| Age | Commit message (Collapse) | Author |
|---|
|
T7092: Add Container Registry Mirror
|
|
|
|
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
T5400: clean up directory as needed before local build of libvyosconfig
|
|
|
|
syslog: T7229: advanced format should not have IPv6 addresses in [] brackets
|
|
|
|
Otherwise rsyslog will report an error:
omfwd: could not get addrinfo for hostname '[2001:db8::2]':'514': System error
|
|
|
|
ipsec: T7225: fix IKE DiffieHellmanGroup and ExtendedAuthEnabled in iOS profile
|
|
Commit e97d86e ("T6617: T6618: vpn ipsec remote-access: fix profile generators")
added a bug when working with DiffieHellmanGroup, it started becoming a boolead
and no longer referencing the DH groups itself.
This has been fixed.
|
|
If this is unset, loading the iOS VPN profile will error out on the device
giving:
Profile Installation Failed
configuration is invalid:
Missing identity
My first assumption was an empty string in LocalIdentifier for IKE, but turned
out only adding this flag solved it.
This was made optional in commit e97d86e ("T6617: T6618: vpn ipsec
remote-access: fix profile generators") but got reverted now.
|
|
ipsec: T7225: "generate ipsec profile ios-remote-access" throws UndefinedError
|
|
T4406: Add public API endpoint to display information
|
|
Calling "generate ipsec profile ios-remote-access rw remote ipsec.vyos.net name
VYOS-NET profile VYOS" in op-mode causes
File "/usr/share/vyos/templates/ipsec/ios_profile.j2", line 58, in top-level template code
{% if authentication.client_mode.startswith("eap") %}
^^^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'client_mode'
|
|
|
|
T5400: Move libvyosconfig build out of the Docker image
|
|
syslog: T6989: fix typos and add option to disable MARK
|
|
libvyosconfig is both a build and a run dependency of vyos-1x.
Satisfying the build dependency within the Docker image requires
coordination of updates to vyos-build/libvyosconfig/vyos-1x on any
changes to the library; simplify this process by moving the build to a
step of the vyos-1x Makefile.
|
|
GitHub: T5400: evaluate OPAM environment before package build
|
|
|
|
New CLI command
set system syslog marker disable
|
|
|
|
Revert "wireguard: T4930: remove pylint W0611: unused import"
|
|
This reverts commit bb70ea569f4548b103c54bbb7c393221a6da0a23.
|
|
T6948: Keep DHCP server leases in sync with hostd records
|
|
T7204: Container add capability MKNOD
|
|
wireguard: T7166: Call vxlan dependency if interface exist
|
|
|
|
policy: T7116: Remove unsupported use of BGP community "internet"
|
|
T7118: Added the ability to redistribute NHRP routes to other protocols
|
|
|
|
policy: T7158: Added match source-vrf to route-map
|
|
* wlb: T7196: Migrate interface wildcards to nftables format
* wlb: T7196: Fix exclude/interface verify check
* wlb: T7196: Extra sanity check on ipv4 address function
|
|
Added match source-vrf to route-map
|
|
Added the ability to redistribute NHRP routes to:
OSPF
BGP
Babel
RIP
IS-IS
|
|
This has been split into a separate commit in case this is overkill for
the fix. 1.2 and 1.3 installs predate the change to FRR that removed support,
but "internet" is already broken on 1.4.
|
|
"internet"
|
|
GitHub: T6707: define smoketest ISO retention-days to 2
|
|
|
|
|
|
* snmp: T7180: Fixed verification of engineid in snmpv3
EngineID must be configured if snmpv3 user is configured.
Fixed engineid help string.
|
|
lldp: T7165: add support to enable only rx/tx on specific interfaces
|
|
T7171: Add dstport option to GENEVE tunnels
|
|
|
|
LLDP is a stateless protocol which does not necessitate sending to receive
advertisements. There are multiple scenarios such as provider peering links in
which it is advantageous to receive LLDP but not disclose internal information
to the provider.
Add new CLI command:
* set service lldp interface <name> mode [disable|rx-tx|rx|tx]
The default is unchanged and will be rx-tx.
Furthermore if an interface has an explicit LLDP disable configured under
"set service lldp interface <name> disable" this will be migrated to
"set service lldp interface <name> mode disable"
|
|
T7190: Add haproxy default timeout options configurable
|
|
bond: T7191: fix error message when member interface is used multiple times
|
|
bridge: T7192: do not allow a member interface to be used multiple times
|
|
Add the ability to configurate default timeout and frontend
client timeout
```
set load-balancing haproxy service web timeout client '600'
set load-balancing haproxy timeout check '4'
set load-balancing haproxy timeout client '600'
set load-balancing haproxy timeout connect '12'
set load-balancing haproxy timeout server '120'
```
|
