI.
Sample configuration of SVD with VLAN to VNI mappings is shown below.
set interfaces bridge br0 member interface vxlan0
set interfaces vxlan vxlan0 external
set interfaces vxlan vxlan0 source-interface 'dum0'
set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010'
set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011'
set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030'
set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
(cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
|