Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 78cfb949cc6bceab744271cf23f269276b178182)
|
|
(cherry picked from commit 9c825a3457a88a4eebc6475f92332822e5102889)
|
|
|
|
|
|
(cherry picked from commit ead10909ba9104733930bb3f59c90610138bd047)
|
|
Different types of tunnels have different keys set in get_interface_config().
Thus it should be properly verified (by e.g. using dict_search()) that the key
in question esits to not raise KeyError.
(cherry picked from commit 5aadf673497b93e2d4ad304e567de1cd571f9e25)
|
|
This reverts commit 184f25819fa43fc892b97c0044813b8aa56855b4.
|
|
|
|
|
|
Do not create rfc3768-compatibility interfaces by default because of wrong
Jinja2 syntax. Backporting the entire system makes it easier in the future to
additional bugfixes.
|
|
Backported commits:
13abffe43b2a5c41bb4ec4675c227f6cf1f868da
01158a8eaa574c48c726c20693479e4aa6e18ee6
This allows finding all running dhclient processes properly.
|
|
|
|
(cherry picked from commit 0ee26592772a14e829d9d1f8e64f9db875f31a63)
|
|
Commit 260f3832 ("vrrp: keepalived: T616: drop /etc/default/keepalived") dropped
the old daemon configuration but there was one line of code that tried to delete
the file which was no longer present.
This resulted in: KeyError: 'daemon'
|
|
This is a follow-up commit to 65398e5c8 ("vrrp: keepalived: T616: move
configuration to volatile /run directory") as it makes no sense to store a
static /etc/default/keepalived file marked as "Autogenerated by VyOS" that only
enabled the SNMP option to keepalived.
Better pass the --snmp switch via the systemd override file and drop all other
references/files.
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
(cherry picked from commit b243795eba1b36cadd81c3149e833bdf5c5bea70)
|
|
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable
Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside
the keepalived configuration file.
(cherry picked from commit c1ac0630cfe0ee65569fbe435cc006ade20fed22)
|
|
Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option)
unfortunately did not add the name option to the migration script.
(cherry picked from commit e83a113360ba18043edcf7f70689c7042dee2b37)
|
|
(cherry picked from commit 2f8b33a26e63e5b9ac4e697b9312f2238d6241f3)
|
|
This option is mandatory and must be user configurable as it needs to match
on both sides.
(cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
|
|
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
|
|
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given
pool. In order to use the same CLI syntax this should be renamed to name-server,
which is already the case for DHCPv6.
(cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
|
|
vyos@vyos# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 192.168.10.0/24 {
next-hop 10.0.0.2
}
static-route 192.168.20.0/24 {
router 10.0.0.2
}
}
}
(cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
|
|
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer")
introduced Python3 f'ormatted strings but missed the "f" keyword.
(cherry picked from commit dda9f655f94968b07043887a03e3bba176eb94d5)
|
|
(cherry picked from commit 6b48900358ce9b01eaa78e3a086e95a26064f0df)
|
|
Commit b8bb9f586 ("T3822: set the OpenVPN key file owner to openvpn:openvpn")
changed the permissions only for file present in the "fix_permissions" list.
The list did not contain all required certificates - this has been fixed.
|
|
|
|
|
|
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
|
|
(cherry picked from commit d39567c977c84f1c16998947e16d397edbb015be)
|
|
|
|
Move the two implementations to get the driver name of a NIC from ethernet.py
and ethtool.py to only ethtool.py.
|
|
(cherry picked from commit 2647edc30f1e02840cae62fde8b44345d35ac720)
|
|
(cherry picked from commit 84e912ab2f583864e637c2df137f62f3d4cbeb14)
|
|
This patch allows the use of `"` in ssh public-key options which
unlocks the ability to set the `from` option in a way that sshd will
accept to limit what hosts a user can connect from.
(cherry picked from commit 6b52387190f8213e7e02060e894c6ddd4fb7cb3d)
|
|
tunnel: T2920: Add checks tun with same source addr and keys
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
(cherry picked from commit 84a429b41175b95634ec9492e0cf3a564a47abdd)
|
|
2 tunnels with the same local-address should has different keys
Check existing tunnels (source-address key) with new tunnel.
|
|
(cherry picked from commit e211cdbb375dba13af33d6ad6c3addab707f2870)
|
|
message
(cherry picked from commit 10814c4d3360598262e991e4b20768dfcde91d75)
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
|
|
T3697: fix the deadlock in IPsec options script
|
|
The root cause is that the ipsec-settings.py script is run _twice_:
first from "vpn ipsec options", then from the top level "vpn" node.
The case when it's not required is when:
* "vpn ipsec" configuration doesn't exist yet
* user configured it with "vpn ipsec options"
* the ipsec-settings.py script is run first time, from "vpn ipsec options"
Trying to restart charon at that stage leads to a deadlock.
|
|
Commit 27e53fbc ("op-mode: T3619: bugfix "show interfaces" for VLANs") fixed
the op-mode command for the "show interfaces" operation, but if a user was
interested in all the ethernet or bridge interfaces, the command "show
interfaces <type> detail" did not yield any output.
The filtered_interfaces() function was further generalized to only operate on
base components and call itself recusively if required.
(cherry picked from commit 5e1f76d16332a917bfd99c6f2bffcd73e61d934d)
|
|
Commit 31169fa8a7 ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") always instantiated an object of the Ethtool class for an
ethernet object - this is right as a real ethernet interface is managed by
Ethtool.
Unfortunately the script used for "show interface" determindes the "base class"
for an interface by its name, so eth0 -> Ethernet, eth0.10 -> Ethernet. This
assumption is incorrect as a VLAN interface can not have the physical parameters
changed of its underlaying interface. This can only be done for eth0.
There is no need for the op-mode script to determine the implementation class
for an interface at this level, as we are only interested in the state of the
interface and it's IP addresses - which is a common operation valid for every
interface on VyOS.
(cherry picked from commit 27e53fbcd843c3aad27db9e97f9060ae6dfcc5ee)
|
|
(cherry picked from commit 5bde11aceffd3d7fca99e582b16555fc0c584410)
|
|
Keys are not allowed with ipip and sit tunnels
(cherry picked from commit 7e84566dedfdc532ffe05b404005daa6f21df567)
|
|
Several scripts imported by vyos-configd (including
src/conf_mode/protocols_static.py) rely on argv for operating on VRFs.
Always setting script.argv in src/services/vyos-configd ensures those
scripts will operate on the default VRF when called with no arguments.
Otherwise, a stale argv might cause those scripts to operate on the last
modified VRF instead of the default VRF.
(cherry picked from commit 3341c591ad1190f39ff3ffd475eddf5d95aef763)
|
|
nipsec: T3093: Delete temporarily generated code
|
|
This code was generated before to rewrite IPSec to XML style
And this was rewriten/fixed and used in the next 1.4 releases
So we realy don't need it in 1.3 as we use old nodes for it.
|