summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-11-03Merge pull request #1060 from sever-sever/T2566Christian Poessinger
sstp: T2566: Fix to allow IPv6 only pools
2021-11-02sstp: T2566: Fix to allow IPv6 only poolsViacheslav
To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it.
2021-11-01dhclient: T3940: Added lease file argument to the `dhclient -x` callzsdc
When `dhclient` with the `-x` option is used to stop running DHCP client with a lease file that is not the same as in the new `dhclient` process, it requires a `-lf` argument with a path to the old lease file to find information about old/active leases and process them according to instructions and config. This commit adds the option to the `02-vyos-stopdhclient` hook, which allows to properly process `dhclient` instances started in different ways. (cherry picked from commit 393970f9ee5b3dfc58e0e999d3d5941a198b2c6f)
2021-10-31tunnel: T3956: GRE key check must not be run on our own interface instanceChristian Poessinger
2021-10-31netflow: T3953: use warning if "netflow source-ip" does not exist instead of ↵Christian Poessinger
error (cherry picked from commit 17215846b512851e7df8cdfcfc06c18b1d27f763)
2021-10-31smoketest: config: add DMVPN hub and spoke examplesChristian Poessinger
(cherry picked from commit 062422db04f5ec6fd0a769f0d71faf4efa2d377f)
2021-10-31console: udev: T3954: adjust rule script to new systemd-udev versionChristian Poessinger
We can no longer use bash veriable string code vor string manipulation. Move to a more robust "cut" implementation. (cherry picked from commit 513e951f3e1358ec6ff5424d03e8f4e9aa7c3388)
2021-10-31console: T3954: bugfix RuntimeError: dictionary keys changed during iterationChristian Poessinger
(cherry picked from commit f227987ccf41e01d4ddafb6db7b36ecf13148c78)
2021-10-29ipsec: T3643: Fix for show tunnels with state downViacheslav
The current op-mode for "show vpn ipsec sa" shows only tunnels which established (parent SA) and installed (child SA) If tunnel not installed it can't show correct information about this tunnel, in that case it can shows only parent sa state Get codebase for "show_ipsec_sa.py" (op-mode) from 1.4 branch where it was fixed.
2021-10-28Merge pull request #1050 from sever-sever/T3941-equChristian Poessinger
IPSec: T3941: Fix uptime for tunnels sa op-mode
2021-10-28IPSec: T3941: Fix uptime for tunnels sa op-modeViacheslav
The current uptime for tunnels is getting from parent SA That is incorrect as we should get value from child SA
2021-10-27vrrp: T3944: reload daemon instead of restart when already runningChristian Poessinger
This prevents a failover from MASTER -> BACKUP when changing any MASTER related configuration. (cherry picked from commit 2c82c9acbde2ccca9c7bb5e646a45fd646463afe)
2021-10-27Merge pull request #1046 from sever-sever/T3942-equChristian Poessinger
op-mode: T3942: Add feature generate IPSec debug-archive
2021-10-26op-mode: T3942: Add feature generate IPSec debug-archiveViacheslav
2021-10-24vyos.ethtool: T3935: relax __init__() when driver name is not detectedChristian Poessinger
In addition to commit 0b414bcd ("vyos.ethtool: T3874: do not throw exception if adapter has issues with autoneg") we should also not care too strict when locating the driver name. This might cause false positives. (cherry picked from commit 8cf5a4f023c5459cad4c84e93f73a9ddd69be81a)
2021-10-22Merge pull request #1039 from sever-sever/T2566Christian Poessinger
sstp: T2566: Fix verify section for pool ipv6 only
2021-10-22sstp: T2566: Fix verify section for pool ipv6 onlyViacheslav
2021-10-22tunnel: T3925: fix configtest - source-interface does not work with gretapChristian Poessinger
(cherry picked from commit 594c57d9b16cac5810f796f15ad7458bd0877435)
2021-10-21Merge pull request #1032 from ross211/dhclient-vyos-cleanupChristian Poessinger
dhclient hooks: T3920: avoid 'too many args' error when no vrf
2021-10-21dhcp-server: T3610: Allow configuration for non-primary ip addressViacheslav
(cherry picked from commit 78cfb949cc6bceab744271cf23f269276b178182)
2021-10-21dhcp: T3626: Prevent to disable only one configured networkViacheslav
(cherry picked from commit 9c825a3457a88a4eebc6475f92332822e5102889)
2021-10-21tunnel: T3925: dhcp-interface was of no use - use source-interface insteadChristian Poessinger
2021-10-20tunnel: T3921: bugfix KeyError for source-addressChristian Poessinger
2021-10-20dhcpv6-server: T3918: Fix subnets verify raise ConfigErrorViacheslav
(cherry picked from commit ead10909ba9104733930bb3f59c90610138bd047)
2021-10-20dhclient hooks: T3920: avoid 'too many args' error when no vrfRoss Dougherty
2021-10-13Merge pull request #1023 from Georgiy-Tugai/patch-1Christian Poessinger
T3904: Fix NTP pool associations
2021-10-13ntp: T3904: Fix NTP pool associationsGeorgiy Tugai
As of NTP 4.2.7, 'nopeer' also blocks pool associations. See https://bugs.ntp.org/show_bug.cgi?id=2657 See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
2021-10-13dns: T3277: DNS Forwarding - reverse zones for RFC1918 addressesHard7Rock
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c) (cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
2021-10-10lcd: T2564: add support for hd44780 displaysChristian Poessinger
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
