Age | Commit message (Collapse) | Author |
|
The podman version used in VyOS 1.3 differs from the one used in VyOS 1.4 as
it is currently not possible to build podman 4.2 for Debian Buster. Due to this
restriction we need to adjust the handling of the JSON output when working with
container networks.
|
|
container: T578: backport podman from 1.4 development branch (equuleus)
|
|
|
|
(cherry picked from commit 7923e7c57a7492111c7cec8b04228db0a6f00af3)
|
|
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
|
|
(cherry picked from commit 65b104d6e0608e229aa36d948fabddaf3f4a0a8b)
|
|
T3810: Fixed all issues in T3810
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
5. Fixed generation dest local sections in squidGuard.conf
6. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
7. Backported all changes from 1.4 to 1.3 which were made in T3810
8. Fixed webproxy smoketest
|
|
backport: T4515: T4219: policy local-route6 and inbound-interface support
|
|
(cherry picked from commit f3420a967ad5597c57093b5279a844dca4c516c0)
|
|
The VLAN aware bridge was forwarding traffic between member ports, but traffic
destined torwards the CPU was dropped. This resulted in a gateway not reachable
or DHCP leases that could not be handed out.
Tested via:
VyOS
set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '10'
set interfaces bridge br0 member interface eth1 allowed-vlan '20'
set interfaces bridge br0 member interface eth1 allowed-vlan '30'
set interfaces bridge br0 member interface eth1 allowed-vlan '40'
set interfaces bridge br0 member interface eth1 native-vlan '40'
set interfaces bridge br0 member interface eth2 allowed-vlan '30'
set interfaces bridge br0 member interface eth2 allowed-vlan '20'
set interfaces bridge br0 member interface eth2 allowed-vlan '10'
set interfaces bridge br0 member interface eth2 allowed-vlan '40'
set interfaces bridge br0 vif 10 address '10.0.10.1/24'
set interfaces bridge br0 vif 20 address '10.0.20.1/24'
set interfaces bridge br0 vif 30 address '10.0.30.1/24'
set interfaces bridge br0 vif 40 address '10.0.40.1/24'
Arista vEOS
vlan 10,20,30,40
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
interface Vlan10
ip address 10.0.10.2/24
interface Vlan20
ip address 10.0.20.2/24
interface Vlan30
ip address 10.0.30.2/24
interface Vlan40
ip address 10.0.40.2/24
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
spanning-tree portfast
Cisco vIOS
interface GigabitEthernet0/0
ip address 10.0.40.3 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.10.3 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.0.20.3 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.0.30.3 255.255.255.0
!
(cherry picked from commit f60d0e1ce029925b843f635b36154c90049b9577)
|
|
set vpn openconnect network-settings split-dns <domain>
(cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
|
|
(cherry picked from commit bd102eac6d0c97a5f75324d1248814ebdad42da5)
|
|
AES-GCM-256
(cherry picked from commit e19889adf8cef101d85a279055271a68b078ec73)
|
|
(cherry picked from commit 17e76dc77801ac58b2587f664c884c0d671a55c0)
|
|
aware bridge
(cherry picked from commit dbc8e243e13b370e74c6ab20b642c881b6377bd5)
|
|
snmp: T2763: Add protocol TCP for service SNMP
|
|
equuleus: Bond and Bridge interface fixes + new smoketests
|
|
(cherry picked from commit 74d6a7e4fc9e2e929c5f899070e6fc3e3e3b5ceb)
|
|
Linux Kernel supports to specify the MII link monitoring frequency in
milliseconds. This determines how often the link state of each slave is
inspected for link failures. A value of zero disables MII link monitoring.
A value of 100 is a good starting point.
The default value is 100.
set interfaces bonding bond0 mii-mon-interval <n>
(cherry picked from commit 4315c8fa5bb090e2b7edd6bda205041623e2511d)
|
|
(cherry picked from commit 8d1bb953b784d03e02ba26e78da5488a79aaf20d)
|
|
Ability to listen TCP port for service SNMP
set service snmp protocol tcp
|
|
Delete extra space for template uacctd.conf.tmpl
Update smoketest to replace '.' with '-'
|
|
A bond member can not also be used as a member of a bridge interface.
(cherry picked from commit 19bfed0abd75adacb61f170606fff8b4d2e7713f)
|
|
A bond member is not allowed to also be used as a source interface for
e.g. PPPoE or MACsec.
(cherry picked from commit 6fca4854aa2e950795ff0411abe4601f86bdeac0)
|
|
ntp: T4456: support listening on specified interface (equuleus)
|
|
(cherry picked from commit 82945a7ff0899295776b5a4bc009fe6513bcdbda)
|
|
(cherry picked from commit 8e2f99db12ad97cfd371fdaa6466e2d443890645)
|
|
rfc6147: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
set service dns forwarding dns64-prefix 2001:db8:aabb::/96
(cherry picked from commit 2bdf4798570222b57af2de2f0b443529abdc3feb)
|
|
When clients only use DHCP for interface addressing we can not bind NTPd to
an address - as it will fail if the address changes. This commit adds support
to bind ntpd to a given interface in addition to a given address.
set system ntp interface <name>
(cherry picked from commit 6732df1edd632b56d3d02970939f51d05d4262e9)
|
|
Create 2 network namespaces which allow us to emulate 2 ISP
with different static addresses
Check routing table 201 for the first ISP and table 202 for the
second ISP. Each table must contain default route
|
|
Extend bonding smoketest
Add descriptions to bonding members
We encountered a situation where adding any configuration for
member of bonding interface excludes the interface from bonding
(cherry picked from commit ae815d1b11a4c17df6aea45e3fc87772a0e40e6a)
|
|
T4363: salt-minion: default mine_interval option is not set
|
|
(cherry picked from commit e36efa6b5df764982678a470b7aa82a33c1c369c)
|
|
(cherry picked from commit 3081705175da8eb4ee7c1264e64d06f30b175fdb)
|
|
|
|
T4331: IPv6 link local addresses are not configured when an interface is in a VRF (equuleus)
|
|
isis: T4336: add support for MD5 authentication password on a circuit (equuleus)
|
|
T4341 SSH and system login fixes + smoketests
|
|
T4319: bugfixes for disabled IPv6 (equuleus)
|
|
(cherry picked from commit 16a88f6b86e4ab920178701f6b3c02e893f337e8)
|
|
|
|
interface in VRF
(cherry picked from commit 5b57c536b5f599deea2106aad7aea95c465bc0c0)
|
|
(cherry picked from commit 6a04ff2840dfcfcad7a1cb93baf210370fa8871e)
|
|
(cherry picked from commit 4bb0adf535e12dc962a0ebea0f5a96f612a76a5d)
|
|
In order to test for proper system authentication and security setup a new
testcase is added which performs an SSH login and command execution with a
predefined user. The result (output of uname -a) must match the output if the
command is run natively.
We also try to login as an invalid user - this is not allowed to work.
(cherry picked from commit e66c45ce7a664ecb26d21a215975777bef0fcd71)
|
|
|
|
Commit f8b3d8999c ("ipv6: T4319: do not configure IPv6 related settings if it's
disabled") moved the MTU configuration part under the code path which is only
run if IPv6 is enabled on the system.
This prevented MTU changes on IPv6 disabled systems.
(cherry picked from commit 53e20097d227ebf4bdb4dc6c85427ec9c5ec3982)
|
|
|
|
inbound-interface support""
This reverts commit 45a2a7d0adc7e9d27d6c7aee1ccbd9b64a1437ad.
|