Age | Commit message (Collapse) | Author |
|
|
|
Every node in running config now has an explicit "exit" tag
|
|
FRR 7.5
router ospf
passive-interface default
no passive-interface eth0.202
Changed int FRR 8 to
interface eth0.202
no ip ospf passive
!
router ospf
ospf router-id 172.18.254.202
log-adjacency-changes detail
passive-interface default
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit d75403f78aef0 ("dmvpn: T4010: Fix template ipsec profile rekey_time")
fixed an issue where the old IKE life_time config option was used. This no
longer exists and us named rekey_time for IKE.
This commit fixes the expected smoketest result.
|
|
We need to use a temporary variable when validating the tuple if address
is used. If not the else branch will always add the tuple to the list of
addresses used for listen-address.
|
|
|
|
|
|
|
|
(cherry picked from commit c1015d8ce0013719eb898b60b14ffec192b8141c)
|
|
mdns: T3917: Change to avahi-daemon for IPv4 + IPv6 mDNS repeater
|
|
|
|
|
|
|
|
(cherry picked from commit eab6e6830a566af647d7e1b24197bf945788c3d0)
|
|
There is no need to delete the old ingres-qos and egres-qos values as it's not
a multi node and thus the values are simply overwritten. Also address validation
is not required as it's done in a dedicates test.
|
|
|
|
|
|
The Kernel output seemed to be not that helpful and only polluted the log.
Now we only gather the syslog and FRRs configuration
|
|
|
|
Rename virtual-address -> address as we always talk about an IP address.
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
|
|
Commit d768aee9 ("ipsec: T1441: Clean up vti-up-down script for XFRM interfaces")
removed a parameter from the updown scripts which is no longer necessary as
XFRM interfaces are superior to VTI interfaces b/c they use dynamic endpoints
by default.
|
|
|
|
|
|
|
|
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given
pool. In order to use the same CLI syntax this should be renamed to name-server,
which is already the case for DHCPv6.
|
|
vyos@vyos# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 192.168.10.0/24 {
next-hop 10.0.0.2
}
static-route 192.168.20.0/24 {
router 10.0.0.2
}
}
}
|
|
|
|
The key defaults to 0 and will match any policies which similarly do not have
a lookup key configuration. This means that a vti0 named interface will pull in
all traffic and others will stop working. Thus we simply shift the key by one
to also support a vti0 interface.
|
|
Modify template for squid
Replace old directives to actual
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
|
|
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as")
added support for a new CLI option when the local-as is changed for a specified
neighbor or peer-group.
There was an error in the CLI / design as the "replace-as" option can only be
used when "no-prepend" is defined. Thus "no-prepend" became a <node> and
the new "replace-as" leafNode is now a child of "no-prepend".
|
|
|
|
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius:
T3192: migrate to get_config_dict()") the user-name was not excluded
from mangling (no_tag_node_value_mangle=True).
This resulted in a username "vyos-user" from CLI to be actually created as
"vyos_user" on the system.
This commit also adds respective Smoketests to prevent this in the future.
|
|
Mandatory FRR options for spf-delay-ietf did not get rendered in the Jinja2
template.
|
|
bgp: evpn: T3739: add route-map match support
|
|
Commit 474db49a ("bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets
differ") made it possible to specify a whitelist separated list of route-targets,
this is now validated through the smoketests.
|
|
redistributed routes
|
|
Now that the PPPoE interface also makes use of the vyos.ifconfig.interface
class, we need to adjust the smoketests to reflect all those changes.
TODO:
Start a local PPPoE server in a namespace and connect locally for deeper
testing.
|
|
|
|
level
Getting rid of "set firewall options" and move it from:
set firewall options interface ethX adjust-mss 1400
set firewall options interface ethX adjust-mss6 1400
to:
set interfaces ethernet ethX ip adjust-mss 1400
set interfaces ethernet ethX ipv6 adjust-mss 1400
In addition add an extra option called clamp-mss-to-pmtu instead of a value.
|
|
This adds the following new commands:
set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out
set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in
set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out
set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in
|