Age | Commit message (Collapse) | Author |
|
T6121: Extend service config-sync to new sections
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s
|
|
|
|
|
|
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
A restriction to ascii in the constraint disallowed earlier support for
unicode bytes.
|
|
The regex used is not working if the string contains dots.
Originally authored by: Lucas <pinheirolucas@pm.me>
|
|
be allowed
This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum
description to 255 characters") which incresaed the lower limit from 0 to 1.
We actually require 0 length value for description nodes as introduced in
commit 6eea12512e ("xml: T1579: allow zero length for description").
|
|
firewall: T6071: truncate rule description field to 255 characters
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
|
|
|
|
vrrp: T6020: vrrp health-check script not applied correctly
|
|
|
|
|
|
wifi: T6095: incorrect country "uk" it's actually "gb"
|
|
T2447: add configurable kernel boot option 'disable-power-saving'
|
|
Lower available CPU C states to a minimum if this option set. This will set
Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
|
|
Make the code more uniform and maintainable.
|
|
All valid country codes can be retrieved from [1] and extracted which resulted
in the completion helper list of this commit.
1: https://git.kernel.org/pub/scm/linux/kernel/git/wens/wireless-regdb.git/tree/db.txt
|
|
|
|
Example:
vyos@vyos# set protocols ospfv3 redistribute bgp
Possible completions:
metric OSPF default metric
metric-type OSPF metric type for default routes (default: 2)
route-map Specify route-map name to use
|
|
dhcp-server: T6079: Disable duplicate static-mappings on migration
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
|
|
|
|
for leases
|
|
|
|
Removed word 'PPPoE' from descriptions in common template for all
accel-ppp services.
|
|
login: T5972: add possibility to disable individual local user accounts
|
|
* set system login user <name> disable
|
|
T6001: add option to disable next-hop-tracking resolve-via-default
|
|
context
* set vrf name <name> ip nht no-resolve-via-default
* set vrf name <name> ipv6 nht no-resolve-via-default
|
|
* set system ip nht no-resolve-via-default
* set system ipv6 nht no-resolve-via-default
|
|
T6029: Rewritten Accel-PPP services to an identical feature set
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
|
|
|
|
T5928: Change firewall priority to 319
|
|
T5064: Firewall fix RegEx for for domain-group
|
|
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
|
|
Improve RegEx for firewall domain-groups.
This domain group looks good, but the current RegEx validation
fils:
```
set firewall group domain-group a_aa
```
|
|
Change the firewall priority to 319, after interface ethernet
configuration
For example if we use VLANs and the vlan interface must be
created before we can use it in the firewall/flowtable
The current priority
```
199 firewall
300 interfaces/dummy
300 interfaces/loopback
300 interfaces/virtual-ethernet
310 interfaces/bridge
310 interfaces/input
318 interfaces/ethernet
...
```
|
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
srv6: T5849: add segment support to "protocols static route6"
|
|
|
|
set pki openssh rpki private key ...
set pki openssh rpki public key ...
set pki openssh rpki public type 'ssh-rsa'
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
|