Merge branch 'vyos:master' into doc-translation-cn

vyos · Oct 20, 2023 · a1ce5b9 · a1ce5b9
2 parents ce44969 + 858e209
commit a1ce5b9
Show file tree

Hide file tree

Showing 20 changed files with 570 additions and 269 deletions.
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo
diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot
diff --git a/docs/_locale/en/LC_MESSAGES/configuration.mo b/docs/_locale/en/LC_MESSAGES/configuration.mo
diff --git a/docs/_locale/es/LC_MESSAGES/configuration.mo b/docs/_locale/es/LC_MESSAGES/configuration.mo
diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot
diff --git a/docs/_locale/ja/LC_MESSAGES/configuration.mo b/docs/_locale/ja/LC_MESSAGES/configuration.mo
diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot
diff --git a/docs/_locale/pt/LC_MESSAGES/configuration.mo b/docs/_locale/pt/LC_MESSAGES/configuration.mo
diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot
diff --git a/docs/_locale/uk/LC_MESSAGES/configuration.mo b/docs/_locale/uk/LC_MESSAGES/configuration.mo
diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
@@ -8,6 +8,24 @@
    _ext/releasenotes.py
 
 
+2023-10-08
+==========
+
+* :vytask:`T5630` ``(feature): pppoe: allow to specify MRU in addition to already configurable MTU``
+
+
+2023-10-06
+==========
+
+* :vytask:`T5576` ``(feature): Add bgp remove-private-as all option``
+
+
+2023-10-04
+==========
+
+* :vytask:`T5632` ``(feature): Add jq package to parse JSON files``
+
+
 2023-09-25
 ==========
 
@@ -211,12 +229,6 @@
 * :vytask:`T5313` ``(bug): UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned``
 
 
-2023-06-28
-==========
-
-* :vytask:`T1237` ``(feature): Static Route Path Monitoring, failover``
-
-
 2023-06-26
 ==========
 
@@ -236,6 +248,12 @@
 * :vytask:`T5280` ``(bug): Update Expired keys (2023-06-08) for PowerDNS``
 
 
+2023-06-13
+==========
+
+* :vytask:`T5213` ``(feature): Accel-ppp sending accounting interim updates acct-interim-interval option``
+
+
 2023-05-29
 ==========
 

diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
@@ -8,6 +8,79 @@
    _ext/releasenotes.py
 
 
+2023-10-14
+==========
+
+* :vytask:`T5629` ``(bug): Policy local-route bug after migration to destination node address``
+
+
+2023-10-13
+==========
+
+* :vytask:`T5227` ``(feature): mDNS reflector should allow additional domains to browse and allow filtering services``
+* :vytask:`T5166` ``(feature): Remove local minisign package from build repo for 1.4``
+* :vytask:`T5118` ``(bug): Cleanup vestigial ntp completion script``
+* :vytask:`T5115` ``(default): Support custom port for name servers for forwarding zones``
+* :vytask:`T5113` ``(default): PDNS: Support custom port for DNS forwarders``
+* :vytask:`T5112` ``(feature): Enable support for Network Time Security (NTS) for chrony``
+* :vytask:`T5143` ``(enhancment): Apply constraint on powerdns forward-zones configuration``
+
+
+2023-10-12
+==========
+
+* :vytask:`T5649` ``(bug): vyos-1x should generate XML cache after building command templates for less cryptic error on typo``
+
+
+2023-10-10
+==========
+
+* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option``
+* :vytask:`T5479` ``(bug): Helper leftovers found in nftables (firewall) even with all helpers disabled``
+* :vytask:`T5436` ``(bug): vyos-preconfig-bootup.script is missing``
+* :vytask:`T5014` ``(feature): Destination NAT - Add Load Balancing capabilities``
+
+
+2023-10-08
+==========
+
+* :vytask:`T5630` ``(feature): pppoe: allow to specify MRU in addition to already configurable MTU``
+
+
+2023-10-06
+==========
+
+* :vytask:`T5096` ``(feature): Change 'accept' firewall rule action from 'return' to 'accept'``
+* :vytask:`T5576` ``(feature): Add bgp remove-private-as all option``
+* :vytask:`T3506` ``(default): Migrate loadkey command to op-mode``
+
+
+2023-10-05
+==========
+
+* :vytask:`T4320` ``(default): Remove legacy version files in vyatta-cfg-system/cfg-version``
+
+
+2023-10-04
+==========
+
+* :vytask:`T5632` ``(feature): Add jq package to parse JSON files``
+* :vytask:`T3655` ``(bug): NAT  Problem with VRF``
+* :vytask:`T5585` ``(bug): Fix file access mode for dynamic dns configuration``
+
+
+2023-10-03
+==========
+
+* :vytask:`T5618` ``(bug): Flow-accounting crushes when IMT is enabled``
+* :vytask:`T5561` ``(feature): NAT - Inbound or outbound interface should not be mandatory``
+* :vytask:`T5553` ``(feature): Firewall - Add action continue``
+* :vytask:`T5250` ``(bug): Firewall - show firewall group``
+* :vytask:`T4383` ``(bug): Flow Accounting returns permission error and fails to start``
+* :vytask:`T5626` ``(feature): Only select required Kernel CGROUP controllers``
+* :vytask:`T5628` ``(feature): op-mode: login: DeprecationWarning: 'spwd'``
+
+
 2023-10-01
 ==========
 
