summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/templates/accel-ppp/l2tp.config.tmpl3
-rw-r--r--data/templates/accel-ppp/pppoe.config.tmpl18
-rw-r--r--data/templates/accel-ppp/sstp.config.tmpl6
-rw-r--r--data/templates/conserver/dropbear@.service.tmpl2
-rw-r--r--data/templates/dhcp-client/ipv4.tmpl10
-rw-r--r--data/templates/dynamic-dns/ddclient.conf.tmpl2
-rw-r--r--data/templates/frr/bfdd.frr.tmpl36
-rw-r--r--data/templates/frr/bgpd.frr.tmpl12
-rw-r--r--data/templates/frr/isisd.frr.tmpl91
-rw-r--r--data/templates/frr/ldpd.frr.tmpl99
-rw-r--r--data/templates/frr/ospf6d.frr.tmpl14
-rw-r--r--data/templates/frr/ospfd.frr.tmpl19
-rw-r--r--data/templates/frr/policy.frr.tmpl7
-rw-r--r--data/templates/frr/ripd.frr.tmpl6
-rw-r--r--data/templates/frr/ripngd.frr.tmpl7
-rw-r--r--data/templates/frr/rpki.frr.tmpl1
-rw-r--r--data/templates/frr/staticd.frr.tmpl9
-rw-r--r--data/templates/frr/vrf-vni.frr.tmpl10
-rw-r--r--data/templates/https/override.conf.tmpl15
-rw-r--r--data/templates/ipsec/swanctl/profile.tmpl2
-rw-r--r--data/templates/lcd/LCDd.conf.tmpl7
-rw-r--r--data/templates/mdns-repeater/avahi-daemon.tmpl18
-rw-r--r--data/templates/mdns-repeater/mdns-repeater.tmpl2
-rw-r--r--data/templates/netflow/uacctd.conf.tmpl3
-rw-r--r--data/templates/ntp/ntpd.conf.tmpl2
-rw-r--r--data/templates/openvpn/server.conf.tmpl19
-rw-r--r--data/templates/openvpn/service-override.conf.tmpl20
-rw-r--r--data/templates/snmp/etc.snmpd.conf.tmpl2
-rw-r--r--data/templates/tftp-server/default.tmpl5
-rw-r--r--data/templates/vrrp/keepalived.conf.tmpl3
-rw-r--r--data/templates/vyos-hostsd/hosts.tmpl5
31 files changed, 278 insertions, 177 deletions
diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl
index 44c96b935..9fcda76d4 100644
--- a/data/templates/accel-ppp/l2tp.config.tmpl
+++ b/data/templates/accel-ppp/l2tp.config.tmpl
@@ -57,6 +57,9 @@ bind={{ outside_addr }}
{% if lns_shared_secret %}
secret={{ lns_shared_secret }}
{% endif %}
+{% if lns_host_name %}
+host-name={{ lns_host_name }}
+{% endif %}
[client-ip-range]
0.0.0.0/0
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
index 238e7ee15..0a8e0079b 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -108,19 +108,17 @@ ac-name={{ access_concentrator }}
{% if iface_config.vlan_id is not defined and iface_config.vlan_range is not defined %}
interface={{ iface }}
{% endif %}
-{% if iface_config.vlan_id is defined and iface_config.vlan_range is not defined %}
-{% for vlan in iface_config.vlan_id %}
-interface={{ iface }}.{{ vlan }}
-vlan-mon={{ iface }},{{ vlan }}
+{% if iface_config.vlan_range is defined %}
+{% for regex in iface_config.regex %}
+interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$
{% endfor %}
-{% endif %}
-{% if iface_config.vlan_range is defined and iface_config.vlan_id is not defined %}
vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }}
-interface=re:{{ iface | replace('.', '\\.') }}\.\d+
{% endif %}
-{% if iface_config.vlan_id is defined and iface_config.vlan_range is defined %}
-vlan-mon={{ iface }},{{ iface_config.vlan_id | join(',') }},{{ iface_config.vlan_range | join(',') }}
-interface=re:{{ iface | replace('.', '\\.') }}\.\d+
+{% if iface_config.vlan_id is defined %}
+{% for vlan in iface_config.vlan_id %}
+vlan-mon={{ iface }},{{ vlan }}
+interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$
+{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
index fad91d118..8fd7d230d 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -50,9 +50,9 @@ verbose=1
check-ip=1
{# MTU #}
mtu={{ mtu }}
-{% if client_ipv6_pool is defined %}
-ipv6=allow
-{% endif %}
+ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }}
+ipv4={{ ppp_options.ipv4 }}
+
mppe={{ ppp_options.mppe }}
lcp-echo-interval={{ ppp_options.lcp_echo_interval }}
lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }}
diff --git a/data/templates/conserver/dropbear@.service.tmpl b/data/templates/conserver/dropbear@.service.tmpl
index 4bb73f751..e355dab43 100644
--- a/data/templates/conserver/dropbear@.service.tmpl
+++ b/data/templates/conserver/dropbear@.service.tmpl
@@ -1,4 +1,4 @@
[Service]
ExecStart=
-ExecStart=/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console {{ device }}" -P /run/conserver/dropbear.%I.pid -p %I
+ExecStart=/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -b /etc/issue.net -c "/usr/bin/console {{ device }}" -P /run/conserver/dropbear.%I.pid -p %I
PIDFile=/run/conserver/dropbear.%I.pid
diff --git a/data/templates/dhcp-client/ipv4.tmpl b/data/templates/dhcp-client/ipv4.tmpl
index c934b7cdb..b3e74c22b 100644
--- a/data/templates/dhcp-client/ipv4.tmpl
+++ b/data/templates/dhcp-client/ipv4.tmpl
@@ -2,12 +2,18 @@
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
