Age | Commit message (Collapse) | Author |
|
routing: T1237: Add new feature failover route
|
|
There was a mistake in a config level that caused triggering the
`shutdown_required` flag, even if there were no new interfaces added to a
bonding.
This commit sets the proper config level to avoid the problem.
|
|
Failover route allows to install static routes to the kernel routing
table only if required target or gateway is alive
When target or gateway doesn't respond for ICMP/ARP checks this route
deleted from the routing table
Routes are marked as protocol 'failover' (rt_protos)
cat /etc/iproute2/rt_protos.d/failover.conf
111 failover
ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover
$ sudo ip route show proto failover
203.0.113.1 via 192.0.2.1 dev eth0 metric 1
So we can safely flush such routes
|
|
|
|
validators: T4798: replace python file-exists validator with file-path
|
|
|
|
|
|
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
|
|
|
|
|
|
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}
|
|
|
|
|
|
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool
As we can get addresses via RADIUS attributes:
- Framed-IPv6-Prefix
- Delegated-IPv6-Prefix
|
|
Fix l2tp dae server template and python config dict for correctlly
handling Dynamic Authorization Extension server configuration
|
|
Every change in openconnect restarts the ocserv.service
Replace "restart" to "reload-or-restart" to avoid disconnect
clients during change configs
|
|
T4860: Verify if mode in openconnect ocserv dict
|
|
openconnect authentication mode must be set
check dict that 'mode' exists in openconnect authentication
|
|
ocserv template expects list of routes but gets str "default"
it cause wrong routes like:
route = d
route = e
route = f
route = a
route = u
route = l
route = t
Fix it
|
|
firewall: T478: Fix firewall group circular dependency check
|
|
|
|
T4805: Restart pppoe-server if client pool was changed
|
|
T4825: Verify if you are trying to add a new vethX to exists pair
|
|
|
|
Verify if you are trying to add a new vethX to exists pair:
set int virtual-ethernet veth0 peer-name 'veth1'
set int virtual-ethernet veth1 peer-name 'veth0'
set int virtual-ethernet veth12 peer-name 'veth0'
Verify veth-name and peer-name cannot be the same:
set interfaces virtual-ethernet veth0 peer-name veth0
|
|
Some changes for 'service pppoe-server' require 'restart' the
accel-ppp@pppoe.service
But we use option 'reload-or-restart' that doesn't work correctly
with 'accel-ppp'
Restart pppoe-server if client pool was changed
|
|
It's easier and more obvious if the script is called with sudo itself and not
spawning a sudo sessionf or each individual command.
|
|
T4767: Rewrite generate ipsec archive to python
|
|
|
|
|
|
|
|
|
|
Squidguard:
Set DB directory rigths 755 in the update blacklist
webproxy script
|
|
Prevent to delete interface "vethX" which used for another
interface as "vethY peer-name vethX"
set interfaces virtual-ethernet veth0 peer-name 'veth1'
set interfaces virtual-ethernet veth1 peer-name 'veth0'
commit
delete interfaces virtual-ethernet veth0
commit
|
|
|
|
* 'T4825' of https://github.com/sever-sever/vyos-1x:
T4825: Add basic smoketest for veth interfaces
T4825: Add interface type veth
|
|
Add interface type veth (Virtual ethernet)
One of the usecases it's interconnect different vrf's and
default vrf via bridge
set interfaces virtual-ethernet veth0 peer-name 'veth1010'
set interfaces virtual-ethernet veth1010 address '10.0.0.10/24'
set interfaces virtual-ethernet veth1010 peer-name 'veth0'
set interfaces virtual-ethernet veth1010 vrf 'foo'
set interfaces bridge br0 address '10.0.0.1/24'
set interfaces bridge br0 member interface veth0
|
|
|
|
Catch expiration error and return error-specific message instead of
general 'not authenticated'.
|
|
A misreading of the makefun docs seemed to indicate Optional was not
supported; it is.
|
|
load_as_module was added to util.py for T4821; prefer over local copy
|
|
|
|
|
|
T4812: Add op-mode Show vpn ipsec connections
|
|
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added
the implementation for the new standardized op-mode definitions/implementation.
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be
generated.
|
|
route-map action 'deny' cannot be used for "continue"
as FRR does not validate it
r14(config)# route-map FOO permit 100
r14(config-route-map)# route-map FOO deny 50
r14(config-route-map)# on-match goto 100
% Configuration failed.
Error type: validation
r14(config-route-map)#
|
|
|
|
|
|
firewall: T4821: correct calling of conf_mode script dependencies
|
|
T4793: Added warning about disable-route-autoinstall
|