summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-10-02T5165: Migrate policy local-route rule x destination to addressViacheslav Hletenko
Migrate policy local-route <destination|source> to node address replace 'policy local-route{v6} rule <tag> destination|source <x.x.x.x>' => 'policy local-route{v6} rule <tag> destination|source address <x.x.x.x>' (cherry picked from commit 9f7a5f79200782f7849cab72f55a39dedf45f214)
2023-09-28Merge pull request #2321 from vyos/mergify/bp/sagitta/pr-2307vyos/1.4dev1Christian Breunig
mdns: T5615: Allow controlling IP version to use for mDNS repeater (backport #2307)
2023-09-28mdns: T5615: Rename avahi-daemon config fileIndrajit Raychaudhuri
Rename avahi-daemon config file to avahi-daemon.conf.j2 to match the convention used by other config files. (cherry picked from commit 3a3123485f2ea7b253caa1c49f19c82a0eaa0b37)
2023-09-28mdns: T5615: Allow controlling IP version to use for mDNS repeaterIndrajit Raychaudhuri
This commit adds a new configuration option to the mDNS repeater service to allow controlling which IP version to use for mDNS repeater. Additionally, publishing AAAA record over IPv4 and A record over IPv6 is disabled as suggested. See: - https://github.com/lathiat/avahi/issues/117#issuecomment-1651475104 - https://bugzilla.redhat.com/show_bug.cgi?id=669627#c2 (cherry picked from commit e66f7075ee12ae3107d29efaf683442c3535e8b9)
2023-09-28Merge pull request #2319 from vyos/mergify/bp/sagitta/pr-2313Christian Breunig
T5165: Add option protocol for policy local-route (backport #2313)
2023-09-28Merge pull request #2320 from vyos/mergify/bp/sagitta/pr-2306Christian Breunig
firewall: T5614: Add support for matching on conntrack helper (backport #2306)
2023-09-28firewall: T5614: Add support for matching on conntrack helpersarthurdev
(cherry picked from commit 81dee963a9ca3224ddbd54767a36efae5851a001)
2023-09-28T5165: Add option protocol for policy local-routeViacheslav Hletenko
Add option `protocol` for policy local-route set policy local-route rule 100 destination '192.0.2.12' set policy local-route rule 100 protocol 'tcp' set policy local-route rule 100 set table '100' (cherry picked from commit 96b8b38a3c17aa08fa964eef9141cf89f1c1d442)
2023-09-28Merge pull request #2317 from vyos/mergify/bp/sagitta/pr-2305Christian Breunig
ipsec: T5606: Add support for whole CA chains (backport #2305)
2023-09-28ipsec: T5606: Add support for whole CA chainssarthurdev
Also includes an update to smoketest to verify (cherry picked from commit 1ac230548c86d3308ff5b479b79b0e64b75a0e8a)
2023-09-28Merge pull request #2315 from vyos/mergify/bp/sagitta/pr-2216John Estabrook
T5412: Add support for extending config-mode dependencies in add-on packages (backport #2216)
2023-09-27conf-mode: T5412: move dependency check from smoketest to nosetestJohn Estabrook
(cherry picked from commit 12440ea1af8e60482a6a91c1cb04dcb86d7f4a68)
2023-09-27conf-mode: T5412: add script for add-on package check of dependenciesJohn Estabrook
(cherry picked from commit 0869b91c0b15ddedd72b4d0e1475c52eb45994f0)
2023-09-27conf-mode: T5412: add support for supplemental dependency definitionsJohn Estabrook
Add support for defining config-mode dependencies in add-on packages. (cherry picked from commit d9ad551816e34f38280534ad75d267697e4f096f)
2023-09-26Merge pull request #2311 from vyos/mergify/bp/sagitta/pr-2308Christian Breunig
firewall: T5160: Remove zone policy op-mode (backport #2308)
2023-09-26Merge pull request #2312 from c-po/rpki-fixesChristian Breunig
rpki: T2044: add to daemons Jinja2 template
2023-09-26Merge pull request #2309 from vyos/mergify/bp/sagitta/pr-2302Viacheslav Hletenko
T5497: op-mode: Add generate firewall rule-resequence (backport #2302)
2023-09-26rpki: T2044: add to daemons Jinja2 templateChristian Breunig