timeout 60;
-retry 300;
+retry 60;
+initial-interval 2;
interface "{{ ifname }}" {
send host-name "{{ dhcp_options.host_name }}";
{% if dhcp_options.client_id is defined and dhcp_options.client_id is not none %}
- send dhcp-client-identifier "{{ dhcp_options.client_id }}";
+{% set client_id = dhcp_options.client_id %}
+{# Use HEX representation of client-id as it is send in MAC-address style using hex characters. If not HEX, use double quotes ASCII format #}
+{% if not dhcp_options.client_id.split(':') | length >= 5 %}
+{% set client_id = '"' + dhcp_options.client_id + '"' %}
+{% endif %}
+ send dhcp-client-identifier {{ client_id }};
{% endif %}
{% if dhcp_options.vendor_class_id is defined and dhcp_options.vendor_class_id is not none %}
send vendor-class-identifier "{{ dhcp_options.vendor_class_id }}";
diff --git a/data/templates/dynamic-dns/ddclient.conf.tmpl b/data/templates/dynamic-dns/ddclient.conf.tmpl
index 9d379de00..517e4bad4 100644
--- a/data/templates/dynamic-dns/ddclient.conf.tmpl
+++ b/data/templates/dynamic-dns/ddclient.conf.tmpl
@@ -9,7 +9,7 @@ ssl=yes
{% set web_skip = ", web-skip='" + interface[iface].use_web.skip + "'" if interface[iface].use_web.skip is defined else '' %}
use=web, web='{{ interface[iface].use_web.url }}'{{ web_skip }}
{% else %}
-use=if, if={{ iface }}
+{{ 'usev6=if' if interface[iface].ipv6_enable is defined else 'use=if' }}, if={{ iface }}
{% endif %}
{% if interface[iface].rfc2136 is defined and interface[iface].rfc2136 is not none %}
diff --git a/data/templates/frr/bfdd.frr.tmpl b/data/templates/frr/bfdd.frr.tmpl
index 16f8be92c..439f79d67 100644
--- a/data/templates/frr/bfdd.frr.tmpl
+++ b/data/templates/frr/bfdd.frr.tmpl
@@ -1,4 +1,4 @@
-!
+{% if profile is defined or peer is defined %}
bfd
{% if profile is defined and profile is not none %}
{% for profile_name, profile_config in profile.items() %}
@@ -6,39 +6,53 @@ bfd
detect-multiplier {{ profile_config.interval.multiplier }}
receive-interval {{ profile_config.interval.receive }}
transmit-interval {{ profile_config.interval.transmit }}
-{% if profile_config.interval['echo-interval'] is defined and profile_config.interval['echo-interval'] is not none %}
- echo-interval {{ profile_config.interval['echo-interval'] }}
+{% if profile_config.interval.echo_interval is defined and profile_config.interval.echo_interval is not none %}
+ echo transmit-interval {{ profile_config.interval.echo_interval }}
+ echo receive-interval {{ profile_config.interval.echo_interval }}
{% endif %}
-{% if profile_config['echo-mode'] is defined %}
+{% if profile_config.echo_mode is defined %}
echo-mode
{% endif %}
+{% if profile_config.passive is defined %}
+ passive-mode
+{% endif %}
{% if profile_config.shutdown is defined %}
shutdown
{% else %}
no shutdown
{% endif %}
- exit
+ exit
+ !
{% endfor %}
{% endif %}
{% if peer is defined and peer is not none %}
{% for peer_name, peer_config in peer.items() %}
- peer {{ peer_name }}{{ ' multihop' if peer_config.multihop is defined }}{{ ' local-address ' + peer_config.source.address if peer_config.source is defined and peer_config.source.address is defined }}{{ ' interface ' + peer_config.source.interface if peer_config.source is defined and peer_config.source.interface is defined }}
+ peer {{ peer_name }}{{ ' multihop' if peer_config.multihop is defined }}{{ ' local-address ' + peer_config.source.address if peer_config.source is defined and peer_config.source.address is defined }}{{ ' interface ' + peer_config.source.interface if peer_config.source is defined and peer_config.source.interface is defined }} {{ ' vrf ' + peer_config.vrf if peer_config.vrf is defined and peer_config.vrf is not none }}
detect-multiplier {{ peer_config.interval.multiplier }}
receive-interval {{ peer_config.interval.receive }}
transmit-interval {{ peer_config.interval.transmit }}
-{% if peer_config.interval['echo-interval'] is defined and peer_config.interval['echo-interval'] is not none %}
- echo-interval {{ peer_config.interval['echo-interval'] }}
+{% if peer_config.interval.echo_interval is defined and peer_config.interval.echo_interval is not none %}
+ echo transmit-interval {{ peer_config.interval.echo_interval }}
+ echo receive-interval {{ peer_config.interval.echo_interval }}
{% endif %}
-{% if peer_config['echo-mode'] is defined %}
+{% if peer_config.echo_mode is defined %}
echo-mode
{% endif %}
+{% if peer_config.passive is defined %}
+ passive-mode
+{% endif %}
+{% if peer_config.profile is defined and peer_config.profile is not none %}
+ profile {{ peer_config.profile }}
+{% endif %}
{% if peer_config.shutdown is defined %}
shutdown
{% else %}
no shutdown
{% endif %}
- exit
+ exit
+ !
{% endfor %}
{% endif %}
- end
+exit
!
