Age | Commit message (Collapse) | Author |
|
(cherry picked from commit fc5dc00a3892fa26d03213854ea5091d6b0c2c18)
|
|
(cherry picked from commit 9ffa3e82d951756696367578dd5e82ef0f690065)
|
|
(cherry picked from commit 3d15cfd484e8c2732d9f10e4065f2282f1f5d334)
|
|
(cherry picked from commit cdc5fddfd796ccf7cfe35d2501cb1da380df53b2)
|
|
An attempt to upgrade to 1.2.x is caught, but error is of failed
checksum verification; add check and message.
(cherry picked from commit aae1247da61206d7a1b0b4d6ee20d36d194dbaba)
|
|
Note that this was updated for the fix in T5739.
(cherry picked from commit 424c9b19fd54598081e965c3364b082c5ef984de)
|
|
This commit allows management of system images with either new or legacy
tools: 'add/delete/rename system image' and 'set default' are translated
appropriately on booting between images with the old and new tools.
Consequently, the warning of the initial commit of T4516 is dropped.
(cherry picked from commit 96b65e90fbfa1fe63d97929ac86fc910abb0caa9)
|
|
(cherry picked from commit 8efab9ee8cdb0e65dddb9d3ba97de8ddcf3666dc)
|
|
(cherry picked from commit fcded7930b5426193e8490c6df2a70e300a60e31)
|
|
(cherry picked from commit a604d5d56d93a6958d879b838066bbe2df131bc5)
|
|
(cherry picked from commit d88168b8e26e46d512e3b175cd2eacecae0e596a)
|
|
(cherry picked from commit b31092cc33685628c74845f2aa1e94f0e7879e87)
|
|
(cherry picked from commit 7d6c262976eba624b935c96a7495cc392158b8ff)
|
|
(cherry picked from commit 169c9ff01287cb558850479afb733dd53fb6ae5d)
|
|
(cherry picked from commit 74b00c1f6961d1bd3a59768021f154bdb64c154e)
|
|
This commit adds the whole set of system image tools written from the scratch in
Python that allows performing all the operations on images:
* check information
* perform installation and deletion
* versions management
Also, it contains a new service that will update the GRUB menu and keep tracking
its version in the future.
WARNING: The commit contains non-reversible changes. Because of boot menu
changes, it will not be possible to manage images from older VyOS versions after
an update.
(cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
|
|
|
|
This allows the operator to control the number of open file descriptors each
daemon is allowed to start with. The current assumed value on most operating
systems is 1024.
If the operator plans to run bgp with several thousands of peers then this is
where we would modify FRR to allow this to happen.
set system frr descriptors <n>
(cherry picked from commit 892c28ccf634173d4c4952c248cb03974c560793)
|
|
VyOS CLI
set protocols segment-routing srv6 locator bar prefix '2001:b::/64'
set protocols segment-routing srv6 locator foo behavior-usid
set protocols segment-routing srv6 locator foo prefix '2001:a::/64'
Will generate in FRR
segment-routing
srv6
locators
locator bar
prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16
exit
!
locator foo
prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16
behavior usid
exit
!
exit
!
exit
!
exit
(cherry picked from commit ca301cdd4746187f96ff84e411fda6a84e33f237)
|
|
set protocols bgp sid vpn per-vrf export '99'
set protocols bgp srv6 locator 'foo'
set protocols bgp system-as '100'
Will generate in FRR config
router bgp 100
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
!
segment-routing srv6
locator foo
exit
sid vpn per-vrf export 99
exit
(cherry picked from commit af46fe54e56cf85d13b62ee771bec3d80f225ac5)
|
|
and basic format
(cherry picked from commit 5acc655c316216122ba975f30df7b76f161cbf02)
|
|
configured. In this commit, check is fixed and rules are printed as expected.
(cherry picked from commit 3d3418d1585cbb6d3c2d1d81d310a3107e16c4aa)
|
|
PR https://github.com/vyos/vyos-1x/pull/2540 backported a migration script from
current to the equuleus LTS branch. As migration scripts are executed in order
to adjust the CLI for necessary improvements in future LTS releases we need to
change the versioning of the migration files to match the new "base" version
from the previous LTS release.
In theory this could break very ancient 1.4 rolling releases (from the early
days of the OSPF refactoring) - but those versions are considered very much
unstable.
Now this is the last chance to sync up the migration scripts before the 1.4 LTS
release.
(cherry picked from commit 98ca0984312257a09b57d4aac60ff4abf7f84e66)
|
|
Dynamic interfaces such as PPPoE/sstpc can not exist during
verification dns dynamic. As they added and removed dynamically.
Add interface_filter to exclude them from checks
(cherry picked from commit 0a1c9bc38440c86cbbc016fb6d8f7d6f36993652)
|
|
The initial version always enabled Google authenticator (2FA/MFA) support by
hardcoding the PAM module for sshd and login.
