diff options
author | Christian Breunig <christian@breunig.cc> | 2024-06-26 15:36:40 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-06-26 21:47:09 +0200 |
commit | 85c8399b6f8cf0d999076bddaba09c1cc9088917 (patch) | |
tree | da914230b3c6e6ab9372bae73217d4ea0e20f49e | |
parent | 89d930aee010514431302975c90b28b9f8c5a8d9 (diff) | |
download | vyos-1x-85c8399b6f8cf0d999076bddaba09c1cc9088917.tar.gz vyos-1x-85c8399b6f8cf0d999076bddaba09c1cc9088917.zip |
smoketest: T6510: add missing config-test verification steps
Validate if the migrators performed correctly by comparing it to a known good
result file containing all the required `set` commands
45 files changed, 4000 insertions, 327 deletions
diff --git a/smoketest/bin/vyos-configtest-pki b/smoketest/bin/vyos-configtest-pki index e753193e9..0f9ecdd41 100755 --- a/smoketest/bin/vyos-configtest-pki +++ b/smoketest/bin/vyos-configtest-pki @@ -25,9 +25,9 @@ from vyos.pki import encode_dh_parameters from vyos.pki import encode_private_key from vyos.utils.file import write_file -subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'vyos'} -ca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'vyos CA'} -subca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'vyos SubCA'} +subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS'} +ca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS CA'} +subca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS SubCA'} ca_cert = '/config/auth/ovpn_test_ca.pem' ca_key = '/config/auth/ovpn_test_ca.key' diff --git a/smoketest/config-tests/basic-api-service b/smoketest/config-tests/basic-api-service index dc54929b9..3f796f35d 100644 --- a/smoketest/config-tests/basic-api-service +++ b/smoketest/config-tests/basic-api-service @@ -1,16 +1,28 @@ set interfaces ethernet eth0 address '192.0.2.1/31' set interfaces ethernet eth0 address '2001:db8::1234/64' +set interfaces ethernet eth0 offload gro set interfaces loopback lo -set service ntp server time1.vyos.net -set service ntp server time2.vyos.net -set service ntp server time3.vyos.net set service https allow-client address '172.16.0.0/12' set service https allow-client address '192.168.0.0/16' set service https allow-client address '10.0.0.0/8' set service https allow-client address '2001:db8::/32' set service https api keys id 1 key 'S3cur3' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system console device ttyS0 speed '115200' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos index d676c663d..6ff28ec2e 100644 --- a/smoketest/config-tests/basic-vyos +++ b/smoketest/config-tests/basic-vyos @@ -1,5 +1,14 @@ set interfaces ethernet eth0 address '192.168.0.1/24' set interfaces ethernet eth0 address 'fe88::1/56' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 offload gro +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth2 duplex 'auto' +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth2 speed 'auto' set interfaces ethernet eth2 vif 100 address '100.100.0.1/24' set interfaces ethernet eth2 vif-s 200 address '100.64.200.254/24' set interfaces ethernet eth2 vif-s 200 vif-c 201 address '100.64.201.254/24' @@ -19,17 +28,6 @@ set protocols static arp interface eth2.200.201 address 100.64.201.20 mac '00:50 set protocols static arp interface eth2.200.202 address 100.64.202.30 mac '00:50:00:00:00:30' set protocols static arp interface eth2.200.202 address 100.64.202.40 mac '00:50:00:00:00:40' set protocols static route 0.0.0.0/0 next-hop 100.64.0.1 -set service ssh ciphers 'aes128-ctr' -set service ssh ciphers 'aes192-ctr' -set service ssh ciphers 'aes256-ctr' -set service ssh ciphers 'chacha20-poly1305@openssh.com' -set service ssh ciphers 'rijndael-cbc@lysator.liu.se' -set service ssh key-exchange 'curve25519-sha256@libssh.org' -set service ssh key-exchange 'diffie-hellman-group1-sha1' -set service ssh key-exchange 'diffie-hellman-group-exchange-sha1' -set service ssh key-exchange 'diffie-hellman-group-exchange-sha256' -set service ssh listen-address '192.168.0.1' -set service ssh port '22' set service dhcp-server shared-network-name LAN authoritative set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option default-router '192.168.0.1' set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option domain-name 'vyos.net' @@ -66,19 +64,40 @@ set service dns forwarding allow-from '192.168.0.0/16' set service dns forwarding cache-size '10000' set service dns forwarding dnssec 'off' set service dns forwarding listen-address '192.168.0.1' +set service ssh ciphers 'aes128-ctr' +set service ssh ciphers 'aes192-ctr' +set service ssh ciphers 'aes256-ctr' +set service ssh ciphers 'chacha20-poly1305@openssh.com' +set service ssh ciphers 'rijndael-cbc@lysator.liu.se' +set service ssh key-exchange 'curve25519-sha256@libssh.org' +set service ssh key-exchange 'diffie-hellman-group1-sha1' +set service ssh key-exchange 'diffie-hellman-group-exchange-sha1' +set service ssh key-exchange 'diffie-hellman-group-exchange-sha256' +set service ssh listen-address '192.168.0.1' +set service ssh port '22' set system config-management commit-revisions '100' set system conntrack ignore ipv4 rule 1 destination address '192.0.2.2' set system conntrack ignore ipv4 rule 1 source address '192.0.2.1' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' set system name-server '192.168.0.1' -set system syslog global facility auth level 'info' -set system syslog global preserve-fqdn set system syslog console facility all level 'emerg' set system syslog console facility mail level 'info' +set system syslog global facility all level 'info' +set system syslog global facility auth level 'info' +set system syslog global facility local7 level 'debug' +set system syslog global preserve-fqdn set system syslog host syslog.vyos.net facility auth level 'warning' set system syslog host syslog.vyos.net facility local7 level 'notice' set system syslog host syslog.vyos.net format octet-counted set system syslog host syslog.vyos.net port '8000' -set system console device ttyS0 speed '115200' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/bgp-azure-ipsec-gateway b/smoketest/config-tests/bgp-azure-ipsec-gateway new file mode 100644 index 000000000..bbd7b961f --- /dev/null +++ b/smoketest/config-tests/bgp-azure-ipsec-gateway @@ -0,0 +1,231 @@ +set firewall global-options all-ping 'enable' +set firewall global-options broadcast-ping 'disable' +set firewall global-options ip-src-route 'disable' +set firewall global-options ipv6-receive-redirects 'disable' +set firewall global-options ipv6-src-route 'disable' +set firewall global-options log-martians 'disable' +set firewall global-options receive-redirects 'disable' +set firewall global-options send-redirects 'enable' +set firewall global-options source-validation 'disable' +set firewall global-options syn-cookies 'enable' +set firewall global-options twa-hazards-protection 'disable' +set high-availability vrrp group DMZ-VLAN-3962 address 192.168.34.36/27 +set high-availability vrrp group DMZ-VLAN-3962 interface 'eth1' +set high-availability vrrp group DMZ-VLAN-3962 preempt-delay '180' +set high-availability vrrp group DMZ-VLAN-3962 priority '200' +set high-availability vrrp group DMZ-VLAN-3962 vrid '62' +set interfaces ethernet eth0 address '192.0.2.189/27' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 address '192.168.34.37/27' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 offload gro +set interfaces ethernet eth1 speed 'auto' +set interfaces loopback lo +set interfaces vti vti31 ip adjust-mss '1350' +set interfaces vti vti32 ip adjust-mss '1350' +set interfaces vti vti41 ip adjust-mss '1350' +set interfaces vti vti42 ip adjust-mss '1350' +set interfaces vti vti51 ip adjust-mss '1350' +set interfaces vti vti52 ip adjust-mss '1350' +set policy prefix-list AZURE-BGP-IPv4-in description 'Prefixes received from Azure' +set policy prefix-list AZURE-BGP-IPv4-in rule 100 action 'permit' +set policy prefix-list AZURE-BGP-IPv4-in rule 100 le '32' +set policy prefix-list AZURE-BGP-IPv4-in rule 100 prefix '100.64.0.0/10' +set policy prefix-list ONPREM-BGP-IPv4-out description 'Prefixes allowed to be announced into Azure' +set policy prefix-list ONPREM-BGP-IPv4-out rule 100 action 'permit' +set policy prefix-list ONPREM-BGP-IPv4-out rule 100 prefix '10.0.0.0/8' +set policy prefix-list ONPREM-BGP-IPv4-out rule 200 action 'permit' +set policy prefix-list ONPREM-BGP-IPv4-out rule 200 prefix '172.16.0.0/12' +set policy prefix-list ONPREM-BGP-IPv4-out rule 300 action 'permit' +set policy prefix-list ONPREM-BGP-IPv4-out rule 300 prefix '192.168.0.0/16' +set protocols bgp address-family ipv4-unicast network 10.0.0.0/8 +set protocols bgp address-family ipv4-unicast network 172.16.0.0/12 +set protocols bgp address-family ipv4-unicast network 192.168.0.0/16 +set protocols bgp neighbor 100.66.8.36 peer-group 'AZURE' +set protocols bgp neighbor 100.66.8.36 remote-as '64517' +set protocols bgp neighbor 100.66.8.37 peer-group 'AZURE' +set protocols bgp neighbor 100.66.8.37 remote-as '64517' +set protocols bgp neighbor 100.66.24.36 peer-group 'AZURE' +set protocols bgp neighbor 100.66.24.36 remote-as '64513' +set protocols bgp neighbor 100.66.24.37 peer-group 'AZURE' +set protocols bgp neighbor 100.66.24.37 remote-as '64513' +set protocols bgp neighbor 100.66.40.36 peer-group 'AZURE' +set protocols bgp neighbor 100.66.40.36 remote-as '64515' +set protocols bgp neighbor 100.66.40.37 peer-group 'AZURE' +set protocols bgp neighbor 100.66.40.37 remote-as '64515' +set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast nexthop-self +set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast soft-reconfiguration inbound +set protocols bgp neighbor 192.168.34.38 capability dynamic +set protocols bgp neighbor 192.168.34.38 password 'VyOSR0xx123' +set protocols bgp neighbor 192.168.34.38 remote-as '65522' +set protocols bgp neighbor 192.168.34.38 update-source 'eth1' +set protocols bgp peer-group AZURE address-family ipv4-unicast maximum-prefix '50' +set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list export 'ONPREM-BGP-IPv4-out' +set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list import 'AZURE-BGP-IPv4-in' +set protocols bgp peer-group AZURE ebgp-multihop '2' +set protocols bgp peer-group AZURE update-source 'eth1' +set protocols bgp system-as '65522' +set protocols bgp timers holdtime '30' +set protocols bgp timers keepalive '5' +set protocols static route 0.0.0.0/0 next-hop 192.168.34.33 +set protocols static route 51.105.0.0/16 next-hop 192.0.2.161 +set protocols static route 52.143.0.0/16 next-hop 192.0.2.161 +set protocols static route 100.66.8.36/32 interface vti31 +set protocols static route 100.66.8.36/32 interface vti32 +set protocols static route 100.66.8.37/32 interface vti31 +set protocols static route 100.66.8.37/32 interface vti32 +set protocols static route 100.66.24.36/32 interface vti41 +set protocols static route 100.66.24.36/32 interface vti42 +set protocols static route 100.66.24.37/32 interface vti41 +set protocols static route 100.66.24.37/32 interface vti42 +set protocols static route 100.66.40.36/32 interface vti51 +set protocols static route 100.66.40.36/32 interface vti52 +set protocols static route 100.66.40.37/32 interface vti51 +set protocols static route 100.66.40.37/32 interface vti52 +set protocols static route 195.137.175.0/24 next-hop 192.0.2.161 +set protocols static route 212.23.159.0/26 next-hop 192.0.2.161 +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 192.0.2.254 +set service snmp v3 engineid 'ff42' +set service snmp v3 group default mode 'ro' +set service snmp v3 group default seclevel 'priv' +set service snmp v3 group default view 'default' +set service snmp v3 user VyOS auth encrypted-password '1ad73f4620b8c0dd2de066622f875b161a14adad' +set service snmp v3 user VyOS auth type 'sha' +set service snmp v3 user VyOS group 'default' +set service snmp v3 user VyOS privacy encrypted-password '1ad73f4620b8c0dd2de066622f875b16' +set service snmp v3 user VyOS privacy type 'aes' +set service snmp v3 view default oid 1 +set service ssh disable-host-validation +set service ssh port '22' +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system flow-accounting interface 'eth1' +set system flow-accounting interface 'vti31' +set system flow-accounting interface 'vti32' +set system flow-accounting interface 'vti41' +set system flow-accounting interface 'vti42' +set system flow-accounting interface 'vti51' +set system flow-accounting interface 'vti52' +set system flow-accounting netflow server 10.0.1.1 port '2055' +set system flow-accounting netflow source-address '192.168.34.37' +set system flow-accounting netflow version '10' +set system flow-accounting syslog-facility 'daemon' +set system host-name 'azure-gw-01' +set system login radius server 192.0.2.253 key 'secret1234' +set system login radius server 192.0.2.253 port '1812' +set system login radius server 192.0.2.253 timeout '2' +set system login radius server 192.0.2.254 key 'secret1234' +set system login radius server 192.0.2.254 port '1812' +set system login radius server 192.0.2.254 timeout '2' +set system login radius source-address '192.168.34.37' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system logs logrotate messages max-size '20' +set system logs logrotate messages rotate '10' +set system name-server '192.0.2.254' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system syslog host 10.0.9.188 facility all level 'info' +set system syslog host 10.0.9.188 protocol 'udp' +set system time-zone 'Europe/Berlin' +set vpn ipsec authentication psk peer_51-105-0-1 id '51.105.0.1' +set vpn ipsec authentication psk peer_51-105-0-1 id '192.0.2.189' +set vpn ipsec authentication psk peer_51-105-0-1 secret 'averysecretpsktowardsazure' +set vpn ipsec authentication psk peer_51-105-0-2 id '51.105.0.2' +set vpn ipsec authentication psk peer_51-105-0-2 id '192.0.2.189' +set vpn ipsec authentication psk peer_51-105-0-2 secret 'averysecretpsktowardsazure' +set vpn ipsec authentication psk peer_51-105-0-3 id '51.105.0.3' +set vpn ipsec authentication psk peer_51-105-0-3 id '192.0.2.189' +set vpn ipsec authentication psk peer_51-105-0-3 secret 'averysecretpsktowardsazure' +set vpn ipsec authentication psk peer_51-105-0-4 id '51.105.0.4' +set vpn ipsec authentication psk peer_51-105-0-4 id '192.0.2.189' +set vpn ipsec authentication psk peer_51-105-0-4 secret 'averysecretpsktowardsazure' +set vpn ipsec authentication psk peer_51-105-0-5 id '51.105.0.5' +set vpn ipsec authentication psk peer_51-105-0-5 id '192.0.2.189' +set vpn ipsec authentication psk peer_51-105-0-5 secret 'averysecretpsktowardsazure' +set vpn ipsec authentication psk peer_51-105-0-6 id '51.105.0.6' +set vpn ipsec authentication psk peer_51-105-0-6 id '192.0.2.189' +set vpn ipsec authentication psk peer_51-105-0-6 secret 'averysecretpsktowardsazure' +set vpn ipsec esp-group ESP-AZURE lifetime '27000' +set vpn ipsec esp-group ESP-AZURE mode 'tunnel' +set vpn ipsec esp-group ESP-AZURE pfs 'disable' +set vpn ipsec esp-group ESP-AZURE proposal 1 encryption 'aes256' +set vpn ipsec esp-group ESP-AZURE proposal 1 hash 'sha1' +set vpn ipsec ike-group IKE-AZURE close-action 'none' +set vpn ipsec ike-group IKE-AZURE dead-peer-detection action 'restart' +set vpn ipsec ike-group IKE-AZURE dead-peer-detection interval '2' +set vpn ipsec ike-group IKE-AZURE dead-peer-detection timeout '15' +set vpn ipsec ike-group IKE-AZURE key-exchange 'ikev2' +set vpn ipsec ike-group IKE-AZURE lifetime '27000' +set vpn ipsec ike-group IKE-AZURE proposal 1 dh-group '2' +set vpn ipsec ike-group IKE-AZURE proposal 1 encryption 'aes256' +set vpn ipsec ike-group IKE-AZURE proposal 1 hash 'sha1' +set vpn ipsec interface 'eth0' +set vpn ipsec log level '2' +set vpn ipsec log subsystem 'ike' +set vpn ipsec site-to-site peer peer_51-105-0-1 authentication mode 'pre-shared-secret' +set vpn ipsec site-to-site peer peer_51-105-0-1 authentication remote-id '51.105.0.1' +set vpn ipsec site-to-site peer peer_51-105-0-1 connection-type 'respond' +set vpn ipsec site-to-site peer peer_51-105-0-1 default-esp-group 'ESP-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-1 ike-group 'IKE-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-1 ikev2-reauth 'inherit' +set vpn ipsec site-to-site peer peer_51-105-0-1 local-address '192.0.2.189' +set vpn ipsec site-to-site peer peer_51-105-0-1 remote-address '51.105.0.1' +set vpn ipsec site-to-site peer peer_51-105-0-1 vti bind 'vti51' +set vpn ipsec site-to-site peer peer_51-105-0-2 authentication mode 'pre-shared-secret' +set vpn ipsec site-to-site peer peer_51-105-0-2 authentication remote-id '51.105.0.2' +set vpn ipsec site-to-site peer peer_51-105-0-2 connection-type 'respond' +set vpn ipsec site-to-site peer peer_51-105-0-2 default-esp-group 'ESP-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-2 ike-group 'IKE-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-2 ikev2-reauth 'inherit' +set vpn ipsec site-to-site peer peer_51-105-0-2 local-address '192.0.2.189' +set vpn ipsec site-to-site peer peer_51-105-0-2 remote-address '51.105.0.2' +set vpn ipsec site-to-site peer peer_51-105-0-2 vti bind 'vti52' +set vpn ipsec site-to-site peer peer_51-105-0-3 authentication mode 'pre-shared-secret' +set vpn ipsec site-to-site peer peer_51-105-0-3 authentication remote-id '51.105.0.3' +set vpn ipsec site-to-site peer peer_51-105-0-3 connection-type 'respond' +set vpn ipsec site-to-site peer peer_51-105-0-3 ike-group 'IKE-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-3 ikev2-reauth 'inherit' +set vpn ipsec site-to-site peer peer_51-105-0-3 local-address '192.0.2.189' +set vpn ipsec site-to-site peer peer_51-105-0-3 remote-address '51.105.0.3' +set vpn ipsec site-to-site peer peer_51-105-0-3 vti bind 'vti32' +set vpn ipsec site-to-site peer peer_51-105-0-3 vti esp-group 'ESP-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-4 authentication mode 'pre-shared-secret' +set vpn ipsec site-to-site peer peer_51-105-0-4 authentication remote-id '51.105.0.4' +set vpn ipsec site-to-site peer peer_51-105-0-4 connection-type 'respond' +set vpn ipsec site-to-site peer peer_51-105-0-4 ike-group 'IKE-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-4 ikev2-reauth 'inherit' +set vpn ipsec site-to-site peer peer_51-105-0-4 local-address '192.0.2.189' +set vpn ipsec site-to-site peer peer_51-105-0-4 remote-address '51.105.0.4' +set vpn ipsec site-to-site peer peer_51-105-0-4 vti bind 'vti31' +set vpn ipsec site-to-site peer peer_51-105-0-4 vti esp-group 'ESP-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-5 authentication mode 'pre-shared-secret' +set vpn ipsec site-to-site peer peer_51-105-0-5 authentication remote-id '51.105.0.5' +set vpn ipsec site-to-site peer peer_51-105-0-5 connection-type 'respond' +set vpn ipsec site-to-site peer peer_51-105-0-5 ike-group 'IKE-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-5 ikev2-reauth 'inherit' +set vpn ipsec site-to-site peer peer_51-105-0-5 local-address '192.0.2.189' +set vpn ipsec site-to-site peer peer_51-105-0-5 remote-address '51.105.0.5' +set vpn ipsec site-to-site peer peer_51-105-0-5 vti bind 'vti42' +set vpn ipsec site-to-site peer peer_51-105-0-5 vti esp-group 'ESP-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-6 authentication mode 'pre-shared-secret' +set vpn ipsec site-to-site peer peer_51-105-0-6 authentication remote-id '51.105.0.6' +set vpn ipsec site-to-site peer peer_51-105-0-6 connection-type 'respond' +set vpn ipsec site-to-site peer peer_51-105-0-6 ike-group 'IKE-AZURE' +set vpn ipsec site-to-site peer peer_51-105-0-6 ikev2-reauth 'inherit' +set vpn ipsec site-to-site peer peer_51-105-0-6 local-address '192.0.2.189' +set vpn ipsec site-to-site peer peer_51-105-0-6 remote-address '51.105.0.6' +set vpn ipsec site-to-site peer peer_51-105-0-6 vti bind 'vti41' +set vpn ipsec site-to-site peer peer_51-105-0-6 vti esp-group 'ESP-AZURE' diff --git a/smoketest/config-tests/bgp-bfd-communities b/smoketest/config-tests/bgp-bfd-communities new file mode 100644 index 000000000..6eee0137e --- /dev/null +++ b/smoketest/config-tests/bgp-bfd-communities @@ -0,0 +1,201 @@ +set interfaces ethernet eth0 address '192.0.2.100/25' +set interfaces ethernet eth0 address '2001:db8::ffff/64' +set interfaces ethernet eth0 offload gro +set interfaces loopback lo +set policy large-community-list ANYCAST_ALL rule 10 action 'permit' +set policy large-community-list ANYCAST_ALL rule 10 description 'Allow all anycast from anywhere' +set policy large-community-list ANYCAST_ALL rule 10 regex '4242420696:100:.*' +set policy large-community-list ANYCAST_INT rule 10 action 'permit' +set policy large-community-list ANYCAST_INT rule 10 description 'Allow all anycast from int' +set policy large-community-list ANYCAST_INT rule 10 regex '4242420696:100:1' +set policy prefix-list BGP-BACKBONE-IN description 'Inbound backbone routes from other sites' +set policy prefix-list BGP-BACKBONE-IN rule 10 action 'deny' +set policy prefix-list BGP-BACKBONE-IN rule 10 description 'Block default route' +set policy prefix-list BGP-BACKBONE-IN rule 10 prefix '0.0.0.0/0' +set policy prefix-list BGP-BACKBONE-IN rule 20 action 'deny' +set policy prefix-list BGP-BACKBONE-IN rule 20 description 'Block int primary' +set policy prefix-list BGP-BACKBONE-IN rule 20 ge '21' +set policy prefix-list BGP-BACKBONE-IN rule 20 prefix '192.168.0.0/20' +set policy prefix-list BGP-BACKBONE-IN rule 30 action 'deny' +set policy prefix-list BGP-BACKBONE-IN rule 30 description 'Block loopbacks' +set policy prefix-list BGP-BACKBONE-IN rule 30 ge '25' +set policy prefix-list BGP-BACKBONE-IN rule 30 prefix '192.168.253.0/24' +set policy prefix-list BGP-BACKBONE-IN rule 40 action 'deny' +set policy prefix-list BGP-BACKBONE-IN rule 40 description 'Block backbone peering' +set policy prefix-list BGP-BACKBONE-IN rule 40 ge '25' +set policy prefix-list BGP-BACKBONE-IN rule 40 prefix '192.168.254.0/24' +set policy prefix-list BGP-BACKBONE-IN rule 999 action 'permit' +set policy prefix-list BGP-BACKBONE-IN rule 999 description 'Allow everything else' +set policy prefix-list BGP-BACKBONE-IN rule 999 ge '1' +set policy prefix-list BGP-BACKBONE-IN rule 999 prefix '0.0.0.0/0' +set policy prefix-list BGP-BACKBONE-OUT description 'Outbound backbone routes to other sites' +set policy prefix-list BGP-BACKBONE-OUT rule 10 action 'permit' +set policy prefix-list BGP-BACKBONE-OUT rule 10 description 'Int primary' +set policy prefix-list BGP-BACKBONE-OUT rule 10 ge '23' +set policy prefix-list BGP-BACKBONE-OUT rule 10 prefix '192.168.0.0/20' +set policy prefix-list GLOBAL description 'Globally redistributed routes' +set policy prefix-list GLOBAL rule 10 action 'permit' +set policy prefix-list GLOBAL rule 10 prefix '192.168.100.1/32' +set policy prefix-list GLOBAL rule 20 action 'permit' +set policy prefix-list GLOBAL rule 20 prefix '192.168.7.128/25' +set policy prefix-list6 BGP-BACKBONE-IN-V6 description 'Inbound backbone routes from other sites' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 action 'deny' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 description 'Block default route' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 prefix '::/0' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 action 'deny' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 description 'Block int primary' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 ge '53' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 prefix 'fd52:d62e:8011::/52' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 action 'deny' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 description 'Block peering and stuff' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 ge '53' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 prefix 'fd52:d62e:8011:f000::/52' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 action 'permit' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 description 'Allow everything else' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 ge '1' +set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 prefix '::/0' +set policy prefix-list6 BGP-BACKBONE-OUT-V6 description 'Outbound backbone routes to other sites' +set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 action 'permit' +set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 ge '64' +set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 prefix 'fd52:d62e:8011::/52' +set policy prefix-list6 GLOBAL-V6 description 'Globally redistributed routes' +set policy prefix-list6 GLOBAL-V6 rule 10 action 'permit' +set policy prefix-list6 GLOBAL-V6 rule 10 ge '64' +set policy prefix-list6 GLOBAL-V6 rule 10 prefix 'fd52:d62e:8011:2::/63' +set policy route-map BGP-BACKBONE-IN rule 10 action 'permit' +set policy route-map BGP-BACKBONE-IN rule 10 match ip address prefix-list 'BGP-BACKBONE-IN' +set policy route-map BGP-BACKBONE-IN rule 20 action 'permit' +set policy route-map BGP-BACKBONE-IN rule 20 match ipv6 address prefix-list 'BGP-BACKBONE-IN-V6' +set policy route-map BGP-BACKBONE-IN rule 30 action 'permit' +set policy route-map BGP-BACKBONE-IN rule 30 match large-community large-community-list 'ANYCAST_ALL' +set policy route-map BGP-BACKBONE-OUT rule 10 action 'permit' +set policy route-map BGP-BACKBONE-OUT rule 10 match ip address prefix-list 'BGP-BACKBONE-OUT' +set policy route-map BGP-BACKBONE-OUT rule 20 action 'permit' +set policy route-map BGP-BACKBONE-OUT rule 20 match ipv6 address prefix-list 'BGP-BACKBONE-OUT-V6' +set policy route-map BGP-BACKBONE-OUT rule 30 action 'permit' +set policy route-map BGP-BACKBONE-OUT rule 30 match large-community large-community-list 'ANYCAST_INT' +set policy route-map BGP-BACKBONE-OUT rule 30 set as-path prepend '4242420666' +set policy route-map BGP-REDISTRIBUTE rule 10 action 'permit' +set policy route-map BGP-REDISTRIBUTE rule 10 description 'Prepend AS and allow VPN and modem' +set policy route-map BGP-REDISTRIBUTE rule 10 match ip address prefix-list 'GLOBAL' +set policy route-map BGP-REDISTRIBUTE rule 10 set as-path prepend '4242420666' +set policy route-map BGP-REDISTRIBUTE rule 20 action 'permit' +set policy route-map BGP-REDISTRIBUTE rule 20 description 'Allow VPN' +set policy route-map BGP-REDISTRIBUTE rule 20 match ipv6 address prefix-list 'GLOBAL-V6' +set protocols bfd peer 192.168.253.1 interval receive '50' +set protocols bfd peer 192.168.253.1 interval transmit '50' +set protocols bfd peer 192.168.253.1 multihop +set protocols bfd peer 192.168.253.1 source address '192.168.253.3' +set protocols bfd peer 192.168.253.2 interval receive '50' +set protocols bfd peer 192.168.253.2 interval transmit '50' +set protocols bfd peer 192.168.253.2 multihop +set protocols bfd peer 192.168.253.2 source address '192.168.253.3' +set protocols bfd peer 192.168.253.6 interval receive '50' +set protocols bfd peer 192.168.253.6 interval transmit '50' +set protocols bfd peer 192.168.253.6 multihop +set protocols bfd peer 192.168.253.6 source address '192.168.253.3' +set protocols bfd peer 192.168.253.7 interval receive '50' +set protocols bfd peer 192.168.253.7 interval transmit '50' +set protocols bfd peer 192.168.253.7 multihop +set protocols bfd peer 192.168.253.7 source address '192.168.253.3' +set protocols bfd peer 192.168.253.12 interval receive '100' +set protocols bfd peer 192.168.253.12 interval transmit '100' +set protocols bfd peer 192.168.253.12 multihop +set protocols bfd peer 192.168.253.12 source address '192.168.253.3' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 interval receive '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 interval transmit '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 multihop +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 source address 'fd52:d62e:8011:fffe:192:168:253:3' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 interval receive '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 interval transmit '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 multihop +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 source address 'fd52:d62e:8011:fffe:192:168:253:3' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 interval receive '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 interval transmit '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 multihop +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 source address 'fd52:d62e:8011:fffe:192:168:253:3' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 interval receive '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 interval transmit '50' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 multihop +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 source address 'fd52:d62e:8011:fffe:192:168:253:3' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 interval receive '100' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 interval transmit '100' +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 multihop +set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 source address 'fd52:d62e:8011:fffe:192:168:253:3' +set protocols bgp address-family ipv4-unicast redistribute connected route-map 'BGP-REDISTRIBUTE' +set protocols bgp address-family ipv4-unicast redistribute static route-map 'BGP-REDISTRIBUTE' +set protocols bgp address-family ipv6-unicast redistribute connected route-map 'BGP-REDISTRIBUTE' +set protocols bgp neighbor 192.168.253.1 peer-group 'INT' +set protocols bgp neighbor 192.168.253.2 peer-group 'INT' +set protocols bgp neighbor 192.168.253.6 peer-group 'DAL13' +set protocols bgp neighbor 192.168.253.7 peer-group 'DAL13' +set protocols bgp neighbor 192.168.253.12 address-family ipv4-unicast route-map export 'BGP-BACKBONE-OUT' +set protocols bgp neighbor 192.168.253.12 address-family ipv4-unicast route-map import 'BGP-BACKBONE-IN' +set protocols bgp neighbor 192.168.253.12 address-family ipv4-unicast soft-reconfiguration inbound +set protocols bgp neighbor 192.168.253.12 bfd +set protocols bgp neighbor 192.168.253.12 ebgp-multihop '2' +set protocols bgp neighbor 192.168.253.12 remote-as '4242420669' +set protocols bgp neighbor 192.168.253.12 update-source 'dum0' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:1 peer-group 'INTv6' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:2 peer-group 'INTv6' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:6 peer-group 'DAL13v6' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:7 peer-group 'DAL13v6' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast route-map export 'BGP-BACKBONE-OUT' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast route-map import 'BGP-BACKBONE-IN' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast soft-reconfiguration inbound +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 bfd +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 ebgp-multihop '2' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 remote-as '4242420669' +set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 update-source 'dum0' +set protocols bgp parameters confederation identifier '4242420696' +set protocols bgp parameters confederation peers '4242420668' +set protocols bgp parameters confederation peers '4242420669' +set protocols bgp parameters distance global external '220' +set protocols bgp parameters distance global internal '220' +set protocols bgp parameters distance global local '220' +set protocols bgp parameters graceful-restart +set protocols bgp peer-group DAL13 address-family ipv4-unicast route-map export 'BGP-BACKBONE-OUT' +set protocols bgp peer-group DAL13 address-family ipv4-unicast route-map import 'BGP-BACKBONE-IN' +set protocols bgp peer-group DAL13 address-family ipv4-unicast soft-reconfiguration inbound +set