Age | Commit message (Collapse) | Author |
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
|
|
dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally connected interfaces
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
|
|
|
|
https: T5902: fix migration of virtual-host port
|
|
CLI source node is port and not listen-port.
|
|
T5960: Rewritten authentication node in PPTP to a single view
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
|
|
|
|
T5971: Rewritten ppp options in accel-ppp services
|
|
ddclient: T5966: Adjust dynamic dns config address subpath
|
|
T5941: Migration policy delete orphaned interface policy
|
|
T5941: Migration QoS delete orphaned interface traffic-policy
|
|
Denied using command 'route-target vpn export/import'
with 'both' together in bgp configuration.
|
|
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
|
|
We can get an orphaned interface traffic-policy when the traffic-policy
name is removed from the interface, but the node `trffic-policy`
is still attached to the interface
For exmaple we have orphaned node traffic-policy on an interface:
```
set interfaces bonding bond0 vif 995 traffic-policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete traffic-policy from all interfaces if traffic-policy does not exist
|
|
We can get orphaned interface policy when the policy name was
removed from the interface but the node `policy` still attached
to the interface
For exmaple we have orphaned node policy on interface:
```
set interfaces bonding bond0 vif 995 policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete policy from all interfaces if policy does not exist
|
|
|
|
Changed the value from 'hold' to 'trap' in the 'close-action'
option in the IKE group.
Changed the value from 'restart' to 'start' in the 'close-action'
option in the IKE group.
|
|
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp
|
|
T4658: Renamed DPD action value from 'hold' to 'trap'
|
|
Renamed DPD action value from 'hold' to 'trap'
|
|
T5889: Fix migration scripts nat 5-to-6
|
|
bgp: T5937: fix migration script for IPv6 AFI peer-group
|
|
Migrate "bgp <ASN> neighbor <NEIGH> address-family ipv6-unicast peer-group"
to "bgp neighbor <NEIGH> peer-group"
|
|
The current migration drop interface name for NAT where not should
```
nat {
source {
rule 100 {
outbound-interface {
name "eth0"
...
}
}
}
```
After migration we lost interface:
/home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf
/home/vyos#
/home/vyos# cat tmp.conf | grep "nat {" -A 10
nat {
source {
rule 100 {
outbound-interface {
interface-name ""
...
}
}
}
```
This commit fixes it.
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
|
|
|
|
* Also migrate `address-range` to `range` tag node for consistency with dhcpv4 server syntax
|
|
firewall: T5814: Retain legacy 'accept' behaviour and re-order migration
|
|
the lease file (#2796)
|
|
T5688: Changed 'range' to multi in 'client-ip-pool' for accell-ppp
|
|
dhcp: T3316: T5787: T5912: Extend scope of DHCP options, bugfixes
|
|
Pre-1.4 firewall 'accept' action acted as a 'return'. This change ensures the migrated rules meet the expected behaviour.
This commit also re-orders migrated in/out/local jumps ordered by direction instead of interface.
|
|
|
|
Changed node 'range' to multi in 'client-ip-pool' for accell-ppp
services.
Added completionHelp to default-pool and next-pool.
Fixed verification in vpn l2tp config script.
|
|
We have not seen the adoption of the https virtual-host CLI option.
What it did?
* Create multiple webservers each listening on a different IP/port
(but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
the default host
This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.
Changes
Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
|
|
|
|
|
|
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
|
|
system: T5877: Shorten system domain-search config path
|
|
Shorten and simplify `system domain-search` config path from:
```
set system domain-search domain <domain1>
```
to:
```
set system domain-search <domain1>
```
This will shorten the path and also make consistent with `domain-search`
config in other places (like `dhcp-server`).
|
|
Fixed migration 'subnet' option in l2tp, sstp, pppoe.
'subnet' option can contain several values.
|
|
T5801: Rewritten L2TP to get_config_dict
|
|
dhcp: T3316: Support hostname, DUID and MAC address in reservation
|
|
|
|
ddclient: T5144: Migrate web-options url to stricter format
|
|
|