+{% endif %}
diff --git a/data/templates/frr/bgpd.frr.tmpl b/data/templates/frr/bgpd.frr.tmpl
index 27a2b98a5..fbdbafd6e 100644
--- a/data/templates/frr/bgpd.frr.tmpl
+++ b/data/templates/frr/bgpd.frr.tmpl
@@ -230,10 +230,8 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
{% else %}
no bgp ebgp-requires-policy
{% endif %}
-{% if parameters is defined and parameters.default is defined and parameters.default.no_ipv4_unicast is defined %}
{# Option must be set before any neighbor - see https://phabricator.vyos.net/T3463 #}
no bgp default ipv4-unicast
-{% endif %}
{# Workaround for T2100 until we have decided about a migration script #}
no bgp network import-check
{% if address_family is defined and address_family is not none %}
@@ -266,8 +264,11 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
{% endif %}
{% endif %}
{% if afi_config.aggregate_address is defined and afi_config.aggregate_address is not none %}
-{% for ip in afi_config.aggregate_address %}
- aggregate-address {{ ip }}{{ ' as-set' if afi_config.aggregate_address[ip].as_set is defined }}{{ ' summary-only' if afi_config.aggregate_address[ip].summary_only is defined }}
+{% for aggregate, aggregate_config in afi_config.aggregate_address.items() %}
+ aggregate-address {{ aggregate }}{{ ' as-set' if aggregate_config.as_set is defined }}{{ ' summary-only' if aggregate_config.summary_only is defined }}
+{% if aggregate_config.route_map is defined and aggregate_config.route_map is not none %}
+ aggregate-address {{ aggregate }} route-map {{ aggregate_config.route_map }}
+{% endif %}
{% endfor %}
{% endif %}
{% if afi_config.maximum_paths is defined and afi_config.maximum_paths.ebgp is defined and afi_config.maximum_paths.ebgp is not none %}
@@ -523,5 +524,4 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
{% if timers is defined and timers.keepalive is defined and timers.holdtime is defined %}
timers bgp {{ timers.keepalive }} {{ timers.holdtime }}
{% endif %}
- end
-! \ No newline at end of file
+exit \ No newline at end of file
diff --git a/data/templates/frr/isisd.frr.tmpl b/data/templates/frr/isisd.frr.tmpl
index 51ac40060..fc0799e02 100644
--- a/data/templates/frr/isisd.frr.tmpl
+++ b/data/templates/frr/isisd.frr.tmpl
@@ -1,4 +1,50 @@
!
+{% if interface is defined and interface is not none %}
+{% for iface, iface_config in interface.items() %}
+interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
+ ip router isis VyOS
+ ipv6 router isis VyOS
+{% if iface_config.bfd is defined %}
+ isis bfd
+{% endif %}
+{% if iface_config.network is defined and iface_config.network.point_to_point is defined %}
+ isis network point-to-point
+{% endif %}
+{% if iface_config.circuit_type is defined %}
+ isis circuit-type {{ iface_config.circuit_type }}
+{% endif %}
+{% if iface_config.hello_interval is defined and iface_config.hello_interval is not none %}
+ isis hello-interval {{ iface_config.hello_interval }}
+{% endif %}
+{% if iface_config.hello_multiplier is defined and iface_config.hello_multiplier is not none %}
+ isis hello-multiplier {{ iface_config.hello_multiplier }}
+{% endif %}
+{% if iface_config.hello_padding is defined %}
+ isis hello padding
+{% endif %}
+{% if iface_config.metric is defined and iface_config.metric is not none %}
+ isis metric {{ iface_config.metric }}
+{% endif %}
+{% if iface_config.passive is defined %}
+ isis passive
+{% endif %}
+{% if iface_config.password is defined and iface_config.password.plaintext_password is defined and iface_config.password.plaintext_password is not none %}
+ isis password clear {{ iface_config.password.plaintext_password }}
+{% endif %}
+{% if iface_config.priority is defined and iface_config.priority is not none %}
+ isis priority {{ iface_config.priority }}
+{% endif %}
+{% if iface_config.psnp_interval is defined and iface_config.psnp_interval is not none %}
+ isis psnp-interval {{ iface_config.psnp_interval }}
+{% endif %}
+{% if iface_config.no_three_way_handshake is defined %}
+ no isis three-way-handshake
+{% endif %}
+exit
+!
+{% endfor %}
+{% endif %}
+!
router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
net {{ net }}
{% if dynamic_hostname is defined %}
@@ -151,48 +197,5 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
is-type {{ level }}
{% endif %}
{% endif %}
-!
-{% if interface is defined and interface is not none %}
-{% for iface, iface_config in interface.items() %}
-interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
- ip router isis VyOS
- ipv6 router isis VyOS
-{% if iface_config.bfd is defined %}
- isis bfd
-{% endif %}
-{% if iface_config.network is defined and iface_config.network.point_to_point is defined %}
- isis network point-to-point
-{% endif %}
-{% if iface_config.circuit_type is defined %}
- isis circuit-type {{ iface_config.circuit_type }}
-{% endif %}
-{% if iface_config.hello_interval is defined and iface_config.hello_interval is not none %}
- isis hello-interval {{ iface_config.hello_interval }}
-{% endif %}
-{% if iface_config.hello_multiplier is defined and iface_config.hello_multiplier is not none %}
- isis hello-multiplier {{ iface_config.hello_multiplier }}
-{% endif %}
-{% if iface_config.hello_padding is defined %}
- isis hello padding
-{% endif %}
-{% if iface_config.metric is defined and iface_config.metric is not none %}
- isis metric {{ iface_config.metric }}
-{% endif %}
-{% if iface_config.passive is defined %}
- isis passive
-{% endif %}
-{% if iface_config.password is defined and iface_config.password.plaintext_password is defined and iface_config.password.plaintext_password is not none %}
- isis password clear {{ iface_config.password.plaintext_password }}
-{% endif %}
-{% if iface_config.priority is defined and iface_config.priority is not none %}
- isis priority {{ iface_config.priority }}
-{% endif %}
-{% if iface_config.psnp_interval is defined and iface_config.psnp_interval is not none %}