protocols bgp peer-group DAL13 bfd +set protocols bgp peer-group DAL13 ebgp-multihop '2' +set protocols bgp peer-group DAL13 remote-as '4242420668' +set protocols bgp peer-group DAL13 update-source 'dum0' +set protocols bgp peer-group DAL13v6 address-family ipv6-unicast route-map export 'BGP-BACKBONE-OUT' +set protocols bgp peer-group DAL13v6 address-family ipv6-unicast route-map import 'BGP-BACKBONE-IN' +set protocols bgp peer-group DAL13v6 address-family ipv6-unicast soft-reconfiguration inbound +set protocols bgp peer-group DAL13v6 bfd +set protocols bgp peer-group DAL13v6 ebgp-multihop '2' +set protocols bgp peer-group DAL13v6 remote-as '4242420668' +set protocols bgp peer-group DAL13v6 update-source 'dum0' +set protocols bgp peer-group INT address-family ipv4-unicast default-originate +set protocols bgp peer-group INT address-family ipv4-unicast soft-reconfiguration inbound +set protocols bgp peer-group INT bfd +set protocols bgp peer-group INT remote-as '4242420666' +set protocols bgp peer-group INT update-source 'dum0' +set protocols bgp peer-group INTv6 address-family ipv6-unicast default-originate +set protocols bgp peer-group INTv6 address-family ipv6-unicast soft-reconfiguration inbound +set protocols bgp peer-group INTv6 bfd +set protocols bgp peer-group INTv6 remote-as '4242420666' +set protocols bgp peer-group INTv6 update-source 'dum0' +set protocols bgp system-as '4242420666' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set system config-management commit-revisions '200' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud new file mode 100644 index 000000000..8de0cdb02 --- /dev/null +++ b/smoketest/config-tests/bgp-big-as-cloud @@ -0,0 +1,850 @@ +set firewall global-options all-ping 'enable' +set firewall global-options broadcast-ping 'disable' +set firewall global-options ip-src-route 'disable' +set firewall global-options ipv6-receive-redirects 'disable' +set firewall global-options ipv6-src-route 'disable' +set firewall global-options log-martians 'enable' +set firewall global-options receive-redirects 'disable' +set firewall global-options send-redirects 'enable' +set firewall global-options source-validation 'disable' +set firewall global-options syn-cookies 'enable' +set firewall global-options twa-hazards-protection 'disable' +set firewall group address-group bgp-peers-4 address '192.0.68.3' +set firewall group address-group bgp-peers-4 address '192.0.68.2' +set firewall group address-group bgp-peers-4 address '192.0.176.193' +set firewall group address-group bgp-peers-4 address '192.0.52.0-192.0.52.255' +set firewall group address-group bgp-peers-4 address '192.0.53.0-192.0.53.255' +set firewall group address-group bgp-peers-4 address '192.0.16.209' +set firewall group address-group bgp-peers-4 address '192.0.192.0-192.0.192.255' +set firewall group address-group bgp-peers-4 address '192.0.193.0-192.0.193.255' +set firewall group address-group bgp-peers-4 address '192.0.194.0-192.0.194.255' +set firewall group address-group bgp-peers-4 address '192.0.195.0-192.0.195.255' +set firewall group address-group bgp-peers-4 address '192.0.196.0-192.0.196.255' +set firewall group address-group bgp-peers-4 address '192.0.197.0-192.0.197.255' +set firewall group address-group bgp-peers-4 address '192.0.198.0-192.0.198.255' +set firewall group address-group bgp-peers-4 address '192.0.199.0-192.0.199.255' +set firewall group address-group vrrp-peers-4 address '192.0.68.3' +set firewall group address-group vrrp-peers-4 address '192.0.160.3' +set firewall group address-group vrrp-peers-4 address '192.0.98.3' +set firewall group address-group vrrp-peers-4 address '192.0.71.131' +set firewall group address-group vrrp-peers-4 address '192.0.84.67' +set firewall group address-group vrrp-peers-4 address '192.0.71.195' +set firewall group address-group vrrp-peers-4 address '192.0.71.115' +set firewall group address-group vrrp-peers-4 address '192.0.70.195' +set firewall group address-group vrrp-peers-4 address '192.0.70.179' +set firewall group address-group vrrp-peers-4 address '192.0.70.163' +set firewall group address-group vrrp-peers-4 address '192.0.70.147' +set firewall group address-group vrrp-peers-4 address '192.0.70.131' +set firewall group address-group vrrp-peers-4 address '192.0.70.19' +set firewall group address-group vrrp-peers-4 address '192.0.70.3' +set firewall group address-group vrrp-peers-4 address '192.0.71.99' +set firewall group address-group vrrp-peers-4 address '192.0.68.67' +set firewall group address-group vrrp-peers-4 address '192.0.71.67' +set firewall group address-group vrrp-peers-4 address '192.0.71.3' +set firewall group address-group vrrp-peers-4 address '192.0.68.35' +set firewall group address-group vrrp-peers-4 address '192.0.68.131' +set firewall group address-group vrrp-peers-4 address '192.0.69.2' +set firewall group address-group vrrp-peers-4 address '192.0.70.35' +set firewall group address-group vrrp-peers-4 address '192.0.70.67' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:c::3' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:1000::2e9' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::fb' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::fc' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::fd' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::2e' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::3d' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::4a' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::5e' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::7' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::11' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::18' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::20' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::22' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::31' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::58' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::64' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::a5' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::aa' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::ab' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::b0' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::b3' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::bd' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::c' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::d2' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::d3' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:838::1' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::1a27:5051:c09d' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::1a27:5051:c19d' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::20ad:0:1' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2306:0:1' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:1' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:2' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:3' +set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:4' +set firewall group ipv6-address-group vrrp-peers-6 address 'fe80::fe89:15cf' +set firewall group ipv6-network-group AS64512-6 network '2001::/29' +set firewall group network-group AS64512-4 network '192.0.68.0/22' +set firewall group network-group AS64512-4 network '192.0.98.0/24' +set firewall group network-group AS64512-4 network '192.0.160.0/24' +set firewall group network-group AS64512-4 network '192.0.84.0/22' +set firewall ipv4 name management-to-local-4 default-action 'reject' +set firewall ipv4 name management-to-local-4 default-log +set firewall ipv4 name management-to-local-4 rule 500 action 'return' +set firewall ipv4 name management-to-local-4 rule 500 protocol 'icmp' +set firewall ipv4 name management-to-local-4 rule 501 action 'return' +set firewall ipv4 name management-to-local-4 rule 501 destination port '22' +set firewall ipv4 name management-to-local-4 rule 501 protocol 'tcp' +set firewall ipv4 name management-to-local-4 rule 502 action 'return' +set firewall ipv4 name management-to-local-4 rule 502 destination port 'snmp' +set firewall ipv4 name management-to-local-4 rule 502 protocol 'udp' +set firewall ipv4 name management-to-peers-4 default-action 'reject' +set firewall ipv4 name management-to-peers-4 default-log +set firewall ipv4 name management-to-servers-4 default-action 'reject' +set firewall ipv4 name management-to-servers-4 default-log +set firewall ipv4 name peers-to-local-4 default-action 'reject' +set firewall ipv4 name peers-to-local-4 default-log +set firewall ipv4 name peers-to-local-4 rule 500 action 'return' +set firewall ipv4 name peers-to-local-4 rule 500 protocol 'icmp' +set firewall ipv4 name peers-to-local-4 rule 501 action 'return' +set firewall ipv4 name peers-to-local-4 rule 501 protocol 'vrrp' +set firewall ipv4 name peers-to-local-4 rule 501 source group address-group 'vrrp-peers-4' +set firewall ipv4 name peers-to-local-4 rule 502 action 'return' +set firewall ipv4 name peers-to-local-4 rule 502 destination port 'bgp' +set firewall ipv4 name peers-to-local-4 rule 502 protocol 'tcp' +set firewall ipv4 name peers-to-local-4 rule 502 source group address-group 'bgp-peers-4' +set firewall ipv4 name peers-to-local-4 rule 503 action 'return' +set firewall ipv4 name peers-to-local-4 rule 503 protocol 'tcp' +set firewall ipv4 name peers-to-local-4 rule 503 source group address-group 'bgp-peers-4' +set firewall ipv4 name peers-to-local-4 rule 503 source port 'bgp' +set firewall ipv4 name peers-to-management-4 default-action 'reject' +set firewall ipv4 name peers-to-management-4 default-log +set firewall ipv4 name peers-to-servers-4 default-action 'reject' +set firewall ipv4 name peers-to-servers-4 default-log +set firewall ipv4 name peers-to-servers-4 rule 9990 action 'reject' +set firewall ipv4 name peers-to-servers-4 rule 9990 source group network-group 'AS64512-4' +set firewall ipv4 name peers-to-servers-4 rule 9999 action 'return' +set firewall ipv4 name peers-to-servers-4 rule 9999 destination group network-group 'AS64512-4' +set firewall ipv4 name servers-to-local-4 default-action 'reject' +set firewall ipv4 name servers-to-local-4 default-log +set firewall ipv4 name servers-to-local-4 rule 500 action 'return' +set firewall ipv4 name servers-to-local-4 rule 500 protocol 'icmp' +set firewall ipv4 name servers-to-local-4 rule 501 action 'return' +set firewall ipv4 name servers-to-local-4 rule 501 protocol 'vrrp' +set firewall ipv4 name servers-to-local-4 rule 501 source group address-group 'vrrp-peers-4' +set firewall ipv4 name servers-to-local-4 rule 511 action 'return' +set firewall ipv4 name servers-to-local-4 rule 511 protocol 'tcp_udp' +set firewall ipv4 name servers-to-local-4 rule 511 source port '53' +set firewall ipv4 name servers-to-management-4 default-action 'reject' +set firewall ipv4 name servers-to-management-4 default-log +set firewall ipv4 name servers-to-peers-4 default-action 'reject' +set firewall ipv4 name servers-to-peers-4 default-log +set firewall ipv4 name servers-to-peers-4 rule 51 action 'return' +set firewall ipv4 name servers-to-peers-4 rule 51 source group network-group 'AS64512-4' +set firewall ipv6 name management-to-local-6 default-action 'reject' +set firewall ipv6 name management-to-local-6 default-log +set firewall ipv6 name management-to-peers-6 default-action 'reject' +set firewall ipv6 name management-to-peers-6 default-log +set firewall ipv6 name management-to-servers-6 default-action 'reject' +set firewall ipv6 name management-to-servers-6 default-log +set firewall ipv6 name peers-to-local-6 default-action 'reject' +set firewall ipv6 name peers-to-local-6 default-log +set firewall ipv6 name peers-to-local-6 rule 500 action 'return' +set firewall ipv6 name peers-to-local-6 rule 500 protocol 'ipv6-icmp' +set firewall ipv6 name peers-to-local-6 rule 501 action 'return' +set firewall ipv6 name peers-to-local-6 rule 501 protocol 'vrrp' +set firewall ipv6 name peers-to-local-6 rule 501 source group address-group 'vrrp-peers-6' +set firewall ipv6 name peers-to-local-6 rule 502 action 'return' +set firewall ipv6 name peers-to-local-6 rule 502 destination port 'bgp' +set firewall ipv6 name peers-to-local-6 rule 502 protocol 'tcp' +set firewall ipv6 name peers-to-local-6 rule 502 source group address-group 'bgp-peers-6' +set firewall ipv6 name peers-to-local-6 rule 503 action 'return' +set firewall ipv6 name peers-to-local-6 rule 503 protocol 'tcp' +set firewall ipv6 name peers-to-local-6 rule 503 source group address-group 'bgp-peers-6' +set firewall ipv6 name peers-to-local-6 rule 503 source port 'bgp' +set firewall ipv6 name peers-to-management-6 default-action 'reject' +set firewall ipv6 name peers-to-management-6 default-log +set firewall ipv6 name peers-to-servers-6 default-action 'reject' +set firewall ipv6 name peers-to-servers-6 default-log +set firewall ipv6 name peers-to-servers-6 rule 9990 action 'reject' +set firewall ipv6 name peers-to-servers-6 rule 9990 source group network-group 'AS64512-6' +set firewall ipv6 name peers-to-servers-6 rule 9999 action 'return' +set firewall ipv6 name peers-to-servers-6 rule 9999 destination group network-group 'AS64512-6' +set firewall ipv6 name servers-to-local-6 default-action 'reject' +set firewall ipv6 name servers-to-local-6 default-log +set firewall ipv6 name servers-to-local-6 rule 500 action 'return' +set firewall ipv6 name servers-to-local-6 rule 500 protocol 'ipv6-icmp' +set firewall ipv6 name servers-to-local-6 rule 501 action 'return' +set firewall ipv6 name servers-to-local-6 rule 501 protocol 'vrrp' +set firewall ipv6 name servers-to-local-6 rule 501 source group address-group 'vrrp-peers-6' +set firewall ipv6 name servers-to-local-6 rule 511 action 'return' +set firewall ipv6 name servers-to-local-6 rule 511 protocol 'tcp_udp' +set firewall ipv6 name servers-to-local-6 rule 511 source port '53' +set firewall ipv6 name servers-to-management-6 default-action 'reject' +set firewall ipv6 name servers-to-management-6 default-log +set firewall ipv6 name servers-to-peers-6 default-action 'reject' +set firewall ipv6 name servers-to-peers-6 default-log +set firewall ipv6 name servers-to-peers-6 rule 51 action 'return' +set firewall ipv6 name servers-to-peers-6 rule 51 source group network-group 'AS64512-6' +set firewall zone local default-action 'drop' +set firewall zone local from management firewall ipv6-name 'management-to-local-6' +set firewall zone local from management firewall name 'management-to-local-4' +set firewall zone local from peers firewall ipv6-name 'peers-to-local-6' +set firewall zone local from peers firewall name 'peers-to-local-4' +set firewall zone local from servers firewall ipv6-name 'servers-to-local-6' +set firewall zone local from servers firewall name 'servers-to-local-4' +set firewall zone local local-zone +set firewall zone management default-action 'reject' +set firewall zone management from peers firewall ipv6-name 'peers-to-management-6' +set firewall zone management from peers firewall name 'peers-to-management-4' +set firewall zone management from servers firewall ipv6-name 'servers-to-management-6' +set firewall zone management from servers firewall name 'servers-to-management-4' +set firewall zone management interface 'eth0' +set firewall zone peers default-action 'reject' +set firewall zone peers from management firewall ipv6-name 'management-to-peers-6' +set firewall zone peers from management firewall name 'management-to-peers-4' +set firewall zone peers from servers firewall ipv6-name 'servers-to-peers-6' +set firewall zone peers from servers firewall name 'servers-to-peers-4' +set firewall zone peers interface 'eth0.4088' +set firewall zone peers interface 'eth0.4089' +set firewall zone peers interface 'eth0.11' +set firewall zone peers interface 'eth0.838' +set firewall zone peers interface 'eth0.886' +set firewall zone servers default-action 'reject' +set firewall zone servers from management firewall ipv6-name 'management-to-servers-6' +set firewall zone servers from management firewall name 'management-to-servers-4' +set firewall zone servers from peers firewall ipv6-name 'peers-to-servers-6' +set firewall zone servers from peers firewall name 'peers-to-servers-4' +set firewall zone servers interface 'eth0.1001' +set firewall zone servers interface 'eth0.105' +set firewall zone servers interface 'eth0.102' +set firewall zone servers interface 'eth0.1019' +set firewall zone servers interface 'eth0.1014' +set firewall zone servers interface 'eth0.1020' +set firewall zone servers interface 'eth0.1018' +set firewall zone servers interface 'eth0.1013' +set firewall zone servers interface 'eth0.1012' +set firewall zone servers interface 'eth0.1011' +set firewall zone servers interface 'eth0.1010' +set firewall zone servers interface 'eth0.1009' +set firewall zone servers interface 'eth0.1006' +set firewall zone servers interface 'eth0.1005' +set firewall zone servers interface 'eth0.1017' +set firewall zone servers interface 'eth0.1016' +set firewall zone servers interface 'eth0.1002' +set firewall zone servers interface 'eth0.1015' +set firewall zone servers interface 'eth0.1003' +set firewall zone servers interface 'eth0.1004' +set firewall zone servers interface 'eth0.1007' +set firewall zone servers interface 'eth0.1008' +set high-availability vrrp group 11-4 address 192.0.68.1/27 +set high-availability vrrp group 11-4 interface 'eth0.11' +set high-availability vrrp group 11-4 priority '200' +set high-availability vrrp group 11-4 vrid '4' +set high-availability vrrp group 11-6 address 2001:db8:c::1/64 +set high-availability vrrp group 11-6 interface 'eth0.11' +set high-availability vrrp group 11-6 priority '200' +set high-availability vrrp group 11-6 vrid '6' +set high-availability vrrp group 102-4 address 192.0.98.1/24 +set high-availability vrrp group 102-4 interface 'eth0.102' +set high-availability vrrp group 102-4 priority '200' +set high-availability vrrp group 102-4 vrid '4' +set high-availability vrrp group 102-6 address 2001:db8:0:102::1/64 +set high-availability vrrp group 102-6 interface 'eth0.102' +set high-availability vrrp group 102-6 priority '200' +set high-availability vrrp group 102-6 vrid '6' +set high-availability vrrp group 105-4 address 192.0.160.1/24 +set high-availability vrrp group 105-4 interface 'eth0.105' +set high-availability vrrp group 105-4 priority '200' +set high-availability vrrp group 105-4 vrid '4' +set high-availability vrrp group 105-6 address 2001:db8:0:105::1/64 +set high-availability vrrp group 105-6 interface 'eth0.105' +set high-availability vrrp group 105-6 priority '200' +set high-availability vrrp group 105-6 vrid '6' +set high-availability vrrp group 1001-4 address 192.0.68.33/27 +set high-availability vrrp group 1001-4 interface 'eth0.1001' +set high-availability vrrp group 1001-4 priority '200' +set high-availability vrrp group 1001-4 vrid '4' +set high-availability vrrp group 1001-6 address 2001:db8:0:1001::1/64 +set high-availability vrrp group 1001-6 interface 'eth0.1001' +set high-availability vrrp group 1001-6 priority '200' +set high-availability vrrp group 1001-6 vrid '6' +set high-availability vrrp group 1002-4 address 192.0.68.65/26 +set high-availability vrrp group 1002-4 interface 'eth0.1002' +set high-availability vrrp group 1002-4 priority '200' +set high-availability vrrp group 1002-4 vrid '4' +set high-availability vrrp group 1002-6 address 2001:db8:0:1002::1/64 +set high-availability vrrp group 1002-6 interface 'eth0.1002' +set high-availability vrrp group 1002-6 priority '200' +set high-availability vrrp group 1002-6 vrid '6' +set high-availability vrrp group 1003-4 address 192.0.68.129/25 +set high-availability vrrp group 1003-4 interface 'eth0.1003' +set high-availability vrrp group 1003-4 priority '200' +set high-availability vrrp group 1003-4 vrid '4' +set high-availability vrrp group 1003-6 address 2001:db8:0:1003::1/64 +set high-availability vrrp group 1003-6 interface 'eth0.1003' +set high-availability vrrp group 1003-6 priority '200' +set high-availability vrrp group 1003-6 vrid '6' +set high-availability vrrp group 1004-4 address 192.0.69.1/24 +set high-availability vrrp group 1004-4 interface 'eth0.1004' +set high-availability vrrp group 1004-4 priority '200' +set high-availability vrrp group 1004-4 vrid '4' +set high-availability vrrp group 1004-6 address 2001:db8:0:1004::1/64 +set high-availability vrrp group 1004-6 interface 'eth0.1004' +set high-availability vrrp group 1004-6 priority '200' +set high-availability vrrp group 1004-6 vrid '6' +set high-availability vrrp group 1005-4 address 192.0.70.1/28 +set high-availability vrrp group 1005-4 interface 'eth0.1005' +set high-availability vrrp group 1005-4 priority '200' +set high-availability vrrp group 1005-4 vrid '4' +set high-availability vrrp group 1005-6 address 2001:db8:0:1005::1/64 +set high-availability vrrp group 1005-6 interface 'eth0.1005' +set high-availability vrrp group 1005-6 priority '200' +set high-availability vrrp group 1005-6 vrid '6' +set high-availability vrrp group 1006-4 address 192.0.70.17/28 +set high-availability vrrp group 1006-4 interface 'eth0.1006' +set high-availability vrrp group 1006-4 priority '200' +set high-availability vrrp group 1006-4 vrid '4' +set high-availability vrrp group 1006-6 address 2001:db8:0:1006::1/64 +set high-availability vrrp group 1006-6 interface 'eth0.1006' +set high-availability vrrp group 1006-6 priority '200' +set high-availability vrrp group 1006-6 vrid '6' +set high-availability vrrp group 1007-4 address 192.0.70.33/27 +set high-availability vrrp group 1007-4 interface 'eth0.1007' +set high-availability vrrp group 1007-4 priority '200' +set high-availability vrrp group 1007-4 vrid '4' +set high-availability vrrp group 1007-6 address 2001:db8:0:1007::1/64 +set high-availability vrrp group 1007-6 interface 'eth0.1007' +set high-availability vrrp group 1007-6 priority '200' +set high-availability vrrp group 1007-6 vrid '6' +set high-availability vrrp group 1008-4 address 192.0.70.65/26 +set high-availability vrrp group 1008-4 interface 'eth0.1008' +set high-availability vrrp group 1008-4 priority '200' +set high-availability vrrp group 1008-4 vrid '4' +set high-availability vrrp group 1008-6 address 2001:db8:0:1008::1/64 +set high-availability vrrp group 1008-6 interface 'eth0.1008' +set high-availability vrrp group 1008-6 priority '200' +set high-availability vrrp group 1008-6 vrid '6' +set high-availability vrrp group 1009-4 address 192.0.70.129/28 +set high-availability vrrp group 1009-4 interface 'eth0.1009' +set high-availability vrrp group 1009-4 priority '200' +set high-availability vrrp group 1009-4 vrid '4' +set high-availability vrrp group 1009-6 address 2001:db8:0:1009::1/64 +set high-availability vrrp group 1009-6 interface 'eth0.1009' +set high-availability vrrp group 1009-6 priority '200' +set high-availability vrrp group 1009-6 vrid '6' +set high-availability vrrp group 1010-4 address 192.0.70.145/28 +set high-availability vrrp group 1010-4 interface 'eth0.1010' +set high-availability vrrp group 1010-4 priority '200' +set high-availability vrrp group 1010-4 vrid '4' +set high-availability vrrp group 1010-6 address 2001:db8:0:1010::1/64 +set high-availability vrrp group 1010-6 interface 'eth0.1010' +set high-availability vrrp group 1010-6 priority '200' +set high-availability vrrp group 1010-6 vrid '6' +set high-availability vrrp group 1011-4 address 192.0.70.161/28 +set high-availability vrrp group 1011-4 interface 'eth0.1011' +set high-availability vrrp group 1011-4 priority '200' +set high-availability vrrp group 1011-4 vrid '4' +set high-availability vrrp group 1011-6 address 2001:db8:0:1011::1/64 +set high-availability vrrp group 1011-6 interface 'eth0.1011' +set high-availability vrrp group 1011-6 priority '200' +set high-availability vrrp group 1011-6 vrid '6' +set high-availability vrrp group 1012-4 address 192.0.70.177/28 +set high-availability vrrp group 1012-4 interface 'eth0.1012' +set high-availability vrrp group 1012-4 priority '200' +set high-availability vrrp group 1012-4 vrid '4' +set high-availability vrrp group 1012-6 address 2001:db8:0:1012::1/64 +set high-availability vrrp group 1012-6 interface 'eth0.1012' +set high-availability vrrp group 1012-6 priority '200' +set high-availability vrrp group 1012-6 vrid '6' +set high-availability vrrp group 1013-4 address 192.0.70.193/27 +set high-availability vrrp group 1013-4 interface 'eth0.1013' +set high-availability vrrp group 1013-4 priority '200' +set high-availability vrrp group 1013-4 vrid '4' +set high-availability vrrp group 1013-6 address 2001:db8:0:1013::1/64 +set high-availability vrrp group 1013-6 interface 'eth0.1013' +set high-availability vrrp group 1013-6 priority '200' +set high-availability vrrp group 1013-6 vrid '6' +set high-availability vrrp group 1014-4 address 192.0.84.65/26 +set high-availability vrrp group 1014-4 interface 'eth0.1014' +set high-availability vrrp group 1014-4 priority '200' +set high-availability vrrp group 1014-4 vrid '4' +set high-availability vrrp group 1014-6 address 2001:db8:0:1014::1/64 +set high-availability vrrp group 1014-6 interface 'eth0.1014' +set high-availability vrrp group 1014-6 priority '200' +set high-availability vrrp group 1014-6 vrid '6' +set high-availability vrrp group 1015-4 address 192.0.71.1/26 +set high-availability vrrp group 1015-4 interface 'eth0.1015' +set high-availability vrrp group 1015-4 priority '200' +set high-availability vrrp group 1015-4 vrid '4' +set high-availability vrrp group 1015-6 address 2001:db8:0:1015::1/64 +set high-availability vrrp group 1015-6 interface 'eth0.1015' +set high-availability vrrp group 1015-6 priority '200' +set high-availability vrrp group 1015-6 vrid '6' +set high-availability vrrp group 1016-4 address 192.0.71.65/27 +set high-availability vrrp group 1016-4 interface 'eth0.1016' +set high-availability vrrp group 1016-4 priority '200' +set high-availability vrrp group 1016-4 vrid '4' +set high-availability vrrp group 1016-6 address 2001:db8:0:1016::1/64 +set high-availability vrrp group 1016-6 interface 'eth0.1016' +set high-availability vrrp group 1016-6 priority '200' +set high-availability vrrp group 1016-6 vrid '6' +set high-availability vrrp group 1017-4 address 192.0.71.97/28 +set high-availability vrrp group 1017-4 interface 'eth0.1017' +set high-availability vrrp group 1017-4 priority '200' +set high-availability vrrp group 1017-4 vrid '4' +set high-availability vrrp group 1017-6 address 2001:db8:0:1017::1/64 +set high-availability vrrp group 1017-6 interface 'eth0.1017' +set high-availability vrrp group 1017-6 priority '200' +set high-availability vrrp group 1017-6 vrid '6' +set high-availability vrrp group 1018-4 address 192.0.71.113/28 +set high-availability vrrp group 1018-4 interface 'eth0.1018' +set high-availability vrrp group 1018-4 priority '200' +set high-availability vrrp group 1018-4 vrid '4' +set high-availability vrrp group 1018-6 address 2001:db8:0:1018::1/64 +set high-availability vrrp group 1018-6 interface 'eth0.1018' +set high-availability vrrp group 1018-6 priority '200' +set high-availability vrrp group 1018-6 vrid '6' +set high-availability vrrp group 1019-4 address 192.0.71.129/26 +set high-availability vrrp group 1019-4 interface 'eth0.1019' +set high-availability vrrp group 1019-4 priority '200' +set high-availability vrrp group 1019-4 vrid '4' +set high-availability vrrp group 1019-6 address 2001:db8:0:1019::1/64 +set high-availability vrrp group 1019-6 interface 'eth0.1019' +set high-availability vrrp group 1019-6 priority '200' +set high-availability vrrp group 1019-6 vrid '6' +set high-availability vrrp group 1020-4 address 192.0.71.193/26 +set high-availability vrrp group 1020-4 interface 'eth0.1020' +set high-availability vrrp group 1020-4 priority '200' +set high-availability vrrp group 1020-4 vrid '4' +set high-availability vrrp group 1020-6 address 2001:db8:0:1020::1/64 +set high-availability vrrp group 1020-6 interface 'eth0.1020' +set high-availability vrrp group 1020-6 priority '200' +set high-availability vrrp group 1020-6 vrid '6' +set interfaces ethernet eth0 address '192.0.0.11/16' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth0 vif 11 address '192.0.68.2/27' +set interfaces ethernet eth0 vif 11 address '2001:db8:c::2/64' +set interfaces ethernet eth0 vif 102 address '192.0.98.2/24' +set interfaces ethernet eth0 vif 102 address '2001:db8:0:102::2/64' +set interfaces ethernet eth0 vif 105 address '192.0.160.2/24' +set interfaces ethernet eth0 vif 105 address '2001:db8:0:105::2/64' +set interfaces ethernet eth0 vif 838 address '192.0.16.210/30' +set interfaces ethernet eth0 vif 838 address '2001:db8:838::2/64' +set interfaces ethernet eth0 vif 886 address '192.0.193.224/21' +set interfaces ethernet eth0 vif 886 address '2001:db8::3:669:0:1/64' +set interfaces ethernet eth0 vif 1001 address '192.0.68.34/27' +set interfaces ethernet eth0 vif 1001 address '2001:db8:0:1001::2/64' +set interfaces ethernet eth0 vif 1002 address '192.0.68.66/26' +set interfaces ethernet eth0 vif 1002 address '2001:db8:0:1002::2/64' +set interfaces ethernet eth0 vif 1003 address '192.0.68.130/25' +set interfaces ethernet eth0 vif 1003 address '2001:db8:0:1003::2/64' +set interfaces ethernet eth0 vif 1004 address '192.0.69.2/24' +set interfaces ethernet eth0 vif 1004 address '2001:db8:0:1004::2/64' +set interfaces ethernet eth0 vif 1005 address '192.0.70.2/28' +set interfaces ethernet eth0 vif 1005 address '2001:db8:0:1005::2/64' +set interfaces ethernet eth0 vif 1006 address '192.0.70.18/28' +set interfaces ethernet eth0 vif 1006 address '2001:db8:0:1006::2/64' +set interfaces ethernet eth0 vif 1007 address '192.0.70.34/27' +set interfaces ethernet eth0 vif 1007 address '2001:db8:0:1007::2/64' +set interfaces ethernet eth0 vif 1008 address '192.0.70.66/26' +set interfaces ethernet eth0 vif 1008 address '2001:db8:0:1008::2/64' +set interfaces ethernet eth0 vif 1009 address '192.0.70.130/28' +set interfaces ethernet eth0 vif 1009 address '2001:db8:0:1009::2/64' +set interfaces ethernet eth0 vif 1010 address '192.0.70.146/28' +set interfaces ethernet eth0 vif 1010 address '2001:db8:0:1010::2/64' +set interfaces ethernet eth0 vif 1011 address '192.0.70.162/28' +set interfaces ethernet eth0 vif 1011 address '2001:db8:0:1011::2/64' +set interfaces ethernet eth0 vif 1012 address '192.0.70.178/28' +set interfaces ethernet eth0 vif 1012 address '2001:db8:0:1012::2/64' +set interfaces ethernet eth0 vif 1013 address '192.0.70.194/27' +set interfaces ethernet eth0 vif 1013 address '2001:db8:0:1013::3/64' +set interfaces ethernet eth0 vif 1014 address '192.0.84.66/26' +set interfaces ethernet eth0 vif 1014 address '2001:db8:0:1014::2/64' +set interfaces ethernet eth0 vif 1015 address '192.0.71.2/26' +set interfaces ethernet eth0 vif 1015 address '2001:db8:0:1015::2/64' +set interfaces ethernet eth0 vif 1016 address '192.0.71.66/27' +set interfaces ethernet eth0 vif 1016 address '2001:db8:0:1016::2/64' +set interfaces ethernet eth0 vif 1017 address '192.0.71.98/28' +set interfaces ethernet eth0 vif 1017 address '2001:db8:0:1017::2/64' +set interfaces ethernet eth0 vif 1018 address '192.0.71.114/28' +set interfaces ethernet eth0 vif 1018 address '2001:db8:0:1018::2/64' +set interfaces ethernet eth0 vif 1019 address '192.0.71.130/26' +set interfaces ethernet eth0 vif 1019 address '2001:db8:0:1019::2/64' +set interfaces ethernet eth0 vif 1020 address '192.0.71.194/26' +set interfaces ethernet eth0 vif 1020 address '2001:db8:0:1020::2/64' +set interfaces ethernet eth0 vif 4088 address '2001:db8:24::c7/64' +set interfaces ethernet eth0 vif 4088 