This change only enables the PAM module on demand if any use has 2FA/MFA
configured. Enabling the module is done system wide via pam-auth-update by
using a predefined template.
Can be tested using:
set system login user vyos authentication plaintext-password vyos
set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O'
See https://docs.vyos.io/en/latest/configuration/system/login.html for additional
details.
(cherry picked from commit e134dc4171b051d0f98c7151ef32a347bc4f87e2)
|
|
T160: add NAT64 (backport #2578)
|
|
(cherry picked from commit 237b71a89160f28e5c603bacf707b1c235f01026)
|
|
ddclient: T5791: Update dynamic dns configuration path (sagitta backport)
|
|
(cherry picked from commit 57761a370d2217eeb79827e8c20384f6de649c66)
|
|
*pool* empty, this means that lease was granted by fail-over server. Also fix issue that <show dhcp server leases state all> print nothing.
(cherry picked from commit da83b3f96dcedaa8e4d926d9f5bdc963abd9a813)
|
|
- Update the base (rebase)
- Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i
- Delete unwanted `write_json`, use `write_file` instead
- Remove unnecessary deleting of default values for tagNodes T2665
- Add smoketest
Example:
```
set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 address '192.168.122.10/24'
set interfaces ethernet eth2 address '2001:db8::1/64'
set nat64 source rule 100 source prefix '64:ff9b::/96'
set nat64 source rule 100 translation pool 10 address '192.168.122.10'
set nat64 source rule 100 translation pool 10 port '1-65535'
```
(cherry picked from commit 336bb5a071b59264679be4f4f9bedbdecdbe2834)
|
|
Signed-off-by: Joe Groocock <me@frebib.net>
(cherry picked from commit 7d49f7079f1129c2fadc7f38ceb230804d89e177)
# Conflicts:
# debian/control
|
|
Mark 'dns dynamic name' as tag node to avoid unexpected nesting.
Also, fix file exec permission for migration script.
|
|
|
|
Modify the configuration path to be consistent with the usual dialects
of VyoS configuration (wireguard, dns, firewall, etc.)
This would also shorten the configuration path and have a unified
treatment for RFC2136-based updates and other 'web-service' based updates.
While at it, add support for per-service web-options. This would allow
for probing different external URLs on a per-service basis.
|
|
On VTI interface link down the link-local IPv6 address is removed. As soon as
the IPSec tunnel is online again, vti-up-down helper is called which only places
the interface in up state using iproute2 command
sudo ip link set vti0 up
This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly
re-initialize the VTI interface using the generic update() method.
(cherry picked from commit d90ca4415bed8ce99c854243dca3036e76497270)
|
|
|
|
|
|
ddclient: T5573,T5574,T5612,T5708: Backport ddclient related changes
|
|
Additionally, templatize system service override and move it to the
runtime path.
(cherry picked from commit eb906739047187c322b6ce9efe7c9479bed9a024)
|
|
Add additional smoketests for web-options validation.
Also, format error messages to optionally include protocol name.
|
|
Fix execution bit for migration script
|
|
- Migrate to ddclient 3.11.1 and enforce debian/control dependency
- Add dual stack support for additional protocols
- Restrict usage of `porkbun` protocol, VyOS configuration structure
isn't compatible with porkbun yet
- Improve and cleanup error messages
|
|
`web-options` is only applicable when using HTTP(S) web request to
obtain the IP address. Apply guard for that.
|
|
Time interval in seconds to wait between DNS updates would be a bit
more intuitive as `interval` than `timeout`.
|
|
Add support for per-service cache management for ddclient providers
via `wait-time` and `expiry-time` options. This allows for finer-grained
control over how often a service is updated and how long the hostname
will be cached before being marked expired in ddclient's cache.
More specifically, `wait-time` controls how often ddclient will attempt
to check for a change in the hostname's IP address, and `expiry-time`
controls how often ddclient to a forced update of the hostname's IP
address.
These options intentionally don't have any default values because they
are provider-specific. They get treated similar to the other provider-
specific options in that they are only used if defined.
|
|
Additional cleanup and refactoring for ddclient scripts including the
smotektests.
|
|
Adjust the validator and completion for ddclient to remove unsupported
or superfluous protocols.
Specifically,
- remove 'nsupdate' protocol from the list because there is a separate
config path for that protocol (rfc2136)
- remove 'cloudns' protocol from the list because it has non standard
configuration and is not supported by our configurator at this time
|
|
dyndns2 protocol in ddclient honors dual stack for selective servers
because of the way it is implemented in ddclient.
We formalize the well known servers that support dual stack in a list
and check against it when validating the configuration.
|
|
Enable TTL support for web-service based protocols in addition to
RFC2136 based (nsupdate) protocol.
Since TTL is not supported by all protocols, and thus cannot have a
configuration default, the existing XML snippet `include/dns/time-to-live.xml.i`
does not have common `<defaultValue>300</defaultValue>` anymore and is
instead added explicitly whenever necessary.
|