- isis psnp-interval {{ iface_config.psnp_interval }}
-{% endif %}
-{% if iface_config.no_three_way_handshake is defined %}
- no isis three-way-handshake
-{% endif %}
-{% endfor %}
-{% endif %}
+exit
! \ No newline at end of file
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl
index 0a5411552..537ea4025 100644
--- a/data/templates/frr/ldpd.frr.tmpl
+++ b/data/templates/frr/ldpd.frr.tmpl
@@ -2,69 +2,69 @@
{% if ldp is defined %}
mpls ldp
{% if ldp.router_id is defined %}
-router-id {{ ldp.router_id }}
+ router-id {{ ldp.router_id }}
{% endif %}
{% if ldp.parameters is defined %}
{% if ldp.parameters.cisco_interop_tlv is defined %}
-dual-stack cisco-interop
+ dual-stack cisco-interop
{% endif %}
{% if ldp.parameters.transport_prefer_ipv4 is defined%}
-dual-stack transport-connection prefer ipv4
+ dual-stack transport-connection prefer ipv4
{% endif %}
{% if ldp.parameters.ordered_control is defined%}
-ordered-control
+ ordered-control
{% endif %}
{% endif %}
{% if ldp.neighbor is defined %}
{% for neighbors in ldp.neighbor %}
{% if ldp.neighbor[neighbors].password is defined %}
-neighbor {{neighbors}} password {{ldp.neighbor[neighbors].password}}
+ neighbor {{ neighbors }} password {{ ldp.neighbor[neighbors].password }}
{% endif %}
{% if ldp.neighbor[neighbors].ttl_security is defined %}
{% if 'disable' in ldp.neighbor[neighbors].ttl_security %}
-neighbor {{neighbors}} ttl-security disable
+ neighbor {{ neighbors }} ttl-security disable
{% else %}
-neighbor {{neighbors}} ttl-security hops {{ldp.neighbor[neighbors].ttl_security}}
+ neighbor {{ neighbors }} ttl-security hops {{ ldp.neighbor[neighbors].ttl_security }}
{% endif %}
{% endif %}
{% if ldp.neighbor[neighbors].session_holdtime is defined %}
-neighbor {{neighbors}} session holdtime {{ldp.neighbor[neighbors].session_holdtime}}
+ neighbor {{ neighbors }} session holdtime {{ ldp.neighbor[neighbors].session_holdtime }}
{% endif %}
{% endfor %}
{% endif %}
-!
+ !
{% if ldp.discovery is defined %}
{% if ldp.discovery.transport_ipv4_address is defined %}
-address-family ipv4
+ address-family ipv4
{% if ldp.allocation is defined %}
{% if ldp.allocation.ipv4 is defined %}
{% if ldp.allocation.ipv4.access_list is defined %}
-label local allocate for {{ ldp.allocation.ipv4.access_list }}
+ label local allocate for {{ ldp.allocation.ipv4.access_list }}
{% endif %}
{% endif %}
{% else %}
-label local allocate host-routes
+ label local allocate host-routes
{% endif %}
{% if ldp.discovery.transport_ipv4_address is defined %}
-discovery transport-address {{ ldp.discovery.transport_ipv4_address }}
+ discovery transport-address {{ ldp.discovery.transport_ipv4_address }}
{% endif %}
{% if ldp.discovery.hello_ipv4_holdtime is defined %}
-discovery hello holdtime {{ ldp.discovery.hello_ipv4_holdtime }}
+ discovery hello holdtime {{ ldp.discovery.hello_ipv4_holdtime }}
{% endif %}
{% if ldp.discovery.hello_ipv4_interval is defined %}
-discovery hello interval {{ ldp.discovery.hello_ipv4_interval }}
+ discovery hello interval {{ ldp.discovery.hello_ipv4_interval }}
{% endif %}
{% if ldp.discovery.session_ipv4_holdtime is defined %}
-session holdtime {{ ldp.discovery.session_ipv4_holdtime }}
+ session holdtime {{ ldp.discovery.session_ipv4_holdtime }}
{% endif %}
{% if ldp.import is defined %}
{% if ldp.import.ipv4 is defined %}
{% if ldp.import.ipv4.import_filter is defined %}
{% if ldp.import.ipv4.import_filter.filter_access_list is defined %}
{% if ldp.import.ipv4.import_filter.neighbor_access_list is defined %}
-label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }} from {{ ldp.import.ipv4.import_filter.neighbor_access_list }}
+ label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }} from {{ ldp.import.ipv4.import_filter.neighbor_access_list }}
{% else %}
-label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }}
+ label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }}
{% endif %}
{% endif %}
{% endif %}
@@ -73,14 +73,14 @@ label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }}
{% if ldp.export is defined %}
{% if ldp.export.ipv4 is defined %}
{% if ldp.export.ipv4.explicit_null is defined %}
-label local advertise explicit-null
+ label local advertise explicit-null
{% endif %}
{% if ldp.export.ipv4.export_filter is defined %}
{% if ldp.export.ipv4.export_filter.filter_access_list is defined %}
{% if ldp.export.ipv4.export_filter.neighbor_access_list is defined %}
-label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }} to {{ ldp.export.ipv4.export_filter.neighbor_access_list }}
+ label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }} to {{ ldp.export.ipv4.export_filter.neighbor_access_list }}
{% else %}
-label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }}
+ label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }}
{% endif %}
{% endif %}
{% endif %}
@@ -88,59 +88,59 @@ label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }}
{% endif %}
{% if ldp.targeted_neighbor is defined %}
{% if ldp.targeted_neighbor.ipv4.enable is defined %}
-discovery targeted-hello accept
+ discovery targeted-hello accept
{% endif %}
{% if ldp.targeted_neighbor.ipv4.hello_holdtime is defined %}
-discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv4.hello_holdtime }}
+ discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv4.hello_holdtime }}
{% endif %}
{% if ldp.targeted_neighbor.ipv4.hello_interval is defined %}
-discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv4.hello_interval }}
+ discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv4.hello_interval }}
{% endif %}
{% for addresses in ldp.targeted_neighbor.ipv4.address %}
-neighbor {{addresses}} targeted
+ neighbor {{addresses}} targeted
{% endfor %}
{% endif %}
{% for interfaces in ldp.interface %}
-interface {{interfaces}}
+ interface {{interfaces}}
{% endfor %}
-exit-address-family
+ exit-address-family
{% else %}
-no address-family ipv4
+ no address-family ipv4
{% endif %}
{% endif %}
-!
