| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ipsec: T7225: fix IKE DiffieHellmanGroup and ExtendedAuthEnabled in iOS profile
|
|
Commit e97d86e ("T6617: T6618: vpn ipsec remote-access: fix profile generators")
added a bug when working with DiffieHellmanGroup, it started becoming a boolead
and no longer referencing the DH groups itself.
This has been fixed.
|
|
If this is unset, loading the iOS VPN profile will error out on the device
giving:
Profile Installation Failed
configuration is invalid:
Missing identity
My first assumption was an empty string in LocalIdentifier for IKE, but turned
out only adding this flag solved it.
This was made optional in commit e97d86e ("T6617: T6618: vpn ipsec
remote-access: fix profile generators") but got reverted now.
|
|
ipsec: T7225: "generate ipsec profile ios-remote-access" throws UndefinedError
|
|
T4406: Add public API endpoint to display information
|
|
Calling "generate ipsec profile ios-remote-access rw remote ipsec.vyos.net name
VYOS-NET profile VYOS" in op-mode causes
File "/usr/share/vyos/templates/ipsec/ios_profile.j2", line 58, in top-level template code
{% if authentication.client_mode.startswith("eap") %}
^^^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'client_mode'
|
|
|
|
T5400: Move libvyosconfig build out of the Docker image
|
|
syslog: T6989: fix typos and add option to disable MARK
|
|
libvyosconfig is both a build and a run dependency of vyos-1x.
Satisfying the build dependency within the Docker image requires
coordination of updates to vyos-build/libvyosconfig/vyos-1x on any
changes to the library; simplify this process by moving the build to a
step of the vyos-1x Makefile.
|
|
GitHub: T5400: evaluate OPAM environment before package build
|
|
|
|
New CLI command
set system syslog marker disable
|
|
|
|
Revert "wireguard: T4930: remove pylint W0611: unused import"
|
|
This reverts commit bb70ea569f4548b103c54bbb7c393221a6da0a23.
|
|
T6948: Keep DHCP server leases in sync with hostd records
|
|
T7204: Container add capability MKNOD
|
|
wireguard: T7166: Call vxlan dependency if interface exist
|
|
|
|
policy: T7116: Remove unsupported use of BGP community "internet"
|
|
T7118: Added the ability to redistribute NHRP routes to other protocols
|
|
|
|
policy: T7158: Added match source-vrf to route-map
|
|
* wlb: T7196: Migrate interface wildcards to nftables format
* wlb: T7196: Fix exclude/interface verify check
* wlb: T7196: Extra sanity check on ipv4 address function
|
|
Added match source-vrf to route-map
|
|
Added the ability to redistribute NHRP routes to:
OSPF
BGP
Babel
RIP
IS-IS
|
|
This has been split into a separate commit in case this is overkill for
the fix. 1.2 and 1.3 installs predate the change to FRR that removed support,
but "internet" is already broken on 1.4.
|
|
"internet"
|
|
GitHub: T6707: define smoketest ISO retention-days to 2
|
|
|
|
|
|
* snmp: T7180: Fixed verification of engineid in snmpv3
EngineID must be configured if snmpv3 user is configured.
Fixed engineid help string.
|
|
lldp: T7165: add support to enable only rx/tx on specific interfaces
|
|
T7171: Add dstport option to GENEVE tunnels
|
|
|
|
LLDP is a stateless protocol which does not necessitate sending to receive
advertisements. There are multiple scenarios such as provider peering links in
which it is advantageous to receive LLDP but not disclose internal information
to the provider.
Add new CLI command:
* set service lldp interface <name> mode [disable|rx-tx|rx|tx]
The default is unchanged and will be rx-tx.
Furthermore if an interface has an explicit LLDP disable configured under
"set service lldp interface <name> disable" this will be migrated to
"set service lldp interface <name> mode disable"
|
|
T7190: Add haproxy default timeout options configurable
|
|
bond: T7191: fix error message when member interface is used multiple times
|
|
bridge: T7192: do not allow a member interface to be used multiple times
|
|
Add the ability to configurate default timeout and frontend
client timeout
```
set load-balancing haproxy service web timeout client '600'
set load-balancing haproxy timeout check '4'
set load-balancing haproxy timeout client '600'
set load-balancing haproxy timeout connect '12'
set load-balancing haproxy timeout server '120'
```
|
|
container: T7185: Allow tmpfs mounts within containers
|
|
When configuring
set interfaces bridge br10 member interface eth1
set interfaces bridge br20 member interface eth1
commit
Checking the interface assignment afterwards shows
242: br20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 62:34:3a:8a:fe:49 brd ff:ff:ff:ff:ff:ff
[edit]
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br20 state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:b3:cd:ba brd ff:ff:ff:ff:ff:ff
altname enp0s19
altname ens19
The later addition wins and the CLI reports eth1 is assigned to br20 "master
br20". A member interface can not be used multiple times.
|
|
Sharing the same physical interface among multiple bond interfaces causes
information to be lost within the error message
set interfaces bonding bond10 member interface eth1
set interfaces bonding bond10 member interface eth2
set interfaces bonding bond20 member interface eth1
set interfaces bonding bond20 member interface eth2
commit
Results in:
[ interfaces bonding bond10 ]
Can not add interface "eth1" to bond, it is already a member of bond
"b"!
[[interfaces bonding bond10]] failed
[ interfaces bonding bond20 ]
Can not add interface "eth1" to bond, it is already a member of bond
"b"!
It should infact output the full name of the bond interface.
|
|
|
|
firewall: T7148: Bridge state-policy uses drop in place of reject
|
|
haproxy: T7187: Fix typo in op-mode filename
|
|
|
|
|
