Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-29 | smoketest: config: drop almost empty https service test | Christian Poessinger | |
2022-08-28 | smoketest: T4643: bind sstp service to port 8443 | Christian Poessinger | |
2022-08-27 | smoketest: T4643: create individual configs fot https service and sstp vpn | Christian Poessinger | |
2022-08-27 | Revert "smoketest: T4643: Change openconnect default port" | Christian Poessinger | |
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39. | |||
2022-08-27 | Revert "smoketest: T4643: Delete vpn sstp from config as we have HTTP" | Christian Poessinger | |
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459. | |||
2022-08-26 | smoketest: T4643: Delete vpn sstp from config as we have HTTP | Viacheslav Hletenko | |
HTTP and sstp cannot work together and in the test config 1.4-rolling-202106290839 we didnot have configurable port for such services So we shoud delete sstp from this smoketest config test In fact it is never working at all 'smoketest/configs/pki-misc' It commits without errors before but in the real life we get 3 services (https openconnect sstp) that bound the same port | |||
2022-08-25 | smoketest: T4643: Change openconnect default port | Viacheslav Hletenko | |
Change openconnect port as both ocserv and sstp bind by default the same port 443 | |||
2022-07-07 | syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotate | sarthurdev | |
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override | |||
2022-07-05 | firewall: T2199: Fix migration when `icmpv6 type` is an integer | sarthurdev | |
2022-07-01 | openvpn: T4485: Add CRL to OpenVPN config test | sarthurdev | |
2022-06-29 | openvpn: T4485: Update PKI migrator to handle full CA chain migration | sarthurdev | |
* Also determines and maps to correct CA for migrated CRL | |||
2022-05-31 | smoketest: policy: T3976: add migratable config snippet | Christian Poessinger | |
2022-05-25 | configtest: T4382: no migration to 'bgp local-as' under vrf | John Estabrook | |
The migration script bgp/0-to-1 did not address 'protocols bgp ASN' -> 'protocols bgp local-as ASN' under a vrf. Move to configs.no-load for review on extending/adding a migration script. | |||
2022-05-25 | configtest: T4382: missing block in migration script vrf/0-to-1 | John Estabrook | |
The config vrf-basic reveals a missing block in the migration script vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in vrf-ospf. | |||
2022-05-25 | configtest: T4382: inconsistent ipsec component version | John Estabrook | |
The pki-ipsec sagitta-era config contains 'vpn ipsec ipsec-interfaces interface eth0' with ipsec component version ipsec@6, however, this construction is successfully moved by migration script ipsec/5-to-6. Consequently, this must have been an error in translation of the config file. Note that this is unrelated to the corrected error regarding an empty 'ipsec-interfaces' node. Move config to configs.no-load for review. | |||
2022-05-25 | configtest: T4382: bgp_small_as has a nonsensical entry | John Estabrook | |
bgp_small_as contains set commands such as: 'protocols static route 10.0.0.0/8 MY-NAS distance 254' which would appear to have no meaning, in any VyOS version. Move to config.no-load for analysis. | |||
2022-05-25 | configtest: T4382: 'nat ... log' takes no 'enable' argument | John Estabrook | |
The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5 removes the boolean argument. It is confirmed that the migration script works correctly, hence, it must be a typo in translation; remove argument 'enable'. | |||
2022-05-25 | configtest: T4382: system@20 cannot have 'user level' (16-to-17) | John Estabrook | |
The config file isis-small has system@20, but 'user level' which was migrated in system/16-to-17; remove the line in the config, as there is no problem with the migration script in question. | |||
2022-05-25 | configtest: T4382: remove typo | John Estabrook | |
This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'. | |||
2022-05-05 | smoketest: do not auto-load big firewall config on smoketest | Christian Poessinger | |
This takes a very long time, but keep the config for manual runs | |||
2022-05-05 | policy: T4414: add support for route-map "as-path prepend last-as x" | Christian Poessinger | |
2022-04-30 | smoketest: import large firewall config from T1230 | Christian Poessinger | |