+ !
{% if ldp.discovery is defined %}
{% if ldp.discovery.transport_ipv6_address is defined %}
-address-family ipv6
+ address-family ipv6
{% if ldp.allocation is defined %}
{% if ldp.allocation.ipv6 is defined %}
{% if ldp.allocation.ipv6.access_list6 is defined %}
-label local allocate for {{ ldp.allocation.ipv6.access_list6 }}
+ label local allocate for {{ ldp.allocation.ipv6.access_list6 }}
{% endif %}
{% endif %}
{% else %}
-label local allocate host-routes
+ label local allocate host-routes
{% endif %}
{% if ldp.discovery.transport_ipv6_address is defined %}
-discovery transport-address {{ ldp.discovery.transport_ipv6_address }}
+ discovery transport-address {{ ldp.discovery.transport_ipv6_address }}
{% endif %}
{% if ldp.discovery.hello_ipv6_holdtime is defined %}
-discovery hello holdtime {{ ldp.discovery.hello_ipv6_holdtime }}
+ discovery hello holdtime {{ ldp.discovery.hello_ipv6_holdtime }}
{% endif %}
{% if ldp.discovery.hello_ipv6_interval is defined %}
-discovery hello interval {{ ldp.discovery.hello_ipv6_interval }}
+ discovery hello interval {{ ldp.discovery.hello_ipv6_interval }}
{% endif %}
{% if ldp.discovery.session_ipv6_holdtime is defined %}
-session holdtime {{ ldp.discovery.session_ipv6_holdtime }}
+ session holdtime {{ ldp.discovery.session_ipv6_holdtime }}
{% endif %}
{% if ldp.import is defined %}
{% if ldp.import.ipv6 is defined %}
{% if ldp.import.ipv6.import_filter is defined %}
{% if ldp.import.ipv6.import_filter.filter_access_list6 is defined %}
{% if ldp.import.ipv6.import_filter.neighbor_access_list6 is defined %}
-label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }} from {{ ldp.import.ipv6.import_filter.neighbor_access_list6 }}
+ label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }} from {{ ldp.import.ipv6.import_filter.neighbor_access_list6 }}
{% else %}
-label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }}
+ label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }}
{% endif %}
{% endif %}
{% endif %}
@@ -149,14 +149,14 @@ label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }}
{% if ldp.export is defined %}
{% if ldp.export.ipv6 is defined %}
{% if ldp.export.ipv6.explicit_null is defined %}
-label local advertise explicit-null
+ label local advertise explicit-null
{% endif %}
{% if ldp.export.ipv6.export_filter is defined %}
{% if ldp.export.ipv6.export_filter.filter_access_list6 is defined %}
{% if ldp.export.ipv6.export_filter.neighbor_access_list6 is defined %}
-label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }} to {{ ldp.export.ipv6.export_filter.neighbor_access_list6 }}
+ label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }} to {{ ldp.export.ipv6.export_filter.neighbor_access_list6 }}
{% else %}
-label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }}
+ label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }}
{% endif %}
{% endif %}
{% endif %}
@@ -164,24 +164,27 @@ label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }
{% endif %}
{% if ldp.targeted_neighbor is defined %}
{% if ldp.targeted_neighbor.ipv6.enable is defined %}
-discovery targeted-hello accept
+ discovery targeted-hello accept
{% endif %}
{% if ldp.targeted_neighbor.ipv6.hello_holdtime is defined %}
-discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv6.hello_holdtime }}
+ discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv6.hello_holdtime }}
{% endif %}
{% if ldp.targeted_neighbor.ipv6.hello_interval is defined %}
-discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv6.hello_interval }}
+ discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv6.hello_interval }}
{% endif %}
{% for addresses in ldp.targeted_neighbor.ipv6.address %}
-neighbor {{addresses}} targeted
+ neighbor {{addresses}} targeted
{% endfor %}
{% endif %}
{% for interfaces in ldp.interface %}
-interface {{interfaces}}
+ interface {{interfaces}}
{% endfor %}
-exit-address-family
+ exit-address-family
{% else %}
-no address-family ipv6
+ no address-family ipv6
{% endif %}
+ !
{% endif %}
+exit
{% endif %}
+!
diff --git a/data/templates/frr/ospf6d.frr.tmpl b/data/templates/frr/ospf6d.frr.tmpl
index a8c53738f..10a6d9b4b 100644
--- a/data/templates/frr/ospf6d.frr.tmpl
+++ b/data/templates/frr/ospf6d.frr.tmpl
@@ -1,7 +1,10 @@
!
{% if interface is defined and interface is not none %}
{% for iface, iface_config in interface.items() %}
-interface {{ iface }}
+interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
+{% if iface_config.area is defined and iface_config.area is not none %}
+ ipv6 ospf6 area {{ iface_config.area }}
+{% endif %}
{% if iface_config.cost is defined and iface_config.cost is not none %}
ipv6 ospf6 cost {{ iface_config.cost }}
{% endif %}
@@ -38,18 +41,14 @@ interface {{ iface }}
{% if iface_config.passive is defined %}
ipv6 ospf6 passive
{% endif %}
+exit
!
{% endfor %}
{% endif %}
!
