Age | Commit message (Collapse) | Author |
|
With long lease time for example lease '4294967295' seconds
it is impossible to get end lease as value is 'ends never;'
It cause error to get timestamp() from 'ends never' and remaining
time 'lease.end - datetime.utcnow()'
Set default remaining and end lease to '-' if we cannot get this
info
|
|
|
|
This will check if mirror/redirect is present on a QoS interface and use `vyos.configdep` module to update the interface again after QoS is applied.
|
|
IPoE-server 'interface ethX vlan xxx' (aka vlan-mon) must not be
used with 'interface ethX client-subnet'
So instead of shared pool accel-ppp uses the same pool for each
dynamically added VLAN
eth1 client-subnet '192.0.2.0/24'
eth1 vlan '2000-2021'
It cause this issue:
eth1.2000 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
eth2.2001 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
Only named pools with vlan option must be used.
|
|
|
|
|
|
Lift the amount of allowed open file descriptors for the FRR process tree.
Required if there are hundreds to thousands interfaces on a system.
|
|
|
|
|
|
graphql: T5040: generate schema on installation, rather than dynamically
|
|
|
|
ipsec: T4916: Fixed migrations script
|
|
* removed unused `re` from imports
* replaced `return_value()` to `return_values()` for `remote-address`
because this is a multi-value configuration node
|
|
|
|
|
|
Schema had been dynamically generated, based on configuration setting
for authentication. Add nullable field 'key' for static generation of
schema regardless of key/token use.
|
|
T5037: Firewall: Add queue action and options to firewall
|
|
Ability setting container hostname
This host name is used as /etc/hostname
set container name <tag> host-name 'mybox'
|
|
|
|
T4977: Add Babel routing protocol support
|
|
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
|
|
T5033: Ability to generate muliple keys from a file or link
|
|
|
|
Renamed local function to be identical to 1.3 ver
Changed error messages after commit to be identical to 1.3 ver
|
|
T4790: Added check of the sum of radius timeouts
|
|
We generate only one public key (string) from a file xxx.pub
op-mode with 'generate public-key-command user vyos lik_to_key_file'
Add ability to generate configuration (from op-mode) for multiple keys
As github keys don't use identifiers, generate uuid4 id for them
|
|
|
|
This commit adds a script to run user-defined hook scripts upon renewing
a DHCP lease. This can be used to, for example, dynamically define a
firewall address-group based on the dynamic IP address of an interface.
For an example of its use (as well as the use case I had in mind while
coding this), see https://vyos.dev/T2196#142394
Co-authored-by: br <git@ibeep.com>
|
|
Tunnel interface multicast settings can be "enabled or disabled". As we prefer
valueless nodes, and the linux kernel default is "disabled" we should add a
set interfaces tunnel tunXX enable-multicast
command
|
|
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13
DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
|
|
|
|
|
|
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
|
|
1. Changed reset IPSEC, IKE SAs to use vici library.
2. Created package vyos.ipsec to communicate with vici library.
|
|
T5013: Extend accelppp op-mode script to get statistic
|
|
Fix timezones completion help and validotor
Use 'timedatectl' insted of find zoneinfo
|
|
|
|
ipsec: T4593: Remove references to deleted variables
|
|
|
|
T5020: Extend openvpn op-mode to get list of configured clients
|
|
As we have the same variable name 'default_values' for container
name, port and volume, it rewrites default container parameters
with default port parameters
Fix it
|
|
Extend openvpn.py op-mode script to get list of configured clients
for the '--raw' output
|
|
Extend accelppp.py op-mode script to get
subnet/start/stop/gateway/client_ip_pool/ etc
info from the configuration
|
|
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
|
|
ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes
|
|
Not supported with swanctl
|
|
|
|
|
|
Fixed 'reset vpn ipsec-peer {peer}' command.
The op-mode script uses value 'None' in the 'tunnel' parameter
to clear all CHILD SAs.
|
|
|