address '192.0.52.199/23' +set interfaces ethernet eth0 vif 4089 address '192.0.176.194/30' +set interfaces ethernet eth0 vif 4089 address '2001:db8:1000::2ea/126' +set interfaces loopback lo +set policy as-path-list AS64512 rule 10 action 'permit' +set policy as-path-list AS64512 rule 10 regex '^$' +set policy as-path-list AS64513-AS64514 rule 10 action 'permit' +set policy as-path-list AS64513-AS64514 rule 10 regex '^64513 64514$' +set policy prefix-list defaultV4 rule 10 action 'permit' +set policy prefix-list defaultV4 rule 10 prefix '0.0.0.0/0' +set policy prefix-list hostrouteV4 rule 10 action 'permit' +set policy prefix-list hostrouteV4 rule 10 ge '32' +set policy prefix-list hostrouteV4 rule 10 prefix '192.0.160.0/24' +set policy prefix-list hostrouteV4 rule 20 action 'permit' +set policy prefix-list hostrouteV4 rule 20 ge '32' +set policy prefix-list hostrouteV4 rule 20 prefix '192.0.98.0/24' +set policy prefix-list hostrouteV4 rule 30 action 'permit' +set policy prefix-list hostrouteV4 rule 30 ge '32' +set policy prefix-list hostrouteV4 rule 30 prefix '192.0.68.0/22' +set policy prefix-list hostrouteV4 rule 40 action 'permit' +set policy prefix-list hostrouteV4 rule 40 ge '32' +set policy prefix-list hostrouteV4 rule 40 prefix '192.0.84.0/22' +set policy prefix-list privateV4 rule 10 action 'permit' +set policy prefix-list privateV4 rule 10 le '32' +set policy prefix-list privateV4 rule 10 prefix '192.0.0.0/8' +set policy prefix-list privateV4 rule 20 action 'permit' +set policy prefix-list privateV4 rule 20 le '32' +set policy prefix-list privateV4 rule 20 prefix '192.0.0.0/12' +set policy prefix-list privateV4 rule 30 action 'permit' +set policy prefix-list privateV4 rule 30 le '32' +set policy prefix-list privateV4 rule 30 prefix '192.0.0.0/16' +set policy prefix-list vyosV4 rule 10 action 'permit' +set policy prefix-list vyosV4 rule 10 prefix '192.0.160.0/24' +set policy prefix-list vyosV4 rule 20 action 'permit' +set policy prefix-list vyosV4 rule 20 prefix '192.0.98.0/24' +set policy prefix-list vyosV4 rule 30 action 'permit' +set policy prefix-list vyosV4 rule 30 prefix '192.0.68.0/22' +set policy prefix-list vyosV4 rule 40 action 'permit' +set policy prefix-list vyosV4 rule 40 prefix '192.0.84.0/22' +set policy prefix-list6 all6 rule 10 action 'permit' +set policy prefix-list6 all6 rule 10 ge '4' +set policy prefix-list6 all6 rule 10 prefix '2000::/3' +set policy prefix-list6 hostrouteV6 rule 20 action 'permit' +set policy prefix-list6 hostrouteV6 rule 20 ge '128' +set policy prefix-list6 hostrouteV6 rule 20 prefix '2001:db8::/29' +set policy prefix-list6 privateV6 rule 10 action 'permit' +set policy prefix-list6 privateV6 rule 10 prefix 'fc00::/7' +set policy prefix-list6 vyosV6 rule 20 action 'permit' +set policy prefix-list6 vyosV6 rule 20 prefix '2001:db8::/29' +set policy route-map ExportRouteMap rule 5 action 'permit' +set policy route-map ExportRouteMap rule 5 match as-path 'AS64512' +set policy route-map ExportRouteMap rule 5 match ip address prefix-list 'hostrouteV4' +set policy route-map ExportRouteMap rule 5 set community replace '65000:666' +set policy route-map ExportRouteMap rule 10 action 'permit' +set policy route-map ExportRouteMap rule 10 match as-path 'AS64512' +set policy route-map ExportRouteMap rule 10 match ip address prefix-list 'vyosV4' +set policy route-map ExportRouteMap rule 15 action 'permit' +set policy route-map ExportRouteMap rule 15 match as-path 'AS64512' +set policy route-map ExportRouteMap rule 15 match ipv6 address prefix-list 'hostrouteV6' +set policy route-map ExportRouteMap rule 15 set community replace '65000:666' +set policy route-map ExportRouteMap rule 20 action 'permit' +set policy route-map ExportRouteMap rule 20 match as-path 'AS64512' +set policy route-map ExportRouteMap rule 20 match ipv6 address prefix-list 'vyosV6' +set policy route-map ExportRouteMap rule 100 action 'deny' +set policy route-map ExportRouteMapAS64513 rule 5 action 'permit' +set policy route-map ExportRouteMapAS64513 rule 5 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64513 rule 5 match ip address prefix-list 'hostrouteV4' +set policy route-map ExportRouteMapAS64513 rule 5 set community replace '64513:666' +set policy route-map ExportRouteMapAS64513 rule 10 action 'permit' +set policy route-map ExportRouteMapAS64513 rule 10 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64513 rule 10 match ip address prefix-list 'vyosV4' +set policy route-map ExportRouteMapAS64513 rule 15 action 'permit' +set policy route-map ExportRouteMapAS64513 rule 15 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64513 rule 15 match ipv6 address prefix-list 'hostrouteV6' +set policy route-map ExportRouteMapAS64513 rule 15 set community replace '64513:666' +set policy route-map ExportRouteMapAS64513 rule 20 action 'permit' +set policy route-map ExportRouteMapAS64513 rule 20 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64513 rule 20 match ipv6 address prefix-list 'vyosV6' +set policy route-map ExportRouteMapAS64513 rule 100 action 'deny' +set policy route-map ExportRouteMapAS64515 rule 10 action 'permit' +set policy route-map ExportRouteMapAS64515 rule 10 match ipv6 address prefix-list 'all6' +set policy route-map ExportRouteMapAS64515 rule 20 action 'deny' +set policy route-map ExportRouteMapAS64515 rule 20 match ip address prefix-list 'defaultV4' +set policy route-map ExportRouteMapAS64515 rule 100 action 'deny' +set policy route-map ExportRouteMapAS64516 rule 5 action 'permit' +set policy route-map ExportRouteMapAS64516 rule 5 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64516 rule 5 match ip address prefix-list 'hostrouteV4' +set policy route-map ExportRouteMapAS64516 rule 5 set community replace '65000:666' +set policy route-map ExportRouteMapAS64516 rule 10 action 'permit' +set policy route-map ExportRouteMapAS64516 rule 10 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64516 rule 10 match ip address prefix-list 'vyosV4' +set policy route-map ExportRouteMapAS64516 rule 15 action 'permit' +set policy route-map ExportRouteMapAS64516 rule 15 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64516 rule 15 match ipv6 address prefix-list 'hostrouteV6' +set policy route-map ExportRouteMapAS64516 rule 15 set community replace '65000:666' +set policy route-map ExportRouteMapAS64516 rule 20 action 'permit' +set policy route-map ExportRouteMapAS64516 rule 20 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64516 rule 20 match ipv6 address prefix-list 'vyosV6' +set policy route-map ExportRouteMapAS64516 rule 20 set as-path exclude '100 200 300' +set policy route-map ExportRouteMapAS64516 rule 20 set as-path prepend '64512 64512 64512' +set policy route-map ExportRouteMapAS64516 rule 100 action 'deny' +set policy route-map ExportRouteMapAS64517 rule 5 action 'permit' +set policy route-map ExportRouteMapAS64517 rule 5 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64517 rule 5 match ip address prefix-list 'hostrouteV4' +set policy route-map ExportRouteMapAS64517 rule 5 set community replace '64517:666' +set policy route-map ExportRouteMapAS64517 rule 10 action 'permit' +set policy route-map ExportRouteMapAS64517 rule 10 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64517 rule 10 match ip address prefix-list 'vyosV4' +set policy route-map ExportRouteMapAS64517 rule 15 action 'permit' +set policy route-map ExportRouteMapAS64517 rule 15 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64517 rule 15 match ipv6 address prefix-list 'hostrouteV6' +set policy route-map ExportRouteMapAS64517 rule 15 set community replace '64517:666' +set policy route-map ExportRouteMapAS64517 rule 20 action 'permit' +set policy route-map ExportRouteMapAS64517 rule 20 match as-path 'AS64512' +set policy route-map ExportRouteMapAS64517 rule 20 match ipv6 address prefix-list 'vyosV6' +set policy route-map ExportRouteMapAS64517 rule 100 action 'deny' +set policy route-map ImportRouteMap rule 10 action 'deny' +set policy route-map ImportRouteMap rule 10 match ip address prefix-list 'privateV4' +set policy route-map ImportRouteMap rule 15 action 'deny' +set policy route-map ImportRouteMap rule 15 match ipv6 address prefix-list 'privateV6' +set policy route-map ImportRouteMap rule 20 action 'deny' +set policy route-map ImportRouteMap rule 20 match ip address prefix-list 'vyosV4' +set policy route-map ImportRouteMap rule 30 action 'deny' +set policy route-map ImportRouteMap rule 30 match ipv6 address prefix-list 'vyosV6' +set policy route-map ImportRouteMap rule 40 action 'deny' +set policy route-map ImportRouteMap rule 40 match as-path 'AS64512' +set policy route-map ImportRouteMap rule 50 action 'permit' +set policy route-map ImportRouteMap rule 50 match as-path 'AS64513-AS64514' +set policy route-map ImportRouteMap rule 50 set weight '10001' +set policy route-map ImportRouteMap rule 65535 action 'permit' +set protocols bgp address-family ipv4-unicast maximum-paths ebgp '8' +set protocols bgp address-family ipv4-unicast maximum-paths ibgp '16' +set protocols bgp address-family ipv4-unicast network 192.0.68.0/22 +set protocols bgp address-family ipv4-unicast network 192.0.84.0/22 +set protocols bgp address-family ipv4-unicast network 192.0.98.0/24 +set protocols bgp address-family ipv4-unicast network 192.0.160.0/24 +set protocols bgp address-family ipv4-unicast redistribute static route-map 'ExportRouteMap' +set protocols bgp address-family ipv6-unicast network 2001:db8::/29 +set protocols bgp address-family ipv6-unicast redistribute static route-map 'ExportRouteMap' +set protocols bgp neighbor 192.0.16.209 address-family ipv4-unicast route-map export 'ExportRouteMapAS64516' +set protocols bgp neighbor 192.0.16.209 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.16.209 remote-as '64501' +set protocols bgp neighbor 192.0.52.12 address-family ipv4-unicast maximum-prefix '300' +set protocols bgp neighbor 192.0.52.12 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.12 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.12 remote-as '64511' +set protocols bgp neighbor 192.0.52.17 address-family ipv4-unicast maximum-prefix '75' +set protocols bgp neighbor 192.0.52.17 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.17 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.17 password 'vyosvyos' +set protocols bgp neighbor 192.0.52.17 remote-as '64512' +set protocols bgp neighbor 192.0.52.24 address-family ipv4-unicast maximum-prefix '300' +set protocols bgp neighbor 192.0.52.24 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.24 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.24 remote-as '64513' +set protocols bgp neighbor 192.0.52.32 address-family ipv4-unicast maximum-prefix '50' +set protocols bgp neighbor 192.0.52.32 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.32 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.32 password 'vyosfoooo' +set protocols bgp neighbor 192.0.52.32 remote-as '64514' +set protocols bgp neighbor 192.0.52.34 address-family ipv4-unicast maximum-prefix '10' +set protocols bgp neighbor 192.0.52.34 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.34 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.34 remote-as '64515' +set protocols bgp neighbor 192.0.52.46 address-family ipv4-unicast maximum-prefix '10' +set protocols bgp neighbor 192.0.52.46 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.46 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.46 remote-as '64516' +set protocols bgp neighbor 192.0.52.49 address-family ipv4-unicast maximum-prefix '75' +set protocols bgp neighbor 192.0.52.49 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.49 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.49 password 'secret' +set protocols bgp neighbor 192.0.52.49 remote-as '64517' +set protocols bgp neighbor 192.0.52.74 address-family ipv4-unicast maximum-prefix '15000' +set protocols bgp neighbor 192.0.52.74 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.74 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.74 password 'secretvyos' +set protocols bgp neighbor 192.0.52.74 remote-as '64518' +set protocols bgp neighbor 192.0.52.94 address-family ipv4-unicast maximum-prefix '250' +set protocols bgp neighbor 192.0.52.94 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.94 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.94 remote-as '64519' +set protocols bgp neighbor 192.0.52.100 address-family ipv4-unicast maximum-prefix '50' +set protocols bgp neighbor 192.0.52.100 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.100 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.100 remote-as '64520' +set protocols bgp neighbor 192.0.52.119 address-family ipv4-unicast maximum-prefix '30' +set protocols bgp neighbor 192.0.52.119 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.119 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.119 remote-as '64521' +set protocols bgp neighbor 192.0.52.165 address-family ipv4-unicast maximum-prefix '50' +set protocols bgp neighbor 192.0.52.165 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.165 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.165 remote-as '64522' +set protocols bgp neighbor 192.0.52.170 address-family ipv4-unicast maximum-prefix '150000' +set protocols bgp neighbor 192.0.52.170 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.170 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.170 remote-as '64523' +set protocols bgp neighbor 192.0.52.171 address-family ipv4-unicast maximum-prefix '10000' +set protocols bgp neighbor 192.0.52.171 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.171 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.171 remote-as '64524' +set protocols bgp neighbor 192.0.52.179 address-family ipv4-unicast maximum-prefix '20' +set protocols bgp neighbor 192.0.52.179 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.179 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.179 remote-as '64525' +set protocols bgp neighbor 192.0.52.189 address-family ipv4-unicast maximum-prefix '1000' +set protocols bgp neighbor 192.0.52.189 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.189 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.189 remote-as '64526' +set protocols bgp neighbor 192.0.52.210 address-family ipv4-unicast maximum-prefix '15' +set protocols bgp neighbor 192.0.52.210 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.210 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.210 remote-as '64527' +set protocols bgp neighbor 192.0.52.211 address-family ipv4-unicast maximum-prefix '15' +set protocols bgp neighbor 192.0.52.211 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.211 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.211 remote-as '64528' +set protocols bgp neighbor 192.0.52.251 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.251 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.251 address-family ipv4-unicast weight '1010' +set protocols bgp neighbor 192.0.52.251 remote-as '64529' +set protocols bgp neighbor 192.0.52.252 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.52.252 address-family ipv4-unicast weight '1010' +set protocols bgp neighbor 192.0.52.252 remote-as '64530' +set protocols bgp neighbor 192.0.52.253 address-family ipv4-unicast route-map export 'ExportRouteMapAS64515' +set protocols bgp neighbor 192.0.52.253 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.52.253 passive +set protocols bgp neighbor 192.0.52.253 remote-as '64531' +set protocols bgp neighbor 192.0.68.3 address-family ipv4-unicast nexthop-self +set protocols bgp neighbor 192.0.68.3 address-family ipv4-unicast soft-reconfiguration inbound +set protocols bgp neighbor 192.0.68.3 remote-as '64532' +set protocols bgp neighbor 192.0.68.3 update-source '192.0.68.2' +set protocols bgp neighbor 192.0.176.193 address-family ipv4-unicast route-map export 'ExportRouteMapAS64516' +set protocols bgp neighbor 192.0.176.193 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.176.193 remote-as '64510' +set protocols bgp neighbor 192.0.192.6 address-family ipv4-unicast maximum-prefix '100' +set protocols bgp neighbor 192.0.192.6 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.192.6 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.192.6 remote-as '64502' +set protocols bgp neighbor 192.0.192.157 address-family ipv4-unicast maximum-prefix '350000' +set protocols bgp neighbor 192.0.192.157 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.192.157 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.192.157 remote-as '64503' +set protocols bgp neighbor 192.0.192.228 address-family ipv4-unicast maximum-prefix '10000' +set protocols bgp neighbor 192.0.192.228 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.192.228 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.192.228 remote-as '64504' +set protocols bgp neighbor 192.0.193.157 address-family ipv4-unicast maximum-prefix '350000' +set protocols bgp neighbor 192.0.193.157 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.193.157 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.193.157 remote-as '64505' +set protocols bgp neighbor 192.0.193.202 address-family ipv4-unicast maximum-prefix '10000' +set protocols bgp neighbor 192.0.193.202 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.193.202 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.193.202 remote-as '64506' +set protocols bgp neighbor 192.0.193.223 address-family ipv4-unicast maximum-prefix '10000' +set protocols bgp neighbor 192.0.193.223 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.193.223 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.193.223 remote-as '64507' +set protocols bgp neighbor 192.0.194.161 address-family ipv4-unicast maximum-prefix '10000' +set protocols bgp neighbor 192.0.194.161 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.194.161 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.194.161 remote-as '64508' +set protocols bgp neighbor 192.0.194.171 address-family ipv4-unicast maximum-prefix '10000' +set protocols bgp neighbor 192.0.194.171 address-family ipv4-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 192.0.194.171 address-family ipv4-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 192.0.194.171 remote-as '64509' +set protocols bgp neighbor 2001:db8:24::2e address-family ipv6-unicast maximum-prefix '5' +set protocols bgp neighbor 2001:db8:24::2e address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::2e address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::2e password 'vyossecret' +set protocols bgp neighbor 2001:db8:24::2e remote-as '64535' +set protocols bgp neighbor 2001:db8:24::4a address-family ipv6-unicast maximum-prefix '1000' +set protocols bgp neighbor 2001:db8:24::4a address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::4a address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::4a remote-as '64536' +set protocols bgp neighbor 2001:db8:24::5e address-family ipv6-unicast maximum-prefix '200' +set protocols bgp neighbor 2001:db8:24::5e address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::5e address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::5e remote-as '64537' +set protocols bgp neighbor 2001:db8:24::11 address-family ipv6-unicast maximum-prefix '20' +set protocols bgp neighbor 2001:db8:24::11 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::11 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::11 remote-as '64538' +set protocols bgp neighbor 2001:db8:24::18 address-family ipv6-unicast maximum-prefix '300' +set protocols bgp neighbor 2001:db8:24::18 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::18 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::18 remote-as '64539' +set protocols bgp neighbor 2001:db8:24::20 address-family ipv6-unicast maximum-prefix '10' +set protocols bgp neighbor 2001:db8:24::20 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::20 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::20 remote-as '64540' +set protocols bgp neighbor 2001:db8:24::22 address-family ipv6-unicast maximum-prefix '5' +set protocols bgp neighbor 2001:db8:24::22 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::22 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::22 remote-as '64541' +set protocols bgp neighbor 2001:db8:24::31 address-family ipv6-unicast maximum-prefix '20' +set protocols bgp neighbor 2001:db8:24::31 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::31 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::31 remote-as '64542' +set protocols bgp neighbor 2001:db8:24::58 address-family ipv6-unicast maximum-prefix '15' +set protocols bgp neighbor 2001:db8:24::58 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::58 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::58 remote-as '64543' +set protocols bgp neighbor 2001:db8:24::64 address-family ipv6-unicast maximum-prefix '10' +set protocols bgp neighbor 2001:db8:24::64 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::64 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::64 password 'geheim' +set protocols bgp neighbor 2001:db8:24::64 remote-as '64544' +set protocols bgp neighbor 2001:db8:24::a5 address-family ipv6-unicast maximum-prefix '10' +set protocols bgp neighbor 2001:db8:24::a5 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::a5 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::a5 remote-as '64545' +set protocols bgp neighbor 2001:db8:24::aa address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::aa address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::aa remote-as '64546' +set protocols bgp neighbor 2001:db8:24::ab address-family ipv6-unicast maximum-prefix '1800' +set protocols bgp neighbor 2001:db8:24::ab address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::ab address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::ab remote-as '64547' +set protocols bgp neighbor 2001:db8:24::b0 address-family ipv6-unicast maximum-prefix '5' +set protocols bgp neighbor 2001:db8:24::b0 address-family ipv6-unicast route-map export 'ExportRouteMap' +set protocols bgp neighbor 2001:db8:24::b0 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:24::b0 password 'secret123' +set protocols bgp neighbor 2001:db8:24::b0 remote-as '64548' +set protocols bgp neighbor 2001:db8:838::1 address-family ipv6-unicast route-map export 'ExportRouteMapAS64516' +set protocols bgp neighbor 2001:db8:838::1 address-family ipv6-unicast route-map import 'ImportRouteMap' +set protocols bgp neighbor 2001:db8:838::1 remote-as '64533' +set protocols bgp neighbor 2001:db8:c::3 address-family ipv6-unicast nexthop-self +set protocols bgp neighbor 2001:db8:c::3 address-family ipv6-unicast soft-reconfiguration inbound +set protocols bgp neighbor 2001:db8:c::3 remote-as '64534' +set protocols bgp neighbor 2001:db8:c::3 update-source '2001:db8:c::2' +set protocols bgp parameters log-neighbor-changes +set protocols bgp parameters router-id '192.0.68.2' +set protocols bgp system-as '64500' +set protocols static route 192.0.68.0/22 blackhole +set protocols static route 192.0.84.0/22 blackhole +set protocols static route 192.0.98.0/24 blackhole +set protocols static route 192.0.160.0/24 blackhole +set protocols static route6 2001:db8::/29 blackhole +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system flow-accounting disable-imt +set system flow-accounting interface 'eth0.4088' +set system flow-accounting interface 'eth0.4089' +set system flow-accounting netflow engine-id '1' +set system flow-accounting netflow server 192.0.2.55 port '2055' +set system flow-accounting netflow version '9' +set system flow-accounting sflow server 1.2.3.4 port '1234' +set system flow-accounting syslog-facility 'daemon' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '2001:db8::1' +set system name-server '2001:db8::2' +set system name-server '192.0.2.1' +set system name-server '192.0.2.2' +set system syslog global facility all level 'all' +set system syslog global preserve-fqdn +set system time-zone 'Europe/Zurich' diff --git a/smoketest/config-tests/bgp-dmvpn-hub b/smoketest/config-tests/bgp-dmvpn-hub new file mode 100644 index 000000000..30521520a --- /dev/null +++ b/smoketest/config-tests/bgp-dmvpn-hub @@ -0,0 +1,69 @@ +set interfaces ethernet eth0 address '100.64.10.1/31' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth1 duplex 'auto' +set interfaces loopback lo +set interfaces tunnel tun0 address '192.168.254.62/26' +set interfaces tunnel tun0 enable-multicast +set interfaces tunnel tun0 encapsulation 'gre' +set interfaces tunnel tun0 parameters ip key '1' +set interfaces tunnel tun0 source-address '100.64.10.1' +set protocols bgp address-family ipv4-unicast network 172.20.0.0/16 +set protocols bgp neighbor 192.168.254.1 peer-group 'DMVPN' +set protocols bgp neighbor 192.168.254.1 remote-as '65001' +set protocols bgp neighbor 192.168.254.2 peer-group 'DMVPN' +set protocols bgp neighbor 192.168.254.2 remote-as '65002' +set protocols bgp neighbor 192.168.254.3 peer-group 'DMVPN' +set protocols bgp neighbor 192.168.254.3 remote-as '65003' +set protocols bgp parameters log-neighbor-changes +set protocols bgp peer-group DMVPN address-family ipv4-unicast +set protocols bgp system-as '65000' +set protocols bgp timers holdtime '30' +set protocols bgp timers keepalive '10' +set protocols nhrp tunnel tun0 cisco-authentication 'secret' +set protocols nhrp tunnel tun0 holding-time '300' +set protocols nhrp tunnel tun0 multicast 'dynamic' +set protocols nhrp tunnel tun0 redirect +set protocols nhrp tunnel tun0 shortcut +set protocols static route 0.0.0.0/0 next-hop 100.64.10.0 +set protocols static route 172.20.0.0/16 blackhole distance '200' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'cpe-4' +set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' +set system login user vyos authentication plaintext-password '' +set system name-server '1.1.1.1' +set system name-server '8.8.8.8' +set system name-server '9.9.9.9' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set vpn ipsec esp-group ESP-DMVPN lifetime '1800' +set vpn ipsec esp-group ESP-DMVPN mode 'transport' +set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2' +set vpn ipsec esp-group ESP-DMVPN proposal 1 encryption 'aes256' +set vpn ipsec esp-group ESP-DMVPN proposal 1 hash 'sha1' +set vpn ipsec ike-group IKE-DMVPN close-action 'none' +set vpn ipsec ike-group IKE-DMVPN key-exchange 'ikev1' +set vpn ipsec ike-group IKE-DMVPN lifetime '3600' +set vpn ipsec ike-group IKE-DMVPN proposal 1 dh-group '2' +set vpn ipsec ike-group IKE-DMVPN proposal 1 encryption 'aes256' +set vpn ipsec ike-group IKE-DMVPN proposal 1 hash 'sha1' +set vpn ipsec interface 'eth0' +set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' +set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'VyOS-topsecret' +set vpn ipsec profile NHRPVPN bind tunnel 'tun0' +set vpn ipsec profile NHRPVPN esp-group 'ESP-DMVPN' +set vpn ipsec profile NHRPVPN ike-group 'IKE-DMVPN' diff --git a/smoketest/config-tests/bgp-dmvpn-spoke b/smoketest/config-tests/bgp-dmvpn-spoke new file mode 100644 index 000000000..d1c7bc7c0 --- /dev/null +++ b/smoketest/config-tests/bgp-dmvpn-spoke @@ -0,0 +1,75 @@ +set interfaces ethernet eth0 vif 7 description 'PPPoE-UPLINK' +set interfaces ethernet eth1 address '172.17.1.1/24' +set interfaces loopback lo +set interfaces pppoe pppoe1 authentication password 'cpe-1' +set interfaces pppoe pppoe1 authentication username 'cpe-1' +set interfaces pppoe pppoe1 no-peer-dns +set interfaces pppoe pppoe1 source-interface 'eth0.7' +set interfaces tunnel tun0 address '192.168.254.1/26' +set interfaces tunnel tun0 enable-multicast +set interfaces tunnel tun0 encapsulation 'gre' +set interfaces tunnel tun0 parameters ip key '1' +set interfaces tunnel tun0 source-address '0.0.0.0' +set nat source rule 10 log +set nat source rule 10 outbound-interface name 'pppoe1' +set nat source rule 10 source address '172.17.0.0/16' +set nat source rule 10 translation address 'masquerade' +set protocols bgp address-family ipv4-unicast network 172.17.0.0/16 +set protocols bgp neighbor 192.168.254.62 address-family ipv4-unicast +set protocols bgp neighbor 192.168.254.62 remote-as '65000' +set protocols bgp parameters log-neighbor-changes +set protocols bgp system-as '65001' +set protocols bgp timers holdtime '30' +set protocols bgp timers keepalive '10' +set protocols nhrp tunnel tun0 cisco-authentication 'secret' +set protocols nhrp tunnel tun0 holding-time '300' +set protocols nhrp tunnel tun0 map 192.168.254.62/26 nbma-address '100.64.10.1' +set protocols nhrp tunnel tun0 map 192.168.254.62/26 register +set protocols nhrp tunnel tun0 multicast 'nhs' +set protocols nhrp tunnel tun0 redirect +set protocols nhrp tunnel tun0 shortcut +set protocols static route 172.17.0.0/16 blackhole distance '200' +set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 option default-router '172.17.1.1' +set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 option name-server '172.17.1.1' +set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 range 0 start '172.17.1.100' +set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 range 0 stop '172.17.1.200' +set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 subnet-id '1' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'cpe-1' +set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' +set system login user vyos authentication plaintext-password '' +set system name-server '1.1.1.1' +set system name-server '8.8.8.8' +set system name-server '9.9.9.9' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set vpn ipsec esp-group ESP-DMVPN lifetime '1800' +set vpn ipsec esp-group ESP-DMVPN mode 'transport' +set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2' +set vpn ipsec esp-group ESP-DMVPN proposal 1 encryption 'aes256' +set vpn ipsec esp-group ESP-DMVPN proposal 1 hash 'sha1' +set vpn ipsec ike-group IKE-DMVPN close-action 'none' +set vpn ipsec ike-group IKE-DMVPN key-exchange 'ikev1' +set vpn ipsec ike-group IKE-DMVPN lifetime '3600' +set vpn ipsec ike-group IKE-DMVPN proposal 1 dh-group '2' +set vpn ipsec ike-group IKE-DMVPN proposal 1 encryption 'aes256' +set vpn ipsec ike-group IKE-DMVPN proposal 1 hash 'sha1' +set vpn ipsec interface 'pppoe1' +set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' +set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'VyOS-topsecret' +set vpn ipsec profile NHRPVPN bind tunnel 'tun0' +set vpn ipsec profile NHRPVPN esp-group 'ESP-DMVPN' +set vpn ipsec profile NHRPVPN ike-group 'IKE-DMVPN' diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-leaf b/smoketest/config-tests/bgp-evpn-l2vpn-leaf new file mode 100644 index 000000000..315cb9e06 --- /dev/null +++ b/smoketest/config-tests/bgp-evpn-l2vpn-leaf @@ -0,0 +1,55 @@ +set interfaces bridge br100 member interface eth3 +set interfaces bridge br100 member interface vxlan100 +set interfaces dummy dum0 address '172.29.0.1/32' +set interfaces ethernet eth0 address '2001:db8::41/64' +set interfaces ethernet eth0 address '192.0.2.41/27' +set interfaces ethernet eth0 description 'Out-of-Band Managament Port' +set interfaces ethernet eth0 vrf 'MGMT' +set interfaces ethernet eth1 address '172.29.1.1/31' +set interfaces ethernet eth1 mtu '1600' +set interfaces ethernet eth2 address '172.29.2.1/31' +set interfaces ethernet eth2 mtu '1600' +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth3 offload gro +set interfaces loopback lo +set interfaces vxlan vxlan100 mtu '1500' +set interfaces vxlan vxlan100 parameters nolearning +set interfaces vxlan vxlan100 port '8472' +set interfaces vxlan vxlan100 source-address '172.29.0.1' +set interfaces