Age | Commit message (Collapse) | Author |
|
login: T4751: 2FA OTP key generator in VyOS CLI
|
|
T4884: snmpd: add community6 fallback
|
|
firewall: T4882: add missing ICMPv6 type names
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
4. Fixed generation dest local sections in squidGuard.conf
5. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
|
|
T4809: radvd: Allow the use of AdvRASrcAddress
|
|
routing: T1237: Add new feature failover route
|
|
This add the AdvRASrcAddress configuration option to configure
a source address for the router advertisements. The source
address still must be configured on the system. This is useful
for VRRP setups where you want fe80::1 on the VRRP interface
for cleaner VRRP failovers.
|
|
If no client and network is defined only a `community` config
is created. This also adds the `community6` part
|
|
bonding: T4878: Fixed unnecessary bonding flapping during commit
|
|
|
|
There was a mistake in a config level that caused triggering the
`shutdown_required` flag, even if there were no new interfaces added to a
bonding.
This commit sets the proper config level to avoid the problem.
|
|
Failover route allows to install static routes to the kernel routing
table only if required target or gateway is alive
When target or gateway doesn't respond for ICMP/ARP checks this route
deleted from the routing table
Routes are marked as protocol 'failover' (rt_protos)
cat /etc/iproute2/rt_protos.d/failover.conf
111 failover
ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover
$ sudo ip route show proto failover
203.0.113.1 via 192.0.2.1 dev eth0 metric 1
So we can safely flush such routes
|
|
ocserv: T4881: return vyos.opmode.Errors on failure
|
|
|
|
validators: T4798: replace python file-exists validator with file-path
|
|
validators: T4875: use file-path to replace validator 'interface-name'
|
|
|
|
|
|
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
|
|
|
|
|
|
|
|
|
|
|
|
* t4792-sstpc:
sstp: T4384: initial implementation of SSTP client CLI
pppoe: T4384: remove unused import of leaf_node_changed
pppoe: xml: T4792: split "no-peer-dns" CLI node into building block
xml: ddns: T4792: split "server" CLI node into building block
|
|
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}
|
|
|
|
|
|
|
|
|
|
This is useful in general, but we will add in this context to replace
the use of 'bytes2HR' in show_openvpn.py with util.bytes_to_human, while
maintaining compatability with original precision=1.
|
|
openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'
|
|
|
|
T4865: Fix to generate container image from the file
|
|
In case if we want generate own container image from a Dockerfile
and if it requires update or install packages in container we get
error. As it tries to use default network 'podman' and do own NAT
translations via 'iptables'. If fact we don't use iptables in 1.4
As result it cannot build such image.
Use '--net host' to fix it.
|
|
T4868: Fix l2tp ppp IPv6 options in template and config get dict
|
|
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool
As we can get addresses via RADIUS attributes:
- Framed-IPv6-Prefix
- Delegated-IPv6-Prefix
|
|
T4117: Fix for L2TP DAE CoA server configuration
|
|
Fix l2tp dae server template and python config dict for correctlly
handling Dynamic Authorization Extension server configuration
|
|
T4862: Added the generation config for webproxy domain-block
|
|
Added the generation in the config file /etc/squid/squid.conf
for command: set service webroxy domain-block <domain>
|
|
T4861: Openconnect replace restart to reload-or-restart
|
|
Every change in openconnect restarts the ocserv.service
Replace "restart" to "reload-or-restart" to avoid disconnect
clients during change configs
|
|
T4860: Verify if mode in openconnect ocserv dict
|
|
T4854: Route reflector allows to apply route-maps
|
|
T4848: Fix for default route vpn openconnect
|
|
T4804: Add check for PPPoE server and use defaults values
|
|
openconnect authentication mode must be set
check dict that 'mode' exists in openconnect authentication
|
|
We check if local_users is None
Check also and empty dict
{'access_concentrator': 'vyos-ac',
'authentication': {'local_users': {},
|
|
ocserv template expects list of routes but gets str "default"
it cause wrong routes like:
route = d
route = e
route = f
route = a
route = u
route = l
route = t
Fix it
|