Age | Commit message (Collapse) | Author |
|
T5872: ipsec remote access VPN: support dhcp-interface. (backport #2965)
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
(cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
|
|
(cherry picked from commit 679b78356cbda4de15f96a7f22d4a98037dbeea4)
|
|
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
|
|
interface with vrf
|
|
(cherry picked from commit 2ba435fa4bc8a5c9b2285fb9215ebc582bfb5fdf)
|
|
Users can not (FRR fails) commit the same network belonging to different OSPF
areas. Add verify() check to prevent this.
(cherry picked from commit c6d8d9c012da1a7566eec2dff70385457f073e64)
|
|
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain"
node identifying the IS-IS process name). Drop all references to "process"
variable.
Specifying:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis redistribute ipv4 bgp
Triggered an exception
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify
f'"protocols isis {process} redistribute {afi} {proto}"!')
^^^^^^^
NameError: name 'process' is not defined
(cherry picked from commit 78212414e085d6261a32015553eb3e407f77792f)
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
(cherry picked from commit 62bda3b082a79c2f31483dba5bfeb19464f6dbe2)
|
|
(cherry picked from commit e2df1f4929774792c1d4bfb78c2dfa5bdf7f0825)
|
|
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
(cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
|
|
Lower available CPU C states to a minimum if this option set. This will set
Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
(cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)
|
|
(cherry picked from commit 1fbda31623054ee944d063f738e4d1d4170341ef)
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
firewall|nat rules.
(cherry picked from commit 3c0634e572ffdecaf24a9dac16678427f22761ab)
|
|
If we have any `vpn ipsec` and `protocol nhrp` configuration we
get the empty configuration file `/run/opennhrp/opennhrp.conf`
after rebooting the system.
Use config dependency instead of the old `resync_nhrp` function
fixes this issue
(cherry picked from commit 689fea253d9019df20d5c6ac7fa22d5e8454afab)
|
|
(cherry picked from commit 6a97fdfa1ba9b4135a51498ea5acabb804256b2c)
|
|
(cherry picked from commit 298bcc5cb90c4c83981ec4baaaa0db785306867d)
|
|
Example:
vyos@vyos# set protocols ospfv3 redistribute bgp
Possible completions:
metric OSPF default metric
metric-type OSPF metric type for default routes (default: 2)
route-map Specify route-map name to use
(cherry picked from commit ed2c288c8a9031f91acf76d20b84e2002696981c)
|
|
(cherry picked from commit 3480d92a8c4d84e8c1f94a9362bac2be0cc77921)
|
|
Implement VyOS ASCII art contest winners logo as the default for our MOTD
(cherry picked from commit 0ea3a454cf560171d3eb9d4d1b97b172c06360fe)
|
|
required
(cherry picked from commit 6f7d1e15665655e37e8ca830e28d9650445c1217)
|
|
It does not make sense to perform the "podman login" command when setting up
containers, as images are not automatically pulled in from the registry - due
to issues with the default route during startup.
The same issue manifests in "podman login" where we can not login to a registry
unless there is a default route present.
This commit changes the behavior that the container registry is part of the
configuration, but it is only referenced during "add container image" and thus
never during system boot.
(cherry picked from commit baf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6)
|
|
In order to keep the proper priority list during system startup and on initial
setup/commit for this feature the dependent VXLAN code should not be called,
if the interface in question does not exist (yet).
(cherry picked from commit dbe8c613bb80bc8b714398825054ade5942ea75b)
|
|
* set system login user <name> disable
(cherry picked from commit 6e0b146ed3b90da577c3ecba38836883fd435e7a)
|
|
* set system ip nht no-resolve-via-default
* set system ipv6 nht no-resolve-via-default
(cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
(cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
|
|
(cherry picked from commit 78820752b936e77d30f995498ff36487c5c6af87)
|
|
(cherry picked from commit 0f8bf6bd0fb29cfd638e9920674e7ad1d1d25350)
|
|
(cherry picked from commit ac2d7dfac6073d0f232191ec494f78a8d12889e4)
|
|
set pki openssh rpki private key ...
set pki openssh rpki public key ...
set pki openssh rpki public type 'ssh-rsa'
(cherry picked from commit 8c78ef0879f22ffd4a5f7fdb175e9109b46e9d7b)
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
|
|
Hide unexpected output by attempts of deleting `qdisc` from
interfaces
[ qos ]
Error: Cannot find specified qdisc on specified device.
Error: Cannot delete qdisc with handle of zero.
(cherry picked from commit 6dcb68ba5553ac94eb3a9da4a915999500b00ab2)
|
|
Always enable VRF strict_mode
(cherry picked from commit 117fbcd6237b59f54f2c1c66986a8ce073808c84)
|
|
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
(cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
|
|
Fix verify error for the VPN OpenConnect configuration with
local authentication and without any user
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify
if not ocserv["authentication"]["local_users"]:
KeyError: 'local_users'
(cherry picked from commit 71644dfed63f6248525db3c3bc9493c059707a2a)
|
|
(cherry picked from commit 586863bf3a9cb1dd1c0d74b628d00096b905740f)
|
|
(cherry picked from commit 52e9707a43290f5f826766e2c42c5f0db3c9adec)
|
|
T5971: Rewritten ppp options in accel-ppp services (backport #2891)
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
(cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
|
|
Modify the dynamic dns configuration 'address' subpath for better
clarity on how the address is obtained.
Additionally, remove `web-options` and fold those options under the
path `address web`.
|
|
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
|
|
dns: T5959: Streamline dns forwarding service (backport #2854)
|
|
appropiate commands to populate such groups using source and destination address of the packet.
(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
|
|
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp (backport #2832)
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
(cherry picked from commit 1c1fb5fb4bd7c0d205b28caf90357ad56423464f)
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
(cherry picked from commit d187803c31175e471397dd4f77040ab56d2e1073)
|
|
Denied using command 'route-target vpn export/import'
with 'both' together in bgp configuration.
(cherry picked from commit 32a13411f47beffcbe4b49a869c99cb42374d729)
|
|
system-option: T5979: Add configurable kernel boot options (backport #2886)
|