Age | Commit message (Collapse) | Author |
|
|
|
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
|
|
Section.interface()
Commit cfde4b49 ("ifconfig: T2223: add vlan switch for Section.interfaces()")
added the functionality of the local get_interfaces() function to the base
class so all other parts in the system can query for interface names of a given
type including or excluding their vlan sub-interfaces.
|
|
Fixed creating IPSEC tunnel to Hub. Added continues of execution
generator functions.
|
|
Fixed removal all dmvpn SAs. Changed vici terminate by child-sa
name on terminate by ike-id
|
|
When MACsec was bound to an ethernet interface and the underlaying
source-interface got changed (even description only) this terminated the
MACsec session running on top of it.
The root cause is when EAPoL was implemented in commit d59354e52a8a7f we
re-used the same systemd unit which is responsible for MACsec. That indeed lead
to the fact that wpa_supplicant was always stopped when anything happened on
the underlaying source-interface that was not related to EAPoL.
|
|
|
|
Fixed incorrect key to get gateway for route add command
|
|
|
|
nhrp: T4546: Fixed route add command if MTU presented
|
|
|
|
In case if `NHRP_DESTMTU` environment variable is presented, the
script uses an intermediate command to get the current route
before adding a new one. Then received data is used in the
`route add` command generation. This commit fixes this process,
so setting MTU becomes possible.
|
|
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
After discussion with @zsdc this was decided the better long term fix
* Removes hourly logrotate cron in favour of systemd timer override
|
|
|
|
|
|
- Default dhclient script only uses value of `$IF_MERIC` envvar for default route recived via `router` option.
- This variable has no effect on rotes received via `rfc3442-classless-static-routes` option
- Considering that Vyos overrrides `ip` command originating from `dhclient` this can be easily fixed in `iptovtysh()` function by using the `$IF_METRIC` envvar directly in the dhclient hook.
(cherry picked from commit 0c00e7bf8b6e68814607fde4ff0cd70ce9f4b486)
|
|
When VyOS is booting and an interface is brought up (PPPoE) which requires a
user callback script that is executed asynchronously when the interface is up
we can not use Config(). The problem is, Config() is not available when
the system starts and the initial commit is still processed.
We need to move to ConfigTreeQuery() which was build for this exact same
purpose.
|
|
present for DHCP
VyOS 1.4 still leverages PPPd internals on the CLI.
pppd supports three options for a default route, none, auto, force.
* none: No default route is installed on interface up
* auto: Default route is only installed if there is yet no default route
* force: overwrite any default route
There are several drawbacks in this design for VyOS and the users. If auto is
specified, this only counted for static default routes - but what about dynamic
ones? Same for force, only a static default route got replaced but dynamic ones
did not got taken into account.
The CLI is changed and we now re-use already existing nodes from the DHCP
interface configuration:
* no-default-route:
On link up no default route is installed, same as the previous
default-route none
* default-route-distance:
We can now specify the distance of this route for the routing table on the
system. This defaults to 210 as we have for DHCP interfaces. All this will be
migrated using a CLI migration script.
|
|
does not terminate"
This reverts commit dda1b02932a5108ef257f59323dcfcf82582b805.
|
|
not terminate
|
|
|
|
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
|
|
* Removed `/var/log/auth.log` and `/var/log/messages` from
`/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled
items what leads to service error.
* Removed generation config file for `/var/log/messages` from
`system-syslog.py` - this should be done from `syslom logs` now.
* Generate each logfile from `system syslog file` to a dedicated
logrotate config file.
* Fixed logrotate config file names in
`/etc/rsyslog.d/vyos-rsyslog.conf`.
* Added default logrotate settins for `/var/log/messages`
|
|
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
|
|
Input filter for firewall allows to get bytes/counters from
nftables in format, required for InfluxDB2
|
|
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
|
|
|
|
Rewrite and improve the custom input filter telegraf script
"show_interfaces_input_filter.py" to more readable and clear format
Fix bug when it failed with configured tunnel "tunX" interfaces
|
|
|
|
Without this option systemd startup will hit a timeout and the kill keepalived
again.
|
|
monitoring: T3872: Add a new feature service monitoring
|
|
|
|
In case if a CLI configuration is not available, dhclient cannot add
nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that
an interface be listed in the `set system name-server` option.
This commit introduces two changes:
* `vyos-hostsd` service will not be started before Cloud-Init fetch all
remote data. This is required because all meta-data should be available
for Cloud-Init before any of VyOS-related services start since it is
used for configuration generation.
* the `vyos-hostsd-client` in the `dhclient-script` will be used only if
the `vyos-hostsd` is running. In other words - if VyOS services already
started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other
cases - does this directly.
These changes should protect us from problems with DHCP during system
boot if DHCP is required by third-party utils.
|
|
|
|
(cherry picked from commit eb6247e4b464c36fa7441627b221d0db39429251)
|
|
|
|
atop: T3774: Atop log file rotation fix
|
|
|
|
The systemd unit for atop service is changed, so the log file name and
location will be always the same. It also adds the logrotate
configuration to conditionally rotate a log file.
Hardcoded values:
- maximum log file size: 10 MB
- maximum count of files: 10
These values can be easily changed within the
`/etc/logrotate.d/vyos-atop`, no additional configuration is required.
Rotation will be done hourly, if necessary, according to
`/etc/cron.hourly/vyos-logrotate-hourly`.
This change has two benefits:
- rotation strategy control can be done via logrotate, and can be
exposed to CLI now;
- the total size of all logs is now controlled more aggressively, so
the chance to get a situation when atop logs took all the space on a
drive is significantly lower. Also, if this will be necessary, rotation
may be done even each minute what reduces risks related to logs size
even more.
|
|
|
|
We can no longer use bash veriable string code vor string manipulation. Move to
a more robust "cut" implementation.
|
|
When `dhclient` with the `-x` option is used to stop running DHCP client
with a lease file that is not the same as in the new `dhclient` process,
it requires a `-lf` argument with a path to the old lease file to find
information about old/active leases and process them according to
instructions and config.
This commit adds the option to the `02-vyos-stopdhclient` hook, which
allows to properly process `dhclient` instances started in different
ways.
|
|
(cherry picked from commit 67b3dd6b4715fef266eb47e68623944f8be617e0)
|
|
|
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
|
|
|