| Age | Commit message (Collapse) | Author |
|---|
|
Change autoignoreprefixes config template and add smoketests
|
|
bgp: T7220: Add the option to disable enforce-first-as at peer level
|
|
T7282: op-mode: show firewall group filtering and tab completion update
|
|
T7316: Add MTU validation for interfaces with MTU less then 1200
|
|
|
|
advertisements (#4463)
|
|
dhclient: T6253: Respect `no-default-route`
|
|
interface: T4627: not every interface type supports IPv6 interface-identifiers
|
|
Turns out commit b124f0b3b ("interface: T4627: support IPv6 Interface
Identifier (token) for SLAAC") uncovered a wrong assumption in VyOS that every
interface type in use always supports SLAAC and IPv6-ND (neighbor discovery).
This is not true for WireGuard, Tunnel and VTI interfaces, thus do not provide
that CLI option. In addition SLAAC support should be removed for those interface
types in a future PR.
|
|
syslog: T7367: ensure rsyslog is registered as default systemd syslog service
|
|
interface: T7375: cleanup SLAAC assigned address and default route after removing SLAAC CLI configuration
|
|
geoip: T5636: Add geoip for policy route/route6
|
|
interface: T4627: support setting of IPv6 Interface Identifier(Token)
|
|
bridge: T7322: fix slow performance of allowed vlan
|
|
ospf: T7383: Fixed unconfigured redistribution of nhrp into ospf
|
|
|
|
When an interface runs in DHCPv6 only mode, there is no reason to have a
default installed that was received via SLAAC. If SLAAC is needed, it should
be turned on explicitly.
This bug was only triggered during system boot where a DHCPv6 client address
and a default route to a link-local address was shown in the system. If DHCPv6
was enabled only on an interface while VyOS was already running - no default
route got installed.
|
|
|
|
When using SLAAC for IPv6 addresses we will also receive a default route via a
RA (Router Advertisement). When we disable SLAAC on a interface the Linux
Kernel does not automatically flush all addresses nor the routes received.
The Kernel wait's until the addresses/prefixes/routes expire using their
lifestime setting.
When removing SLAAC from an interface, also remove the auto generated IPv6
address and both the default router received and the connected IP prefix of the
SLAAC advertisement.
|
|
We can reference "self.ifname" in any Python f-ormatted string directly. No
need for an interim temporary variable.
|
|
|
|
instead of &&
|
|
|
|
|
|
Fixed unconfigured redistribution of nhrp into ospf.
|
|
|
|
T7334: pr mirror trigger workflow added with label creation permission for default github token
|
|
default github token
|
|
Add common IPv6 CLI option (use ethernet as example):
set interfaces ethernet eth0 ipv6 address interface-identifier
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
|
|
Systemd states:
The default syslog implementation should make syslog.service a symlink to
itself, so that this socket activates the right actual syslog service.
|
|
* firewall: T7370: Add conntrack log commands
Added the following commands:
show log conntrack
show log conntrack event new
show log conntrack event update
show log conntrack event destroy
* firewall: T7370: Add conntrack log commands
Added the following commands:
show log conntrack
show log conntrack event new
show log conntrack event update
show log conntrack event destroy
* firewall: T7370: Add conntrack log commands
Added the following commands:
show log conntrack
show log conntrack event new
show log conntrack event update
show log conntrack event destroy
* Fix capitalization
---------
Co-authored-by: l0crian1 <ryan.claridge13@gmail.com>
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
firewall: T7369: Match global state policies in show firewall
|
|
grub: T7327: honor "system option kernel" settings during image upgrade
|
|
T7343: IPsec add traffic-selector handling for VTI interfaces
|
|
dhcpv6-client: T6113: add proper startup/shutdown order for systemd units
|
|
Allow to set traffic-selector for VTI interfaces
We can set several local and remote IPv4 and IPv6 prefixes
```
set vpn ipsec site-to-site peer P1 vti traffic-selector local prefix 0.0.0.0/0
set vpn ipsec site-to-site peer P1 vti traffic-selector local prefix :/0
set vpn ipsec site-to-site peer P1 vti traffic-selector remote prefix 192.0.2.0/24
```
|
|
Global state policies were not matched when typing "show firewall"
|
|
Global state policies were not matched when typing "show firewall"
|
|
When running dhcp6c on top of a PPPoE interface, properly honor the dependency
chain with systemd. On shutdown we need to stop the wide-dhcpv6-client prior
to shutting down the ppp portion of the interface.
|
|
When performing an image upgrade and Linux Kernel command-line option that
should be passed via GRUB to the Linux Kernel are missing on the first boot.
This is because when generating the GRUB command-line via the op-mode scripts
the CLI nodes defining the options are not honored.
This commit re-implements the code-path in op-mode which generates the strings
passed via GRUB to the Linux Kernel command-line.
NOTE: If (for a yet unknown reason) a Kernel command-line option string changes
during a major - or minor - upgrade of the Linux Kernel, we will need to adapt
that logic and possibly call a helper from within the NEW updated image rootfs.
Thus we can ship future information back into the past like the "Grays Sports
Almanac" from Back to the Future Part II.
|
|
|
|
kea: T7281: Add ping-check, use built-in option for classless static routes
|
|
ids: T7241: remove Fastnetmon from the base system
|
|
T7353: T7360: netplug: behavior change 1.3.8 -> 1.4 when interface with DHCP address looses carrier
|
|
T7321: Replace legacy operations in configsession.py with vyconf client operations
|
|
|
|
When an interface goes down - e.g. cable unplugged - the DHCPv6 assigned IPv6
address is not removed from said interface. We should provide the same behavior
as with IPv4. IPv6 address should be removed and dhcpv6 client restarted once
the interface goes operational up again.
|
|
The initial rewrite of vyos-netplug-dhcp-client by me tried to outsmart the
DHCP client implementation by re-using vyos.ifconfig.Interface(). This added
a regression where an interface loosing it's carrier no longer deconfigured
it's IP address. This was a change in behavior form VyOS 1.3.
In addition a bug is fixed as when a VLANs interface parent looses it's carrier
we now also stop the DHCP client process.
This script is now back to simply starting/stopping the DHCP client process.
|
|
* dhcp-server: T7310: add support for option 138 CAPWAP AC to KEA
* kea: T7310: Update data/templates/dhcp-server/kea-dhcp4.conf.j2
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
* kea: T7310: Update python/vyos/kea.py
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
* kea: T7310: add smoketest for capwap-ac-v4
* kea: T7310: Update python/vyos/kea.py
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
---------
Co-authored-by: David Vølker <davvol@davvol.dk>
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
|
