Age | Commit message (Collapse) | Author |
|
T5535: firewall: migrate command <set system ip disable-directed-broadcast> to firewall global-optinos (backport #3309)
|
|
pki: T6241: Fix dependency updates on PKI changes (backport #3311)
|
|
(cherry picked from commit 9f9891a209957403dfa3ae9ec2cd56d8d9eedb86)
|
|
T5734: OpenVPN check PKI DH name exists if DH configured (backport #3308)
|
|
Check if DH is configured for OpenVPN but does not exist in the
PKI section
```
set pki dh dh-correct parameters 'xxxx'
set interfaces openvpn vtun10 tls dh-params 'dh-fake'
File "/usr/libexec/vyos/conf_mode/interfaces_openvpn.py", line 208, in verify_pki
pki_dh = pki['dh'][tls['dh_params']]
~~~~~~~~~^^^^^^^^^^^^^^^^^^
KeyError: 'dh-fake'
```
(cherry picked from commit 95cd743c24c6f7720af87450312fc111649db849)
|
|
to firewall global-optinos
(cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
|
|
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt (backport #3297)
|
|
Added params for configuration red on the shaper policy
(cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
|
|
T5872: fix ipsec dhclient hook uses "exit" instead of "return" (backport #3302)
|
|
T6100: Added NAT migration from IP/Netmask to Network/Netmask (backport #3291)
|
|
Added NAT migration from IP/Netmask to Network/Netmask.
In 1.3 allowed using IP/Netmask in Nat rules.
In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask.
(cherry picked from commit 52c02ade031f165da18e6fd0542f3952f2cc9bb6)
|
|
(cherry picked from commit 840ab82e8821624aae589dec1ea86cefbcf866b7)
|
|
pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions fails (backport #3296)
|
|
T6235: Git update actions-label-merge-conflict version (backport #3300)
|
|
Update `actions-label-merge-conflict` due to `Node.js 16 actions are deprecated.`
(cherry picked from commit 7451133671989e1207299e081cd26d3f526e25f6)
|
|
T5871: ipsec remote access VPN: specify "cacerts" for client auth (backport #2708)
|
|
T6166: Tech support generation error for custom output location (backport #3242)
|
|
fails (#3296)
(cherry picked from commit 6d8336f5ad2d9c4e0f12b54681db2924d6998d2d)
|
|
(cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478)
|
|
T6222: VRRP show prefix for long rfc3768-compatibility interfaces allow prefix vrrp (backport #3292)
|
|
If we use rfc3768-compatibility with long interface names like
eth1.100.200 it converts the VRRP interface name name
to `<interface>v<VRID><IP version>`
For example `eth2.100.200v10v4`
The limit for interface name is 15 symbols and it causes that
interface name is ignoring by keepalived
VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring
And it uses the default prefix `vrrp` for such cases.
It works fine, but such interfaces are not displayed in the op-mode
Allow prefix `vrrp` for the op-mode for `show interfaces`
(cherry picked from commit 29a20ce9f9792e23137be57358ca52ddee7ac54b)
|
|
T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> (backport #3281)
|
|
firewall: T6216: replace plus symbols (allowed by IPset but not NFT) in group names with underscores (backport #3290)
|
|
errors when using character <+> in 1.3 in firewall groups and custom firewall chains.
(cherry picked from commit 36baf771b8ea52487bf6c913d2019f926acbc4f3)
|
|
in order to not allow string starting with dot character; use such constraint in firewall group definitions.
(cherry picked from commit c455a1f71674300b8a74863ddfe6e551fe8fd252)
|
|
container: T6218: fix host IPv6 link-local address for VRF networks (backport #3286)
|
|
(cherry picked from commit 6b5590ae3325320a2b6bbcb34086ddb178860160)
|
|
container: T6210: add capability sys-nice (backport #3259)
|
|
(cherry picked from commit b8f3c61ca514cacdfc2495f16869c1b1e07d2bbc)
|
|
T6199: add missing build dependency (backport #3283)
|
|
(cherry picked from commit 8e2330fed6480886cbce97cc1b541e54c5394564)
|
|
T5858: Fix op-mode format for show conntrack statistics (backport #3280)
|
|
(cherry picked from commit 13ed4f9d489dd5b8ee80c5f2fdebf1b0565e9137)
|
|
T6207: restore ability to copy config.boot.default on image install (backport #3278)
|
|
(cherry picked from commit 619e2262e77621c6110164712fed0a42f16715e3)
|
|
(cherry picked from commit 5a8be747febc13b7d3be88e8ace7ec2aa0b2ca28)
|
|
ethernet: T5862: default MTU is not acceptable in some environments (backport #3265)
|
|
There are cloud environments available where the maximum supported ethernet
MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value
or 1500 bytes - whatever is lower.
(cherry picked from commit 8296cc727066e739c178918a91cfc11d20d26fe1)
|
|
In order to lower the Ethernet default MTU we need to drop the common
defaultValue from the XML mtu-68-16000.xml.i building block. Per interface
default MTU is later overloaded by XML.
(cherry picked from commit e86761fa1307596c721c3ddf3a61d263e8f5177b)
|
|
login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX' (backport #3270)
|
|
Commit 1b364428f ("login: T5875: restore home directory permissions only when
needed") added logic to chown the users home directory if it's UID changes.
This might happen when a user account is deleted and re-added to the system.
Under rar e circumstances it was possible that the implementation triggered
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
KeyError: 'getpwuid(): uid not found: XXXX'
This has been fixed by re-arranging the code path with an additional try/except
if the PW database information could not be retrieved leading to an implicit
chown() of the home directory to the user beeing added.
(cherry picked from commit 1165bb497ec2d6d1b3b12d6c03435b0210efe9e5)
|
|
ipoe: T6205: error in migration script logic while renaming mac-address to mac node (backport #3263)
|
|
container: T6208: fix AttributeError: 'ConfigDict' object has no attribute 'upper' (backport #3272)
|
|
'upper'
Commit b30faa43c (container: T6208: rename "cap-add" CLI node to "capability")
added an AttributeError referencing an out of scope variable.
This has been fixed.
(cherry picked from commit 2463bd292f14e46fdb26116791a89ca2eb651d17)
|
|
Commit a5ccc06c0 ("ipoe: T6205: error in migration script logic while renaming
mac-address to mac node") added a conditional path into the config which could
result in the migrated config not beeing written if precondition was not met.
(cherry picked from commit 2bbded1e485614d40b2e95165629487537fd1757)
|
|
container: T6208: rename "cap-add" CLI node to "capability" (backport #3269)
|
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
(cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
|
|
mac node
The problem was introduced in [1] but the config migrator part unfortunately
was added to the wrong version [2]. As IPoE config version 0 was only active
during the 1.3 development cycle and VyOS 1.3.0 was already released with config
version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to
properly support upgrades from VyOS 1.3 -> 1.4 or newer.
1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168
2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46
(cherry picked from commit a5ccc06c08d3a9696f1c03c8d0c7de78ce1fd3c5)
|
|
T6203: remove obsoleted xml lib (backport #3255)
|
|
T6199: start validating smoketests against real CLI defaultValues (backport #3266)
|