Age | Commit message (Collapse) | Author |
|
ocserv template expects list of routes but gets str "default"
it cause wrong routes like:
route = d
route = e
route = f
route = a
route = u
route = l
route = t
Fix it
|
|
firewall: T478: Fix firewall group circular dependency check
|
|
|
|
T4805: Restart pppoe-server if client pool was changed
|
|
T4825: Verify if you are trying to add a new vethX to exists pair
|
|
|
|
Verify if you are trying to add a new vethX to exists pair:
set int virtual-ethernet veth0 peer-name 'veth1'
set int virtual-ethernet veth1 peer-name 'veth0'
set int virtual-ethernet veth12 peer-name 'veth0'
Verify veth-name and peer-name cannot be the same:
set interfaces virtual-ethernet veth0 peer-name veth0
|
|
Some changes for 'service pppoe-server' require 'restart' the
accel-ppp@pppoe.service
But we use option 'reload-or-restart' that doesn't work correctly
with 'accel-ppp'
Restart pppoe-server if client pool was changed
|
|
|
|
|
|
|
|
|
|
Prevent to delete interface "vethX" which used for another
interface as "vethY peer-name vethX"
set interfaces virtual-ethernet veth0 peer-name 'veth1'
set interfaces virtual-ethernet veth1 peer-name 'veth0'
commit
delete interfaces virtual-ethernet veth0
commit
|
|
|
|
Add interface type veth (Virtual ethernet)
One of the usecases it's interconnect different vrf's and
default vrf via bridge
set interfaces virtual-ethernet veth0 peer-name 'veth1010'
set interfaces virtual-ethernet veth1010 address '10.0.0.10/24'
set interfaces virtual-ethernet veth1010 peer-name 'veth0'
set interfaces virtual-ethernet veth1010 vrf 'foo'
set interfaces bridge br0 address '10.0.0.1/24'
set interfaces bridge br0 member interface veth0
|
|
route-map action 'deny' cannot be used for "continue"
as FRR does not validate it
r14(config)# route-map FOO permit 100
r14(config-route-map)# route-map FOO deny 50
r14(config-route-map)# on-match goto 100
% Configuration failed.
Error type: validation
r14(config-route-map)#
|
|
firewall: T4821: correct calling of conf_mode script dependencies
|
|
T4793: Added warning about disable-route-autoinstall
|
|
Added warning message about disable-route-autoinstall
when ipsec vti is used.
|
|
|
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
Size of /dev/shm within a container can be defined via --shm-size when invoking
the container. Add corresponding CLI node.
|
|
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT
|
|
|
|
`fqdn` node
|
|
This enabled users to also use 2FA/MFA authentication with a radius backend as
there is enough time to enter the second factor.
|
|
wireguard: T4774: Prevent duplicate peer public keys
|
|
* ExecStop action with defined timeout allows for quicker reboot/shutdown with containers
|
|
|
|
|
|
|
|
|
|
http-api: T4749: transition to config_dict for conf_mode http-api.py
|
|
|
|
Move default values of TOTP configuration from a global to a per user setting.
This makes the entire code easier as no global configuration must be blended
into the per user config dict.
Also it should be possible to set the authentication window "multiple concurrent
keys" individual per user.
set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq'
set system login user vyos authentication plaintext-password 'vyos'
|
|
|
|
Telegraf checks the firewall table 'vyos_filter' but it we don't
have any firewall in the system we don't have this table by default
It cause commit error for "service monitoring"
Add exception if the table "vyos_filter" is not found
|
|
BGP directly connected neighbors (interface neighbors) do not
compatible with ebgp-multihop option
|
|
system login: T874: add 2FA support for local and ssh authentication
|
|
|
|
ssh: T4716: Ability to configure RekeyLimit data and time
|
|
Ability to configure SSH RekeyLimit data (in Megabytes) and
time (in Minutes)
set service ssh rekey data 1024
set service ssh rekey time 60
|
|
In this commit we add OSPF segment routing, smoke tests, handlers,
FRR template changes, and CLI commands.
|
|
policy: T4660: Changed CLI syntax in route-map set community
|
|
|
|
Changed CLI syntax in route-map set community,
set large-community, set extcommunity
Allows to add multiple communities, large-communities
and extcommunities in clear view.
Added new well-known communities.
Added non-transitive feature in extcommunities.
Fixed community's validators.
|
|
|
|
login: T4715: Auto logout user after inactivity
|
|
Ability to terminate interactive sessions (TTY/PTS) after a period
of inactivity.
set system login timeout '300'
|
|
This adds a new 'alias' property to the console-server device definition
to allow users to connect to a console using a human-readable name
rather than just the device name.
For a configuration like:
service {
console-server {
device ttyUSB0 {
speed 115200
alias my-server
}
}
}
Users can connect either by doing `connect console ttyUSB0`, or
`connect console my-server`.
Names:
* Must be unique
* Are limited to 128 characters
* Are optional - if not specified, only the `connect console ttyX`
form can be used
|