summaryrefslogtreecommitdiff
path: root/smoketest/configs
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest/configs')
-rw-r--r--smoketest/configs/basic-vyos140
-rw-r--r--smoketest/configs/bgp-big-as-cloud10
-rw-r--r--smoketest/configs/dialup-router-complex19
-rw-r--r--smoketest/configs/dialup-router-medium-vpn33
-rw-r--r--smoketest/configs/ipv6-disable83
-rw-r--r--smoketest/configs/qos-basic205
6 files changed, 490 insertions, 0 deletions
diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos
new file mode 100644
index 000000000..e6f89954f
--- /dev/null
+++ b/smoketest/configs/basic-vyos
@@ -0,0 +1,140 @@
+interfaces {
+ ethernet eth0 {
+ address 192.168.0.1/24
+ duplex auto
+ smp-affinity auto
+ speed auto
+ }
+ ethernet eth1 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ }
+ ethernet eth2 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 100 {
+ address 100.100.0.1/24
+ }
+ vif-s 200 {
+ address 100.64.200.254/24
+ vif-c 201 {
+ address 100.64.201.254/24
+ }
+ vif-c 202 {
+ address 100.64.202.254/24
+ }
+ }
+ }
+ loopback lo {
+ }
+}
+protocols {
+ static {
+ arp 192.168.0.20 {
+ hwaddr 00:50:00:00:00:20
+ }
+ arp 192.168.0.30 {
+ hwaddr 00:50:00:00:00:30
+ }
+ arp 192.168.0.40 {
+ hwaddr 00:50:00:00:00:40
+ }
+ arp 100.100.0.2 {
+ hwaddr 00:50:00:00:02:02
+ }
+ arp 100.100.0.3 {
+ hwaddr 00:50:00:00:02:03
+ }
+ arp 100.100.0.4 {
+ hwaddr 00:50:00:00:02:04
+ }
+ arp 100.64.200.1 {
+ hwaddr 00:50:00:00:00:01
+ }
+ arp 100.64.200.2 {
+ hwaddr 00:50:00:00:00:02
+ }
+ arp 100.64.201.10 {
+ hwaddr 00:50:00:00:00:10
+ }
+ arp 100.64.201.20 {
+ hwaddr 00:50:00:00:00:20
+ }
+ arp 100.64.202.30 {
+ hwaddr 00:50:00:00:00:30
+ }
+ arp 100.64.202.40 {
+ hwaddr 00:50:00:00:00:40
+ }
+ route 0.0.0.0/0 {
+ next-hop 100.64.0.1 {
+ }
+ }
+ }
+}
+service {
+ dhcp-server {
+ shared-network-name LAN {
+ authoritative
+ subnet 192.168.0.0/24 {
+ default-router 192.168.0.1
+ dns-server 192.168.0.1
+ domain-name vyos.net
+ domain-search vyos.net
+ range LANDynamic {
+ start 192.168.0.20
+ stop 192.168.0.240
+ }
+ }
+ }
+ }
+ dns {
+ forwarding {
+ allow-from 192.168.0.0/16
+ cache-size 10000
+ dnssec off
+ listen-address 192.168.0.1
+ }
+ }
+ ssh {
+ ciphers aes128-ctr,aes192-ctr,aes256-ctr
+ ciphers chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se
+ listen-address 192.168.0.1
+ key-exchange curve25519-sha256@libssh.org
+ key-exchange diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
+ port 22
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 192.168.0.1
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ }
+ }
+ time-zone Europe/Berlin
+}
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6 */
diff --git a/smoketest/configs/bgp-big-as-cloud b/smoketest/configs/bgp-big-as-cloud
index 694243d1e..65819256e 100644
--- a/smoketest/configs/bgp-big-as-cloud
+++ b/smoketest/configs/bgp-big-as-cloud
@@ -982,6 +982,10 @@ policy {
}
}
}
+ set {
+ as-path-exclude "100 200 300"
+ as-path-prepend "64512 64512 64512"
+ }
}
rule 100 {
action deny
@@ -1819,6 +1823,12 @@ system {
}
version 9
}
+ sflow {
+ agent-address auto
+ server 1.2.3.4 {
+ port 1234
+ }
+ }
syslog-facility daemon
}
host-name vyos
diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex
index fef79ea56..ac5ff5e99 100644
--- a/smoketest/configs/dialup-router-complex
+++ b/smoketest/configs/dialup-router-complex
@@ -267,6 +267,22 @@ firewall {
}
protocol udp
}
+ rule 800 {
+ action drop
+ description "SSH anti brute force"
+ destination {
+ port ssh
+ }
+ log enable
+ protocol tcp
+ recent {
+ count 4
+ time 60
+ }
+ state {
+ new enable
+ }
+ }
}
name DMZ-WAN {
default-action accept
@@ -482,6 +498,9 @@ firewall {
destination {
port 110,995
}
+ limit {
+ rate "10/minute"
+ }
protocol tcp
}
rule 123 {
diff --git a/smoketest/configs/dialup-router-medium-vpn b/smoketest/configs/dialup-router-medium-vpn
index af7c075e4..63d955738 100644
--- a/smoketest/configs/dialup-router-medium-vpn
+++ b/smoketest/configs/dialup-router-medium-vpn
@@ -6,6 +6,15 @@ firewall {
ipv6-src-route disable
ip-src-route disable
log-martians enable
+ name test_tcp_flags {
+ rule 1 {
+ action drop
+ protocol tcp
+ tcp {
+ flags SYN,ACK,!RST,!FIN
+ }
+ }
+ }
options {
interface vtun0 {
