Age | Commit message (Collapse) | Author |
|
(#3909)
Strongswan does not initiate session after termination via vici.
Added an CHILD SAs initialization on the initiator side
of the tunnel.
(cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2)
Co-authored-by: aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>
|
|
Make it more obvious for the user aber the severity of his action.
(cherry picked from commit b3b31153963cc4338e8229f9f94b339682dd73a0)
|
|
ports
* Created op-mode command "restart serial console"
* Relocated service control to vyos.utils.serial helpers, used by conf- and
op-mode serial console handling
* Checking for logged-in serial sessions that may be affected by getty reconfig
* Warning the user when changes are committed and serial sessions are active,
otherwise restart services as normal. No prompts issued during commit,
all config gen/commit steps still occur except for the service restarts
(everything remains consistent)
* To apply committed changes, user will need to run "restart serial console"
to complete the process or reboot the whole router
* Added additional flags and target filtering for generic use of helpers.
(cherry picked from commit bc9049ebd76576d727fa87b10b96d1616950237c)
|
|
(cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3)
|
|
deletion
Now that interfaces are deleted from ct_iface_map during deletion it's time to
also add a smoketest ensuring there is no entry in the ct_iface_map once an
interface was deleted from the CLI.
(cherry picked from commit 1c42ee9d16dd49fff2cbde652bf24a38f364526c)
|
|
We always have had stale interface entries in the ct_iface_map of nftables/
conntrack for any interface that once belonged to a VRF.
This commit will always clean the nftables interface map when the interface
is deleted from the system.
(cherry picked from commit 17c12bde5c6f314311e7524842fd1ddc254009b4)
|
|
op_mode: T6593: Release DHCP interface does not work (backport #3861)
|
|
(cherry picked from commit 92461c35c7ef131940c885aca894a2d8b3c89592)
|
|
(cherry picked from commit 11b273108d78ab1588be3c077f40b2ac876369a4)
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
(cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
# Conflicts:
# python/vyos/ifconfig/interface.py
# python/vyos/utils/network.py
|
|
(cherry picked from commit 52d08b1ec5b2943744daac7123e35fd415f85db2)
|
|
(cherry picked from commit 7249d10f1fbb3f90a4bdbcd0223926d0380ddd3a)
|
|
During a corner case where the configuration is migrated to a different system
with fewer ethernet interfaces, migration will fail during an image upgrade.
vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an
exception that kills the migrator
(cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
|
|
macsec: T5447: fix error message syntax - there is no tx and rx key, only key (backport #3685)
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
(cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
|
|
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
(cherry picked from commit e318eb33446de47835480d4b8f1646b39fb5c388)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
(cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
|
|
grub: T6453: Fixed GRUB variables parsing (backport #3592)
|
|
To parse variables with `=` a variable name should be limited by alphanumerical
characters only.
(cherry picked from commit d3acecdf129cd940f8b2d1b229a6e2a343cab74b)
|
|
`bridge vni show dev vxlanX` will exit with an error if no VNI filters
are installed, but the getter is used even when we haven't installed any.
This fix avoids fetching a list of VNI filters unless we know we've
created some.
(cherry picked from commit ac7ee2b36df23c3a4dd2be393132631556b6ef40)
|
|
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com>
(cherry picked from commit cf07a55d183be1f4d28b8b50a0784513d91d6fe2)
|
|
and return False if the user interrupts the prompt with Ctrl-C
(cherry picked from commit 5a5dda14fd3d472680568f1792e9fbdb030f3995)
|
|
after applying the diff
(cherry picked from commit 7bba95c8052af5b0cc5908cb9e740caa01b44161)
|
|
T6375: Fix/Update NAT logging (backport #3493)
|
|
(cherry picked from commit e50b7afc9d5b727d04933116ccf364a2b9a48c30)
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
(cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
|
|
(cherry picked from commit e0105ef380f1575613982f3b43c8ea3856654208)
|
|
(cherry picked from commit 783edc98f82f8718ccc856976d9a8f59bc6822e9)
|
|
They were never supported by VyOS,
that was just for very old systens upgraded from Vyatta Core
(cherry picked from commit d8223d50ab627d2b58e14101891bf8ffb8111234)
|
|
(cherry picked from commit ecee10d0512daff3034499d1163463d1390e35d4)
|
|
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
|
|
(cherry picked from commit 314901e7b45782fb6266b35b0e788ab7ea1404b8)
|
|
(cherry picked from commit d8ddd7191d3004e886fa45a2cf9bd8dd5e7f5e14)
|
|
(cherry picked from commit 234f35d8bae71b5d33ad97cdabc236ec6b13c3a2)
|
|
to faciliate running it outside of a VyOS installation
(cherry picked from commit 90507681cfb39c5570f0afbf1542bd49feb5c0ab)
|
|
to enable calling scripts outside of live VyOS systems
|
|
Package path/section data in single command containing a tree (dict) of
section paths and the accompanying config data. This drops the call to
get_config_dict and the need for a list of commands in request.
(cherry picked from commit 30a530839cdbd934ea62369e385dc33fa50ab6de)
|
|
(cherry picked from commit b2248b68afac795ad391b7203117d6d40a7ba6ed)
|
|
(cherry picked from commit e915900bfec8d24276afb73599c94ab93f3c24ee)
|
|
The netns support currently available on the VyOS CLI is only a
proof-of-technology, we have no real support for any service behind it.
In order to not confuse anyone on the LTS branch we decided to remove the
netns option for interfaces until there is a proper usecase and implementation
available.
|
|
T6269: policy: ensure correct rule parsing when using, and when not using <set table> option in policy route. (backport #3367)
|
|
Fix default values for random-detect
Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
(cherry picked from commit 0b54c1bc411a21833ec573031cf5ad98fe709a2f)
|
|
<set table> option in policy route.
(cherry picked from commit d518386d74ab09c7e75fdbf7f67e14839180f24b)
|
|
(cherry picked from commit 70e1df1b5fcb3b1791cca320ed45b71e01e1ffda)
|
|
(cherry picked from commit 5c173c5935eab3a8bd0f169759617c4296a92df7)
|
|
(cherry picked from commit 80077eee89e4f0aa3af5dca1a4b2b5e1665bda6f)
|
|
qos: T4248: Allow to remove the only rule from the qos class (backport #3316)
|
|
(cherry picked from commit da40bd2b2a826986de128354ea1bfc041ada0016)
|
|
Add abiilty to change `base_reachable_time_ms` option
/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
(cherry picked from commit 0bf4b570fe2d239b9fbabd3ae801ad3f04a06bde)
|