Age | Commit message (Collapse) | Author |
|
|
|
(cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25)
|
|
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
|
|
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
|
|
The root cause is that the ipsec-settings.py script is run _twice_:
first from "vpn ipsec options", then from the top level "vpn" node.
The case when it's not required is when:
* "vpn ipsec" configuration doesn't exist yet
* user configured it with "vpn ipsec options"
* the ipsec-settings.py script is run first time, from "vpn ipsec options"
Trying to restart charon at that stage leads to a deadlock.
|
|
|
|
This code was generated before to rewrite IPSec to XML style
And this was rewriten/fixed and used in the next 1.4 releases
So we realy don't need it in 1.3 as we use old nodes for it.
|
|
(cherry picked from commit 514da738173696c70440c959b9d7ec9afd77fbae)
|
|
(cherry picked from commit bbe0deda9bfcfd4116c44b42156a628de8400b48)
|
|
SSH keys used for remote login are supplied as base64 encoded data on the CLI.
The key is not validated, thus an invalid copy/pasted key will render the login
useless. This commit adds a custom and re-usable validator which check if the
data is properly base64 encoded.
(cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
|
|
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net:
Remove references to NETIF_F_UFO from ethtool.").
|
|
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)
|
|
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4
(required by T3417) it makes sense to synchronize the CLI configuration for
both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse
the userbase already with a brand new feature.
As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards,
this is the perfect time.
|
|
|
|
interfaces
(cherry picked from commit 081e0334c00887c373fafde761cca960667be21b)
|
|
(cherry picked from commit b121ee14ff1961b56568b0116de3c246ea4af934)
|
|
Both building blocks only differed in the help text, so use IP for both
IPv4 and IPv6.
(cherry picked from commit 0e751221d0832acac807e7f0bc97d7bb31230c3a)
|
|
(cherry picked from commit 0a8a0188033d6b27c521f082fdddae9873dd5d3d)
|
|
|
|
(cherry picked from commit 51f7ce31bc60ea9933848bc23efda9386e39a151)
|
|
and port
Tested using:
set destination rule 100 inbound-interface 'eth0'
set destination rule 100 translation address '19.13.23.42'
set destination rule 100 translation options address-mapping 'random'
set destination rule 100 translation options port-mapping 'none'
set source rule 1000 outbound-interface 'eth0'
set source rule 1000 translation address '122.233.231.12'
set source rule 1000 translation options address-mapping 'persistent'
set source rule 1000 translation options port-mapping 'fully-random'
|
|
|
|
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of
backporting single pieces which are required to add new feature to the tunnel
interface section.
In addition that both libraries are now back in sync it will become much easier
to backport any other new feature introduced in VyOS 1.4!
|
|
(cherry picked from commit 12bc0e667d66070fa8ad84781bdedca46c571e9e)
|
|
(cherry picked from commit bc01277bdfdf49be8950fe2cbf3749d42da2850d)
|
|
(cherry picked from commit 96dce0f47805bb321881183da9a47b621fd54ec8)
|
|
|
|
(cherry picked from commit 2318c874c4ec43076c2664e473f7273928d9f2a6)
|
|
(cherry picked from commit 065c6b620cb52a3235c7b6e210d34dc8cb943b95)
|
|
(cherry picked from commit 6b7b19c93f90839549dd668116c4da2f38cfdc66)
VyOS 1.3 will ship OpenVPN 2.5.1 and thus it is the perfect timing to still
remove this option before introducing it in a new LTS release.
|
|
(cherry picked from commit 9431383abc926ca4513928c56924e942ea250cc8)
|
|
(cherry picked from commit 4b2fef88644bb75dadbe33b9638a4150def7e14f)
|
|
|
|
Some APNs require a username/password. Add CLI nodes (matching the PPPoE
syntax) for client authentication.
One APN would be the IPv4/IPv6 APN from Deutsche Telekom (Germany)
APN Name: Telekom Internet IPv6
APN: internet.v6.telekom
Benutzername: telekom
Passwort: tm
|
|
(cherry picked from commit c2a1c071e7d0a9ca754d7f5016eed7db188b3d1a)
|
|
(cherry picked from commit 556e03922f78f8e258c6d6630ad47569be376e11)
|
|
|
|
Set default TTL value for tunnels from 0 to 64
There are a lot of situation when default value 0 (inherit)
not work properly when you have routing configuration for OSPF
or BGP over the tunnels. To fix it you need explicit set TTL
value other then 0. Or hardcode another value as default.
(cherry picked from commit b4db37507635bf95161bea32b18736fc0732a9e6)
|
|
Co-authored-by: Mark Royds <mark.royds@vitaminit.co.uk>
(cherry picked from commit c17f259d09abd2bf632d09400fe8deb4c2781d32)
|
|
(cherry picked from commit e36120d93ee1c8077b713c4bb9c10035f0a9957a)
|
|
Option specifying the rate in which we'll ask our link partner to transmit
LACPDU packets in 802.3ad mode.
set interfaces bonding bond0 lacp-rate <slow|fast>
slow: Request partner to transmit LACPDUs every 30 seconds (default)
fast: Request partner to transmit LACPDUs every 1 second
(cherry picked from commit 8e392a3dbc16f7b80a979f7b4e9c11408d700e6f)
|
|
(cherry picked from commit 59a82d4ba9790a61b5dc321544a7aa2a10e18322)
|
|
(cherry picked from commit 117533482d29ce0bd1bc7f3a3f2536921c16565c)
|
|
(cherry picked from commit b6301bfd6a6cb084671fd24970a4a06b10a89d90)
|
|
equuleus
|
|
(cherry picked from commit 85d0ae7b434a3ae9f3bd50ad7fee1fcd23b26a26)
|
|
The previously used regex allowed an address value of "dhcpfoo" which is invalid
and will raise an OSError. Harden the regex that it explicitly must be dhcp or
dhcpv6.
(cherry picked from commit dd4c60c1c3423f02457bc1dcc25e36d03d537a5f)
|
|
Sometimes a modem might give a local IP before it retrieves a WAN IP.
This can be an issue with failover routes,
since the default route will get overridden.
(cherry picked from commit e8535616aae2bf0c20aacee6a4d0761183bae6d9)
|
|
(cherry picked from commit dd2eb5e5686655c996ae95285b8ad7eb73d63d0b)
|