-router ospf6
+router ospf6 {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% if area is defined and area is not none %}
{% for area_id, area_config in area.items() %}
-{% if area_config.interface is defined and area_config.interface is not none %}
-{% for interface in area_config.interface %}
- interface {{ interface }} area {{ area_id }}
-{% endfor %}
-{% endif %}
{% if area_config.area_type is defined and area_config.area_type is not none %}
{% for type, type_config in area_config.area_type.items() %}
area {{ area_id }} {{ type }} {{ 'no-summary' if type_config.no_summary is defined }}
@@ -89,4 +88,5 @@ router ospf6
redistribute {{ protocol }} {{ 'route-map ' + options.route_map if options.route_map is defined }}
{% endfor %}
{% endif %}
+exit
!
diff --git a/data/templates/frr/ospfd.frr.tmpl b/data/templates/frr/ospfd.frr.tmpl
index 90a6bbd56..a7b770f07 100644
--- a/data/templates/frr/ospfd.frr.tmpl
+++ b/data/templates/frr/ospfd.frr.tmpl
@@ -49,6 +49,10 @@ interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% if iface_config.network is defined and iface_config.network is not none %}
ip ospf network {{ iface_config.network }}
{% endif %}
+{% if iface_config.passive is defined %}
+ {{ 'no ' if iface_config.passive.disable is defined }}ip ospf passive
+{% endif %}
+exit
!
{% endfor %}
{% endif %}
@@ -158,18 +162,8 @@ router ospf {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
ospf router-id {{ parameters.router_id }}
{% endif %}
{% endif %}
-{% if passive_interface is defined and passive_interface is not none %}
-{% for interface in passive_interface %}
- passive-interface {{ interface }}
-{% endfor %}
-{% endif %}
-{% if passive_interface_exclude is defined and passive_interface_exclude is not none %}
-{% for interface in passive_interface_exclude if passive_interface_exclude is defined %}
-{% if interface.startswith('vlink') %}
-{% set interface = interface.upper() %}
-{% endif %}
- no passive-interface {{ interface }}
-{% endfor %}
+{% if passive_interface is defined and passive_interface.default is defined %}
+ passive-interface default
{% endif %}
{% if redistribute is defined and redistribute is not none %}
{% for protocol, protocols_options in redistribute.items() %}
@@ -189,4 +183,5 @@ router ospf {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{# Timer values have default values #}
timers throttle spf {{ timers.throttle.spf.delay }} {{ timers.throttle.spf.initial_holdtime }} {{ timers.throttle.spf.max_holdtime }}
{% endif %}
+exit
!
diff --git a/data/templates/frr/policy.frr.tmpl b/data/templates/frr/policy.frr.tmpl
index 51adc1902..d3d3957a5 100644
--- a/data/templates/frr/policy.frr.tmpl
+++ b/data/templates/frr/policy.frr.tmpl
@@ -1,4 +1,3 @@
-!
{% if access_list is defined and access_list is not none %}
{% for acl, acl_config in access_list.items() | natural_sort %}
{% if acl_config.description is defined and acl_config.description is not none %}
@@ -60,7 +59,7 @@ ipv6 access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ src }} {{
{% for acl, acl_config in as_path_list.items() | natural_sort %}
{% if acl_config.rule is defined and acl_config.rule is not none %}
{% for rule, rule_config in acl_config.rule.items() | natural_sort %}
-bgp as-path access-list {{ acl }} {{ rule_config.action }} {{ rule_config.regex }}
+bgp as-path access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }}
{% endfor %}
{% endif %}
{% endfor %}
@@ -314,9 +313,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
set weight {{ rule_config.set.weight }}
{% endif %}
{% endif %}
-{% endfor %}
+exit
!
+{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
-!
diff --git a/data/templates/frr/ripd.frr.tmpl b/data/templates/frr/ripd.frr.tmpl
index cabc236f0..c44bb6d27 100644
--- a/data/templates/frr/ripd.frr.tmpl
+++ b/data/templates/frr/ripd.frr.tmpl
@@ -1,4 +1,3 @@
-!
{# RIP key-chain definition #}
{% if interface is defined and interface is not none %}
{% for iface, iface_config in interface.items() %}
@@ -9,7 +8,9 @@ key chain {{ iface }}-rip
{% if key_options.password is defined and key_options.password is not none %}
key-string {{ key_options.password }}
{% endif %}
+ exit
{% endfor %}
+exit
{% endif %}
{% endfor %}
{% endif %}
@@ -31,6 +32,8 @@ interface {{ iface }}
{% if iface_config.split_horizon is defined and iface_config.split_horizon.poison_reverse is defined %}
ip rip split-horizon poisoned-reverse
{% endif %}
+exit
+!
{% endfor %}
{% endif %}
!
@@ -89,6 +92,7 @@ router rip
{% endif %}
{% endif %}
{% include 'frr/rip_ripng.frr.j2' %}
+exit
!
{% if route_map is defined and route_map is not none %}
ip protocol rip route-map {{ route_map }}
diff --git a/data/templates/frr/ripngd.frr.tmpl b/data/templates/frr/ripngd.frr.tmpl
index 25df15121..ca7b9b5fb 100644
--- a/data/templates/frr/ripngd.frr.tmpl
+++ b/data/templates/frr/ripngd.frr.tmpl
@@ -1,4 +1,3 @@
-!
{# Interface specific configuration #}
{% if interface is defined and interface is not none %}
{% for iface, iface_config in interface.items() %}
@@ -9,6 +8,7 @@ interface {{ iface }}
{% if iface_config.split_horizon is defined and iface_config.split_horizon.poison_reverse is defined %}
ipv6 rip split-horizon poisoned-reverse
{% endif %}
+exit
{% endfor %}
{% endif %}
!
@@ -57,4 +57,9 @@ router ripng
{% endif %}
{% endif %}
{% include 'frr/rip_ripng.frr.j2' %}
+exit
+!
