| Age | Commit message (Collapse) | Author |
|---|
|
T5063: IPoE-server ethX vlan must not be used with client-subnet
|
|
IPoE-server 'interface ethX vlan xxx' (aka vlan-mon) must not be
used with 'interface ethX client-subnet'
So instead of shared pool accel-ppp uses the same pool for each
dynamically added VLAN
eth1 client-subnet '192.0.2.0/24'
eth1 vlan '2000-2021'
It cause this issue:
eth1.2000 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
eth2.2001 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
Only named pools with vlan option must be used.
|
|
T5066: Fix GRE tunnel variable name which checks keys
|
|
|
|
Lift the amount of allowed open file descriptors for the FRR process tree.
Required if there are hundreds to thousands interfaces on a system.
|
|
op-mode: T5051: use Literal types to provide op-mode CLI choices and API enums
|
|
T5057: Fix IPoE regex Jinja2 for interface
|
|
T5058: Extend template filter range_to_regex to allow list as arg
|
|
Fix incorrect regex '\d+' when used vlan ranges
For example 'ipoe-server interface eth1 vlan 2000-3000'
- replace 'interface=re:eth1\.\d+'
=> 'interface=re:^eth1\.(200\d|20[1-9]\d|2[1-9]\d{2}|3000)$'
|
|
Extend template filter 'range_to_regex'
Allow list of ranges as argument
% range_to_regex(['11-12', '14-15'])
'(1[1-2]|1[4-5])'
|
|
T5056: Fix IPoE server template for vlan-mon
|
|
After rewriting IPoE server for config.dict the ipoe.config.j2
template wasn't changed for 'vlan-mon' section
Fix it
|
|
Not all interfaces have valid entries in the speed file. PPPoE interfaces have
the appropriate speed file, but you can not read it:
cat: /sys/class/net/pppoe7/speed: Invalid argument
|
|
|
|
|
|
|
|
graphql: T5040: generate schema on installation, rather than dynamically
|
|
|
|
ipsec: T4916: Fixed migrations script
|
|
* removed unused `re` from imports
* replaced `return_value()` to `return_values()` for `remote-address`
because this is a multi-value configuration node
|
|
login: T5039: catch error on 'my_set' for auth plaintext-password
|
|
login: T5039: Support hashing rounds in `encrypted-password` values
|
|
|
|
Since glibc 2.7, the SHA-256 and SHA-512 implementations support
a user-supplied number of hashing rounds, defaulting to 5000. If
the "$id$" characters in the salt are followed by "rounds=xxx$",
where xxx is an integer, then the result has the form
$id$rounds=yyy$salt$encrypted
where yyy is the number of hashing rounds actually used. The
number of rounds actually used is 1000 if xxx is less than 1000,
999999999 if xxx is greater than 999999999, and is equal to xxx
otherwise.
|
|
|
|
Since 'key' field is no longer required, a missing key will register an
error in the resolver, instead of being rejected as bad request.
|
|
|
|
For type introspection of op-mode scripts, scripts are loaded as
modules. For generation of schema from type introspection, it is useful
to load scripts during package installation, hence to fail gracefully if
not on live system.
|
|
Schema had been dynamically generated, based on configuration setting
for authentication. Add nullable field 'key' for static generation of
schema regardless of key/token use.
|
|
policy: T5035: Add more actions to policy route rule
|
|
|
|
|
|
T5037: Firewall: Add queue action and options to firewall
|
|
T4967: Allow setting container hostname
|
|
Ability setting container hostname
This host name is used as /etc/hostname
set container name <tag> host-name 'mybox'
|
|
|
|
|
|
T4977: Add Babel routing protocol support
|
|
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
|
|
T5033: Ability to generate muliple keys from a file or link
|
|
openvpn: T4770: fix tabulate output in _format_openvpn
|
|
|
|
op-mode: T4952: use list_interfaces from vyos-utils
|
|
|
|
openconnect: T4955: Renamed function and changed error messages
|
|
Renamed local function to be identical to 1.3 ver
Changed error messages after commit to be identical to 1.3 ver
|
|
T4790: Added check of the sum of radius timeouts
|
|
We generate only one public key (string) from a file xxx.pub
op-mode with 'generate public-key-command user vyos lik_to_key_file'
Add ability to generate configuration (from op-mode) for multiple keys
As github keys don't use identifiers, generate uuid4 id for them
|
|
|
|
This commit adds a script to run user-defined hook scripts upon renewing
a DHCP lease. This can be used to, for example, dynamically define a
firewall address-group based on the dynamic IP address of an interface.
For an example of its use (as well as the use case I had in mind while
coding this), see https://vyos.dev/T2196#142394
Co-authored-by: br <git@ibeep.com>
|
