summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2021-01-19nat: T2947: add many-many translationChristian Poessinger
Support a 1:1 or 1:n prefix translation. The following configuration will NAT source addresses from the 10.2.0.0/16 range to an address from 192.0.2.0/29. For this feature to work a Linux Kernel 5.8 or higher is required! vyos@vyos# show nat source { rule 100 { outbound-interface eth1 source { address 10.2.0.0/16 } translation { address 192.0.2.0/29 } } } This results in the nftables configuration: chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; oifname "eth1" counter packets 0 bytes 0 snat ip prefix to ip saddr map { 10.2.0.0/16 : 192.0.2.0/29 } comment "SRC-NAT-100" }
2021-01-18bgp: T2174: use better variable names when creating peersChristian Poessinger
2021-01-18ssh: T3212: remove RestartPreventExitStatus from systemd unitChristian Poessinger
When configuring SSH to only run inside a given VRF the system can not start SSHd on bootup as the Kernel will report EPERM (Operation not permitted) when loading the VRF BPF program. This returns the exit code 255 which is marked in the systemd unit file to stop restarting the service forever. Removing this limitation will restart the SSHd on startup and it will live inside the VRF till the end of days.
2021-01-17openvpn: T2381: bugfix rendering multiple openvpn-options from CLIChristian Poessinger
The CLI statement "set interfaces openvpn vtun10 openvpn-option '--tun-mtu 1500 --fragment 1300 --mssfix'" will render in vtun10.conf to: --tun-mtu 1500 --fragment 1300 --mssfix On startup OpenVPN complains about: openvpn-vtun10: Options error: Unrecognized option or missing or extra parameter(s) in vtun10.conf:76: tun-mtu (2.4.7) The options must be split on -- to a new configuration line.
2021-01-17ntp: T2185: store configuration in volatile /run areaChristian Poessinger
2021-01-16vrf: T31: migrate to get_config_dict()Christian Poessinger
2021-01-15snmp: T652: enable interface_replace_old option and restart commandChristian Poessinger
- Remove all old ifTable entries with the same ifName as newly appeared interface (with different ifIndex) - this is the case on e.g. ppp interfaces - Add new op-mode command "restart snmp" to restart the daemon
2021-01-15Merge pull request #681 from jjakob/T3219-openvpn-ipv6-irouteChristian Poessinger
openvpn: T3219: fix for server client subnet IPv6 iroute
2021-01-15salt: T3157: Fix location for log filesever-sever
2021-01-14openvpn: T3219: fix for server client subnet IPv6 irouteJernej Jakob
2021-01-14bgp: T2174: remove invalid "no bgp default ipv4-unicast" from default configChristian Poessinger
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
2021-01-13bgp: T2174: bugfix FRR template generationChristian Poessinger
2021-01-12Merge pull request #679 from sever-sever/T3210Christian Poessinger
is-is: T3210: Fix three-way-handshake
2021-01-12nat: T3186: fix negated addresses not applied from CLIChristian Poessinger
2021-01-12Merge pull request #678 from sever-sever/T2387Christian Poessinger
bgp: T2387: Fix template for bgp redistribute proto ospfv3
2021-01-12is-is: T3210: Fix three-way-handshakesever-sever
2021-01-12bgp: T2387: Fix template for bgp redistribute proto ospv3sever-sever
2021-01-12Revert "ntp: T2944: By default do not listen port 123 on any address"sever-sever
This reverts commit ca61add5e7dea828c67ea074368196025f4cb4eb.
2021-01-07login: radius: T3192: migrate to get_config_dict()Christian Poessinger
2021-01-07ssh: T2635: harden Jinja2 template and daemon startupChristian Poessinger
2021-01-07ssh: T2635: change sshd_config path to /run/sshdChristian Poessinger
2021-01-07login: radius: T3192: support IPv6 server(s) and source-addressChristian Poessinger
2021-01-05ISIS: T3156: Adding segment routing for ISISCheeze_It
In this commit we add the segment routing portion for ISIS. There's also an additional check that is added so that the global block label ranges are properly configured. Also added traffic engineering configurations as well.
2021-01-03dhcp: T3180: bugfix assignment of sliced ranges to config dictChristian Poessinger
A reference to a dictionary key obtained by a for loop can not be used to update values inside that dictionaries key. You must use the original path to the nested dictionaries key.
2020-12-31openvpn: T2994: fix ipv6 server modeChristian Poessinger
2020-12-30pppoe-server: T3162: Add generation pado-delay to jinja2 templateDmitriyEshenko
2020-12-29pppoe-server: T3160: Move called-sid param to required sectionDmitriyEshenko
2020-12-29ethernet: T1466: add EAPoL supportChristian Poessinger
2020-12-28webproxy: T563: squidguard: support default rulesetChristian Poessinger
2020-12-28webproxy: T563: add squidguard bodyChristian Poessinger
2020-12-28webproxy: T563: improve handling of cache-peersChristian Poessinger
2020-12-28webproxy: T563: migrate from old Perl code to XML and get_config_dict()Christian Poessinger
Basic proxy functionality is working but the squidguard smoketest still fails as this is yet not implemented.
2020-12-22Merge pull request #657 from Cheeze-It/currentChristian Poessinger
mpls: T915: Add ordered control for LDP
2020-12-22mpls: T915: Add ordered control for LDPCheeze_It
In here we are adding the latest FRR update to allow for LDP label distribution to operate in ordered control mode.
2020-12-21openvpn: T3143: Push routes in correct format <IP> <NETMASK>DmitriyEshenko
2020-12-21flow-accounting: T3141: remove legacy jinja2 templateJan-Philipp Benecke
2020-12-20flow-accounting: T3141: Fixing wrongly formated configJan-Philipp Benecke
2020-12-20wifi: T3043: country-code should be lower caseChristian Poessinger
2020-12-20Merge pull request #647 from jpbede/feature/flowacc-enable-egressChristian Poessinger
flow-accounting: T3132: enable egress traffic accounting
2020-12-17T3135: bfd template missing newlinesbedmisten
trim blocks removes newlines after {% endif %} blocks. Added the required newlines.
2020-12-17flow-accounting: T3132: enable egress traffic accountingJan-Philipp Benecke
2020-12-12dhcpv6-pd: pppoe: T2677: always restart daemonChristian Poessinger
2020-12-09dns: T3121: recursion zone bugfixNEOMorphey
2020-12-09Merge pull request #639 from Cheeze-It/currentChristian Poessinger
mpls-conf: T915: Add LDP import and export control
2020-12-08mpls-conf: T915: Add LDP import and export controlCheeze_It
In this commit we added the ability to control import and export of LDP FECs. This allows for an operator to specify which to filter on ingress, and which to not announce on egress.
2020-12-08openvpn: T3117: fix generated ncp-ciphers in server configChristian Poessinger
2020-12-08bgp: T2174: Fix Template. Update to use FRRConfig frameworksever-sever
2020-12-07Merge pull request #636 from c-po/t2562-dhcpChristian Poessinger
dhcp: T2562: add "listen-address" CLI node for better DHCP relay support
2020-12-06Merge pull request #635 from Cheeze-It/currentChristian Poessinger
mpls-conf: T915: Add LDP local label allocation control