vxlan vxlan100 vni '100' +set protocols bgp address-family ipv4-unicast maximum-paths ibgp '4' +set protocols bgp address-family ipv4-unicast redistribute connected +set protocols bgp address-family l2vpn-evpn advertise-all-vni +set protocols bgp neighbor 172.29.1.0 peer-group 'evpn' +set protocols bgp neighbor 172.29.2.0 peer-group 'evpn' +set protocols bgp parameters log-neighbor-changes +set protocols bgp peer-group evpn address-family ipv4-unicast nexthop-self +set protocols bgp peer-group evpn address-family l2vpn-evpn nexthop-self +set protocols bgp peer-group evpn remote-as '65010' +set protocols bgp system-as '65010' +set service lldp interface all +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp listen-address '192.0.2.41' +set service ntp listen-address '2001:db8::41' +set service ntp server 0.de.pool.ntp.org prefer +set service ntp vrf 'MGMT' +set service ssh disable-host-validation +set service ssh vrf 'MGMT' +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62 +set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1 +set vrf name MGMT table '1000' diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-spine b/smoketest/config-tests/bgp-evpn-l2vpn-spine new file mode 100644 index 000000000..dee29e021 --- /dev/null +++ b/smoketest/config-tests/bgp-evpn-l2vpn-spine @@ -0,0 +1,48 @@ +set interfaces ethernet eth0 address '192.0.2.51/27' +set interfaces ethernet eth0 address '2001:db8::51/64' +set interfaces ethernet eth0 description 'Out-of-Band Managament Port' +set interfaces ethernet eth0 vrf 'MGMT' +set interfaces ethernet eth1 address '172.29.1.0/31' +set interfaces ethernet eth1 mtu '1600' +set interfaces ethernet eth2 address '172.29.1.2/31' +set interfaces ethernet eth2 mtu '1600' +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth3 address '172.29.1.4/31' +set interfaces ethernet eth3 mtu '1600' +set interfaces ethernet eth3 offload gro +set interfaces loopback lo +set protocols bgp address-family ipv4-unicast maximum-paths ibgp '4' +set protocols bgp address-family ipv4-unicast redistribute connected +set protocols bgp listen range 172.29.1.0/24 peer-group 'evpn' +set protocols bgp parameters log-neighbor-changes +set protocols bgp peer-group evpn address-family ipv4-unicast route-reflector-client +set protocols bgp peer-group evpn address-family l2vpn-evpn route-reflector-client +set protocols bgp peer-group evpn capability dynamic +set protocols bgp peer-group evpn remote-as '65010' +set protocols bgp system-as '65010' +set service lldp interface all +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp listen-address '192.0.2.51' +set service ntp listen-address '2001:db8::51' +set service ntp server 0.de.pool.ntp.org prefer +set service ntp vrf 'MGMT' +set service ssh disable-host-validation +set service ssh vrf 'MGMT' +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62 +set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1 +set vrf name MGMT table '1000' diff --git a/smoketest/config-tests/bgp-evpn-l3vpn-pe-router b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router new file mode 100644 index 000000000..7a2ec9f91 --- /dev/null +++ b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router @@ -0,0 +1,123 @@ +set interfaces bridge br2000 address '10.1.1.1/24' +set interfaces bridge br2000 description 'customer blue' +set interfaces bridge br2000 member interface eth4 +set interfaces bridge br2000 member interface vxlan2000 +set interfaces bridge br2000 vrf 'blue' +set interfaces bridge br3000 address '10.2.1.1/24' +set interfaces bridge br3000 description 'customer red' +set interfaces bridge br3000 member interface eth5 +set interfaces bridge br3000 member interface vxlan3000 +set interfaces bridge br3000 vrf 'red' +set interfaces bridge br4000 address '10.3.1.1/24' +set interfaces bridge br4000 description 'customer green' +set interfaces bridge br4000 member interface eth6 +set interfaces bridge br4000 member interface vxlan4000 +set interfaces bridge br4000 vrf 'green' +set interfaces dummy dum0 address '172.29.255.1/32' +set interfaces ethernet eth0 address '192.0.2.59/27' +set interfaces ethernet eth0 address '2001:db8:ffff::59/64' +set interfaces ethernet eth0 description 'Out-of-Band Managament Port' +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth0 vrf 'mgmt' +set interfaces ethernet eth1 address '172.29.0.2/31' +set interfaces ethernet eth1 description 'link to pe2' +set interfaces ethernet eth1 mtu '1600' +set interfaces ethernet eth1 offload gro +set interfaces ethernet eth2 disable +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth3 address '172.29.0.6/31' +set interfaces ethernet eth3 description 'link to pe3' +set interfaces ethernet eth3 mtu '1600' +set interfaces ethernet eth3 offload gro +set interfaces ethernet eth4 description 'customer blue' +set interfaces ethernet eth4 offload gro +set interfaces ethernet eth5 description 'customer red' +set interfaces ethernet eth5 offload gro +set interfaces ethernet eth6 description 'customer green' +set interfaces ethernet eth6 offload gro +set interfaces loopback lo +set interfaces vxlan vxlan2000 mtu '1500' +set interfaces vxlan vxlan2000 parameters nolearning +set interfaces vxlan vxlan2000 port '4789' +set interfaces vxlan vxlan2000 source-address '172.29.255.1' +set interfaces vxlan vxlan2000 vni '2000' +set interfaces vxlan vxlan3000 mtu '1500' +set interfaces vxlan vxlan3000 parameters nolearning +set interfaces vxlan vxlan3000 port '4789' +set interfaces vxlan vxlan3000 source-address '172.29.255.1' +set interfaces vxlan vxlan3000 vni '3000' +set interfaces vxlan vxlan4000 mtu '1500' +set interfaces vxlan vxlan4000 parameters nolearning +set interfaces vxlan vxlan4000 port '4789' +set interfaces vxlan vxlan4000 source-address '172.29.255.1' +set interfaces vxlan vxlan4000 vni '4000' +set protocols bgp address-family l2vpn-evpn advertise ipv4 unicast +set protocols bgp address-family l2vpn-evpn advertise-all-vni +set protocols bgp neighbor 172.29.255.2 peer-group 'ibgp' +set protocols bgp neighbor 172.29.255.3 peer-group 'ibgp' +set protocols bgp parameters log-neighbor-changes +set protocols bgp parameters router-id '172.29.255.1' +set protocols bgp peer-group ibgp address-family l2vpn-evpn +set protocols bgp peer-group ibgp remote-as '100' +set protocols bgp peer-group ibgp update-source 'dum0' +set protocols bgp system-as '100' +set protocols ospf area 0 network '172.29.0.2/31' +set protocols ospf area 0 network '172.29.0.6/31' +set protocols ospf interface eth1 network 'point-to-point' +set protocols ospf interface eth1 passive disable +set protocols ospf interface eth3 network 'point-to-point' +set protocols ospf interface eth3 passive disable +set protocols ospf log-adjacency-changes detail +set protocols ospf parameters abr-type 'cisco' +set protocols ospf parameters router-id '172.29.255.1' +set protocols ospf passive-interface 'default' +set protocols ospf redistribute connected +set service lldp interface all +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp listen-address '192.0.2.59' +set service ntp listen-address '2001:db8:ffff::59' +set service ntp server 192.0.2.251 +set service ntp server 192.0.2.252 +set service ntp server 2001:db8::251 +set service ntp server 2001:db8::252 +set service ntp vrf 'mgmt' +set service ssh disable-host-validation +set service ssh port '22' +set service ssh vrf 'mgmt' +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system name-server '192.0.2.251' +set system name-server '192.0.2.252' +set system name-server '2001:db8::1' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set vrf name blue protocols bgp address-family ipv4-unicast redistribute connected +set vrf name blue protocols bgp address-family l2vpn-evpn advertise ipv4 unicast +set vrf name blue protocols bgp system-as '100' +set vrf name blue table '2000' +set vrf name blue vni '2000' +set vrf name green protocols bgp address-family ipv4-unicast redistribute connected +set vrf name green protocols bgp address-family l2vpn-evpn advertise ipv4 unicast +set vrf name green protocols bgp system-as '100' +set vrf name green table '4000' +set vrf name green vni '4000' +set vrf name mgmt protocols static route 0.0.0.0/0 next-hop 192.0.2.62 +set vrf name mgmt protocols static route6 ::/0 next-hop 2001:db8:ffff::1 +set vrf name mgmt table '1000' +set vrf name red protocols bgp address-family ipv4-unicast redistribute connected +set vrf name red protocols bgp address-family l2vpn-evpn advertise ipv4 unicast +set vrf name red protocols bgp system-as '100' +set vrf name red table '3000' +set vrf name red vni '3000' diff --git a/smoketest/config-tests/bgp-medium-confederation b/smoketest/config-tests/bgp-medium-confederation index ea3c2d144..582e28047 100644 --- a/smoketest/config-tests/bgp-medium-confederation +++ b/smoketest/config-tests/bgp-medium-confederation @@ -1,7 +1,7 @@ set interfaces dummy dum0 address '1.1.1.1/32' set interfaces dummy dum0 address '2001:db8::1/128' -set interfaces ethernet eth0 address 'fd52:100:200:fffe::1/64' set interfaces ethernet eth0 address '192.168.253.1/24' +set interfaces ethernet eth0 address 'fd52:100:200:fffe::1/64' set interfaces ethernet eth1 set interfaces ethernet eth2 set policy route-map BGP-IN rule 10 action 'permit' diff --git a/smoketest/config-tests/bgp-rpki b/smoketest/config-tests/bgp-rpki new file mode 100644 index 000000000..44e95ae98 --- /dev/null +++ b/smoketest/config-tests/bgp-rpki @@ -0,0 +1,43 @@ +set interfaces ethernet eth0 address '192.0.2.100/25' +set interfaces ethernet eth0 address '2001:db8::ffff/64' +set interfaces ethernet eth1 address '100.64.0.1/24' +set interfaces loopback lo +set policy route-map ebgp-transit-rpki rule 10 action 'deny' +set policy route-map ebgp-transit-rpki rule 10 match rpki 'invalid' +set policy route-map ebgp-transit-rpki rule 20 action 'permit' +set policy route-map ebgp-transit-rpki rule 20 match rpki 'notfound' +set policy route-map ebgp-transit-rpki rule 20 set local-preference '20' +set policy route-map ebgp-transit-rpki rule 30 action 'permit' +set policy route-map ebgp-transit-rpki rule 30 match rpki 'valid' +set policy route-map ebgp-transit-rpki rule 30 set local-preference '100' +set policy route-map ebgp-transit-rpki rule 40 action 'permit' +set policy route-map ebgp-transit-rpki rule 40 set extcommunity rt '192.0.2.100:100' +set policy route-map ebgp-transit-rpki rule 40 set extcommunity soo '64500:100' +set protocols bgp neighbor 1.2.3.4 address-family ipv4-unicast nexthop-self +set protocols bgp neighbor 1.2.3.4 address-family ipv4-unicast route-map import 'ebgp-transit-rpki' +set protocols bgp neighbor 1.2.3.4 remote-as '10' +set protocols bgp system-as '64500' +set protocols rpki cache 192.0.2.10 port '3323' +set protocols rpki cache 192.0.2.10 preference '1' +set protocols static route 0.0.0.0/0 next-hop 192.0.2.1 +set protocols static route6 ::/0 next-hop 2001:db8::1 +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set service ssh +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/bgp-small-internet-exchange b/smoketest/config-tests/bgp-small-internet-exchange new file mode 100644 index 000000000..a9dce4dd5 --- /dev/null +++ b/smoketest/config-tests/bgp-small-internet-exchange @@ -0,0 +1,209 @@ +set interfaces ethernet eth0 address '192.0.2.100/25' +set interfaces ethernet eth0 address '2001:db8:aaaa::ffff/64' +set interfaces ethernet eth1 address '192.0.2.200/25' +set interfaces ethernet eth1 address '2001:db8:bbbb::ffff/64' +set interfaces loopback lo +set policy as-path-list bogon-asns rule 10 action 'permit' +set policy as-path-list bogon-asns rule 10 description 'RFC 7607' +set policy as-path-list bogon-asns rule 10 regex '_0_' +set policy as-path-list bogon-asns rule 20 action 'permit' +set policy as-path-list bogon-asns rule 20 description 'RFC 4893' +set policy as-path-list bogon-asns rule 20 regex '_23456_' +set policy as-path-list bogon-asns rule 30 action 'permit' +set policy as-path-list bogon-asns rule 30 description 'RFC 5398/6996/7300' +set policy as-path-list bogon-asns rule 30 regex '_6449[6-9]_|_65[0-4][0-9][0-9]_|_655[0-4][0-9]_|_6555[0-1]_' +set policy as-path-list bogon-asns rule 40 action 'permit' +set policy as-path-list bogon-asns rule 40 description 'IANA reserved' +set policy as-path-list bogon-asns rule 40 regex '_6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_' +set policy prefix-list IX-out-v4 rule 10 action 'permit' +set policy prefix-list IX-out-v4 rule 10 prefix '10.0.0.0/23' +set policy prefix-list IX-out-v4 rule 20 action 'permit' +set policy prefix-list IX-out-v4 rule 20 prefix '10.0.128.0/23' +set policy prefix-list bogon-v4 rule 10 action 'permit' +set policy prefix-list bogon-v4 rule 10 le '32' +set policy prefix-list bogon-v4 rule 10 prefix '0.0.0.0/8' +set policy prefix-list bogon-v4 rule 20 action 'permit' +set policy prefix-list bogon-v4 rule 20 le '32' +set policy prefix-list bogon-v4 rule 20 prefix '10.0.0.0/8' +set policy prefix-list bogon-v4 rule 30 action 'permit' +set policy prefix-list bogon-v4 rule 30 le '32' +set policy prefix-list bogon-v4 rule 30 prefix '100.64.0.0/10' +set policy prefix-list bogon-v4 rule 40 action 'permit' +set policy prefix-list bogon-v4 rule 40 le '32' +set policy prefix-list bogon-v4 rule 40 prefix '127.0.0.0/8' +set policy prefix-list bogon-v4 rule 50 action 'permit' +set policy prefix-list bogon-v4 rule 50 le '32' +set policy prefix-list bogon-v4 rule 50 prefix '169.254.0.0/16' +set policy prefix-list bogon-v4 rule 60 action 'permit' +set policy prefix-list bogon-v4 rule 60 le '32' +set policy prefix-list bogon-v4 rule 60 prefix '172.16.0.0/12' +set policy prefix-list bogon-v4 rule 70 action 'permit' +set policy prefix-list bogon-v4 rule 70 le '32' +set policy prefix-list bogon-v4 rule 70 prefix '192.0.2.0/24' +set policy prefix-list bogon-v4 rule 80 action 'permit' +set policy prefix-list bogon-v4 rule 80 le '32' +set policy prefix-list bogon-v4 rule 80 prefix '192.88.99.0/24' +set policy prefix-list bogon-v4 rule 90 action 'permit' +set policy prefix-list bogon-v4 rule 90 le '32' +set policy prefix-list bogon-v4 rule 90 prefix '192.168.0.0/16' +set policy prefix-list bogon-v4 rule 100 action 'permit' +set policy prefix-list bogon-v4 rule 100 le '32' +set policy prefix-list bogon-v4 rule 100 prefix '198.18.0.0/15' +set policy prefix-list bogon-v4 rule 110 action 'permit' +set policy prefix-list bogon-v4 rule 110 le '32' +set policy prefix-list bogon-v4 rule 110 prefix '198.51.100.0/24' +set policy prefix-list bogon-v4 rule 120 action 'permit' +set policy prefix-list bogon-v4 rule 120 le '32' +set policy prefix-list bogon-v4 rule 120 prefix '203.0.113.0/24' +set policy prefix-list bogon-v4 rule 130 action 'permit' +set policy prefix-list bogon-v4 rule 130 le '32' +set policy prefix-list bogon-v4 rule 130 prefix '224.0.0.0/4' +set policy prefix-list bogon-v4 rule 140 action 'permit' +set policy prefix-list bogon-v4 rule 140 le '32' +set policy prefix-list bogon-v4 rule 140 prefix '240.0.0.0/4' +set policy prefix-list prefix-filter-v4 rule 10 action 'permit' +set policy prefix-list prefix-filter-v4 rule 10 ge '25' +set policy prefix-list prefix-filter-v4 rule 10 prefix '0.0.0.0/0' +set policy prefix-list6 IX-out-v6 rule 10 action 'permit' +set policy prefix-list6 IX-out-v6 rule 10 prefix '2001:db8:100::/40' +set policy prefix-list6 IX-out-v6 rule 20 action 'permit' +set policy prefix-list6 IX-out-v6 rule 20 prefix '2001:db8:200::/40' +set policy prefix-list6 bogon-v6 rule 10 action 'permit' +set policy prefix-list6 bogon-v6 rule 10 description 'RFC 4291 IPv4-compatible, loopback, et al' +set policy prefix-list6 bogon-v6 rule 10 le '128' +set policy prefix-list6 bogon-v6 rule 10 prefix '::/8' +set policy prefix-list6 bogon-v6 rule 20 action 'permit' +set policy prefix-list6 bogon-v6 rule 20 description 'RFC 6666 Discard-Only' +set policy prefix-list6 bogon-v6 rule 20 le '128' +set policy prefix-list6 bogon-v6 rule 20 prefix '0100::/64' +set policy prefix-list6 bogon-v6 rule 30 action 'permit' +set policy prefix-list6 bogon-v6 rule 30 description 'RFC 5180 BMWG' +set policy prefix-list6 bogon-v6 rule 30 le '128' +set policy prefix-list6 bogon-v6 rule 30 prefix '2001:2::/48' +set policy prefix-list6 bogon-v6 rule 40 action 'permit' +set policy prefix-list6 bogon-v6 rule 40 description 'RFC 4843 ORCHID' +set policy prefix-list6 bogon-v6 rule 40 le '128' +set policy prefix-list6 bogon-v6 rule 40 prefix '2001:10::/28' +set policy prefix-list6 bogon-v6 rule 50 action 'permit' +set policy prefix-list6 bogon-v6 rule 50 description 'RFC 3849 documentation' +set policy prefix-list6 bogon-v6 rule 50 le '128' +set policy prefix-list6 bogon-v6 rule 50 prefix '2001:db8::/32' +set policy prefix-list6 bogon-v6 rule 60 action 'permit' +set policy prefix-list6 bogon-v6 rule 60 description 'RFC 7526 6to4 anycast relay' +set policy prefix-list6 bogon-v6 rule 60 le '128' +set policy prefix-list6 bogon-v6 rule 60 prefix '2002::/16' +set policy prefix-list6 bogon-v6 rule 70 action 'permit' +set policy prefix-list6 bogon-v6 rule 70 description 'RFC 3701 old 6bone' +set policy prefix-list6 bogon-v6 rule 70 le '128' +set policy prefix-list6 bogon-v6 rule 70 prefix '3ffe::/16' +set policy prefix-list6 bogon-v6 rule 80 action 'permit' +set policy prefix-list6 bogon-v6 rule 80 description 'RFC 4193 unique local unicast' +set policy prefix-list6 bogon-v6 rule 80 le '128' +set policy prefix-list6 bogon-v6 rule 80 prefix 'fc00::/7' +set policy prefix-list6 bogon-v6 rule 90 action 'permit' +set policy prefix-list6 bogon-v6 rule 90 description 'RFC 4291 link local unicast' +set policy prefix-list6 bogon-v6 rule 90 le '128' +set policy prefix-list6 bogon-v6 rule 90 prefix 'fe80::/10' +set policy prefix-list6 bogon-v6 rule 100 action 'permit' +set policy prefix-list6 bogon-v6 rule 100 description 'RFC 3879 old site local unicast' +set policy prefix-list6 bogon-v6 rule 100 le '128' +set policy prefix-list6 bogon-v6 rule 100 prefix 'fec0::/10' +set policy prefix-list6 bogon-v6 rule 110 action 'permit' +set policy prefix-list6 bogon-v6 rule 110 description 'RFC 4291 multicast' +set policy prefix-list6 bogon-v6 rule 110 le '128' +set policy prefix-list6 bogon-v6 rule 110 prefix 'ff00::/8' +set policy prefix-list6 prefix-filter-v6 rule 10 action 'permit' +set policy prefix-list6 prefix-filter-v6 rule 10 ge '49' +set policy prefix-list6 prefix-filter-v6 rule 10 prefix '::/0' +set policy route-map IX-in-v4 rule 5 action 'permit' +set policy route-map IX-in-v4 rule 5 call 'eBGP-IN-v4' +set policy route-map IX-in-v4 rule 5 on-match next +set policy route-map IX-in-v4 rule 10 action 'permit' +set policy route-map IX-in-v6 rule 5 action 'permit' +set policy route-map IX-in-v6 rule 5 call 'eBGP-IN-v6' +set policy route-map IX-in-v6 rule 5 on-match next +set policy route-map IX-in-v6 rule 10 action 'permit' +set policy route-map IX-out-v4 rule 10 action 'permit' +set policy route-map IX-out-v4 rule 10 match ip address prefix-list 'IX-out-v4' +set policy route-map IX-out-v6 rule 10 action 'permit' +set policy route-map IX-out-v6 rule 10 match ipv6 address prefix-list 'IX-out-v6' +set policy route-map eBGP-IN-v4 rule 10 action 'deny' +set policy route-map eBGP-IN-v4 rule 10 match as-path 'bogon-asns' +set policy route-map eBGP-IN-v4 rule 20 action 'deny' +set policy route-map eBGP-IN-v4 rule 20 match ip address prefix-list 'bogon-v4' +set policy route-map eBGP-IN-v4 rule 30 action 'deny' +set policy route-map eBGP-IN-v4 rule 30 match ip address prefix-list 'prefix-filter-v4' +set policy route-map eBGP-IN-v4 rule 40 action 'permit' +set policy route-map eBGP-IN-v4 rule 40 set local-preference '100' +set policy route-map eBGP-IN-v4 rule 40 set metric '0' +set policy route-map eBGP-IN-v6 rule 10 action 'deny' +set policy route-map eBGP-IN-v6 rule 10 match as-path 'bogon-asns' +set policy route-map eBGP-IN-v6 rule 20 action 'deny' +set policy route-map eBGP-IN-v6 rule 20 match ipv6 address prefix-list 'bogon-v6' +set policy route-map eBGP-IN-v6 rule 30 action 'deny' +set policy route-map eBGP-IN-v6 rule 30 match ipv6 address prefix-list 'prefix-filter-v6' +set policy route-map eBGP-IN-v6 rule 31 action 'deny' +set policy route-map eBGP-IN-v6 rule 31 match ipv6 nexthop address '2001:db8::1' +set policy route-map eBGP-IN-v6 rule 40 action 'permit' +set policy route-map eBGP-IN-v6 rule 40 set local-preference '100' +set policy route-map eBGP-IN-v6 rule 40 set metric '0' +set protocols bgp address-family ipv4-unicast network 10.0.0.0/23 +set protocols bgp address-family ipv4-unicast network 10.0.128.0/23 +set protocols bgp address-family ipv6-unicast network 2001:db8:100::/40 +set protocols bgp address-family ipv6-unicast network 2001:db8:200::/40 +set protocols bgp neighbor 192.0.2.1 description 'Peering: IX-1 (Route Server)' +set protocols bgp neighbor 192.0.2.1 peer-group 'IXPeeringIPv4' +set protocols bgp neighbor 192.0.2.1 remote-as '65020' +set protocols bgp neighbor 192.0.2.2 description 'Peering: IX-1 (Route Server)' +set protocols bgp neighbor 192.0.2.2 peer-group 'IXPeeringIPv4' +set protocols bgp neighbor 192.0.2.2 remote-as '65020' +set protocols bgp neighbor 192.0.2.3 description 'Peering: IX-1 (Route Server)' +set protocols bgp neighbor 192.0.2.3 peer-group 'IXPeeringIPv4' +set protocols bgp neighbor 192.0.2.3 remote-as '65020' +set protocols bgp neighbor 192.0.2.129 description 'Peering: IX-2 (Route Server)' +set protocols bgp neighbor 192.0.2.129 peer-group 'IXPeeringIPv4' +set protocols bgp neighbor 192.0.2.129 remote-as '65030' +set protocols bgp neighbor 192.0.2.130 description 'Peering: IX-2 (Route Server)' +set protocols bgp neighbor 192.0.2.130 peer-group 'IXPeeringIPv4' +set protocols bgp neighbor 192.0.2.130 remote-as '65030' +set protocols bgp neighbor 2001:db8:aaaa::1 description 'Peering: IX-1 (Route Server)' +set protocols bgp neighbor 2001:db8:aaaa::1 peer-group 'IXPeeringIPv6' +set protocols bgp neighbor 2001:db8:aaaa::1 remote-as '65020' +set protocols bgp neighbor 2001:db8:aaaa::2 description 'Peering: IX-1 (Route Server)' +set protocols bgp neighbor 2001:db8:aaaa::2 peer-group 'IXPeeringIPv6' +set protocols bgp neighbor 2001:db8:aaaa::2 remote-as '65020' +set protocols bgp neighbor 2001:db8:bbbb::1 description 'Peering: IX-2 (Route Server)' +set protocols bgp neighbor 2001:db8:bbbb::1 peer-group 'IXPeeringIPv6' +set protocols bgp neighbor 2001:db8:bbbb::1 remote-as '65030' +set protocols bgp neighbor 2001:db8:bbbb::2 description 'Peering: IX-2 (Route Server)' +set protocols bgp neighbor 2001:db8:bbbb::2 peer-group 'IXPeeringIPv6' +set protocols bgp neighbor 2001:db8:bbbb::2 remote-as '65030' +set protocols bgp peer-group IXPeeringIPv4 address-family ipv4-unicast route-map export 'IX-out-v4' +set protocols bgp peer-group IXPeeringIPv4 address-family ipv4-unicast soft-reconfiguration inbound +set protocols bgp peer-group IXPeeringIPv6 address-family ipv6-unicast route-map export 'IX-out-v6' +set protocols bgp peer-group IXPeeringIPv6 address-family ipv6-unicast soft-reconfiguration inbound +set protocols bgp system-as '65000' +set protocols static route 10.0.0.0/23 blackhole distance '250' +set protocols static route 10.0.128.0/23 blackhole distance '250' +set protocols static route6 2001:db8:100::/40 blackhole distance '250' +set protocols static route6 2001:db8:200::/40 blackhole distance '250' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set service ssh +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/bgp-small-ipv4-unicast b/smoketest/config-tests/bgp-small-ipv4-unicast new file mode 100644 index 000000000..b8c0e1246 --- /dev/null +++ b/smoketest/config-tests/bgp-small-ipv4-unicast @@ -0,0 +1,32 @@ +set interfaces ethernet eth0 address '192.0.2.1/24' +set interfaces ethernet eth0 address '2001:db8::1/64' +set interfaces loopback lo +set protocols bgp address-family ipv4-unicast network 10.0.150.0/23 +set protocols bgp address-family ipv6-unicast network 2001:db8:200::/40 +set protocols bgp neighbor 192.0.2.10 address-family ipv4-unicast +set protocols bgp neighbor 192.0.2.10 remote-as '65010' +set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast +set protocols bgp neighbor 192.0.2.11 remote-as '65011' +set protocols bgp neighbor 2001:db8::10 address-family ipv4-unicast +set protocols bgp neighbor 2001:db8::10 remote-as '65010' +set protocols bgp neighbor 2001:db8::11 address-family ipv4-unicast +set protocols bgp neighbor 2001:db8::11 remote-as '65011' +set protocols bgp parameters log-neighbor-changes +set protocols bgp system-as '65001' +set service ssh disable-host-validation +set service ssh port '22' +set system config-management commit-revisions '200' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'notice' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/cluster-basic b/smoketest/config-tests/cluster-basic new file mode 100644 index 000000000..744c117eb --- /dev/null +++ b/smoketest/config-tests/cluster-basic @@ -0,0 +1,21 @@ +set high-availability vrrp group VyOS address 192.0.2.10/24 +set high-availability vrrp group VyOS address 192.0.2.20/24 +set high-availability vrrp group VyOS advertise-interval '1' +set high-availability vrrp group VyOS authentication password 'qwerty' +set high-availability vrrp group VyOS authentication type 'plaintext-password' +set high-availability vrrp group VyOS interface 'eth1' +set high-availability vrrp group VyOS vrid '1' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 address '192.0.2.1/24' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set interfaces loopback lo +set system config-management commit-revisions '100' +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Antarctica/South_Pole' diff --git a/smoketest/config-tests/container-simple b/smoketest/config-tests/container-simple index 5af365cf9..fcc665100 100644 --- a/smoketest/config-tests/container-simple +++ b/smoketest/config-tests/container-simple @@ -1,8 +1,3 @@ -set system config-management commit-revisions '50' -set system host-name 'vyos' -set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' -set system login user vyos authentication plaintext-password '' -set system console device ttyS0 speed '115200' set container name c01 allow-host-networks set container name c01 capability 'net-bind-service' set container name c01 capability 'net-raw' @@ -11,4 +6,13 @@ set container name c02 allow-host-networks set container name c02 allow-host-pid set container name c02 capability 'sys-time' set container name c02 image 'busybox:stable' -set container name c02 sysctl parameter kernel.msgmax value '8192'
\ No newline at end of file +set container name c02 sysctl parameter kernel.msgmax value '8192' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set system config-management commit-revisions '50' +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' +set system login user vyos authentication plaintext-password '' diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex new file mode 100644 index 000000000..4416ef82e --- /dev/null +++ b/smoketest/config-tests/dialup-router-complex @@ -0,0 +1,740 @@ +set firewall global-options all-ping 'enable' +set firewall global-options broadcast-ping 'disable' +set firewall global-options ip-src-route 'disable' +set firewall global-options ipv6-receive-redirects 'disable' +set firewall global-options ipv6-src-route 'disable' +set firewall global-options log-martians 'enable' +set firewall global-options receive-redirects 'disable' +set firewall global-options send-redirects 'enable' +set firewall global-options source-validation 'disable' +set firewall global-options syn-cookies 'enable' +set firewall global-options timeout icmp '30' +set firewall global-options timeout other '600' +set firewall global-options timeout udp other '300' +set firewall global-options timeout udp stream '300' +set firewall global-options twa-hazards-protection 'disable' +set firewall group address-group AUDIO-STREAM address '172.16.35.20' +set firewall group address-group AUDIO-STREAM address '172.16.35.21' +set firewall group address-group AUDIO-STREAM address '172.16.35.22' +set firewall group address-group AUDIO-STREAM address '172.16.35.23' +set firewall group address-group DMZ-RDP-SERVER address '172.16.33.40' +set firewall group address-group DMZ-WEBSERVER address '172.16.36.10' +set firewall group address-group DMZ-WEBSERVER address '172.16.36.40' +set firewall group address-group DMZ-WEBSERVER address '172.16.36.20' +set firewall group address-group DOMAIN-CONTROLLER address '172.16.100.10' +set firewall group address-group DOMAIN-CONTROLLER address '172.16.100.20' +set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.241' +set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.242' +set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.243' +set firewall group ipv6-network-group LOCAL-ADDRESSES network 'ff02::/64' +set firewall group ipv6-network-group LOCAL-ADDRESSES network 'fe80::/10' +set firewall group network-group SSH-IN-ALLOW network '192.0.2.0/24' +set firewall group network-group SSH-IN-ALLOW network '10.0.0.0/8' +set firewall group network-group SSH-IN-ALLOW network '172.16.0.0/12' +set firewall group network-group SSH-IN-ALLOW network '192.168.0.0/16' +set firewall group port-group SMART-TV-PORTS port '5005-5006' +set firewall group port-group SMART-TV-PORTS port '80' +set firewall group port-group SMART-TV-PORTS port '443' +set firewall group port-group SMART-TV-PORTS port '3722' +set firewall ipv4 name DMZ-GUEST default-action 'drop' +set firewall ipv4 name DMZ-GUEST default-log +set firewall ipv4 name DMZ-GUEST rule 1 action 'return' +set firewall ipv4 name DMZ-GUEST rule 1 state 'established' +set firewall ipv4 name DMZ-GUEST rule 1 state 'related' +set firewall ipv4 name DMZ-GUEST rule 2 action 'drop' +set firewall ipv4 name DMZ-GUEST rule 2 log +set firewall ipv4 name DMZ-GUEST rule 2 state 'invalid' +set firewall ipv4 name DMZ-LAN default-action 'drop' +set firewall ipv4 name DMZ-LAN default-log +set firewall ipv4 name DMZ-LAN rule 1 action 'return' +set firewall ipv4 name DMZ-LAN rule 1 state 'established' +set firewall ipv4 name DMZ-LAN rule 1 state 'related' +set firewall ipv4 name DMZ-LAN rule 2 action 'drop' +set firewall ipv4 name DMZ-LAN rule 2 log +set firewall ipv4 name DMZ-LAN rule 2 state 'invalid' +set firewall ipv4 name DMZ-LAN rule 100 action 'return' +set firewall ipv4 name DMZ-LAN rule 100 description 'NTP and LDAP to AD DC' +set firewall ipv4 name DMZ-LAN rule 100 destination group address-group 'DOMAIN-CONTROLLER' +set firewall ipv4 name DMZ-LAN rule 100 destination port '123,389,636' +set firewall ipv4 name DMZ-LAN rule 100 protocol 'tcp_udp' +set firewall ipv4 name DMZ-LAN rule 300 action 'return' +set firewall ipv4 name DMZ-LAN rule 300 destination group address-group 'DMZ-RDP-SERVER' +set firewall ipv4 name DMZ-LAN rule 300 destination port '3389' +set firewall ipv4 name DMZ-LAN rule 300 protocol 'tcp_udp' +set firewall ipv4 name DMZ-LAN rule 300 source address '172.16.36.20' +set firewall ipv4 name DMZ-LOCAL default-action 'drop' +set firewall ipv4 name DMZ-LOCAL default-log +set firewall ipv4 name DMZ-LOCAL rule 1 action 'return' +set firewall ipv4 name DMZ-LOCAL rule 1 state 'established' +set firewall ipv4 name DMZ-LOCAL rule 1 state 'related' +set firewall ipv4 name DMZ-LOCAL rule 2 action 'drop' +set firewall ipv4 name DMZ-LOCAL rule 2 log +set firewall ipv4 name DMZ-LOCAL rule 2 state 'invalid' +set firewall ipv4 name DMZ-LOCAL rule 50 action 'return' +set firewall ipv4 name DMZ-LOCAL rule 50 destination address '172.16.254.30' +set firewall ipv4 name DMZ-LOCAL rule 50 destination port '53' +set firewall ipv4 name DMZ-LOCAL rule 50 protocol 'tcp_udp' +set firewall