summaryrefslogtreecommitdiff
path: root/smoketest
AgeCommit message (Collapse)Author
2023-11-10T5729: firewall: switch to valueless in order to remove unnecessary ↵Nicolas Fort
<enable|disable> commands; log and state moved to new syntax.
2023-11-10ddclient: T5708: Additional smoketests for web-optionsIndrajit Raychaudhuri
Add additional smoketests for web-options validation. Also, format error messages to optionally include protocol name.
2023-11-08ddclient: T5708: Ensure password is always wrapped in quotesIndrajit Raychaudhuri
Migration to 3.11.1 follow-up: This should make `ddclient.conf` parsing more resilient to edge cases (particularly when `password` isn't the last option right before the host parameter). ddclient config parser applies special treatment to the password field and would unwrap the quotes automatically. Also, switch from now deprecated `use=no` to `use=disabled`.
2023-11-07T5716: Fix smoketest for accel-ppp limiter tbfViacheslav Hletenko
Limiter in the commit cf92295 was changed to `tbf` Fix smoketest
2023-11-05ddclient: T5708: Migration to 3.11.1 and related improvementsIndrajit Raychaudhuri
- Migrate to ddclient 3.11.1 and enforce debian/control dependency - Add dual stack support for additional protocols - Restrict usage of `porkbun` protocol, VyOS configuration structure isn't compatible with porkbun yet - Improve and cleanup error messages
2023-11-05ddclient: T5708: Migrate `timeout` to `interval`Indrajit Raychaudhuri
Time interval in seconds to wait between DNS updates would be a bit more intuitive as `interval` than `timeout`.
2023-11-03Merge pull request #2431 from c-po/wireguard-t5707Christian Breunig
wireguard: T5707: remove previously deconfigured peer
2023-11-02wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated.
2023-11-02Merge pull request #2416 from c-po/evpn-mh-t5698Christian Breunig
T5698 EVPN ESI Multihoming
2023-11-02T5705: rsyslog: fix error when level=all. Replace <all> with wildcard <*>, ↵Nicolas Fort
as it's done with facility. Create basic smoketest for syslog
2023-11-01smoketest: vxlan: T5699: fix "external" CLI optionChristian Breunig
After commit cc7ba8824 ('vxlan: T5699: migrate "external" CLI know to "parameters external"') We also need to adjust the testcase for ARP/ND suppression.
2023-10-31T5558: smoketest: fix nat definitions on dialup-router-medium-vpn #2Christian Breunig
This extends commit 6248b2ae1 ("T5558: smoketest: fix nat definitions on dialup-router-medium-vpn") that missed out eth1 interface.
2023-10-31Merge pull request #2413 from c-po/t5668-vxlanChristian Breunig
vxlan: T5668: add CLI knob to enable ARP/ND suppression
2023-10-30Merge pull request #2417 from c-po/vxlan-t5699Christian Breunig
vxlan: T5699: migrate "external" CLI know to "parameters external"
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well.
2023-10-30vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10
2023-10-30bgp: T5698: add support for EVPN MultihomingChristian Breunig
2023-10-30bond: T5698: add support for EVPN MultihomingChristian Breunig
set interfaces bonding bond10 evpn es-df-pref '50' set interfaces bonding bond10 evpn es-id '10' set interfaces bonding bond10 evpn es-sys-mac '01:23:45:67:89:ab' set interfaces bonding bond10 member interface 'eth3' set interfaces bonding bond10 mode '802.3ad'
2023-10-29T5558: smoketest: fix nat definitions on dialup-router-medium-vpn.Nicolas Fort
2023-10-25T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵Nicolas Fort
(valid for interfaces and groups) in firewal, nat and nat66.
2023-10-24Merge pull request #2355 from nicolas-fort/T5643Christian Breunig
T5643: nat: add interface-groups to nat. Use same cli structure for i…
2023-10-22Merge pull request #2391 from sever-sever/T5299Viacheslav Hletenko
T5299: Add missed option ceiling for QoS shaper
2023-10-22Merge pull request #2386 from c-po/vxlan-t5671Christian Breunig
vxlan: T5671: change port to IANA assigned default port
2023-10-22T5299: Add missed option ceiling for QoS shaperViacheslav Hletenko
Add missed option `ceil` for QoS class 'trafficshaper'
2023-10-21smoketest: T2897: add basic cluster configChristian Breunig
2023-10-20vxlan: T5671: change port to IANA assigned default portChristian Breunig
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work!
