Age | Commit message (Collapse) | Author |
|
dhcp: T5952: Fix validate duplicate MAC Address on same subnet
|
|
|
|
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
|
|
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address>
set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address>
|
|
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575>
set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575>
|
|
dhcpv6: T3316: Extend scope of DHCP options, bugfixes
|
|
* Also migrate `address-range` to `range` tag node for consistency with dhcpv4 server syntax
|
|
smoketest
|
|
the lease file (#2796)
|
|
bgp: T5913: allow peer-group support for ipv4|6-labeled-unicast SAFI
|
|
|
|
dhcp: T3316: T5787: T5912: Extend scope of DHCP options, bugfixes
|
|
|
|
supported by Kea
|
|
|
|
hyphen (-)
When testing for changed PKI certificates using node_changed(), we should not
use key_mangling=('-', '_'), as this will make certificate updates with a hypen
not possible.
|
|
We have not seen the adoption of the https virtual-host CLI option.
What it did?
* Create multiple webservers each listening on a different IP/port
(but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
the default host
This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.
Changes
Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
|
|
pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()
|
|
Commit ad9bdfc24 ("T5195: add timeout argument to process_named_running()")
added a 2*10 seconds penalty for every interface test (dhcp and dhcpv6).
This leads to long runs of "make test" after an ISO build.
There is no need to wait 10 seconds for a test that checks for a process
not running. The timeout is there to give the process some time to startup.
|
|
|
|
Smoketests heavily rely on process_named_running() so in order to "relax"
system constraints during a test we will add a timeout of 10 seconds for
every testcase provided by base_interfaces_test.py
|
|
exclude-throttle-address
This fixes commit 199ceb1f0a ("dns: T5900: add dont-throttle-netmasks and
serve-stale-extensions powerdns features") where after the latest review round
the Jinja2 template was inconsitently changed and smoketests were not re-run.
|
|
features
|
|
deployments in cgnat. (#2694)
|
|
VyOS has several services relaying on the PKI CLI tree to retrieve certificates.
Consuming services like ethernet, openvpn or ipsec all re-implemented the same
code to retrieve the certificates from the CLI.
This commit extends the signature of get_config_dict() with a new option with_pki
that defaults to false. If this option is set, the PKI CLI tree will be blended
into the resulting dictionary.
|
|
|
|
A tunnel interface can not properly be sourced from a pppoe0 interface when
such interface is not (yet) connected to the BRAS. It might work on a running
system, but subsequent reboots will fail as the source-interface most likely
does not yet exist.
|
|
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
|
|
|
|
This extends commit 1a84c4d0e ("ipsec: T1210: add smoketest for remote-access
(road-warrior) users") in a way that also the IPv4 pool and its DNS servers get
validated. There is no separate IPv6 test, as both address families behave
the same way when configuring these.
|
|
ipsec: T1210: add smoketest for remote-access (road-warrior) users
|
|
|
|
system: T5877: Shorten system domain-search config path
|
|
Python unittest framework treads the comments as test names during execution:
Example:
test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool)
Test accel-ppp IPv4 pool ... ok
|
|
In addition to testing for shortening the domain-search path, add and
improve tests for other resolv.conf entries.
|
|
|
|
T5801: Rewritten L2TP to get_config_dict
|
|
dhcp: T3316: Support hostname, DUID and MAC address in reservation
|
|
T5859: Fixed format of pool range in the accel-ppp config
|
|
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y'
to 'x.x.x.x-y'
|
|
One can now do `set policy route foo default-log` which will add log
to the policy route chain.
|
|
Rename chain level defaults log option from `enable-default-log` to
`default-log` for consistency.
|
|
|
|
Also, have the smoketest start with a clean CLI instance.
|
|
srv6: T591: enable SR enabled packet processing on defined interfaces
|
|
VyOS CLI command
set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static'
Will generate the following NDP proxy configuration
$ cat /run/ndppd/ndppd.conf
# autogenerated by service_ndp-proxy.py
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route
route-ttl 30000
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules
proxy eth0 {
# Turn on or off the router flag for Neighbor Advertisements
router no
# Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds)
timeout 500
# Control how long a valid or invalid entry remains in the cache (milliseconds)
ttl 30000
# This is a rule that the target address is to match against. If no netmask
# is provided, /128 is assumed. You may have several rule sections, and the
# addresses may or may not overlap.
rule 2001:db8::/64 {
static
}
}
|
|
The Linux Kernel needs to be told if IPv6 SR enabled packets whether should be
processed or not. This is done using
/proc/sys/net/conf/<iface>/seg6_* variables:
seg6_enabled - BOOL
Accept or drop SR-enabled IPv6 packets on this interface.
Relevant packets are those with SRH present and DA = local.
0 - disabled (default)
not 0 - enabled
Or the VyOS CLI command:
* set protocols segment-routing interface eth0 srv6
|
|
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is
possible to associate multiple VRF devices to the same table. Conversely, when
net.vrf.strict_mode=1 a table can be associated to a single VRF device.
A VRF table can be used by the VyOS CLI only once (ensured by verify()), this
simply adds an additional Kernel safety net, but a requirement for IPv6 segment
routing headers.
|
|
Rewritten L2TP to get_config_dict
Rewritten L2TP xml to accel-ppp patterns
Migrated 'idle' to 'ppp-options.lcp-echo-timeout'
Migrated 'authentication.mppe' to 'ppp-options.mppe'
Migrated 'authentication.radius.dae-server' to
'authentication.radius.dynamic-author'
Migrated 'authentication.require' to 'authentication.protocol'
Added 'authentication.radius.acct-interim-jitter'
Added 'authentication.radius.preallocate-vif'
Added 'authentication.radius.server.<IP>.acct-port'
Added 'ppp-options.ipv4'
Added smoke-tests
Fixed 'preallocate-vif' in SSTP
|