Age | Commit message (Collapse) | Author |
|
|
|
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c)
(cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
|
|
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
|
|
Do not create rfc3768-compatibility interfaces by default because of wrong
Jinja2 syntax. Backporting the entire system makes it easier in the future to
additional bugfixes.
|
|
The group CLI node takes a multicast IPv4 or IPv6 address - this must be input
validated to not case any OS exception
cpo@LR1.wue3# show interfaces vxlan
vxlan vxlan0 {
+ group 254.0.0.1
source-address 172.18.254.201
+ source-interface dum0
vni 10
}
Results in OSError beeing rasied with the following context:
Error: argument "254.0.0.1" is wrong: invalid group address
(cherry picked from commit 0d7cd4ed5725d3e79faad5abc0801631c2ffc813)
|
|
This reverts commit 38e02c12a50de685c6d70954cd94a224e8083f0b.
|
|
(cherry picked from commit 6541bdbe792a3cc420f0367e673f27763528376c)
|
|
shared-network
(cherry picked from commit 689d1824d251ea9fbd81bf0c941dbd36e33ef420)
|
|
(cherry picked from commit 59e5b5eb4c0507f9d3831483152a748b58560bfd)
|
|
DHCP servers "shared-network" level only makes sense if one can specify
configuration items that can be inherited by individual subnets. This is now
possible for name-servers and the domain-name.
set service dhcp-server shared-network-name LAN domain-name 'vyos.net'
set service dhcp-server shared-network-name LAN name-server '192.0.2.1'
(cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b)
|
|
(cherry picked from commit 90dffcb3c14ec976fecae32d19a979f05a40d9c8)
|
|
(cherry picked from commit 564f05614b6e8650185c46b9625f6a0cd9661639)
|
|
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
|
|
This option is mandatory and must be user configurable as it needs to match
on both sides.
(cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
|
|
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
|
|
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given
pool. In order to use the same CLI syntax this should be renamed to name-server,
which is already the case for DHCPv6.
(cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
|
|
vyos@vyos# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 192.168.10.0/24 {
next-hop 10.0.0.2
}
static-route 192.168.20.0/24 {
router 10.0.0.2
}
}
}
(cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
|
|
(cherry picked from commit 60f34805d72973e510d1381e4b67a73d0a0952f4)
|
|
|
|
(cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25)
|
|
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
|
|
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
|
|
The root cause is that the ipsec-settings.py script is run _twice_:
first from "vpn ipsec options", then from the top level "vpn" node.
The case when it's not required is when:
* "vpn ipsec" configuration doesn't exist yet
* user configured it with "vpn ipsec options"
* the ipsec-settings.py script is run first time, from "vpn ipsec options"
Trying to restart charon at that stage leads to a deadlock.
|
|
|
|
This code was generated before to rewrite IPSec to XML style
And this was rewriten/fixed and used in the next 1.4 releases
So we realy don't need it in 1.3 as we use old nodes for it.
|
|
(cherry picked from commit 514da738173696c70440c959b9d7ec9afd77fbae)
|
|
(cherry picked from commit bbe0deda9bfcfd4116c44b42156a628de8400b48)
|
|
SSH keys used for remote login are supplied as base64 encoded data on the CLI.
The key is not validated, thus an invalid copy/pasted key will render the login
useless. This commit adds a custom and re-usable validator which check if the
data is properly base64 encoded.
(cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
|
|
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net:
Remove references to NETIF_F_UFO from ethtool.").
|
|
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)
|
|
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4
(required by T3417) it makes sense to synchronize the CLI configuration for
both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse
the userbase already with a brand new feature.
As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards,
this is the perfect time.
|
|
|
|
interfaces
(cherry picked from commit 081e0334c00887c373fafde761cca960667be21b)
|
|
(cherry picked from commit b121ee14ff1961b56568b0116de3c246ea4af934)
|
|
Both building blocks only differed in the help text, so use IP for both
IPv4 and IPv6.
(cherry picked from commit 0e751221d0832acac807e7f0bc97d7bb31230c3a)
|
|
(cherry picked from commit 0a8a0188033d6b27c521f082fdddae9873dd5d3d)
|
|
|
|
(cherry picked from commit 51f7ce31bc60ea9933848bc23efda9386e39a151)
|
|
and port
Tested using:
set destination rule 100 inbound-interface 'eth0'
set destination rule 100 translation address '19.13.23.42'
set destination rule 100 translation options address-mapping 'random'
set destination rule 100 translation options port-mapping 'none'
set source rule 1000 outbound-interface 'eth0'
set source rule 1000 translation address '122.233.231.12'
set source rule 1000 translation options address-mapping 'persistent'
set source rule 1000 translation options port-mapping 'fully-random'
|
|
|
|
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of
backporting single pieces which are required to add new feature to the tunnel
interface section.
In addition that both libraries are now back in sync it will become much easier
to backport any other new feature introduced in VyOS 1.4!
|
|
(cherry picked from commit 12bc0e667d66070fa8ad84781bdedca46c571e9e)
|
|
(cherry picked from commit bc01277bdfdf49be8950fe2cbf3749d42da2850d)
|
|
(cherry picked from commit 96dce0f47805bb321881183da9a47b621fd54ec8)
|
|
|
|
(cherry picked from commit 2318c874c4ec43076c2664e473f7273928d9f2a6)
|
|
(cherry picked from commit 065c6b620cb52a3235c7b6e210d34dc8cb943b95)
|
|
(cherry picked from commit 6b7b19c93f90839549dd668116c4da2f38cfdc66)
VyOS 1.3 will ship OpenVPN 2.5.1 and thus it is the perfect timing to still
remove this option before introducing it in a new LTS release.
|
|
(cherry picked from commit 9431383abc926ca4513928c56924e942ea250cc8)
|