+{% if route_map is defined and route_map is not none %}
+ipv6 protocol ripng route-map {{ route_map }}
+{% endif %}
!
diff --git a/data/templates/frr/rpki.frr.tmpl b/data/templates/frr/rpki.frr.tmpl
index fbdfa27c3..7f9823f6b 100644
--- a/data/templates/frr/rpki.frr.tmpl
+++ b/data/templates/frr/rpki.frr.tmpl
@@ -14,4 +14,5 @@ rpki
{% if polling_period is defined and polling_period is not none %}
rpki polling_period {{ polling_period }}
{% endif %}
+exit
!
diff --git a/data/templates/frr/staticd.frr.tmpl b/data/templates/frr/staticd.frr.tmpl
index db59a44c2..bfe959c1d 100644
--- a/data/templates/frr/staticd.frr.tmpl
+++ b/data/templates/frr/staticd.frr.tmpl
@@ -15,6 +15,15 @@ vrf {{ vrf }}
{{ static_routes(ip_prefix, prefix, prefix_config) }}
{%- endfor -%}
{% endif %}
+{# IPv4 default routes from DHCP interfaces #}
+{% if dhcp is defined and dhcp is not none %}
+{% for interface in dhcp %}
+{% set next_hop = interface | get_dhcp_router %}
+{% if next_hop is defined and next_hop is not none %}
+{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 210
+{% endif %}
+{% endfor %}
+{% endif %}
{# IPv6 routing #}
{% if route6 is defined and route6 is not none %}
{% for prefix, prefix_config in route6.items() %}
diff --git a/data/templates/frr/vrf-vni.frr.tmpl b/data/templates/frr/vrf-vni.frr.tmpl
index 51d4ede1b..299c9719e 100644
--- a/data/templates/frr/vrf-vni.frr.tmpl
+++ b/data/templates/frr/vrf-vni.frr.tmpl
@@ -1,7 +1,9 @@
-{% if vrf is defined and vrf is not none %}
+{% if name is defined and name is not none %}
+{% for vrf, vrf_config in name.items() %}
vrf {{ vrf }}
-{% if vni is defined and vni is not none %}
- vni {{ vni }}
-{% endif %}
+{% if vrf_config.vni is defined and vrf_config.vni is not none %}
+ vni {{ vrf_config.vni }}
+{% endif %}
exit-vrf
+{% endfor %}
{% endif %}
diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.tmpl
new file mode 100644
index 000000000..824b1ba3b
--- /dev/null
+++ b/data/templates/https/override.conf.tmpl
@@ -0,0 +1,15 @@
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+[Unit]
+StartLimitIntervalSec=0
+After=vyos-router.service
+
+[Service]
+ExecStartPre=
+ExecStartPre={{vrf_command}}/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
+ExecStart=
+ExecStart={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;'
+ExecReload=
+ExecReload={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
+Restart=always
+RestartPreventExitStatus=
+RestartSec=10
diff --git a/data/templates/ipsec/swanctl/profile.tmpl b/data/templates/ipsec/swanctl/profile.tmpl
index 948dd8f87..a5cae31c0 100644
--- a/data/templates/ipsec/swanctl/profile.tmpl
+++ b/data/templates/ipsec/swanctl/profile.tmpl
@@ -7,7 +7,7 @@
dmvpn-{{ name }}-{{ interface }} {
proposals = {{ ike_group[profile_conf.ike_group] | get_esp_ike_cipher | join(',') }}
version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }}
- life_time = {{ ike.lifetime }}s
+ rekey_time = {{ ike.lifetime }}s
keyingtries = 0
{% if profile_conf.authentication is defined and profile_conf.authentication.mode is defined and profile_conf.authentication.mode == 'pre-shared-secret' %}
local {
diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.tmpl
index 6cf6a440f..2c7ad920f 100644
--- a/data/templates/lcd/LCDd.conf.tmpl
+++ b/data/templates/lcd/LCDd.conf.tmpl
@@ -53,6 +53,8 @@ DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/
Driver=CFontzPacket
{% elif model == 'sdec' %}
Driver=sdeclcd
+{% elif model == 'hd44780' %}
+Driver=hd44780
{% endif %}
{% endif %}
@@ -128,5 +130,10 @@ USB=yes
## SDEC driver for Lanner, Watchguard, Sophos sppliances ##
[sdeclcd]
# No options
+{% elif model == 'hd44780' %}
+[hd44780]
+ConnectionType=ezio
+Device={{ device }}
+Size=16x2
{% endif %}
{% endif %}
diff --git a/data/templates/mdns-repeater/avahi-daemon.tmpl b/data/templates/mdns-repeater/avahi-daemon.tmpl
new file mode 100644
index 000000000..65bb5a306
--- /dev/null
+++ b/data/templates/mdns-repeater/avahi-daemon.tmpl
@@ -0,0 +1,18 @@
+[server]
+use-ipv4=yes
+use-ipv6=yes
+allow-interfaces={{ interface | join(', ') }}
+disallow-other-stacks=no
+
+[wide-area]
+enable-wide-area=yes
+
+[publish]
+disable-publishing=yes
+disable-user-service-publishing=yes
+publish-addresses=no
+publish-hinfo=no
+publish-workstation=no
+
+[reflector]
+enable-reflector=yes
diff --git a/data/templates/mdns-repeater/mdns-repeater.tmpl b/data/templates/mdns-repeater/mdns-repeater.tmpl
deleted file mode 100644
index 80f4ab047..000000000
--- a/data/templates/mdns-repeater/mdns-repeater.tmpl
+++ /dev/null
@@ -1,2 +0,0 @@
-### Autogenerated by mdns_repeater.py ###
-DAEMON_ARGS="{{ interface | join(' ') }}"
diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/netflow/uacctd.conf.tmpl
index 1c183bb20..11fc76769 100644
--- a/data/templates/netflow/uacctd.conf.tmpl
+++ b/data/templates/netflow/uacctd.conf.tmpl
@@ -68,5 +68,8 @@ sfprobe_agentip[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['agent-addr
{% if templatecfg['sflow']['sampling-rate'] != none %}
sampling_rate[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['sampling-rate'] }}
{% endif %}
+{% if templatecfg['sflow']['source-address'] != none %}
+sfprobe_source_ip[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['source-address'] }}
