Age | Commit message (Collapse) | Author |
|
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
(cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
|
|
|
|
|
|
Adds support for `ip -6 rule` policy based routing.
Also, extends the existing ipv4 implemenation with a
`destination` key, which is translated as
`ip rule add to x.x.x.x/x` rules.
https://phabricator.vyos.net/T4151
|
|
(cherry picked from commit 122c7a53575f67759f157e02eca776f799658dc1)
|
|
interface
It is impossible for the OS kernel to distinguish multiple GRE tunnels when no
"gre key" is configured when sourcing tunnels from the same interface.
(cherry picked from commit 6f1326d6b68f6dcb83843374c876407ef2922bd1)
|
|
We always mangled and worked on the "ip rule" singleton even when nothing
needed to be changed. This resulted in a VRF hickup when the same VRF was added
and removed multiple times.
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
delete interfaces ethernet eth1 vrf
delete vrf
commit
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
broke reachability on eth1 - a reboot was required.
This change will now only alter the ip rule tables once when VRF instances
are created for the first time and will not touch the Kernel "ip rule"
representation afterwards.
(cherry picked from commit 2cec431e5caf9df85640f707cd6dc3077c17c238)
|
|
Verify section conntrack_sync.py funciton 'is_addr_assigned'
should checks address as string not as list
|
|
OpenVPN can't start if it depends on VRRP virtual-address as
virtual-address is not yet assigned by HA (openvpn and ha
in one commit) as we have checks "if address assigned"
It depends on commit priorities:
460 interfaces/openvpn
800 high-availability
Replace check if local-host address assigned from raise ConfigError
to print (just notification)
Allow to bind OpenVPN service to nonlocal address
|
|
|
|
(cherry picked from commit 11a900e706db59459314622050ced7d4117f090b)
|
|
|
|
Allow setting ipv6-link-local addresses as peer address for
wireguard interfaces
Add validator "ipv6-link-local"
|
|
squid: T3299: Add listen address 0.0.0.0
|
|
(cherry picked from commit 5a73c946000902f6e445b0803ca090f7fc6e0954)
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
(cherry picked from commit 2a279f48e208b90c91eac5d6c5855e65cee39018)
|
|
(cherry picked from commit 1a74e6b3ce061f3c866bcb3f119ee5c73b0c6796)
|
|
In case if a CLI configuration is not available, dhclient cannot add
nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that
an interface be listed in the `set system name-server` option.
This commit introduces two changes:
* `vyos-hostsd` service will not be started before Cloud-Init fetch all
remote data. This is required because all meta-data should be available
for Cloud-Init before any of VyOS-related services start since it is
used for configuration generation.
* the `vyos-hostsd-client` in the `dhclient-script` will be used only if
the `vyos-hostsd` is running. In other words - if VyOS services already
started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other
cases - does this directly.
These changes should protect us from problems with DHCP during system
boot if DHCP is required by third-party utils.
|
|
l2tp-server: T4117: Add dae-server configuration to template
|
|
(cherry picked from commit d2ca2ac1cf9cacd44a04fbb6da9a884c23f043f6)
|
|
|
|
(cherry picked from commit a70a4001fe0b3a91a7d86191ff32dcc7205d2eae)
|
|
(cherry picked from commit 4aaf0ba69139d84f89e5c3feee6edd845af8d1e5)
|
|
After rewriting conntrack-sync to XML/python, part of op-mode
parameters was missed
Add "status" and "statistics" for conntrack-sync
|
|
|
|
(cherry picked from commit 55f8ede2d09a9ad095f9ec5c2a729f8c5fb6aafa)
|
|
|
|
(cherry picked from commit 45d2429aa5d2ffafacdc5d9d00b7097169592427)
|
|
|
|
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
|
|
(cherry picked from commit 92c4cc5e1248b3c7ffda03e23eeb21e2073ba7f0)
|
|
(cherry picked from commit 30311db5a00c78872c9ad9b29e7081e0d81a5362)
|
|
(cherry picked from commit c3471fe9d4cf0aab46feae94618925a95bcd5411)
|
|
expose OS
(cherry picked from commit 9ccc353893a3a9a1dc7dfd59463d34449bf05afb)
|
|
(cherry picked from commit 86ab3b7dad7f2ad2c39a8b110e4a845195cda32e)
|
|
|
|
|
|
|
|
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
|
|
in __init__"
This reverts commit f168e409acb314d1c15a4343643be7c07ce79b44.
|
|
(cherry picked from commit d7f0cbdc102a1186cec80d0ebf29b8f4ef415435)
|
|
|
|
... thus we simply read the configuration the first time it really becomes
necessary and a message requireing the data needs it actually.
(cherry picked from commit bcfe967f607a83192d75c01e7f414655891eec60)
|
|
|
|
(cherry picked from commit bb77dd269bfb9522f5b56ac027598ac20e101f13)
|
|
(cherry picked from commit 001cc6655f1864a46b573dae13c8f33bbf224239)
|
|
Validator expects variable "script" for the Warning message
But it gets undeclared "path"
(cherry picked from commit b6fbe6d3a5e8de4f90aa9fba61ca7491f9959ed0)
|
|
While mangling the config dict retrieved via get_config_dict() into a private
representation of a configuration dictionary sync-groups were never accounted
for. Instead everything always ended up in the regular vrrp transition-script
section.
The implementation has been changed to directly work on the content of
get_config_dict() to stop any confusion and making redundant data copies
obsolete.
(cherry picked from commit 025f0609cea8591e93b8cb4a7d0256e43e23323b)
|
|
After commit ae16a51506c ("configquery: T3402: use vyatta-op-cmd-wrapper to
provide environment") we can now call VyOS op-mode commands from arbitrary
Python scripts.
(cherry picked from commit 4683223c8ffcb10470f7a8a2eb48d57773ac73df)
|