| Age | Commit message (Collapse) | Author |
|---|
|
(cherry picked from commit cd8ef21f280f726955f537132e3fab2bcb3c286f)
|
|
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
|
|
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service"
with no additional information about a client interface at all.
This results in useless dhclient processes
root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d
root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script
root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 -
Which also assign client leases to all local interfaces, if we receive one
valid DHCPOFFER
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
eth0 - 00:50:56:bf:c5:6d default 1500 u/u
eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u
eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u
172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses.
This commit moved the renew command to the DHCP op-mode script to properly
validate if the interface we request a renew for, has actually a dhcp address
configured. In additional this exposes the renew feature to the API.
(cherry picked from commit 7dbaa25a199a781aaa9f269741547e576410cb11)
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
(cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
(cherry picked from commit 4792d39bb84991768404f69ff807e43a9979a79e)
|
|
(cherry picked from commit 77a25e95da48549f2791b677f4ba187e547b1c6a)
|
|
(cherry picked from commit c37fb4010c50a18029d6c680c42fceb3b8930dbd)
|
|
banner: T6077: dehardcode URLs in MOTD template (backport #3070)
|
|
(cherry picked from commit 298bcc5cb90c4c83981ec4baaaa0db785306867d)
|
|
Example:
vyos@vyos# set protocols ospfv3 redistribute bgp
Possible completions:
metric OSPF default metric
metric-type OSPF metric type for default routes (default: 2)
route-map Specify route-map name to use
(cherry picked from commit ed2c288c8a9031f91acf76d20b84e2002696981c)
|
|
Use URLs provided by flavor build system and version.json file
(cherry picked from commit a5762cb03f17fd0bc65a19604e505fe94ad42011)
|
|
This is a fix for commit 665ae50729 ("vyos-hostsd: T4270: do not resolve local
router FQDN to 127.0.1.1") as it made calls to sudo super slow due to:
sudo: unable to resolve host vyos: System error
To avoid the initial issue we only add the hostname without domain name, thus
the FQDN is not resolved by powerdns.
(cherry picked from commit 3712f28025a5bc99e941b5212091a2732b9f6d6c)
|
|
(cherry picked from commit 3480d92a8c4d84e8c1f94a9362bac2be0cc77921)
|
|
Implement VyOS ASCII art contest winners logo as the default for our MOTD
(cherry picked from commit 0ea3a454cf560171d3eb9d4d1b97b172c06360fe)
|
|
Clients using VyOS as their DNS server and trying to resolve the FQDN of the
router will receive 127.0.1.1 as answer.
set service dns forwarding allow-from '172.16.0.0/12'
set service dns forwarding listen-address '172.31.0.254'
set service dns forwarding negative-ttl '60'
set system domain-name 'vyos.net'
set system host-name 'R1'
Will return:
$ host R1.vyos.net 172.31.0.254
Using domain server:
Name: 172.31.0.254
Address: 172.31.0.254#53
Aliases:
R1.vyos.net has address 127.0.1.1
When it should rather return the real IP address assigned via DNS.
(cherry picked from commit 665ae5072911fbb1373c393d9b57212552957888)
|
|
(cherry picked from commit 6d79c73d4fa2d26197c1bc19df215a204af6c5dd)
|
|
Ref: https://www.spinics.net/lists/netfilter/msg59549.html
(cherry picked from commit 538aeeccc46d31ab54647b67c8a2ba442d61cc46)
|
|
context
* set vrf name <name> ip nht no-resolve-via-default
* set vrf name <name> ipv6 nht no-resolve-via-default
(cherry picked from commit 0fafc4bcdb9efc03796ddab0832471b11ba1bbe0)
|
|
* set system ip nht no-resolve-via-default
* set system ipv6 nht no-resolve-via-default
(cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
(cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
(cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
|
|
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
(cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
|
|
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
|
|
(cherry picked from commit 17894f6f5d97df7d3ac1cf37ce0e1a96b8fa8e8b)
|
|
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null>
* set protocols bgp parameters allow-martian-nexthop
* set protocols bgp parameters no-hard-administrative-reset"
(cherry picked from commit fff6004d46c5b939800fc3e61fe2102224625c0d)
|
|
(cherry picked from commit 586863bf3a9cb1dd1c0d74b628d00096b905740f)
|
|
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node
to explicitly change this.
* set vpn ipsec site-to-site peer <name> replay-window <0-2040>
(cherry picked from commit 4d943d8fbf1253154897179b0e3ea2d93b898197)
|
|
T5971: Rewritten ppp options in accel-ppp services (backport #2891)
|
|
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor (backport #2903)
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
(cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
|
|
Modify the dynamic dns configuration 'address' subpath for better
clarity on how the address is obtained.
Additionally, remove `web-options` and fold those options under the
path `address web`.
|
|
T5989 fix: Add ipv4-prefix as a valid option for UPnP ACLs. (backport #2897)
|
|
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
|
|
(cherry picked from commit eb76729d63245e2e8f06f4d6d52d2fd4aab4fb1f)
|
|
dns: T5959: Streamline dns forwarding service (backport #2854)
|
|
(cherry picked from commit 0307801b8928bbaaa20caf5bd10b928bae459490)
|
|
appropiate commands to populate such groups using source and destination address of the packet.
(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
(cherry picked from commit 1c1fb5fb4bd7c0d205b28caf90357ad56423464f)
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
(cherry picked from commit d187803c31175e471397dd4f77040ab56d2e1073)
|
|
system-option: T5979: Add configurable kernel boot options (backport #2886)
|
|
There is no need to add and remove this table during runtime - it can lurk
in the standard firewall init code.
(cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
|
|
(cherry picked from commit 1b1569d5b88a20994fc65fd529f8103db371bf3f)
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254>
(cherry picked from commit 1f07dcbddfcfdbb9079936ec479c5633934dd547)
|
|
Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service
(cherry picked from commit 64473fa6f320375fb3d3de4de9e729f456ee5ae2)
|
|
firewall: T5729: T5681: T5217: backport subsystem from current branch
|
|
This is a combined backport for all accumulated changes done to the firewall
subsystem on the current branch.
|
|
* set service ntp leap-second [ignore|smear|system|timezone]
Where timezone is the new and old default resulting in adding "leapsectz right/UTC"
to chrony.conf. The most prominent new option is "smear" which will add
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
to chrony.
See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for
additional information
(cherry picked from commit 7ae064bab0010dff8827a0ed5e1239d2778dc7c1)
|
