Age | Commit message (Collapse) | Author |
|
In CLI we can choose authentication logic:
- `mandatory` - if RADIUS answered with `Access-Reject`, authentication must
be stopped and access denied immediately.
- `optional` (default) - if RADIUS answers with `Access-Reject`,
authentication continues using the next module.
In `mandatory` mode authentication will be stopped only if RADIUS clearly
answered that access should be denied (no user in RADIUS database, wrong
password, etc.). If RADIUS is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
`optional` mode.
|
|
We need separated groups for RADIUS and TACACS+ system users because they need
to be used in PAM rules independently.
|
|
frr: T5733: enable pim6 daemon
|
|
|
|
T2405: add Git support to commit-archive (backport #2241)
|
|
(cherry picked from commit e92667504e0c503b7c0d125d89d8795d6b6d5876)
|
|
vyos@vyos# set system config-management commit-archive location
Possible completions:
uri Uniform Resource Identifier
Unfortunately URI is a bit "less" specific - add proper help strings:
vyos@vyos# set system config-management commit-archive location
Possible completions:
http://<user>:<passwd>@<host>/<path>
https://<user>:<passwd>@<host>/<path>
ftp://<user>:<passwd>@<host>/<path>
sftp://<user>:<passwd>@<host>/<path>
scp://<user>:<passwd>@<host>/<path>
tftp://<user>:<passwd>@<host>/<path>
git+https://<user>:<passwd>@<host>/<path>
(cherry picked from commit dcb277ba0aed4a02f48572d10d3ba242942b8639)
|
|
(cherry picked from commit a89243cfbfc90854a8cddd53c0ffc987f75abcee)
|
|
T4072: firewall: backport bridge firewall to sagitta
|
|
T5749: Swap show interfaces and show interfaces summary (backport #2500)
|
|
By default show VRF, MAC, MTU for `show interfaces`
The original `show interfaces` moved to `show interfacces summary`
(cherry picked from commit 056885c02b8671279808c226a759de6c5356f578)
|
|
|
|
Remove stray whitespace in sed script and call Section.interfaces with
vlan=False instead of a custom filter.
This extends commit f19c92f25 ("tunnel: T3894: fix design when building
synthetic MAC addresses")
(cherry picked from commit c8ba5dccfa9b02533c6536903ecacd3ddb04351e)
|
|
(cherry picked from commit 019723aaa4217403f1fcbcd636f573ea403f909c)
|
|
T3983: show pki certificate Doesnt show x509 certificates (backport #2495)
|
|
(cherry picked from commit 36de14913e0f4370d7c4e2828032a5378d3bba77)
|
|
pim(6): T5733: add missing FRR related features (backport #2476)
|
|
smoketest: Extend HTTP-API tests (backport #2481)
|
|
(cherry picked from commit 15b5ede2cdd65af441be6de89b8b1df6d186f874)
|
|
T5747: op-mode add show interfaces summary (backport #2491)
|
|
Add op-mode "show interfaces summary"
Add MAC, VRF and MTU options:
vyos@r4# run show interfaces summary
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u
eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN
eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1
eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2
eth3 - 52:54:00:09:a4:b4 default 1500 A/D
(cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
|
|
op-mode: vrf: T5150: add "show vrf vni" and "show vrf <name> vni" commands (backport #2490)
|
|
vyos@vyos:~$ show vrf vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
green 3000 None None Down None
red 1000 None None Down None
vyos@vyos:~$ show vrf blue vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
(cherry picked from commit 2fb763ffbc5c5babe552ec97c06570c54ea4aad8)
|
|
(cherry picked from commit 64b4cfc71d402222fd6b034336b3588b5986ba24)
|
|
(cherry picked from commit 403d2ffd6e46cb082b1d16ddf515e1784bee968c)
# Conflicts:
# data/templates/frr/pim6d.frr.j2
# interface-definitions/protocols-pim6.xml.in
# smoketest/scripts/cli/test_protocols_pim6.py
# src/conf_mode/protocols_pim6.py
|
|
(cherry picked from commit 6ce2ecb10884a4b79a7643e22596a2d03d805a91)
|
|
(cherry picked from commit dd13213ae94f071bc30cc17f5fabef02fbf95939)
|
|
IGMP and PIM are two different but related things.
FRR has both combined in pimd. As we use get_config_dict() and FRR reload it
is better to have both centrally stored under the same CLI node (as FRR does,
too) to just "fire and forget" the commit to the daemon.
"set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp"
(cherry picked from commit bc83fb097719f5c4c803808572f690fbc367b9e5)
|
|
(cherry picked from commit 45ea9ed72ee11809f69619a40ae243df562de39f)
|
|
(cherry picked from commit c5e2c25f8968c0f06a9e4e992decc46a4f690868)
|
|
Migrate CLI configuration retrival to common get_config_dict(). In addition
add new functionality to VyOS that is PIM related and already available in FRR.
(cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c)
# Conflicts:
# python/vyos/frr.py
# src/op_mode/restart_frr.py
|
|
T5732: generate firewall rule-resequence drops geoip country-code fro… (backport #2486)
|
|
(cherry picked from commit aa7a5131a5d1bd901ffdc7670a62bad8218147ab)
|
|
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper) (backport #2435)
|
|
xml: T5738: add source-address-ipv4-ipv6-multi building block (backport #2479)
|
|
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities (backport #2483)
|
|
T5729: firewall: multiple backports
|
|
terminal is missing capabilities
(cherry picked from commit 59b432b97e361f3f5670302f51881ee596afe2f8)
|
|
(cherry picked from commit dccca4307339d13e5c3ae78058194baf2fd04002)
|
|
T5728: OpenVPN server replace first_host_address to vpn_gateway (backport #2475)
|
|
Some OpenVPN clients (OpenVPN3) do not understand address of
gateway for the pushed networks. It leads that pushed routes are
not installed at all.
Replace `subnet | first_host_address` to the `vpn_gateway` to fix it
(cherry picked from commit 480711c329a38b773bb0b8f64f0e50dfc4ea4437)
|
|
parsing, and migration to valueless node for log and state matchers
|
|
op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commands (backport)
|
|
T1797: Remove vpp packages and mentions
|
|
(cherry picked from commit c0de93d37354ec89f44dde7f1b5a4c8af550a019)
|
|
Example: we should focus on JSON output and not expose XML and CSV.
(cherry picked from commit b8e9daf12eaef46747e7379042f8acd575e5b1d6)
|
|
Reduce amount of duplicated (3 times) code in op-mode scripts for ping,
traceroute and mtr.
(cherry picked from commit 7b27a20c8664460482301cc8d7554048f152485e)
|
|
(cherry picked from commit 709c578e123bcf258eba1d15842b63eb63413523)
|
|
(cherry picked from commit 07ecc0c33fb32878cac25ec84f2f3a977588f0dd)
|
|
dhclient: T5724: run user hooks using run_hookdir (backport #2472)
|