Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-04-01 | ssh: T6192: allow binding to multiple VRF instances | Christian Breunig | |
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. | |||
2024-04-01 | Merge pull request #3222 from HollyGurza/T6178 | Christian Breunig | |
T6178: Check that certificate exists during reverse-proxy commit | |||
2024-04-01 | T6178: Check that certificate exists during reverse-proxy commit | khramshinr | |
2024-03-30 | Merge pull request #3195 from HollyGurza/T4718-current | Christian Breunig | |
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf | |||
2024-03-30 | accel-ppp: T6187: use correct CPU counts adjusted for SMT | Daniil Baturin | |
2024-03-29 | bgp: T6106: Valid commit error for route-reflector-client option defined in ↵ | khramshinr | |
peer-group changed exception condition Improved route_reflector_client test | |||
2024-03-29 | bgp: T6010: Allow configuration of disable-ebgp-connected-route-check | fett0 | |
2024-03-28 | Merge pull request #3202 from sarthurdev/T5606_1 | Daniil Baturin | |
ipsec: T5606: T5871: Use multi node for CA certificates | |||
2024-03-28 | Merge pull request #2965 from lucasec/t5872 | Daniil Baturin | |
T5872: ipsec remote access VPN: support dhcp-interface. | |||
2024-03-28 | ipsec: T5606: T5871: Use multi node for CA certificates | sarthurdev | |
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended. | |||
2024-03-28 | dhcp-server: T4718: Listen-address is not commit if the ip address is on the ↵ | khramshinr | |
interface with vrf | |||
2024-03-26 | Merge pull request #3190 from HollyGurza/T6106 | Christian Breunig | |
bgp: T6106: fix test and verify() | |||
2024-03-26 | bgp: T6106: fix test and verify() | khramshinr | |
2024-03-26 | T6171: dhcp-server: add fix for smoketest | Nicolas Fort | |
2024-03-25 | T6171: migrate <set service dhcp-server failover> to <set service ↵ | Nicolas Fort | |
dhcp-server high-availability>. | |||
2024-03-24 | ospf: T6066: can not define the same network in different areas | Christian Breunig | |
Users can not (FRR fails) commit the same network belonging to different OSPF areas. Add verify() check to prevent this. | |||
2024-03-23 | Merge pull request #3151 from HollyGurza/T6106 | Daniil Baturin | |
bgp: T6106: Valid commit error for route-reflector-client option defi… | |||
2024-03-22 | isis: T6160: NameError: name 'process' is not defined | Christian Breunig | |
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain" node identifying the IS-IS process name). Drop all references to "process" variable. Specifying: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6825.5255.00' set protocols isis redistribute ipv4 bgp Triggered an exception Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify f'"protocols isis {process} redistribute {afi} {proto}"!') ^^^^^^^ NameError: name 'process' is not defined | |||
2024-03-21 | Merge pull request #3157 from c-po/vti-T6085 | Daniil Baturin | |
vti: T6085: interface is always down and only enabled by IPSec daemon | |||
2024-03-21 | Merge pull request #3158 from c-po/bridge-T6125 | Daniil Baturin | |
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering | |||
2024-03-20 | conntrack: T6147: Enable conntrack when firewall state-policy is defined | sarthurdev | |
* Move global state-policy smoketest to it's own test, verify conntrack | |||
2024-03-20 | bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering | Christian Breunig | |
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad | |||
2024-03-20 | vti: T6085: interface is always down and only enabled by IPSec daemon | Christian Breunig | |
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle. | |||
2024-03-20 | bgp: T6106: Valid commit error for route-reflector-client option defined in ↵ | khramshinr | |
peer-group handle vtysh bgp error | |||
2024-03-19 | Merge pull request #3131 from HollyGurza/T1871 | Christian Breunig | |
qos: T1871: add MTU option when configure limiter traffic-policy | |||
2024-03-19 | Merge pull request #3035 from jestabro/replace-backslash | John Estabrook | |
T5996: selectively escape and restore single backslashes in config | |||
2024-03-18 | T5996: add smoketest to check translation of backslash character | John Estabrook | |
2024-03-18 | qos: T1871: add MTU option when configure limiter traffic-policy | khramshinr | |
add mtu to default and specified class update smoke test | |||
2024-03-17 | Merge pull request #3139 from c-po/as-path-T6129 | Christian Breunig | |
policy: T6129: add route-map option "as-path exclude all" | |||
2024-03-17 | policy: T6129: add route-map option "as-path exclude all" | Christian Breunig | |
Remove all AS numbers from the AS_PATH of the BGP path's NLRI. set policy route-map <name> rule <rule> set as-path exclude all | |||
2024-03-16 | Merge pull request #3112 from Ingramz/add-rtsp-2 | Christian Breunig | |
conntrack: T4022: add RTSP conntrack helper | |||
2024-03-12 | radvd: T6118: add nat64prefix support RFC8781 | Christian Breunig | |
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96 | |||
2024-03-12 | conntrack: T4022: add RTSP conntrack helper | Indrek Ardel | |
2024-03-11 | T5872: re-write exit hook to always regenerate config | Lucas Christian | |
2024-03-10 | T5872: ipsec remote access VPN: support dhcp-interface. | Lucas Christian | |
2024-03-10 | Merge pull request #3113 from c-po/firewall-T6071 | Daniil Baturin | |
firewall: T6071: truncate rule description field to 255 characters | |||
2024-03-10 | firewall: T6071: truncate rule description field to 255 characters | Christian Breunig | |
2024-03-10 | xml: T5738: lower maximum description to 255 characters | Christian Breunig | |
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field. | |||
2024-03-07 | Merge pull request #2966 from HollyGurza/T6020 | Daniil Baturin | |
vrrp: T6020: vrrp health-check script not applied correctly | |||
2024-03-07 | snmp: T2998: SNMP v3 oid "exclude" option fix | Nataliia Solomko | |
2024-03-05 | T6061: fix rule parsing when connection-status is used | Nicolas Fort | |
2024-03-04 | Merge pull request #3078 from c-po/ospfv3-isis-T6087 | Daniil Baturin | |
ospfv3: T6087: add support to redistribute IS-IS routes | |||
2024-03-04 | Merge pull request #3077 from c-po/ethtool | Daniil Baturin | |
vyos.ethtool: T6083: use JSON input data #2 | |||
2024-03-04 | T6086: NAT: fix nat rules when using source-groups and translation address ↵ | Nicolas Fort | |
is a network. | |||
2024-03-03 | ospfv3: T6087: add support to redistribute IS-IS routes | Christian Breunig | |
2024-03-03 | smoketest: T4977: ospf: include babel in redistribution tests | Christian Breunig | |
2024-03-03 | vyos.ethtool: T6083: use JSON input data for ethernet interface flow-control ↵ | Christian Breunig | |
settings | |||
2024-03-02 | Merge pull request #3073 from c-po/ospfv3-redistribution-T5717 | Christian Breunig | |
ospfv3: allow metric and metric-type on redistributed routes | |||
2024-03-02 | ospfv3: T5717: allow metric and metric-type on redistributed routes | Christian Breunig | |
Example: vyos@vyos# set protocols ospfv3 redistribute bgp Possible completions: metric OSPF default metric metric-type OSPF metric type for default routes (default: 2) route-map Specify route-map name to use | |||
2024-03-01 | vyos.ethtool: T6083: use JSON input data for ring-buffer methods | Christian Breunig | |