summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-17Merge pull request #3323 from vyos/mergify/bp/sagitta/pr-3192Daniil Baturin
image-tools: T6168: compat mode update should preserve console type (backport #3192)
2024-04-17Merge pull request #3324 from vyos/mergify/bp/sagitta/pr-3320Daniil Baturin
T6191: do not append action policy route|route6 when its not specified (backport #3320)
2024-04-17T6191: do not append action to firewall and policy route|route6 when its not ↵Nicolas Fort
specified, in order to ensure same behavior as in Equuleus (cherry picked from commit 5ab8f9ac47d9d8d198f5ace0ffc4a0b26af098df)
2024-04-17image-tools: T6168: compat mode update should preserve console typeJohn Estabrook
Add system image in compatibility mode would set the default boot without reference to console_type; fix the translation of default to the correct index in compat grub.cfg. (cherry picked from commit 1cb05f47ec7e2af265fa6795653f27481dacc37f)
2024-04-16Merge pull request #3322 from vyos/mergify/bp/sagitta/pr-3321John Estabrook
image-tools: T6154: installer prompts to confirm password (backport #3321)
2024-04-17image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
2024-04-16Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315Christian Breunig
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
2024-04-16Merge pull request #3319 from vyos/mergify/bp/sagitta/pr-3313Christian Breunig
T5722: Failover route add option onlink (backport #3313)
2024-04-16T5722: Failover route add option onlinkViacheslav Hletenko
onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. Useful when gateway not in the same interface network set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10 set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink ``` vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover Error: Nexthop has invalid gateway. [edit] vyos@r4# [edit] vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover [edit] vyos@r4# ``` (cherry picked from commit bb832acb97881d747a57da2728eab3ad138b8129)
2024-04-16T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates (cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
2024-04-15Merge pull request #3310 from vyos/mergify/bp/sagitta/pr-3309Christian Breunig
T5535: firewall: migrate command <set system ip disable-directed-broadcast> to firewall global-optinos (backport #3309)
2024-04-15Merge pull request #3314 from vyos/mergify/bp/sagitta/pr-3311Christian Breunig
pki: T6241: Fix dependency updates on PKI changes (backport #3311)
2024-04-15pki: T6241: Fix dependency updates on PKI changessarthurdev
(cherry picked from commit 9f9891a209957403dfa3ae9ec2cd56d8d9eedb86)
2024-04-15Merge pull request #3312 from vyos/mergify/bp/sagitta/pr-3308Daniil Baturin
T5734: OpenVPN check PKI DH name exists if DH configured (backport #3308)
2024-04-15T5734: OpenVPN check PKI DH name exists if DH configuredViacheslav Hletenko
Check if DH is configured for OpenVPN but does not exist in the PKI section ``` set pki dh dh-correct parameters 'xxxx' set interfaces openvpn vtun10 tls dh-params 'dh-fake' File "/usr/libexec/vyos/conf_mode/interfaces_openvpn.py", line 208, in verify_pki pki_dh = pki['dh'][tls['dh_params']] ~~~~~~~~~^^^^^^^^^^^^^^^^^^ KeyError: 'dh-fake' ``` (cherry picked from commit 95cd743c24c6f7720af87450312fc111649db849)
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos (cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
2024-04-13Merge pull request #3305 from vyos/mergify/bp/sagitta/pr-3297Christian Breunig
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt (backport #3297)
2024-04-13qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy (cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
2024-04-13Merge pull request #3303 from vyos/mergify/bp/sagitta/pr-3302Daniil Baturin
T5872: fix ipsec dhclient hook uses "exit" instead of "return" (backport #3302)
2024-04-12Merge pull request #3304 from vyos/mergify/bp/sagitta/pr-3291Christian Breunig
T6100: Added NAT migration from IP/Netmask to Network/Netmask (backport #3291)
2024-04-12T6100: Added NAT migration from IP/Netmask to Network/Netmaskaapostoliuk
Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask. (cherry picked from commit 52c02ade031f165da18e6fd0542f3952f2cc9bb6)
2024-04-12T5872: fix ipsec dhclient hook uses "exit" instead of "return"Lucas Christian
(cherry picked from commit 840ab82e8821624aae589dec1ea86cefbcf866b7)
2024-04-12Merge pull request #3299 from vyos/mergify/bp/sagitta/pr-3296Christian Breunig
pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions fails (backport #3296)
2024-04-12Merge pull request #3301 from vyos/mergify/bp/sagitta/pr-3300Christian Breunig
T6235: Git update actions-label-merge-conflict version (backport #3300)
2024-04-12T6235: Git update actions-label-merge-conflict versionViacheslav Hletenko
Update `actions-label-merge-conflict` due to `Node.js 16 actions are deprecated.` (cherry picked from commit 7451133671989e1207299e081cd26d3f526e25f6)
