From 15094c978ca54301840ff253cfbd974e41578164 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 31 Jan 2021 10:14:04 +0100 Subject: smoketest: configs: cleanup --- smoketest/configs/bgp-ixp | 218 --- smoketest/configs/bgp-small-as | 683 +++++++++ smoketest/configs/bgp-small-internet-exchange | 218 +++ smoketest/configs/dialup-router-complex | 1662 +++++++++++++++++++++ smoketest/configs/dmz-guest-lan-nat-pppoe-router | 1663 ---------------------- smoketest/configs/ospf-config | 120 -- smoketest/configs/ospf-small | 120 ++ smoketest/configs/pppoe-client | 62 - smoketest/configs/small-as-bgp-vrrp | 683 --------- 9 files changed, 2683 insertions(+), 2746 deletions(-) delete mode 100644 smoketest/configs/bgp-ixp create mode 100644 smoketest/configs/bgp-small-as create mode 100644 smoketest/configs/bgp-small-internet-exchange create mode 100644 smoketest/configs/dialup-router-complex delete mode 100644 smoketest/configs/dmz-guest-lan-nat-pppoe-router delete mode 100644 smoketest/configs/ospf-config create mode 100644 smoketest/configs/ospf-small delete mode 100644 smoketest/configs/pppoe-client delete mode 100644 smoketest/configs/small-as-bgp-vrrp (limited to 'smoketest/configs') diff --git a/smoketest/configs/bgp-ixp b/smoketest/configs/bgp-ixp deleted file mode 100644 index de6213b50..000000000 --- a/smoketest/configs/bgp-ixp +++ /dev/null @@ -1,218 +0,0 @@ -interfaces { - ethernet eth0 { - address 192.0.2.100/25 - address 2001:db8:aaaa::ffff/64 - } - ethernet eth1 { - address 192.0.2.200/25 - address 2001:db8:bbbb::ffff/64 - } - loopback lo { - } -} -policy { - prefix-list IX-out-v4 { - rule 10 { - action permit - prefix 10.0.0.0/23 - } - rule 20 { - action permit - prefix 10.0.128.0/23 - } - } - prefix-list6 IX-out-v6 { - rule 10 { - action permit - prefix 2001:db8:100::/40 - } - rule 20 { - action permit - prefix 2001:db8:200::/40 - } - } - route-map IX-out-v4 { - rule 10 { - action permit - match { - ip { - address { - prefix-list IX-out-v4 - } - } - } - } - } - route-map IX-out-v6 { - rule 10 { - action permit - match { - ipv6 { - address { - prefix-list IX-out-v6 - } - } - } - } - } -} -protocols { - bgp 65000 { - address-family { - ipv4-unicast { - network 10.0.0.0/23 { - } - network 10.0.128.0/23 { - } - } - ipv6-unicast { - network 2001:db8:100::/40 { - } - network 2001:db8:200::/40 { - } - } - } - neighbor 192.0.2.1 { - description "Peering: IX-1 (Route Server)" - peer-group IXPeeringIPv4 - remote-as 65020 - } - neighbor 192.0.2.2 { - description "Peering: IX-1 (Route Server)" - peer-group IXPeeringIPv4 - remote-as 65020 - } - neighbor 192.0.2.3 { - description "Peering: IX-1 (Route Server)" - peer-group IXPeeringIPv4 - remote-as 65020 - } - neighbor 192.0.2.129 { - description "Peering: IX-2 (Route Server)" - peer-group IXPeeringIPv4 - remote-as 65030 - } - neighbor 192.0.2.130 { - description "Peering: IX-2 (Route Server)" - peer-group IXPeeringIPv4 - remote-as 65030 - } - neighbor 2001:db8:aaaa::1 { - description "Peering: IX-1 (Route Server)" - peer-group IXPeeringIPv6 - remote-as 65020 - } - neighbor 2001:db8:aaaa::2 { - description "Peering: IX-1 (Route Server)" - peer-group IXPeeringIPv6 - remote-as 65020 - } - neighbor 2001:db8:bbbb::1 { - description "Peering: IX-2 (Route Server)" - peer-group IXPeeringIPv6 - remote-as 65030 - } - neighbor 2001:db8:bbbb::2 { - description "Peering: IX-2 (Route Server)" - peer-group IXPeeringIPv6 - remote-as 65030 - } - parameters { - default { - no-ipv4-unicast - } - } - peer-group IXPeeringIPv4 { - address-family { - ipv4-unicast { - route-map { - export IX-out-v4 - } - soft-reconfiguration { - inbound - } - } - } - } - peer-group IXPeeringIPv6 { - address-family { - ipv6-unicast { - route-map { - export IX-out-v6 - } - soft-reconfiguration { - inbound - } - } - } - } - } - static { - route 10.0.0.0/23 { - blackhole { - distance 250 - } - } - route 10.0.128.0/23 { - blackhole { - distance 250 - } - } - route6 2001:db8:100::/40 { - blackhole { - distance 250 - } - } - route6 2001:db8:200::/40 { - blackhole { - distance 250 - } - } - } -} -service { - ssh { - } -} -system { - config-management { - commit-revisions 100 - } - console { - device ttyS0 { - speed 115200 - } - } - host-name vyos - login { - user vyos { - authentication { - encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ - plaintext-password "" - } - } - } - ntp { - server 0.pool.ntp.org { - } - server 1.pool.ntp.org { - } - server 2.pool.ntp.org { - } - } - syslog { - global { - facility all { - level info - } - facility protocols { - level debug - } - } - } -} - - -// Warning: Do not remove the following line. -// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@13:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@19:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1" -// Release version: 1.3-rolling-202010241631 diff --git a/smoketest/configs/bgp-small-as b/smoketest/configs/bgp-small-as new file mode 100644 index 000000000..61286c324 --- /dev/null +++ b/smoketest/configs/bgp-small-as @@ -0,0 +1,683 @@ +firewall { + all-ping enable + broadcast-ping disable + config-trap disable + group { + address-group NET-VYOS-HTTPS-4 { + address 10.0.150.73 + } + ipv6-network-group NET-VYOS-6 { + network 2001:db8:200::/40 + } + network-group NET-VYOS-4 { + network 10.0.150.0/23 + network 192.168.189.0/24 + } + port-group MY-NAS-PORTS { + port 80 + port 5000 + port 5001 + port 6022 + port 9443 + } + } + ipv6-name WAN-TO-VLAN15-6 { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + source { + group { + network-group NET-VYOS-6 + } + } + } + rule 1010 { + action accept + destination { + address 2001:db8:200:15::a + group { + port-group MY-NAS-PORTS + } + } + protocol tcp + } + } + ipv6-receive-redirects disable + ipv6-src-route disable + ip-src-route disable + log-martians enable + name WAN-TO-VLAN15-4 { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + source { + group { + network-group NET-VYOS-4 + } + } + } + rule 1000 { + action accept + destination { + group { + address-group NET-VYOS-HTTPS-4 + } + port 80,443 + } + protocol tcp + } + rule 1010 { + action accept + destination { + address 10.0.150.74 + group { + port-group MY-NAS-PORTS + } + } + protocol tcp + } + } + receive-redirects disable + send-redirects enable + source-validation disable + syn-cookies enable + twa-hazards-protection disable +} +high-availability { + vrrp { + group VLAN5-IPv4 { + interface eth0.5 + preempt-delay 180 + priority 250 + virtual-address 10.0.150.120/28 + vrid 5 + } + group VLAN5-IPv6 { + interface eth0.5 + preempt-delay 180 + priority 250 + virtual-address 2001:db8:200:f0::ffff/64 + vrid 6 + } + group VLAN10-IPv4 { + interface eth0.10 + preempt-delay 180 + priority 250 + virtual-address 10.0.150.62/26 + vrid 10 + } + group VLAN10-IPv6 { + interface eth0.10 + preempt-delay 180 + priority 250 + virtual-address 2001:db8:200:10::ffff/64 + virtual-address 2001:db8:200::ffff/64 + vrid 11 + } + group VLAN15-IPv4 { + interface eth0.15 + preempt-delay 180 + priority 250 + virtual-address 10.0.150.78/28 + vrid 15 + } + group VLAN15-IPv6 { + interface eth0.15 + preempt-delay 180 + priority 250 + virtual-address 2001:db8:200:15::ffff/64 + vrid 16 + } + group VLAN500-IPv4 { + interface eth0.500 + preempt-delay 180 + priority 250 + virtual-address 10.0.151.238/28 + vrid 238 + } + group VLAN500-IPv6 { + interface eth0.500 + preempt-delay 180 + priority 250 + virtual-address 2001:db8:200:50::ffff/64 + vrid 239 + } + group VLAN520-IPv4 { + interface eth0.520 + preempt-delay 180 + priority 250 + virtual-address 10.0.150.190/28 + vrid 52 + } + group VLAN520-IPv6 { + interface eth0.520 + preempt-delay 180 + priority 250 + virtual-address 2001:db8:200:520::ffff/64 + vrid 53 + } + group VLAN810-IPv4 { + interface eth0.810 + preempt-delay 180 + priority 250 + virtual-address 10.0.151.30/27 + vrid 80 + } + group VLAN810-IPv6 { + interface eth0.810 + preempt-delay 180 + priority 250 + virtual-address 2001:db8:200:102::ffff/64 + vrid 81 + } + sync-group VYOS { + member VLAN5-IPv4 + member VLAN5-IPv6 + member VLAN10-IPv4 + member VLAN10-IPv6 + member VLAN500-IPv4 + member VLAN500-IPv6 + member VLAN15-IPv4 + member VLAN15-IPv6 + member VLAN810-IPv6 + member VLAN810-IPv4 + member VLAN520-IPv4 + member VLAN520-IPv6 + } + } +} +interfaces { + dummy dum0 { + address 2001:db8:200:ffff::2/128 + address 10.0.151.251/32 + } + ethernet eth0 { + vif 5 { + address 10.0.150.121/28 + address 2001:db8:200:f0::4/64 + ip { + ospf { + authentication { + md5 { + key-id 10 { + md5-key vyosospfkey + } + } + } + cost 10 + dead-interval 40 + hello-interval 10 + network broadcast + priority 200 + retransmit-interval 5 + transmit-delay 5 + } + } + } + vif 10 { + address 2001:db8:200:10::1:ffff/64 + address 2001:db8:200::1:ffff/64 + address 10.0.150.60/26 + } + vif 15 { + address 10.0.150.76/28 + address 2001:db8:200:15::1:ffff/64 + firewall { + out { + ipv6-name WAN-TO-VLAN15-6 + name WAN-TO-VLAN15-4 + } + } + } + vif 50 { + address 192.168.189.2/24 + } + vif 110 { + address 2001:db8:200:101::ffff/64 + address 10.0.151.190/27 + address 10.0.151.158/28 + } + vif 