ipv4 name DMZ-LOCAL rule 123 action 'return' +set firewall ipv4 name DMZ-LOCAL rule 123 destination port '123' +set firewall ipv4 name DMZ-LOCAL rule 123 protocol 'udp' +set firewall ipv4 name DMZ-LOCAL rule 800 action 'drop' +set firewall ipv4 name DMZ-LOCAL rule 800 description 'SSH anti brute force' +set firewall ipv4 name DMZ-LOCAL rule 800 destination port 'ssh' +set firewall ipv4 name DMZ-LOCAL rule 800 log +set firewall ipv4 name DMZ-LOCAL rule 800 protocol 'tcp' +set firewall ipv4 name DMZ-LOCAL rule 800 recent count '4' +set firewall ipv4 name DMZ-LOCAL rule 800 recent time 'minute' +set firewall ipv4 name DMZ-LOCAL rule 800 state 'new' +set firewall ipv4 name DMZ-WAN default-action 'return' +set firewall ipv4 name GUEST-DMZ default-action 'drop' +set firewall ipv4 name GUEST-DMZ default-log +set firewall ipv4 name GUEST-DMZ rule 1 action 'return' +set firewall ipv4 name GUEST-DMZ rule 1 state 'established' +set firewall ipv4 name GUEST-DMZ rule 1 state 'related' +set firewall ipv4 name GUEST-DMZ rule 2 action 'drop' +set firewall ipv4 name GUEST-DMZ rule 2 log +set firewall ipv4 name GUEST-DMZ rule 2 state 'invalid' +set firewall ipv4 name GUEST-DMZ rule 100 action 'return' +set firewall ipv4 name GUEST-DMZ rule 100 destination port '80,443' +set firewall ipv4 name GUEST-DMZ rule 100 protocol 'tcp' +set firewall ipv4 name GUEST-IOT default-action 'drop' +set firewall ipv4 name GUEST-IOT default-log +set firewall ipv4 name GUEST-IOT rule 1 action 'return' +set firewall ipv4 name GUEST-IOT rule 1 state 'established' +set firewall ipv4 name GUEST-IOT rule 1 state 'related' +set firewall ipv4 name GUEST-IOT rule 2 action 'drop' +set firewall ipv4 name GUEST-IOT rule 2 log +set firewall ipv4 name GUEST-IOT rule 2 state 'invalid' +set firewall ipv4 name GUEST-IOT rule 100 action 'return' +set firewall ipv4 name GUEST-IOT rule 100 description 'MEDIA-STREAMING-CLIENTS Devices to GUEST' +set firewall ipv4 name GUEST-IOT rule 100 destination group address-group 'MEDIA-STREAMING-CLIENTS' +set firewall ipv4 name GUEST-IOT rule 100 protocol 'tcp_udp' +set firewall ipv4 name GUEST-IOT rule 110 action 'return' +set firewall ipv4 name GUEST-IOT rule 110 description 'AUDIO-STREAM Devices to GUEST' +set firewall ipv4 name GUEST-IOT rule 110 destination group address-group 'AUDIO-STREAM' +set firewall ipv4 name GUEST-IOT rule 110 protocol 'tcp_udp' +set firewall ipv4 name GUEST-IOT rule 200 action 'return' +set firewall ipv4 name GUEST-IOT rule 200 description 'MCAST relay' +set firewall ipv4 name GUEST-IOT rule 200 destination address '224.0.0.251' +set firewall ipv4 name GUEST-IOT rule 200 destination port '5353' +set firewall ipv4 name GUEST-IOT rule 200 protocol 'udp' +set firewall ipv4 name GUEST-IOT rule 300 action 'return' +set firewall ipv4 name GUEST-IOT rule 300 description 'BCAST relay' +set firewall ipv4 name GUEST-IOT rule 300 destination port '1900' +set firewall ipv4 name GUEST-IOT rule 300 protocol 'udp' +set firewall ipv4 name GUEST-LAN default-action 'drop' +set firewall ipv4 name GUEST-LAN default-log +set firewall ipv4 name GUEST-LAN rule 1 action 'return' +set firewall ipv4 name GUEST-LAN rule 1 state 'established' +set firewall ipv4 name GUEST-LAN rule 1 state 'related' +set firewall ipv4 name GUEST-LAN rule 2 action 'drop' +set firewall ipv4 name GUEST-LAN rule 2 log +set firewall ipv4 name GUEST-LAN rule 2 state 'invalid' +set firewall ipv4 name GUEST-LOCAL default-action 'drop' +set firewall ipv4 name GUEST-LOCAL default-log +set firewall ipv4 name GUEST-LOCAL rule 1 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 1 state 'established' +set firewall ipv4 name GUEST-LOCAL rule 1 state 'related' +set firewall ipv4 name GUEST-LOCAL rule 2 action 'drop' +set firewall ipv4 name GUEST-LOCAL rule 2 log +set firewall ipv4 name GUEST-LOCAL rule 2 state 'invalid' +set firewall ipv4 name GUEST-LOCAL rule 10 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 10 description 'DNS' +set firewall ipv4 name GUEST-LOCAL rule 10 destination address '172.31.0.254' +set firewall ipv4 name GUEST-LOCAL rule 10 destination port '53' +set firewall ipv4 name GUEST-LOCAL rule 10 protocol 'tcp_udp' +set firewall ipv4 name GUEST-LOCAL rule 11 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 11 description 'DHCP' +set firewall ipv4 name GUEST-LOCAL rule 11 destination port '67' +set firewall ipv4 name GUEST-LOCAL rule 11 protocol 'udp' +set firewall ipv4 name GUEST-LOCAL rule 15 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 15 destination address '172.31.0.254' +set firewall ipv4 name GUEST-LOCAL rule 15 protocol 'icmp' +set firewall ipv4 name GUEST-LOCAL rule 200 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 200 description 'MCAST relay' +set firewall ipv4 name GUEST-LOCAL rule 200 destination address '224.0.0.251' +set firewall ipv4 name GUEST-LOCAL rule 200 destination port '5353' +set firewall ipv4 name GUEST-LOCAL rule 200 protocol 'udp' +set firewall ipv4 name GUEST-LOCAL rule 210 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 210 description 'AUDIO-STREAM Broadcast' +set firewall ipv4 name GUEST-LOCAL rule 210 destination port '1900' +set firewall ipv4 name GUEST-LOCAL rule 210 protocol 'udp' +set firewall ipv4 name GUEST-WAN default-action 'drop' +set firewall ipv4 name GUEST-WAN default-log +set firewall ipv4 name GUEST-WAN rule 1 action 'return' +set firewall ipv4 name GUEST-WAN rule 1 state 'established' +set firewall ipv4 name GUEST-WAN rule 1 state 'related' +set firewall ipv4 name GUEST-WAN rule 2 action 'drop' +set firewall ipv4 name GUEST-WAN rule 2 log +set firewall ipv4 name GUEST-WAN rule 2 state 'invalid' +set firewall ipv4 name GUEST-WAN rule 25 action 'return' +set firewall ipv4 name GUEST-WAN rule 25 description 'SMTP' +set firewall ipv4 name GUEST-WAN rule 25 destination port '25,587' +set firewall ipv4 name GUEST-WAN rule 25 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 53 action 'return' +set firewall ipv4 name GUEST-WAN rule 53 destination port '53' +set firewall ipv4 name GUEST-WAN rule 53 protocol 'tcp_udp' +set firewall ipv4 name GUEST-WAN rule 60 action 'return' +set firewall ipv4 name GUEST-WAN rule 60 source address '172.31.0.200' +set firewall ipv4 name GUEST-WAN rule 80 action 'return' +set firewall ipv4 name GUEST-WAN rule 80 source address '172.31.0.200' +set firewall ipv4 name GUEST-WAN rule 100 action 'return' +set firewall ipv4 name GUEST-WAN rule 100 protocol 'icmp' +set firewall ipv4 name GUEST-WAN rule 110 action 'return' +set firewall ipv4 name GUEST-WAN rule 110 description 'POP3' +set firewall ipv4 name GUEST-WAN rule 110 destination port '110,995' +set firewall ipv4 name GUEST-WAN rule 110 limit rate '10/minute' +set firewall ipv4 name GUEST-WAN rule 110 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 123 action 'return' +set firewall ipv4 name GUEST-WAN rule 123 description 'NTP Client' +set firewall ipv4 name GUEST-WAN rule 123 destination port '123' +set firewall ipv4 name GUEST-WAN rule 123 protocol 'udp' +set firewall ipv4 name GUEST-WAN rule 143 action 'return' +set firewall ipv4 name GUEST-WAN rule 143 description 'IMAP' +set firewall ipv4 name GUEST-WAN rule 143 destination port '143,993' +set firewall ipv4 name GUEST-WAN rule 143 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 200 action 'return' +set firewall ipv4 name GUEST-WAN rule 200 destination port '80,443' +set firewall ipv4 name GUEST-WAN rule 200 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 500 action 'return' +set firewall ipv4 name GUEST-WAN rule 500 description 'L2TP IPSec' +set firewall ipv4 name GUEST-WAN rule 500 destination port '500,4500' +set firewall ipv4 name GUEST-WAN rule 500 protocol 'udp' +set firewall ipv4 name GUEST-WAN rule 600 action 'return' +set firewall ipv4 name GUEST-WAN rule 600 destination port '5222-5224' +set firewall ipv4 name GUEST-WAN rule 600 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 601 action 'return' +set firewall ipv4 name GUEST-WAN rule 601 destination port '3478-3497,4500,16384-16387,16393-16402' +set firewall ipv4 name GUEST-WAN rule 601 protocol 'udp' +set firewall ipv4 name GUEST-WAN rule 1000 action 'return' +set firewall ipv4 name GUEST-WAN rule 1000 source address '172.31.0.184' +set firewall ipv4 name IOT-GUEST default-action 'drop' +set firewall ipv4 name IOT-GUEST default-log +set firewall ipv4 name IOT-GUEST rule 1 action 'return' +set firewall ipv4 name IOT-GUEST rule 1 state 'established' +set firewall ipv4 name IOT-GUEST rule 1 state 'related' +set firewall ipv4 name IOT-GUEST rule 2 action 'drop' +set firewall ipv4 name IOT-GUEST rule 2 log +set firewall ipv4 name IOT-GUEST rule 2 state 'invalid' +set firewall ipv4 name IOT-GUEST rule 100 action 'return' +set firewall ipv4 name IOT-GUEST rule 100 description 'MEDIA-STREAMING-CLIENTS Devices to IOT' +set firewall ipv4 name IOT-GUEST rule 100 protocol 'tcp_udp' +set firewall ipv4 name IOT-GUEST rule 100 source group address-group 'MEDIA-STREAMING-CLIENTS' +set firewall ipv4 name IOT-GUEST rule 110 action 'return' +set firewall ipv4 name IOT-GUEST rule 110 description 'AUDIO-STREAM Devices to IOT' +set firewall ipv4 name IOT-GUEST rule 110 protocol 'tcp_udp' +set firewall ipv4 name IOT-GUEST rule 110 source group address-group 'AUDIO-STREAM' +set firewall ipv4 name IOT-GUEST rule 200 action 'return' +set firewall ipv4 name IOT-GUEST rule 200 description 'MCAST relay' +set firewall ipv4 name IOT-GUEST rule 200 destination address '224.0.0.251' +set firewall ipv4 name IOT-GUEST rule 200 destination port '5353' +set firewall ipv4 name IOT-GUEST rule 200 protocol 'udp' +set firewall ipv4 name IOT-GUEST rule 300 action 'return' +set firewall ipv4 name IOT-GUEST rule 300 description 'BCAST relay' +set firewall ipv4 name IOT-GUEST rule 300 destination port '1900' +set firewall ipv4 name IOT-GUEST rule 300 protocol 'udp' +set firewall ipv4 name IOT-LAN default-action 'drop' +set firewall ipv4 name IOT-LAN default-log +set firewall ipv4 name IOT-LAN rule 1 action 'return' +set firewall ipv4 name IOT-LAN rule 1 state 'established' +set firewall ipv4 name IOT-LAN rule 1 state 'related' +set firewall ipv4 name IOT-LAN rule 2 action 'drop' +set firewall ipv4 name IOT-LAN rule 2 log +set firewall ipv4 name IOT-LAN rule 2 state 'invalid' +set firewall ipv4 name IOT-LAN rule 100 action 'return' +set firewall ipv4 name IOT-LAN rule 100 description 'AppleTV to LAN' +set firewall ipv4 name IOT-LAN rule 100 destination group port-group 'SMART-TV-PORTS' +set firewall ipv4 name IOT-LAN rule 100 protocol 'tcp_udp' +set firewall ipv4 name IOT-LAN rule 100 source group address-group 'MEDIA-STREAMING-CLIENTS' +set firewall ipv4 name IOT-LAN rule 110 action 'return' +set firewall ipv4 name IOT-LAN rule 110 description 'AUDIO-STREAM Devices to LAN' +set firewall ipv4 name IOT-LAN rule 110 protocol 'tcp_udp' +set firewall ipv4 name IOT-LAN rule 110 source group address-group 'AUDIO-STREAM' +set firewall ipv4 name IOT-LOCAL default-action 'drop' +set firewall ipv4 name IOT-LOCAL default-log +set firewall ipv4 name IOT-LOCAL rule 1 action 'return' +set firewall ipv4 name IOT-LOCAL rule 1 state 'established' +set firewall ipv4 name IOT-LOCAL rule 1 state 'related' +set firewall ipv4 name IOT-LOCAL rule 2 action 'drop' +set firewall ipv4 name IOT-LOCAL rule 2 log +set firewall ipv4 name IOT-LOCAL rule 2 state 'invalid' +set firewall ipv4 name IOT-LOCAL rule 10 action 'return' +set firewall ipv4 name IOT-LOCAL rule 10 description 'DNS' +set firewall ipv4 name IOT-LOCAL rule 10 destination address '172.16.254.30' +set firewall ipv4 name IOT-LOCAL rule 10 destination port '53' +set firewall ipv4 name IOT-LOCAL rule 10 protocol 'tcp_udp' +set firewall ipv4 name IOT-LOCAL rule 11 action 'return' +set firewall ipv4 name IOT-LOCAL rule 11 description 'DHCP' +set firewall ipv4 name IOT-LOCAL rule 11 destination port '67' +set firewall ipv4 name IOT-LOCAL rule 11 protocol 'udp' +set firewall ipv4 name IOT-LOCAL rule 15 action 'return' +set firewall ipv4 name IOT-LOCAL rule 15 destination address '172.16.35.254' +set firewall ipv4 name IOT-LOCAL rule 15 protocol 'icmp' +set firewall ipv4 name IOT-LOCAL rule 200 action 'return' +set firewall ipv4 name IOT-LOCAL rule 200 description 'MCAST relay' +set firewall ipv4 name IOT-LOCAL rule 200 destination address '224.0.0.251' +set firewall ipv4 name IOT-LOCAL rule 200 destination port '5353' +set firewall ipv4 name IOT-LOCAL rule 200 protocol 'udp' +set firewall ipv4 name IOT-LOCAL rule 201 action 'return' +set firewall ipv4 name IOT-LOCAL rule 201 description 'MCAST relay' +set firewall ipv4 name IOT-LOCAL rule 201 destination address '172.16.35.254' +set firewall ipv4 name IOT-LOCAL rule 201 destination port '5353' +set firewall ipv4 name IOT-LOCAL rule 201 protocol 'udp' +set firewall ipv4 name IOT-LOCAL rule 210 action 'return' +set firewall ipv4 name IOT-LOCAL rule 210 description 'AUDIO-STREAM Broadcast' +set firewall ipv4 name IOT-LOCAL rule 210 destination port '1900,1902,6969' +set firewall ipv4 name IOT-LOCAL rule 210 protocol 'udp' +set firewall ipv4 name IOT-WAN default-action 'return' +set firewall ipv4 name LAN-DMZ default-action 'drop' +set firewall ipv4 name LAN-DMZ default-log +set firewall ipv4 name LAN-DMZ rule 1 action 'return' +set firewall ipv4 name LAN-DMZ rule 1 state 'established' +set firewall ipv4 name LAN-DMZ rule 1 state 'related' +set firewall ipv4 name LAN-DMZ rule 2 action 'drop' +set firewall ipv4 name LAN-DMZ rule 2 log +set firewall ipv4 name LAN-DMZ rule 2 state 'invalid' +set firewall ipv4 name LAN-DMZ rule 22 action 'return' +set firewall ipv4 name LAN-DMZ rule 22 description 'SSH into DMZ' +set firewall ipv4 name LAN-DMZ rule 22 destination port '22' +set firewall ipv4 name LAN-DMZ rule 22 protocol 'tcp' +set firewall ipv4 name LAN-DMZ rule 100 action 'return' +set firewall ipv4 name LAN-DMZ rule 100 destination group address-group 'DMZ-WEBSERVER' +set firewall ipv4 name LAN-DMZ rule 100 destination port '22,80,443' +set firewall ipv4 name LAN-DMZ rule 100 protocol 'tcp' +set firewall ipv4 name LAN-GUEST default-action 'drop' +set firewall ipv4 name LAN-GUEST default-log +set firewall ipv4 name LAN-GUEST rule 1 action 'return' +set firewall ipv4 name LAN-GUEST rule 1 state 'established' +set firewall ipv4 name LAN-GUEST rule 1 state 'related' +set firewall ipv4 name LAN-GUEST rule 2 action 'drop' +set firewall ipv4 name LAN-GUEST rule 2 log +set firewall ipv4 name LAN-GUEST rule 2 state 'invalid' +set firewall ipv4 name LAN-IOT default-action 'return' +set firewall ipv4 name LAN-LOCAL default-action 'return' +set firewall ipv4 name LAN-WAN default-action 'return' +set firewall ipv4 name LOCAL-DMZ default-action 'drop' +set firewall ipv4 name LOCAL-DMZ default-log +set firewall ipv4 name LOCAL-DMZ rule 1 action 'return' +set firewall ipv4 name LOCAL-DMZ rule 1 state 'established' +set firewall ipv4 name LOCAL-DMZ rule 1 state 'related' +set firewall ipv4 name LOCAL-DMZ rule 2 action 'drop' +set firewall ipv4 name LOCAL-DMZ rule 2 log +set firewall ipv4 name LOCAL-DMZ rule 2 state 'invalid' +set firewall ipv4 name LOCAL-GUEST default-action 'drop' +set firewall ipv4 name LOCAL-GUEST default-log +set firewall ipv4 name LOCAL-GUEST rule 1 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 1 state 'established' +set firewall ipv4 name LOCAL-GUEST rule 1 state 'related' +set firewall ipv4 name LOCAL-GUEST rule 2 action 'drop' +set firewall ipv4 name LOCAL-GUEST rule 2 log +set firewall ipv4 name LOCAL-GUEST rule 2 state 'invalid' +set firewall ipv4 name LOCAL-GUEST rule 5 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 5 protocol 'icmp' +set firewall ipv4 name LOCAL-GUEST rule 200 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 200 description 'MCAST relay' +set firewall ipv4 name LOCAL-GUEST rule 200 destination address '224.0.0.251' +set firewall ipv4 name LOCAL-GUEST rule 200 destination port '5353' +set firewall ipv4 name LOCAL-GUEST rule 200 protocol 'udp' +set firewall ipv4 name LOCAL-GUEST rule 300 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 300 description 'BCAST relay' +set firewall ipv4 name LOCAL-GUEST rule 300 destination port '1900' +set firewall ipv4 name LOCAL-GUEST rule 300 protocol 'udp' +set firewall ipv4 name LOCAL-IOT default-action 'drop' +set firewall ipv4 name LOCAL-IOT default-log +set firewall ipv4 name LOCAL-IOT rule 1 action 'return' +set firewall ipv4 name LOCAL-IOT rule 1 state 'established' +set firewall ipv4 name LOCAL-IOT rule 1 state 'related' +set firewall ipv4 name LOCAL-IOT rule 2 action 'drop' +set firewall ipv4 name LOCAL-IOT rule 2 log +set firewall ipv4 name LOCAL-IOT rule 2 state 'invalid' +set firewall ipv4 name LOCAL-IOT rule 5 action 'return' +set firewall ipv4 name LOCAL-IOT rule 5 protocol 'icmp' +set firewall ipv4 name LOCAL-IOT rule 200 action 'return' +set firewall ipv4 name LOCAL-IOT rule 200 description 'MCAST relay' +set firewall ipv4 name LOCAL-IOT rule 200 destination address '224.0.0.251' +set firewall ipv4 name LOCAL-IOT rule 200 destination port '5353' +set firewall ipv4 name LOCAL-IOT rule 200 protocol 'udp' +set firewall ipv4 name LOCAL-IOT rule 300 action 'return' +set firewall ipv4 name LOCAL-IOT rule 300 description 'BCAST relay' +set firewall ipv4 name LOCAL-IOT rule 300 destination port '1900,6969' +set firewall ipv4 name LOCAL-IOT rule 300 protocol 'udp' +set firewall ipv4 name LOCAL-LAN default-action 'return' +set firewall ipv4 name LOCAL-WAN default-action 'drop' +set firewall ipv4 name LOCAL-WAN default-log +set firewall ipv4 name LOCAL-WAN rule 1 action 'return' +set firewall ipv4 name LOCAL-WAN rule 1 state 'established' +set firewall ipv4 name LOCAL-WAN rule 1 state 'related' +set firewall ipv4 name LOCAL-WAN rule 2 action 'drop' +set firewall ipv4 name LOCAL-WAN rule 2 log +set firewall ipv4 name LOCAL-WAN rule 2 state 'invalid' +set firewall ipv4 name LOCAL-WAN rule 10 action 'return' +set firewall ipv4 name LOCAL-WAN rule 10 protocol 'icmp' +set firewall ipv4 name LOCAL-WAN rule 50 action 'return' +set firewall ipv4 name LOCAL-WAN rule 50 description 'DNS' +set firewall ipv4 name LOCAL-WAN rule 50 destination port '53' +set firewall ipv4 name LOCAL-WAN rule 50 protocol 'tcp_udp' +set firewall ipv4 name LOCAL-WAN rule 80 action 'return' +set firewall ipv4 name LOCAL-WAN rule 80 destination port '80,443' +set firewall ipv4 name LOCAL-WAN rule 80 protocol 'tcp' +set firewall ipv4 name LOCAL-WAN rule 123 action 'return' +set firewall ipv4 name LOCAL-WAN rule 123 description 'NTP' +set firewall ipv4 name LOCAL-WAN rule 123 destination port '123' +set firewall ipv4 name LOCAL-WAN rule 123 protocol 'udp' +set firewall ipv4 name WAN-DMZ default-action 'drop' +set firewall ipv4 name WAN-DMZ default-log +set firewall ipv4 name WAN-DMZ rule 1 action 'return' +set firewall ipv4 name WAN-DMZ rule 1 state 'established' +set firewall ipv4 name WAN-DMZ rule 1 state 'related' +set firewall ipv4 name WAN-DMZ rule 2 action 'drop' +set firewall ipv4 name WAN-DMZ rule 2 log +set firewall ipv4 name WAN-DMZ rule 2 state 'invalid' +set firewall ipv4 name WAN-DMZ rule 100 action 'return' +set firewall ipv4 name WAN-DMZ rule 100 destination address '172.16.36.10' +set firewall ipv4 name WAN-DMZ rule 100 destination port '80,443' +set firewall ipv4 name WAN-DMZ rule 100 protocol 'tcp' +set firewall ipv4 name WAN-GUEST default-action 'drop' +set firewall ipv4 name WAN-GUEST default-log +set firewall ipv4 name WAN-GUEST rule 1 action 'return' +set firewall ipv4 name WAN-GUEST rule 1 state 'established' +set firewall ipv4 name WAN-GUEST rule 1 state 'related' +set firewall ipv4 name WAN-GUEST rule 2 action 'drop' +set firewall ipv4 name WAN-GUEST rule 2 log +set firewall ipv4 name WAN-GUEST rule 2 state 'invalid' +set firewall ipv4 name WAN-GUEST rule 1000 action 'return' +set firewall ipv4 name WAN-GUEST rule 1000 destination address '172.31.0.184' +set firewall ipv4 name WAN-GUEST rule 8000 action 'return' +set firewall ipv4 name WAN-GUEST rule 8000 destination address '172.31.0.200' +set firewall ipv4 name WAN-GUEST rule 8000 destination port '10000' +set firewall ipv4 name WAN-GUEST rule 8000 protocol 'udp' +set firewall ipv4 name WAN-IOT default-action 'drop' +set firewall ipv4 name WAN-IOT default-log +set firewall ipv4 name WAN-IOT rule 1 action 'return' +set firewall ipv4 name WAN-IOT rule 1 state 'established' +set firewall ipv4 name WAN-IOT rule 1 state 'related' +set firewall ipv4 name WAN-IOT rule 2 action 'drop' +set firewall ipv4 name WAN-IOT rule 2 log +set firewall ipv4 name WAN-IOT rule 2 state 'invalid' +set firewall ipv4 name WAN-LAN default-action 'drop' +set firewall ipv4 name WAN-LAN default-log +set firewall ipv4 name WAN-LAN rule 1 action 'return' +set firewall ipv4 name WAN-LAN rule 1 state 'established' +set firewall ipv4 name WAN-LAN rule 1 state 'related' +set firewall ipv4 name WAN-LAN rule 2 action 'drop' +set firewall ipv4 name WAN-LAN rule 2 log +set firewall ipv4 name WAN-LAN rule 2 state 'invalid' +set firewall ipv4 name WAN-LAN rule 1000 action 'return' +set firewall ipv4 name WAN-LAN rule 1000 destination address '172.16.33.40' +set firewall ipv4 name WAN-LAN rule 1000 destination port '3389' +set firewall ipv4 name WAN-LAN rule 1000 protocol 'tcp' +set firewall ipv4 name WAN-LAN rule 1000 source group network-group 'SSH-IN-ALLOW' +set firewall ipv4 name WAN-LOCAL default-action 'drop' +set firewall ipv4 name WAN-LOCAL default-log +set firewall ipv4 name WAN-LOCAL rule 1 action 'return' +set firewall ipv4 name WAN-LOCAL rule 1 state 'established' +set firewall ipv4 name WAN-LOCAL rule 1 state 'related' +set firewall ipv4 name WAN-LOCAL rule 2 action 'drop' +set firewall ipv4 name WAN-LOCAL rule 2 log +set firewall ipv4 name WAN-LOCAL rule 2 state 'invalid' +set firewall ipv4 name WAN-LOCAL rule 22 action 'return' +set firewall ipv4 name WAN-LOCAL rule 22 destination port '22' +set firewall ipv4 name WAN-LOCAL rule 22 protocol 'tcp' +set firewall ipv4 name WAN-LOCAL rule 22 source group network-group 'SSH-IN-ALLOW' +set firewall ipv6 name ALLOW-ALL-6 default-action 'return' +set firewall ipv6 name ALLOW-BASIC-6 default-action 'drop' +set firewall ipv6 name ALLOW-BASIC-6 default-log +set firewall ipv6 name ALLOW-BASIC-6 rule 1 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 1 state 'established' +set firewall ipv6 name ALLOW-BASIC-6 rule 1 state 'related' +set firewall ipv6 name ALLOW-BASIC-6 rule 2 action 'drop' +set firewall ipv6 name ALLOW-BASIC-6 rule 2 state 'invalid' +set firewall ipv6 name ALLOW-BASIC-6 rule 10 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 10 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-BASIC-6 rule 15 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 15 icmpv6 type '1' +set firewall ipv6 name ALLOW-BASIC-6 rule 15 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 icmpv6 code '1' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 icmpv6 type '1' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-BASIC-6 rule 17 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 17 icmpv6 type-name 'destination-unreachable' +set firewall ipv6 name ALLOW-BASIC-6 rule 17 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 default-action 'drop' +set firewall ipv6 name ALLOW-ESTABLISHED-6 default-log +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 state 'established' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 state 'related' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 2 action 'drop' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 2 state 'invalid' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 destination group network-group 'LOCAL-ADDRESSES' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 source address 'fe80::/10' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 icmpv6 type-name 'echo-request' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 icmpv6 type-name 'destination-unreachable' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 icmpv6 type-name 'packet-too-big' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 icmpv6 type-name 'time-exceeded' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 icmpv6 type-name 'parameter-problem' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 protocol 'ipv6-icmp' +set firewall ipv6 name WAN-LOCAL-6 default-action 'drop' +set firewall ipv6 name WAN-LOCAL-6 default-log +set firewall ipv6 name WAN-LOCAL-6 rule 1 action 'return' +set firewall ipv6 name WAN-LOCAL-6 rule 1 state 'established' +set firewall ipv6 name WAN-LOCAL-6 rule 1 state 'related' +set firewall ipv6 name WAN-LOCAL-6 rule 2 action 'drop' +set firewall ipv6 name WAN-LOCAL-6 rule 2 state 'invalid' +set firewall ipv6 name WAN-LOCAL-6 rule 10 action 'return' +set firewall ipv6 name WAN-LOCAL-6 rule 10 destination address 'ff02::/64' +set firewall ipv6 name WAN-LOCAL-6 rule 10 protocol 'ipv6-icmp' +set firewall ipv6 name WAN-LOCAL-6 rule 10 source address 'fe80::/10' +set firewall ipv6 name WAN-LOCAL-6 rule 50 action 'return' +set firewall ipv6 name WAN-LOCAL-6 rule 50 description 'DHCPv6' +set firewall ipv6 name WAN-LOCAL-6 rule 50 destination address 'fe80::/10' +set firewall ipv6 name WAN-LOCAL-6 rule 50 destination port '546' +set firewall ipv6 name WAN-LOCAL-6 rule 50 protocol 'udp' +set firewall ipv6 name WAN-LOCAL-6 rule 50 source address 'fe80::/10' +set firewall ipv6 name WAN-LOCAL-6 rule 50 source port '547' +set firewall zone DMZ default-action 'drop' +set firewall zone DMZ from GUEST firewall name 'GUEST-DMZ' +set firewall zone DMZ from LAN firewall name 'LAN-DMZ' +set firewall zone DMZ from LOCAL firewall name 'LOCAL-DMZ' +set firewall zone DMZ from WAN firewall name 'WAN-DMZ' +set firewall zone DMZ interface 'eth0.50' +set firewall zone GUEST default-action 'drop' +set firewall zone GUEST from DMZ firewall name 'DMZ-GUEST' +set firewall zone GUEST from IOT firewall name 'IOT-GUEST' +set firewall zone GUEST from LAN firewall name 'LAN-GUEST' +set firewall zone GUEST from LOCAL firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone GUEST from LOCAL firewall name 'LOCAL-GUEST' +set firewall zone GUEST from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' +set firewall zone GUEST from WAN firewall name 'WAN-GUEST' +set firewall zone GUEST interface 'eth0.20' +set firewall zone IOT default-action 'drop' +set firewall zone IOT from GUEST firewall name 'GUEST-IOT' +set firewall zone IOT from LAN firewall name 'LAN-IOT' +set firewall zone IOT from LOCAL firewall name 'LOCAL-IOT' +set firewall zone IOT from WAN firewall name 'WAN-IOT' +set firewall zone IOT interface 'eth0.35' +set firewall zone LAN default-action 'drop' +set firewall zone LAN from DMZ firewall name 'DMZ-LAN' +set firewall zone LAN from GUEST firewall name 'GUEST-LAN' +set firewall zone LAN from IOT firewall name 'IOT-LAN' +set firewall zone LAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone LAN from LOCAL firewall name 'LOCAL-LAN' +set firewall zone LAN from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' +set firewall zone LAN from WAN firewall name 'WAN-LAN' +set firewall zone LAN interface 'eth0.5' +set firewall zone LAN interface 'eth0.10' +set firewall zone LAN interface 'eth0.100' +set firewall zone LAN interface 'eth0.201' +set firewall zone LAN interface 'eth0.202' +set firewall zone LAN interface 'eth0.203' +set firewall zone LAN interface 'eth0.204' +set firewall zone LOCAL default-action 'drop' +set firewall zone LOCAL from DMZ firewall name 'DMZ-LOCAL' +set firewall zone LOCAL from GUEST firewall ipv6-name 'ALLOW-ESTABLISHED-6' +set firewall zone LOCAL from GUEST firewall name 'GUEST-LOCAL' +set firewall zone LOCAL from IOT firewall name 'IOT-LOCAL' +set firewall zone LOCAL from LAN firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone LOCAL from LAN firewall name 'LAN-LOCAL' +set firewall zone LOCAL from WAN firewall ipv6-name 'WAN-LOCAL-6' +set firewall zone LOCAL from WAN firewall name 'WAN-LOCAL' +set firewall zone LOCAL local-zone +set firewall zone WAN default-action 'drop' +set firewall zone WAN from DMZ firewall name 'DMZ-WAN' +set firewall zone WAN from GUEST firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone WAN from GUEST firewall name 'GUEST-WAN' +set firewall zone WAN from IOT firewall name 'IOT-WAN' +set firewall zone WAN from LAN firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone WAN from LAN firewall name 'LAN-WAN' +set firewall zone WAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone WAN from LOCAL firewall name 'LOCAL-WAN' +set firewall zone WAN interface 'pppoe0' +set interfaces dummy dum0 address '172.16.254.30/32' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth0 vif 5 address '172.16.37.254/24' +set interfaces ethernet eth0 vif 10 address '172.16.33.254/24' +set interfaces ethernet eth0 vif 10 ip adjust-mss '1320' +set interfaces ethernet eth0 vif 10 ipv6 adjust-mss '1300' +set interfaces ethernet eth0 vif 20 address '172.31.0.254/24' +set interfaces ethernet eth0 vif 35 address '172.16.35.254/24' +set interfaces ethernet eth0 vif 50 address '172.16.36.254/24' +set interfaces ethernet eth0 vif 100 address '172.16.100.254/24' +set interfaces ethernet eth0 vif 201 address '172.18.201.254/24' +set interfaces ethernet eth0 vif 202 address '172.18.202.254/24' +set interfaces ethernet eth0 vif 203 address '172.18.203.254/24' +set interfaces ethernet eth0 vif 204 address '172.18.204.254/24' +set interfaces ethernet eth1 vif 7 description 'FTTH-PPPoE' +set interfaces loopback lo address '172.16.254.30/32' +set interfaces pppoe pppoe0 authentication password 'vyos' +set interfaces pppoe pppoe0 authentication username 'vyos' +set interfaces pppoe pppoe0 description 'FTTH 100/50MBit' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 address '1' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 sla-id '10' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.20 address '1' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.20 sla-id '20' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56' +set interfaces pppoe pppoe0 ip adjust-mss '1452' +set interfaces pppoe pppoe0 ipv6 address autoconf +set interfaces pppoe pppoe0 ipv6 adjust-mss '1432' +set interfaces pppoe pppoe0 mtu '1492' +set interfaces pppoe pppoe0 no-peer-dns +set interfaces pppoe pppoe0 source-interface 'eth1.7' +set nat destination rule 100 description 'HTTP(S)' +set nat destination rule 100 destination port '80,443' +set nat destination rule 100 inbound-interface name 'pppoe0' +set nat destination rule 100 log +set nat destination rule 100 protocol 'tcp' +set nat destination rule 100 translation address '172.16.36.10' +set nat destination rule 1000 destination port '3389' +set nat destination rule 1000 disable +set nat destination rule 1000 inbound-interface name 'pppoe0' +set nat destination rule 1000 protocol 'tcp' +set nat destination rule 1000 translation address '172.16.33.40' +set nat destination rule 8000 destination port '10000' +set nat destination rule 8000 inbound-interface name 'pppoe0' +set nat destination rule 8000 log +set nat destination rule 8000 protocol 'udp' +set nat destination rule 8000 translation address '172.31.0.200' +set nat source rule 100 log +set nat source rule 100 outbound-interface name 'pppoe0' +set nat source rule 100 source address '172.16.32.0/19' +set nat source rule 100 translation address 'masquerade' +set nat source rule 200 outbound-interface name 'pppoe0' +set nat source rule 200 source address '172.16.100.0/24' +set nat source rule 200 translation address 'masquerade' +set nat source rule 300 outbound-interface name 'pppoe0' +set nat source rule 300 source address '172.31.0.0/24' +set nat source rule 300 translation