Age | Commit message (Collapse) | Author |
|
|
|
In cases with multiple named IP pools, it is required the option 'next'
to be sure that if IP addresses ended in one pool, then they would
begin to be allocated from the next named pool.
For accel-ppp it requires specific order as pool must be defined
before we can use it with the 'next-option'
set service ipoe-server client-ip-pool name first-pool subnet '192.0.2.0/25'
set service ipoe-server client-ip-pool name first-pool next-pool 'second-pool'
set service ipoe-server client-ip-pool name second-pool subnet '203.0.113.0/25'
[ip-pool]
203.0.113.0/25,name=second-pool
192.0.2.0/25,name=first-pool,next=second-pool
|
|
T5050: Firewall: Add log options
|
|
|
|
We drop default values 'port' but don't set it again per server
Fix it
|
|
hsflowd will export the headers of dropped packets (along with the
name of the function in the Linux kernel where that skb was dropped)
as part of the standard sFlow feed.
This measurement complements the sFlow packet sampling and
counter-telemetry well because it provides visibility into the
traffic that is not flowing.
Very helpful for troubleshooting.
The limit (a rate limit max of N drops per second sent out in the
sFlow datagrams) is the parameter you would set in the CLI.
set system sflow drop-monitor-limit 50
|
|
T5086: Add sFlow feature based on hsflowd
|
|
Add sFlow feature based on hsflowd
According to user reviews, it works more stable and more productive
than pmacct
I haven't deleted 'pmacct' 'system flow-accounting sflow' yet
It could be migrated or deprecated later
set system sflow agent-address '192.0.2.14'
set system sflow interface 'eth0'
set system sflow interface 'eth1'
set system sflow polling '30'
set system sflow sampling-rate '100'
set system sflow server 192.0.2.1 port '6343'
set system sflow server 192.0.2.11 port '6343'
|
|
in firewall, to NAT
|
|
|
|
Since 'key' field is no longer required, a missing key will register an
error in the resolver, instead of being rejected as bad request.
|
|
|
|
Commit 54c36e43 (tunnel: T5034: migrate "multicast enable" CLI node to
enable-multicast) changed the syntax on the CLI. This commits changes the
testcase to make use of the new syntax.
|
|
|
|
|
|
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
tc acccepts the bandwidth value/unit pairs as lowercase - so does the VyOS CLI
validator work, too.
|
|
sstp-client
|
|
T1993: PPPoE-server add section shaper and fwmark option
|
|
|
|
containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
|
|
container: T4959: Add container registry authentication config for containers
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
|
|
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
|
|
|
|
|
|
ipsec: T4925: Added PRF into IKE group
|
|
T4857: SNMP: Implement FRR SNMP Recomendations
|
|
|
|
Added the possibility to configure Pseudo-Random Functions (PRF)
in IKE group
set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF>
|
|
As WireGuard is now part of the mainline Kernel, we no longer need to validate
it using the external module loader/tester.
|
|
|
|
|
|
|
|
|
|
* Move CLI from "system ntp" -> "service ntp"
* Drop NTP server option preempt as not supported by chrony
|
|
Commit e28b10ce ("smoketest: dhcpv6-relay: use setUpClass() over setUp()")
introduced a TypeError:
TypeError: cli_set() missing 1 required positional argument: 'config'
This has been fixed.
|
|
This fixes commit 20f448d16c ("T4934: ospf: Fix inter-area route summarization")
where an assert was present for a CLI option that was missing to be set
causing tests to fail.
|
|
|
|
Improves test runtime as interfaces are not created/deleted on every
test case.
|
|
This fixes commit 20f448d16c ("T4934: ospf: Fix inter-area route summarization")
where an assert was present for a CLI option that was missing to be set
causing tests to fail.
|
|
Fix ValueError: Unknown format code 'x' for object of type 'str' added in
commit c0ffb8ba4e663 ("ethernet: rps: T4928: adjust to Kernel ABI changes").
|
|
Setting something like `protocols ospf area 10 range 10.10.0.0/16` without sub options doesn't work. This is because no range commands are generated when there is no leaf nodes set under the `range` tag node.
```
edit protocols ospf
set area 16 network 10.10.0.0/16
set area 16 range 10.10.0.0/16
commit
```
```
$ vtysh -c 'show run'
!
router ospf
auto-cost reference-bandwidth 100
timers throttle spf 200 1000 10000
network 10.10.0.0/16 area 16
exit
```
The generated FRR commands above is missing something like:
```
area 16 range 10.10.0.0/16
```
|