2024-04-12Merge pull request #3298 from vyos/mergify/bp/sagitta/pr-2708Christian Breunig
T5871: ipsec remote access VPN: specify "cacerts" for client auth (backport #2708)
2024-04-12Merge pull request #3243 from vyos/mergify/bp/sagitta/pr-3242Daniil Baturin
T6166: Tech support generation error for custom output location (backport #3242)
2024-04-12pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions ↵Nataliia Solomko
fails (#3296) (cherry picked from commit 6d8336f5ad2d9c4e0f12b54681db2924d6998d2d)
2024-04-12T5871: ipsec remote access VPN: specify "cacerts" for client auth.Lucas Christian
(cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478)
2024-04-12Merge pull request #3295 from vyos/mergify/bp/sagitta/pr-3292Daniil Baturin
T6222: VRRP show prefix for long rfc3768-compatibility interfaces allow prefix vrrp (backport #3292)
2024-04-11T6222: VRRP show prefix for long rfc3768-compatibility interfacesViacheslav Hletenko
If we use rfc3768-compatibility with long interface names like eth1.100.200 it converts the VRRP interface name name to `<interface>v<VRID><IP version>` For example `eth2.100.200v10v4` The limit for interface name is 15 symbols and it causes that interface name is ignoring by keepalived VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring And it uses the default prefix `vrrp` for such cases. It works fine, but such interfaces are not displayed in the op-mode Allow prefix `vrrp` for the op-mode for `show interfaces` (cherry picked from commit 29a20ce9f9792e23137be57358ca52ddee7ac54b)
2024-04-11Merge pull request #3293 from vyos/mergify/bp/sagitta/pr-3281Christian Breunig
T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> (backport #3281)
2024-04-11Merge pull request #3294 from vyos/mergify/bp/sagitta/pr-3290Daniil Baturin
firewall: T6216: replace plus symbols (allowed by IPset but not NFT) in group names with underscores (backport #3290)
2024-04-11T6216: firewall: add patch while migrating from 1.3 to 1.4 in order to avoid ↵Nicolas Fort
errors when using character <+> in 1.3 in firewall groups and custom firewall chains. (cherry picked from commit 36baf771b8ea52487bf6c913d2019f926acbc4f3)
2024-04-11T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> ↵Nicolas Fort
in order to not allow string starting with dot character; use such constraint in firewall group definitions. (cherry picked from commit c455a1f71674300b8a74863ddfe6e551fe8fd252)
2024-04-09Merge pull request #3287 from vyos/mergify/bp/sagitta/pr-3286Viacheslav Hletenko
container: T6218: fix host IPv6 link-local address for VRF networks (backport #3286)
2024-04-09container: T6218: fix host IPv6 link-local address for VRF networksJonathan Voss
(cherry picked from commit 6b5590ae3325320a2b6bbcb34086ddb178860160)
2024-04-09Merge pull request #3285 from vyos/mergify/bp/sagitta/pr-3259Christian Breunig
container: T6210: add capability sys-nice (backport #3259)
2024-04-09container: T6210: add capability sys-nicetheflakes
(cherry picked from commit b8f3c61ca514cacdfc2495f16869c1b1e07d2bbc)
2024-04-09Merge pull request #3284 from vyos/mergify/bp/sagitta/pr-3283Christian Breunig
T6199: add missing build dependency (backport #3283)
2024-04-09T6199: add missing build dependencyChristian Breunig
(cherry picked from commit 8e2330fed6480886cbce97cc1b541e54c5394564)
2024-04-09Merge pull request #3282 from vyos/mergify/bp/sagitta/pr-3280Christian Breunig
T5858: Fix op-mode format for show conntrack statistics (backport #3280)
2024-04-09T5858: Fix op-mode format for show conntrack statisticsViacheslav Hletenko
(cherry picked from commit 13ed4f9d489dd5b8ee80c5f2fdebf1b0565e9137)
2024-04-08Merge pull request #3279 from vyos/mergify/bp/sagitta/pr-3278Daniil Baturin
T6207: restore ability to copy config.boot.default on image install (backport #3278)
2024-04-08image-tools: T6207: restore choice of config.boot.default as boot configJohn Estabrook
(cherry picked from commit 619e2262e77621c6110164712fed0a42f16715e3)
2024-04-08utils.io: T6207: allow default in select_entryJohn Estabrook
(cherry picked from commit 5a8be747febc13b7d3be88e8ace7ec2aa0b2ca28)
2024-04-07Merge pull request #3276 from vyos/mergify/bp/sagitta/pr-3265Daniil Baturin
ethernet: T5862: default MTU is not acceptable in some environments (backport #3265)
2024-04-07ethernet: T5862: default MTU is not acceptable in some environmentsChristian Breunig
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower. (cherry picked from commit 8296cc727066e739c178918a91cfc11d20d26fe1)
2024-04-07xml: T5862: drop defaultValue from mtu-68-16000.xml.i - use individual valuesChristian Breunig
In order to lower the Ethernet default MTU we need to drop the common defaultValue from the XML mtu-68-16000.xml.i building block. Per interface default MTU is later overloaded by XML. (cherry picked from commit e86761fa1307596c721c3ddf3a61d263e8f5177b)
2024-04-07Merge pull request #3275 from vyos/mergify/bp/sagitta/pr-3270Christian Breunig
login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX' (backport #3270)