Age | Commit message (Collapse) | Author |
|
On VTI interface link down the link-local IPv6 address is removed. As soon as
the IPSec tunnel is online again, vti-up-down helper is called which only places
the interface in up state using iproute2 command
sudo ip link set vti0 up
This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly
re-initialize the VTI interface using the generic update() method.
|
|
T5796:add/fixed OCSERV HTTP security headers
|
|
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` [followup]
|
|
`/etc/avahi` technically can be deleted since we operate with
avahi-daemon configuration in `/run/avahi-daemon`.
But we still need to keep `/etc/avahi/services` because avahi-daemon
`chroot` to that location at startup. This is setup at build time via
`AVAHI_CONFIG_DIR` and there is no way to change it at runtime.
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc`
|
|
`/etc/avahi` can be deleted since we operate with avahi-daemon
configuration in `/run/avahi-daemon`.
|
|
ddclient: T5791: Update dynamic dns configuration path for consistency
|
|
policy: T4704: Allowed to set metric (MED) to (+/-)rtt
|
|
|
|
|
|
As followup to interface definition change, remove XML snippets that
aren't used anymore. They were there because they were 'include'-ed
multiple times in the interface definition `dynamic-dns.xml.in`. Since
that's not the case anymore, they can be removed.
|
|
Modify the configuration path to be consistent with the usual dialects
of VyoS configuration (wireguard, dns, firewall, etc.)
This would also shorten the configuration path and have a unified
treatment for RFC2136-based updates and other 'web-service' based updates.
While at it, add support for per-service web-options. This would allow
for probing different external URLs on a per-service basis.
|
|
Allowed to set metric (MED) to (+/-)rtt in the route-map.
|
|
image-tools: T5789: copy ssh host keys on image update
|
|
|
|
http-api: T5782: use single config-mode script for https and http-api
|
|
image-tools: T5751: allow non-interactive add/delete image
|
|
|
|
|
|
|
|
|
|
vyos.utils: T5749: fix get_vrf_members() call to iproute2
|
|
The iproute2 master argument is used for both a VRF and a bridge device. Using
this in the VRF context would retrieve and report back the wrong interfaces:
Old implementation:
===================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
['eth1', 'eth2', 'vxlan1']
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
The new implementation:
=======================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
[]
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
|
|
|
|
smoketest: T5783: check for any abnormal daemon termination
|
|
image-tools: T4516: exit grub-update service if running in docker
|
|
|
|
We need to ensure when stressing FRR with the smoketests that no unexpected
crash happens. We simply verify the PID of the individual FRR daemons.
|
|
remote: T5773: Fix for broken config download
|
|
|
|
|
|
http-api: T5768: remove auxiliary http-api.conf
|
|
|
|
https api: T5772: check if keys are configured unless PAM auth is enabled for GraphQL
|
|
T5637: firewall: extend rule for default-action to firewall bridge
|
|
pppoe: T5630: make MRU default to MTU if unspecified
|
|
to be able to catch logs using separte rule for default-action
|
|
This fixes the implementation in e062a8c11 ("pppoe: T5630: allow to specify MRU
in addition to already configurable MTU") and restores the bahavior that MRU
defaults to MTU if MRU is not explicitly set.
This was the behavior in VyOS 1.3.3 and below before we added ability to define
the MRU value.
|
|
vxlan: T5759: change default MTU from 1450 -> 1500 bytes
|
|
Found an odd behavior on Linux and the VyOS CLI implementation. If adding VXLAN
interfaces using iproute2 the MTU differs depending on the creation syntax:
ip -4 link add vxlan100 type vxlan dstport 4789 external df unset tos inherit \
ttl 16 nolearning vnifilter local 172.16.33.201
ip -4 link add vxlan200 type vxlan id 200 dstport 4789 local 172.16.33.201 dev eth0
ip -6 link add vxlan300 type vxlan id 300 dstport 4789 local 2001:db8:1::1 dev eth0
132: vxlan300: <BROADCAST,MULTICAST> mtu 1430 qdisc noop state DOWN group default qlen 1000
link/ether 4e:fb:e3:f5:d9:59 brd ff:ff:ff:ff:ff:ff
133: vxlan200: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
link/ether 0e:4e:f4:76:59:3f brd ff:ff:ff:ff:ff:ff
134: vxlan100: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ba:b6:b7:0c:b1:37 brd ff:ff:ff:ff:ff:ff
VyOS always sets a default MTU of 1450 bytes which is correct for IPv4 p2p links
or multicast, but invalid for IPv6 p2p. Also this will break EVPN deployments
as ethernet bridges with MTU < 1500 bytes are less fun.
Increase default MTU to 1500 bytes. Migrate old configurations to use 1450
bytes if not specified otherwise on the CLI.
|
|
vxlan: T5753: add support for VNI filtering
|
|
http: T5762: rename "virtual-host listen-port" -> "virtual-host port"
|
|
unless PAM auth is enabled for GraphQL
|
|
|
|
T5770 Enable MACsec encryption stanza
|
|
T5767: HTTPS API add reboot and poweroff endpoints
|
|
|
|
This complements commit f5e43b136 ("http: T5762: api: make API socket backend
communication the one and only default") so we have a consistent port CLI node
across VyOS components.
|
|
Add ability to reboot and poweroff the system via API
curl -k --location --request POST 'https://vyos/reboot' \
--form data='{"op": "reboot", "path": ["now"]}' \
--form key='apikey'
curl -k --location --request POST 'https://vyos/poweroff' \
--form data='{"op": "poweroff", "path": ["now"]}' \
--form key='apikey'
|