Age | Commit message (Collapse) | Author |
|
|
|
1. Rewritten CLI of 'reset vpn' commands.
2. Created 'reset vpn ipsec remote-access' commands to reset
RA IKEv2 session.
3. Created 'reset vpn ipsec site-to-site all' command to reset all
configured IPSec site-to-site peers sessions.
4. Rewritten 'reset vpn l2t|pptp|sstp' commands to
new opmode style.
|
|
As we don't have global option 'gateway-address' for ipoe-server
we cannot use general configverify.verify_accel_ppp_base_service
Add verify radius setting for configuration mode 'radius'
Radius authentication required at least one RADIUS server
|
|
Named pools for ipoe-server must not rely on autentication type
It is a separate global option for [ipoe] and [ip-pool] sections
|
|
Add sFlow feature based on hsflowd
According to user reviews, it works more stable and more productive
than pmacct
I haven't deleted 'pmacct' 'system flow-accounting sflow' yet
It could be migrated or deprecated later
set system sflow agent-address '192.0.2.14'
set system sflow interface 'eth0'
set system sflow interface 'eth1'
set system sflow polling '30'
set system sflow sampling-rate '100'
set system sflow server 192.0.2.1 port '6343'
set system sflow server 192.0.2.11 port '6343'
|
|
T5055: NAT: extend packet-type to NAT
|
|
in firewall, to NAT
|
|
T5085: Fix ipv6 route-map for ospfv3
|
|
Add template to generate zebra
"ipv6 protocol ospf6 route-map xxx"
|
|
T2516: Exclude veth interfaces from duplex and speed check
|
|
Exclude interfaces with 'veth' driver from duplex and speed check
|
|
|
|
This reverts commit 9ed4113d6c4809a0126d04c99d60eaa76a7b6b15.
|
|
Fix podman error about invalid storage:
[graphdriver] prior storage driver overlay failed: 'overlay' is not supported
over overlayfs, a mount_program is required: backing file system is unsupported
for this graph driver" Error: 'overlay' is not supported over overlayfs, a
mount_program is required: backing file system is unsupported for this graph
driver.
|
|
Also ExecReload is a duplicate of the base service file
|
|
|
|
|
|
container
|
|
|
|
|
|
|
|
T5055: Firewall: add packet-type matcher in firewall and route policy
|
|
Container registry CLI node changed from leafNode to tagNode with the same
defaults. In addition we can now configure an authentication option per
registry.
|
|
|
|
|
|
T5058: Fix range_to_regex list argument
|
|
Values of the list for the 'range_to_regex' could be not only range
values as ['10-20', '22-30'] but also and not range values like
['10-20', '30', '80']
Fix if we args is list and non range values are exists in ths list
% range_to_regex(['10-20', '80'])
'(1\\d|20|80)'
|
|
graphql: T5068: generate client operations for code generation tools
|
|
T5070: Added show bgp martian/show bgp nexthop to bgp in vrf
|
|
T4973: DHCP server fix output for long leases
|
|
util: T5074: Fixed decoding of certificate value to UTF-8 string
|
|
With long lease time for example lease '4294967295' seconds
it is impossible to get end lease as value is 'ends never;'
It cause error to get timestamp() from 'ends never' and remaining
time 'lease.end - datetime.utcnow()'
Set default remaining and end lease to '-' if we cannot get this
info
|
|
Fixed decoding of certificate value returned by vici
to UTF-8 string.
|
|
|
|
qos: T5018: Fix issues between QoS and interface mirror/redirect
|
|
This will check if mirror/redirect is present on a QoS interface and use `vyos.configdep` module to update the interface again after QoS is applied.
|
|
|
|
T5073: IPoE-server fix parse empty range option
|
|
|
|
T5063: IPoE-server ethX vlan must not be used with client-subnet
|
|
IPoE-server 'interface ethX vlan xxx' (aka vlan-mon) must not be
used with 'interface ethX client-subnet'
So instead of shared pool accel-ppp uses the same pool for each
dynamically added VLAN
eth1 client-subnet '192.0.2.0/24'
eth1 vlan '2000-2021'
It cause this issue:
eth1.2000 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
eth2.2001 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
Only named pools with vlan option must be used.
|
|
If the 'client-subnet' is not used we must exclude it
from the ipoe.config.j2 template.
Otherwise we get wrong empty parameter ',range=,'
|
|
|
|
T5066: Fix GRE tunnel variable name which checks keys
|
|
|
|
Lift the amount of allowed open file descriptors for the FRR process tree.
Required if there are hundreds to thousands interfaces on a system.
|
|
op-mode: T5051: use Literal types to provide op-mode CLI choices and API enums
|
|
T5057: Fix IPoE regex Jinja2 for interface
|
|
T5058: Extend template filter range_to_regex to allow list as arg
|
|
Fix incorrect regex '\d+' when used vlan ranges
For example 'ipoe-server interface eth1 vlan 2000-3000'
- replace 'interface=re:eth1\.\d+'
=> 'interface=re:^eth1\.(200\d|20[1-9]\d|2[1-9]\d{2}|3000)$'
|