@@ -129,7 +202,6 @@
 2023-09-07
 ==========
 
-* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option``
 * :vytask:`T5510` ``(feature): Shrink imagesize and improve read performance by changing mksquashfs syntax``
 
 
@@ -2653,12 +2725,6 @@
 * :vytask:`T4272` ``(feature): lldp: migrate Python script to use get_config_dict()``
 
 
-2022-02-25
-==========
-
-* :vytask:`T4269` ``(feature): node.def generator should automatically add default values``
-
-
 2022-02-24
 ==========
 

diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst
@@ -8,6 +8,61 @@
    _ext/releasenotes.py
 
 
+2023-10-14
+==========
+
+* :vytask:`T5629` ``(bug): Policy local-route bug after migration to destination node address``
+
+
+2023-10-12
+==========
+
+* :vytask:`T5649` ``(bug): vyos-1x should generate XML cache after building command templates for less cryptic error on typo``
+
+
+2023-10-10
+==========
+
+* :vytask:`T5589` ``(bug): Nonstripped binaries exists in VyOS``
+* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option``
+
+
+2023-10-08
+==========
+
+* :vytask:`T5630` ``(feature): pppoe: allow to specify MRU in addition to already configurable MTU``
+
+
+2023-10-06
+==========
+
+* :vytask:`T5576` ``(feature): Add bgp remove-private-as all option``
+
+
+2023-10-05
+==========
+
+* :vytask:`T4320` ``(default): Remove legacy version files in vyatta-cfg-system/cfg-version``
+
+
+2023-10-04
+==========
+
+* :vytask:`T5632` ``(feature): Add jq package to parse JSON files``
+* :vytask:`T3655` ``(bug): NAT  Problem with VRF``
+* :vytask:`T5585` ``(bug): Fix file access mode for dynamic dns configuration``
+
+
+2023-10-03
+==========
+
+* :vytask:`T5618` ``(bug): Flow-accounting crushes when IMT is enabled``
+* :vytask:`T5579` ``(bug): Log firewall - Wrong command after firewall refactor``
+* :vytask:`T5561` ``(feature): NAT - Inbound or outbound interface should not be mandatory``
+* :vytask:`T5626` ``(feature): Only select required Kernel CGROUP controllers``
+* :vytask:`T5628` ``(feature): op-mode: login: DeprecationWarning: 'spwd'``
+
+
 2023-09-28
 ==========
 
@@ -89,7 +144,6 @@
 ==========
 
 * :vytask:`T5556` ``(bug): reboot now and  poweroff does not work``
-* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option``
 
 
 2023-09-06

diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst
@@ -211,18 +211,18 @@ firewall exception.
 
