| Age | Commit message (Collapse) | Author |
|---|
|
T4971: PPPoE server add named ip pool and attr Framed-Pool
|
|
T1993: PPPoE-server add section shaper and fwmark option
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
(cherry-picked form commit bd9416a6aa9d5d0a746dc2cebc8d0330fd27d1a2)
|
|
Add a new feature to allow to use named pools
Also it can be used with RADIUS attribute 'Framed-Pool'
set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
Extended PPPoE-server rate-limiter to avoid shaping marked resources
Often this feature needs for ISP, which provides access to some IX
or its resources.
set service pppoe-server shaper fwmark '223'
|
|
Minimum acceptable MTU. If client will try to negotiate less then
specified MTU then it will be NAKed or disconnected if rejects
greater MTU.
Change 'min-mtu' from 1492 to 1280 for 1.3.3
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
(cherry-picked from commit 38bab79324087df5a9057c23b85a0a784c09540a)
|
|
[1.3] T4832: dhcp: Add dhcp option to signal IPv6-only support (RFC 8925)
|
|
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
|
|
|
|
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
|
|
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new
feature to set the RA source-address. Unfortunately it missed a semicolon.
(cherry picked from commit 4e61fb1f0fd075c5b1a67165204e13f88a7d3015)
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
5. Fixed generation dest local sections in squidGuard.conf
6. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
7. Backported all changes from 1.4 to 1.3 which were made in T3810
8. Fixed webproxy smoketest
|
|
This add the AdvRASrcAddress configuration option to configure
a source address for the router advertisements. The source
address still must be configured on the system. This is useful
for VRRP setups where you want fe80::1 on the VRRP interface
for cleaner VRRP failovers.
|
|
Clients supporting this DHCP option (DHCP option 108, per RFC 8925) will
disable its IPv4 network stack for configured number of seconds
and operate in IPv6-only mode.
Example clients supporting this option including iOS 15+ and macOS 12.0.1+.
|
|
This is a backport of https://github.com/vyos/vyos-1x/pull/1656.
Note I also changed `ip-down.script.tmpl` to not wait for `systemctl
stop dhcp6c@$iface.service`, because that command is slow and pppd will
kill the ip-down script if it times out.
I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch.
Not sure if there is another mechanism to handle that functionality or
it is missed.
|
|
ddclient: T4743: Add option for IPv6 Dynamic DNS
|
|
conntrack-sync: T4730: Fix listen-address jinja2 template
|
|
Fix correct format for prometheus listen-address when we use
IPv6 address, we must use square 'brackets'
http://[2001:db8::11e]:9273
|
|
Listen address has option 'multi'
As result we have an incorrect template value for listen-address
- conntrack-sync listen-address '192.0.2.11' in template
It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf
but the correct string expected without brackets
Fix it
|
|
Allow to set IPv6 address for Dynamic DNS
set service dns dynamic interface eth2 ipv6-enable
|
|
Adds a sysctl parameter to ignore the default router obtained from
router advertisements when pppoe default-route is set to 'none'.
|
|
ocserv: openconnect: T4614: add support for split-dns (equuleus)
|
|
Add protocol23format for rsyslog protocol UDP
Add ability to use IPv6 addresses (bracketize_ipv6) for
protocol TCP and UDP, when protocol is configured explicity
|
|
set vpn openconnect network-settings split-dns <domain>
(cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
|
|
(cherry picked from commit 0943ac00412b0049b7a20a54e27e7b8025726598)
|
|
(cherry picked from commit 258e6873b60531fe70d868d2e53ce2f921fe7f13)
|
|
snmp: T2763: Add protocol TCP for service SNMP
|
|
Ability to listen TCP port for service SNMP
set service snmp protocol tcp
|
|
Delete extra space for template uacctd.conf.tmpl
Update smoketest to replace '.' with '-'
|
|
Fix for IPv6 netflow_plugin name
When we use IPv6 uacctd.conf doesnt expect coluns in the plugin
name. Replace coluns to dash. Place IPv6 address into [] brackets
|
|
accel-ppp: T4373: T4507: Add options multiplier for shaper
|
|
ntp: T4456: support listening on specified interface (equuleus)
|
|
dns: T4509: Add dns64-prefix option (equuleus)
|
|
rfc6147: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
set service dns forwarding dns64-prefix 2001:db8:aabb::/96
(cherry picked from commit 2bdf4798570222b57af2de2f0b443529abdc3feb)
|
|
Add rate-limit options: attribute, muptiplier and vendor
set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit'
set service ipoe-server auth radius rate-limit enable
set service ipoe-server auth radius rate-limit multiplier '0.001'
set service ipoe-server auth radius rate-limit vendor 'Miktorik'
|
|
Multiplier option is required by some vendors for correct shaping
For RADIUS based rate-limits
edit service pppoe-server
set authentication radius rate-limit multiplier '0.001'
|
|
(cherry picked from commit b1db3de80b8b5f4e2dcbc6d687d342986345c4b2)
|
|
When clients only use DHCP for interface addressing we can not bind NTPd to
an address - as it will fail if the address changes. This commit adds support
to bind ntpd to a given interface in addition to a given address.
set system ntp interface <name>
(cherry picked from commit 6732df1edd632b56d3d02970939f51d05d4262e9)
|
|
ipoe: T2580: Add pools and gateway options
|
|
Add action 'reset' (op-mode) for HTTP-API
http://localhost/reset
curl --unix-socket /run/api.sock -X POST -Fkey=mykey \
-Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \
http://localhost/reset
|
|
Add new feature to allow to use named pools
Can be used also with Radius attribute 'Framed-Pool'
set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
monitoring: T4315: Add telegraf output plugin prometheus-client
|
|
Add output Plugin "prometheus-client" for telegraf
set service monitoring telegraf prometheus-client xxx
|
|
|
|
|
|
Shared network name should not be handled by tag node mangling
I.e. should not replace underscores with dashed
set service dhcp-server shared-network-name NET_01
shared-network NET_01 {
authoritative;
...
on commit {
set shared-networkname = "NET_01";
}
}
(cherry picked from commit b75b351b7dd2ec87407f98668468b1fc146428bf)
|
|
(cherry picked from commit a6c936997611de85dc73152297679d0b53095713)
|
|
To reproduce:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.1002.00'
Now enable SPF:
set protocols isis spf-delay-ietf holddown '20'
set protocols isis spf-delay-ietf init-delay '31'
set protocols isis spf-delay-ietf long-delay '30'
set protocols isis spf-delay-ietf short-delay '32'
set protocols isis spf-delay-ietf time-to-learn '44'
This will only render the FRR config line: spf-delay-ietf init-delay 31 which
is incomplete:
frr-reload output: 2 2022-04-03 12:35:24,764 ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 4:
frr-reload output: 3 b'line 15: % Command incomplete: spf-delay-ietf init-delay 31\n\n'
|
|
(cherry picked from commit 5fc9ef9e31eb566a601f8a150c69b183a4331564)
|
