| Age | Commit message (Collapse) | Author |
|---|
|
geoip: T5636: Add geoip for policy route/route6
|
|
|
|
grub: T7327: honor "system option kernel" settings during image upgrade
|
|
When performing an image upgrade and Linux Kernel command-line option that
should be passed via GRUB to the Linux Kernel are missing on the first boot.
This is because when generating the GRUB command-line via the op-mode scripts
the CLI nodes defining the options are not honored.
This commit re-implements the code-path in op-mode which generates the strings
passed via GRUB to the Linux Kernel command-line.
NOTE: If (for a yet unknown reason) a Kernel command-line option string changes
during a major - or minor - upgrade of the Linux Kernel, we will need to adapt
that logic and possibly call a helper from within the NEW updated image rootfs.
Thus we can ship future information back into the past like the "Grays Sports
Almanac" from Back to the Future Part II.
|
|
kea: T7281: Add ping-check, use built-in option for classless static routes
|
|
ids: T7241: remove Fastnetmon from the base system
|
|
It will eventually be moved to an addon
|
|
|
|
Some unused import statements sneaked into the codebase.
This is about cleaning them up
|
|
dns: T7277: fix service/dns/forwarding/dhcp not parsed
|
|
Fix the IPsec log level option processing
set vpn ipsec log level '2'
Render Jinja2 template to generate correct log for IPsec for
the file /etc/strongswan.d/charon-systemd.conf
|
|
login: T7159: limit the "not a production version" to dev builds
|
|
(as in, display it only if the build_type version data field is not "release")
|
|
When using the VyOS internal PKI subsystem to request a certificate using ACME,
the issuer CA is not automatically imported in the PKI subsystem on the first
run due to a race condition.
Issue is fixed by adding all newly requested and granted ACME certificates to
the list of ACME certificates "on disk" which are used to extract the issuing
CA certificate.
|
|
|
|
T7278: Remove cracklib hack from postconfig script template
|
|
|
|
|
|
|
|
* bgp: T7157: Allow using route-maps for VRF route leaking in BGP
Added the possibility of using route-map in route leaking.
* Improve the constraint error message
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
|
|
|
|
|
|
T7219: Add check for remote and group command to verify
|
|
T7092: Add Container Registry Mirror
|
|
|
|
|
|
wireguard: T7166: Call vxlan dependency if interface exist
|
|
|
|
* wlb: T7196: Migrate interface wildcards to nftables format
* wlb: T7196: Fix exclude/interface verify check
* wlb: T7196: Extra sanity check on ipv4 address function
|
|
* snmp: T7180: Fixed verification of engineid in snmpv3
EngineID must be configured if snmpv3 user is configured.
Fixed engineid help string.
|
|
T7171: Add dstport option to GENEVE tunnels
|
|
|
|
bond: T7191: fix error message when member interface is used multiple times
|
|
bridge: T7192: do not allow a member interface to be used multiple times
|
|
When configuring
set interfaces bridge br10 member interface eth1
set interfaces bridge br20 member interface eth1
commit
Checking the interface assignment afterwards shows
242: br20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 62:34:3a:8a:fe:49 brd ff:ff:ff:ff:ff:ff
[edit]
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br20 state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:b3:cd:ba brd ff:ff:ff:ff:ff:ff
altname enp0s19
altname ens19
The later addition wins and the CLI reports eth1 is assigned to br20 "master
br20". A member interface can not be used multiple times.
|
|
Sharing the same physical interface among multiple bond interfaces causes
information to be lost within the error message
set interfaces bonding bond10 member interface eth1
set interfaces bonding bond10 member interface eth2
set interfaces bonding bond20 member interface eth1
set interfaces bonding bond20 member interface eth2
commit
Results in:
[ interfaces bonding bond10 ]
Can not add interface "eth1" to bond, it is already a member of bond
"b"!
[[interfaces bonding bond10]] failed
[ interfaces bonding bond20 ]
Can not add interface "eth1" to bond, it is already a member of bond
"b"!
It should infact output the full name of the bond interface.
|
|
|
|
T7136: sflow check listen address for the vrf
|
|
Add check list to VRF address for the sFlow agent address
|
|
|
|
Some systemd services are re-used over multiple configuration files. Keep a
single source of the real systemd names and only reference them by dictionary
keys.
|
|
Rsyslog supports individual VRFs per omfwd remote entry - so we should support
this, too.
|
|
The previously "global" options actually were only relevant for the local
logging to /var/log/messages.
|
|
Move "global preserve-fqdn" one CLI level up, as it relates to all logging
targets (console, global and remote).
|
|
|
|
|
|
|
|
T4930: Allow WireGuard peers via DNS hostname
|
|
T6641: Add vyos-network-event-logger Service
|
