Age | Commit message (Collapse) | Author |
|
sstp: T2566: Fix to allow IPv6 only pools
|
|
To allow IPv6 only for vpn sstp sessions we have to add
'ppp-options' which can disable IPv4 allocation explicity.
Additional IPv6 ppp-options and fix template for it.
|
|
When `dhclient` with the `-x` option is used to stop running DHCP client
with a lease file that is not the same as in the new `dhclient` process,
it requires a `-lf` argument with a path to the old lease file to find
information about old/active leases and process them according to
instructions and config.
This commit adds the option to the `02-vyos-stopdhclient` hook, which
allows to properly process `dhclient` instances started in different
ways.
(cherry picked from commit 393970f9ee5b3dfc58e0e999d3d5941a198b2c6f)
|
|
|
|
error
(cherry picked from commit 17215846b512851e7df8cdfcfc06c18b1d27f763)
|
|
(cherry picked from commit 062422db04f5ec6fd0a769f0d71faf4efa2d377f)
|
|
We can no longer use bash veriable string code vor string manipulation. Move to
a more robust "cut" implementation.
(cherry picked from commit 513e951f3e1358ec6ff5424d03e8f4e9aa7c3388)
|
|
(cherry picked from commit f227987ccf41e01d4ddafb6db7b36ecf13148c78)
|
|
The current op-mode for "show vpn ipsec sa" shows only tunnels
which established (parent SA) and installed (child SA)
If tunnel not installed it can't show correct information about
this tunnel, in that case it can shows only parent sa state
Get codebase for "show_ipsec_sa.py" (op-mode) from 1.4 branch
where it was fixed.
|
|
IPSec: T3941: Fix uptime for tunnels sa op-mode
|
|
The current uptime for tunnels is getting from parent SA
That is incorrect as we should get value from child SA
|
|
This prevents a failover from MASTER -> BACKUP when changing any MASTER related
configuration.
(cherry picked from commit 2c82c9acbde2ccca9c7bb5e646a45fd646463afe)
|
|
op-mode: T3942: Add feature generate IPSec debug-archive
|
|
|
|
In addition to commit 0b414bcd ("vyos.ethtool: T3874: do not throw exception
if adapter has issues with autoneg") we should also not care too strict when
locating the driver name.
This might cause false positives.
(cherry picked from commit 8cf5a4f023c5459cad4c84e93f73a9ddd69be81a)
|
|
sstp: T2566: Fix verify section for pool ipv6 only
|
|
|
|
(cherry picked from commit 594c57d9b16cac5810f796f15ad7458bd0877435)
|
|
dhclient hooks: T3920: avoid 'too many args' error when no vrf
|
|
(cherry picked from commit 78cfb949cc6bceab744271cf23f269276b178182)
|
|
(cherry picked from commit 9c825a3457a88a4eebc6475f92332822e5102889)
|
|
|
|
|
|
(cherry picked from commit ead10909ba9104733930bb3f59c90610138bd047)
|
|
|
|
T3904: Fix NTP pool associations
|
|
As of NTP 4.2.7, 'nopeer' also blocks pool associations.
See https://bugs.ntp.org/show_bug.cgi?id=2657
See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
|
|
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c)
(cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
|
|
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
|
|
It seems not all systems have eth0 - get a list of all available Ethernet
interfaces on the system (without VLAN subinterfaces) and then take the
first one.
(cherry picked from commit f19c92f255011149eeb7626a2e158456abe4c9b8)
|
|
Different types of tunnels have different keys set in get_interface_config().
Thus it should be properly verified (by e.g. using dict_search()) that the key
in question esits to not raise KeyError.
(cherry picked from commit 5aadf673497b93e2d4ad304e567de1cd571f9e25)
|
|
|
|
* rename: "show log dhcp" will become "show log dhcp server"
* add: "show log dhcp client" to display logs from ALL DHCP client processes
* add: "show log dhcp client interface <name>" to display logs from individual
DHCP client processes
* add: "show log dhcpv6 server" to display infos about running DHCPv6 server
* add: "show log dhcpv6 client" to display logs from ALL DHCPv6 client processes
* add: "show log dhcpv6 client interface <name>" to display logs from individual
DHCPv6 client processes
|
|
|
|
This reverts commit 184f25819fa43fc892b97c0044813b8aa56855b4.
|
|
We can not pass None as VRF name, this raises an exception.
OSError: [Errno 255] failed to run command: ip link set dev eth2 master None
|
|
|
|
|
|
|
|
Do not create rfc3768-compatibility interfaces by default because of wrong
Jinja2 syntax. Backporting the entire system makes it easier in the future to
additional bugfixes.
|
|
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
|
|
Instead of throwing an exception when an adapters autoneg capabilities can not
be detected, just pretend it does not support autoneg.
(cherry picked from commit 0b414bcd2930a1469df0a747962f4650d0fb964b)
|
|
dhclient: T3852: Fixed dhclient processes search
|
|
Backported commits:
13abffe43b2a5c41bb4ec4675c227f6cf1f868da
01158a8eaa574c48c726c20693479e4aa6e18ee6
This allows finding all running dhclient processes properly.
|
|
openvpn: T690: Fix template for gateway and metric
|
|
Some OpenVPN clients doesnt support option gateway and metric.
Set metric option only when 'metric' was added in config
explicity.
|
|
The group CLI node takes a multicast IPv4 or IPv6 address - this must be input
validated to not case any OS exception
cpo@LR1.wue3# show interfaces vxlan
vxlan vxlan0 {
+ group 254.0.0.1
source-address 172.18.254.201
+ source-interface dum0
vni 10
}
Results in OSError beeing rasied with the following context:
Error: argument "254.0.0.1" is wrong: invalid group address
(cherry picked from commit 0d7cd4ed5725d3e79faad5abc0801631c2ffc813)
|
|
|
|
Commit 081e23996f (vyos.ifconfig: get_mac_synthetic() must generate a stable
"MAC") calculated a "stable" synthetic MAC address per the interface based on
UUID and the interface name. The problem is that this calculation is too stable
when run on multiple instances of VyOS on different hosts/hypervisors.
Having R1 and R2 setup a connection both via "tun10" interface will become the
same "synthetic" MAC address manifesting in the same link-local IPv6 address.
This e.g. breaks OSPFv3 badly as both neighbors communicate using the same
link-local address.
As workaround one can:
set interfaces tunnel tun1337 address 'fe80::1:1337/64'
set interfaces tunnel tun1337 ipv6 address no-default-link-local
This commit changes the way in how the synthetic MAC address is generated. It's
based on the first 48 bits of a sha256 sum build from a CPU ID retrieved via
DMI, the MAC address of eth0 and the interface name as used before. This should
add enough entropy to get a stable pseudo MAC address.
(cherry picked from commit 8d6861290f39298701b0a89bd358545763cee14b)
|
|
(cherry picked from commit 0ee26592772a14e829d9d1f8e64f9db875f31a63)
|