Age | Commit message (Collapse) | Author |
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
(cherry picked from commit 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123)
|
|
(cherry picked from commit 3d00140453b3967370c77ddd9dac4af223a7ddce)
|
|
(cherry picked from commit b168b4cc7da456f14714d917cdc7a1c6b8df9af5)
|
|
Replace the Flask micro-framework with FastAPI, in order to support
extensions to the API and OpenAPI 3.* generation. This change will
remain backwards compatible with previous versions. Notably, the
multipart forms version of requests remain supported; in addition
application/json requests are now natively supported.
(cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
|
|
|
|
To allow IPv6 only for vpn sstp sessions we have to add
'ppp-options' which can disable IPv4 allocation explicity.
Additional IPv6 ppp-options and fix template for it.
|
|
As of NTP 4.2.7, 'nopeer' also blocks pool associations.
See https://bugs.ntp.org/show_bug.cgi?id=2657
See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
|
|
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c)
(cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
|
|
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
|
|
|
|
Do not create rfc3768-compatibility interfaces by default because of wrong
Jinja2 syntax. Backporting the entire system makes it easier in the future to
additional bugfixes.
|
|
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
|
|
Some OpenVPN clients doesnt support option gateway and metric.
Set metric option only when 'metric' was added in config
explicity.
|
|
This is a follow-up commit to 65398e5c8 ("vrrp: keepalived: T616: move
configuration to volatile /run directory") as it makes no sense to store a
static /etc/default/keepalived file marked as "Autogenerated by VyOS" that only
enabled the SNMP option to keepalived.
Better pass the --snmp switch via the systemd override file and drop all other
references/files.
|
|
(cherry picked from commit 590cf0e626f6a5e813ec4f3021c028a5e098e27d)
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
(cherry picked from commit b243795eba1b36cadd81c3149e833bdf5c5bea70)
|
|
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable
Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside
the keepalived configuration file.
(cherry picked from commit c1ac0630cfe0ee65569fbe435cc006ade20fed22)
|
|
shared-network
(cherry picked from commit 689d1824d251ea9fbd81bf0c941dbd36e33ef420)
|
|
(cherry picked from commit 2f8b33a26e63e5b9ac4e697b9312f2238d6241f3)
|
|
DHCP servers "shared-network" level only makes sense if one can specify
configuration items that can be inherited by individual subnets. This is now
possible for name-servers and the domain-name.
set service dhcp-server shared-network-name LAN domain-name 'vyos.net'
set service dhcp-server shared-network-name LAN name-server '192.0.2.1'
(cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b)
|
|
The DHCP servers pool {} option can only be used when there follows a range
statement. This is invalid for a network with only "static" leases.
(cherry picked from commit 6c2c089c26f1652644c9ded7d5cfd8a0497f148e)
|
|
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
|
|
This option is mandatory and must be user configurable as it needs to match
on both sides.
(cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
|
|
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
|
|
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given
pool. In order to use the same CLI syntax this should be renamed to name-server,
which is already the case for DHCPv6.
(cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
|
|
vyos@vyos# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 192.168.10.0/24 {
next-hop 10.0.0.2
}
static-route 192.168.20.0/24 {
router 10.0.0.2
}
}
}
(cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
|
|
|
|
(cherry picked from commit 2647edc30f1e02840cae62fde8b44345d35ac720)
|
|
(cherry picked from commit 7546e249708de3e0b4bf8f89912caf73265edd60)
|
|
|
|
|
|
|
|
|
|
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4
(required by T3417) it makes sense to synchronize the CLI configuration for
both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse
the userbase already with a brand new feature.
As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards,
this is the perfect time.
|
|
(cherry picked from commit 8fc06b5f8bbfcc49e69406fd70cd5cd42fb6d39f)
|
|
(cherry picked from commit b121ee14ff1961b56568b0116de3c246ea4af934)
|
|
(cherry picked from commit f3df9e97c6bedd305133e860654fc0213c12fd6b)
|
|
Commit 166d44b3 ("nat: T1083: add translation options for persistent/random
mapping of address and port") added support for persistent IP address and port
mappings for NAT.
Unfortunately one if clause got lost in translation.
|
|
and port
Tested using:
set destination rule 100 inbound-interface 'eth0'
set destination rule 100 translation address '19.13.23.42'
set destination rule 100 translation options address-mapping 'random'
set destination rule 100 translation options port-mapping 'none'
set source rule 1000 outbound-interface 'eth0'
set source rule 1000 translation address '122.233.231.12'
set source rule 1000 translation options address-mapping 'persistent'
set source rule 1000 translation options port-mapping 'fully-random'
|
|
(cherry picked from commit d77a2f56ea7e76158c07f5829397be4555473e3d)
|
|
(cherry picked from commit f89a0cfc7d0d908cbe1715b760b07926ffa3f7b9)
|
|
(cherry picked from commit f26ef2a25690826eed4200b219d7f61e8dbf9201)
|
|
(cherry picked from commit bc01277bdfdf49be8950fe2cbf3749d42da2850d)
|
|
|
|
(cherry picked from commit 2318c874c4ec43076c2664e473f7273928d9f2a6)
|
|
(cherry picked from commit 4b646c1fb31a1a9f9c9d1658734d478fed5f19f1)
|
|
(cherry picked from commit 065c6b620cb52a3235c7b6e210d34dc8cb943b95)
|
|
(cherry picked from commit c8ef5e8bdce01bbf05297df39e6c6223d0b2a2ea)
|
|
Executing iproute2 commands as unprivileged member of the openvpn group is now
handled via a sudoers file.
(cherry picked from commit 9c8facc69c09163b74bc428f1dbf8be030766758)
|
|
(cherry picked from commit 6b7b19c93f90839549dd668116c4da2f38cfdc66)
VyOS 1.3 will ship OpenVPN 2.5.1 and thus it is the perfect timing to still
remove this option before introducing it in a new LTS release.
|