Age | Commit message (Collapse) | Author |
|
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check (backport #3212)
|
|
(cherry picked from commit 24d0400b9c55cadef1eb99b3e84a363dd6ad5033)
|
|
(cherry picked from commit 84b6f6bcf59d526c35928c974e3f2d03c4d5ec06)
|
|
(cherry picked from commit 85e5ccbab85c8ded426896d61bcf64d329768f2c)
|
|
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
|
|
system: T6193: invalid warning "is not a DHCP interface but uses DHCP name-server option" (backport #3223)
|
|
dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domains (backport #3224)
|
|
name-server option"
This fixes an invalid warning when using a DHCP VLAN interface to retrieve the
system nameserver to be used. VLAN CLI config is not properly expanded
leading to a false warning:
[ system name-server eth1.10 ]
WARNING: "eth1.10" is not a DHCP interface but uses DHCP name-server option!
(cherry picked from commit 61e70c5500ad5b0a9d25bdee28d982644bad6461)
|
|
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which
was present to update /etc/resolv.conf with the DHCP specified nameservers and
also the search domain list was no longer present.
This commit adds a per interface rendered script to inform vyos-hostsd about
the received IPv6 nameservers and search domains.
(cherry picked from commit ece425f0191762638b7c967097accd8739e9103d)
|
|
T6178: Check that certificate exists during reverse-proxy commit (backport #3222)
|
|
(cherry picked from commit 320fe827b4842b0c0da1ec5fee3d41a5730334d5)
|
|
accel-ppp: T6187: use correct CPU counts adjusted for SMT (backport #3218)
|
|
(cherry picked from commit 6927c0b622c8feaece907944bae3d4724f1e55a0)
|
|
bgp: T6106: Valid commit error for route-reflector-client option defined in peer-group (backport #3213)
|
|
image-tools: T6186: simplify image annotations fixing regression (backport #3215)
|
|
(cherry picked from commit 1f0c33c00118c42fc2796d99aff94c428f434d4a)
|
|
peer-group
changed exception condition
Improved route_reflector_client test
(cherry picked from commit 84f05b1dd41bea5de16d707aa77a467f8d499323)
|
|
dhcp-server: T4718: Listen-address is not commited if the IP address is on the interface with a VRF
|
|
openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" for every client connection (backport #3198)
|
|
for every client connection
Don't show duplicate info of vtunx
show header when clints is not connected but server is configured
(cherry picked from commit 66a009f367f8bf274eac9a4d4e1f4f8911c85872)
|
|
T6121: Extend config-sync for QoS and system options (backport #3193)
|
|
T5832: VRRP allow set interface for exluded-address (backport #3200)
|
|
Ability to set interface for `excluded-address`
The excluded-addresses are not listed in the VRRP packet (adverts packets).
We have this ability for `address`, add the same feature for the
excluded-address
```
set high-availability vrrp group GRP-01 excluded-address 192.0.2.202 interface 'dum2'
set high-availability vrrp group GRP-01 excluded-address 192.0.2.203 interface 'dum3'
```
(cherry picked from commit 0daf445abcd00446da21fe0220d41d5fdde95ebd)
|
|
T5872: ipsec remote access VPN: support dhcp-interface. (backport #2965)
|
|
ipsec: T5606: T5871: Use multi node for CA certificates (backport #3202)
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
(cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
|
|
(cherry picked from commit 679b78356cbda4de15f96a7f22d4a98037dbeea4)
|
|
(cherry picked from commit 92012a0b3db8e93b10db4137414073f0371ed8cc)
|
|
(cherry picked from commit cd8ef21f280f726955f537132e3fab2bcb3c286f)
|
|
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
|
|
grub: T4516: correct a format string (backport #3201)
|
|
(cherry picked from commit 74e502c16109b8d6d197751fc63ac5a32ff44404)
|
|
op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interface (backport #3194)
|
|
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service"
with no additional information about a client interface at all.
This results in useless dhclient processes
root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d
root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script
root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 -
Which also assign client leases to all local interfaces, if we receive one
valid DHCPOFFER
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
eth0 - 00:50:56:bf:c5:6d default 1500 u/u
eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u
eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u
172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses.
This commit moved the renew command to the DHCP op-mode script to properly
validate if the interface we request a renew for, has actually a dhcp address
configured. In additional this exposes the renew feature to the API.
(cherry picked from commit 7dbaa25a199a781aaa9f269741547e576410cb11)
|
|
Extent the service config-sync for sections:
- qos interface
- qos policy
- system conntrack
- system flow-accounting
- system option
- system sflow
- system static-host-mapping
- system sysctl
(cherry picked from commit 9d5ad172034ae510288b11313d307f0a24bb4b7d)
|
|
interface with vrf
|
|
bgp: T6106: fix test and verify() (backport #3190)
|
|
(cherry picked from commit 2ba435fa4bc8a5c9b2285fb9215ebc582bfb5fdf)
|
|
xml: T5738: use common constraint include for container network (backport #3181)
|
|
config-sync: T6145: batch section requests for commit by priority (backport #3172)
|
|
(cherry picked from commit 50e9364575481335520f50dac834c74ef02ccfab)
|
|
ospf: T6066: can not define the same network in different areas (backport #3185)
|
|
container: T6062: add image name completion helper (backport #3182)
|
|
Users can not (FRR fails) commit the same network belonging to different OSPF
areas. Add verify() check to prevent this.
(cherry picked from commit c6d8d9c012da1a7566eec2dff70385457f073e64)
|
|
(cherry picked from commit 37a4fdf229a7ab74718655f1d6e35fd94e5ad69a)
|
|
(cherry picked from commit 6be463fcca574e051420ae7549bed72e74486470)
|
|
bgp: T6106: Show complete FRR output on internal errors (backport #3151)
|
|
grub: T6165: increase service TimeoutSec from 5 -> 60 (backport #3179)
|
|
The PCEngines APU2 systems with mSATA disks tend to be very slow. This results
in a service startup error:
$ systemctl status vyos-grub-update
× vyos-grub-update.service - Update GRUB loader configuration structure
Loaded: loaded (/lib/systemd/system/vyos-grub-update.service; enabled; preset: enabled)
Active: failed (Result: timeout) since Sun 2024-03-24 08:48:10 UTC; 14min ago
Main PID: 779 (code=killed, signal=TERM)
CPU: 869ms
Mar 24 08:48:05 LR4.wue3 systemd[1]: Starting vyos-grub-update.service - Update GRUB loader configuration structure...
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: start operation timed out. Terminating.
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: Main process exited, code=killed, status=15/TERM
Mar 24 08:48:10 LR4.wue3 systemd[1]: vyos-grub-update.service: Failed with result 'timeout'.
Mar 24 08:48:10 LR4.wue3 systemd[1]: Failed to start vyos-grub-update.service - Update GRUB loader configuration structure.
Measunring on an APU2 system after boot and memory is "hot", it still needs
almost 17 seconds to complete the job
cpo@LR4.wue3:~$ time sudo /usr/libexec/vyos/system/grub_update.py
real 0m16.803s
user 0m0.018s
sys 0m0.028s
(cherry picked from commit 5a12645cb25fb23f2195db1e2e977a69d0788d01)
|
|
vti: T6085: bring VTI interfaces up only when the IPsec tunnel is up (backport #3157)
|