| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Add common IPv6 CLI option (use ethernet as example):
set interfaces ethernet eth0 ipv6 address interface-identifier
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
T7343: IPsec add traffic-selector handling for VTI interfaces
|
|
Allow to set traffic-selector for VTI interfaces
We can set several local and remote IPv4 and IPv6 prefixes
```
set vpn ipsec site-to-site peer P1 vti traffic-selector local prefix 0.0.0.0/0
set vpn ipsec site-to-site peer P1 vti traffic-selector local prefix :/0
set vpn ipsec site-to-site peer P1 vti traffic-selector remote prefix 192.0.2.0/24
```
|
|
Since the jump to the global state chain is inserted before all rules,
it wasn't possible to use offload with the global state policies
This commit adds a new chain for offloaded traffic in the forward
chain and jumps to that chain. Please enter the commit message for your changes. Lines starting
|
|
kea: T7281: Add ping-check, use built-in option for classless static routes
|
|
ids: T7241: remove Fastnetmon from the base system
|
|
* dhcp-server: T7310: add support for option 138 CAPWAP AC to KEA
* kea: T7310: Update data/templates/dhcp-server/kea-dhcp4.conf.j2
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
* kea: T7310: Update python/vyos/kea.py
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
* kea: T7310: add smoketest for capwap-ac-v4
* kea: T7310: Update python/vyos/kea.py
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
---------
Co-authored-by: David Vølker <davvol@davvol.dk>
Co-authored-by: Simon <965089+sarthurdev@users.noreply.github.com>
|
|
It will eventually be moved to an addon
|
|
|
|
virtual-ethernet: T7293: add support to define interface MTU
|
|
syslog: T7270: fix typos in rsyslog.conf
|
|
If a router has not formed an LDP neighbor adjacency yet, it
answers all received LDP Hello packets from non-neighbors with
new Hello packets.
This leads to flooding LDP packets to all routers for each LDP
incoming packet.
Add configuration option to disable this behavior
```
set protocols mpls ldp interface eth0 disable-establish-hello
```
|
|
|
|
|
|
firewall: T5493: Implement remote-group
|
|
|
|
|
|
wireguard: T7246: verify Base64 encoded 32byte boundary on keys
|
|
Not 31 bytes or 33 bytes, but exactly 32. This matters, because 32 does not
divide evenly by .75, so there's a padding character and the penultimate
character does not include the whole base64 alphabet.
Extend the base64 validator with an optional argument to define the length
to match of the decrypted Base64 encoded string.
Source: https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html
|
|
T7252: Allow vpptun and vpptap for constraint validator
|
|
* bgp: T7157: Allow using route-maps for VRF route leaking in BGP
Added the possibility of using route-map in route leaking.
* Improve the constraint error message
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
It fixes cases whey we want to use VPP kernel interfaces for OSPF
But VPP kernel interface is not exists on this step
set vpp interfaces loopback lo0 kernel-interface 'vpptun0'
set protocols ospf interface vpptun0 area '0'
Incorrect path /sys/class/net/vpptun0: no such file or directory
|
|
T7092: Add Container Registry Mirror
|
|
|
|
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
New CLI command
set system syslog marker disable
|
|
|
|
T7204: Container add capability MKNOD
|
|
policy: T7116: Remove unsupported use of BGP community "internet"
|
|
T7118: Added the ability to redistribute NHRP routes to other protocols
|
|
|
|
policy: T7158: Added match source-vrf to route-map
|
|
* wlb: T7196: Migrate interface wildcards to nftables format
* wlb: T7196: Fix exclude/interface verify check
* wlb: T7196: Extra sanity check on ipv4 address function
|
|
Added match source-vrf to route-map
|
|
Added the ability to redistribute NHRP routes to:
OSPF
BGP
Babel
RIP
IS-IS
|
|
This has been split into a separate commit in case this is overkill for
the fix. 1.2 and 1.3 installs predate the change to FRR that removed support,
but "internet" is already broken on 1.4.
|
|
"internet"
|
|
* snmp: T7180: Fixed verification of engineid in snmpv3
EngineID must be configured if snmpv3 user is configured.
Fixed engineid help string.
|
|
lldp: T7165: add support to enable only rx/tx on specific interfaces
|
|
T7171: Add dstport option to GENEVE tunnels
|
|
|
|
LLDP is a stateless protocol which does not necessitate sending to receive
advertisements. There are multiple scenarios such as provider peering links in
which it is advantageous to receive LLDP but not disclose internal information
to the provider.
Add new CLI command:
* set service lldp interface <name> mode [disable|rx-tx|rx|tx]
The default is unchanged and will be rx-tx.
Furthermore if an interface has an explicit LLDP disable configured under
"set service lldp interface <name> disable" this will be migrated to
"set service lldp interface <name> mode disable"
|
|
T7190: Add haproxy default timeout options configurable
|
|
Add the ability to configurate default timeout and frontend
client timeout
```
set load-balancing haproxy service web timeout client '600'
set load-balancing haproxy timeout check '4'
set load-balancing haproxy timeout client '600'
set load-balancing haproxy timeout connect '12'
set load-balancing haproxy timeout server '120'
```
|
|
|
|
T5810: Add support for RPKI source ip
|
|
firewall: T7177: Update interface-name constraint to allow "pod-" interface names
|
|
|
|
support pod interfaces from containers
|