410 { + address 10.0.151.206/28 + address 2001:db8:200:104::ffff/64 + } + vif 450 { + address 2001:db8:200:103::ffff/64 + address 10.0.151.142/29 + disable + } + vif 500 { + address 10.0.151.236/28 + address 2001:db8:200:50::1:ffff/64 + } + vif 520 { + address 10.0.150.188/26 + address 2001:db8:200:520::1:ffff/64 + } + vif 800 { + address 2001:db8:200:ff::104:1/112 + address 10.0.151.212/31 + } + vif 810 { + address 10.0.151.28/27 + address 2001:db8:200:102::1:ffff/64 + } + } + ethernet eth1 { + } + loopback lo { + } +} +policy { + prefix-list as65000-origin-v4 { + rule 10 { + action permit + prefix 10.0.150.0/23 + } + rule 100 { + action permit + prefix 0.0.0.0/0 + } + } + prefix-list6 as65000-origin-v6 { + rule 10 { + action permit + prefix 2001:db8:200::/40 + } + } + route-map as65010-in { + rule 10 { + action permit + set { + local-preference 30 + } + } + } + route-map as65010-out { + rule 10 { + action permit + set { + as-path-prepend "65000 65000" + } + } + } +} +protocols { + bgp 65000 { + address-family { + ipv4-unicast { + network 10.0.150.0/23 { + } + } + ipv6-unicast { + network 2001:db8:200::/40 { + } + } + } + neighbor 10.0.151.222 { + address-family { + ipv4-unicast { + default-originate { + } + prefix-list { + export as65000-origin-v4 + } + route-map { + export as65010-out + import as65010-in + } + soft-reconfiguration { + inbound + } + } + } + capability { + dynamic + } + remote-as 65010 + } + neighbor 10.0.151.252 { + peer-group VYOSv4 + } + neighbor 10.0.151.254 { + peer-group VYOSv4 + } + neighbor 2001:db8:200:ffff::3 { + peer-group VYOSv6 + } + neighbor 2001:db8:200:ffff::a { + peer-group VYOSv6 + } + neighbor 2001:db8:200:ff::101:2 { + address-family { + ipv6-unicast { + capability { + dynamic + } + prefix-list { + export as65000-origin-v6 + } + route-map { + import as65010-in + } + soft-reconfiguration { + inbound + } + } + } + remote-as 65010 + } + parameters { + default { + no-ipv4-unicast + } + log-neighbor-changes + router-id 10.0.151.251 + } + peer-group VYOSv4 { + address-family { + ipv4-unicast { + nexthop-self { + } + } + } + capability { + dynamic + } + remote-as 65000 + update-source dum0 + } + peer-group VYOSv6 { + address-family { + ipv6-unicast { + nexthop-self { + } + } + } + capability { + dynamic + } + remote-as 65000 + update-source dum0 + } + timers { + holdtime 30 + keepalive 10 + } + } + ospf { + area 0 { + area-type { + normal + } + authentication md5 + network 10.0.151.251/32 + network 10.0.151.208/31 + network 10.0.150.112/28 + } + parameters { + abr-type cisco + router-id 10.0.151.251 + } + passive-interface default + passive-interface-exclude dum0 + passive-interface-exclude eth0.5 + redistribute { + connected { + metric-type 2 + } + static { + metric-type 2 + } + } + } + ospfv3 { + area 0.0.0.0 { + interface dum0 + interface eth0.5 + } + parameters { + router-id 10.0.151.251 + } + redistribute { + connected { + } + static { + } + } + } + static { + route 10.0.0.0/8 { + MY-NAS { + distance 254 + } + } + route 172.16.0.0/12 { + MY-NAS { + distance 254 + } + } + route 192.168.0.0/16 { + MY-NAS { + distance 254 + } + } + route 193.148.249.144/32 { + next-hop 192.168.189.1 { + } + } + route 10.0.150.0/23 { + MY-NAS { + distance 254 + } + } + route 10.0.151.32/27 { + next-hop 10.0.151.5 { + } + } + route6 2001:db8:2fe:ffff::/64 { + next-hop 2001:db8:200:102::4 { + } + } + route6 2001:db8:2ff::/48 { + next-hop 2001:db8:200:101::1 { + } + } + route6 2001:db8:200::/40 { + MY-NAS { + distance 254 + } + } + } +} +service { + dhcp-server { + shared-network-name NET-VYOS-DHCP-1 { + subnet 10.0.151.224/28 { + default-router 10.0.151.238 + dns-server 10.0.150.2 + dns-server 10.0.150.1 + domain-name vyos.net + failover { + local-address 10.0.151.236 + name NET-VYOS-DHCP-1 + peer-address 10.0.151.237 + status primary + } + lease 1800 + range 0 { + start 10.0.151.225 + stop 10.0.151.237 + } + } + } + shared-network-name NET-VYOS-HOSTING-1 { + subnet 10.0.150.128/26 { + default-router 10.0.150.190 + dns-server 10.0.150.2 + dns-server 10.0.150.1 + domain-name vyos.net + failover { + local-address 10.0.150.188 + name NET-VYOS-HOSTING-1 + peer-address 10.0.150.189 + status primary + } + lease 604800 + range 0 { + start 10.0.150.129 + stop 10.0.150.187 + } + } + } + } + lldp { + interface all { + } + management-address 10.0.151.251 + snmp { + enable + } + } + router-advert { + interface eth4.500 { + default-preference high + name-server 2001:db8:200::1 + name-server 2001:db8:200::2 + prefix 2001:db8:200:50::/64 { + valid-lifetime infinity + } + } + interface eth4.520 { + default-preference high + name-server 2001:db8:200::1 + name-server 2001:db8:200::2 + prefix 2001:db8:200:520::/64 { + valid-lifetime infinity + } + } + } + snmp { + community public { + network 10.0.150.0/26 + network 2001:db8:200:10::/64 + } + contact noc@vyos.net + listen-address 10.0.151.251 { + } + listen-address 2001:db8:200:ffff::2 { + } + location "Jenkins" + } + ssh { + disable-host-validation + listen-address 10.0.151.251 + listen-address 2001:db8:200:ffff::2 + listen-address 192.168.189.2 + loglevel fatal + port 22 + } +} +system { + config-management { + commit-revisions 200 + } + console { + device ttyS0 { + speed 115200 + } + } + domain-name vyos.net + host-name vyos + login { + banner { + pre-login "VyOS - Network\n" + } + radius { + server 192.0.2.1 { + key SuperS3cretRADIUSkey + timeout 1 + } + server 192.0.2.2 { + key SuperS3cretRADIUSkey + timeout 1 + } + source-address 192.0.2.254 + } + user vyos { + authentication { + encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0 + plaintext-password "" + } + } + } + name-server 192.0.2.1 + name-server 192.0.2.2 + name-server 2001:db8:200::1 + name-server 2001:db8:200::2 + ntp { + allow-clients { + address 10.0.150.0/23 + address 2001:db8:200::/40 + } + listen-address 10.0.151.251 + listen-address 2001:db8:200:ffff::2 + server 0.de.pool.ntp.org { + } + server 1.de.pool.ntp.org { + } + server 2.de.pool.ntp.org { + } + } + syslog { + global { + facility all { + level notice + } + facility protocols { + level debug + } + } + host 10.0.150.26 { + facility all { + level all + } + } + } + time-zone Europe/Berlin +} + + +// Warning: Do not remove the following line. +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.3-beta-202101151942 diff --git a/smoketest/configs/bgp-small-internet-exchange b/smoketest/configs/bgp-small-internet-exchange new file mode 100644 index 000000000..de6213b50 --- /dev/null +++ b/smoketest/configs/bgp-small-internet-exchange @@ -0,0 +1,218 @@ +interfaces { + ethernet eth0 { + address 192.0.2.100/25 + address 2001:db8:aaaa::ffff/64 + } + ethernet eth1 { + address 192.0.2.200/25 + address 2001:db8:bbbb::ffff/64 + } + loopback lo { + } +} +policy { + prefix-list IX-out-v4 { + rule 10 { + action permit + prefix 10.0.0.0/23 + } + rule 20 { + action permit + prefix 10.0.128.0/23 + } + } + prefix-list6 IX-out-v6 { + rule 10 { + action permit + prefix 2001:db8:100::/40 + } + rule 20 { + action permit + prefix 2001:db8:200::/40 + } + } + route-map IX-out-v4 { + rule 10 { + action permit + match { + ip { + address { + prefix-list IX-out-v4 + } + } + } + } + } + route-map IX-out-v6 { + rule 10 { + action permit + match { + ipv6 { + address { + prefix-list IX-out-v6 + } + } + } + } + } +} +protocols { + bgp 65000 { + address-family { + ipv4-unicast { + network 10.0.0.0/23 { + } + network 10.0.128.0/23 { + } + } + ipv6-unicast { + network 2001:db8:100::/40 { + } + network 2001:db8:200::/40 { + } + } + } + neighbor 192.0.2.1 { + description "Peering: IX-1 (Route Server)" + peer-group IXPeeringIPv4 + remote-as 65020 + } + neighbor 192.0.2.2 { + description "Peering: IX-1 (Route Server)" + peer-group IXPeeringIPv4 + remote-as 65020 + } + neighbor 192.0.2.3 { + description "Peering: IX-1 (Route Server)" + peer-group IXPeeringIPv4 + remote-as 65020 + } + neighbor 192.0.2.129 { + description "Peering: IX-2 (Route Server)" + peer-group IXPeeringIPv4 + remote-as 65030 + } + neighbor 192.0.2.130 { + description "Peering: IX-2 (Route Server)" + peer-group IXPeeringIPv4 + remote-as 65030 + } + neighbor 2001:db8:aaaa::1 { + description "Peering: IX-1 (Route Server)" + peer-group IXPeeringIPv6 + remote-as 65020 + } + neighbor 2001:db8:aaaa::2 { + description "Peering: IX-1 (Route Server)" + peer-group IXPeeringIPv6 + remote-as 65020 + } + neighbor 2001:db8:bbbb::1 { + description "Peering: IX-2 (Route Server)" + peer-group IXPeeringIPv6 + remote-as 65030 + } + neighbor 2001:db8:bbbb::2 { + description "Peering: IX-2 (Route Server)" + peer-group IXPeeringIPv6 + remote-as 65030 + } + parameters { + default { + no-ipv4-unicast + } + } + peer-group IXPeeringIPv4 { + address-family { + ipv4-unicast { + route-map { + export IX-out-v4 + } + soft-reconfiguration { + inbound + } + } + } + } + peer-group IXPeeringIPv6 { + address-family { + ipv6-unicast { + route-map { + export IX-out-v6 + } + soft-reconfiguration { + inbound + } + } + } + } + } + static { + route 10.0.0.0/23 { + blackhole { + distance 250 + } + } + route 10.0.128.0/23 { + blackhole { + distance 250 + } + } + route6 