Age | Commit message (Collapse) | Author |
|
Add rate-limit options: attribute, muptiplier and vendor
set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit'
set service ipoe-server auth radius rate-limit enable
set service ipoe-server auth radius rate-limit multiplier '0.001'
set service ipoe-server auth radius rate-limit vendor 'Miktorik'
|
|
Multiplier option is required by some vendors for correct shaping
For RADIUS based rate-limits
edit service pppoe-server
set authentication radius rate-limit multiplier '0.001'
|
|
(cherry picked from commit b1db3de80b8b5f4e2dcbc6d687d342986345c4b2)
|
|
ipoe: T2580: Add pools and gateway options
|
|
Add action 'reset' (op-mode) for HTTP-API
http://localhost/reset
curl --unix-socket /run/api.sock -X POST -Fkey=mykey \
-Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \
http://localhost/reset
|
|
Add new feature to allow to use named pools
Can be used also with Radius attribute 'Framed-Pool'
set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
monitoring: T4315: Add telegraf output plugin prometheus-client
|
|
Add output Plugin "prometheus-client" for telegraf
set service monitoring telegraf prometheus-client xxx
|
|
|
|
|
|
Shared network name should not be handled by tag node mangling
I.e. should not replace underscores with dashed
set service dhcp-server shared-network-name NET_01
shared-network NET_01 {
authoritative;
...
on commit {
set shared-networkname = "NET_01";
}
}
(cherry picked from commit b75b351b7dd2ec87407f98668468b1fc146428bf)
|
|
(cherry picked from commit a6c936997611de85dc73152297679d0b53095713)
|
|
To reproduce:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.1002.00'
Now enable SPF:
set protocols isis spf-delay-ietf holddown '20'
set protocols isis spf-delay-ietf init-delay '31'
set protocols isis spf-delay-ietf long-delay '30'
set protocols isis spf-delay-ietf short-delay '32'
set protocols isis spf-delay-ietf time-to-learn '44'
This will only render the FRR config line: spf-delay-ietf init-delay 31 which
is incomplete:
frr-reload output: 2 2022-04-03 12:35:24,764 ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 4:
frr-reload output: 3 b'line 15: % Command incomplete: spf-delay-ietf init-delay 31\n\n'
|
|
(cherry picked from commit 5fc9ef9e31eb566a601f8a150c69b183a4331564)
|
|
openvpn: T3686: Fix for check local-address in script and tmpl
|
|
Ability to set virtual_address on not vrrp-listen interface
Add ability don't track primary vrrp interface "exclude-vrrp-interface"
Add ability to set tracking (state UP/Down) on desired interfaces
For example eth0 is used for vrrp and we want to track another eth1
interface that not belong to any vrrp-group
set high-avail vrrp group WAN interface 'eth0'
set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2'
set high-avail vrrp group WAN track exclude-vrrp-interface
set high-avail vrrp group WAN track interface 'eth1'
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
(cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
|
|
|
|
|
|
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
(cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a)
|
|
(cherry picked from commit 0a91c5de32b52235f4c9c12a6ec34c017011c3df)
|
|
keepalived: T4081: Fix health-checking when syn-group is used
|
|
|
|
If health-check scripts are used in vrrp group and vrrp group
is member of sync-group, then health-check scripts should be
part of the section "vrrp_sync_group". In another case the
health-scripts won't work anymore.
|
|
(cherry picked from commit 4aaf0ba69139d84f89e5c3feee6edd845af8d1e5)
|
|
|
|
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
|
|
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
|
|
VRRP: T4033: VRRP script_security parameter removed
|
|
(cherry picked from commit bb77dd269bfb9522f5b56ac027598ac20e101f13)
|
|
(cherry picked from commit 3a29968d6b8dc0bc6966ae5a4713781ea8f9fff0)
|
|
|
|
|
|
(cherry picked from commit c0bf019e9fc6251ce43c57903b85115f0e3ab2bc)
|
|
|
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
(cherry picked from commit 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123)
|
|
(cherry picked from commit 3d00140453b3967370c77ddd9dac4af223a7ddce)
|
|
(cherry picked from commit b168b4cc7da456f14714d917cdc7a1c6b8df9af5)
|
|
Replace the Flask micro-framework with FastAPI, in order to support
extensions to the API and OpenAPI 3.* generation. This change will
remain backwards compatible with previous versions. Notably, the
multipart forms version of requests remain supported; in addition
application/json requests are now natively supported.
(cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
|
|
|
|
To allow IPv6 only for vpn sstp sessions we have to add
'ppp-options' which can disable IPv4 allocation explicity.
Additional IPv6 ppp-options and fix template for it.
|
|
As of NTP 4.2.7, 'nopeer' also blocks pool associations.
See https://bugs.ntp.org/show_bug.cgi?id=2657
See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
|
|
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c)
(cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
|
|
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
|
|
|
|
Do not create rfc3768-compatibility interfaces by default because of wrong
Jinja2 syntax. Backporting the entire system makes it easier in the future to
additional bugfixes.
|
|
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
|
|
Some OpenVPN clients doesnt support option gateway and metric.
Set metric option only when 'metric' was added in config
explicity.
|
|
This is a follow-up commit to 65398e5c8 ("vrrp: keepalived: T616: move
configuration to volatile /run directory") as it makes no sense to store a
static /etc/default/keepalived file marked as "Autogenerated by VyOS" that only
enabled the SNMP option to keepalived.
Better pass the --snmp switch via the systemd override file and drop all other
references/files.
|
|
(cherry picked from commit 590cf0e626f6a5e813ec4f3021c028a5e098e27d)
|