 .. code-block:: none
 
-    set firewall name OUTSIDE_LOCAL rule 10 action accept
-    set firewall name OUTSIDE_LOCAL rule 10 description 'Allow established/related'
-    set firewall name OUTSIDE_LOCAL rule 10 state established enable
-    set firewall name OUTSIDE_LOCAL rule 10 state related enable
-    set firewall name OUTSIDE_LOCAL rule 20 action accept
-    set firewall name OUTSIDE_LOCAL rule 20 description WireGuard_IN
-    set firewall name OUTSIDE_LOCAL rule 20 destination port 51820
-    set firewall name OUTSIDE_LOCAL rule 20 log enable
-    set firewall name OUTSIDE_LOCAL rule 20 protocol udp
-    set firewall name OUTSIDE_LOCAL rule 20 source
-
-You should also ensure that the OUTISDE_LOCAL firewall group is applied to the
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 action accept
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 description 'Allow established/related'
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 state established enable
+    set firewall ipv4 name OUTSIDE_LOCAL rule 10 state related enable
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 action accept
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 description WireGuard_IN
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 destination port 51820
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 log enable
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 protocol udp
+    set firewall ipv4 name OUTSIDE_LOCAL rule 20 source
+
+You should also ensure that the OUTSIDE_LOCAL firewall group is applied to the
 WAN interface and a direction (local).
 
 .. code-block:: none
@@ -413,7 +413,7 @@ the VyOS CLI.
   into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become
   the peer name in the snippet.
 
-  In addition you will specifiy the IP address or FQDN for the client where it
+  In addition you will specify the IP address or FQDN for the client where it
   will connect to. The address parameter can be used up to two times and is used
   to assign the clients specific IPv4 (/32) or IPv6 (/128) address.
 

diff --git a/docs/configuration/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst
@@ -562,6 +562,7 @@ The WAP in this example has the following characteristics:
   set interfaces wireless wlan0 security wpa mode wpa2
   set interfaces wireless wlan0 security wpa cipher CCMP
   set interfaces wireless wlan0 security wpa passphrase '12345678'
+  set interfaces wireless wlan0 country-code de
 
 Resulting in
 
@@ -572,6 +573,7 @@ Resulting in
     wireless wlan0 {
           address 192.168.2.1/24
           channel 1
+          country-code de
           mode n
           security {
               wpa {

diff --git a/docs/configuration/vpn/dmvpn.rst b/docs/configuration/vpn/dmvpn.rst
@@ -190,7 +190,7 @@ Hub
 
   set interfaces tunnel tun100 address '172.16.253.134/29'
   set interfaces tunnel tun100 encapsulation 'gre'
-  set interfaces tunnel tun100 local-ip '192.0.2.1'
+  set interfaces tunnel tun100 source-address '192.0.2.1'
   set interfaces tunnel tun100 enable-multicast
   set interfaces tunnel tun100 parameters ip key '1'
 
@@ -294,7 +294,7 @@ VyOS can also run in DMVPN spoke mode.
   set interfaces ethernet eth0 address 'dhcp'
 
   set interfaces tunnel tun100 address '172.16.253.133/29'
-  set interfaces tunnel tun100 local-ip 0.0.0.0
+  set interfaces tunnel tun100 source-address 0.0.0.0
   set interfaces tunnel tun100 encapsulation 'gre'
   set interfaces tunnel tun100 enable-multicast
   set interfaces tunnel tun100 parameters ip key '1'

diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst
@@ -280,17 +280,31 @@ Imagine the following topology
 
    IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)
 
+**LEFT:**
+* WAN interface on `eth0.201`
+* `eth0.201` interface IP: `172.18.201.10/24`
+* `vti10` interface IP: `10.0.0.2/31`
+* `dum0` interface IP: `10.0.11.1/24` (for testing purposes)
+
+**RIGHT:**
+* WAN interface on `eth0.202`
+* `eth0.201` interface IP: `172.18.202.10/24`
+* `vti10` interface IP: `10.0.0.3/31`
+* `dum0` interface IP: `10.0.12.1/24` (for testing purposes)
 
 .. note:: Don't get confused about the used /31 tunnel subnet. :rfc:`3021`
    gives you additional information for using /31 subnets on point-to-point
    links.
 