2001:db8:100::/40 { + blackhole { + distance 250 + } + } + route6 2001:db8:200::/40 { + blackhole { + distance 250 + } + } + } +} +service { + ssh { + } +} +system { + config-management { + commit-revisions 100 + } + console { + device ttyS0 { + speed 115200 + } + } + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + } + } + ntp { + server 0.pool.ntp.org { + } + server 1.pool.ntp.org { + } + server 2.pool.ntp.org { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } +} + + +// Warning: Do not remove the following line. +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@13:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@19:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1" +// Release version: 1.3-rolling-202010241631 diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex new file mode 100644 index 000000000..fef79ea56 --- /dev/null +++ b/smoketest/configs/dialup-router-complex @@ -0,0 +1,1662 @@ +firewall { + all-ping enable + broadcast-ping disable + config-trap disable + group { + address-group MEDIA-STREAMING-CLIENTS { + address 172.16.35.241 + address 172.16.35.242 + address 172.16.35.243 + } + address-group DMZ-WEBSERVER { + address 172.16.36.10 + address 172.16.36.40 + address 172.16.36.20 + } + address-group DMZ-RDP-SERVER { + address 172.16.33.40 + } + address-group DOMAIN-CONTROLLER { + address 172.16.100.10 + address 172.16.100.20 + } + address-group AUDIO-STREAM { + address 172.16.35.20 + address 172.16.35.21 + address 172.16.35.22 + address 172.16.35.23 + } + ipv6-network-group LOCAL-ADDRESSES { + network ff02::/64 + network fe80::/10 + } + network-group SSH-IN-ALLOW { + network 192.0.2.0/24 + network 10.0.0.0/8 + network 172.16.0.0/12 + network 192.168.0.0/16 + } + port-group SMART-TV-PORTS { + port 5005-5006 + port 80 + port 443 + port 3722 + } + } + ipv6-name ALLOW-ALL-6 { + default-action accept + } + ipv6-name ALLOW-BASIC-6 { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + state { + invalid enable + } + } + rule 10 { + action accept + protocol icmpv6 + } + } + ipv6-name ALLOW-ESTABLISHED-6 { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + state { + invalid enable + } + } + rule 10 { + action accept + destination { + group { + network-group LOCAL-ADDRESSES + } + } + protocol icmpv6 + source { + address fe80::/10 + } + } + rule 20 { + action accept + icmpv6 { + type echo-request + } + protocol icmpv6 + } + rule 21 { + action accept + icmpv6 { + type destination-unreachable + } + protocol icmpv6 + } + rule 22 { + action accept + icmpv6 { + type packet-too-big + } + protocol icmpv6 + } + rule 23 { + action accept + icmpv6 { + type time-exceeded + } + protocol icmpv6 + } + rule 24 { + action accept + icmpv6 { + type parameter-problem + } + protocol icmpv6 + } + } + ipv6-name WAN-LOCAL-6 { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + state { + invalid enable + } + } + rule 10 { + action accept + destination { + address ff02::/64 + } + protocol icmpv6 + source { + address fe80::/10 + } + } + rule 50 { + action accept + description DHCPv6 + destination { + address fe80::/10 + port 546 + } + protocol udp + source { + address fe80::/10 + port 547 + } + } + } + ipv6-receive-redirects disable + ipv6-src-route disable + ip-src-route disable + log-martians enable + name DMZ-GUEST { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + } + name DMZ-LAN { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + description "NTP and LDAP to AD DC" + destination { + group { + address-group DOMAIN-CONTROLLER + } + port 123,389,636 + } + protocol tcp_udp + } + rule 300 { + action accept + destination { + group { + address-group DMZ-RDP-SERVER + } + port 3389 + } + protocol tcp_udp + source { + address 172.16.36.20 + } + } + } + name DMZ-LOCAL { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 50 { + action accept + destination { + address 172.16.254.30 + port 53 + } + protocol tcp_udp + } + rule 123 { + action accept + destination { + port 123 + } + protocol udp + } + } + name DMZ-WAN { + default-action accept + } + name GUEST-DMZ { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + destination { + port 80,443 + } + protocol tcp + } + } + name GUEST-IOT { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + description "MEDIA-STREAMING-CLIENTS Devices to GUEST" + destination { + group { + address-group MEDIA-STREAMING-CLIENTS + } + } + protocol tcp_udp + } + rule 110 { + action accept + description "AUDIO-STREAM Devices to GUEST" + destination { + group { + address-group AUDIO-STREAM + } + } + protocol tcp_udp + } + rule 200 { + action accept + description "MCAST relay" + destination { + address 224.0.0.251 + port 5353 + } + protocol udp + } + rule 300 { + action accept + description "BCAST relay" + destination { + port 1900 + } + protocol udp + } + } + name GUEST-LAN { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + } + name GUEST-LOCAL { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 10 { + action accept + description DNS + destination { + address 172.31.0.254 + port 53 + } + protocol tcp_udp + } + rule 11 { + action accept + description DHCP + destination { + port 67 + } + protocol udp + } + rule 15 { + action accept + destination { + address 172.31.0.254 + } + protocol icmp + } + rule 200 { + action accept + description "MCAST relay" + destination { + address 224.0.0.251 + port 5353 + } + protocol udp + } + rule 210 { + action accept + description "AUDIO-STREAM Broadcast" + destination { + port 1900 + } + protocol udp + } + } + name GUEST-WAN { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 25 { + action accept + description SMTP + destination { + port 25,587 + } + protocol tcp + } + rule 53 { + action accept + destination { + port 53 + } + protocol tcp_udp + } + rule 60 { + action accept + source { + address 172.31.0.200 + } + } + rule 80 { + action accept + source { + address 172.31.0.200 + } + } + rule 100 { + action accept + protocol icmp + } + rule 110 { + action accept + description POP3 + destination { + port 110,995 + } + protocol tcp + } + rule 123 { + action accept + description "NTP Client" + destination { + port 123 + } + protocol udp + } + rule 143 { + action accept + description IMAP + destination { + port 143,993 + } + protocol tcp + } + rule 200 { + action accept + destination { + port 80,443 + } + protocol tcp + } + rule 500 { + action accept + description "L2TP IPSec" + destination { + port 500,4500 + } + protocol udp + } + rule 600 { + action accept + destination { + port 5222-5224 + } + protocol tcp + } + rule 601 { + action accept + destination { + port 3478-3497,4500,16384-16387,16393-16402 + } + protocol udp + } + rule 1000 { + action accept + source { + address 172.31.0.184 + } + } + } + name IOT-GUEST { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + description "MEDIA-STREAMING-CLIENTS Devices to IOT" + protocol tcp_udp + source { + group { + address-group MEDIA-STREAMING-CLIENTS + } + } + } + rule 110 { + action accept + description "AUDIO-STREAM Devices to IOT" + protocol tcp_udp + source { + group { + address-group AUDIO-STREAM + } + } + } + rule 200 { + action accept + description "MCAST relay" + destination { + address 224.0.0.251 + port 5353 + } + protocol udp + } + rule 300 { + action accept + description "BCAST relay" + destination { + port 1900 + } + protocol udp + } + } + name IOT-LAN { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + description "AppleTV to LAN" + destination { + group { + port-group SMART-TV-PORTS + } + } + protocol tcp_udp + source { + group { + address-group MEDIA-STREAMING-CLIENTS + } + } + } + rule 110 { + action accept + description "AUDIO-STREAM Devices to LAN" + protocol tcp_udp + source { + group { + address-group AUDIO-STREAM + } + } + } + } + name IOT-LOCAL { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 10 { + action accept + description DNS + destination { + address 172.16.254.30 + port 53 + } + protocol tcp_udp + } + rule 11 { + action accept + description DHCP + destination { + port 67 + } + protocol udp + } + rule 15 { + action accept + destination { + address 172.16.35.254 + } + protocol icmp + } + rule 200 { + action accept + description "MCAST relay" + destination { + address 224.0.0.251 + port 5353 + } + protocol udp + } + rule 201 { + action accept + description "MCAST relay" + destination { + address 172.16.35.254 + port 5353 + } + protocol udp + } + rule 210 { + action accept + description "AUDIO-STREAM Broadcast" + destination { + port 1900,1902,6969 + } + protocol udp + } + } + name IOT-WAN { + default-action accept + } + name LAN-DMZ { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 22 { + action accept + description "SSH into DMZ" + destination { + port 22 + } + protocol tcp + } + rule 100 { + action accept + destination { + group { + address-group DMZ-WEBSERVER + } + port 22,80,443 + } + protocol tcp + } + } + name LAN-GUEST { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + } + name LAN-IOT { + default-action accept + } + name LAN-LOCAL { + default-action accept + } + name LAN-WAN { + default-action accept + } + name LOCAL-DMZ { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + } + name LOCAL-GUEST { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 5 { + action accept + protocol icmp + } + rule 200 { + action accept + description "MCAST relay" + destination { + address 224.0.0.251 + port 5353 + } + protocol udp + } + rule 300 { + action accept + description "BCAST relay" + destination { + port 1900 + } + protocol udp + } + } + name LOCAL-IOT { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 5 { + action accept + protocol icmp + } + rule 200 { + action accept + description "MCAST relay" + destination { + address 224.0.0.251 + port 5353 + } + protocol udp + } + rule 300 { + action accept + description "BCAST relay" + destination { + port 1900,6969 + } + protocol udp + } + } + name LOCAL-LAN { + default-action accept + } + name LOCAL-WAN { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 10 { + action accept + protocol icmp + } + rule 50 { + action accept + description DNS + destination { + port 53 + } + protocol tcp_udp + } + rule 80 { + action accept + destination { + port 80,443 + } + protocol tcp + } + rule 123 { + action accept + description NTP + destination { + port 123 + } + protocol udp + } + } + name WAN-DMZ { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 100 { + action accept + destination { + address 172.16.36.10 + port 80,443 + } + protocol tcp + } + } + name WAN-GUEST { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 1000 { + action accept + destination { + address 172.31.0.184 + } + } + rule 8000 { + action accept + destination { + address 172.31.0.200 + port 10000 + } + protocol udp + } + } + name WAN-IOT { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + } + name WAN-LAN { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 1000 { + action accept + destination { + address 172.16.33.40 + port 3389 + } + protocol tcp + source { + group { + network-group SSH-IN-ALLOW + } + } + } + } + name WAN-LOCAL { + default-action drop + enable-default-log + rule 1 { + action accept + state { + established enable + related enable + } + } + rule 2 { + action drop + log enable + state { + invalid enable + } + } + rule 22 { + action accept + destination { + port 22 + } + protocol tcp + source { + group { + network-group SSH-IN-ALLOW + } + } + } + } + options { + interface pppoe0 { + adjust-mss 1452 + adjust-mss6 1432 + } + } + receive-redirects disable + send-redirects enable + source-validation disable + syn-cookies enable + twa-hazards-protection disable +} +interfaces { + dummy dum0 { + address 172.16.254.30/32 + } + ethernet eth0 { + duplex auto + speed auto + vif 5 { + address 172.16.37.254/24 + } + vif 10 { + address 172.16.33.254/24 + } + vif 20 { + address 172.31.0.254/24 + } + vif 35 { + address 172.16.35.254/24 + } + vif 50 { + address 172.16.36.254/24 + } + vif 100 { + address 172.16.100.254/24 + } + vif 201 { + address 172.18.201.254/24 + } + vif 202 { + address 172.18.202.254/24 + } + vif 203 { + address 172.18.203.254/24 + } + vif 204 { + address 172.18.204.254/24 + } + } + ethernet eth1 { + vif 7 { + description FTTH-PPPoE + } + } + loopback lo { + address 172.16.254.30/32 + } + pppoe pppoe0 { + authentication { + password vyos + user vyos + } + default-route auto + description "FTTH 100/50MBit" + dhcpv6-options { + pd 0 { + interface eth0.10 { + address 1 + sla-id 10 + } + interface eth0.20 { + address 1 + sla-id 20 + } + length 56 + } + } + ipv6 { + address { + autoconf + } + } + mtu 1492 + no-peer-dns + source-interface eth1.7 + } +} +nat { + destination { + rule 100 { + description HTTP(S) + destination { + port 80,443 + } + inbound-interface pppoe0 + log + protocol tcp + translation { + address 172.16.36.10 + } + } + rule 1000 { + destination { + port 3389 + } + disable + inbound-interface pppoe0 + protocol tcp + translation { + address 172.16.33.40 + } + } + rule 8000 { + destination { + port 10000 + } + inbound-interface pppoe0 + log + protocol udp + translation { + address 172.31.0.200 + } + } + } + source { + rule 100 { + log + outbound-interface pppoe0 + source { + address 172.16.32.0/19 + } + translation { + address masquerade + } + } + rule 200 { + outbound-interface pppoe0 + source { + address 172.16.100.0/24 + } + translation { + address masquerade + } + } + rule 300 { + outbound-interface pppoe0 + source { + address 172.31.0.0/24 + } + translation { + address masquerade + } + } + rule 400 { + outbound-interface pppoe0 + source { + address 172.18.200.0/21 + } + translation { + address masquerade + } + } + } +} +protocols { + static { + interface-route6 2000::/3 { + next-hop-interface pppoe0 { + } + } + route 10.0.0.0/8 { + blackhole { + distance 254 + } + } + route 169.254.0.0/16 { + blackhole { + distance 254 + } + } + route 172.16.0.0/12 { + blackhole { + distance 254 + } + } + route 192.168.0.0/16 { + blackhole { + distance 254 + } + } + } +} +service { + dhcp-server { + shared-network-name BACKBONE { + authoritative + subnet 172.16.37.0/24 { + default-router 172.16.37.254 + dns-server 172.16.254.30 + domain-name vyos.net + domain-search vyos.net + lease 86400 + ntp-server 172.16.254.30 + range 0 { + start 172.16.37.120 + stop 172.16.37.149 + } + static-mapping AP1.wue3 { + ip-address 172.16.37.231 + mac-address 18:e8:29:6c:c3:a5 + } + } + } + shared-network-name GUEST { + authoritative + subnet 172.31.0.0/24 { + default-router 172.31.0.254 + dns-server 172.31.0.254 + domain-name vyos.net + domain-search vyos.net + lease 86400 + range 0 { + start 172.31.0.100 + stop 172.31.0.199 + } + static-mapping host01 { + ip-address 172.31.0.200 + mac-address 00:50:00:00:00:01 + } + static-mapping host02 { + ip-address 172.31.0.184 + mac-address 00:50:00:00:00:02 + } + } + } + shared-network-name IOT { + authoritative + subnet 172.16.35.0/24 { + default-router 172.16.35.254 + dns-server 172.16.254.30 + domain-name vyos.net + domain-search vyos.net + lease 86400 + ntp-server 172.16.254.30 + range 0 { + start 172.16.35.101 + stop 172.16.35.149 + } + } + } + shared-network-name LAN { + authoritative + subnet 172.16.33.0/24 { + default-router 172.16.33.254 + dns-server 172.16.254.30 + domain-name vyos.net + domain-search vyos.net + lease 86400 + ntp-server 172.16.254.30 + range 0 { + start 172.16.33.100 + stop 172.16.33.189 + } + } + } + } + dns { + forwarding { + allow-from 172.16.0.0/12 + cache-size 0 + domain 16.172.in-addr.arpa { + addnta + recursion-desired + server 172.16.100.10 + server 172.16.100.20 + server 172.16.110.30 + } + domain 18.172.in-addr.arpa { + addnta + recursion-desired + server 172.16.100.10 + server 172.16.100.20 + server 172.16.110.30 + } + domain vyos.net { + addnta + recursion-desired + server 172.16.100.20 + server 172.16.100.10 + server 172.16.110.30 + } + ignore-hosts-file + listen-address 172.16.254.30 + listen-address 172.31.0.254 + negative-ttl 60 + } + } + lldp { + legacy-protocols { + cdp + } + snmp { + enable + } + } + mdns { + repeater { + interface eth0.35 + interface eth0.10 + } + } + router-advert { + interface eth0.10 { + prefix ::/64 { + preferred-lifetime 2700 + valid-lifetime 5400 + } + } + interface eth0.20 { + prefix ::/64 { + preferred-lifetime 2700 + valid-lifetime 5400 + } + } + } + snmp { + community fooBar { + authorization ro + network 172.16.100.0/24 + } + contact "VyOS maintainers and contributors " + listen-address 172.16.254.30 { + port 161 + } + location "The Internet" + } + ssh { + disable-host-validation + port 22 + } +} +system { + config-management { + commit-revisions 200 + } + conntrack { + expect-table-size 2048 + hash-size 32768 + modules { + sip { + disable + } + } + table-size 262144 + timeout { + icmp 30 + other 600 + udp { + other 300 + stream 300 + } + } + } + console { + device ttyS0 { + speed 115200 + } + } + domain-name vyos.net + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + } + } + name-server 172.16.254.30 + ntp { + allow-clients { + address 172.16.0.0/12 + } + server 0.pool.ntp.org { + } + server 1.pool.ntp.org { + } + server 2.pool.ntp.org { + } + } + option { + ctrl-alt-delete ignore + reboot-on-panic + startup-beep + } + syslog { + global { + facility all { + level debug + } + facility protocols { + level debug + } + } + host 172.16.100.1 { + facility all { + level warning + } + } + } + time-zone Europe/Berlin +} +traffic-policy { + shaper QoS { + bandwidth 50mbit + default { + bandwidth 100% + burst 15k + queue-limit 1000 + queue-type fq-codel + } + } +} +zone-policy { + zone DMZ { + default-action drop + from GUEST { + firewall { + name GUEST-DMZ + } + } + from LAN { + firewall { + name LAN-DMZ + } + } + from LOCAL { + firewall { + name LOCAL-DMZ + } + } + from WAN { + firewall { + name WAN-DMZ + } + } + interface eth0.50 + } + zone GUEST { + default-action drop + from DMZ { + firewall { + name DMZ-GUEST + } + } + from IOT { + firewall { + name IOT-GUEST + } + } + from LAN { + firewall { + name LAN-GUEST + } + } + from LOCAL { + firewall { + ipv6-name ALLOW-ALL-6 + name LOCAL-GUEST + } + } + from WAN { + firewall { + ipv6-name ALLOW-ESTABLISHED-6 + name WAN-GUEST + } + } + interface eth0.20 + } + zone IOT { + default-action