Age | Commit message (Collapse) | Author |
|
ethernet: T5862: default MTU is not acceptable in some environments
|
|
Use vyos.xml_ref.default_value to query XML default values and take them into
account when validating properly applied defaults in individual smoketests
instead of using hardcoded values like 443 for https port.
|
|
There are cloud environments available where the maximum supported ethernet
MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value
or 1500 bytes - whatever is lower.
|
|
bgp: T5943: BGP Peer-group members must be all internal or all external
|
|
T6068: dhcp-server: add command <set service dhcp-server high-availability mode>
|
|
|
|
mode> so user can define what type of ha use: active-active or active-passive
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
|
|
configverify: T6198: add common helper for PKI certificate validation
|
|
The next evolutional step after adding get_config_dict(..., with_pki=True) is
to add a common verification function for the recurring task of validating SSL
certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
|
|
T6192: allow binding SSH to multiple VRF instances
|
|
Fixed using 'route-map', 'as-set' and 'summary-only' together in
aggregation in BGP
|
|
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
|
|
T6178: Check that certificate exists during reverse-proxy commit
|
|
|
|
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
|
|
|
|
peer-group
changed exception condition
Improved route_reflector_client test
|
|
|
|
ipsec: T5606: T5871: Use multi node for CA certificates
|
|
T5872: ipsec remote access VPN: support dhcp-interface.
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
|
|
interface with vrf
|
|
|
|
dhcp-server high-availability>.
|
|
Users can not (FRR fails) commit the same network belonging to different OSPF
areas. Add verify() check to prevent this.
|
|
bgp: T6106: Valid commit error for route-reflector-client option defi…
|
|
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain"
node identifying the IS-IS process name). Drop all references to "process"
variable.
Specifying:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis redistribute ipv4 bgp
Triggered an exception
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify
f'"protocols isis {process} redistribute {afi} {proto}"!')
^^^^^^^
NameError: name 'process' is not defined
|
|
vti: T6085: interface is always down and only enabled by IPSec daemon
|
|
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
|
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
|
|
peer-group
handle vtysh bgp error
|
|
qos: T1871: add MTU option when configure limiter traffic-policy
|
|
T5996: selectively escape and restore single backslashes in config
|
|
|
|
add mtu to default and specified class
update smoke test
|
|
policy: T6129: add route-map option "as-path exclude all"
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
|
|
conntrack: T4022: add RTSP conntrack helper
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
|
|
|
|
|
|
firewall: T6071: truncate rule description field to 255 characters
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
|
|
vrrp: T6020: vrrp health-check script not applied correctly
|
|
|