Age | Commit message (Collapse) | Author |
|
Add ability to configure multiple SSL certificates for
frontend/service
set load-balancing reverse-proxy service web mode http
set load-balancing reverse-proxy service web port 443
set load-balancing reverse-proxy service web ssl certificate cert1
set load-balancing reverse-proxy service web ssl certificate cert2
|
|
T5778: dhcp server: fix op-mode command
|
|
T5775: firewall: re-add state-policy to firewall. These commands are …
|
|
image-tools: T5758: restore saving previous data on install
|
|
Restore scanning previous installations for config data and ssh host
keys on install.
|
|
T160: add NAT64
|
|
- Update the base (rebase)
- Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i
- Delete unwanted `write_json`, use `write_file` instead
- Remove unnecessary deleting of default values for tagNodes T2665
- Add smoketest
Example:
```
set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 address '192.168.122.10/24'
set interfaces ethernet eth2 address '2001:db8::1/64'
set nat64 source rule 100 source prefix '64:ff9b::/96'
set nat64 source rule 100 translation pool 10 address '192.168.122.10'
set nat64 source rule 100 translation pool 10 port '1-65535'
```
|
|
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
T5779: conntrack: Apply fixes to <set system conntrack timeout custom>
|
|
accel-ppp: T5688: Fixed migration script for pppoe-server
|
|
Fixed migration script for pppoe-server
|
|
Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6.
|
|
accel-ppp: T5688: Standardized pool configuration in accel-ppp
|
|
Standardized pool configuration for all accel-ppp services.
1. Only named pools are used now.
2. Allows all services to use range in x.x.x.x/mask
and x.x.x.x-x.x.x.y format
3. next-pool can be used in all services
2. Allows to use in ipoe gw-ip-address without pool configuration
which allows to use Fraimed-IP-Address attribute by radius.
3. Default pool name should be explicidly configured
with default-pool.
4. In ipoe netmask and range subnet can be different.
|
|
ddclient: T5791: Simplify and fix migration script for dynamic dns
|
|
Mark 'dns dynamic name' as tag node to avoid unexpected nesting.
|
|
vti: T5769: restore interface settings on down -> up event
|
|
ddclient: T5791: Update dynamic dns configuration path for consistency [followup]
|
|
|
|
On VTI interface link down the link-local IPv6 address is removed. As soon as
the IPSec tunnel is online again, vti-up-down helper is called which only places
the interface in up state using iproute2 command
sudo ip link set vti0 up
This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly
re-initialize the VTI interface using the generic update() method.
|
|
T5796:add/fixed OCSERV HTTP security headers
|
|
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` [followup]
|
|
`/etc/avahi` technically can be deleted since we operate with
avahi-daemon configuration in `/run/avahi-daemon`.
But we still need to keep `/etc/avahi/services` because avahi-daemon
`chroot` to that location at startup. This is setup at build time via
`AVAHI_CONFIG_DIR` and there is no way to change it at runtime.
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc`
|
|
`/etc/avahi` can be deleted since we operate with avahi-daemon
configuration in `/run/avahi-daemon`.
|
|
ddclient: T5791: Update dynamic dns configuration path for consistency
|
|
policy: T4704: Allowed to set metric (MED) to (+/-)rtt
|
|
|
|
|
|
As followup to interface definition change, remove XML snippets that
aren't used anymore. They were there because they were 'include'-ed
multiple times in the interface definition `dynamic-dns.xml.in`. Since
that's not the case anymore, they can be removed.
|
|
Modify the configuration path to be consistent with the usual dialects
of VyoS configuration (wireguard, dns, firewall, etc.)
This would also shorten the configuration path and have a unified
treatment for RFC2136-based updates and other 'web-service' based updates.
While at it, add support for per-service web-options. This would allow
for probing different external URLs on a per-service basis.
|
|
|
|
Allowed to set metric (MED) to (+/-)rtt in the route-map.
|
|
image-tools: T5789: copy ssh host keys on image update
|
|
|
|
http-api: T5782: use single config-mode script for https and http-api
|
|
image-tools: T5751: allow non-interactive add/delete image
|
|
|
|
|
|
|
|
|
|
|
|
*pool* empty, this means that lease was granted by fail-over server. Also fix issue that <show dhcp server leases state all> print nothing.
|
|
vyos.utils: T5749: fix get_vrf_members() call to iproute2
|
|
The iproute2 master argument is used for both a VRF and a bridge device. Using
this in the VRF context would retrieve and report back the wrong interfaces:
Old implementation:
===================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
['eth1', 'eth2', 'vxlan1']
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
The new implementation:
=======================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
[]
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
|
|
|
|
smoketest: T5783: check for any abnormal daemon termination
|
|
image-tools: T4516: exit grub-update service if running in docker
|
|
|