drop + from GUEST { + firewall { + name GUEST-IOT + } + } + from LAN { + firewall { + name LAN-IOT + } + } + from LOCAL { + firewall { + name LOCAL-IOT + } + } + from WAN { + firewall { + name WAN-IOT + } + } + interface eth0.35 + } + zone LAN { + default-action drop + from DMZ { + firewall { + name DMZ-LAN + } + } + from GUEST { + firewall { + name GUEST-LAN + } + } + from IOT { + firewall { + name IOT-LAN + } + } + from LOCAL { + firewall { + ipv6-name ALLOW-ALL-6 + name LOCAL-LAN + } + } + from WAN { + firewall { + ipv6-name ALLOW-ESTABLISHED-6 + name WAN-LAN + } + } + interface eth0.5 + interface eth0.10 + interface eth0.100 + interface eth0.201 + interface eth0.202 + interface eth0.203 + interface eth0.204 + } + zone LOCAL { + default-action drop + from DMZ { + firewall { + name DMZ-LOCAL + } + } + from GUEST { + firewall { + ipv6-name ALLOW-ESTABLISHED-6 + name GUEST-LOCAL + } + } + from IOT { + firewall { + name IOT-LOCAL + } + } + from LAN { + firewall { + ipv6-name ALLOW-ALL-6 + name LAN-LOCAL + } + } + from WAN { + firewall { + ipv6-name WAN-LOCAL-6 + name WAN-LOCAL + } + } + local-zone + } + zone WAN { + default-action drop + from DMZ { + firewall { + name DMZ-WAN + } + } + from GUEST { + firewall { + ipv6-name ALLOW-ALL-6 + name GUEST-WAN + } + } + from IOT { + firewall { + name IOT-WAN + } + } + from LAN { + firewall { + ipv6-name ALLOW-ALL-6 + name LAN-WAN + } + } + from LOCAL { + firewall { + ipv6-name ALLOW-ALL-6 + name LOCAL-WAN + } + } + interface pppoe0 + } +} + + +// Warning: Do not remove the following line. +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.3-beta-202101091250 diff --git a/smoketest/configs/dmz-guest-lan-nat-pppoe-router b/smoketest/configs/dmz-guest-lan-nat-pppoe-router deleted file mode 100644 index e671126a6..000000000 --- a/smoketest/configs/dmz-guest-lan-nat-pppoe-router +++ /dev/null @@ -1,1663 +0,0 @@ -firewall { - all-ping enable - broadcast-ping disable - config-trap disable - group { - address-group MEDIA-STREAMING-CLIENTS { - address 172.16.35.241 - address 172.16.35.242 - address 172.16.35.243 - } - address-group DMZ-WEBSERVER { - address 172.16.36.10 - address 172.16.36.40 - address 172.16.36.20 - } - address-group DMZ-RDP-SERVER { - address 172.16.33.40 - } - address-group DOMAIN-CONTROLLER { - address 172.16.100.10 - address 172.16.100.20 - } - address-group AUDIO-STREAM { - address 172.16.35.20 - address 172.16.35.21 - address 172.16.35.22 - address 172.16.35.23 - } - ipv6-network-group LOCAL-ADDRESSES { - network ff02::/64 - network fe80::/10 - } - network-group SSH-IN-ALLOW { - network 192.0.2.0/24 - network 10.0.0.0/8 - network 172.16.0.0/12 - network 192.168.0.0/16 - } - port-group SMART-TV-PORTS { - port 5005-5006 - port 80 - port 443 - port 3722 - } - } - ipv6-name ALLOW-ALL-6 { - default-action accept - } - ipv6-name ALLOW-BASIC-6 { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - state { - invalid enable - } - } - rule 10 { - action accept - protocol icmpv6 - } - } - ipv6-name ALLOW-ESTABLISHED-6 { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - state { - invalid enable - } - } - rule 10 { - action accept - destination { - group { - network-group LOCAL-ADDRESSES - } - } - protocol icmpv6 - source { - address fe80::/10 - } - } - rule 20 { - action accept - icmpv6 { - type echo-request - } - protocol icmpv6 - } - rule 21 { - action accept - icmpv6 { - type destination-unreachable - } - protocol icmpv6 - } - rule 22 { - action accept - icmpv6 { - type packet-too-big - } - protocol icmpv6 - } - rule 23 { - action accept - icmpv6 { - type time-exceeded - } - protocol icmpv6 - } - rule 24 { - action accept - icmpv6 { - type parameter-problem - } - protocol icmpv6 - } - } - ipv6-name WAN-LOCAL-6 { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - state { - invalid enable - } - } - rule 10 { - action accept - destination { - address ff02::/64 - } - protocol icmpv6 - source { - address fe80::/10 - } - } - rule 50 { - action accept - description DHCPv6 - destination { - address fe80::/10 - port 546 - } - protocol udp - source { - address fe80::/10 - port 547 - } - } - } - ipv6-receive-redirects disable - ipv6-src-route disable - ip-src-route disable - log-martians enable - name DMZ-GUEST { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - } - name DMZ-LAN { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - description "NTP and LDAP to AD DC" - destination { - group { - address-group DOMAIN-CONTROLLER - } - port 123,389,636 - } - protocol tcp_udp - } - rule 300 { - action accept - destination { - group { - address-group DMZ-RDP-SERVER - } - port 3389 - } - protocol tcp_udp - source { - address 172.16.36.20 - } - } - } - name DMZ-LOCAL { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 50 { - action accept - destination { - address 172.16.254.30 - port 53 - } - protocol tcp_udp - } - rule 123 { - action accept - destination { - port 123 - } - protocol udp - } - } - name DMZ-WAN { - default-action accept - } - name GUEST-DMZ { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - destination { - port 80,443 - } - protocol tcp - } - } - name GUEST-IOT { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - description "MEDIA-STREAMING-CLIENTS Devices to GUEST" - destination { - group { - address-group MEDIA-STREAMING-CLIENTS - } - } - protocol tcp_udp - } - rule 110 { - action accept - description "AUDIO-STREAM Devices to GUEST" - destination { - group { - address-group AUDIO-STREAM - } - } - protocol tcp_udp - } - rule 200 { - action accept - description "MCAST relay" - destination { - address 224.0.0.251 - port 5353 - } - protocol udp - } - rule 300 { - action accept - description "BCAST relay" - destination { - port 1900 - } - protocol udp - } - } - name GUEST-LAN { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - } - name GUEST-LOCAL { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 10 { - action accept - description DNS - destination { - address 172.31.0.254 - port 53 - } - protocol tcp_udp - } - rule 11 { - action accept - description DHCP - destination { - port 67 - } - protocol udp - } - rule 15 { - action accept - destination { - address 172.31.0.254 - } - protocol icmp - } - rule 200 { - action accept - description "MCAST relay" - destination { - address 224.0.0.251 - port 5353 - } - protocol udp - } - rule 210 { - action accept - description "AUDIO-STREAM Broadcast" - destination { - port 1900 - } - protocol udp - } - } - name GUEST-WAN { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 25 { - action accept - description SMTP - destination { - port 25,587 - } - protocol tcp - } - rule 53 { - action accept - destination { - port 53 - } - protocol tcp_udp - } - rule 60 { - action accept - source { - address 172.31.0.200 - } - } - rule 80 { - action accept - source { - address 172.31.0.200 - } - } - rule 100 { - action accept - protocol icmp - } - rule 110 { - action accept - description POP3 - destination { - port 110,995 - } - protocol tcp - } - rule 123 { - action accept - description "NTP Client" - destination { - port 123 - } - protocol udp - } - rule 143 { - action accept - description IMAP - destination { - port 143,993 - } - protocol tcp - } - rule 200 { - action accept - destination { - port 80,443 - } - protocol tcp - } - rule 500 { - action accept - description "L2TP IPSec" - destination { - port 500,4500 - } - protocol udp - } - rule 600 { - action accept - destination { - port 5222-5224 - } - protocol tcp - } - rule 601 { - action accept - destination { - port 3478-3497,4500,16384-16387,16393-16402 - } - protocol udp - } - rule 1000 { - action accept - source { - address 172.31.0.184 - } - } - } - name IOT-GUEST { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - description "MEDIA-STREAMING-CLIENTS Devices to IOT" - protocol tcp_udp - source { - group { - address-group MEDIA-STREAMING-CLIENTS - } - } - } - rule 110 { - action accept - description "AUDIO-STREAM Devices to IOT" - protocol tcp_udp - source { - group { - address-group AUDIO-STREAM - } - } - } - rule 200 { - action accept - description "MCAST relay" - destination { - address 224.0.0.251 - port 5353 - } - protocol udp - } - rule 300 { - action accept - description "BCAST relay" - destination { - port 1900 - } - protocol udp - } - } - name IOT-LAN { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - description "AppleTV to LAN" - destination { - group { - port-group SMART-TV-PORTS - } - } - protocol tcp_udp - source { - group { - address-group MEDIA-STREAMING-CLIENTS - } - } - } - rule 110 { - action accept - description "AUDIO-STREAM Devices to LAN" - protocol tcp_udp - source { - group { - address-group AUDIO-STREAM - } - } - } - } - name IOT-LOCAL { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 10 { - action accept - description DNS - destination { - address 172.16.254.30 - port 53 - } - protocol tcp_udp - } - rule 11 { - action accept - description DHCP - destination { - port 67 - } - protocol udp - } - rule 15 { - action accept - destination { - address 172.16.35.254 - } - protocol icmp - } - rule 200 { - action accept - description "MCAST relay" - destination { - address 224.0.0.251 - port 5353 - } - protocol udp - } - rule 201 { - action accept - description "MCAST relay" - destination { - address 172.16.35.254 - port 5353 - } - protocol udp - } - rule 210 { - action accept - description "AUDIO-STREAM Broadcast" - destination { - port 1900,1902,6969 - } - protocol udp - } - } - name IOT-WAN { - default-action accept - } - name LAN-DMZ { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 22 { - action accept - description "SSH into DMZ" - destination { - port 22 - } - protocol tcp - } - rule 100 { - action accept - destination { - group { - address-group DMZ-WEBSERVER - } - port 22,80,443 - } - protocol tcp - } - } - name LAN-GUEST { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - } - name LAN-IOT { - default-action accept - } - name LAN-LOCAL { - default-action accept - } - name LAN-WAN { - default-action accept - } - name LOCAL-DMZ { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - } - name LOCAL-GUEST { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 5 { - action accept - protocol icmp - } - rule 200 { - action accept - description "MCAST relay" - destination { - address 224.0.0.251 - port 5353 - } - protocol udp - } - rule 300 { - action accept - description "BCAST relay" - destination { - port 1900 - } - protocol udp - } - } - name LOCAL-IOT { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 5 { - action accept - protocol icmp - } - rule 200 { - action accept - description "MCAST relay" - destination { - address 224.0.0.251 - port 5353 - } - protocol udp - } - rule 300 { - action accept - description "BCAST relay" - destination { - port 1900,6969 - } - protocol udp - } - } - name LOCAL-LAN { - default-action accept - } - name LOCAL-WAN { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 10 { - action accept - protocol icmp - } - rule 50 { - action accept - description DNS - destination { - port 53 - } - protocol tcp_udp - } - rule 80 { - action accept - destination { - port 80,443 - } - protocol tcp - } - rule 123 { - action accept - description NTP - destination { - port 123 - } - protocol udp - } - } - name WAN-DMZ { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - destination { - address 172.16.36.10 - port 80,443 - } - protocol tcp - } - } - name WAN-GUEST { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 1000 { - action accept - destination { - address 172.31.0.184 - } - } - rule 8000 { - action accept - destination { - address 172.31.0.200 - port 10000 - } - protocol udp - } - } - name WAN-IOT { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - } - name WAN-LAN { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 1000 { - action accept - destination { - address 172.16.33.40 - port 3389 - } - protocol tcp - source { - group { - network-group SSH-IN-ALLOW - } - } - } - } - name WAN-LOCAL { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 22 { - action accept - destination { - port 22 - } - protocol tcp - source { - group { - network-group SSH-IN-ALLOW - } - } - } - } - options { - interface pppoe0 { - adjust-mss 1452 - adjust-mss6 1432 - } - } - receive-redirects disable - send-redirects enable - source-validation disable - syn-cookies enable - twa-hazards-protection disable -} -interfaces { - dummy dum0 { - address 172.16.254.30/32 - } - ethernet eth0 { - duplex auto - speed auto - vif 5 { - address 172.16.37.254/24 - } - vif 10 { - address 172.16.33.254/24 - } - vif 20 { - address 172.31.0.254/24 - } - vif 35 { - address 172.16.35.254/24 - } - vif 50 { - address 172.16.36.254/24 - } - vif 100 { - address 172.16.100.254/24 - } - vif 201 { - address 172.18.201.254/24 - } - vif 202 { - address 172.18.202.254/24 - } - vif 203 { - address 172.18.203.254/24 - } - vif 204 { - address 172.18.204.254/24 - } - } - ethernet eth1 { - vif 7 { - description FTTH-PPPoE - } - } - loopback lo { - address 172.16.254.30/32 - } - pppoe pppoe0 { - authentication { - password vyos - user vyos - } - default-route auto - description "FTTH 100/50MBit" - dhcpv6-options { - pd 0 { - interface eth0.10 { - address 1 - sla-id 10 - } - interface eth0.20 { - address 1 - sla-id 20 - } - length 56 - } - } - ipv6 { - address { - autoconf - } - } - mtu 1492 - no-peer-dns - source-interface eth1.7 - } -} -nat { - destination { - rule 100 { - description HTTP(S) - destination { - port 80,443 - } - inbound-interface pppoe0 - log - protocol tcp - translation { - address 172.16.36.10 - } - } - rule 1000 { - destination { - port 3389 - } - disable - inbound-interface pppoe0 - protocol tcp - translation { - address 172.16.33.40 - } - } - rule 8000 { - destination { - port 10000 - } - inbound-interface pppoe0 - log - protocol udp - translation { - address 172.31.0.200 - } - } - } - source { - rule 100 { - log - outbound-interface pppoe0 - source { - address 172.16.32.0/19 - } - translation { - address masquerade - } - } - rule 200 { - outbound-interface pppoe0 - source { - address 172.16.100.0/24 - } - translation { - address masquerade - } - } - rule 300 { - outbound-interface pppoe0 - source { - address 172.31.0.0/24 - } - translation { - address masquerade - } - } - rule 400 { - outbound-interface pppoe0 - source { - address 172.18.200.0/21 - } - translation { - address masquerade - } - } - } -} -protocols { - static { - interface-route6 2000::/3 { - next-hop-interface pppoe0 { - } - } - route 10.0.0.0/8 { - blackhole { - distance 254 - } - } - route 169.254.0.0/16 { - blackhole { - distance 254 - } - } - route 172.16.0.0/12 { - blackhole { - distance 254 - } - } - route 192.168.0.0/16 { - blackhole { - distance 254 - } - } - } -} -service { - dhcp-server { - shared-network-name BACKBONE { - authoritative - subnet 172.16.37.0/24 { - default-router 172.16.37.254 - dns-server 172.16.254.30 - domain-name vyos.net - domain-search vyos.net - lease 86400 - ntp-server 172.16.254.30 - range 0 { - start 172.16.37.120 - stop 172.16.37.149 - } - static-mapping AP1.wue3 { - ip-address 172.16.37.231 - mac-address 18:e8:29:6c:c3:a5 - } - } - } - shared-network-name GUEST { - authoritative - subnet 172.31.0.0/24 { - default-router 172.31.0.254 - dns-server 172.31.0.254 - domain-name vyos.net - domain-search vyos.net - lease 86400 - range 0 { - start 172.31.0.100 - stop 172.31.0.199 - } - static-mapping host01 { - ip-address 172.31.0.200 - mac-address 00:50:00:00:00:01 - } - static-mapping host02 { - ip-address 172.31.0.184 - mac-address 00:50:00:00:00:02 - } - } - } - shared-network-name IOT { - authoritative - subnet 172.16.35.0/24 { - default-router 172.16.35.254 - dns-server 172.16.254.30 - domain-name vyos.net - domain-search vyos.net - lease 86400 - ntp-server 172.16.254.30 - range 0 { - start 172.16.35.101 - stop 172.16.35.149 - } - } - } - shared-network-name LAN { - authoritative - subnet 172.16.33.0/24 { - default-router 172.16.33.254 - dns-server 172.16.254.30 - domain-name vyos.net - domain-search vyos.net - lease 86400 - ntp-server 172.16.254.30 - range 0 { - start 172.16.33.100 - stop 172.16.33.189 - } - } - } - } - dns { - forwarding { - allow-from 172.16.0.0/12 - cache-size 0 - domain 16.172.in-addr.arpa { - addnta - recursion-desired - server 172.16.100.10 - server 172.16.100.20 - server 172.16.110.30 - } - domain 18.172.in-addr.arpa { - addnta - recursion-desired - server 172.16.100.10 - server 172.16.100.20 - server 172.16.110.30 - } - domain vyos.net { - addnta - recursion-desired - server 172.16.100.20 - server 172.16.100.10 - server 172.16.110.30 - } - ignore-hosts-file - listen-address 172.16.254.30 - listen-address 172.31.0.254 - negative-ttl 60 - } - } - lldp { - legacy-protocols { - cdp - } - snmp { - enable - } - } - mdns { - repeater { - interface eth0.35 - interface eth0.10 - } - } - router-advert { - interface eth0.10 { - prefix ::/64 { - preferred-lifetime 2700 - valid-lifetime 5400 - } - } - interface eth0.20 { - prefix ::/64 { - preferred-lifetime 2700 - valid-lifetime 5400 - } - } - } - snmp { - community fooBar { - authorization ro - network 172.16.100.0/24 - } - contact "VyOS maintainers and contributors " - listen-address 172.16.254.30 { - port 161 - } - location "The Internet" - } - ssh { - disable-host-validation - port 22 - } -} -system { - config-management { - commit-revisions 200 - } - conntrack { - expect-table-size 2048 - hash-size 32768 - modules { - sip { - disable - } - } - table-size 262144 - timeout { - icmp 30 - other 600 - udp { - other 300 - stream 300 - } - } - } - console { - device ttyS0 { - speed 115200 - } - } - domain-name vyos.net - host-name vyos - login { - user vyos { - authentication { - encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ - plaintext-password "" - } - } - } - name-server 172.16.254.30 - ntp { - allow-clients { - address 172.16.0.0/12 - } - server 0.pool.ntp.org { - } - server 1.pool.ntp.org { - } - server 2.pool.ntp.org { - } - } - option { - ctrl-alt-delete ignore - reboot-on-panic - startup-beep - } - syslog { - global { - facility all { - level debug - } - facility protocols { - level debug - } - } - host 172.16.100.1 { - facility all { - level warning - } - } - } - time-zone Europe/Berlin -} -traffic-policy { - shaper QoS { - bandwidth 50mbit - default { - bandwidth 100% - burst 15k - queue-limit 1000 - queue-type fq-codel - } - } -} -zone-policy { - zone DMZ { - default-action drop - from GUEST { - firewall { - name GUEST-DMZ - } - } - from LAN { - firewall { - name LAN-DMZ - } - } - from LOCAL { - firewall { - name LOCAL-DMZ - } - } - from WAN { - firewall { - name WAN-DMZ - } - } - interface eth0.50 - } - zone GUEST { - default-action drop - from DMZ { - firewall { - name DMZ-GUEST - } - } - from IOT { - firewall { - name IOT-GUEST - } - } - from LAN { - firewall { - name LAN-GUEST - } - } - from LOCAL { - firewall { - ipv6-name ALLOW-ALL-6 - name LOCAL-GUEST - } - } - from WAN { - firewall { - ipv6-name ALLOW-ESTABLISHED-6 - name WAN-GUEST - } - } - interface eth0.20 - } - zone IOT { - default-action drop - from GUEST { - firewall { - name GUEST-IOT - } - } - from LAN { - firewall { - name LAN-IOT - } - } - from LOCAL { - firewall { - name LOCAL-IOT - } - } - from WAN { - firewall { - name WAN-IOT - } - } - interface eth0.35 - } - zone LAN { - default-action drop - from DMZ { - firewall { - name DMZ-LAN - } - } - from GUEST { - firewall { - name GUEST-LAN - } - } - from IOT { - firewall { - name IOT-LAN - } - } - from LOCAL { - firewall { - ipv6-name ALLOW-ALL-6 - name LOCAL-LAN - } - } - from WAN { - firewall { - ipv6-name ALLOW-ESTABLISHED-6 - name WAN-LAN - } - } - interface eth0.5 - interface eth0.10 - interface eth0.100 - interface eth0.201 - interface eth0.202 - interface eth0.203 - interface eth0.204 - } - zone LOCAL { - default-action drop - from DMZ { - firewall { - name DMZ-LOCAL - } - } - from GUEST { - firewall { - ipv6-name ALLOW-ESTABLISHED-6 - name GUEST-LOCAL - } - } - from IOT { - firewall { - name IOT-LOCAL - } - } - from LAN { - firewall { - ipv6-name ALLOW-ALL-6 - name LAN-LOCAL - } - } - from WAN { - firewall { - ipv6-name WAN-LOCAL-6 - name WAN-LOCAL - } - } - local-zone - } - zone WAN { - default-action drop - from DMZ { - firewall { - name DMZ-WAN - } - } - from GUEST { - firewall { - ipv6-name ALLOW-ALL-6 - name GUEST-WAN - } - } - from IOT { - firewall { - name IOT-WAN - } - } - from LAN { - firewall { - ipv6-name ALLOW-ALL-6 - name LAN-WAN - } - } - from LOCAL { - firewall { - ipv6-name ALLOW-ALL-6 - name LOCAL-WAN - } - } - interface pppoe0 - } -} - - -// Warning: Do not remove the following line. -// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" -// Release version: 1.3-beta-202101091250 - diff --git a/smoketest/configs/ospf-config b/smoketest/configs/ospf-config deleted file mode 100644 index fe313e4b0..000000000 --- a/smoketest/configs/ospf-config +++ /dev/null @@ -1,120 +0,0 @@ -interfaces { - dummy dum0 { - address 172.18.254.201/32 - } - ethernet eth0 { - duplex auto - smp-affinity auto - speed auto - vif 201 { - address 172.18.201.10/24 - ip { - ospf { - authentication { - md5 { - key-id 10 { - md5-key OSPFVyOSNET - } - } - } - dead-interval 40 - hello-interval 10 - priority 1 - retransmit-interval 5 - transmit-delay 1 - } - } - } - } - ethernet eth1 { - duplex auto - smp-affinity auto - speed auto - } -} -protocols { - ospf { - area 0 { - network 172.18.201.0/24 - network 172.18.254.201/32 - } - log-adjacency-changes { - } - parameters { - abr-type cisco - router-id 172.18.254.201 - } - passive-interface default - passive-interface-exclude eth0.201 - } - static { - route 0.0.0.0/0 { - next-hop 172.18.201.254 { - distance 10 - } - } - } -} -service { - lldp { - interface all { - } - } - snmp { - community public { - authorization ro - network 172.16.100.0/24 - } - contact "VyOS maintainers and contributors " - location "Jenkins" - } - ssh { - disable-host-validation - port 22 - } -} -system { - config-management { - commit-revisions 200 - } - console { - device ttyS0 { - speed 115200 - } - } - domain-name vyos.net - host-name vyos - login { - user vyos { - authentication { - encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ - plaintext-password "" - } - level admin - } - } - name-server 172.16.254.30 - ntp { - server 0.pool.ntp.org { - } - server 1.pool.ntp.org { - } - server 2.pool.ntp.org { - } - } - syslog { - global { - facility all { - level info - } - facility protocols { - level debug - } - } - } - time-zone Europe/Berlin -} - -/* Warning: Do not remove the following line. */ -/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ -/* Release version: 1.2.6 */ diff --git a/smoketest/configs/ospf-small b/smoketest/configs/ospf-small new file mode 100644 index 000000000..fe313e4b0 --- /dev/null +++ b/smoketest/configs/ospf-small @@ -0,0 +1,120 @@ +interfaces { + dummy dum0 { + address 172.18.254.201/32 + } + ethernet eth0 { + duplex auto + smp-affinity auto + speed auto + vif 201 { + address 172.18.201.10/24 + ip { + ospf { + authentication { + md5 { + key-id 10 { + md5-key OSPFVyOSNET + } + } + } + dead-interval 40 + hello-interval 10 + priority 1 + retransmit-interval 5 + transmit-delay 1 + } + } + } + } + ethernet eth1 { + duplex auto + smp-affinity auto + speed auto + } +} +protocols { + ospf { + area 0 { + network 172.18.201.0/24 + network 172.18.254.201/32 + } + log-adjacency-changes { + } + parameters { + abr-type cisco + router-id 172.18.254.201 + } + passive-interface default + passive-interface-exclude eth0.201 + } + static { + route 0.0.0.0/0 { + next-hop 172.18.201.254 { + distance 10 + } + } + } +} +service { + lldp { + interface all { + } + } + snmp { + community public { + authorization ro + network 172.16.100.0/24 + } + contact "VyOS maintainers and contributors " + location "Jenkins" + } + ssh { + disable-host-validation + port 22 + } +} +system { + config-management { + commit-revisions 200 + } + console { + device ttyS0 { + speed 115200 + } + } + domain-name vyos.net + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + level admin + } + } + name-server 172.16.254.30 + ntp { + server 0.pool.ntp.org { + } + server 1.pool.ntp.org { + } + server 2.pool.ntp.org { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } + time-zone Europe/Berlin +} + +/* Warning: Do not remove the following line. */ +/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ +/* Release version: 1.2.6 */ diff --git a/smoketest/configs/pppoe-client b/smoketest/configs/pppoe-client deleted file mode 100644 index ef6a26423..000000000 --- a/smoketest/configs/pppoe-client +++ /dev/null @@ -1,62 +0,0 @@ -interfaces { - ethernet eth0 { - } - loopback lo { - } - pppoe pppoe0 { - authentication { - password bar - user foo - } - connect-on-demand - default-route auto - mtu 1492 - source-interface eth0 - } -} -service { - ssh { - } -} -system { - config-management { - commit-revisions 100 - } - console { - device ttyS0 { - speed 115200 - } - } - host-name vyos - login { - user vyos { - authentication { - encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ - plaintext-password "" - } - } - } - ntp { - server 0.pool.ntp.org { - } - server 1.pool.ntp.org { - } - server 2.pool.ntp.org { - } - } - syslog { - global { - facility all { - level info - } - facility protocols { - level debug - } - } - } -} - - -// Warning: Do not remove the following line. -// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@13:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@19:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1" -// Release version: 1.3-rolling-202010241631 diff --git a/smoketest/configs/small-as-bgp-vrrp b/smoketest/configs/small-as-bgp-vrrp deleted file mode 100644 index 61286c324..000000000 --- a/smoketest/configs/small-as-bgp-vrrp +++ /dev/null @@ -1,683 +0,0 @@ -firewall { - all-ping enable - broadcast-ping disable - config-trap disable - group { - address-group NET-VYOS-HTTPS-4 { - address 10.0.150.73 - } - ipv6-network-group NET-VYOS-6 { - network 2001:db8:200::/40 - } - network-group NET-VYOS-4 { - network 10.0.150.0/23 - network 192.168.189.0/24 - } - port-group MY-NAS-PORTS { - port 80 - port 5000 - port 5001 - port 6022 - port 9443 - } - } - ipv6-name WAN-TO-VLAN15-6 { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - source { - group { - network-group NET-VYOS-6 - } - } - } - rule 1010 { - action accept - destination { - address 2001:db8:200:15::a - group { - port-group MY-NAS-PORTS - } - } - protocol tcp - } - } - ipv6-receive-redirects disable - ipv6-src-route disable - ip-src-route disable - log-martians enable - name WAN-TO-VLAN15-4 { - default-action drop - enable-default-log - rule 1 { - action accept - state { - established enable - related enable - } - } - rule 2 { - action drop - log enable - state { - invalid enable - } - } - rule 100 { - action accept - source { - group { - network-group NET-VYOS-4 - } - } - } - rule 1000 { - action accept - destination { - group { - address-group NET-VYOS-HTTPS-4 - } - port 80,443 - } - protocol tcp - } - rule 1010 { - action accept - destination { - address 10.0.150.74 - group { - port-group MY-NAS-PORTS - } - } - protocol tcp - } - } - receive-redirects disable - send-redirects enable - source-validation disable - syn-cookies enable - twa-hazards-protection disable -} -high-availability { - vrrp { - group VLAN5-IPv4 { - interface eth0.5 - preempt-delay 180 - priority 250 - virtual-address 10.0.150.120/28 - vrid 5 - } - group VLAN5-IPv6 { - interface eth0.5 - preempt-delay 180 - priority 250 - virtual-address 2001:db8:200:f0::ffff/64 - vrid 6 - } - group VLAN10-IPv4 { - interface eth0.10 - preempt-delay 180 - priority 250 - virtual-address 10.0.150.62/26 - vrid 10 - } - group VLAN10-IPv6 { - interface eth0.10 - preempt-delay 180 - priority 250 - virtual-address 2001:db8:200:10::ffff/64 - virtual-address 2001:db8:200::ffff/64 - vrid 11 - } - group VLAN15-IPv4 { - interface eth0.15 - preempt-delay 180 - priority 250 - virtual-address 10.0.150.78/28 - vrid 15 - } - group VLAN15-IPv6 { - interface eth0.15 - preempt-delay 180 - priority 250 - virtual-address 2001:db8:200:15::ffff/64 - vrid 16 - } - group VLAN500-IPv4 { - interface eth0.500 - preempt-delay 180 - priority 250 - virtual-address 10.0.151.238/28 - vrid 238 - } - group VLAN500-IPv6 { - interface eth0.500 - preempt-delay 180 - priority 250 - virtual-address 2001:db8:200:50::ffff/64 - vrid 239 - } - group VLAN520-IPv4 { - interface eth0.520 - preempt-delay 180 - priority 250 - virtual-address 10.0.150.190/28 - vrid 52 - } - group VLAN520-IPv6 { - interface eth0.520 - preempt-delay 180 - priority 250 - virtual-address 2001:db8:200:520::ffff/64 - vrid 53 - } - group VLAN810-IPv4 { - interface eth0.810 - preempt-delay 180 - priority 250 - virtual-address 10.0.151.30/27 - vrid 80 - } - group VLAN810-IPv6 { - interface eth0.810 - preempt-delay 180 - priority 250 - virtual-address 2001:db8:200:102::ffff/64 - vrid 81 - } - sync-group VYOS { - member VLAN5-IPv4 - member VLAN5-IPv6 - member VLAN10-IPv4 - member VLAN10-IPv6 - member VLAN500-IPv4 - member VLAN500-IPv6 - member VLAN15-IPv4 - member VLAN15-IPv6 - member VLAN810-IPv6 - member VLAN810-IPv4 - member VLAN520-IPv4 - member VLAN520-IPv6 - } - } -} -interfaces { - dummy dum0 { - address 2001:db8:200:ffff::2/128 - address 10.0.151.251/32 - } - ethernet eth0 { - vif 5 { - address 10.0.150.121/28 - address 2001:db8:200:f0::4/64 - ip { - ospf { - authentication { - md5 { - key-id 10 { - md5-key vyosospfkey - } - } - } - cost 10 - dead-interval 40 - hello-interval 10 - network broadcast - priority 200 - retransmit-interval 5 - transmit-delay 5 - } - } - } - vif 10 { - address 2001:db8:200:10::1:ffff/64 - address 2001:db8:200::1:ffff/64 - address 10.0.150.60/26 - } - vif 15 { - address 10.0.150.76/28 - address 2001:db8:200:15::1:ffff/64 - firewall { - out { - ipv6-name WAN-TO-VLAN15-6 - name WAN-TO-VLAN15-4 - } - } - } - vif 50 { - address 192.168.189.2/24 - } - vif 110 { - address 2001:db8:200:101::ffff/64 - address 10.0.151.190/27 - address 10.0.151.158/28 - } - vif 410 { - address 10.0.151.206/28 - address 2001:db8:200:104::ffff/64 - } - vif 450 { - address 2001:db8:200:103::ffff/64 - address 10.0.151.142/29 - disable - } - vif 500 { - address 10.0.151.236/28 - address 2001:db8:200:50::1:ffff/64 - } - vif 520 { - address 10.0.150.188/26 - address 2001:db8:200:520::1:ffff/64 - } - vif 800 { - address 2001:db8:200:ff::104:1/112 - address 10.0.151.212/31 - } - vif 810 { - address 10.0.151.28/27 - address 2001:db8:200:102::1:ffff/64 - } - } - ethernet eth1 { - } - loopback lo { - } -} -policy { - prefix-list as65000-origin-v4 { - rule 10 { - action permit - prefix 10.0.150.0/23 - } - rule 100 { - action permit - prefix 0.0.0.0/0 - } - } - prefix-list6 as65000-origin-v6 { - rule 10 { - action permit - prefix 2001:db8:200::/40 - } - } - route-map as65010-in { - rule 10 { - action permit - set { - local-preference 30 - } - } - } - route-map as65010-out { - rule 10 { - action permit - set { - as-path-prepend "65000 65000" - } - } - } -} -protocols { - bgp 65000 { - address-family { - ipv4-unicast { - network 10.0.150.0/23 { - } - } - ipv6-unicast { - network 2001:db8:200::/40 { - } - } - } - neighbor 10.0.151.222 { - address-family { - ipv4-unicast { - default-originate { - } - prefix-list { - export as65000-origin-v4 - } - route-map { - export as65010-out - import as65010-in - } - soft-reconfiguration { - inbound - } - } - } - capability { - dynamic - } - remote-as 65010 - } - neighbor 10.0.151.252 { - peer-group VYOSv4 - } - neighbor 10.0.151.254 { - peer-group VYOSv4 - } - neighbor 2001:db8:200:ffff::3 { - peer-group VYOSv6 - } - neighbor 2001:db8:200:ffff::a { - peer-group VYOSv6 - } - neighbor 2001:db8:200:ff::101:2 { - address-family { - ipv6-unicast { - capability { - dynamic - } - prefix-list { - export as65000-origin-v6 - } - route-map { - import as65010-in - } - soft-reconfiguration { - inbound - } - } - } - remote-as 65010 - } - parameters { - default { - no-ipv4-unicast - } - log-neighbor-changes - router-id 10.0.151.251 - } - peer-group VYOSv4 { - address-family { - ipv4-unicast { - nexthop-self { - } - } - } - capability { - dynamic - } - remote-as 65000 - update-source dum0 - } - peer-group VYOSv6 { - address-family { - ipv6-unicast { - nexthop-self { - } - } - } - capability { - dynamic - } - remote-as 65000 - update-source dum0 - } - timers { - holdtime 30 - keepalive 10 - } - } - ospf { - area 0 { - area-type { - normal - } - authentication md5 - network 10.0.151.251/32 - network 10.0.151.208/31 - network 10.0.150.112/28 - } - parameters { - abr-type cisco - router-id 10.0.151.251 - } - passive-interface default - passive-interface-exclude dum0 - passive-interface-exclude eth0.5 - redistribute { - connected { - metric-type 2 - } - static { - metric-type 2 - } - } - } - ospfv3 { - area 0.0.0.0 { - interface dum0 - interface eth0.5 - } - parameters { - router-id 10.0.151.251 - } - redistribute { - connected { - } - static { - } - } - } - static { - route 10.0.0.0/8 { - MY-NAS { - distance 254 - } - } - route 172.16.0.0/12 { - MY-NAS { - distance 254 - } - } - route 192.168.0.0/16 { - MY-NAS { - distance 254 - } - } - route 193.148.249.144/32 { - next-hop 192.168.189.1 { - } - } - route 10.0.150.0/23 { - MY-NAS { - distance 254 - } - } - route 10.0.151.32/27 { - next-hop 10.0.151.5 { - } - } - route6 2001:db8:2fe:ffff::/64 { - next-hop 2001:db8:200:102::4 { - } - } - route6 2001:db8:2ff::/48 { - next-hop 2001:db8:200:101::1 { - } - } - route6 2001:db8:200::/40 { - MY-NAS { - distance 254 - } - } - } -} -service { - dhcp-server { - shared-network-name NET-VYOS-DHCP-1 { - subnet 10.0.151.224/28 { - default-router 10.0.151.238 - dns-server 10.0.150.2 - dns-server 10.0.150.1 - domain-name vyos.net - failover { - local-address 10.0.151.236 - name NET-VYOS-DHCP-1 - peer-address 10.0.151.237 - status primary - } - lease 1800 - range 0 { - start 10.0.151.225 - stop 10.0.151.237 - } - } - } - shared-network-name NET-VYOS-HOSTING-1 { - subnet 10.0.150.128/26 { - default-router 10.0.150.190 - dns-server 10.0.150.2 - dns-server 10.0.150.1 - domain-name vyos.net - failover { - local-address 10.0.150.188 - name NET-VYOS-HOSTING-1 - peer-address 10.0.150.189 - status primary - } - lease 604800 - range 0 { - start 10.0.150.129 - stop 10.0.150.187 - } - } - } - } - lldp { - interface all { - } - management-address 10.0.151.251 - snmp { - enable - } - } - router-advert { - interface eth4.500 { - default-preference high - name-server 2001:db8:200::1 - name-server 2001:db8:200::2 - prefix 2001:db8:200:50::/64 { - valid-lifetime infinity - } - } - interface eth4.520 { - default-preference high - name-server 2001:db8:200::1 - name-server 2001:db8:200::2 - prefix 2001:db8:200:520::/64 { - valid-lifetime infinity - } - } - } - snmp { - community public { - network 10.0.150.0/26 - network 2001:db8:200:10::/64 - } - contact noc@vyos.net - listen-address 10.0.151.251 { - } - listen-address 2001:db8:200:ffff::2 { - } - location "Jenkins" - } - ssh { - disable-host-validation - listen-address 10.0.151.251 - listen-address 2001:db8:200:ffff::2 - listen-address 192.168.189.2 - loglevel fatal - port 22 - } -} -system { - config-management { - commit-revisions 200 - } - console { - device ttyS0 { - speed 115200 - } - } - domain-name vyos.net - host-name vyos - login { - banner { - pre-login "VyOS - Network\n" - } - radius { - server 192.0.2.1 { - key SuperS3cretRADIUSkey - timeout 1 - } - server 192.0.2.2 { - key SuperS3cretRADIUSkey - timeout 1 - } - source-address 192.0.2.254 - } - user vyos { - authentication { - encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0 - plaintext-password "" - } - } - } - name-server 192.0.2.1 - name-server 192.0.2.2 - name-server 2001:db8:200::1 - name-server 2001:db8:200::2 - ntp { - allow-clients { - address 10.0.150.0/23 - address 2001:db8:200::/40 - } - listen-address 10.0.151.251 - listen-address 2001:db8:200:ffff::2 - server 0.de.pool.ntp.org { - } - server 1.de.pool.ntp.org { - } - server 2.de.pool.ntp.org { - } - } - syslog { - global { - facility all { - level notice - } - facility protocols { - level debug - } - } - host 10.0.150.26 { - facility all { - level all - } - } - } - time-zone Europe/Berlin -} - - -// Warning: Do not remove the following line. -// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" -// Release version: 1.3-beta-202101151942 -- cgit v1.2.3