Age | Commit message (Collapse) | Author |
|
in firewall, to NAT
|
|
|
|
Since 'key' field is no longer required, a missing key will register an
error in the resolver, instead of being rejected as bad request.
|
|
|
|
Commit 54c36e43 (tunnel: T5034: migrate "multicast enable" CLI node to
enable-multicast) changed the syntax on the CLI. This commits changes the
testcase to make use of the new syntax.
|
|
|
|
|
|
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
tc acccepts the bandwidth value/unit pairs as lowercase - so does the VyOS CLI
validator work, too.
|
|
sstp-client
|
|
T1993: PPPoE-server add section shaper and fwmark option
|
|
|
|
containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
|
|
container: T4959: Add container registry authentication config for containers
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
|
|
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
|
|
|
|
|
|
ipsec: T4925: Added PRF into IKE group
|
|
T4857: SNMP: Implement FRR SNMP Recomendations
|
|
|
|
Added the possibility to configure Pseudo-Random Functions (PRF)
in IKE group
set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF>
|
|
As WireGuard is now part of the mainline Kernel, we no longer need to validate
it using the external module loader/tester.
|
|
|
|
|
|
|
|
|
|
* Move CLI from "system ntp" -> "service ntp"
* Drop NTP server option preempt as not supported by chrony
|
|
Commit e28b10ce ("smoketest: dhcpv6-relay: use setUpClass() over setUp()")
introduced a TypeError:
TypeError: cli_set() missing 1 required positional argument: 'config'
This has been fixed.
|
|
This fixes commit 20f448d16c ("T4934: ospf: Fix inter-area route summarization")
where an assert was present for a CLI option that was missing to be set
causing tests to fail.
|
|
|
|
Improves test runtime as interfaces are not created/deleted on every
test case.
|
|
This fixes commit 20f448d16c ("T4934: ospf: Fix inter-area route summarization")
where an assert was present for a CLI option that was missing to be set
causing tests to fail.
|
|
Fix ValueError: Unknown format code 'x' for object of type 'str' added in
commit c0ffb8ba4e663 ("ethernet: rps: T4928: adjust to Kernel ABI changes").
|
|
Setting something like `protocols ospf area 10 range 10.10.0.0/16` without sub options doesn't work. This is because no range commands are generated when there is no leaf nodes set under the `range` tag node.
```
edit protocols ospf
set area 16 network 10.10.0.0/16
set area 16 range 10.10.0.0/16
commit
```
```
$ vtysh -c 'show run'
!
router ospf
auto-cost reference-bandwidth 100
timers throttle spf 200 1000 10000
network 10.10.0.0/16 area 16
exit
```
The generated FRR commands above is missing something like:
```
area 16 range 10.10.0.0/16
```
|
|
T4920: ospf: Fix `passive-interface default` option
|
|
`passive_interface` is a leaf node. Also adds a smoketest.
|
|
T4877: Added more checks if "import vrf" is used in bgp
|
|
|
|
|
|
1. Fixed: If rd and route-target are used in VRF, can not use "import vrf"
in the same VRF in the same AFI/SAFI.
2. Fixed: If rd and route-target is used in VRF, this VRF can not be in
the list of command "import vrf" in the same AFI/SAFI but in
other VRFs.
3. Fixed: Do not allow to delete vrf if it is used in import list
of other vrfs.
4. Added smoketests to check "import vrf" issues.
|
|
|
|
|