| Age | Commit message (Collapse) | Author |
|---|
|
When running dhcp6c on top of a PPPoE interface, properly honor the dependency
chain with systemd. On shutdown we need to stop the wide-dhcpv6-client prior
to shutting down the ppp portion of the interface.
|
|
kea: T7281: Add ping-check, use built-in option for classless static routes
|
|
ids: T7241: remove Fastnetmon from the base system
|
|
It will eventually be moved to an addon
|
|
|
|
|
|
Remove legacy windows static route on option 249
|
|
T7254: op-mode: Add spanning-tree op-mode commands
|
|
T7311: syslog: Fix duplicate kernel log entries
|
|
|
|
Fix the IPsec log level option processing
set vpn ipsec log level '2'
Render Jinja2 template to generate correct log for IPsec for
the file /etc/strongswan.d/charon-systemd.conf
|
|
Modified op-mode-standardized.json
|
|
syslog: T7270: fix typos in rsyslog.conf
|
|
If a router has not formed an LDP neighbor adjacency yet, it
answers all received LDP Hello packets from non-neighbors with
new Hello packets.
This leads to flooding LDP packets to all routers for each LDP
incoming packet.
Add configuration option to disable this behavior
```
set protocols mpls ldp interface eth0 disable-establish-hello
```
|
|
|
|
|
|
|
|
* bgp: T7157: Allow using route-maps for VRF route leaking in BGP
Added the possibility of using route-map in route leaking.
* Improve the constraint error message
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
|
|
T7092: Add Container Registry Mirror
|
|
|
|
Otherwise rsyslog will report an error:
omfwd: could not get addrinfo for hostname '[2001:db8::2]':'514': System error
|
|
|
|
Commit e97d86e ("T6617: T6618: vpn ipsec remote-access: fix profile generators")
added a bug when working with DiffieHellmanGroup, it started becoming a boolead
and no longer referencing the DH groups itself.
This has been fixed.
|
|
If this is unset, loading the iOS VPN profile will error out on the device
giving:
Profile Installation Failed
configuration is invalid:
Missing identity
My first assumption was an empty string in LocalIdentifier for IKE, but turned
out only adding this flag solved it.
This was made optional in commit e97d86e ("T6617: T6618: vpn ipsec
remote-access: fix profile generators") but got reverted now.
|
|
ipsec: T7225: "generate ipsec profile ios-remote-access" throws UndefinedError
|
|
Calling "generate ipsec profile ios-remote-access rw remote ipsec.vyos.net name
VYOS-NET profile VYOS" in op-mode causes
File "/usr/share/vyos/templates/ipsec/ios_profile.j2", line 58, in top-level template code
{% if authentication.client_mode.startswith("eap") %}
^^^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'client_mode'
|
|
|
|
New CLI command
set system syslog marker disable
|
|
wireguard: T7166: Call vxlan dependency if interface exist
|
|
|
|
Added match source-vrf to route-map
|
|
lldp: T7165: add support to enable only rx/tx on specific interfaces
|
|
LLDP is a stateless protocol which does not necessitate sending to receive
advertisements. There are multiple scenarios such as provider peering links in
which it is advantageous to receive LLDP but not disclose internal information
to the provider.
Add new CLI command:
* set service lldp interface <name> mode [disable|rx-tx|rx|tx]
The default is unchanged and will be rx-tx.
Furthermore if an interface has an explicit LLDP disable configured under
"set service lldp interface <name> disable" this will be migrated to
"set service lldp interface <name> mode disable"
|
|
Add the ability to configurate default timeout and frontend
client timeout
```
set load-balancing haproxy service web timeout client '600'
set load-balancing haproxy timeout check '4'
set load-balancing haproxy timeout client '600'
set load-balancing haproxy timeout connect '12'
set load-balancing haproxy timeout server '120'
```
|
|
|
|
T5810: Add support for RPKI source ip
|
|
T6628: IPoE-server rename "static-ip" to "ip-address" for local auth
|
|
wlb: T4452: Use return for exclude statements
|
|
|
|
|
|
|
|
bgp: T7163: add CLI route-map and metric support for "redistribute table"
|
|
|
|
|
|
* set protocols bgp address-family <ipv4-unicast|ipv6-unicast> redistribute
table <n> [metric <n>] [route-map <name>]
|
|
Re-use existing XML constraint added via commit 8f6246da6 ("xml: T7161: provide
re-usable building block for alternative routing tables") and add handy CLI
completion helper.
FRRouting supports redistribution of multiple non-main tables, thus make this
a multi node in addition, too.
|
|
Fixed 'domain-nocache' command.
Added config generation for this command.
|
|
|
|
|
