Age | Commit message (Collapse) | Author |
|
|
|
|
|
Allowing `_kea` to be a member of `vyattacfg` group allows
kea-dhcp{4,6}-server to have access to DHCP lease directory under
`/config/` and thus have ability to manipupate the leases files.
|
|
vyos.template: T5869: first_host_address() does not honor RFC4291 section 2.6.1
|
|
nat: T5681: relax wording on non existing interface Warning message
|
|
smoketest: T5867: extend container tests for IPv4 and IPv6 networks
|
|
Fixed migration 'subnet' option in l2tp, sstp, pppoe.
'subnet' option can contain several values.
|
|
|
|
Remove the word "error" from a Warning only message to not irritate the user.
|
|
We have had duplicated test cases in test_jinja_filters.py and test_template.py,
They have been consolidated into test_template.py.
|
|
The subnet router anycast address is predefined. Its format is as follows:
| n bits | 128-n bits |
+------------------------------------------------+----------------+
| subnet prefix | 00000000000000 |
+------------------------------------------------+----------------+
The "subnet prefix" in an anycast address is the prefix that identifies a
specific link. This anycast address is syntactically the same as a unicast
address for an interface on the link with the interface identifier set to zero.
Packets sent to the Subnet-Router anycast address will be delivered to one
router on the subnet. All routers are required to support the Subnet-Router
anycast addresses for the subnets to which they have interfaces.
The Subnet-Router anycast address is intended to be used for applications where
a node needs to communicate with any one of the set of routers.
Our code as of now returns the subnet router anycast address as the
first_host_address().
|
|
|
|
Move the kea lease file to a separate directory `/config/dhcp` that `kea`
process can write to so that subprocesses spawned by `kea` process can
operate on the lease files.
To allow `kea` process to write to `/config/dhcp`, add `_kea` user to
`vyattacfg` group. And the lease files are owned completely by `_kea`
user to play well with `kea-lfc` process.
Specifically, this is necessary for `kea-lfc` which is spawned by `kea`
process to clean up expired leases. Since `kea-lfc` creates additional
backup lease files, it needs write access to the lease file directory.
Additionally, change the extension of the lease file from `.leases` to
`.csv` to reflect the actual file format.
|
|
ddclient: T5852: add missing priority
|
|
Running ddclient on a VLAN interface will fail during reboot as there is no
discrete priority to tell that the dynamic DNS service needs to be started
after the interfaces.
|
|
container: T5867: disable healthchecks due to upstream issue
|
|
op-mode: T5866: Add command to restart IPv6 RA daemon
|
|
conmon 402de34b31388b5a2e1c <error>: Unable to send container stderr message to parent Broken pipe
https://github.com/containers/conmon/issues/438
|
|
vyos@vyos:~$ restart router-advert
|
|
|
|
|
|
T5801: Rewritten L2TP to get_config_dict
|
|
T5842: Rewritten PPTP to get_config_dict
|
|
dhcp: T3316: Support hostname, DUID and MAC address in reservation
|
|
Rewritten PPTP to get_config_dict
Fixed 'dynamic-author' commands. These commands did not create
anything in accel-ppp config.
|
|
T5859: Fixed format of pool range in the accel-ppp config
|
|
firewall: T5834: Rename 'enable-default-log' to 'default-log'
|
|
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y'
to 'x.x.x.x-y'
|
|
`include/firewall/rule-log-options.xml.i` is now more aptly renamed to
`include/firewall/log-options.xml.i`.
|
|
This file is a left over from previous refactoring and no longer
referenced anywhere in the interface definitions.
|
|
One can now do `set policy route foo default-log` which will add log
to the policy route chain.
|
|
|
|
Rename chain level defaults log option from `enable-default-log` to
`default-log` for consistency.
|
|
ddclient: T5144: Warn against configuration with broken IP lookup service
|
|
We always enable HTTPS in ddclient configuration, however
`http://checkip.dyndns.org` is HTTP only and does not support HTTPS.
Warn the user if they are using this service.
Also, make `url` in `web-options` mandatory.
|
|
ddclient: T5144: Migrate web-options url to stricter format
|
|
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces
|
|
VyOS is a routing (packet pushing) platform, thus supporting EEE which
potentially causes issues is not a good idea. Some recent Intel drivers enable
EEE by default, thus we will disable this for every NIC supporting EEE.
|
|
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"
|
|
|
|
|
|
Legacy ddclient allowed arbitrary URLs in web-options, but the new
has stricter validations. Apply migration to the old URLs.
Also migrate checkip.dyndns.org to https://domains.google.com/checkip
for better TLS support.
|
|
|
|
configdict: T5837: add support to return added nodes when calling node_changed()
|
|
snmp: 5856: fix service removal error
|
|
When deleting SNMP from CLI the 'delete' key was not honored in the config
dictionary, leading to a false process startup causing the following error:
Job for snmpd.service failed because the control process exited with error code.
See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
|
|
In the past, node_changed() suggested it would also return nodes that got added
(function comment) but in reality only deleted keys got accounted for.
This commit changes the signature and adds an argument expand_nodes to specify
the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD)
or even both (expand_nodes=Diff.ADD|Diff.DELETE).
|
|
node_changed() will return a list of changed keys under "path". We are not
always interested what changed, sometimes we are only interested if something
changed at all, that what vyos.configdict.is_node_changed() is for.
|
|
T160: NAT64 add match firewall mark feature
|
|
Match mark allows to use firewall marks of packet to use
a specific pool
Example of instance config /run/jool/instance-100.json
```
...
"pool4": [
{
"protocol": "TCP",
"prefix": "192.0.2.10",
"port range": "1-65535",
"mark": 23
},
...
```
|