This is a combined backport of commits: * a4aad1120 - frr: T5591: hint about daemons that always run and can't be disabled * d9d2b2b96 - frr: T5591: cleanup of daemons file * 40503a9d7 - T2044: RPKI doesn't boot properly
2023-09-26firewall: T5160: Remove zone policy op-modesarthurdev
(cherry picked from commit 9b9b37e9cbb225eaacac2ad8cb03bef735fed117)
2023-09-26T5497: op-mode: Add generate firewall rule-resequenceViacheslav Hletenko
Add op-mode command `generate firewall rule-resequence` Generates output with new sequences for firewall rules set firewall ipv4 input filter rule 1 action 'accept' set firewall ipv4 input filter rule 1 description 'Allow loopback' $ generate firewall rule-resequence start 10 step 10 set firewall ipv4 input filter rule 10 action 'accept' set firewall ipv4 input filter rule 10 description 'Allow loopback' (cherry picked from commit 7ad1e8c7d3440046dce2ffa7bcb70a38bfddc298)
2023-09-22Merge pull request #2301 from vyos/mergify/bp/sagitta/pr-2298John Estabrook
smoketest: T5607: support getting SCSI device by drive-id (backport #2298)
2023-09-22op-mode: raid: T5608: define add/delete raid memberJohn Estabrook
(cherry picked from commit 2d3f3297b575f88662495e14a7c7324ff73b6bfc)
2023-09-22op-mode: disk: T5609: add arg by-id to format diskJohn Estabrook
(cherry picked from commit 42736111facf08ac37b86e6fc3cbd395aab166bc)
2023-09-22vyos.utils: T5609: get disk device by partial idJohn Estabrook
(cherry picked from commit ede0b5b1a19c37547c19d875743e78b0278628d4)
2023-09-22Merge pull request #2291 from vyos/mergify/bp/sagitta/pr-2284Christian Breunig
bgp: T5596: add new features from FRR 9 (backport #2284)
2023-09-22Merge pull request #2299 from vyos/mergify/bp/sagitta/pr-2294Christian Breunig
T5602: Reverse-proxy add option backup for backend server (backport #2294)
2023-09-22Merge pull request #2292 from vyos/mergify/bp/sagitta/pr-2289Christian Breunig
init: T5239: configure system hostname prior to FRR startup (backport #2289)
2023-09-21T5602: Reverse-proxy add option backup for backend serverViacheslav Hletenko
A `backup` server can be defined to take over in the case of all other backends failing set load-balancing reverse-proxy backend <tag> server <tag> address '192.0.2.3' set load-balancing reverse-proxy backend <tag> server <tag> port '8883' set load-balancing reverse-proxy backend <tag> server <tag> backup (cherry picked from commit cb297aea56da91144c53be1f396b64a26a8e5b04)
2023-09-20Merge pull request #2297 from vyos/mergify/bp/sagitta/pr-2296Christian Breunig
openvpn: T5269: add a deprecation warning for shared-secret (backport #2296)
2023-09-20openvpn: T5269: add a deprecation warning for shared-secretDaniil Baturin
(cherry picked from commit 4bbbaab60d56bfd6f3a145378027642b4c47adee)
2023-09-19init: T5239: configure system hostname prior to FRR startupChristian Breunig
On first boot after an upgrade /etc/hostname and FRR configuration is not populated. FRR determines the system hostname once during startup and does not repect changes of the hostname CLI value. Thus after an upgrade of VyOS FRR started with a hostname of debian that was propagated to peers. The commit retrieves the hostname from the CLI and presets this before FRR is initially started. (cherry picked from commit ac21a4e69fac27504b62927a20d0a6a273abb034)
2023-09-19utils: T5239: add low-level read from config.bootJohn Estabrook
(cherry picked from commit 56d3f75de487c1dcfd075cf7b65cb16b6501d0ca)
2023-09-19Merge pull request #2290 from vyos/mergify/bp/sagitta/pr-2285Daniil Baturin
isis: T5597: add new features from FRR 9 (backport #2285)
2023-09-19bgp: T5596: add new features from FRR 9Christian Breunig
