| Age | Commit message (Collapse) | Author |
|---|
|
Several improvements in processing RFC3442 routes (support for route deletion, DHCP RENEW and link-local routes)
|
|
|
|
After migrating PowerDNS to systemd and also its configuration files to a
volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration
files to volatile /run directory") the path for the control file has not
been altered and pushed to the client rec_control binary"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* 't2264-l2tp' of github.com:c-po/vyos-1x: (25 commits)
vpn: l2tp: sstp: T2264: create config dir on demand
vpn: l2tp: T2264: migrate IPv6 prefix node to common CLI style
vpn: l2tp: T2264: simplify IPv6 config dictionary elements
vpn: sstp: T2008: migrate from SysVinit -> systemd
vpn: sstp: T2008: bugfix KeyError 'client_gateway'
vpn: l2tp: T2264: migrate from SysVinit -> systemd
vpn: l2tp: T2264: remove debug pprint
vpn: l2tp: T2264: proper set PPP default values to ease Jinja2 template
vpn: l2tp: T2110: re-use RADIUS XML include file
vpn: l2tp: T2264: remove RADIUS req-limit node
vpn: l2tp: T2264: migrate to new dictionary keys for radius auth
vpn: sstp: T2008: set accell default values in config dict
vpn: l2tp: T2264: use "with open()" when writing config
vpn: l2tp: T2264: migrate to new dictionary keys for local auth
vpn: sstp: T2008: improve error message for non existent local-users
vpn: l2tp: T2264: cleanup thread_cnt generation
vpn: sstp: T2008: cleanup thread_cnt generation
vpn: l2tp: T2264: combine WINS CLI syntax
vpn: l2tp: T2264: combine IPv4/IPv6 name-server CLI syntax
vpn: sstp: T2008: adjust DNS error message
...
|
|
The vyatta-dhclient-hook is not differentiating between v4 and v6
and attempting to use the same lease file for both protocol.
Therefore only dhcp v4 or v6 could be setup on an interface and
not both.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ppp already supports ip-pre-up script but none was being supplied. Need
ip-pre-up to handle renames and firewall properly.
Script imported from old VyOS PPP fork repository at
https://github.com/vyos/ppp-debian
|
|
|
|
|
|
|
|
This reduces the amount of self written code to start-stop-daemon and also kill
the process if it has no connection yet (there won't be a PID file in this case)
and getting the proper PID for multiple processes would require me to walk the
/proc/<pid>/cmdline for every binary involved.
|
|
Without this override the keepalived stop transaction script won't work
as systemd will just wipe the process.
|
|
This changeset contains multiple changes in structure, logic, and bugfixes for dhclient-script. It should provide better compatibility with new Debian versions and flexibility in controlling and changing VyOS-related functions.
1. Structure change:
* All VyOS-related functionality was moved from dhclient-script itself to separated hook files.
* Old vyatta-dhclient-hook was moved from vyatta-cfg to vyos-1x.
* This change allows discard dhclient-script replacing and use the original one from Debian without any changes. So, we do not need to track all changes in upstream so carefully.
* To provide compatibility between original dhclient-script and VyOS, two internal commands/functions are repaced in hooks: ip and make_resolv_conf. So, in all places where used ${ip} or make_resolv_conf, actually using VyOS-tuned functions instead original.
* `ip` function is a wrapper, which automatically chooses what to use: transparently pass a command to /usr/sbin/ip, change a route in kernel table or FRRouting config via vtysh.
* `make_resolv_conf` function main logic was copied from current VyOS implementation and use vyos-hostsd-client for making changes
2. Added:
* Logging. Now is possible to log all changes, what is doing by dhclient-script. Logs can be saved to the journal and displayed in stderr (for debugging purposes). By default, logging to the journal is enabled (at least for some time) to provide a way to collect enough information in case if some bug in this new implementation will be found. This can be changed in the 01-vyos-logging file.
3. Fixed/Changed:
* If DHCP lease was expired, released or dhclient was stopped, dhclient-script will try to delete default route from this lease.
* Instead of blindly killing all dhclients in case if FRRouting daemon is not running, now used more intelligent logic:
* dhclients are stopping natively (with all triggers processing), instead of killing;
* dhclient-script will not kill parent dhclient process. This allows to fix the problem when systemd inform about failing to rise up interfaces at early boot stages (used in Cloud-init images);
* dhclient-script will not touch dhclients, which are not related to the current interface or IP protocol version.
* For getting FRRouting daemon status used native way via watchfrr.sh, instead of the previous trick with vtysh accessibility.
* before adding a new route to FRRouting configuration, this route will be deleted from the kernel (if it is presented there). This allows to properly replace routes, added at early boot stages, when FRR not available.
* Routes in FRRouting are adding with "tag 210". This allows protecting static routes, added via CLI, from deletion when old routes are deleting by DHCP.
* DNS servers will be reconfigured only when $new_domain_name_servers are not the same as $old_domain_name_servers. Previously, this was done during each RENEW procedure.
* Replacing MTU for preconfigured one was changed to Python (via vyos.config). The previous version with vyatta-interfaces.pl was obsoleted and seems to be broken.
|
|
This is actually an "upstream" bug, see [1] but it can be fixed via our own
scripts.
[1]: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1384122
|
|
Split out files required only by VMware systems.
|
|
|
|
|
|
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
|
