Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
|
|
server certificates
(cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
|
|
to firewall global-optinos
(cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
|
|
Added params for configuration red on the shaper policy
(cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
|
|
pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions fails (backport #3296)
|
|
fails (#3296)
(cherry picked from commit 6d8336f5ad2d9c4e0f12b54681db2924d6998d2d)
|
|
(cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478)
|
|
There are cloud environments available where the maximum supported ethernet
MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value
or 1500 bytes - whatever is lower.
(cherry picked from commit 8296cc727066e739c178918a91cfc11d20d26fe1)
|
|
ipoe: T6205: error in migration script logic while renaming mac-address to mac node (backport #3263)
|
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
(cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
|
|
mac node
The problem was introduced in [1] but the config migrator part unfortunately
was added to the wrong version [2]. As IPoE config version 0 was only active
during the 1.3 development cycle and VyOS 1.3.0 was already released with config
version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to
properly support upgrades from VyOS 1.3 -> 1.4 or newer.
1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168
2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46
(cherry picked from commit a5ccc06c08d3a9696f1c03c8d0c7de78ce1fd3c5)
|
|
T6199: start validating smoketests against real CLI defaultValues (backport #3266)
|
|
Use vyos.xml_ref.default_value to query XML default values and take them into
account when validating properly applied defaults in individual smoketests
instead of using hardcoded values like 443 for https port.
(cherry picked from commit d9d2e9c8ead29c173fefd1b565d191a85baaa071)
|
|
(cherry picked from commit 489e6fababa60d9c0fbfdb421305cbe563432499)
# Conflicts:
# src/migration-scripts/dhcp-server/9-to-10
# src/migration-scripts/dhcpv6-server/3-to-4
|
|
The option "passive-interface default" was set even if it was not present in
the previous version we are migrating from. Fix migration script to handle this
with a conditional path.
(cherry picked from commit ef8d9a73335bc685084e3ff97238836e452dfa8c)
|
|
(cherry picked from commit d403117cdb5e7718c8590cfeb79a336cb5b67aac)
|
|
T6199: spring cleaning - drop unused Python imports (backport #3240)
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
(cherry picked from commit 274b2da242acd1f1f64ff1dee471e34295137c5f)
|
|
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
|
|
T6192: allow binding SSH to multiple VRF instances (backport #3229)
|
|
The next evolutional step after adding get_config_dict(..., with_pki=True) is
to add a common verification function for the recurring task of validating SSL
certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
(cherry picked from commit 3b758d870449e92fece9e29c791b950b332e6e65)
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
(cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
|
|
Fixed using 'route-map', 'as-set' and 'summary-only' together in
aggregation in BGP
(cherry picked from commit d8df8339d665db58afbf20cecaeb49ac9d1b617d)
|
|
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
|
|
(cherry picked from commit 320fe827b4842b0c0da1ec5fee3d41a5730334d5)
|
|
(cherry picked from commit 6927c0b622c8feaece907944bae3d4724f1e55a0)
|
|
peer-group
changed exception condition
Improved route_reflector_client test
(cherry picked from commit 84f05b1dd41bea5de16d707aa77a467f8d499323)
|
|
dhcp-server: T4718: Listen-address is not commited if the IP address is on the interface with a VRF
|
|
T5872: ipsec remote access VPN: support dhcp-interface. (backport #2965)
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
(cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
|
|
(cherry picked from commit 679b78356cbda4de15f96a7f22d4a98037dbeea4)
|
|
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
|
|
interface with vrf
|
|
(cherry picked from commit 2ba435fa4bc8a5c9b2285fb9215ebc582bfb5fdf)
|
|
Users can not (FRR fails) commit the same network belonging to different OSPF
areas. Add verify() check to prevent this.
(cherry picked from commit c6d8d9c012da1a7566eec2dff70385457f073e64)
|
|
bgp: T6106: Show complete FRR output on internal errors (backport #3151)
|
|
vti: T6085: bring VTI interfaces up only when the IPsec tunnel is up (backport #3157)
|
|
peer-group
handle vtysh bgp error
(cherry picked from commit 6fa72591972618f02ac1c66c084a99e006ce18f3)
|
|
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain"
node identifying the IS-IS process name). Drop all references to "process"
variable.
Specifying:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis redistribute ipv4 bgp
Triggered an exception
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify
f'"protocols isis {process} redistribute {afi} {proto}"!')
^^^^^^^
NameError: name 'process' is not defined
(cherry picked from commit 78212414e085d6261a32015553eb3e407f77792f)
|
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
(cherry picked from commit 9eb018c4935235d292d7c693ac15da5761be064a)
|
|
conntrack: T6147: Enable conntrack when firewall state-policy is defined (backport #3159)
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
(cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
(cherry picked from commit 62bda3b082a79c2f31483dba5bfeb19464f6dbe2)
|
|
add mtu to default and specified class
update smoke test
(cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
(cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
(cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
(cherry picked from commit 259ef4740413b39da9b122db19c549eeec88114c)
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
(cherry picked from commit a72ededa0b29c25efaab52f2db170c34eba50248)
|
|
(cherry picked from commit 77a25e95da48549f2791b677f4ba187e547b1c6a)
|