-**left**
+**LEFT**
 
 .. code-block:: none
 
+  set interfaces ethernet eth0 vif 201 address '172.18.201.10/24'
+  set interfaces dummy dum0 address '10.0.11.1/24'
   set interfaces vti vti10 address '10.0.0.2/31'
 
+  set vpn ipsec option disable-route-autoinstall
   set vpn ipsec authentication psk OFFICE-B id '172.18.201.10'
   set vpn ipsec authentication psk OFFICE-B id '172.18.202.10'
   set vpn ipsec authentication psk OFFICE-B secret 'secretkey'
@@ -311,17 +325,22 @@ Imagine the following topology
   set vpn ipsec site-to-site peer OFFICE-B authentication remote-id '172.18.202.10'
   set vpn ipsec site-to-site peer OFFICE-B connection-type 'respond'
   set vpn ipsec site-to-site peer OFFICE-B ike-group 'IKEv2_DEFAULT'
-  set vpn ipsec site-to-site peer OFFICE-B local-address '192.168.0.10'
+  set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10'
   set vpn ipsec site-to-site peer OFFICE-B remote-address '172.18.202.10'
   set vpn ipsec site-to-site peer OFFICE-B vti bind 'vti10'
   set vpn ipsec site-to-site peer OFFICE-B vti esp-group 'ESP_DEFAULT'
 
-**right**
+  set protocols static interface-route 10.0.12.0/24 next-hop-interface vti10
+
+**RIGHT**
 
 .. code-block:: none
 
+  set interfaces ethernet eth0 vif 202 address '172.18.202.10/24'
+  set interfaces dummy dum0 address '10.0.12.1/24'
   set interfaces vti vti10 address '10.0.0.3/31'
 
+  set vpn ipsec option disable-route-autoinstall
   set vpn ipsec authentication psk OFFICE-A id '172.18.201.10'
   set vpn ipsec authentication psk OFFICE-A id '172.18.202.10'
   set vpn ipsec authentication psk OFFICE-A secret 'secretkey'
@@ -350,6 +369,8 @@ Imagine the following topology
   set vpn ipsec site-to-site peer OFFICE-A vti bind 'vti10'
   set vpn ipsec site-to-site peer OFFICE-A vti esp-group 'ESP_DEFAULT'
 
+  set protocols static interface-route 10.0.11.0/24 next-hop-interface vti10
+
 Key Parameters:
 
 * ``authentication local-id/remote-id`` - IKE identification is used for

diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
-urllib3==1.26.17
+urllib3==1.26.18
 Sphinx==4.5.0
 sphinx-rtd-theme==1.0.0
 sphinx-autobuild==2021.3.14
+2 −2		Makefile
+1 −0		data/templates/https/vyos-http-api.service.j2
+2 −2		data/templates/pmacct/override.conf.j2
+1 −1		data/templates/pmacct/uacctd.conf.j2
+1 −1		data/templates/pppoe/peer.j2
+20 −0		interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i
+20 −0		interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i
+1 −1		interface-definitions/include/version/policy-version.xml.i
+14 −0		interface-definitions/interfaces-pppoe.xml.in
+29 −64		interface-definitions/policy-local-route.xml.in
+0 −25		python/vyos/component_version.py
+25 −4		python/vyos/config_mgmt.py
+0 −1		python/vyos/defaults.py
+70 −0		python/vyos/progressbar.py
+23 −21		python/vyos/remote.py
+0 −39		python/vyos/utils/io.py
+0 −50		smoketest/scripts/cli/test_component_version.py
+9 −0		smoketest/scripts/cli/test_interfaces_pppoe.py
+69 −19		smoketest/scripts/cli/test_policy.py
+33 −1		src/conf_mode/flow_accounting_conf.py
+5 −1		src/conf_mode/http-api.py
+5 −0		src/conf_mode/interfaces-pppoe.py
+95 −19		src/conf_mode/policy-local-route.py
+1 −2		src/etc/sysctl.d/30-vyos-router.conf
+17 −2		src/helpers/vyos-save-config.py
+27 −1		src/init/vyos-router
+65 −0		src/migration-scripts/policy/5-to-6
+5 −2		src/op_mode/show_users.py
+129 −44		src/services/vyos-http-api-server
+67 −0		src/system/uacctd_stop.py