Age | Commit message (Collapse) | Author |
|
Migration for "remote-id" where peer is IPv4 or IPv6 address
was missed
It was only migration if peer starts with "@"
It cause that you must manualy set 'remote-id' to get it working
correctly
replace 'vpn ipsec site-to-site peer 192.0.2.2'
=> 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
|
|
|
|
|
|
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
|
|
op-mode: T707: remove dedicated calls to sudo in vpn_ipsec
|
|
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no
further need to also call sudo inside the script again.
|
|
op-mode: T707: explicitly use sudo when working with RAID devices
|
|
|
|
op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystem
|
|
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
|
|
|
|
Required to solve Use of team reviewers results in: "Could not resolve to a
node with the global id of..." error as mentioned by:
https://github.com/shufo/auto-assign-reviewer-by-files
|
|
Unfortunately we always used the wrong syntax.
According to https://github.com/shufo/auto-assign-reviewer-by-files
we should use: ` - team: baz`
|
|
The implementation of is_node_changed() is less error prone and should always
be favoured.
|
|
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
|
|
login: T4751: 2FA OTP key generator in VyOS CLI
|
|
T4884: snmpd: add community6 fallback
|
|
firewall: T4882: add missing ICMPv6 type names
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
4. Fixed generation dest local sections in squidGuard.conf
5. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
|
|
T4809: radvd: Allow the use of AdvRASrcAddress
|
|
routing: T1237: Add new feature failover route
|
|
This add the AdvRASrcAddress configuration option to configure
a source address for the router advertisements. The source
address still must be configured on the system. This is useful
for VRRP setups where you want fe80::1 on the VRRP interface
for cleaner VRRP failovers.
|
|
If no client and network is defined only a `community` config
is created. This also adds the `community6` part
|
|
bonding: T4878: Fixed unnecessary bonding flapping during commit
|
|
|
|
There was a mistake in a config level that caused triggering the
`shutdown_required` flag, even if there were no new interfaces added to a
bonding.
This commit sets the proper config level to avoid the problem.
|
|
Failover route allows to install static routes to the kernel routing
table only if required target or gateway is alive
When target or gateway doesn't respond for ICMP/ARP checks this route
deleted from the routing table
Routes are marked as protocol 'failover' (rt_protos)
cat /etc/iproute2/rt_protos.d/failover.conf
111 failover
ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover
$ sudo ip route show proto failover
203.0.113.1 via 192.0.2.1 dev eth0 metric 1
So we can safely flush such routes
|
|
ocserv: T4881: return vyos.opmode.Errors on failure
|
|
|
|
validators: T4798: replace python file-exists validator with file-path
|
|
validators: T4875: use file-path to replace validator 'interface-name'
|
|
|
|
|
|
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
|
|
|
|
|
|
|
|
|
|
|
|
* t4792-sstpc:
sstp: T4384: initial implementation of SSTP client CLI
pppoe: T4384: remove unused import of leaf_node_changed
pppoe: xml: T4792: split "no-peer-dns" CLI node into building block
xml: ddns: T4792: split "server" CLI node into building block
|
|
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}
|
|
|
|
|
|
|
|
|
|
This is useful in general, but we will add in this context to replace
the use of 'bytes2HR' in show_openvpn.py with util.bytes_to_human, while
maintaining compatability with original precision=1.
|
|
openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'
|
|
|
|
T4865: Fix to generate container image from the file
|
|
In case if we want generate own container image from a Dockerfile
and if it requires update or install packages in container we get
error. As it tries to use default network 'podman' and do own NAT
translations via 'iptables'. If fact we don't use iptables in 1.4
As result it cannot build such image.
Use '--net host' to fix it.
|