Age | Commit message (Collapse) | Author |
|
* Add support for IS-IS advertise-high-metrics
set protocols isis advertise-high-metrics
* Add support for IS-IS advertise-passive-only
set protocols isis advertise-passive-only
(cherry picked from commit f7d35c15256ea74ab32c9b978a5c6fdbd659a7a0)
|
|
while configuring dNAT|sNAT rule
(cherry picked from commit ec5437913e489f40fea6bab89a6bb5f565cd1ab7)
|
|
Cleanup nets for the smoketest load-balancing
Remove deleting container interfaces from default netns as those
interfaces leave inly in netns.
(cherry picked from commit 849499f44f6e50c591e250cf40b5ab0115839b53)
|
|
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when
working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI
is configured against a container VXLAN interface which is referred to as a
'Single VXLAN device (SVD)'.
Multiple VLAN to VNI mappings can be configured against the same SVD. This
allows for a significant scaling of the number of VNIs since a separate VXLAN
interface is no longer required for each VNI.
Sample configuration of SVD with VLAN to VNI mappings is shown below.
set interfaces bridge br0 member interface vxlan0
set interfaces vxlan vxlan0 external
set interfaces vxlan vxlan0 source-interface 'dum0'
set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010'
set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011'
set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030'
set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
(cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
|
|
|
|
- Migrate IPv4 source-validation to nftables
- Interface source-validation value takes priority, fallback to global value
|
|
Commit 6896aabb6 ("wireless: T5540: fix VHT capability settings for 802.11ac"
changed how the VHT channel-sidth is configured in hostapd - but smoketests
did not get adjusted.
|
|
|
|
|
|
|
|
|
|
|
|
Configuring "set system ip protocol ospf|bgp route-map foo" and commit it
installs the route-map into FRR. Removing the CLI configuration "delete system
ip protocol" does not remove the route-map from FRR - it stays active.
This commit adds the fix and appropriate smoketests extenstion.
|
|
wifi: T5491: allow white-/blacklisting station MAC addresses for security
|
|
T5448: Add configuration host-name for zabbix-agent
|
|
T5472: nat redirect: allow redirection without defining redirected port
|
|
T5450: allow inverted matcher for interface and interface-group
|
|
|
|
firewall cli
|
|
Ability to configure host-name for zabbix-agent
set service monitoring zabbix-agent host-name 'r-vyos'
|
|
T5447: Initial support for MACsec static keys
|
|
|
|
Station MAC address-based authentication means:
* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list
New CLI commands:
* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
|
|
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation
mode").
|
|
|
|
Commit 77ef9f800 ("T5466: L3VPN label allocation mode") added support for a new
CLI node that is added "label vpn export allocation-mode per-nexthop" to FRRs
running configuration. Unfortunately the smoketest contained a trailing
whitespace and the above mentioned line could not be evaluated to true.
|
|
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
|
|
Using threaded as CLI node is a very deep term used by kernel threads. To make
this more understandable to users, rename the node to per-client-thread.
It's also not necessary to test if any one peer is configured and probing if
the option is set. There is a base test which requires at least one peer
to be configured.
|
|
|
|
Testcases after the bugfix in commit 011697508 ("T5467: removing ospf(v3) or
isis interface in VRF context did not clear FRR config").
For ISIS change in the tests - do not run self_commit() in a for loop if not
really necessary, this will slow down the tests.
|
|
This fixes the smoketest after the change in commit e7d7bd20b ("openvpn: T5270:
do not require classic DH params in any more Generate 'dh none' instead and let
OpenVPN use ECDH")
... as there is no exception raised
05:47:26 DEBUG - ======================================================================
05:47:26 DEBUG - FAIL: test_openvpn_server_verify (__main__.TestInterfacesOpenVPN.test_openvpn_server_verify)
05:47:26 DEBUG - ----------------------------------------------------------------------
05:47:26 DEBUG - Traceback (most recent call last):
05:47:26 DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 342, in test_openvpn_server_verify
05:47:26 DEBUG - with self.assertRaises(ConfigSessionError):
05:47:26 DEBUG - AssertionError: ConfigSessionError not raised
|
|
setting
|
|
T5160: Firewall refactor
|
|
<drop> to <accept> if default-action is not specified in base chains
|
|
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
|
|
firewall smoketest
|
|
|
|
accidentaly removed. Update smokestest: remove zone test and fix test_sysfs test
|
|
smoketest
|
|
Move 'service zabbix-agent'
=> 'service monitoring zabbix-agent'
|
|
Add service zabbix-agent
set service zabbix-agent directory '/config/zabbix/'
set service zabbix-agent limits buffer-flush-interval '8'
set service zabbix-agent limits buffer-size '120'
set service zabbix-agent log debug-level 'warning'
set service zabbix-agent log size '1'
set service zabbix-agent server '192.0.2.5'
set service zabbix-agent server-active 192.0.2.5 port '10051'
set service zabbix-agent server-active 2001:db8::123
|
|
T5014: nat: add source and destination nat options for configuring lo…
|
|
|
|
|
|
Added 'set interfaces wireguard wgX threaded' command.
Process traffic from each peer in a dedicated thread.
|
|
Start IPv4/IPv6 DHCP clients on an interface bound to a given VRF. Verify that
the client process runs in the VRF context.
|
|
|
|
set service dns dynamic timeout <60-3600>
|
|
|
|
wireguard: T5413: Blocked adding the peer with the router's public key
|