Age | Commit message (Collapse) | Author |
|
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node
to explicitly change this.
* set vpn ipsec site-to-site peer <name> replay-window <0-2040>
|
|
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
|
|
container: T5955: add uid/gid settings
|
|
|
|
T5971: Rewritten ppp options in accel-ppp services
|
|
T4839: firewall: Add dynamic address group in firewall configuration
|
|
ddclient: T5966: Adjust dynamic dns config address subpath
|
|
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS
recursor") added a helper "_set_required_options()" method to reduce duplicate
code when setting up the base interface test.
This refactors the test class to call this code always in setUp() so we have
it written only once.
|
|
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
|
|
appropiate commands to populate such groups using source and destination address of the packet.
|
|
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254>
|
|
|
|
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left
|
|
sflow: T5968: add VRF support
|
|
Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service
|
|
|
|
For example, port 5353 is reserved for multicast DNS, this means tests
will fail if the host running the tests is also running a mDNS server.
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
|
|
left
This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does
not delete underlying VIFs") with a smoketests ensure no VIFs are left behind.
|
|
* set service ntp leap-second [ignore|smear|system|timezone]
Where timezone is the new and old default resulting in adding "leapsectz right/UTC"
to chrony.conf. The most prominent new option is "smear" which will add
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
to chrony.
See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for
additional information
|
|
|
|
dhcp: T5952: Fix validate duplicate MAC Address on same subnet
|
|
|
|
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
|
|
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address>
set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address>
|
|
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575>
set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575>
|
|
dhcpv6: T3316: Extend scope of DHCP options, bugfixes
|
|
* Also migrate `address-range` to `range` tag node for consistency with dhcpv4 server syntax
|
|
smoketest
|
|
the lease file (#2796)
|
|
bgp: T5913: allow peer-group support for ipv4|6-labeled-unicast SAFI
|
|
|
|
dhcp: T3316: T5787: T5912: Extend scope of DHCP options, bugfixes
|
|
|
|
supported by Kea
|
|
|
|
hyphen (-)
When testing for changed PKI certificates using node_changed(), we should not
use key_mangling=('-', '_'), as this will make certificate updates with a hypen
not possible.
|
|
We have not seen the adoption of the https virtual-host CLI option.
What it did?
* Create multiple webservers each listening on a different IP/port
(but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
the default host
This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.
Changes
Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
|
|
pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()
|
|
Commit ad9bdfc24 ("T5195: add timeout argument to process_named_running()")
added a 2*10 seconds penalty for every interface test (dhcp and dhcpv6).
This leads to long runs of "make test" after an ISO build.
There is no need to wait 10 seconds for a test that checks for a process
not running. The timeout is there to give the process some time to startup.
|
|
|
|
Smoketests heavily rely on process_named_running() so in order to "relax"
system constraints during a test we will add a timeout of 10 seconds for
every testcase provided by base_interfaces_test.py
|
|
exclude-throttle-address
This fixes commit 199ceb1f0a ("dns: T5900: add dont-throttle-netmasks and
serve-stale-extensions powerdns features") where after the latest review round
the Jinja2 template was inconsitently changed and smoketests were not re-run.
|
|
features
|
|
smoketests: T5887: remove IXGB driver
|
|
deployments in cgnat. (#2694)
|
|
VyOS has several services relaying on the PKI CLI tree to retrieve certificates.
Consuming services like ethernet, openvpn or ipsec all re-implemented the same
code to retrieve the certificates from the CLI.
This commit extends the signature of get_config_dict() with a new option with_pki
that defaults to false. If this option is set, the PKI CLI tree will be blended
into the resulting dictionary.
|