Age | Commit message (Collapse) | Author |
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
|
|
ethernet: T6306: add support for EVPN MH uplink/core tracking
|
|
When all the underlay links go down the PE no longer has access to the VxLAN
+overlay.
To prevent blackholing of traffic the server/ES links are protodowned on the PE.
A link can be setup for uplink tracking via the following configuration:
set interfaces ethernet eth0 evpn uplink
|
|
Bond: T6303: add system mac address on interfaces bond
|
|
|
|
|
|
bridge: T6317: add dependency call for wireless interfaces
|
|
|
|
|
|
|
|
|
|
Fix default values for random-detect
Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
|
|
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF
|
|
smoketest: T6199: remove redundant code when unpacking Kernel GZ config
|
|
|
|
When adding and removing VRF instances on the fly it was noticed that the vni
statement under the VRF instance in FRR vanishes. This was caused by a race
condition which was previously designed to fix another bug.
The wierd design of a Python helper below the VRF tree to only generate the
VNI configuration nodes is now gone and all is rendered in the proper place.
|
|
pppoe-server: T6234: PPPoE-server pado-delay refactoring
|
|
|
|
|
|
qos: T4248: Allow to remove the only rule from the qos class
|
|
|
|
config
|
|
T6237: IPSec remote access VPN: ability to set EAP ID of clients
|
|
|
|
$ touch /tmp/vyos.smoketest.debug
will enable dynamic debugging of the smoketests - showing the appropriate CLI
commands on stdout
|
|
|
|
|
|
|
|
server certificates
|
|
to firewall global-optinos
|
|
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt
|
|
Added params for configuration red on the shaper policy
|
|
fails (#3296)
|
|
|
|
ethernet: T5862: default MTU is not acceptable in some environments
|
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
|
|
ipoe: T6205: error in migration script logic while renaming mac-address to mac node
|
|
mac node
The problem was introduced in [1] but the config migrator part unfortunately
was added to the wrong version [2]. As IPoE config version 0 was only active
during the 1.3 development cycle and VyOS 1.3.0 was already released with config
version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to
properly support upgrades from VyOS 1.3 -> 1.4 or newer.
1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168
2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46
|
|
Use vyos.xml_ref.default_value to query XML default values and take them into
account when validating properly applied defaults in individual smoketests
instead of using hardcoded values like 443 for https port.
|
|
There are cloud environments available where the maximum supported ethernet
MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value
or 1500 bytes - whatever is lower.
|
|
The option "passive-interface default" was set even if it was not present in
the previous version we are migrating from. Fix migration script to handle this
with a conditional path.
|
|
bgp: T5943: BGP Peer-group members must be all internal or all external
|
|
T6068: dhcp-server: add command <set service dhcp-server high-availability mode>
|
|
|
|
mode> so user can define what type of ha use: active-active or active-passive
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
|
|
configverify: T6198: add common helper for PKI certificate validation
|
|
The next evolutional step after adding get_config_dict(..., with_pki=True) is
to add a common verification function for the recurring task of validating SSL
certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
|
|
T6192: allow binding SSH to multiple VRF instances
|
|
Fixed using 'route-map', 'as-set' and 'summary-only' together in
aggregation in BGP
|