Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 4cde677e9e128bc9b62fad720b1b6f6cac506954)
|
|
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
|
|
onlink pretend that the nexthop is directly attached to this link,
even if it does not match any interface prefix.
Useful when gateway not in the same interface network
set interfaces ethernet eth0 vif 10 address '10.20.30.1/32'
set protocols static route 10.20.30.0/32 interface eth0.10
set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink
```
vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover
Error: Nexthop has invalid gateway.
[edit]
vyos@r4#
[edit]
vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover
[edit]
vyos@r4#
```
(cherry picked from commit bb832acb97881d747a57da2728eab3ad138b8129)
|
|
server certificates
(cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
|
|
to firewall global-optinos
(cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
|
|
Added params for configuration red on the shaper policy
(cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
|
|
in order to not allow string starting with dot character; use such constraint in firewall group definitions.
(cherry picked from commit c455a1f71674300b8a74863ddfe6e551fe8fd252)
|
|
(cherry picked from commit b8f3c61ca514cacdfc2495f16869c1b1e07d2bbc)
|
|
In order to lower the Ethernet default MTU we need to drop the common
defaultValue from the XML mtu-68-16000.xml.i building block. Per interface
default MTU is later overloaded by XML.
(cherry picked from commit e86761fa1307596c721c3ddf3a61d263e8f5177b)
|
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
(cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
|
|
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
|
|
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
(cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
|
|
(cherry picked from commit 32d6a693de99021d2cd44fb4235e929caf7b4a6d)
|
|
(cherry picked from commit 24d0400b9c55cadef1eb99b3e84a363dd6ad5033)
|
|
(cherry picked from commit 84b6f6bcf59d526c35928c974e3f2d03c4d5ec06)
|
|
(cherry picked from commit 85e5ccbab85c8ded426896d61bcf64d329768f2c)
|
|
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
|
|
T6121: Extend config-sync for QoS and system options (backport #3193)
|
|
Ability to set interface for `excluded-address`
The excluded-addresses are not listed in the VRRP packet (adverts packets).
We have this ability for `address`, add the same feature for the
excluded-address
```
set high-availability vrrp group GRP-01 excluded-address 192.0.2.202 interface 'dum2'
set high-availability vrrp group GRP-01 excluded-address 192.0.2.203 interface 'dum3'
```
(cherry picked from commit 0daf445abcd00446da21fe0220d41d5fdde95ebd)
|
|
T5872: ipsec remote access VPN: support dhcp-interface. (backport #2965)
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
(cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
|
|
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
|
|
Extent the service config-sync for sections:
- qos interface
- qos policy
- system conntrack
- system flow-accounting
- system option
- system sflow
- system static-host-mapping
- system sysctl
(cherry picked from commit 9d5ad172034ae510288b11313d307f0a24bb4b7d)
|
|
xml: T5738: use common constraint include for container network (backport #3181)
|
|
(cherry picked from commit 37a4fdf229a7ab74718655f1d6e35fd94e5ad69a)
|
|
(cherry picked from commit 6be463fcca574e051420ae7549bed72e74486470)
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
(cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
|
|
The maximum timeout for the `service config-sync` is 300 seconds
(Connection API timeout). It could not be enough for the real massive
configurations.
Increase the maximum value to 3600
```
set service config-sync secondary address 192.0.2.1
set service config-sync secondary timeout 3600
```
(cherry picked from commit 4a90e00a886397d9f4202b78cc8995ed93d40014)
|
|
add mtu to default and specified class
update smoke test
(cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
(cherry picked from commit 25b611f504521181f85cb4460bfdfd702c377b5e)
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
(cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s (backport #3135)
|
|
(cherry picked from commit 7ca0ad91744044f74690179eaec4160d9c4fee65)
|
|
(cherry picked from commit 63de63f43aaa720993faf06ba2789789d87d63c6)
|
|
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
|
|
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
(cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
|
|
Lower available CPU C states to a minimum if this option set. This will set
Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
(cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
dhcp-client: T6093: extend regex for client class-id's with DOT (backport #3117)
|
|
A restriction to ascii in the constraint disallowed earlier support for
unicode bytes.
(cherry picked from commit 66b92e1cd4ec948c1e2df4bee9b21da9633f5bd8)
|
|
The regex used is not working if the string contains dots.
Originally authored by: Lucas <pinheirolucas@pm.me>
(cherry picked from commit c8670ae7941a8bac31e2174d4c6426b47272bfcc)
|
|
be allowed
This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum
description to 255 characters") which incresaed the lower limit from 0 to 1.
We actually require 0 length value for description nodes as introduced in
commit 6eea12512e ("xml: T1579: allow zero length for description").
(cherry picked from commit 724c685cba423758bece827d6d286815933ba912)
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
(cherry picked from commit a72ededa0b29c25efaab52f2db170c34eba50248)
|
|
(cherry picked from commit 4792d39bb84991768404f69ff807e43a9979a79e)
|
|
(cherry picked from commit 77a25e95da48549f2791b677f4ba187e547b1c6a)
|
|
(cherry picked from commit c37fb4010c50a18029d6c680c42fceb3b8930dbd)
|
|
All valid country codes can be retrieved from [1] and extracted which resulted
in the completion helper list of this commit.
1: https://git.kernel.org/pub/scm/linux/kernel/git/wens/wireless-regdb.git/tree/db.txt
(cherry picked from commit 45cd735f89a4b6c7419a26d2800d832c9da9f735)
|
|
Make the code more uniform and maintainable.
(cherry picked from commit 21b0bf0168697fdbe514ae49a4a28b39a91ec777)
|