Age | Commit message (Collapse) | Author |
|
In order to keep the proper priority list during system startup and on initial
setup/commit for this feature the dependent VXLAN code should not be called,
if the interface in question does not exist (yet).
|
|
login: T5972: add possibility to disable individual local user accounts
|
|
T3722: Fixed L-Time in 'show vpn ike sa' command
|
|
Fixed L-Time in 'show vpn ike sa' command
|
|
* set system login user <name> disable
|
|
T6001: add option to disable next-hop-tracking resolve-via-default
|
|
context
* set vrf name <name> ip nht no-resolve-via-default
* set vrf name <name> ipv6 nht no-resolve-via-default
|
|
* set system ip nht no-resolve-via-default
* set system ipv6 nht no-resolve-via-default
|
|
EDB should be EGP for exterior gateway protocol
|
|
dhcpv6-server: T5993: Extend interface migrator to check VLAN/QinQ
|
|
rpki: T6034: extend config migration testcase
|
|
T6029: Rewritten Accel-PPP services to an identical feature set
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
|
|
Commit 0eb4168aa ("eigrp: T2472: improve code for later tests") added a basic
smoketest for EIGRP, which is also run by the CI hence not having a +x bit at
all.
This just deletes the basic smoketest testing for ASN and EIGRP router-id.
We can revert it once it's fixed in FRR upstream.
https://github.com/FRRouting/frr/pull/14765
|
|
|
|
|
|
Updates smoketest config to test migrator change
|
|
T6019: Fix smoketest test_system_conntrack custom timeout
|
|
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8
The nftables format for conntrack timeouts is different.
Fix this.
|
|
dhcpv6-server: T5992: Fix op-mode DHCP lease output + updates
|
|
T5928: Change firewall priority to 319
|
|
T5064: Firewall fix RegEx for for domain-group
|
|
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
|
|
Improve RegEx for firewall domain-groups.
This domain group looks good, but the current RegEx validation
fils:
```
set firewall group domain-group a_aa
```
|
|
|
|
Change the firewall priority to 319, after interface ethernet
configuration
For example if we use VLANs and the vlan interface must be
created before we can use it in the firewall/flowtable
The current priority
```
199 firewall
300 interfaces/dummy
300 interfaces/loopback
300 interfaces/virtual-ethernet
310 interfaces/bridge
310 interfaces/input
318 interfaces/ethernet
...
```
|
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
|
|
dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally connected interfaces
|
|
|
|
|
|
Due to Kea's lease file cleanup, the CSV file content is inconsistent. This commit makes changes to use the Kea control socket to fetch current lease information.
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
|
|
ipsec: T5981: Strip '@' from migrated peer PKI name
|
|
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined
|
|
defined
Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured")
which showed a disturbing error on tty0 after boot that a "binary operator
expected" when checking for RPKI caches when multiple results got returned.
|
|
|
|
|
|
|
|
|
|
T6019: fix smoketest after upgrading nftables and libnftnl packages.
|
|
|
|
srv6: T5849: add segment support to "protocols static route6"
|
|
bgp: T6010: support setting multiple values for neighbor path-attribute
|
|
|
|
set pki openssh rpki private key ...
set pki openssh rpki public key ...
set pki openssh rpki public type 'ssh-rsa'
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
|
|
|
|
rpki: T6004: add missing startup priority
|