| Age | Commit message (Collapse) | Author |
|---|
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
|
|
T6143: Increase configuratble timeout range for service config-sync
|
|
The maximum timeout for the `service config-sync` is 300 seconds
(Connection API timeout). It could not be enough for the real massive
configurations.
Increase the maximum value to 3600
```
set service config-sync secondary address 192.0.2.1
set service config-sync secondary timeout 3600
```
|
|
qos: T1871: add MTU option when configure limiter traffic-policy
|
|
T5996: selectively escape and restore single backslashes in config
|
|
T6138: Fix op-mode show conntrack table with flowtable offloads
|
|
The op-mode command `show conntrack table ipv4` fails if gets a
conntrack entrie with `flowtable` offload. Those entries do not
have key `timeout`
```
File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output
timeout = meta['timeout']
~~~~^^^^^^^^^^^
```
Use the timeout `n/a` for those offload conntrack entries
|
|
T6127: Fixed show log firewall for rule with offload
|
|
T6136: add error checks when using dynamic firewall groups
|
|
|
|
|
|
|
|
|
|
|
|
add mtu to default and specified class
update smoke test
|
|
op-mode: T6133: add support to manually trigger commit-archive update
|
|
Automatic update of the remote commit-archive could fail under certian
circumstances, add an op-mode command to manually trigger the update:
cpo@LR1.wue3# run force commit-archive
Archiving config...
git+https://git.FOOO.de/cpo/vyos-config-backup [edit]
|
|
policy: T6129: add route-map option "as-path exclude all"
|
|
T6133: append domain-name to commit-archive if defined
|
|
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
|
|
conntrack: T4022: add RTSP conntrack helper
|
|
T6121: Extend service config-sync to new sections
|
|
T6090: policy: fix migration script
|
|
occurs also if only <policy route> is defined.
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s
|
|
|
|
|
|
xml: T3642: improve PKI CLI help string
|
|
|
|
radvd: T6118: add nat64prefix support RFC8781
|
|
grub: T4548: Fixed GRUB configuration files order
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
|
|
conntrack: T5080: Fix rule order for applied conntrack modules
|
|
T6114: fix broken migration dhcpv6-server 4-to-5
|
|
|
|
|
|
xml: T6098: relax description constraint to allow non-ascii characters
|
|
A restriction to ascii in the constraint disallowed earlier support for
unicode bytes.
|
|
dhcp-client: T6093: extend regex for client class-id's with DOT
|
|
The regex used is not working if the string contains dots.
Originally authored by: Lucas <pinheirolucas@pm.me>
|
|
xml: T5738: revert invalid change from lower character limit - 0 length must be allowed
|
|
be allowed
This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum
description to 255 characters") which incresaed the lower limit from 0 to 1.
We actually require 0 length value for description nodes as introduced in
commit 6eea12512e ("xml: T1579: allow zero length for description").
|
|
firewall: T6071: truncate rule description field to 255 characters
|
|
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
|
|
dhcp: T6102: Fix clear DHCP lease op-mode
|
