Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-08-26 | ipsec: T1210: support road-warrior IP assignment via RADIUS Framed-IP-Address | Christian Poessinger | |
Extended CLI command: "set vpn ipsec remote-access connection rw pool" with a "radius" option. | |||
2021-08-24 | bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differ | Christian Poessinger | |
The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values. | |||
2021-08-24 | policy: T2425: rename validator large-community-list -> bgp-large-community-list | Christian Poessinger | |
... as we will get another bgp route-target validator soon. | |||
2021-08-23 | container: T2216: add option to "disable" a container | Christian Poessinger | |
2021-08-23 | container: T2216: use common "generic-description.xml.i" building block | Christian Poessinger | |
2021-08-23 | container: T2216: increase default memory limit to 512MB | Christian Poessinger | |
2021-08-23 | container: T2216: name of container must be alphanumeric and can contain a ↵ | Christian Poessinger | |
hyphen | |||
2021-08-23 | containers: T2216: add CLI commands to specify restart behavior and memory usage | Christian Poessinger | |
A container is limited to 256MB memory by default and will always restart on failure. | |||
2021-08-23 | containers: T2216: xml: impove help string for address command | Christian Poessinger | |
2021-08-23 | containers: T2216: add environmnet variable constraint | Christian Poessinger | |
An environment variable passed to podman can only consist out of alphanumeric characters, a hypend and an underscore. | |||
2021-08-22 | ipsec: T2816: l2tp ipsec VPN must be started after strongSwan | Christian Poessinger | |
2021-08-21 | pppoe: T1318: bump priority by 1 so we can source from pseudo-ethernet ↵ | Christian Poessinger | |
interfaces | |||
2021-08-21 | pppoe: T1318: implement missing access-concentrator CLI option | Christian Poessinger | |
2021-08-21 | pppoe: T3090: support forward disable on a PPPoE link | Christian Poessinger | |
2021-08-21 | xml: interfaces: use one common building block for "disable-forwarding" | Christian Poessinger | |
Both building blocks only differed in the help text, so use IP for both IPv4 and IPv6. | |||
2021-08-21 | vti: T1441: enable ipv4/ipv6 interface options | Christian Poessinger | |
Now that we are based on XFRM interfaces we can also enable specific IPv4 and IPv6 interface options. | |||
2021-08-21 | interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵ | Christian Poessinger | |
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value. | |||
2021-08-20 | bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/export | Christian Poessinger | |
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in | |||
2021-08-20 | bgp: T3759: fix DOS -> UNIX line endings on route-target building blocks | Christian Poessinger | |
2021-08-20 | bgp: T3759: create common export/import building block for re-usable route-maps | Christian Poessinger | |
2021-08-20 | xml: remove superfluous "interface" prefix from interface includes | Christian Poessinger | |
2021-08-19 | xml: T3768: drop early XML syntaxVersion implementation | John Estabrook | |
2021-08-18 | bgp: T3759: add l3vpn "route-target vpn" commands | Christian Poessinger | |
Add the following new commands: * set protocols bgp address-family ipv4-unicast route-target vpn both 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn export 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn import 1.1.1.1:100 | |||
2021-08-18 | bgp: evpn: T1513: re-structure route-target XML blocks | Christian Poessinger | |
Make the both, export and import XML block re-usable by the IPv4 AFI. | |||
2021-08-18 | bgp: T3759: fix "label vpn" help string | Christian Poessinger | |
2021-08-18 | bgp: T3759: add l3vpn "rd" route-distinguisher commands | Christian Poessinger | |
Add the following new commands: * set protocols bgp address-family ipv4-unicast rd vpn export * set protocols bgp address-family ipv6-unicast rd vpn export | |||
2021-08-18 | bgp: T3759: add l3vpn "label vpn export" commands | Christian Poessinger | |
Add the following new commands: * set protocols bgp address-family ipv4-unicast label vpn export (auto | 0-1048575) * set protocols bgp address-family ipv6-unicast label vpn export (auto | 0-1048575) | |||
2021-08-18 | bgp: T3759: import/export is for AFI "ipv4 unicast" not "ipv4 multicast" | Christian Poessinger | |
2021-08-17 | bgp: T3759: add l3vpn "import vrf" commands | Christian Poessinger | |
2021-08-17 | xml: cleanup - replace format "text" with "txt" as required by the BASH helpers | Christian Poessinger | |
2021-08-17 | bgp: T3759: add l3vpn import/export vpn command for IPv4/IPv6 AFI | Christian Poessinger | |
2021-08-17 | bgp: T2174: create building block for path-limit which is used in IPv4/IPv6 AFI | Christian Poessinger | |
2021-08-17 | policy: T2425: bgp large-community-list name also supports - and _ | Christian Poessinger | |
2021-08-17 | policy: T2425: bgp ext-community-list name also supports - and _ | Christian Poessinger | |
2021-08-17 | policy: T2425: add missing validator for large-community-lists | Christian Poessinger | |
without the validators FRR commit errors would happen. | |||
2021-08-17 | policy: T2425: add missing constraints for extended and large community lists | Christian Poessinger | |
2021-08-17 | policy: T2425: update help test for BGP communities | Christian Poessinger | |
2021-08-17 | xml: proxy: use port-number building block for system proxy | Christian Poessinger | |
2021-08-17 | xml: webproxy: use port-number building block for LDAP connection | Christian Poessinger | |
2021-08-17 | xml: wireguard: use port-number building block | Christian Poessinger | |
2021-08-17 | xml: syslog: use port-number building block | Christian Poessinger | |
2021-08-17 | xml: tftp: use port-number building block | Christian Poessinger | |
2021-08-17 | xml: bcast-relay: use port-number building block | Christian Poessinger | |
2021-08-17 | xml: vxlan: use port-number building block | Christian Poessinger | |
2021-08-17 | xml: include: add error message to port-number | Christian Poessinger | |
2021-08-17 | isis: T1316: use common redistribute XML building block for IPv4 and IPv6 | Christian Poessinger | |
2021-08-16 | openvpn: T690: Add metric for pushed routes | Viacheslav | |
2021-08-15 | ospf: T3757: support to configure area at an interface level | Christian Poessinger | |
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 } | |||
2021-08-15 | conntrack: T3275: bugfix XML generation | Christian Poessinger | |
This commit fixes an error introduced by 43fcc0db0 ("conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new default behavior") as the <valueless/> option can only be used on leafNodes. THis triggered the following build error: ValueError: <valueless/> is only allowed in <leafNode> | |||
2021-08-15 | Merge pull request #944 from sever-sever/T3702 | Christian Poessinger | |
pbr: T3702: Add rules match fwmark |