address 'masquerade' +set nat source rule 400 outbound-interface name 'pppoe0' +set nat source rule 400 source address '172.18.200.0/21' +set nat source rule 400 translation address 'masquerade' +set protocols static route 10.0.0.0/8 blackhole distance '254' +set protocols static route 169.254.0.0/16 blackhole distance '254' +set protocols static route 172.16.0.0/12 blackhole distance '254' +set protocols static route 192.168.0.0/16 blackhole distance '254' +set protocols static route6 2000::/3 interface pppoe0 +set qos policy shaper QoS bandwidth '50mbit' +set qos policy shaper QoS default bandwidth '100%' +set qos policy shaper QoS default burst '15k' +set qos policy shaper QoS default queue-limit '1000' +set qos policy shaper QoS default queue-type 'fq-codel' +set service dhcp-server shared-network-name BACKBONE authoritative +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 lease '86400' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option default-router '172.16.37.254' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 start '172.16.37.120' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 stop '172.16.37.149' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1.wue3 ip-address '172.16.37.231' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1.wue3 mac '18:e8:29:6c:c3:a5' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 subnet-id '1' +set service dhcp-server shared-network-name GUEST authoritative +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 lease '86400' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option default-router '172.31.0.254' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option name-server '172.31.0.254' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 start '172.31.0.100' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 stop '172.31.0.199' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host01 ip-address '172.31.0.200' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host01 mac '00:50:00:00:00:01' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host02 ip-address '172.31.0.184' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host02 mac '00:50:00:00:00:02' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 subnet-id '2' +set service dhcp-server shared-network-name IOT authoritative +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 lease '86400' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option default-router '172.16.35.254' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 range 0 start '172.16.35.101' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 range 0 stop '172.16.35.149' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 subnet-id '3' +set service dhcp-server shared-network-name LAN authoritative +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 lease '86400' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option default-router '172.16.33.254' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 start '172.16.33.100' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 stop '172.16.33.189' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 subnet-id '4' +set service dns forwarding allow-from '172.16.0.0/12' +set service dns forwarding cache-size '0' +set service dns forwarding domain 16.172.in-addr.arpa addnta +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.10 +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.20 +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.110.30 +set service dns forwarding domain 16.172.in-addr.arpa recursion-desired +set service dns forwarding domain 18.172.in-addr.arpa addnta +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.10 +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.20 +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.110.30 +set service dns forwarding domain 18.172.in-addr.arpa recursion-desired +set service dns forwarding domain vyos.net addnta +set service dns forwarding domain vyos.net name-server 172.16.100.10 +set service dns forwarding domain vyos.net name-server 172.16.100.20 +set service dns forwarding domain vyos.net name-server 172.16.110.30 +set service dns forwarding domain vyos.net recursion-desired +set service dns forwarding ignore-hosts-file +set service dns forwarding listen-address '172.16.254.30' +set service dns forwarding listen-address '172.31.0.254' +set service dns forwarding negative-ttl '60' +set service lldp legacy-protocols cdp +set service lldp snmp +set service mdns repeater interface 'eth0.35' +set service mdns repeater interface 'eth0.10' +set service ntp allow-client address '172.16.0.0/12' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set service router-advert interface eth0.10 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface eth0.10 prefix ::/64 valid-lifetime '5400' +set service router-advert interface eth0.20 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface eth0.20 prefix ::/64 valid-lifetime '5400' +set service snmp community fooBar authorization 'ro' +set service snmp community fooBar network '172.16.100.0/24' +set service snmp contact 'VyOS maintainers and contributors <maintainers@vyos.io>' +set service snmp listen-address 172.16.254.30 port '161' +set service snmp location 'The Internet' +set service ssh disable-host-validation +set service ssh port '22' +set system config-management commit-revisions '200' +set system conntrack expect-table-size '2048' +set system conntrack hash-size '32768' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sqlnet +set system conntrack modules tftp +set system conntrack table-size '262144' +set system conntrack timeout +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '172.16.254.30' +set system option ctrl-alt-delete 'ignore' +set system option reboot-on-panic +set system option startup-beep +set system syslog global facility all level 'debug' +set system syslog global facility local7 level 'debug' +set system syslog host 172.16.100.1 facility all level 'warning' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn index 8c221707f..67af456f4 100644 --- a/smoketest/config-tests/dialup-router-medium-vpn +++ b/smoketest/config-tests/dialup-router-medium-vpn @@ -25,18 +25,12 @@ set high-availability vrrp sync-group failover-group member 'LAN' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 mtu '9000' set interfaces ethernet eth0 offload gro -set interfaces ethernet eth0 offload gso -set interfaces ethernet eth0 offload sg -set interfaces ethernet eth0 offload tso set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth1 address '192.168.0.250/24' set interfaces ethernet eth1 duplex 'auto' set interfaces ethernet eth1 ip source-validation 'strict' set interfaces ethernet eth1 mtu '9000' set interfaces ethernet eth1 offload gro -set interfaces ethernet eth1 offload gso -set interfaces ethernet eth1 offload sg -set interfaces ethernet eth1 offload tso set interfaces ethernet eth1 speed 'auto' set interfaces loopback lo set interfaces openvpn vtun0 encryption ncp-ciphers 'aes256' @@ -130,6 +124,7 @@ set interfaces wireguard wg0 peer red persistent-keepalive '20' set interfaces wireguard wg0 peer red preshared-key 'CumyXX7osvUT9AwnS+m2TEfCaL0Ptc2LfuZ78Sujuk8=' set interfaces wireguard wg0 peer red public-key 'ALGWvMJCKpHF2tVH3hEIHqUe9iFfAmZATUUok/WQzks=' set interfaces wireguard wg0 port '7777' +set interfaces wireguard wg0 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0=' set interfaces wireguard wg1 address '10.89.90.2/30' set interfaces wireguard wg1 ip adjust-mss '1380' set interfaces wireguard wg1 peer sam address '192.0.2.45' @@ -140,6 +135,7 @@ set interfaces wireguard wg1 peer sam port '1200' set interfaces wireguard wg1 peer sam preshared-key 'XpFtzx2Z+nR8pBv9/sSf7I94OkZkVYTz0AeU5Q/QQUE=' set interfaces wireguard wg1 peer sam public-key 'v5zfKGvH6W/lfDXJ0en96lvKo1gfFxMUWxe02+Fj5BU=' set interfaces wireguard wg1 port '7778' +set interfaces wireguard wg1 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0=' set nat destination rule 50 destination port '49371' set nat destination rule 50 inbound-interface name 'pppoe0' set nat destination rule 50 protocol 'tcp_udp' @@ -295,9 +291,18 @@ set service ssh listen-address '192.168.0.1' set service ssh listen-address '192.168.10.1' set service ssh listen-address '192.168.0.250' set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp set system console device ttyS0 speed '115200' set system host-name 'vyos' set system ip arp table-size '1024' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' set system name-server '192.168.0.1' set system name-server 'pppoe0' set system option ctrl-alt-delete 'ignore' diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6 index 814a62d55..ff4bf89c2 100644 --- a/smoketest/config-tests/dialup-router-wireguard-ipv6 +++ b/smoketest/config-tests/dialup-router-wireguard-ipv6 @@ -1,207 +1,3 @@ -set interfaces dummy dum0 address '172.16.254.30/32' -set interfaces ethernet eth0 vif 10 address '172.16.33.254/24' -set interfaces ethernet eth0 vif 10 address '172.16.40.254/24' -set interfaces ethernet eth0 vif 5 address '172.16.37.254/24' -set interfaces ethernet eth0 vif 50 address '172.16.36.254/24' -set interfaces ethernet eth0 ring-buffer rx '256' -set interfaces ethernet eth0 ring-buffer tx '256' -set interfaces ethernet eth1 offload gro -set interfaces ethernet eth1 offload gso -set interfaces ethernet eth1 offload sg -set interfaces ethernet eth1 offload tso -set interfaces ethernet eth1 vif 20 address '172.31.0.254/24' -set interfaces ethernet eth2 disable -set interfaces ethernet eth2 offload gro -set interfaces ethernet eth2 offload gso -set interfaces ethernet eth2 offload sg -set interfaces ethernet eth2 offload tso -set interfaces ethernet eth3 offload gro -set interfaces ethernet eth3 offload gso -set interfaces ethernet eth3 offload sg -set interfaces ethernet eth3 offload tso -set interfaces ethernet eth3 ring-buffer rx '256' -set interfaces ethernet eth3 ring-buffer tx '256' -set interfaces ethernet eth3 vif 7 -set interfaces loopback lo address '172.16.254.30/32' -set interfaces pppoe pppoe0 authentication password 'vyos' -set interfaces pppoe pppoe0 authentication username 'vyos' -set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 address '1' -set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 sla-id '10' -set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 address '1' -set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 sla-id '20' -set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56' -set interfaces pppoe pppoe0 ip adjust-mss '1452' -set interfaces pppoe pppoe0 ipv6 address autoconf -set interfaces pppoe pppoe0 ipv6 adjust-mss '1432' -set interfaces pppoe pppoe0 no-peer-dns -set interfaces pppoe pppoe0 source-interface 'eth3.7' -set interfaces wireguard wg100 address '172.16.252.128/31' -set interfaces wireguard wg100 mtu '1500' -set interfaces wireguard wg100 peer HR6 address '100.65.151.213' -set interfaces wireguard wg100 peer HR6 allowed-ips '0.0.0.0/0' -set interfaces wireguard wg100 peer HR6 port '10100' -set interfaces wireguard wg100 port '10100' -set interfaces wireguard wg200 address '172.16.252.130/31' -set interfaces wireguard wg200 mtu '1500' -set interfaces wireguard wg200 peer WH56 address '80.151.69.205' -set interfaces wireguard wg200 peer WH56 allowed-ips '0.0.0.0/0' -set interfaces wireguard wg200 peer WH56 port '10200' -set interfaces wireguard wg200 port '10200' -set interfaces wireguard wg666 address '172.29.0.1/31' -set interfaces wireguard wg666 mtu '1500' -set interfaces wireguard wg666 peer WH34 address '100.65.55.1' -set interfaces wireguard wg666 peer WH34 allowed-ips '0.0.0.0/0' -set interfaces wireguard wg666 peer WH34 port '10666' -set interfaces wireguard wg666 port '10666' -set protocols ospf area 0 network '172.16.37.0/24' -set protocols ospf area 0 network '172.16.254.30/32' -set protocols ospf area 0 network '172.18.202.0/24' -set protocols ospf area 0 network '172.18.203.0/24' -set protocols ospf area 0 network '172.18.204.0/24' -set protocols ospf interface eth0.5 authentication md5 key-id 10 md5-key 'ospf' -set protocols ospf interface eth0.5 dead-interval '40' -set protocols ospf interface eth0.5 hello-interval '10' -set protocols ospf interface eth0.5 passive disable -set protocols ospf interface eth0.5 priority '1' -set protocols ospf interface eth0.5 retransmit-interval '5' -set protocols ospf interface eth0.5 transmit-delay '1' -set protocols ospf log-adjacency-changes detail -set protocols ospf parameters router-id '172.16.254.30' -set protocols ospf default-information originate always -set protocols ospf default-information originate metric-type '2' -set protocols ospf redistribute connected metric-type '2' -set protocols ospf redistribute connected route-map 'MAP-OSPF-CONNECTED' -set protocols static route 10.0.0.0/8 blackhole distance '254' -set protocols static route 169.254.0.0/16 blackhole distance '254' -set protocols static route 172.16.0.0/12 blackhole distance '254' -set protocols static route 172.16.32.0/21 blackhole -set protocols static route 172.18.0.0/16 blackhole -set protocols static route 172.29.0.2/31 next-hop 172.29.0.0 -set protocols static route 192.168.0.0/16 blackhole distance '254' -set protocols static route 192.168.189.0/24 next-hop 172.29.0.0 -set protocols static route6 2000::/3 interface pppoe0 -set protocols bfd peer 172.16.252.129 -set protocols bfd peer 172.16.252.131 -set protocols bfd peer 172.18.254.201 -set protocols bgp address-family ipv4-unicast network 172.16.32.0/21 -set protocols bgp address-family ipv4-unicast network 172.16.100.0/24 -set protocols bgp address-family ipv4-unicast network 172.16.252.128/31 -set protocols bgp address-family ipv4-unicast network 172.16.252.130/31 -set protocols bgp address-family ipv4-unicast network 172.16.254.30/32 -set protocols bgp address-family ipv4-unicast network 172.18.0.0/16 -set protocols bgp neighbor 172.16.252.129 peer-group 'WIREGUARD' -set protocols bgp neighbor 172.16.252.131 peer-group 'WIREGUARD' -set protocols bgp neighbor 172.18.254.201 address-family ipv4-unicast nexthop-self -set protocols bgp neighbor 172.18.254.201 bfd -set protocols bgp neighbor 172.18.254.201 remote-as '64503' -set protocols bgp neighbor 172.18.254.201 update-source 'dum0' -set protocols bgp parameters log-neighbor-changes -set protocols bgp peer-group WIREGUARD address-family ipv4-unicast soft-reconfiguration inbound -set protocols bgp peer-group WIREGUARD bfd -set protocols bgp peer-group WIREGUARD remote-as 'external' -set protocols bgp system-as '64503' -set protocols bgp timers holdtime '30' -set protocols bgp timers keepalive '10' -set service lldp legacy-protocols cdp -set service lldp legacy-protocols edp -set service lldp legacy-protocols fdp -set service lldp legacy-protocols sonmp -set service lldp snmp -set service ntp allow-client address '172.16.0.0/12' -set service ntp server time1.vyos.net -set service ntp server time2.vyos.net -set service dhcp-server shared-network-name BACKBONE authoritative -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 lease '86400' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option default-router '172.16.37.254' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-name 'vyos.net' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-search 'vyos.net' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option name-server '172.16.254.30' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option ntp-server '172.16.254.30' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 start '172.16.37.120' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 stop '172.16.37.149' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 ip-address '172.16.37.231' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 mac '02:00:00:00:ee:18' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 ip-address '172.16.37.232' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 mac '02:00:00:00:52:84' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 ip-address '172.16.37.233' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 mac '02:00:00:00:51:c0' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 ip-address '172.16.37.234' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 mac '02:00:00:00:e6:fc' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 ip-address '172.16.37.235' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 mac '02:00:00:00:c3:50' -set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 subnet-id '1' -set service dhcp-server shared-network-name GUEST authoritative -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 lease '86400' -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option default-router '172.31.0.254' -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-name 'vyos.net' -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-search 'vyos.net' -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option name-server '172.31.0.254' -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 start '172.31.0.101' -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 stop '172.31.0.199' -set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 subnet-id '2' -set service dhcp-server shared-network-name LAN authoritative -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 lease '86400' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option default-router '172.16.33.254' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-name 'vyos.net' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-search 'vyos.net' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option name-server '172.16.254.30' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option ntp-server '172.16.254.30' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 start '172.16.33.100' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 stop '172.16.33.189' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four ip-address '172.16.33.214' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four mac '02:00:00:00:c4:33' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one ip-address '172.16.33.221' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one mac '02:00:00:00:eb:a6' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three ip-address '172.16.33.212' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three mac '02:00:00:00:12:c7' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two ip-address '172.16.33.211' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two mac '02:00:00:00:58:90' -set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 subnet-id '3' -set service dns dynamic name service-vyos-pppoe0 address interface 'pppoe0' -set service dns dynamic name service-vyos-pppoe0 host-name 'r1.vyos.net' -set service dns dynamic name service-vyos-pppoe0 password 'vyos' -set service dns dynamic name service-vyos-pppoe0 protocol 'dyndns2' -set service dns dynamic name service-vyos-pppoe0 server 'dyndns.vyos.io' -set service dns dynamic name service-vyos-pppoe0 username 'vyos-vyos' -set service dns forwarding allow-from '172.16.0.0/12' -set service dns forwarding domain 16.172.in-addr.arpa addnta -set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.10 -set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.20 -set service dns forwarding domain 16.172.in-addr.arpa recursion-desired -set service dns forwarding domain 18.172.in-addr.arpa addnta -set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.10 -set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.20 -set service dns forwarding domain 18.172.in-addr.arpa recursion-desired -set service dns forwarding domain vyos.net addnta -set service dns forwarding domain vyos.net name-server 172.16.100.10 -set service dns forwarding domain vyos.net name-server 172.16.100.20 -set service dns forwarding domain vyos.net recursion-desired -set service dns forwarding ignore-hosts-file -set service dns forwarding listen-address '172.16.254.30' -set service dns forwarding listen-address '172.31.0.254' -set service dns forwarding negative-ttl '60' -set service router-advert interface eth0.10 prefix ::/64 preferred-lifetime '2700' -set service router-advert interface eth0.10 prefix ::/64 valid-lifetime '5400' -set service router-advert interface eth1.20 prefix ::/64 preferred-lifetime '2700' -set service router-advert interface eth1.20 prefix ::/64 valid-lifetime '5400' -set service snmp community ro-community authorization 'ro' -set service snmp community ro-community network '172.16.100.0/24' -set service snmp contact 'VyOS' -set service snmp listen-address 172.16.254.30 port '161' -set service snmp location 'CLOUD' -set system conntrack expect-table-size '2048' -set system conntrack hash-size '32768' -set system conntrack table-size '262144' -set system domain-name 'vyos.net' -set system host-name 'r1' -set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' -set system login user vyos authentication plaintext-password '' -set system option ctrl-alt-delete 'ignore' -set system option performance 'latency' -set system option startup-beep -set system syslog global facility all level 'debug' -set system syslog host 172.16.100.1 facility all level 'warning' -set system console device ttyS0 speed '115200' set firewall global-options all-ping 'enable' set firewall global-options broadcast-ping 'disable' set firewall global-options ip-src-route 'disable' @@ -634,6 +430,67 @@ set firewall zone WAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' set firewall zone WAN from LOCAL firewall name 'LOCAL-WAN' set firewall zone WAN interface 'pppoe0' set firewall zone WAN interface 'wg666' +set interfaces dummy dum0 address '172.16.254.30/32' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth0 ring-buffer rx '256' +set interfaces ethernet eth0 ring-buffer tx '256' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth0 vif 5 address '172.16.37.254/24' +set interfaces ethernet eth0 vif 10 address '172.16.33.254/24' +set interfaces ethernet eth0 vif 10 address '172.16.40.254/24' +set interfaces ethernet eth0 vif 50 address '172.16.36.254/24' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 offload gro +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth1 vif 20 address '172.31.0.254/24' +set interfaces ethernet eth2 disable +set interfaces ethernet eth2 duplex 'auto' +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth2 speed 'auto' +set interfaces ethernet eth3 duplex 'auto' +set interfaces ethernet eth3 offload gro +set interfaces ethernet eth3 ring-buffer rx '256' +set interfaces ethernet eth3 ring-buffer tx '256' +set interfaces ethernet eth3 speed 'auto' +set interfaces ethernet eth3 vif 7 +set interfaces loopback lo address '172.16.254.30/32' +set interfaces pppoe pppoe0 authentication password 'vyos' +set interfaces pppoe pppoe0 authentication username 'vyos' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 address '1' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 sla-id '10' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 address '1' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 sla-id '20' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56' +set interfaces pppoe pppoe0 ip adjust-mss '1452' +set interfaces pppoe pppoe0 ipv6 address autoconf +set interfaces pppoe pppoe0 ipv6 adjust-mss '1432' +set interfaces pppoe pppoe0 no-peer-dns +set interfaces pppoe pppoe0 source-interface 'eth3.7' +set interfaces wireguard wg100 address '172.16.252.128/31' +set interfaces wireguard wg100 mtu '1500' +set interfaces wireguard wg100 peer HR6 address '100.65.151.213' +set interfaces wireguard wg100 peer HR6 allowed-ips '0.0.0.0/0' +set interfaces wireguard wg100 peer HR6 port '10100' +set interfaces wireguard wg100 peer HR6 public-key 'yLpi+UZuI019bmWH2h5fX3gStbpPPPLgEoYMyrdkOnQ=' +set interfaces wireguard wg100 port '10100' +set interfaces wireguard wg100 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0=' +set interfaces wireguard wg200 address '172.16.252.130/31' +set interfaces wireguard wg200 mtu '1500' +set interfaces wireguard wg200 peer WH56 address '80.151.69.205' +set interfaces wireguard wg200 peer WH56 allowed-ips '0.0.0.0/0' +set interfaces wireguard wg200 peer WH56 port '10200' +set interfaces wireguard wg200 peer WH56 public-key 'XQbkj6vnKKBJfJQyThXysU0iGxCvEOEb31kpaZgkrD8=' +set interfaces wireguard wg200 port '10200' +set interfaces wireguard wg200 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0=' +set interfaces wireguard wg666 address '172.29.0.1/31' +set interfaces wireguard wg666 mtu '1500' +set interfaces wireguard wg666 peer WH34 address '100.65.55.1' +set interfaces wireguard wg666 peer WH34 allowed-ips '0.0.0.0/0' +set interfaces wireguard wg666 peer WH34 port '10666' +set interfaces wireguard wg666 peer WH34 public-key 'yaTN4+xAafKM04D+Baeg5GWfbdaw35TE9HQivwRgAk0=' +set interfaces wireguard wg666 port '10666' +set interfaces wireguard wg666 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0=' set nat destination rule 8000 destination port '10000' set nat destination rule 8000 inbound-interface name 'pppoe0' set nat destination rule 8000 protocol 'udp' @@ -667,8 +524,174 @@ set policy route-map MAP-OSPF-CONNECTED rule 20 action 'permit' set policy route-map MAP-OSPF-CONNECTED rule 20 match interface 'eth0.10' set policy route-map MAP-OSPF-CONNECTED rule 40 action 'permit' set policy route-map MAP-OSPF-CONNECTED rule 40 match interface 'eth0.50' +set protocols bfd peer 172.16.252.129 +set protocols bfd peer 172.16.252.131 +set protocols bfd peer 172.18.254.201 +set protocols bgp address-family ipv4-unicast network 172.16.32.0/21 +set protocols bgp address-family ipv4-unicast network 172.16.100.0/24 +set protocols bgp address-family ipv4-unicast network 172.16.252.128/31 +set protocols bgp address-family ipv4-unicast network 172.16.252.130/31 +set protocols bgp address-family ipv4-unicast network 172.16.254.30/32 +set protocols bgp address-family ipv4-unicast network 172.18.0.0/16 +set protocols bgp neighbor 172.16.252.129 peer-group 'WIREGUARD' +set protocols bgp neighbor 172.16.252.131 peer-group 'WIREGUARD' +set protocols bgp neighbor 172.18.254.201 address-family ipv4-unicast nexthop-self +set protocols bgp neighbor 172.18.254.201 bfd +set protocols bgp neighbor 172.18.254.201 remote-as '64503' +set protocols bgp neighbor 172.18.254.201 update-source 'dum0' +set protocols bgp parameters log-neighbor-changes +set protocols bgp peer-group WIREGUARD address-family ipv4-unicast soft-reconfiguration inbound +set protocols bgp peer-group WIREGUARD bfd +set protocols bgp peer-group WIREGUARD remote-as 'external' +set protocols bgp system-as '64503' +set protocols bgp timers holdtime '30' +set protocols bgp timers keepalive '10' +set protocols ospf area 0 network '172.16.254.30/32' +set protocols ospf area 0 network '172.16.37.0/24' +set protocols ospf area 0 network '172.18.201.0/24' +set protocols ospf area 0 network '172.18.202.0/24' +set protocols ospf area 0 network '172.18.203.0/24' +set protocols ospf area 0 network '172.18.204.0/24' +set protocols ospf default-information originate always +set protocols ospf default-information originate metric-type '2' +set protocols ospf interface eth0.5 authentication md5 key-id 10 md5-key 'ospf' +set protocols ospf interface eth0.5 dead-interval '40' +set protocols ospf interface eth0.5 hello-interval '10' +set protocols ospf interface eth0.5 passive disable +set protocols ospf interface eth0.5 priority '1' +set protocols ospf interface eth0.5 retransmit-interval '5' +set protocols ospf interface eth0.5 transmit-delay '1' +set protocols ospf log-adjacency-changes detail +set protocols ospf parameters abr-type 'cisco' +set protocols ospf parameters router-id '172.16.254.30' +set protocols ospf passive-interface 'default' +set protocols ospf redistribute connected metric-type '2' +set protocols ospf redistribute connected route-map 'MAP-OSPF-CONNECTED' +set protocols static route 10.0.0.0/8 blackhole distance '254' +set protocols static route 169.254.0.0/16 blackhole distance '254' +set protocols static route 172.16.0.0/12 blackhole distance '254' +set protocols static route 172.16.32.0/21 blackhole +set protocols static route 172.18.0.0/16 blackhole +set protocols static route 172.29.0.2/31 next-hop 172.29.0.0 +set protocols static route 192.168.0.0/16 blackhole distance '254' +set protocols static route 192.168.189.0/24 next-hop 172.29.0.0 +set protocols static route6 2000::/3 interface pppoe0 set qos policy shaper QoS bandwidth '50mbit' set qos policy shaper QoS default bandwidth '100%' set qos policy shaper QoS default burst '15k' set qos policy shaper QoS default queue-limit '1000' set qos policy shaper QoS default queue-type 'fq-codel' +set service dhcp-server shared-network-name BACKBONE authoritative +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 lease '86400' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option default-router '172.16.37.254' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 start '172.16.37.120' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 stop '172.16.37.149' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 ip-address '172.16.37.231' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 mac '02:00:00:00:ee:18' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 ip-address '172.16.37.232' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 mac '02:00:00:00:52:84' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 ip-address '172.16.37.233' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 mac '02:00:00:00:51:c0' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 ip-address '172.16.37.234' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 mac '02:00:00:00:e6:fc' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 ip-address '172.16.37.235' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 mac '02:00:00:00:c3:50' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 subnet-id '1' +set service dhcp-server shared-network-name GUEST authoritative +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 lease '86400' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option default-router '172.31.0.254' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option name-server '172.31.0.254' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 start '172.31.0.101' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 stop '172.31.0.199' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 subnet-id '2' +set service dhcp-server shared-network-name LAN authoritative +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 lease '86400' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option default-router '172.16.33.254' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 start '172.16.33.100' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 stop '172.16.33.189' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four ip-address '172.16.33.214' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four mac '02:00:00:00:c4:33' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one ip-address '172.16.33.221' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one mac '02:00:00:00:eb:a6' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three ip-address '172.16.33.212' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three mac '02:00:00:00:12:c7' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two ip-address '172.16.33.211' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two mac '02:00:00:00:58:90' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 subnet-id '3' +set service dns dynamic name service-vyos-pppoe0 address interface 'pppoe0' +set service dns dynamic name service-vyos-pppoe0 