| Age | Commit message (Collapse) | Author | 
|---|
|  | init: T2044: only start rpki if cache is configured | 
|  | This extends commit 9199c87cf ("init: T2044: always start/stop rpki during
system boot") to check the bootup configuration if an RPKI cache is defined.
Only start RPKI if this is the case. | 
|  | vpn: T3843: l2tp configuration not cleared after delete | 
|  | Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication. | 
|  | Always enable VRF strict_mode | 
|  | image-tools: T6016: wait for umount in cleanup function | 
|  | Fix verify error for the VPN OpenConnect configuration with
local authentication and without any user
  File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify
    if not ocserv["authentication"]["local_users"]:
KeyError: 'local_users' | 
|  | vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl | 
|  | (cherry picked from commit 0c9c496961dc88110da53943a14dd88086ea920d) | 
|  |  | 
|  | rpki: T6011: known-hosts-file is no longer supported by FRR | 
|  |  | 
|  |  | 
|  | dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD | 
|  | container: T5955: add uid/gid settings | 
|  |  | 
|  | T5971: Rewritten ppp options in accel-ppp services | 
|  | T4839: firewall: Add dynamic address group in firewall configuration | 
|  | ddclient: T5966: Adjust dynamic dns config address subpath | 
|  | T5941: Migration policy delete orphaned interface policy | 
|  | T5941: Migration QoS delete orphaned interface traffic-policy | 
|  | Denied using command 'route-target vpn export/import'
with 'both' together in bgp configuration. | 
|  | vrf: T5973: multiple bugfixes and improvements | 
|  |  | 
|  | Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP. | 
|  | Add missing name validation in add_image, and fix typo in error msg
string. | 
|  | * Fix route deletion errors when interface is missing. Clarify variable names. | 
|  |  | 
|  | appropiate commands to populate such groups using source and destination address of the packet. | 
|  | In some cases we can get error:
```
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module>
    data = get_status(args.mode, intf)
  File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status
    client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
  File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address
    tunnel_ip = lst[0].split(',')[0]
IndexError: list index out of range
```
(cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d) | 
|  |  | 
|  |  | 
|  |  | 
|  | We can get an orphaned interface traffic-policy when the traffic-policy
name is removed from the interface, but the node `trffic-policy`
is still attached to the interface
For exmaple we have orphaned node traffic-policy on an interface:
```
set interfaces bonding bond0 vif 995 traffic-policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete traffic-policy from all interfaces if traffic-policy does not exist | 
|  | We can get orphaned interface policy when the policy name was
removed from the interface but the node `policy` still attached
to the interface
For exmaple we have orphaned node policy on interface:
```
set interfaces bonding bond0 vif 995 policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete policy from all interfaces if policy does not exist | 
|  |  | 
|  | * set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254> | 
|  | A code path was missing to check if only priority is available in the result of
"ip --json -4 rule show", in the case of l3mdev it's a dedicated key! | 
|  | There is no need to add and remove this table during runtime - it can lurk
in the standard firewall init code. | 
|  |  | 
|  | This prevents the following error when configuring the first VRF:
sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory | 
|  | op-mode: T5969: list multicast group membership | 
|  | cpo@LR1.wue3:~$ show ip multicast group interface eth0.201
Interface    Family    Address
-----------  --------  ---------
eth0.201     inet      224.0.0.6
eth0.201     inet      224.0.0.5
eth0.201     inet      224.0.0.1
cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0
Interface    Family    Address
-----------  --------  -----------------
eth0         inet6     ff02::1:ff00:0
eth0         inet6     ff02::1:ffbf:c56d
eth0         inet6     ff05::2
eth0         inet6     ff01::2
eth0         inet6     ff02::2
eth0         inet6     ff02::1
eth0         inet6     ff01::1 | 
|  | sflow: T5968: add VRF support | 
|  | Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service | 
|  | Update op-mode for dynamic dns to standardize on `vyos.opmode`. All
methods of `op_mode/dns_dynamic.py` are now available in standardized
`op_mode/dns.py`.
Move op-mode command `update dns dynamic` to `reset dns dynamic` to
reflect that it is not an update but a reset of the dynamic dns service.
Also, make the help texts more consistent for all op-mode commands for
`dns dynamic` and `dns forwarding`. | 
|  |  | 
|  | Modify the dynamic dns configuration 'address' subpath for better
clarity on how the address is obtained.
Additionally, remove `web-options` and fold those options under the
path `address web`. | 
|  | Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
  by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
  forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
  `dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
  generated override files in /run. This ensures that the override files
  are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
  and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
  path (viz., `/run/pdns-recursor` is fine) | 
|  |  |