adjust-mss 1380
@@ -83,6 +92,7 @@ interfaces {
}
policy {
route LAN-POLICY-BASED-ROUTING
+ ipv6-route LAN6-POLICY-BASED-ROUTING
}
smp-affinity auto
speed auto
@@ -383,6 +393,29 @@ nat {
}
}
policy {
+ ipv6-route LAN6-POLICY-BASED-ROUTING {
+ rule 10 {
+ destination {
+ }
+ disable
+ set {
+ table 10
+ }
+ source {
+ address 2002::1
+ }
+ }
+ rule 20 {
+ destination {
+ }
+ set {
+ table 100
+ }
+ source {
+ address 2008::f
+ }
+ }
+ }
prefix-list user2-routes {
rule 1 {
action permit
diff --git a/smoketest/configs/ipv6-disable b/smoketest/configs/ipv6-disable
new file mode 100644
index 000000000..da41e9020
--- /dev/null
+++ b/smoketest/configs/ipv6-disable
@@ -0,0 +1,83 @@
+interfaces {
+ ethernet eth0 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ vif 201 {
+ address 172.18.201.10/24
+ }
+ vif 202 {
+ address 172.18.202.10/24
+ }
+ vif 203 {
+ address 172.18.203.10/24
+ }
+ vif 204 {
+ address 172.18.204.10/24
+ }
+ }
+}
+protocols {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 172.18.201.254 {
+ distance 10
+ }
+ next-hop 172.18.202.254 {
+ distance 20
+ }
+ next-hop 172.18.203.254 {
+ distance 30
+ }
+ next-hop 172.18.204.254 {
+ distance 40
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 200
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ domain-name vyos.net
+ host-name vyos
+ ipv6 {
+ disable
+ }
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+ plaintext-password ""
+ }
+ level admin
+ }
+ }
+ name-server 172.16.254.20
+ name-server 172.16.254.30
+ ntp {
+ server 172.16.254.20 {
+ }
+ server 172.16.254.30 {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6 */
diff --git a/smoketest/configs/qos-basic b/smoketest/configs/qos-basic
new file mode 100644
index 000000000..f94a5650d
--- /dev/null
+++ b/smoketest/configs/qos-basic
@@ -0,0 +1,205 @@
+interfaces {
+ ethernet eth0 {
+ address 10.1.1.100/24
+ traffic-policy {
+ out FS
+ }
+ }
+ ethernet eth1 {
+ address 10.2.1.1/24
+ traffic-policy {
+ out M2
+ }
+ }
+ ethernet eth2 {
+ address 10.9.9.1/24
+ traffic-policy {
+ out MY-HTB
+ }
+ }
+ loopback lo {
+ }
+}
+protocols {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 10.9.9.2 {
+ }
+ next-hop 10.1.1.1 {
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 10
+ }
+ conntrack {
+ modules {
+ ftp
+ h323
+ nfs
+ pptp
+ sip
+ sqlnet
+ tftp
+ }
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ server time1.vyos.net {
+ }
+ server time2.vyos.net {
+ }
+ server time3.vyos.net {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+traffic-policy {
+ shaper M2 {
+ bandwidth auto
+ class 10 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS10 {
+ ip {
+ dscp CS4
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS5
+ }
+ default {
+ bandwidth 10mbit
+ burst 15k
+ queue-type fair-queue
+ }
+ }
+ shaper MY-HTB {
+ bandwidth 10mbit
+ class 30 {
+ bandwidth 10%
+ burst 15k
+ ceiling 50%
+ match ADDRESS30 {
+ ip {
+ source {
+ address 10.1.1.0/24
+ }
+ }
+ }
+ priority 5
+ queue-type fair-queue
+ }
+ class 40 {
+ bandwidth 90%
+ burst 15k
+ ceiling 100%
+ match ADDRESS40 {
+ ip {
+ dscp CS4
+ source {
+ address 10.2.1.0/24
+ }
+ }
+ }
+ priority 5
+ queue-type fair-queue
+ }
+ class 50 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS50 {
+ ip {
+ dscp CS5
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS7
+ }
+ default {
+ bandwidth 10%
+ burst 15k
+ ceiling 100%
+ priority 7
+ queue-type fair-queue
+ set-dscp CS1
+ }
+ }
+ shaper FS {
+ bandwidth auto
+ class 10 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS10 {
+ ip {
+ source {
+ address 172.17.1.2/32
+ }
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS4
+ }
+ class 20 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS20 {
+ ip {
+ source {
+ address 172.17.1.3/32
+ }
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS5
+ }
+ class 30 {
+ bandwidth 100%
+ burst 15k
+ match ADDRESS30 {
+ ip {
+ source {
+ address 172.17.1.4/32
+ }
+ }
+ }
+ queue-type fair-queue
+ set-dscp CS6
+ }
+ default {
+ bandwidth 10%
+ burst 15k
+ ceiling 100%
+ priority 7
+ queue-type fair-queue
+ }
+ }
+}
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.1
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 22:42:03 +0000