Age | Commit message (Collapse) | Author |
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary
reason. After restarting SSH to often (rate-limiting) it is blocked by systemd.
Using Restart/RestartSec is not enough - systemd services use start rate
limiting (enabled by default). If service is started more than StartLimitBurst
times in StartLimitIntervalSec seconds is it not permitted to start any more.
Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and
DefaultStartLimitBurst (default 5).
|
|
|
|
ids: T2659: Implement fastnetmon support
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit 1d7f88b459d ("ssh: T2635: migrate to get_config_dict()") used a wrong
loop iterator on the rendered ListenAddress statement.
|
|
Jinja template contains some workarounds like {% if port is string %}, this
depends of the resolution of https://phabricator.vyos.net/T2636
|
|
|
|
T2486: DNS, vyos-hostsd fixes
|
|
|
|
|
|
|
|
For more examples on the new get_config_dict() approach migrate this
implementation as it is not yet in production use. Also this serves as proof of
concept code for further migrations.
|
|
|
|
|
|
radvd[31898]: AdvValidLifeTime must be greater than AdvPreferredLifetime in
radvd.conf, line 19
This happens with the following configuration:
vyos@vyos# show service router-advert
interface eth0.20 {
name-server 2001:4860:4860::8888
prefix ::/64 {
valid-lifetime 7200
}
}
A validator is added to solve this issue and radvd will run again.
|
|
|
|
|
|
When multiple RADIUS servers have been configured, they have been all rendered
onto a single line in the config. This lead to errors in syslog and not all
servers beeing reachable.
|
|
The "to" qualifier did not get rendered when using source ports in masquerade
targets. This case was totally missed out when porting.
|
|
|
|
|
|
We specify NFT source/destination ports within a { } group, but if the port
range in question is negated, we need to move the != fraction out of { } and
infront of that group, else NFT loading will fail big time.
|
|
This reverts commit 927c054d9236c2c34ca43c1cbfff10fcfd7f5077.
|
|
After commit 1c7d7cb ("wwan: T2529: migrate device from ttyUSB to
usbXbY.YpZ.Z") the up/down scripts did not properly parse the passed tty
for setting up default routes.
|
|
|
|
The file will be generated by vyos-hostsd to add NTAs for zones (domains)
from /etc/hosts and forward-zones.
|
|
Move templates out of the daemon and add new templates.
|
|
As part of T1595 listen-on was removed and migrated to listen-address,
but some references to it stayed in the variable names and validator
error message.
|
|
|
|
|
|
* 'serial-console' of github.com:c-po/vyos-1x:
console: T2569: run VGA console powersave on tty1
console: T2569: replicate console settings to grub.cfg
Debian: fix warning about undefined substitution variables
console: T2569: only start serial console if device exists
console: T2529: migrate from ttyUSB device to new device in /dev/serial/by-bus
console: T2570: remove support for Hayes Modems
netconsole: T2561: use migrator to delete config nodes
console: T2569: initial implementation with XML and Python
|
|
|
|
|
|
During testing it was discovered that there is a well known problem (we had for
ethernet interfaces) also in the serial port world. They will be enumerated and
mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially
painful on my development APU4 board which also has a Sierra Wireless MC7710
LTE module installed.
The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the
amount of serial port extenders attached (FT4232H).
The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves
this by enumerating the devices into /dev/serial/by-id folder with their name
and serial number - it's a very good idea but I've found that not all of the
FT4232H dongles have a serial number programmed - this leads to the situation
that when you plug in two cables with both having serial number 0 - only one
device symlink will appear - the previous one is always overwritten by the
latter one.
Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus
directory and group devices by attached USB root port.
|
|
|
|
... all information are present in journald.
|
|
During testing it was discovered that there is a well known problem (we had for
ethernet interfaces) also in the serial port world. They will be enumerated and
mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially
painful on my development APU4 board which also has a Sierra Wireless MC7710
LTE module installed.
The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the
amount of serial port extenders attached (FT4232H).
The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves
this by enumerating the devices into /dev/serial/by-id folder with their name
and serial number - it's a very good idea but I've found that not all of the
FT4232H dongles have a serial number programmed - this leads to the situation
that when you plug in two cables with both having serial number 0 - only one
device symlink will appear - the previous one is always overwritten by the
latter one.
Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus
directory and group devices by attached USB root port.
vyos@vyos:~$ find /dev/serial/by-bus/ -name usb* -exec basename {} \; | sort
usb0b1.3p1.0
usb0b1.3p1.2
usb0b1.3p1.3
usb0b2.4p1.0
usb0b2.4p1.1
usb0b2.4p1.2
usb0b2.4p1.3
So we have USB root 0 with bus 1.3 and port 1.0. The enumeration is constant
accross reboots.
|
|
|
|
|
|
|
|
|
|
Commit 8dcf042a7f5 ("pppoe: T2219: move adding of default route to ip-(up|down)
script") wrongly tried to open a file called autoconfigure which infact
should be autoconf
|
|
|
|
Some ISPs (e.g. Comcast) only delegate a /64 by default. You have to explicitly
"ask" for a bigger (e.g. /60) prefix. This commit adds a CLI node to request
a specific prefix length in the range 32 - 64.
dhcpv6-options {
prefix-delegation {
length 60
}
}
|