Age | Commit message (Collapse) | Author |
|
ipsec: T5606: T5871: Use multi node for CA certificates
|
|
T5872: ipsec remote access VPN: support dhcp-interface.
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
|
|
interface with vrf
|
|
|
|
dhcp-server high-availability>.
|
|
Users can not (FRR fails) commit the same network belonging to different OSPF
areas. Add verify() check to prevent this.
|
|
bgp: T6106: Valid commit error for route-reflector-client option defi…
|
|
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain"
node identifying the IS-IS process name). Drop all references to "process"
variable.
Specifying:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis redistribute ipv4 bgp
Triggered an exception
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify
f'"protocols isis {process} redistribute {afi} {proto}"!')
^^^^^^^
NameError: name 'process' is not defined
|
|
vti: T6085: interface is always down and only enabled by IPSec daemon
|
|
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
|
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
|
|
peer-group
handle vtysh bgp error
|
|
qos: T1871: add MTU option when configure limiter traffic-policy
|
|
T5996: selectively escape and restore single backslashes in config
|
|
|
|
add mtu to default and specified class
update smoke test
|
|
policy: T6129: add route-map option "as-path exclude all"
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
|
|
conntrack: T4022: add RTSP conntrack helper
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
|
|
|
|
|
|
firewall: T6071: truncate rule description field to 255 characters
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
|
|
vrrp: T6020: vrrp health-check script not applied correctly
|
|
|
|
|
|
ospfv3: T6087: add support to redistribute IS-IS routes
|
|
vyos.ethtool: T6083: use JSON input data #2
|
|
is a network.
|
|
|
|
|
|
settings
|
|
ospfv3: allow metric and metric-type on redistributed routes
|
|
Example:
vyos@vyos# set protocols ospfv3 redistribute bgp
Possible completions:
metric OSPF default metric
metric-type OSPF metric type for default routes (default: 2)
route-map Specify route-map name to use
|
|
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
T5504: Keepalived VRRP ability to set more than one peer-address
|
|
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
required
|
|
remove obsolete imports
|
|
for leases
|
|
This extends commit dbe8c613b ("bridge: T6043: do not call vxlan dependency if
interface does not exist (yet)") with a proper cleanup of additional interfaces
created during the testrun.
|
|
In order to keep the proper priority list during system startup and on initial
setup/commit for this feature the dependent VXLAN code should not be called,
if the interface in question does not exist (yet).
|
|
login: T5972: add possibility to disable individual local user accounts
|