Age | Commit message (Collapse) | Author |
|
The key defaults to 0 and will match any policies which similarly do not have
a lookup key configuration. This means that a vti0 named interface will pull in
all traffic and others will stop working. Thus we simply shift the key by one
to also support a vti0 interface.
|
|
Manually set peer id and use-x509-id are mutually exclusive!
|
|
Restore "default" behavior from ipsec.conf
|
|
|
|
squid: squidguard: T3810: Fix template for sourcre-group and rule
|
|
Modify template for squid
Replace old directives to actual
|
|
|
|
|
|
|
|
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as")
added support for a new CLI option when the local-as is changed for a specified
neighbor or peer-group.
There was an error in the CLI / design as the "replace-as" option can only be
used when "no-prepend" is defined. Thus "no-prepend" became a <node> and
the new "replace-as" leafNode is now a child of "no-prepend".
|
|
|
|
(cherry picked from commit 23388fe193f04ab05f270098123cbb3e5f0b9f75)
|
|
Add new CLI command:
* "set protocols ospf redistribute table <n>"
|
|
Mandatory FRR options for spf-delay-ietf did not get rendered in the Jinja2
template.
|
|
|
|
bgp: evpn: T3739: add route-map match support
|
|
|
|
|
|
|
|
|
|
Now that MSS clamping is done on the "per-interface" level the entire PPPoE
stuff would have needed to get a full copy in GNU BASH for this or, participate
in the common library.
Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the
vyos.ifconfig.PPPoEIf.update() function to configure everything as done with
all other interfaces. This removes duplicated code for VRF assignment and route
installation when a PPPoE interface is brought up or down.
|
|
|
|
level
Getting rid of "set firewall options" and move it from:
set firewall options interface ethX adjust-mss 1400
set firewall options interface ethX adjust-mss6 1400
to:
set interfaces ethernet ethX ip adjust-mss 1400
set interfaces ethernet ethX ipv6 adjust-mss 1400
In addition add an extra option called clamp-mss-to-pmtu instead of a value.
|
|
This adds the following new commands:
set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out
set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in
set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out
set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in
|
|
|
|
IKE lifetime is life_time, and ESP lifetime is rekey_time.
|
|
Commit 7a873eb6 ("ipsec: T3764: bugfix missing IKE and ESP lifetime values")
re-added the lost in translation IKE/ESP rekey values. But it did not specify
the unit, which is s(econd).
|
|
During the migration the IKE and ESP key/re-key lifetime settings got lost in
translation. This is now fixed and the values/defaults correspond to VyOS 1.3.
|
|
|
|
Add the following new commands:
* set protocols bgp address-family ipv4-unicast route-target vpn both 1.1.1.1:100
* set protocols bgp address-family ipv4-unicast route-target vpn export 1.1.1.1:100
* set protocols bgp address-family ipv4-unicast route-target vpn import 1.1.1.1:100
|
|
|
|
Add the following new commands:
* set protocols bgp address-family ipv4-unicast rd vpn export
* set protocols bgp address-family ipv6-unicast rd vpn export
|
|
|
|
Add the following new commands:
* set protocols bgp address-family ipv4-unicast label vpn export (auto | 0-1048575)
* set protocols bgp address-family ipv6-unicast label vpn export (auto | 0-1048575)
|
|
convention
|
|
template
This triggered a bug during smoketesting.
File "/usr/share/vyos/templates/proxy-ndp/ndppd.conf.tmpl", line 24, in top-level template code
{% if config.translation.address is defined and config.translation.address | is_ip_network %}
File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 471, in getattr
return getattr(obj, attribute)
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'translation'
|
|
|
|
|
|
|
|
|
|
FRR supports configuring either network prefixes per area, or assign an
interface to an area to participate in the routing process. This is already well
known from other venders and supported by FRR.
A valid VyOS OSPF configuration would then look like:
vyos@vyos# show protocols
ospf {
interface dum0 {
area 0
}
interface eth0.201 {
area 0
authentication {
md5 {
key-id 10 {
md5-key vyos
}
}
}
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
log-adjacency-changes {
detail
}
parameters {
abr-type cisco
router-id 172.18.254.201
}
passive-interface default
passive-interface-exclude eth0.201
}
|
|
|
|
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR
prior the removal of the bgp settings (T3734).
This is now done by moving the CLI command "set vrf name red vni 1000" to a
dedicated Python script with a priority higher then bgp.
|
|
policy: T3673: Add set large-comm-list for route-map
|
|
|
|
|
|
FRR 7.5.1 supports:
vyos(config-route-map)# match evpn
default-route default EVPN type-5 route
rd Route Distinguisher
route-type Match route-type
vni Match VNI
This commit adds a proper VyOS CLI abstraction.
|
|
ipsec: T3727: Fix ESP proposals not being set from tunnel esp-group
|
|
|
|
|