Age | Commit message (Collapse) | Author |
|
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8
The nftables format for conntrack timeouts is different.
Fix this.
|
|
T5928: Change firewall priority to 319
|
|
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
|
|
|
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
|
|
|
|
|
|
|
|
srv6: T5849: add segment support to "protocols static route6"
|
|
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
|
|
|
|
rpki: T6023: add support for CLI knobs expire-interval and retry-interval
|
|
T5960: Rewritten authentication node in PPTP to a single view
|
|
vrf: T5973: module is now statically compiled into the kernel
|
|
bgp: T6024: add additional missing FRR features
|
|
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null>
* set protocols bgp parameters allow-martian-nexthop
* set protocols bgp parameters no-hard-administrative-reset"
|
|
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
|
|
Always enable VRF strict_mode
|
|
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
|
|
rpki: T6011: known-hosts-file is no longer supported by FRR
|
|
|
|
|
|
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node
to explicitly change this.
* set vpn ipsec site-to-site peer <name> replay-window <0-2040>
|
|
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
|
|
container: T5955: add uid/gid settings
|
|
|
|
T5971: Rewritten ppp options in accel-ppp services
|
|
T4839: firewall: Add dynamic address group in firewall configuration
|
|
ddclient: T5966: Adjust dynamic dns config address subpath
|
|
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS
recursor") added a helper "_set_required_options()" method to reduce duplicate
code when setting up the base interface test.
This refactors the test class to call this code always in setUp() so we have
it written only once.
|
|
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
|
|
appropiate commands to populate such groups using source and destination address of the packet.
|
|
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254>
|
|
|
|
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left
|
|
sflow: T5968: add VRF support
|
|
Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service
|
|
|
|
For example, port 5353 is reserved for multicast DNS, this means tests
will fail if the host running the tests is also running a mDNS server.
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
|
|
left
This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does
not delete underlying VIFs") with a smoketests ensure no VIFs are left behind.
|
|
* set service ntp leap-second [ignore|smear|system|timezone]
Where timezone is the new and old default resulting in adding "leapsectz right/UTC"
to chrony.conf. The most prominent new option is "smear" which will add
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
to chrony.
See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for
additional information
|
|
|