host-name 'r1.vyos.net' +set service dns dynamic name service-vyos-pppoe0 password 'vyos' +set service dns dynamic name service-vyos-pppoe0 protocol 'dyndns2' +set service dns dynamic name service-vyos-pppoe0 server 'dyndns.vyos.io' +set service dns dynamic name service-vyos-pppoe0 username 'vyos-vyos' +set service dns forwarding allow-from '172.16.0.0/12' +set service dns forwarding domain 16.172.in-addr.arpa addnta +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.10 +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.20 +set service dns forwarding domain 16.172.in-addr.arpa recursion-desired +set service dns forwarding domain 18.172.in-addr.arpa addnta +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.10 +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.20 +set service dns forwarding domain 18.172.in-addr.arpa recursion-desired +set service dns forwarding domain vyos.net addnta +set service dns forwarding domain vyos.net name-server 172.16.100.10 +set service dns forwarding domain vyos.net name-server 172.16.100.20 +set service dns forwarding domain vyos.net recursion-desired +set service dns forwarding ignore-hosts-file +set service dns forwarding listen-address '172.16.254.30' +set service dns forwarding listen-address '172.31.0.254' +set service dns forwarding negative-ttl '60' +set service lldp legacy-protocols cdp +set service lldp legacy-protocols edp +set service lldp legacy-protocols fdp +set service lldp legacy-protocols sonmp +set service lldp snmp +set service ntp allow-client address '172.16.0.0/12' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service router-advert interface eth0.10 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface eth0.10 prefix ::/64 valid-lifetime '5400' +set service router-advert interface eth1.20 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface eth1.20 prefix ::/64 valid-lifetime '5400' +set service snmp community ro-community authorization 'ro' +set service snmp community ro-community network '172.16.100.0/24' +set service snmp contact 'VyOS' +set service snmp listen-address 172.16.254.30 port '161' +set service snmp location 'CLOUD' +set service ssh disable-host-validation +set service ssh port '22' +set system config-management commit-revisions '200' +set system conntrack expect-table-size '2048' +set system conntrack hash-size '32768' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sqlnet +set system conntrack modules tftp +set system conntrack table-size '262144' +set system conntrack timeout +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'r1' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '172.16.254.30' +set system option ctrl-alt-delete 'ignore' +set system option performance 'latency' +set system option reboot-on-panic +set system option startup-beep +set system syslog global facility all level 'debug' +set system syslog global facility local7 level 'debug' +set system syslog host 172.16.100.1 facility all level 'warning' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/egp-igp-route-maps b/smoketest/config-tests/egp-igp-route-maps new file mode 100644 index 000000000..fc46d25ff --- /dev/null +++ b/smoketest/config-tests/egp-igp-route-maps @@ -0,0 +1,46 @@ +set interfaces ethernet eth0 address '192.0.2.1/25' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 address '192.0.2.129/25' +set interfaces ethernet eth1 address '2001:db8::1234/64' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set interfaces loopback lo +set policy route-map zebra-bgp rule 10 action 'permit' +set policy route-map zebra-isis rule 10 action 'permit' +set policy route-map zebra-ospf rule 10 action 'permit' +set policy route-map zebra-ospfv3 rule 10 action 'permit' +set policy route-map zebra-ripng rule 10 action 'permit' +set policy route-map zebra-static rule 10 action 'permit' +set protocols bgp system-as '100' +set protocols isis interface eth0 +set protocols isis net '49.0001.1921.6800.1002.00' +set protocols ospf area 0 network '192.0.2.0/25' +set protocols ospf area 0 network '192.0.2.128/25' +set protocols ospf interface eth0 passive disable +set protocols ospf interface eth1 passive disable +set protocols ospf log-adjacency-changes +set protocols ospf parameters abr-type 'cisco' +set protocols ospf parameters router-id '1.1.1.1' +set protocols ospf passive-interface 'default' +set protocols ospfv3 area 0 +set protocols ospfv3 interface eth1 area '0' +set protocols ospfv3 parameters router-id '1.1.1.1' +set protocols ripng interface eth1 +set protocols static +set system config-management commit-revisions '100' +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system ip protocol bgp route-map 'zebra-bgp' +set system ip protocol isis route-map 'zebra-isis' +set system ip protocol ospf route-map 'zebra-ospf' +set system ip protocol static route-map 'zebra-static' +set system ipv6 protocol ospfv3 route-map 'zebra-ospfv3' +set system ipv6 protocol ripng route-map 'zebra-ripng' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system logs logrotate messages max-size '1' +set system logs logrotate messages rotate '5' +set system name-server '192.168.0.1' +set system syslog global facility all level 'info' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/igmp-pim-small b/smoketest/config-tests/igmp-pim-small index 207c17d45..909c3d67b 100644 --- a/smoketest/config-tests/igmp-pim-small +++ b/smoketest/config-tests/igmp-pim-small @@ -1,5 +1,12 @@ +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth1 address '100.64.0.1/24' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' set interfaces ethernet eth2 address '172.16.0.2/24' +set interfaces ethernet eth2 duplex 'auto' +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth2 speed 'auto' set protocols pim interface eth1 igmp join 224.1.0.0 source-address '1.1.1.1' set protocols pim interface eth1 igmp join 224.1.0.0 source-address '1.1.1.2' set protocols pim interface eth1 igmp query-interval '1000' @@ -7,11 +14,24 @@ set protocols pim interface eth1 igmp query-max-response-time '30' set protocols pim interface eth1 igmp version '2' set protocols pim interface eth2 set protocols pim rp address 172.16.255.1 group '224.0.0.0/4' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' set service ntp server 0.pool.ntp.org set service ntp server 1.pool.ntp.org set service ntp server 2.pool.ntp.org +set system config-management commit-revisions '200' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' set system domain-name 'vyos.io' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system console device ttyS0 speed '115200' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/ipoe-server b/smoketest/config-tests/ipoe-server index fb32fdb14..f4a12f502 100644 --- a/smoketest/config-tests/ipoe-server +++ b/smoketest/config-tests/ipoe-server @@ -1,9 +1,10 @@ set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth1 address '192.168.0.1/24' +set interfaces ethernet eth2 offload gro set interfaces loopback lo -set service ntp server time1.vyos.net -set service ntp server time2.vyos.net -set service ntp server time3.vyos.net +set nat source rule 100 outbound-interface name 'eth0' +set nat source rule 100 source address '192.168.0.0/24' +set nat source rule 100 translation address 'masquerade' set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 rate-limit download '1000' set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 rate-limit upload '500' set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 vlan '100' @@ -25,11 +26,23 @@ set service ipoe-server name-server '10.10.1.1' set service ipoe-server name-server '10.10.1.2' set service ipoe-server name-server '2001:db8:aaa::' set service ipoe-server name-server '2001:db8:bbb::' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net +set service ssh set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system console device ttyS0 speed '115200' -set nat source rule 100 outbound-interface name 'eth0' -set nat source rule 100 source address '192.168.0.0/24' -set nat source rule 100 translation address 'masquerade' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/ipv6-disable b/smoketest/config-tests/ipv6-disable new file mode 100644 index 000000000..40e34fa0c --- /dev/null +++ b/smoketest/config-tests/ipv6-disable @@ -0,0 +1,31 @@ +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth0 vif 201 address '172.18.201.10/24' +set interfaces ethernet eth0 vif 202 address '172.18.202.10/24' +set interfaces ethernet eth0 vif 203 address '172.18.203.10/24' +set interfaces ethernet eth0 vif 204 address '172.18.204.10/24' +set protocols static route 0.0.0.0/0 next-hop 172.18.201.254 distance '10' +set protocols static route 0.0.0.0/0 next-hop 172.18.202.254 distance '20' +set protocols static route 0.0.0.0/0 next-hop 172.18.203.254 distance '30' +set protocols static route 0.0.0.0/0 next-hop 172.18.204.254 distance '40' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 172.16.254.20 +set service ntp server 172.16.254.30 +set system config-management commit-revisions '200' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '172.16.254.20' +set system name-server '172.16.254.30' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/isis-small b/smoketest/config-tests/isis-small new file mode 100644 index 000000000..b322f4e29 --- /dev/null +++ b/smoketest/config-tests/isis-small @@ -0,0 +1,44 @@ +set interfaces dummy dum0 address '203.0.113.1/24' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 offload sg +set interfaces ethernet eth0 offload tso +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 address '192.0.2.1/24' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 offload sg +set interfaces ethernet eth1 offload tso +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth2 duplex 'auto' +set interfaces ethernet eth2 offload sg +set interfaces ethernet eth2 offload tso +set interfaces ethernet eth2 speed 'auto' +set interfaces ethernet eth3 duplex 'auto' +set interfaces ethernet eth3 offload sg +set interfaces ethernet eth3 offload tso +set interfaces ethernet eth3 speed 'auto' +set policy prefix-list EXPORT-ISIS rule 10 action 'permit' +set policy prefix-list EXPORT-ISIS rule 10 prefix '203.0.113.0/24' +set policy route-map EXPORT-ISIS rule 10 action 'permit' +set policy route-map EXPORT-ISIS rule 10 match ip address prefix-list 'EXPORT-ISIS' +set protocols isis interface eth1 bfd +set protocols isis net '49.0001.1921.6800.1002.00' +set protocols isis redistribute ipv4 connected level-2 route-map 'EXPORT-ISIS' +set system config-management commit-revisions '200' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.io' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/nat-basic b/smoketest/config-tests/nat-basic index 9fea08b02..471add3b3 100644 --- a/smoketest/config-tests/nat-basic +++ b/smoketest/config-tests/nat-basic @@ -1,25 +1,17 @@ -set interfaces ethernet eth0 offload rps +set interfaces bonding bond10 hash-policy 'layer3+4' +set interfaces bonding bond10 member interface 'eth2' +set interfaces bonding bond10 member interface 'eth3' +set interfaces bonding bond10 mode '802.3ad' +set interfaces bonding bond10 vif 50 address '192.168.189.1/24' set interfaces ethernet eth0 disable +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth0 offload rps set interfaces ethernet eth1 offload gro -set interfaces ethernet eth1 offload gso set interfaces ethernet eth1 offload rps -set interfaces ethernet eth1 offload sg -set interfaces ethernet eth1 offload tso set interfaces ethernet eth2 offload gro -set interfaces ethernet eth2 offload gso set interfaces ethernet eth2 offload rps -set interfaces ethernet eth2 offload sg -set interfaces ethernet eth2 offload tso set interfaces ethernet eth3 offload gro -set interfaces ethernet eth3 offload gso set interfaces ethernet eth3 offload rps -set interfaces ethernet eth3 offload sg -set interfaces ethernet eth3 offload tso -set interfaces bonding bond10 hash-policy 'layer3+4' -set interfaces bonding bond10 member interface 'eth2' -set interfaces bonding bond10 member interface 'eth3' -set interfaces bonding bond10 mode '802.3ad' -set interfaces bonding bond10 vif 50 address '192.168.189.1/24' set interfaces loopback lo set interfaces pppoe pppoe7 authentication password 'vyos' set interfaces pppoe pppoe7 authentication username 'vyos' @@ -31,30 +23,6 @@ set interfaces pppoe pppoe7 ipv6 adjust-mss '1432' set interfaces pppoe pppoe7 mtu '1492' set interfaces pppoe pppoe7 no-peer-dns set interfaces pppoe pppoe7 source-interface 'eth1' -set service lldp interface eth1 disable -set service ntp allow-client address '192.168.189.0/24' -set service ntp server time1.vyos.net -set service ntp server time2.vyos.net -set service ntp listen-address '192.168.189.1' -set service ssh dynamic-protection -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 lease '604800' -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option default-router '192.168.189.1' -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option domain-name 'vyos.net' -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '1.1.1.1' -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '9.9.9.9' -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 start '192.168.189.20' -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 stop '192.168.189.254' -set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 subnet-id '1' -set service router-advert interface bond10.50 prefix ::/64 preferred-lifetime '2700' -set service router-advert interface bond10.50 prefix ::/64 valid-lifetime '5400' -set system config-management commit-revisions '100' -set system domain-name 'vyos.net' -set system host-name 'R1' -set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' -set system login user vyos authentication plaintext-password '' -set system name-server '1.1.1.1' -set system name-server '9.9.9.9' -set system console device ttyS0 speed '115200' set nat destination rule 1000 destination port '3389' set nat destination rule 1000 inbound-interface name 'pppoe7' set nat destination rule 1000 protocol 'tcp' @@ -83,3 +51,38 @@ set nat source rule 50 translation port '10300' set nat source rule 100 outbound-interface name 'pppoe7' set nat source rule 100 source address '192.168.189.0/24' set nat source rule 100 translation address 'masquerade' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 lease '604800' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option default-router '192.168.189.1' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '1.1.1.1' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '9.9.9.9' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 start '192.168.189.20' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 stop '192.168.189.254' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 subnet-id '1' +set service lldp interface all +set service lldp interface eth1 disable +set service ntp allow-client address '192.168.189.0/24' +set service ntp listen-address '192.168.189.1' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service router-advert interface bond10.50 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface bond10.50 prefix ::/64 valid-lifetime '5400' +set service ssh disable-host-validation +set service ssh dynamic-protection +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'R1' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '1.1.1.1' +set system name-server '9.9.9.9' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/ospf-simple b/smoketest/config-tests/ospf-simple index 13d5e7038..355709448 100644 --- a/smoketest/config-tests/ospf-simple +++ b/smoketest/config-tests/ospf-simple @@ -1,9 +1,11 @@ set interfaces ethernet eth0 vif 20 address '193.201.42.173/28' set interfaces ethernet eth0 vif 666 address '10.66.66.1/24' +set interfaces ethernet eth1 +set interfaces ethernet eth2 set interfaces loopback lo -set protocols ospf area 0 network '10.66.66.0/24' -set protocols ospf area 0 network '193.201.42.160/28' set protocols ospf area 0 area-type normal +set protocols ospf area 0 network '193.201.42.160/28' +set protocols ospf area 0 network '10.66.66.0/24' set protocols ospf interface eth0.20 cost '999' set protocols ospf interface eth0.20 dead-interval '4' set protocols ospf interface eth0.20 hello-interval '1' @@ -14,7 +16,9 @@ set protocols ospf interface eth0.666 passive set protocols ospf log-adjacency-changes detail set protocols static route 0.0.0.0/0 next-hop 193.201.42.170 distance '130' set system config-management commit-revisions '100' +set system console device ttyS0 speed '115200' set system host-name 'lab-vyos-r1' set system login user vyos authentication encrypted-password '$6$R.OnGzfXSfl6J$Iba/hl9bmjBs0VPtZ2zdW.Snh/nHuvxUwi0R6ruypgW63iKEbicJH.uUst8xZCyByURblxRtjAC1lAnYfIt.b0' set system login user vyos authentication plaintext-password '' -set system console device ttyS0 speed '115200' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/ospf-small b/smoketest/config-tests/ospf-small new file mode 100644 index 000000000..a7f8b682c --- /dev/null +++ b/smoketest/config-tests/ospf-small @@ -0,0 +1,82 @@ +set interfaces dummy dum0 address '172.18.254.200/32' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth0 vif 201 address '172.18.201.9/24' +set interfaces ethernet eth0 vif 202 address '172.18.202.9/24' +set interfaces ethernet eth0 vif 203 address '172.18.203.9/24' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set protocols ospf area 0 network '172.18.201.0/24' +set protocols ospf area 0 network '172.18.202.0/24' +set protocols ospf area 0 network '172.18.203.0/24' +set protocols ospf area 0 network '172.18.254.200/32' +set protocols ospf interface eth0.201 authentication md5 key-id 10 md5-key 'OSPFVyOSNET' +set protocols ospf interface eth0.201 dead-interval '40' +set protocols ospf interface eth0.201 hello-interval '10' +set protocols ospf interface eth0.201 passive disable +set protocols ospf interface eth0.201 priority '1' +set protocols ospf interface eth0.201 retransmit-interval '5' +set protocols ospf interface eth0.201 transmit-delay '1' +set protocols ospf interface eth0.202 authentication md5 key-id 10 md5-key 'OSPFVyOSNET' +set protocols ospf interface eth0.202 dead-interval '40' +set protocols ospf interface eth0.202 hello-interval '10' +set protocols ospf interface eth0.202 passive disable +set protocols ospf interface eth0.202 priority '1' +set protocols ospf interface eth0.202 retransmit-interval '5' +set protocols ospf interface eth0.202 transmit-delay '1' +set protocols ospf interface eth0.203 authentication md5 key-id 10 md5-key 'OSPFVyOSNET' +set protocols ospf interface eth0.203 dead-interval '40' +set protocols ospf interface eth0.203 hello-interval '10' +set protocols ospf interface eth0.203 passive disable +set protocols ospf interface eth0.203 priority '1' +set protocols ospf interface eth0.203 retransmit-interval '5' +set protocols ospf interface eth0.203 transmit-delay '1' +set protocols ospf log-adjacency-changes +set protocols ospf parameters abr-type 'cisco' +set protocols ospf parameters router-id '172.18.254.200' +set protocols ospf passive-interface 'default' +set protocols ospfv3 area 0.0.0.0 +set protocols ospfv3 interface eth0.201 area '0.0.0.0' +set protocols ospfv3 interface eth0.201 bfd +set protocols ospfv3 interface eth0.201 cost '40' +set protocols ospfv3 interface eth0.202 area '0.0.0.0' +set protocols ospfv3 interface eth0.202 bfd +set protocols ospfv3 interface eth0.202 cost '40' +set protocols ospfv3 interface eth0.203 area '0.0.0.0' +set protocols ospfv3 interface eth0.203 bfd +set protocols ospfv3 interface eth0.203 cost '40' +set protocols ospfv3 interface eth1 area '0.0.0.0' +set protocols ospfv3 interface eth1 bfd +set protocols ospfv3 interface eth1 cost '60' +set protocols ospfv3 interface eth1 mtu-ignore +set protocols ospfv3 interface eth1 network 'broadcast' +set protocols ospfv3 interface eth1 priority '20' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ssh disable-host-validation +set service ssh port '22' +set system config-management commit-revisions '200' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '172.16.254.30' +set system sysctl parameter net.ipv4.conf.eth0.tag value '1' +set system sysctl parameter net.ipv4.conf.eth1.tag value '1' +set system sysctl parameter net.ipv4.igmp_max_memberships value '5' +set system sysctl parameter net.ipv4.ipfrag_time value '4' +set system sysctl parameter net.mpls.default_ttl value '10' +set system sysctl parameter net.mpls.ip_ttl_propagate value '0' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/pppoe-server b/smoketest/config-tests/pppoe-server new file mode 100644 index 000000000..34fbea215 --- /dev/null +++ b/smoketest/config-tests/pppoe-server @@ -0,0 +1,47 @@ +set interfaces ethernet eth0 address 'dhcp' +set interfaces ethernet eth1 address '192.168.0.1/24' +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth2 speed 'auto' +set interfaces ethernet eth2 duplex 'auto' +set interfaces loopback lo +set nat source rule 100 outbound-interface name 'eth0' +set nat source rule 100 source address '192.168.0.0/24' +set nat source rule 100 translation address 'masquerade' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set service pppoe-server access-concentrator 'ACN' +set service pppoe-server authentication local-users username foo password 'bar' +set service pppoe-server authentication local-users username foo rate-limit download '20480' +set service pppoe-server authentication local-users username foo rate-limit upload '10240' +set service pppoe-server authentication mode 'local' +set service pppoe-server client-ip-pool default-range-pool range '10.0.0.0/24' +set service pppoe-server client-ip-pool default-range-pool range '10.0.1.0/24' +set service pppoe-server client-ip-pool default-range-pool range '10.0.2.0/24' +set service pppoe-server default-pool 'default-range-pool' +set service pppoe-server gateway-address '192.168.0.2' +set service pppoe-server interface eth1 +set service pppoe-server interface eth2 vlan '10' +set service pppoe-server interface eth2 vlan '20' +set service pppoe-server interface eth2 vlan '30-40' +set service pppoe-server interface eth2 vlan '50-60' +set service pppoe-server name-server '192.168.0.1' +set service pppoe-server ppp-options disable-ccp +set service ssh +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/qos-basic b/smoketest/config-tests/qos-basic new file mode 100644 index 000000000..0e198b80c --- /dev/null +++ b/smoketest/config-tests/qos-basic @@ -0,0 +1,75 @@ +set interfaces ethernet eth0 address '10.1.1.100/24' +set interfaces ethernet eth1 address '10.2.1.1/24' +set interfaces ethernet eth2 address '10.9.9.1/24' +set interfaces ethernet eth2 vif 200 +set interfaces loopback lo +set qos interface eth0 egress 'FS' +set qos interface eth1 egress 'ISPC' +set qos interface eth2 egress 'MY-HTB' +set qos interface eth2.200 egress 'foo-emulate' +set qos policy network-emulator foo-emulate bandwidth '300mbit' +set qos policy shaper FS bandwidth 'auto' +set qos policy shaper FS class 10 bandwidth '100%' +set qos policy shaper FS class 10 burst '15k' +set qos policy shaper FS class 10 match ADDRESS10 ip source address '172.17.1.2/32' +set qos policy shaper FS class 10 queue-type 'fair-queue' +set qos policy shaper FS class 20 bandwidth '100%' +set qos policy shaper FS class 20 burst '15k' +set qos policy shaper FS class 20 match ADDRESS20 ip source address '172.17.1.3/32' +set qos policy shaper FS class 20 queue-type 'fair-queue' +set qos policy shaper FS class 30 bandwidth '100%' +set qos policy shaper FS class 30 burst '15k' +set qos policy shaper FS class 30 match ADDRESS30 ip source address '172.17.1.4/32' +set qos policy shaper FS class 30 queue-type 'fair-queue' +set qos policy shaper FS default bandwidth '10%' +set qos policy shaper FS default burst '15k' +set qos policy shaper FS default ceiling '100%' +set qos policy shaper FS default priority '7' +set qos policy shaper FS default queue-type 'fair-queue' +set qos policy shaper ISPC bandwidth '600mbit' +set qos policy shaper ISPC default bandwidth '50%' +set qos policy shaper ISPC default burst '768k' +set qos policy shaper ISPC default ceiling '100%' +set qos policy shaper ISPC default queue-type 'fq-codel' +set qos policy shaper ISPC description 'Outbound Traffic Shaper - ISPC' +set qos policy shaper MY-HTB bandwidth '10mbit' +set qos policy shaper MY-HTB class 30 bandwidth '10%' +set qos policy shaper MY-HTB class 30 burst '15k' +set qos policy shaper MY-HTB class 30 ceiling '50%' +set qos policy shaper MY-HTB class 30 match ADDRESS30 ip source address '10.1.1.0/24' +set qos policy shaper MY-HTB class 30 priority '5' +set qos policy shaper MY-HTB class 30 queue-type 'fair-queue' +set qos policy shaper MY-HTB class 40 bandwidth '90%' +set qos policy shaper MY-HTB class 40 burst '15k' +set qos policy shaper MY-HTB class 40 ceiling '100%' +set qos policy shaper MY-HTB class 40 match ADDRESS40 ip source address '10.2.1.0/24' +set qos policy shaper MY-HTB class 40 priority '5' +set qos policy shaper MY-HTB class 40 queue-type 'fair-queue' +set qos policy shaper MY-HTB class 50 bandwidth '100%' +set qos policy shaper MY-HTB class 50 burst '15k' +set qos policy shaper MY-HTB class 50 match ADDRESS50 ipv6 source address '2001:db8::1/64' +set qos policy shaper MY-HTB class 50 queue-type 'fair-queue' +set qos policy shaper MY-HTB default bandwidth '10%' +set qos policy shaper MY-HTB default burst '15k' +set qos policy shaper MY-HTB default ceiling '100%' +set qos policy shaper MY-HTB default priority '7' +set qos policy shaper MY-HTB default queue-type 'fair-queue' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net +set system config-management commit-revisions '10' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/rip-router b/smoketest/config-tests/rip-router new file mode 100644 index 000000000..829aafbd5 --- /dev/null +++ b/smoketest/config-tests/rip-router @@ -0,0 +1,83 @@ +set interfaces dummy dum0 address '192.0.2.0/32' +set interfaces ethernet eth0 address '172.18.202.10/24' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth1 vif 20 +set interfaces ethernet eth1 vif-s 200 vif-c 2000 +set interfaces ethernet eth1 vif-s 200 vif-c 3000 +set policy access-list6 198 rule 10 action 'permit' +set policy access-list6 198 rule 10 source any +set policy access-list6 199 rule 20 action 'deny' +set policy access-list6 199 rule 20 source any +set policy prefix-list6 bar-prefix rule 200 action 'deny' +set policy prefix-list6 bar-prefix rule 200 prefix '2001:db8::/32' +set policy prefix-list6 foo-prefix rule 100 action 'permit' +set policy prefix-list6 foo-prefix rule 100 prefix '2001:db8::/32' +set policy route-map FooBar123 rule 10 action 'permit' +set protocols rip default-distance '20' +set protocols rip default-information originate +set protocols rip interface eth0 authentication md5 1 password 'VyOSsecure' +set protocols rip interface eth0 split-horizon poison-reverse +set protocols rip interface eth1.20 authentication plaintext-password 'VyOSsecure' +set protocols rip interface eth1.20 split-horizon poison-reverse +set protocols rip interface eth1.200 authentication md5 1 password 'VyOSsecure' +set protocols rip interface eth1.200 split-horizon disable +set protocols rip interface eth1.200.2000 authentication md5 1 password 'VyOSsecure' +set protocols rip interface eth1.200.3000 split-horizon disable +set protocols rip network '192.168.0.0/24' +set protocols rip redistribute connected +set protocols ripng aggregate-address '2001:db8:1000::/48' +set protocols ripng default-information originate +set protocols ripng default-metric '8' +set protocols ripng distribute-list access-list in '198' +set protocols ripng distribute-list access-list out '199' +set protocols ripng distribute-list interface eth0 access-list in '198' +set protocols ripng distribute-list interface eth0 access-list out '199' +set protocols ripng distribute-list interface eth0 prefix-list in 'foo-prefix' +set protocols ripng distribute-list interface eth0 prefix-list out 'bar-prefix' +set protocols ripng distribute-list interface eth1 access-list in '198' +set protocols ripng distribute-list interface eth1 access-list out '199' +set protocols ripng distribute-list interface eth1 prefix-list in 'foo-prefix' +set protocols ripng distribute-list interface eth1 prefix-list out 'bar-prefix' +set protocols ripng distribute-list interface eth2 access-list in '198' +set protocols ripng distribute-list interface eth2 access-list out '199' +set protocols ripng distribute-list interface eth2 prefix-list in 'foo-prefix' +set protocols ripng distribute-list interface eth2 prefix-list out 'bar-prefix' +set protocols ripng distribute-list prefix-list in 'foo-prefix' +set protocols ripng distribute-list prefix-list out 'bar-prefix' +set protocols ripng interface eth0 split-horizon poison-reverse +set protocols ripng interface eth1.20 split-horizon disable +set protocols ripng interface eth1.200 split-horizon poison-reverse +set protocols ripng interface eth1.200.3000 split-horizon poison-reverse +set protocols ripng network '2001:db8:1000::/64' +set protocols ripng network '2001:db8:1001::/64' +set protocols ripng network '2001:db8:2000::/64' +set protocols ripng network '2001:db8:2001::/64' +set protocols ripng passive-interface 'default' +set protocols ripng redistribute connected metric '8' +set protocols ripng redistribute connected route-map 'FooBar123' +set protocols ripng redistribute static metric '8' +set protocols ripng redistribute static route-map 'FooBar123' +set protocols ripng route '2001:db8:1000::/64' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set service ssh port '22' +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/rpki-only b/smoketest/config-tests/rpki-only index 569463b12..dcbc7673d 100644 --- a/smoketest/config-tests/rpki-only +++ b/smoketest/config-tests/rpki-only @@ -1,5 +1,7 @@ set interfaces ethernet eth0 address '192.0.2.1/24' set interfaces ethernet eth0 address '2001:db8::1/64' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' set interfaces loopback lo set pki openssh rpki-5.6.7.8 private key 'b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAweDyflDFR4qyEwETbJkZ2ZZc+sJNiDTvYpwGsWIkju49lJSxHe1xKf8FhwfyMu40Snt1yDlRmmmz4CsbLgbuZGMPvXG11e34+C0pSVUvpF6aqRTeLl1pDRK7Rnjgm3su+I8SRLQR4qbLG6VXWOFuVpwiqbExLaU0hFYTPNP+dArNpsWEEKsohk6pTXdhg3VzWp3vCMjl2JTshDa3lD7p2xISSAReEY0fnfEAmQzH4Z6DIwwGdFuMWoQIg+oFBM9ARrO2/FIjRsz6AecR/WeU72JEw4aJic1/cAJQA6PiQBHwkuo3Wll1tbpxeRZoB2NQG22ETyJLvhfTaooNLT9HpQAAA8joU5dM6FOXTAAAAAdzc2gtcnNhAAABAQDB4PJ+UMVHirITARNsmRnZllz6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVhM80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfhnoMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6jdaWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0elAAAAAwEAAQAAAQACkDlUjzfUhtJs6uY5WNrdJB5NmHUS+HQzzxFNlhkapK6+wKqI1UNaRUtq6iF7J+gcFf7MK2nXS098BsXguWm8fQzPuemoDvHsQhiaJhyvpSqRUrvPTB/f8t/0AhQiKiJIWgfpTaIw53inAGwjujNNxNm2eafHTThhCYxOkRT7rsT6bnSio6yeqPy5QHg7IKFztp5FXDUyiOS3aX3SvzQcDUkMXALdvzX50t1XIk+X48Rgkq72dL4VpV2oMNDu3hM6FqBUplf9Mv3s51FNSma/cibCQoVufrIfoqYjkNTjIpYFUcq4zZ0/KvgXgzSsy9VN/4TtbalrOuu7X/SHJbvhAAAAgGPFsXgONYQvXxCnK1dIueozgaZg1I/n522E2ZCOXBW4dYJVyNpppwRreDzuFzTDEe061MpNHfScjVBJCCulivFYWscL6oaGsryDbFxO3QmB4I98UBqrds2yan9/JGc6EYe299yvaHy7Y64+NC0+fN8H2RAZ61T4w10JrCaJRyvzAAAAgQDvBfuV1U7o9k/fbU+U7W2UYnWblpOZAMfi1XQP6IJJeyWs90PdTdXh+l0eIQrCawIiRJytNfxMmbD4huwTf77fWiyCcPznmALQ7ex/yJ+W5Z0V4dPGF3h7o1uiS236JhQ7mfcliCkhp/1PIklBIMPcCp0zl+s9wMv2hX7w1Pah9QAAAIEAz6YgU9Xute+J+dBwoWxEQ+igR6KE55Um7O9AvSrqnCm9r7lSFsXC2ErYOxoDSJ3yIBEV0b4XAGn6tbbVIs3jS8BnLHxclAHQecOx1PGn7PKbnPW0oJRq/X9QCIEelKYvlykpayn7uZooTXqcDaPZxfPpmPdye8chVJvdygi7kPEAAAAMY3BvQExSMS53dWUzAQIDBAUGBw==' set