2023-10-20T5667: BGP label-uniscat enable ecmpfett0
2023-10-19Merge pull request #2362 from nicolas-fort/T5541Christian Breunig
T5541: firewall zone: re add firewall zone-base firewall
2023-10-19Merge pull request #2344 from nicolas-fort/T5637Christian Breunig
T5637: add new rule at the end of base chains for default-actions and log capabilities
2023-10-16T5634: Smoketest add encryption ciphersViacheslav Hletenko
As `providers legacy default` option was deleted with insecure DES and Blowfish ciphers, the smoketest cannot pass without adding encyption ciphers Otherwise Oct 16 09:41:34 r4 openvpn-vtun5[9648]: DCO version: N/A Oct 16 09:41:34 r4 openvpn-vtun5[9648]: Cipher BF-CBC not supported Oct 16 09:41:34 r4 openvpn-vtun5[9648]: Exiting due to fatal error Fix the smoketest
2023-10-13T5541: firewall zone: re add firewall zone-base firewallNicolas Fort
2023-10-11T5643: nat: add interface-groups to nat. Use same cli structure for ↵Nicolas Fort
interface-name|interface-group as in firewall.
2023-10-11Merge pull request #2342 from sever-sever/T5165Viacheslav Hletenko
T5165: Implement policy local-route source and destination port
2023-10-08Merge pull request #2263 from Cheeze-It/currentViacheslav Hletenko
T5530: isis: Adding loop free alternate feature
2023-10-07Merge pull request #2335 from c-po/t5630-pppoe-mruDaniil Baturin
pppoe: T5630: allow to specify MRU in addition to already configurable MTU
2023-10-06T5637: add new rule at the end of base chains for default-actions. This ↵Nicolas Fort
enables log capabilities for default-action in base chains. And of course, add option for enabling log for default-action
2023-10-06T5165: Implement policy local-route source and destination portViacheslav Hletenko
Add `policy local-route` source and destination port set policy local-route rule 23 destination port '222' set policy local-route rule 23 protocol 'tcp' set policy local-route rule 23 set table '123' set policy local-route rule 23 source port '8888' % ip rule show prio 23 23: from all ipproto tcp sport 8888 dport 222 lookup 123
2023-10-06T5530: isis: Adding loop free alternate featureCheeze_It
2023-10-04T4320: remove references to obsoleted legacy version filesJohn Estabrook
2023-10-03pppoe: T5630: verify MRU is less or equal then MTUChristian Breunig
2023-10-03pppoe: T5630: allow to specify MRU in addition to already configurable MTUChristian Breunig
Set the MRU (Maximum Receive Unit) value to n. PPPd will ask the peer to send packets of no more than n bytes. The value of n must be between 128 and 16384, the default was always 1492 to match PPPoE MTU. A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data). Note that for the IPv6 protocol, the MRU must be at least 1280. CLI: set interfaces pppoe pppoe0 mru 1280
2023-10-02smoketests: T5626: verify Kernel options required for containersChristian Breunig
2023-09-30ddclient: T5574: Support per-service cache management for servicesIndrajit Raychaudhuri
Add support for per-service cache management for ddclient providers via `wait-time` and `expiry-time` options. This allows for finer-grained control over how often a service is updated and how long the hostname will be cached before being marked expired in ddclient's cache. More specifically, `wait-time` controls how often ddclient will attempt to check for a change in the hostname's IP address, and `expiry-time` controls how often ddclient to a forced update of the hostname's IP address. These options intentionally don't have any default values because they are provider-specific. They get treated similar to the other provider- specific options in that they are only used if defined.
2023-09-30Merge pull request #2325 from sever-sever/T5165Christian Breunig
T5165: Migrate policy local-route rule x destination to address
2023-09-30Merge pull request #2303 from indrajitr/ddclient-misc-1Christian Breunig
ddclient: T5612: Miscellaneous improvements and fixes for dynamic DNS
2023-09-29T5165: Migrate policy local-route rule x destination to addressViacheslav Hletenko
Migrate policy local-route <destination|source> to node address replace 'policy local-route{v6} rule <tag> destination|source <x.x.x.x>' => 'policy local-route{v6} rule <tag> destination|source address <x.x.x.x>'
2023-09-29T5616: firewall: add option to be able to match firewall marks in firewall ↵Nicolas Fort
filter and in policy route.
2023-09-28mdns: T5615: Allow controlling IP version to use for mDNS repeaterIndrajit Raychaudhuri
This commit adds a new configuration option to the mDNS repeater service to allow controlling which IP version to use for mDNS repeater. Additionally, publishing AAAA record over IPv4 and A record over IPv6 is disabled as suggested. See: - https://github.com/lathiat/avahi/issues/117#issuecomment-1651475104 - https://bugzilla.redhat.com/show_bug.cgi?id=669627#c2
2023-09-28Merge pull request #2295 from sever-sever/T5217-synproxyChristian Breunig
T5217: Add firewall synproxy
2023-09-28Merge pull request #2304 from sarthurdev/conntrack_helpersJohn Estabrook
conntrack: T5376: T5598: Restore kernel conntrack helpers