summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2022-01-15ntp: T4184: Fix allow-clients addressViacheslav
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address (cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a)
2022-01-06vrrp: T4141: bugfix missing {% if %} clause when adding sync-groupsChristian Poessinger
(cherry picked from commit 0a91c5de32b52235f4c9c12a6ec34c017011c3df)
2021-12-31Merge pull request #1122 from sever-sever/T4081-equDaniil Baturin
keepalived: T4081: Fix health-checking when syn-group is used
2021-12-29l2tp-server: T4117: Add dae-server configuration to templateDmitriyEshenko
2021-12-27keepalived: T4081: Fix health-checking when syn-group is usedViacheslav
If health-check scripts are used in vrrp group and vrrp group is member of sync-group, then health-check scripts should be part of the section "vrrp_sync_group". In another case the health-scripts won't work anymore.
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
(cherry picked from commit 4aaf0ba69139d84f89e5c3feee6edd845af8d1e5)
2021-12-15pppoe-server: T3006: Add range to regex generatorDmitriyEshenko
2021-12-14http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
2021-12-09https: T4055: add vrf supportChristian Poessinger
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
2021-12-07Merge pull request #1098 from goodNETnick/vrrpHealthChristian Poessinger
VRRP: T4033: VRRP script_security parameter removed
2021-12-06sflow: T4046: Add source-address for sflowViacheslav
(cherry picked from commit bb77dd269bfb9522f5b56ac027598ac20e101f13)
2021-12-06mpls: ldp: T3753: add proper indention to Jinja2 templateChristian Poessinger
(cherry picked from commit 3a29968d6b8dc0bc6966ae5a4713781ea8f9fff0)
2021-12-06VRRP: T4033: VRRP script_security parameter removedgoodNETnick
2021-12-03tftp: T4012: Add TFTP VRF supportDmitriyEshenko
2021-11-18console-server: T2490: display /etc/issue.net on SSH loginsChristian Poessinger
(cherry picked from commit c0bf019e9fc6251ce43c57903b85115f0e3ab2bc)
2021-11-18dhcp: T4008: change client retry interval form 300 -> 60 secondsChristian Poessinger
2021-11-17OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. (cherry picked from commit 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123)
2021-11-15l2tp: T3724: allow setting accel-ppp l2tp host-nameMarek Isalski
(cherry picked from commit 3d00140453b3967370c77ddd9dac4af223a7ddce)
2021-11-07http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
(cherry picked from commit b168b4cc7da456f14714d917cdc7a1c6b8df9af5)
2021-11-07http api: T3412: use FastAPI as web framework; support application/jsonJohn Estabrook
Replace the Flask micro-framework with FastAPI, in order to support extensions to the API and OpenAPI 3.* generation. This change will remain backwards compatible with previous versions. Notably, the multipart forms version of requests remain supported; in addition application/json requests are now natively supported. (cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
2021-11-03sstp: T2566: use XML defaultValue over Jinja2 hardcoded valueChristian Poessinger
2021-11-02sstp: T2566: Fix to allow IPv6 only poolsViacheslav
To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it.
2021-10-13ntp: T3904: Fix NTP pool associationsGeorgiy Tugai
As of NTP 4.2.7, 'nopeer' also blocks pool associations. See https://bugs.ntp.org/show_bug.cgi?id=2657 See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
2021-10-13dns: T3277: DNS Forwarding - reverse zones for RFC1918 addressesHard7Rock
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c) (cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
2021-10-10lcd: T2564: add support for hd44780 displaysChristian Poessinger
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
2021-10-02dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5Christian Poessinger
2021-09-30vrrp: T3877: backport handlers to solve "default rfc3768-compatibility" issueJohn Estabrook
Do not create rfc3768-compatibility interfaces by default because of wrong Jinja2 syntax. Backporting the entire system makes it easier in the future to additional bugfixes.
2021-09-30dhcp-server: T2230: add subnet description into rendered configChristian Poessinger
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity.
2021-09-21vrrp: keepalived: T616: drop /etc/default/keepalivedChristian Poessinger
This is a follow-up commit to 65398e5c8 ("vrrp: keepalived: T616: move configuration to volatile /run directory") as it makes no sense to store a static /etc/default/keepalived file marked as "Autogenerated by VyOS" that only enabled the SNMP option to keepalived. Better pass the --snmp switch via the systemd override file and drop all other references/files.
2021-09-21vrrp: keepalived: T616: enable script securityChristian Poessinger
(cherry picked from commit 590cf0e626f6a5e813ec4f3021c028a5e098e27d)
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived. (cherry picked from commit b243795eba1b36cadd81c3149e833bdf5c5bea70)
2021-09-21vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks featureChristian Poessinger
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file. (cherry picked from commit c1ac0630cfe0ee65569fbe435cc006ade20fed22)
2021-09-21dhcp-server: T3839: support domain-search and ntp-server config per ↵Christian Poessinger
shared-network (cherry picked from commit 689d1824d251ea9fbd81bf0c941dbd36e33ef420)
2021-09-19dhcp-server: T2927: Add empty args if does not possible to determine variablesDmitriyEshenko
(cherry picked from commit 2f8b33a26e63e5b9ac4e697b9312f2238d6241f3)
2021-09-19dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' (cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b)
2021-09-19dhcp-server: T3672: bugfix Jinja2 templateChristian Poessinger
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases. (cherry picked from commit 6c2c089c26f1652644c9ded7d5cfd8a0497f148e)
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides. (cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
2021-09-19dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. (cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
2021-09-19dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } (cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
2021-09-11T3275: conntrack: Add missing conntrack templatesLulu Cathrinus Grimalkin
2021-09-09openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
(cherry picked from commit 2647edc30f1e02840cae62fde8b44345d35ac720)
2021-09-06https: T2230: only support TLS1.2 and TLS1.3Christian Poessinger
(cherry picked from commit 7546e249708de3e0b4bf8f89912caf73265edd60)
2021-09-06syslog: T3396: Fix template for remote IPv6 hostViacheslav
2021-09-03openvpn: T690: Add metric for pushed routesViacheslav
2021-09-02sstp-server: T2661: Delete CA certificate redundancy checkDmitriyEshenko
2021-09-01pptp-server: T3790: Change ippool priority and define gw-ip-addressDmitriyEshenko
2021-08-25isis: T3779: backport entire 1.4 (current) featuresetChristian Poessinger
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time.