Age | Commit message (Collapse) | Author |
|
firewall: T4612: Support arbitrary netmasks
|
|
|
|
* 'T4825' of https://github.com/sever-sever/vyos-1x:
T4825: Add basic smoketest for veth interfaces
T4825: Add interface type veth
|
|
Add interface type veth (Virtual ethernet)
One of the usecases it's interconnect different vrf's and
default vrf via bridge
set interfaces virtual-ethernet veth0 peer-name 'veth1010'
set interfaces virtual-ethernet veth1010 address '10.0.0.10/24'
set interfaces virtual-ethernet veth1010 peer-name 'veth0'
set interfaces virtual-ethernet veth1010 vrf 'foo'
set interfaces bridge br0 address '10.0.0.1/24'
set interfaces bridge br0 member interface veth0
|
|
including "cni-" prefix)
* Error: unable to start container "<id>": plugin type="bridge" failed (add): cni plugin bridge failed: failed to create bridge "cni-thisismorethan15chars": could not add "cni-thisismorethan15chars": numerical result out of range
|
|
Requires full key type name like sk-ecdsa-sha2-nistp256@openssh.com
and sk-ssh-ed25519@openssh.com
|
|
policy: T2199: T4605: Migrate policy route interface node
|
|
|
|
|
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
|
|
Size of /dev/shm within a container can be defined via --shm-size when invoking
the container. Add corresponding CLI node.
|
|
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT
|
|
|
|
`fqdn` node
|
|
Instead of spawning the Python interpreter for every mac-address to
validate, rather use the base validate-value OCaml implementation which
is much faster.
This removes redundant code and also makes the CLI more responsive.
Validator is moved out to a dedicated file instead of using XML inlined <regex>
for the reason of re-usability. So if that regex needs to be touched again - it
can all happen in one single file.
|
|
Reduce CPU time when spawning the python interpreter. Same can be done by the
numeric validator.
|
|
Remove duplicated code and move to single-source of truth.
|
|
|
|
This enabled users to also use 2FA/MFA authentication with a radius backend as
there is enough time to enter the second factor.
|
|
|
|
|
|
|
|
|
|
|
|
Ability to configure SSH-server HostKeyAlgorithms.
Specifies the host key signature algorithms that the server
offers. Can accept multiple values.
|
|
Move default values of TOTP configuration from a global to a per user setting.
This makes the entire code easier as no global configuration must be blended
into the per user config dict.
Also it should be possible to set the authentication window "multiple concurrent
keys" individual per user.
set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq'
set system login user vyos authentication plaintext-password 'vyos'
|
|
|
|
|
|
Use common "url.xml" which allow URL as domain name or IP
entrie
|
|
system login: T874: add 2FA support for local and ssh authentication
|
|
|
|
|
|
isis: T4739: ISIS segment routing being refactored
|
|
qos: T4688: add xml template for limiter actions
|
|
This is to refactor ISIS segment routing to match up with OSPF segment routing.
|
|
firewall: policy: T4741: T4742: Verify zone `from` is defined, autocomplete policy route tables
|
|
ssh: T4716: Ability to configure RekeyLimit data and time
|
|
|
|
Ability to configure SSH RekeyLimit data (in Megabytes) and
time (in Minutes)
set service ssh rekey data 1024
set service ssh rekey time 60
|
|
When log-level was introduced node `state-policy x log` was removed without migrator. This commit adds it back and improves log handling.
|
|
Add support for arbitrary netmasks on source/destination addresses in
firewall rules. This is particularly useful with DHCPv6-PD when the
delegated prefix changes periodically.
|
|
ospf: T4707: Add OSPF segment routing for FRR
|
|
|
|
In this commit we add OSPF segment routing, smoke tests, handlers,
FRR template changes, and CLI commands.
|
|
vyos-1x automatically adds a "(default: ...)" hint to the CLI help if the
<defaultValue> XML tag is used. No need to specify this manually.
|
|
policy: T4660: Changed CLI syntax in route-map set community
|
|
|
|
|
|
Changed CLI syntax in route-map set community,
set large-community, set extcommunity
Allows to add multiple communities, large-communities
and extcommunities in clear view.
Added new well-known communities.
Added non-transitive feature in extcommunities.
Fixed community's validators.
|