summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
(cherry picked from commit 4aaf0ba69139d84f89e5c3feee6edd845af8d1e5)
2021-12-15pppoe-server: T3006: Add range to regex generatorDmitriyEshenko
2021-12-14http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
2021-12-09https: T4055: add vrf supportChristian Poessinger
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
2021-12-07Merge pull request #1098 from goodNETnick/vrrpHealthChristian Poessinger
VRRP: T4033: VRRP script_security parameter removed
2021-12-06sflow: T4046: Add source-address for sflowViacheslav
(cherry picked from commit bb77dd269bfb9522f5b56ac027598ac20e101f13)
2021-12-06mpls: ldp: T3753: add proper indention to Jinja2 templateChristian Poessinger
(cherry picked from commit 3a29968d6b8dc0bc6966ae5a4713781ea8f9fff0)
2021-12-06VRRP: T4033: VRRP script_security parameter removedgoodNETnick
2021-12-03tftp: T4012: Add TFTP VRF supportDmitriyEshenko
2021-11-18console-server: T2490: display /etc/issue.net on SSH loginsChristian Poessinger
(cherry picked from commit c0bf019e9fc6251ce43c57903b85115f0e3ab2bc)
2021-11-18dhcp: T4008: change client retry interval form 300 -> 60 secondsChristian Poessinger
2021-11-17OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. (cherry picked from commit 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123)
2021-11-15l2tp: T3724: allow setting accel-ppp l2tp host-nameMarek Isalski
(cherry picked from commit 3d00140453b3967370c77ddd9dac4af223a7ddce)
2021-11-07http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
(cherry picked from commit b168b4cc7da456f14714d917cdc7a1c6b8df9af5)
2021-11-07http api: T3412: use FastAPI as web framework; support application/jsonJohn Estabrook
Replace the Flask micro-framework with FastAPI, in order to support extensions to the API and OpenAPI 3.* generation. This change will remain backwards compatible with previous versions. Notably, the multipart forms version of requests remain supported; in addition application/json requests are now natively supported. (cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
2021-11-03sstp: T2566: use XML defaultValue over Jinja2 hardcoded valueChristian Poessinger
2021-11-02sstp: T2566: Fix to allow IPv6 only poolsViacheslav
To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it.
2021-10-13ntp: T3904: Fix NTP pool associationsGeorgiy Tugai
As of NTP 4.2.7, 'nopeer' also blocks pool associations. See https://bugs.ntp.org/show_bug.cgi?id=2657 See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
2021-10-13dns: T3277: DNS Forwarding - reverse zones for RFC1918 addressesHard7Rock
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c) (cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
2021-10-10lcd: T2564: add support for hd44780 displaysChristian Poessinger
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
2021-10-02dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5Christian Poessinger
2021-09-30vrrp: T3877: backport handlers to solve "default rfc3768-compatibility" issueJohn Estabrook
Do not create rfc3768-compatibility interfaces by default because of wrong Jinja2 syntax. Backporting the entire system makes it easier in the future to additional bugfixes.
2021-09-30dhcp-server: T2230: add subnet description into rendered configChristian Poessinger
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity.
2021-09-21vrrp: keepalived: T616: drop /etc/default/keepalivedChristian Poessinger
This is a follow-up commit to 65398e5c8 ("vrrp: keepalived: T616: move configuration to volatile /run directory") as it makes no sense to store a static /etc/default/keepalived file marked as "Autogenerated by VyOS" that only enabled the SNMP option to keepalived. Better pass the --snmp switch via the systemd override file and drop all other references/files.
2021-09-21vrrp: keepalived: T616: enable script securityChristian Poessinger
(cherry picked from commit 590cf0e626f6a5e813ec4f3021c028a5e098e27d)
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived. (cherry picked from commit b243795eba1b36cadd81c3149e833bdf5c5bea70)
2021-09-21vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks featureChristian Poessinger
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file. (cherry picked from commit c1ac0630cfe0ee65569fbe435cc006ade20fed22)
2021-09-21dhcp-server: T3839: support domain-search and ntp-server config per ↵Christian Poessinger
shared-network (cherry picked from commit 689d1824d251ea9fbd81bf0c941dbd36e33ef420)
2021-09-19dhcp-server: T2927: Add empty args if does not possible to determine variablesDmitriyEshenko
(cherry picked from commit 2f8b33a26e63e5b9ac4e697b9312f2238d6241f3)
2021-09-19dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' (cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b)
2021-09-19dhcp-server: T3672: bugfix Jinja2 templateChristian Poessinger
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases. (cherry picked from commit 6c2c089c26f1652644c9ded7d5cfd8a0497f148e)
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides. (cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
2021-09-19dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. (cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
2021-09-19dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } (cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
2021-09-11T3275: conntrack: Add missing conntrack templatesLulu Cathrinus Grimalkin
2021-09-09openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
(cherry picked from commit 2647edc30f1e02840cae62fde8b44345d35ac720)
2021-09-06https: T2230: only support TLS1.2 and TLS1.3Christian Poessinger
(cherry picked from commit 7546e249708de3e0b4bf8f89912caf73265edd60)
2021-09-06syslog: T3396: Fix template for remote IPv6 hostViacheslav
2021-09-03openvpn: T690: Add metric for pushed routesViacheslav
2021-09-02sstp-server: T2661: Delete CA certificate redundancy checkDmitriyEshenko
2021-09-01pptp-server: T3790: Change ippool priority and define gw-ip-addressDmitriyEshenko
2021-08-25isis: T3779: backport entire 1.4 (current) featuresetChristian Poessinger
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time.
2021-08-22pppoe: T1318: set source interface next to rp-pppoe.so plugin in peer templateChristian Poessinger
(cherry picked from commit 8fc06b5f8bbfcc49e69406fd70cd5cd42fb6d39f)
2021-08-22pppoe: T1318: implement missing access-concentrator CLI optionChristian Poessinger
(cherry picked from commit b121ee14ff1961b56568b0116de3c246ea4af934)
2021-08-13nginx: T3740: use bracketize_ipv6 Jinja2 filter on server addressChristian Poessinger
(cherry picked from commit f3df9e97c6bedd305133e860654fc0213c12fd6b)
2021-08-12nat: T1083: fix Jinja2 templating errorChristian Poessinger
Commit 166d44b3 ("nat: T1083: add translation options for persistent/random mapping of address and port") added support for persistent IP address and port mappings for NAT. Unfortunately one if clause got lost in translation.
2021-08-05nat: T1083: add translation options for persistent/random mapping of address ↵Igor Melnyk
and port Tested using: set destination rule 100 inbound-interface 'eth0' set destination rule 100 translation address '19.13.23.42' set destination rule 100 translation options address-mapping 'random' set destination rule 100 translation options port-mapping 'none' set source rule 1000 outbound-interface 'eth0' set source rule 1000 translation address '122.233.231.12' set source rule 1000 translation options address-mapping 'persistent' set source rule 1000 translation options port-mapping 'fully-random'