2022-04-29 | smoketest: add basic QoS configuration | Christian Poessinger | |
2022-04-28 | arp: T4397: change CLI syntax to support interface and VRF bound ARP entries | Christian Poessinger | |
* set protocols static arp interface eth0 address 192.0.2.1 mac 01:23:45:67:89:01 | |||
2022-04-25 | smoketest: config: T4397: add ARP entries for a second interface | Christian Poessinger | |
2022-04-25 | smoketest: config: T4397: add some static ARP entries | Christian Poessinger | |
2022-04-07 | ipv6: T4346: delete (migrate) CLI command to disable IPv6 address family | Christian Poessinger | |
2022-04-06 | firewall: T4345: Fix incorrect rule limit rate syntax | sarthurdev | |
2022-03-06 | smoketest: config: add "recent" firewall rule to dialup-router | Christian Poessinger | |
2022-02-28 | ssh: T4273: bugfix cipher and key-exchange multi nodes | Christian Poessinger | |
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility | |||
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-11 | policy: T2199: Refactor policy route script for better error handling | sarthurdev | |
* Migrates all policy route references from `ipv6-route` to `route6` * Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6` | |||
2021-12-25 | flow-accounting: T4105: drop "sflow agent-address auto" | Christian Poessinger | |
The implementation of the "auto" option to specify the sflow/netflow agent-address is very error prone. The current implementation will determine the IP address used for the "auto" value as follow: Get BGP router-id 1) If not found use OSPF router-id 2) If not found use OSPFv3 router-id 3) If not found use "the first IP address found on the system Well, what is the "first IP address found"? Also this changes if DHCP is in use. Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed, the agent-address is not updated upon the next reboot of the system. This task is about removing the "auto" keyword from the CLI at all and make it either entirely configurable by the user and hardcode the value in CLI, or not use this at all. If "auto" is specified we will query the system in the above order and set the proper router-id in the CLI. If none can be found the CLI node is removed. | |||
2021-10-31 | smoketest: config: add DMVPN hub and spoke examples | Christian Poessinger | |
2021-10-22 | tunnel: T3925: fix configtest - source-interface does not work with gretap | Christian Poessinger | |
2021-10-21 | tunnel: T3925: dhcp-interface was of no use - use source-interface instead | Christian Poessinger | |
(cherry picked from commit c1015d8ce0013719eb898b60b14ffec192b8141c) | |||
2021-10-05 | smoketest: bgp: T3741: bugfix invalid IP address (missing prefix size) | Christian Poessinger | |
2021-10-04 | bgp: T3741: "parameter default no-ipv4-unicast" is now a default option | Christian Poessinger | |
2021-09-06 | smoketest: config: add DHCP name-server to dialup-router-medium-vpn config | Christian Poessinger | |
T3804 changed how DHCP servers from DHCP interfaces are read in and passed to the system. The config migrator is tested with this addition. | |||
2021-08-26 | smoketest: config: drop empty newline at EOF for "isis-small" test | Christian Poessinger | |
2021-07-26 | smoketest: config: azure: also utilize "default-esp-group" feature | Christian Poessinger | |
2021-07-22 | ipsec: T2816: remove "auto-update" CLI option | Christian Poessinger | |
Update/refresh of DNS records is now handled internally by Strongswan. | |||
2021-07-22 | pki: https: T3642: Migrate HTTPS to use PKI configuration | sarthurdev | |
2021-07-20 | pki: sstp: T3642: Migrate SSTP to PKI configuration | sarthurdev | |
2021-07-20 | pki: openconnect: T3642: Migrate OpenConnect SSL to PKI configuration | sarthurdev | |
2021-07-15 | pki: ipsec: l2tp: T2816: T3642: Move IPSec/L2TP code into vpn_ipsec.py and ↵ | sarthurdev | |
update to use PKI. | |||
2021-07-07 | pki: T3642: Migrate rsa-keys to PKI configuration | sarthurdev | |
2021-06-29 | pki: ipsec: T3642: Migrate IPSec to use PKI configuration | sarthurdev | |
2021-06-17 | policy: T3631: migrate "set extcommunity-rt|soo" to "set extcommunity rt|soo" | Christian Poessinger | |
migrate "set extcommunity-rt" and "set extcommunity-soo" to "set extcommunity rt|soo" to match FRR syntax. This also makes it easier to implement the "bandwidth" extended community. | |||
2021-05-20 | smoketest: config: sysctl: T3565: add migratable configuration | Christian Poessinger | |