+{% endif %}
{% endfor %}
{% endif %}
diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl
index 2b56b53c3..38e68f24f 100644
--- a/data/templates/ntp/ntpd.conf.tmpl
+++ b/data/templates/ntp/ntpd.conf.tmpl
@@ -6,6 +6,8 @@
driftfile /var/lib/ntp/ntp.drift
# By default, only allow ntpd to query time sources, ignore any incoming requests
restrict default noquery nopeer notrap nomodify
+# Allow pool associations
+restrict source nomodify notrap noquery
# Local users have unrestricted access, allowing reconfiguration via ntpdc
restrict 127.0.0.1
restrict -6 ::1
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index bdf88b85f..7a0470d0e 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -126,6 +126,12 @@ push "dhcp-option DNS6 {{ nameserver }}"
{% if server.domain_name is defined and server.domain_name is not none %}
push "dhcp-option DOMAIN {{ server.domain_name }}"
{% endif %}
+{% if server.mfa is defined and server.mfa is not none %}
+{% if server.mfa.totp is defined and server.mfa.totp is not none %}
+{% set totp_config = server.mfa.totp %}
+plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}"
+{% endif %}
+{% endif %}
{% endif %}
{% else %}
#
@@ -218,16 +224,3 @@ auth {{ hash }}
auth-user-pass {{ auth_user_pass_file }}
auth-retry nointeract
{% endif %}
-
-{% if openvpn_option is defined and openvpn_option is not none %}
-#
-# Custom options added by user (not validated)
-#
-{% for option in openvpn_option %}
-{% for argument in option.split('--') %}
-{% if argument is defined and argument != '' %}
---{{ argument }}
-{% endif %}
-{% endfor %}
-{% endfor %}
-{% endif %}
diff --git a/data/templates/openvpn/service-override.conf.tmpl b/data/templates/openvpn/service-override.conf.tmpl
new file mode 100644
index 000000000..069bdbd08
--- /dev/null
+++ b/data/templates/openvpn/service-override.conf.tmpl
@@ -0,0 +1,20 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/openvpn --daemon openvpn-%i --config %i.conf --status %i.status 30 --writepid %i.pid
+{%- if openvpn_option is defined and openvpn_option is not none %}
+{% for option in openvpn_option %}
+{# Remove the '--' prefix from variable if it is presented #}
+{% if option.startswith('--') %}
+{% set option = option.split('--', maxsplit=1)[1] %}
+{% endif %}
+{# Workaround to pass '--push' options properly. Previously openvpn accepted this option without values in double-quotes #}
+{# But now it stopped doing this, so we need to add them for compatibility #}
+{# HOWEVER! This is a raw option and we do not promise that this or any other trick will work for all the cases. #}
+{# Using 'openvpn-option' you take all responsibility for compatibility for yourself. #}
+{% if option.startswith('push') and not (option.startswith('push "') and option.endswith('"')) %}
+{% set option = 'push \"%s\"'|format(option.split('push ', maxsplit=1)[1]) %}
+{% endif %}
+ --{{ option }}
+{%- endfor %}
+{% endif %}
+
diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl
index db2114fa1..30806ce8a 100644
--- a/data/templates/snmp/etc.snmpd.conf.tmpl
+++ b/data/templates/snmp/etc.snmpd.conf.tmpl
@@ -39,7 +39,7 @@ SysDescr {{ description }}
{% endif %}
# Listen
-agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},udp:161{% if ipv6_enabled %},udp6:161{% endif %}{% endif %}
+agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},{{protocol}}:161{% if ipv6_enabled %},{{protocol}}6:161{% endif %}{% endif %}
# SNMP communities
{% for c in communities %}
diff --git a/data/templates/tftp-server/default.tmpl b/data/templates/tftp-server/default.tmpl
index 6b2d6a903..a7edf60ad 100644
--- a/data/templates/tftp-server/default.tmpl
+++ b/data/templates/tftp-server/default.tmpl
@@ -1,2 +1,7 @@
### Autogenerated by tftp_server.py ###
DAEMON_ARGS="--listen --user tftp --address {{ listen_address }} {{ "--create --umask 000" if allow_upload is defined }} --secure {{ directory }}"
+{% if vrf is defined %}
+VRF_ARGS="ip vrf exec {{ vrf }}"
+{% else %}
+VRF_ARGS=""
+{% endif %}
diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl
index b4824a994..b93aa4bc9 100644
--- a/data/templates/vrrp/keepalived.conf.tmpl
+++ b/data/templates/vrrp/keepalived.conf.tmpl
@@ -5,9 +5,6 @@
global_defs {
dynamic_interfaces
script_user root
- # Don't run scripts configured to be run as root if any part of the path
- # is writable by a non-root user.
- enable_script_security
notify_fifo /run/keepalived/keepalived_notify_fifo
notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
}
diff --git a/data/templates/vyos-hostsd/hosts.tmpl b/data/templates/vyos-hostsd/hosts.tmpl
index 8b73c6e51..03662d562 100644
--- a/data/templates/vyos-hostsd/hosts.tmpl
+++ b/data/templates/vyos-hostsd/hosts.tmpl
@@ -17,8 +17,9 @@ ff02::2 ip6-allrouters
{% for tag, taghosts in hosts.items() %}
# {{ tag }}
{% for host, hostprops in taghosts.items() if hostprops.address is defined %}
-{{ "%-15s" | format(hostprops.address) }} {{ host }} {{ hostprops.aliases|join(' ') if hostprops.aliases is defined }}
+{% for addr in hostprops.address %}
+{{ "%-15s" | format(addr) }} {{ host }} {{ hostprops.aliases|join(' ') if hostprops.aliases is defined }}
+{% endfor %}
{% endfor %}
{% endfor %}
{% endif %}
-