2021-10-09tunnel: T3894: fix design when building synthetic MAC addressesChristian Poessinger
It seems not all systems have eth0 - get a list of all available Ethernet interfaces on the system (without VLAN subinterfaces) and then take the first one. (cherry picked from commit f19c92f255011149eeb7626a2e158456abe4c9b8)
2021-10-08tunnel: T3893: harden logic when validating tunnel parametersChristian Poessinger
Different types of tunnels have different keys set in get_interface_config(). Thus it should be properly verified (by e.g. using dict_search()) that the key in question esits to not raise KeyError. (cherry picked from commit 5aadf673497b93e2d4ad304e567de1cd571f9e25)
2021-10-05op-mode: T3889: do not display redundant hostname when reading logsChristian Poessinger
2021-10-04op-mode: dhcpv(v6): T3890: retrieve both server and client logfilesChristian Poessinger
* rename: "show log dhcp" will become "show log dhcp server" * add: "show log dhcp client" to display logs from ALL DHCP client processes * add: "show log dhcp client interface <name>" to display logs from individual DHCP client processes * add: "show log dhcpv6 server" to display infos about running DHCPv6 server * add: "show log dhcpv6 client" to display logs from ALL DHCPv6 client processes * add: "show log dhcpv6 client interface <name>" to display logs from individual DHCPv6 client processes
2021-10-04op-mode: T3889: migrate to journalctl when reading daemon logsChristian Poessinger
2021-10-04T3889: Revert "dhcpv6-pd: T421: disable wide dhcpv6 client debug messages"Christian Poessinger
This reverts commit 184f25819fa43fc892b97c0044813b8aa56855b4.
2021-10-02vyos.ifconfig: T3883: bugfix VRF deletionChristian Poessinger
We can not pass None as VRF name, this raises an exception. OSError: [Errno 255] failed to run command: ip link set dev eth2 master None
2021-10-02dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5Christian Poessinger
2021-10-01smoketest: vrrp: validate rfc3768-compatibility is not setChristian Poessinger
2021-10-01vrrp: T3877: remove debug outputChristian Poessinger
2021-09-30vrrp: T3877: backport handlers to solve "default rfc3768-compatibility" issueJohn Estabrook
Do not create rfc3768-compatibility interfaces by default because of wrong Jinja2 syntax. Backporting the entire system makes it easier in the future to additional bugfixes.
2021-09-30dhcp-server: T2230: add subnet description into rendered configChristian Poessinger
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
2021-09-30vyos.ethtool: T3874: do not throw exception if adapter has issues with autonegChristian Poessinger
Instead of throwing an exception when an adapters autoneg capabilities can not be detected, just pretend it does not support autoneg. (cherry picked from commit 0b414bcd2930a1469df0a747962f4650d0fb964b)
2021-09-30Merge pull request #1017 from zdc/T3852-equuleusChristian Poessinger
dhclient: T3852: Fixed dhclient processes search
2021-09-28dhclient: T3852: Fixed dhclient processes searchzsdc
Backported commits: 13abffe43b2a5c41bb4ec4675c227f6cf1f868da 01158a8eaa574c48c726c20693479e4aa6e18ee6 This allows finding all running dhclient processes properly.
2021-09-27Merge pull request #1015 from sever-sever/T690Christian Poessinger
openvpn: T690: Fix template for gateway and metric
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity.
2021-09-26vxlan: T3867: add multicast validator for group addressChristian Poessinger
The group CLI node takes a multicast IPv4 or IPv6 address - this must be input validated to not case any OS exception cpo@LR1.wue3# show interfaces vxlan vxlan vxlan0 { + group 254.0.0.1 source-address 172.18.254.201 + source-interface dum0 vni 10 } Results in OSError beeing rasied with the following context: Error: argument "254.0.0.1" is wrong: invalid group address (cherry picked from commit 0d7cd4ed5725d3e79faad5abc0801631c2ffc813)
2021-09-26T3866: ignore interfaces without "address" in DNS forwarding migrationDaniil Baturin
2021-09-26vyos.ifconfig: T3860: bugfix in get_mac_synthetic()Christian Poessinger
Commit 081e23996f (vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC") calculated a "stable" synthetic MAC address per the interface based on UUID and the interface name. The problem is that this calculation is too stable when run on multiple instances of VyOS on different hosts/hypervisors. Having R1 and R2 setup a connection both via "tun10" interface will become the same "synthetic" MAC address manifesting in the same link-local IPv6 address. This e.g. breaks OSPFv3 badly as both neighbors communicate using the same link-local address. As workaround one can: set interfaces tunnel tun1337 address 'fe80::1:1337/64' set interfaces tunnel tun1337 ipv6 address no-default-link-local This commit changes the way in how the synthetic MAC address is generated. It's based on the first 48 bits of a sha256 sum build from a CPU ID retrieved via DMI, the MAC address of eth0 and the interface name as used before. This should add enough entropy to get a stable pseudo MAC address. (cherry picked from commit 8d6861290f39298701b0a89bd358545763cee14b)
2021-09-26op-mode: reboot/poweroff: T3857: send wall message to all usersChristian Poessinger
(cherry picked from commit 0ee26592772a14e829d9d1f8e64f9db875f31a63)