summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2024-02-27vyos-hostsd: T4270: do not resolve local router FQDN to 127.0.1.1Christian Breunig
Clients using VyOS as their DNS server and trying to resolve the FQDN of the router will receive 127.0.1.1 as answer. set service dns forwarding allow-from '172.16.0.0/12' set service dns forwarding listen-address '172.31.0.254' set service dns forwarding negative-ttl '60' set system domain-name 'vyos.net' set system host-name 'R1' Will return: $ host R1.vyos.net 172.31.0.254 Using domain server: Name: 172.31.0.254 Address: 172.31.0.254#53 Aliases: R1.vyos.net has address 127.0.1.1 When it should rather return the real IP address assigned via DNS.
2024-02-23T6054: WLB: fix rules parsing when using multiple ports in one ruleNicolas Fort
2024-02-21conntrack: T5376: Fix priority for CT helperssarthurdev
Ref: https://www.spinics.net/lists/netfilter/msg59549.html
2024-02-16Merge pull request #3016 from c-po/nhtChristian Breunig
T6001: add option to disable next-hop-tracking resolve-via-default
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-default in VRF ↵Christian Breunig
context * set vrf name <name> ip nht no-resolve-via-default * set vrf name <name> ipv6 nht no-resolve-via-default
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-defaultChristian Breunig
* set system ip nht no-resolve-via-default * set system ipv6 nht no-resolve-via-default
2024-02-15Merge pull request #3004 from aapostoliuk/T6029-circinusDaniil Baturin
T6029: Rewritten Accel-PPP services to an identical feature set
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code.
2024-02-14eigrp: T2472: improve code for later testsChristian Breunig
2024-02-13Merge pull request #2987 from c-po/evpn-macvrf-sooChristian Breunig
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
2024-02-11Merge pull request #2980 from c-po/srv6-T5849Daniil Baturin
srv6: T5849: add segment support to "protocols static route6"
2024-02-11bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
2024-02-10bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
2024-02-08Merge pull request #2955 from c-po/rpki-T6023Christian Breunig
rpki: T6023: add support for CLI knobs expire-interval and retry-interval
2024-02-08Merge pull request #2950 from aapostoliuk/T5960-circinusDaniil Baturin
T5960: Rewritten authentication node in PPTP to a single view
2024-02-07bgp: T6024: add additional missing FRR featuresChristian Breunig
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset"
2024-02-07rpki: T6023: add support for CLI knobs expire-interval and retry-intervalChristian Breunig
2024-02-07T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication.
2024-02-06Merge pull request #2936 from c-po/rpki-T6011Daniil Baturin
rpki: T6011: known-hosts-file is no longer supported by FRR
2024-02-03rpki: T6011: known-hosts-file is no longer supported by FRRChristian Breunig
2024-02-03ipsec: T5998: add replay-windows settingChristian Breunig
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040>
2024-02-02Merge pull request #2889 from sarthurdev/kea-hooksChristian Breunig
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
2024-02-02Merge pull request #2891 from aapostoliuk/T5971-circinusViacheslav Hletenko
T5971: Rewritten ppp options in accel-ppp services
2024-02-01upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLsChris Buechler
2024-02-01Merge pull request #2756 from nicolas-fort/T4839Christian Breunig
T4839: firewall: Add dynamic address group in firewall configuration
2024-02-01Merge pull request #2860 from indrajitr/ddclient-update-20240119Christian Breunig
ddclient: T5966: Adjust dynamic dns config address subpath
2024-02-01Merge pull request #2903 from HollyGurza/T5687Christian Breunig
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor
2024-01-30Merge pull request #2877 from c-po/vrf-5973Christian Breunig
vrf: T5973: multiple bugfixes and improvements
2024-01-30dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
2024-01-29T5971: Rewritten ppp options in accel-ppp servicesaapostoliuk
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP.
2024-01-25T4839: firewall: Add dynamic address group in firewall configuration, and ↵Nicolas Fort
appropiate commands to populate such groups using source and destination address of the packet.
2024-01-24dhcpv6: T3771: Allow installation of routes for delegated prefixessarthurdev
2024-01-23image-tools: T5980: add support for configurable kernel boot optionsJohn Estabrook
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254>
2024-01-22vrf: T5973: move initial conntrack firewall table to startupChristian Breunig
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code.
2024-01-22Merge pull request #2869 from c-po/sflow-t5968Viacheslav Hletenko
sflow: T5968: add VRF support
2024-01-22sflow: T5968: add VRF supportChristian Breunig
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service
2024-01-21ddclient: T5966: Adjust dynamic dns config address subpathIndrajit Raychaudhuri
Modify the dynamic dns configuration 'address' subpath for better clarity on how the address is obtained. Additionally, remove `web-options` and fold those options under the path `address web`.
2024-01-21dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine)
2024-01-21ntp: T5692: add support to configure leap second behaviorChristian Breunig
* set service ntp leap-second [ignore|smear|system|timezone] Where timezone is the new and old default resulting in adding "leapsectz right/UTC" to chrony.conf. The most prominent new option is "smear" which will add leapsecmode slew maxslewrate 1000 smoothtime 400 0.001 leaponly to chrony. See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for additional information
2024-01-17T5953: Changed values of 'close-action' to Strongswan valuesaapostoliuk
Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group.
2024-01-17Merge pull request #2832 from aapostoliuk/T5865-circinusChristian Breunig
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp
2024-01-16Merge pull request #2818 from jestabro/serial-console-config-modeDaniil Baturin
image-tools: T5923: update system_console.py for new GRUB file structure
2024-01-16T4658: Renamed DPD action value from 'hold' to 'trap'aapostoliuk
Renamed DPD action value from 'hold' to 'trap'
2024-01-16T5865: Moved ipv6 pools to named ipv6 pools in accel-pppaapostoliuk
Moved ipv6 pools to named ipv6 pools in accel-ppp services
2024-01-14bgp: T591: add VPN nexthop support per address-familyChristian Breunig
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address> set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address>
2024-01-14bgp: T591: add SRv6 per address-family SID supportChristian Breunig
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575> set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575>
2024-01-13Merge pull request #2817 from sarthurdev/kea6-optionsChristian Breunig
dhcpv6: T3316: Extend scope of DHCP options, bugfixes
2024-01-12image-tools: T5923: update system_console.py for new GRUB file structureJohn Estabrook
Add util function to set serial console speed in accordance with revised GRUB file structure; in keeping with the intentions of the config_mode script, adjust the GRUB var 'console_speed' to only modify ttyS0.