* Add BGP Software Version capability (draft-abraitis-bgp-version-capability) set protocols bgp neighbor 192.0.2.1 capability software-version * Add BGP neighbor path-attribute treat-as-withdraw command set protocols bgp neighbor 192.0.2.1 path-attribute treat-as-withdraw (cherry picked from commit d285355716708a46767c18661976906812da8a3c)
2023-09-19isis: T5597: add new features from FRR 9Christian Breunig
* Add support for IS-IS advertise-high-metrics set protocols isis advertise-high-metrics * Add support for IS-IS advertise-passive-only set protocols isis advertise-passive-only (cherry picked from commit f7d35c15256ea74ab32c9b978a5c6fdbd659a7a0)
2023-09-19Merge pull request #2287 from vyos/mergify/bp/sagitta/pr-2281Christian Breunig
T5594: vrrp: extend function is_ipv6_tentative (backport #2281)
2023-09-19T5594: vrrp: extend function is_ipv6_tentative to analysis all type of ipv6 ↵Nicolas Fort
address, and not only global ipv6 address. This allows to configure ipv6 link local address on vrrp hello-source-address parameter. (cherry picked from commit b6ae59354b5d69751cc7ea75e0aa4ac0070afa47)
2023-09-16Merge pull request #2267 from vyos/mergify/bp/sagitta/pr-2253Christian Breunig
T5561: nat: inbound|outbound interface should not be mandatory (backport #2253)
2023-09-16Merge pull request #2275 from c-po/sagittaChristian Breunig
frr: T2472: disable EIGRP daemon
2023-09-16frr: T2472: disable eigrp daemonChristian Breunig
There is no EIGRP support in VyOS 1.4/sagitta
2023-09-15Merge pull request #2271 from vyos/mergify/bp/sagitta/pr-2270Christian Breunig
ddclient: T5585: Fix file access mode for dynamic dns configuration (backport #2270)
2023-09-15Merge pull request #2266 from vyos/mergify/bp/sagitta/pr-2255Christian Breunig
T5575: ARP/NDP table-size isnt set properly (backport #2255)
2023-09-15Merge pull request #2265 from vyos/mergify/bp/sagitta/pr-2262Viacheslav Hletenko
op mode: T5582: Add 'force ntp synchronization' (backport #2262)
2023-09-15Merge pull request #2274 from vyos/mergify/bp/sagitta/pr-2273Christian Breunig
T5586: Disable by default SNMP for Keeplived VRRP service (backport #2273)
2023-09-15T5586: Disable by default SNMP for Keeplived VRRP serviceViacheslav Hletenko
AgentX does not work stable. From time to time we see the system service crashing/degrading if something is wrong with SNMP from util net-snmp. We should disable it by default and enable it only if configured. set high-availability vrrp snmp (cherry picked from commit 47875457cd8b176f7f23a3141175d745aeb14d8a)
2023-09-15system: T5505: T5575: support calling system-ip(v6).py from init processChristian Breunig
After commit 976f82785 ("T5575: ARP/NDP table-size isnt set properly") the system bootup process got interrupted as both system-ip.py and system-ipv6.py tried to talk to FRR which was yet not started. This has been fixed by using a conditional path to only execute when FRR service has been enabled. This is safe to do as the initial commit call will has FRR service running and the path will be executed. (cherry picked from commit 22d5cd42f082fb11060edc51128f0b246198d2c1)
2023-09-15ddclient: T5585: Fix file access mode for dynamic dns configurationIndrajit Raychaudhuri
ddclient.conf file is expected to have permission 600. We need to set the permission explicitly while creating the file. (cherry picked from commit 7a66413d6010485dd913832f54167bce38c12250)
2023-09-14T5561: nat: defining inbound|outbound interface should not be mandatory ↵Nicolas Fort
while configuring dNAT|sNAT rule (cherry picked from commit ec5437913e489f40fea6bab89a6bb5f565cd1ab7)
2023-09-14Merge pull request #2254 from vyos/mergify/bp/sagitta/pr-2245Christian Breunig
frr: T5239: fix process startup order (backport #2245)
2023-09-14T5575: ARP/NDP table-size isnt set properlyApachez
(cherry picked from commit 976f827859102a4e453b38bc6d2a628c66c9b582)