pki openssh rpki-5.6.7.8 public key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDB4PJ+UMVHirITARNsmRnZllz6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVhM80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfhnoMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6jdaWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0el' @@ -14,6 +16,7 @@ set policy route-map ROUTES-IN rule 30 action 'deny' set policy route-map ROUTES-IN rule 30 match rpki 'invalid' set protocols bgp neighbor 192.0.2.200 address-family ipv4-unicast route-map import 'ROUTES-IN' set protocols bgp neighbor 192.0.2.200 remote-as '200' +set protocols bgp neighbor 2001:db8::200 address-family ipv4-unicast set protocols bgp neighbor 2001:db8::200 address-family ipv6-unicast route-map import 'ROUTES-IN' set protocols bgp neighbor 2001:db8::200 remote-as '200' set protocols bgp system-as '100' @@ -23,8 +26,17 @@ set protocols rpki cache 5.6.7.8 port '2222' set protocols rpki cache 5.6.7.8 preference '20' set protocols rpki cache 5.6.7.8 ssh key 'rpki-5.6.7.8' set protocols rpki cache 5.6.7.8 ssh username 'vyos' +set system config-management commit-revisions '200' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' set system login user vyos authentication plaintext-password '' set system syslog global facility all level 'debug' -set system console device ttyS0 speed '115200' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/tunnel-broker b/smoketest/config-tests/tunnel-broker new file mode 100644 index 000000000..ee6301c85 --- /dev/null +++ b/smoketest/config-tests/tunnel-broker @@ -0,0 +1,75 @@ +set interfaces dummy dum0 address '192.0.2.0/32' +set interfaces dummy dum1 address '192.0.2.1/32' +set interfaces dummy dum2 address '192.0.2.2/32' +set interfaces dummy dum3 address '192.0.2.3/32' +set interfaces dummy dum4 address '192.0.2.4/32' +set interfaces ethernet eth0 address '172.18.202.10/24' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces l2tpv3 l2tpeth10 destination-port '5010' +set interfaces l2tpv3 l2tpeth10 encapsulation 'ip' +set interfaces l2tpv3 l2tpeth10 peer-session-id '110' +set interfaces l2tpv3 l2tpeth10 peer-tunnel-id '10' +set interfaces l2tpv3 l2tpeth10 remote '172.18.202.110' +set interfaces l2tpv3 l2tpeth10 session-id '110' +set interfaces l2tpv3 l2tpeth10 source-address '172.18.202.10' +set interfaces l2tpv3 l2tpeth10 source-port '5010' +set interfaces l2tpv3 l2tpeth10 tunnel-id '10' +set interfaces l2tpv3 l2tpeth20 destination-port '5020' +set interfaces l2tpv3 l2tpeth20 encapsulation 'ip' +set interfaces l2tpv3 l2tpeth20 peer-session-id '120' +set interfaces l2tpv3 l2tpeth20 peer-tunnel-id '20' +set interfaces l2tpv3 l2tpeth20 remote '172.18.202.120' +set interfaces l2tpv3 l2tpeth20 session-id '120' +set interfaces l2tpv3 l2tpeth20 source-address '172.18.202.10' +set interfaces l2tpv3 l2tpeth20 source-port '5020' +set interfaces l2tpv3 l2tpeth20 tunnel-id '20' +set interfaces l2tpv3 l2tpeth30 destination-port '5030' +set interfaces l2tpv3 l2tpeth30 encapsulation 'ip' +set interfaces l2tpv3 l2tpeth30 peer-session-id '130' +set interfaces l2tpv3 l2tpeth30 peer-tunnel-id '30' +set interfaces l2tpv3 l2tpeth30 remote '172.18.202.130' +set interfaces l2tpv3 l2tpeth30 session-id '130' +set interfaces l2tpv3 l2tpeth30 source-address '172.18.202.10' +set interfaces l2tpv3 l2tpeth30 source-port '5030' +set interfaces l2tpv3 l2tpeth30 tunnel-id '30' +set interfaces tunnel tun100 address '172.16.0.1/30' +set interfaces tunnel tun100 encapsulation 'gretap' +set interfaces tunnel tun100 remote '192.0.2.100' +set interfaces tunnel tun100 source-address '192.0.2.1' +set interfaces tunnel tun200 address '172.16.0.5/30' +set interfaces tunnel tun200 encapsulation 'gre' +set interfaces tunnel tun200 remote '192.0.2.101' +set interfaces tunnel tun200 source-interface 'eth0' +set interfaces tunnel tun300 address '172.16.0.9/30' +set interfaces tunnel tun300 encapsulation 'ipip' +set interfaces tunnel tun300 remote '192.0.2.102' +set interfaces tunnel tun300 source-address '192.0.2.2' +set interfaces tunnel tun400 address '172.16.0.13/30' +set interfaces tunnel tun400 encapsulation 'gretap' +set interfaces tunnel tun400 remote '192.0.2.103' +set interfaces tunnel tun400 source-address '192.0.2.3' +set interfaces tunnel tun500 address '172.16.0.17/30' +set interfaces tunnel tun500 encapsulation 'gre' +set interfaces tunnel tun500 remote '192.0.2.104' +set interfaces tunnel tun500 source-address '192.0.2.4' +set protocols static route 0.0.0.0/0 next-hop 172.18.202.254 +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' diff --git a/smoketest/config-tests/vpn-openconnect-sstp b/smoketest/config-tests/vpn-openconnect-sstp new file mode 100644 index 000000000..28d7d5daa --- /dev/null +++ b/smoketest/config-tests/vpn-openconnect-sstp @@ -0,0 +1,35 @@ +set interfaces ethernet eth0 address '192.168.150.1/24' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp server time3.vyos.net +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set vpn openconnect authentication local-users username test password 'test' +set vpn openconnect authentication mode local 'password' +set vpn openconnect network-settings client-ip-settings subnet '192.168.160.0/24' +set vpn openconnect ssl ca-certificate 'openconnect' +set vpn openconnect ssl certificate 'openconnect' +set vpn openconnect tls-version-min '1.0' +set vpn sstp authentication local-users username test password 'test' +set vpn sstp authentication mode 'local' +set vpn sstp authentication protocols 'mschap-v2' +set vpn sstp client-ip-pool default-range-pool range '192.168.170.0/24' +set vpn sstp default-pool 'default-range-pool' +set vpn sstp gateway-address '192.168.150.1' +set vpn sstp port '8443' +set vpn sstp ssl ca-certificate 'sstp' +set vpn sstp ssl certificate 'sstp' diff --git a/smoketest/config-tests/vrf-basic b/smoketest/config-tests/vrf-basic new file mode 100644 index 000000000..1d2874a60 --- /dev/null +++ b/smoketest/config-tests/vrf-basic @@ -0,0 +1,65 @@ +set interfaces ethernet eth0 address '192.0.2.1/24' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth1 vrf 'green' +set interfaces ethernet eth2 vrf 'red' +set protocols static route 0.0.0.0/0 next-hop 192.0.2.254 distance '10' +set protocols static table 10 route 1.0.0.0/8 interface eth0 distance '20' +set protocols static table 10 route 2.0.0.0/8 interface eth0 distance '20' +set protocols static table 10 route 3.0.0.0/8 interface eth0 distance '20' +set protocols static table 20 route 4.0.0.0/8 interface eth0 distance '20' +set protocols static table 20 route 5.0.0.0/8 interface eth0 distance '50' +set protocols static table 20 route 6.0.0.0/8 interface eth0 distance '60' +set protocols static table 20 route 11.0.0.0/8 next-hop 1.1.1.1 interface 'eth0' +set protocols static table 20 route 12.0.0.0/8 next-hop 1.1.1.1 interface 'eth0' +set protocols static table 20 route 13.0.0.0/8 next-hop 1.1.1.1 interface 'eth0' +set protocols static table 20 route6 2001:db8:100::/40 interface eth1 distance '20' +set protocols static table 20 route6 2001:db8::/40 interface eth1 distance '10' +set protocols static table 30 route 14.0.0.0/8 next-hop 2.2.1.1 interface 'eth1' +set protocols static table 30 route 15.0.0.0/8 next-hop 2.2.1.1 interface 'eth1' +set protocols static table 30 route6 2001:db8:200::/40 interface eth1 distance '20' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Europe/Berlin' +set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 interface 'eth1' +set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 vrf 'default' +set vrf name green protocols static route 21.0.0.0/8 next-hop 2.2.1.1 interface 'eth1' +set vrf name green protocols static route 21.0.0.0/8 next-hop 2.2.1.1 vrf 'default' +set vrf name green protocols static route 100.0.0.0/8 interface eth0 distance '200' +set vrf name green protocols static route 100.0.0.0/8 interface eth0 vrf 'default' +set vrf name green protocols static route 101.0.0.0/8 interface eth0 vrf 'default' +set vrf name green protocols static route 101.0.0.0/8 interface eth1 +set vrf name green protocols static route6 2001:db8:100::/40 next-hop fe80::1 interface 'eth0' +set vrf name green protocols static route6 2001:db8:100::/40 next-hop fe80::1 vrf 'default' +set vrf name green protocols static route6 2001:db8:300::/40 interface eth1 distance '20' +set vrf name green protocols static route6 2001:db8:300::/40 interface eth1 vrf 'default' +set vrf name green table '1000' +set vrf name red protocols static route 30.0.0.0/8 next-hop 1.1.1.1 interface 'eth1' +set vrf name red protocols static route 40.0.0.0/8 next-hop 2.2.1.1 interface 'eth1' +set vrf name red protocols static route 40.0.0.0/8 next-hop 2.2.1.1 vrf 'default' +set vrf name red protocols static route 103.0.0.0/8 interface eth0 distance '201' +set vrf name red protocols static route 103.0.0.0/8 interface eth0 vrf 'default' +set vrf name red protocols static route 104.0.0.0/8 interface eth0 vrf 'default' +set vrf name red protocols static route 104.0.0.0/8 interface eth1 vrf 'default' +set vrf name red protocols static route6 2001:db8:100::/40 next-hop fe80::1 interface 'eth0' +set vrf name red protocols static route6 2001:db8:100::/40 next-hop fe80::1 vrf 'default' +set vrf name red protocols static route6 2001:db8:400::/40 interface eth1 distance '24' +set vrf name red protocols static route6 2001:db8:400::/40 interface eth1 vrf 'default' +set vrf name red table '2000' diff --git a/smoketest/config-tests/vrf-bgp-pppoe-underlay b/smoketest/config-tests/vrf-bgp-pppoe-underlay new file mode 100644 index 000000000..bd64c914a --- /dev/null +++ b/smoketest/config-tests/vrf-bgp-pppoe-underlay @@ -0,0 +1,186 @@ +set interfaces bridge br50 address '192.168.0.1/24' +set interfaces bridge br50 member interface eth0.50 +set interfaces bridge br50 member interface eth2 +set interfaces bridge br50 member interface eth3 +set interfaces dummy dum0 address '100.64.51.252/32' +set interfaces dummy dum0 address '2001:db8:200:ffff::1/128' +set interfaces dummy dum0 vrf 'vyos-test-01' +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth0 offload rps +set interfaces ethernet eth0 ring-buffer rx '256' +set interfaces ethernet eth0 ring-buffer tx '256' +set interfaces ethernet eth0 vif 5 address '2001:db8:200:f0::114/64' +set interfaces ethernet eth0 vif 5 address '100.64.50.121/28' +set interfaces ethernet eth0 vif 5 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 10 address '2001:db8:200:10::ffff/64' +set interfaces ethernet eth0 vif 10 address '2001:db8:200::ffff/64' +set interfaces ethernet eth0 vif 10 address '100.64.50.62/26' +set interfaces ethernet eth0 vif 10 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 15 address '100.64.50.78/28' +set interfaces ethernet eth0 vif 15 address '2001:db8:200:15::ffff/64' +set interfaces ethernet eth0 vif 15 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 50 description 'Member of bridge br50' +set interfaces ethernet eth0 vif 110 address '100.64.51.190/27' +set interfaces ethernet eth0 vif 110 address '100.64.51.158/28' +set interfaces ethernet eth0 vif 110 address '2001:db8:200:101::ffff/64' +set interfaces ethernet eth0 vif 110 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 410 address '100.64.51.206/28' +set interfaces ethernet eth0 vif 410 address '2001:db8:200:104::ffff/64' +set interfaces ethernet eth0 vif 410 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 500 address '100.64.51.238/28' +set interfaces ethernet eth0 vif 500 address '2001:db8:200:50::ffff/64' +set interfaces ethernet eth0 vif 500 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 520 address '100.64.50.190/28' +set interfaces ethernet eth0 vif 520 address '2001:db8:200:520::ffff/64' +set interfaces ethernet eth0 vif 520 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 666 address '2001:db8:200:ff::101:1/112' +set interfaces ethernet eth0 vif 666 address '100.64.51.223/31' +set interfaces ethernet eth0 vif 666 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 800 address '2001:db8:200:ff::104:1/112' +set interfaces ethernet eth0 vif 800 address '100.64.51.212/31' +set interfaces ethernet eth0 vif 800 vrf 'vyos-test-01' +set interfaces ethernet eth0 vif 810 address '100.64.51.30/27' +set interfaces ethernet eth0 vif 810 address '2001:db8:200:102::ffff/64' +set interfaces ethernet eth0 vif 810 vrf 'vyos-test-01' +set interfaces ethernet eth1 offload gro +set interfaces ethernet eth1 offload rps +set interfaces ethernet eth1 ring-buffer rx '256' +set interfaces ethernet eth1 ring-buffer tx '256' +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth3 offload gro +set interfaces loopback lo +set interfaces pppoe pppoe7 authentication password 'vyos' +set interfaces pppoe pppoe7 authentication username 'vyos' +set interfaces pppoe pppoe7 dhcpv6-options pd 0 interface br50 address '1' +set interfaces pppoe pppoe7 dhcpv6-options pd 0 length '56' +set interfaces pppoe pppoe7 ip adjust-mss '1452' +set interfaces pppoe pppoe7 ipv6 address autoconf +set interfaces pppoe pppoe7 ipv6 adjust-mss '1432' +set interfaces pppoe pppoe7 mtu '1492' +set interfaces pppoe pppoe7 no-peer-dns +set interfaces pppoe pppoe7 source-interface 'eth1' +set interfaces virtual-ethernet veth0 address '100.64.51.220/31' +set interfaces virtual-ethernet veth0 address '2001:db8:200:ff::105:1/112' +set interfaces virtual-ethernet veth0 description 'Core: connect vyos-test-01 and default VRF' +set interfaces virtual-ethernet veth0 peer-name 'veth1' +set interfaces virtual-ethernet veth1 address '100.64.51.221/31' +set interfaces virtual-ethernet veth1 address '2001:db8:200:ff::105:2/112' +set interfaces virtual-ethernet veth1 description 'Core: connect vyos-test-01 and default VRF' +set interfaces virtual-ethernet veth1 peer-name 'veth0' +set interfaces virtual-ethernet veth1 vrf 'vyos-test-01' +set interfaces wireguard wg500 address '100.64.51.209/31' +set interfaces wireguard wg500 mtu '1500' +set interfaces wireguard wg500 peer A address '192.0.2.1' +set interfaces wireguard wg500 peer A allowed-ips '0.0.0.0/0' +set interfaces wireguard wg500 peer A port '5500' +set interfaces wireguard wg500 peer A public-key 'KGSXF4QckzGe7f7CT+r6VZ5brOD/pVYk8yvrxOQ+X0Y=' +set interfaces wireguard wg500 port '5500' +set interfaces wireguard wg500 private-key 'iLJh6Me6AdPJtNv3dgGhUbtyFxExxmNU4v0Fs6YE2Xc=' +set interfaces wireguard wg500 vrf 'vyos-test-01' +set interfaces wireguard wg501 address '2001:db8:200:ff::102:2/112' +set interfaces wireguard wg501 mtu '1500' +set interfaces wireguard wg501 peer A address '2001:db8:300::1' +set interfaces wireguard wg501 peer A allowed-ips '::/0' +set interfaces wireguard wg501 peer A port '5501' +set interfaces wireguard wg501 peer A public-key 'OF+1OJ+VfQ0Yw1mgVtQ2ion4CnAdy8Bvx7yEiO4+Pn8=' +set interfaces wireguard wg501 port '5501' +set interfaces wireguard wg501 private-key '0MP5X0PW58O4q2LDpuIXgZ0ySyAoWH8/kdpvQccCbUU=' +set interfaces wireguard wg501 vrf 'vyos-test-01' +set interfaces wireguard wg666 address '172.29.0.0/31' +set interfaces wireguard wg666 mtu '1500' +set interfaces wireguard wg666 peer B allowed-ips '0.0.0.0/0' +set interfaces wireguard wg666 peer B public-key '2HT+RfwcqJMYNYzdmtmpem8Ht0dL37o31APHVwmh024=' +set interfaces wireguard wg666 port '50666' +set interfaces wireguard wg666 private-key 'zvPnp2MLAoX7SotuHLFLDyy4sdlD7ttbD1xNEqA3mkU=' +set nat source rule 100 outbound-interface name 'pppoe7' +set nat source rule 100 source address '192.168.0.0/24' +set nat source rule 100 translation address 'masquerade' +set policy prefix-list AS100-origin-v4 rule 10 action 'permit' +set policy prefix-list AS100-origin-v4 rule 10 prefix '100.64.0.0/12' +set policy prefix-list AS100-origin-v4 rule 100 action 'permit' +set policy prefix-list AS100-origin-v4 rule 100 prefix '0.0.0.0/0' +set policy prefix-list AS200-origin-v4 rule 10 action 'permit' +set policy prefix-list AS200-origin-v4 rule 10 prefix '10.0.0.0/8' +set policy prefix-list AS200-origin-v4 rule 20 action 'permit' +set policy prefix-list AS200-origin-v4 rule 20 prefix '172.16.0.0/12' +set policy prefix-list6 AS100-origin-v6 rule 10 action 'permit' +set policy prefix-list6 AS100-origin-v6 rule 10 prefix '2001:db8:200::/40' +set policy prefix-list6 AS200-origin-v6 rule 10 action 'permit' +set policy prefix-list6 AS200-origin-v6 rule 10 prefix '2001:db8:100::/40' +set protocols static route 100.64.50.0/23 next-hop 100.64.51.221 +set protocols static route 192.0.2.255/32 interface pppoe7 +set protocols static route6 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff/128 interface pppoe7 +set qos interface pppoe7 egress 'isp-out' +set qos policy shaper isp-out bandwidth '38mbit' +set qos policy shaper isp-out default bandwidth '100%' +set qos policy shaper isp-out default burst '15k' +set qos policy shaper isp-out default queue-limit '1000' +set qos policy shaper isp-out default queue-type 'fq-codel' +set service router-advert interface br50 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface br50 prefix ::/64 valid-lifetime '5400' +set service router-advert interface eth0.500 default-preference 'high' +set service router-advert interface eth0.500 name-server '2001:db8:200::1' +set service router-advert interface eth0.500 name-server '2001:db8:200::2' +set service router-advert interface eth0.500 prefix 2001:db8:200:50::/64 valid-lifetime 'infinity' +set service router-advert interface eth0.520 default-preference 'high' +set service router-advert interface eth0.520 name-server '2001:db8:200::1' +set service router-advert interface eth0.520 name-server '2001:db8:200::2' +set service router-advert interface eth0.520 prefix 2001:db8:200:520::/64 valid-lifetime 'infinity' +set service ssh disable-host-validation +set service ssh dynamic-protection allow-from '100.64.0.0/10' +set service ssh dynamic-protection allow-from '2001:db8:200::/40' +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system name-server '192.168.0.1' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Europe/Berlin' +set vrf bind-to-all +set vrf name vyos-test-01 protocols bgp address-family ipv4-unicast network 100.64.50.0/23 +set vrf name vyos-test-01 protocols bgp address-family ipv6-unicast network 2001:db8:200:ffff::1/128 +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.208 peer-group 'AS100v4' +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast default-originate +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast maximum-prefix '10' +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast prefix-list export 'AS100-origin-v4' +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast prefix-list import 'AS200-origin-v4' +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast soft-reconfiguration inbound +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 capability dynamic +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 remote-as '200' +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.251 peer-group 'AS100v4' +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.251 shutdown +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.254 peer-group 'AS100v4' +set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.254 shutdown +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast maximum-prefix '10' +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast prefix-list export 'AS100-origin-v6' +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast prefix-list import 'AS200-origin-v6' +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast soft-reconfiguration inbound +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 capability dynamic +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 remote-as '200' +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ffff::2 peer-group 'AS100v6' +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ffff::2 shutdown +set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ffff::a peer-group 'AS100v6' +set vrf name vyos-test-01 protocols bgp peer-group AS100v4 address-family ipv4-unicast nexthop-self +set vrf name vyos-test-01 protocols bgp peer-group AS100v4 capability dynamic +set vrf name vyos-test-01 protocols bgp peer-group AS100v4 remote-as 'internal' +set vrf name vyos-test-01 protocols bgp peer-group AS100v4 update-source 'dum0' +set vrf name vyos-test-01 protocols bgp peer-group AS100v6 address-family ipv6-unicast nexthop-self +set vrf name vyos-test-01 protocols bgp peer-group AS100v6 capability dynamic +set vrf name vyos-test-01 protocols bgp peer-group AS100v6 remote-as 'internal' +set vrf name vyos-test-01 protocols bgp peer-group AS100v6 update-source 'dum0' +set vrf name vyos-test-01 protocols bgp system-as '100' +set vrf name vyos-test-01 protocols static route 100.64.50.0/23 blackhole +set vrf name vyos-test-01 protocols static route 100.64.51.32/27 next-hop 100.64.51.5 +set vrf name vyos-test-01 protocols static route 192.168.0.0/24 next-hop 100.64.51.220 +set vrf name vyos-test-01 protocols static route6 2001:db8:2fe:ffff::/64 next-hop 2001:db8:200:102::5 +set vrf name vyos-test-01 table '1000' diff --git a/smoketest/config-tests/vrf-ospf b/smoketest/config-tests/vrf-ospf new file mode 100644 index 000000000..fd14615e0 --- /dev/null +++ b/smoketest/config-tests/vrf-ospf @@ -0,0 +1,59 @@ +set interfaces ethernet eth0 address '192.0.2.1/24' +set interfaces ethernet eth0 offload gro +set interfaces ethernet eth1 offload gro +set interfaces ethernet eth1 vrf 'red' +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth2 vrf 'blue' +set protocols ospf area 0 network '192.0.2.0/24' +set protocols ospf interface eth0 authentication md5 key-id 10 md5-key 'ospfkey' +set protocols ospf interface eth0 passive disable +set protocols ospf log-adjacency-changes +set protocols ospf parameters abr-type 'cisco' +set protocols ospf parameters router-id '1.2.3.4' +set protocols ospf passive-interface 'default' +set service ntp allow-client address '0.0.0.0/0' +set service ntp allow-client address '::/0' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set system config-management commit-revisions '100' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sip +set system conntrack modules sqlnet +set system conntrack modules tftp +set system console device ttyS0 speed '115200' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog global facility all level 'info' +set system syslog global facility local7 level 'debug' +set system time-zone 'Europe/Berlin' +set vrf name blue protocols ospf area 0 network '172.18.201.0/24' +set vrf name blue protocols ospf interface eth2 authentication md5 key-id 30 md5-key 'vyoskey456' +set vrf name blue protocols ospf interface eth2 dead-interval '40' +set vrf name blue protocols ospf interface eth2 hello-interval '10' +set vrf name blue protocols ospf interface eth2 passive disable +set vrf name blue protocols ospf interface eth2 priority '1' +set vrf name blue protocols ospf interface eth2 retransmit-interval '5' +set vrf name blue protocols ospf interface eth2 transmit-delay '1' +set vrf name blue protocols ospf log-adjacency-changes +set vrf name blue protocols ospf parameters abr-type 'cisco' +set vrf name blue protocols ospf parameters router-id '5.6.7.8' +set vrf name blue protocols ospf passive-interface 'default' +set vrf name blue table '2000' +set vrf name red protocols ospf area 0 network '172.18.202.0/24' +set vrf name red protocols ospf interface eth1 authentication md5 key-id 20 md5-key 'vyoskey123' +set vrf name red protocols ospf interface eth1 dead-interval '40' +set vrf name red protocols ospf interface eth1 hello-interval '10' +set vrf name red protocols ospf interface eth1 passive disable +set vrf name red protocols ospf interface eth1 priority '1' +set vrf name red protocols ospf interface eth1 retransmit-interval '5' +set vrf name red protocols ospf interface eth1 transmit-delay '1' +set vrf name red protocols ospf log-adjacency-changes +set vrf name red protocols ospf parameters abr-type 'cisco' +set vrf name red protocols ospf parameters router-id '9.10.11.12' +set vrf name red protocols ospf passive-interface 'default' +set vrf name red table '1000' diff --git a/smoketest/config-tests/wireless-basic b/smoketest/config-tests/wireless-basic index 77db29c2f..d9e6c8fac 100644 --- a/smoketest/config-tests/wireless-basic +++ b/smoketest/config-tests/wireless-basic @@ -20,6 +20,6 @@ set system console device ttyS0 speed '115200' set system domain-name 'dev.vyos.net' set system host-name 'WR1' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' -set system wireless country-code 'es' set system syslog global facility all level 'info' set system syslog global facility local7 level 'debug' +set system wireless country-code 'es' diff --git a/smoketest/configs/basic-api-service b/smoketest/configs/basic-api-service index f997ccd73..d5364d3e6 100644 --- a/smoketest/configs/basic-api-service +++ b/smoketest/configs/basic-api-service @@ -3,8 +3,6 @@ interfaces { address 192.0.2.1/31 address 2001:db8::1234/64 } - ethernet eth1 { - } loopback lo { } } diff --git a/smoketest/configs/bgp-dmvpn-hub b/smoketest/configs/bgp-dmvpn-hub index fc5aadd8f..fc0be5e07 100644 --- a/smoketest/configs/bgp-dmvpn-hub +++ b/smoketest/configs/bgp-dmvpn-hub @@ -1,8 +1,12 @@ interfaces { ethernet eth0 { address 100.64.10.1/31 + speed auto + duplex auto } ethernet eth1 { + speed auto + duplex auto } loopback lo { } @@ -171,4 +175,3 @@ vpn { // Warning: Do not remove the following line. // vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" // Release version: 1.3.0-epa3 - diff --git a/smoketest/configs/bgp-evpn-l3vpn-pe-router b/smoketest/configs/bgp-evpn-l3vpn-pe-router index b1ca7fae3..c676463b8 100644 --- a/smoketest/configs/bgp-evpn-l3vpn-pe-router +++ b/smoketest/configs/bgp-evpn-l3vpn-pe-router @@ -38,7 +38,7 @@ interfaces { ethernet eth0 { address 192.0.2.59/27 address 2001:db8:ffff::59/64 - description "out-of-band management" + description "Out-of-Band Managament Port" vrf mgmt } ethernet eth1 { diff --git a/smoketest/configs/bgp-rpki b/smoketest/configs/bgp-rpki index dffab4c69..5588f15c9 100644 --- a/smoketest/configs/bgp-rpki +++ b/smoketest/configs/bgp-rpki @@ -4,6 +4,7 @@ interfaces { address 2001:db8::ffff/64 } ethernet eth1 { + address 100.64.0.1/24 } loopback lo { } diff --git a/smoketest/configs/isis-small b/smoketest/configs/isis-small index 5a4201988..79a2f042f 100644 --- a/smoketest/configs/isis-small +++ b/smoketest/configs/isis-small @@ -4,19 +4,35 @@ interfaces { } ethernet eth0 { duplex auto + offload { + sg + tso + } speed auto } ethernet eth1 { address 192.0.2.1/24 duplex auto + offload { + sg + tso + } speed auto } ethernet eth2 { duplex auto + offload { + sg + tso + } speed auto } ethernet eth3 { duplex auto + offload { + sg + tso + } speed auto } } @@ -41,9 +57,9 @@ policy { } } protocols { - isis FOO { + isis { interface eth1 { - bfd + bfd } net 49.0001.1921.6800.1002.00 redistribute { @@ -61,6 +77,17 @@ system { config-management { commit-revisions 200 } + conntrack { + modules { + ftp + h323 + nfs + pptp + sip + sqlnet + tftp + } + } console { device ttyS0 { speed 115200 @@ -77,11 +104,11 @@ system { } } ntp { - server 0.pool.ntp.org { + server time1.vyos.net { } - server 1.pool.ntp.org { + server time2.vyos.net { } - server 2.pool.ntp.org { + server time3.vyos.net { } } syslog { @@ -99,5 +126,5 @@ system { // Warning: Do not remove the following line. -// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@7:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" -// Release version: 1.3.0-rc1 +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.3.0 diff --git a/smoketest/configs/pppoe-server b/smoketest/configs/pppoe-server index ff5815e29..a01a45115 100644 --- a/smoketest/configs/pppoe-server +++ b/smoketest/configs/pppoe-server @@ -4,8 +4,12 @@ interfaces { } ethernet eth1 { address 192.168.0.1/24 + speed auto + duplex auto } ethernet eth2 { + speed auto + duplex auto } loopback lo { } diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py index a2e426dc7..dcce229e2 100755 --- a/smoketest/scripts/cli/test_vpn_openconnect.py +++ b/smoketest/scripts/cli/test_vpn_openconnect.py @@ -106,32 +106,32 @@ n+vZdJAWTq76zAPT3n9FClo= """ ca_key_data = """ - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg7Mjl6+rs8Bd - kjqgl2QDuHfrH2mTDCeB7WuNTnIz0BPDtlmwIdqhU7LdCB/zUSABAa6LBe/Z/bK - WCRKyq8fU2/4uWECe975IMXOfFdYT6KA78DROvOi32JZmln0LAXV+538eb+g19x - NtoBhPO8igiNevfkV+nJehRK/41ATj+assTOv87vaSX7WqyaP/ZqkIdQD9Kc3cq - B4JsYjkWcniHL9yk4oY3cjKK8PJ1pi4FqgFHt2hA+Ic+NvbAhc47K9otP8FM4jk - Sii3MZfHA6Czb43BtbR+YEiWPzBhzE2bCuIgeRUumMF1Z+CAT6U7Cpx3XPh+Ac2 - RnDa8wKeQ1eqE1AgMBAAECggEAEDDaoqVqmMWsONoQiWRMr2h1RZvPxP7OpuKVW - iF3XgrMOb9HZc+Ybpj1dC+NDMekvNaHhMuF2Lqz6UgjDjzzVMH/x4yfDwFWUqeb - SxbglvGmVk4zg48JNkmArLT6GJQccD1XXjZZmqSOhagM4KalCpIdxfvgoZbTCa2 - xMSCLHS+1HCDcmpCoeXM6ZBPTn0NbjRDAqIzCwcq2veG7RSz040obk8h7nrdv7j - hxRGmtPmPFzKgGLNn6GnL7AwYVMiidjj/ntvM4B1OMs9MwUYbtpg98TWcWyu+ZR - akUrnVf9z2aIHCKyuJvke/PNqMgw+L8KV4/478XxWhXfl7K1F3nMQKBgQDRBUDY - NFH0wC4MMWsA+RGwyz7RlzACChDJCMtA/agbW06gUoE9UYf8KtLQQQYljlLJHxH - GD72QnuM+sowGGXnbD4BabA9TQiQUG5c6boznTy1uU1gt8T0Zl0mmC7vIMoMBVd - 5bb0qrZvuR123kDGYn6crug9uvMIYSSlhGmBGTJQKBgQDFGC3vfkCyXzLoYy+RI - s/rXgyBF1PUYQtyDgL0N811L0H7a8JhFnt4FvodUbxv2ob+1kIc9e3yXT6FsGyO - 7IDOnqgeQKy74bYqVPZZuf1FOFb9fuxf00pn1FmhAF4OuSWkhVhrKkyrZwdD8Ar - jLK253J94dogjdKAYfN1csaOA0QKBgD0zUZI8d4a3QoRVb+RACTr/t6v8nZTrR5 - DlX0XvP2qLKJFutuKyXaOrEkDh2R/j9T9oNncMos+WhikUdEVQ7koC1u0i2LXjF - tdAYN4+Akmz+DRmeNoy2VYF4w2YP+pVR+B7OPkCtBVNuPkx3743Fy42mTGPMCKy - jX8Lf59j5Tl1AoGBAI3sk2dZqozHMIlWovIH92CtIKP0gFD2cJ94p3fklvZDSWg - aeKYg4lffc8uZB/AjlAH9ly3ziZx0uIjcOc/RTg96/+SI/dls9xgUhjCmVVJ692 - ki9GMsau/JYaEl+pTvjcOiocDJfNwQHJM3Tx+3FII59DtyXyXo3T/E6kHNSMeBA - oGAR9M48DTspv9OH1S7X6yR6MtMY5ltsBmB3gPhQFxiDKBvARkIkAPqObQ9TG/V - uOz2Purq0Oz7SHsY2jiFDd2KEGo6JfG61NDdIhiQC99ztSgt7NtvSCnX22SfVDW - oFxSK+tek7tvDVXAXCNy4ZESMEUGJ6NDHImb80aF+xZ3wYKw= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg7Mjl6+rs8Bdk +jqgl2QDuHfrH2mTDCeB7WuNTnIz0BPDtlmwIdqhU7LdCB/zUSABAa6LBe/Z/bKWC +RKyq8fU2/4uWECe975IMXOfFdYT6KA78DROvOi32JZmln0LAXV+538eb+g19xNto +BhPO8igiNevfkV+nJehRK/41ATj+assTOv87vaSX7WqyaP/ZqkIdQD9Kc3cqB4Js +YjkWcniHL9yk4oY3cjKK8PJ1pi4FqgFHt2hA+Ic+NvbAhc47K9otP8FM4jkSii3M +ZfHA6Czb43BtbR+YEiWPzBhzE2bCuIgeRUumMF1Z+CAT6U7Cpx3XPh+Ac2RnDa8w +KeQ1eqE1AgMBAAECggEAEDDaoqVqmMWsONoQiWRMr2h1RZvPxP7OpuKVWiF3XgrM +Ob9HZc+Ybpj1dC+NDMekvNaHhMuF2Lqz6UgjDjzzVMH/x4yfDwFWUqebSxbglvGm +Vk4zg48JNkmArLT6GJQccD1XXjZZmqSOhagM4KalCpIdxfvgoZbTCa2xMSCLHS+1 +HCDcmpCoeXM6ZBPTn0NbjRDAqIzCwcq2veG7RSz040obk8h7nrdv7jhxRGmtPmPF +zKgGLNn6GnL7AwYVMiidjj/ntvM4B1OMs9MwUYbtpg98TWcWyu+ZRakUrnVf9z2a +IHCKyuJvke/PNqMgw+L8KV4/478XxWhXfl7K1F3nMQKBgQDRBUDYNFH0wC4MMWsA ++RGwyz7RlzACChDJCMtA/agbW06gUoE9UYf8KtLQQQYljlLJHxHGD72QnuM+sowG +GXnbD4BabA9TQiQUG5c6boznTy1uU1gt8T0Zl0mmC7vIMoMBVd5bb0qrZvuR123k +DGYn6crug9uvMIYSSlhGmBGTJQKBgQDFGC3vfkCyXzLoYy+RIs/rXgyBF1PUYQty +DgL0N811L0H7a8JhFnt4FvodUbxv2ob+1kIc9e3yXT6FsGyO7IDOnqgeQKy74bYq +VPZZuf1FOFb9fuxf00pn1FmhAF4OuSWkhVhrKkyrZwdD8ArjLK253J94dogjdKAY +fN1csaOA0QKBgD0zUZI8d4a3QoRVb+RACTr/t6v8nZTrR5DlX0XvP2qLKJFutuKy +XaOrEkDh2R/j9T9oNncMos+WhikUdEVQ7koC1u0i2LXjFtdAYN4+Akmz+DRmeNoy +2VYF4w2YP+pVR+B7OPkCtBVNuPkx3743Fy42mTGPMCKyjX8Lf59j5Tl1AoGBAI3s +k2dZqozHMIlWovIH92CtIKP0gFD2cJ94p3fklvZDSWgaeKYg4lffc8uZB/AjlAH9 +ly3ziZx0uIjcOc/RTg96/+SI/dls9xgUhjCmVVJ692ki9GMsau/JYaEl+pTvjcOi +ocDJfNwQHJM3Tx+3FII59DtyXyXo3T/E6kHNSMeBAoGAR9M48DTspv9OH1S7X6yR +6MtMY5ltsBmB3gPhQFxiDKBvARkIkAPqObQ9TG/VuOz2Purq0Oz7SHsY2jiFDd2K +EGo6JfG61NDdIhiQC99ztSgt7NtvSCnX22SfVDWoFxSK+tek7tvDVXAXCNy4ZESM +EUGJ6NDHImb80aF+xZ3wYKw= """ PROCESS_NAME = 'ocserv-main' |