Age | Commit message (Collapse) | Author |
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
|
|
Ability to set interface for `excluded-address`
The excluded-addresses are not listed in the VRRP packet (adverts packets).
We have this ability for `address`, add the same feature for the
excluded-address
```
set high-availability vrrp group GRP-01 excluded-address 192.0.2.202 interface 'dum2'
set high-availability vrrp group GRP-01 excluded-address 192.0.2.203 interface 'dum3'
```
|
|
Extent the service config-sync for sections:
- qos interface
- qos policy
- system conntrack
- system flow-accounting
- system option
- system sflow
- system static-host-mapping
- system sysctl
|
|
dhcp-server high-availability>.
|
|
container: T6062: add image name completion helper
|
|
|
|
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
|
|
The maximum timeout for the `service config-sync` is 300 seconds
(Connection API timeout). It could not be enough for the real massive
configurations.
Increase the maximum value to 3600
```
set service config-sync secondary address 192.0.2.1
set service config-sync secondary timeout 3600
```
|
|
qos: T1871: add MTU option when configure limiter traffic-policy
|
|
add mtu to default and specified class
update smoke test
|
|
policy: T6129: add route-map option "as-path exclude all"
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
|
|
conntrack: T4022: add RTSP conntrack helper
|
|
T6121: Extend service config-sync to new sections
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s
|
|
|
|
|
|
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
|
|
A restriction to ascii in the constraint disallowed earlier support for
unicode bytes.
|
|
The regex used is not working if the string contains dots.
Originally authored by: Lucas <pinheirolucas@pm.me>
|
|
|
|
be allowed
This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum
description to 255 characters") which incresaed the lower limit from 0 to 1.
We actually require 0 length value for description nodes as introduced in
commit 6eea12512e ("xml: T1579: allow zero length for description").
|
|
firewall: T6071: truncate rule description field to 255 characters
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
|
|
|
|
vrrp: T6020: vrrp health-check script not applied correctly
|
|
|
|
|
|
wifi: T6095: incorrect country "uk" it's actually "gb"
|
|
T2447: add configurable kernel boot option 'disable-power-saving'
|
|
Lower available CPU C states to a minimum if this option set. This will set
Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
|
|
Make the code more uniform and maintainable.
|
|
All valid country codes can be retrieved from [1] and extracted which resulted
in the completion helper list of this commit.
1: https://git.kernel.org/pub/scm/linux/kernel/git/wens/wireless-regdb.git/tree/db.txt
|
|
|
|
Example:
vyos@vyos# set protocols ospfv3 redistribute bgp
Possible completions:
metric OSPF default metric
metric-type OSPF metric type for default routes (default: 2)
route-map Specify route-map name to use
|
|
dhcp-server: T6079: Disable duplicate static-mappings on migration
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
|
|
|
|
for leases
|
|
|
|
Removed word 'PPPoE' from descriptions in common template for all
accel-ppp services.
|
|
login: T5972: add possibility to disable individual local user accounts
|
|
* set system login user <name> disable
|
|
T6001: add option to disable next-hop-tracking resolve-via-default
|