summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2023-03-12T5057: Fix IPoE regex Jinja2 for interfaceViacheslav Hletenko
Fix incorrect regex '\d+' when used vlan ranges For example 'ipoe-server interface eth1 vlan 2000-3000' - replace 'interface=re:eth1\.\d+' => 'interface=re:^eth1\.(200\d|20[1-9]\d|2[1-9]\d{2}|3000)$'
2023-02-13Merge pull request #1813 from sever-sever/T4971-eqChristian Breunig
T4971: PPPoE server add named ip pool and attr Framed-Pool
2023-02-13Merge pull request #1812 from sever-sever/T1993-eqDaniil Baturin
T1993: PPPoE-server add section shaper and fwmark option
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev (cherry-picked form commit bd9416a6aa9d5d0a746dc2cebc8d0330fd27d1a2)
2023-02-12T4971: PPPoE server add named ip pool and attr Framed-PoolViacheslav Hletenko
Add a new feature to allow to use named pools Also it can be used with RADIUS attribute 'Framed-Pool' set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2023-02-12T1993: PPPoE-server add section shaper and fwmark optionViacheslav Hletenko
Extended PPPoE-server rate-limiter to avoid shaping marked resources Often this feature needs for ISP, which provides access to some IX or its resources. set service pppoe-server shaper fwmark '223'
2023-02-08T2603: PPPoE-server change default min-mtu value 1280 for EquuleusViacheslav Hletenko
Minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Change 'min-mtu' from 1492 to 1280 for 1.3.3
2023-01-23pppoe: T4948: add CLI option to allow definition of host-uniq flagChristian Breunig
Some ISPs seem to use the host-uniq flag to authenticate client equipment. Add CLI option in VyOS to allow specification of the host-uniq flag. set interfaces pppoe pppoeN host-uniq <value> (cherry-picked from commit 38bab79324087df5a9057c23b85a0a784c09540a)
2023-01-15Merge pull request #1670 from vfreex/dhcp-v6-only-option-1.3Christian Breunig
[1.3] T4832: dhcp: Add dhcp option to signal IPv6-only support (RFC 8925)
2023-01-08ssh: T4922: add source-interface support ssh-clientChristian Poessinger
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
2022-12-30container: T578: backport podman from 1.4 development branchChristian Poessinger
2022-12-26Merge pull request #1717 from roedie/1.3-T4809Christian Poessinger
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
2022-12-26radvd: T4809: fix AdvRASrcAddress missing semicolonChristian Poessinger
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new feature to set the RA source-address. Unfortunately it missed a semicolon. (cherry picked from commit 4e61fb1f0fd075c5b1a67165204e13f88a7d3015)
2022-12-22T3810: Fixed all issues in T3810aapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 5. Fixed generation dest local sections in squidGuard.conf 6. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf 7. Backported all changes from 1.4 to 1.3 which were made in T3810 8. Fixed webproxy smoketest
2022-12-17T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-11-21T4832: dhcp: Add dhcp option to signal IPv6-only supportYuxiang Zhu
Clients supporting this DHCP option (DHCP option 108, per RFC 8925) will disable its IPv4 network stack for configured number of seconds and operate in IPv6-only mode. Example clients supporting this option including iOS 15+ and macOS 12.0.1+.
2022-11-15backport: T4815: Fix various name server config issuesYuxiang Zhu
This is a backport of https://github.com/vyos/vyos-1x/pull/1656. Note I also changed `ip-down.script.tmpl` to not wait for `systemctl stop dhcp6c@$iface.service`, because that command is slow and pppd will kill the ip-down script if it times out. I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch. Not sure if there is another mechanism to handle that functionality or it is missed.
2022-10-15Merge pull request #1579 from sever-sever/T4743Viacheslav Hletenko
ddclient: T4743: Add option for IPv6 Dynamic DNS
2022-10-12Merge pull request #1582 from sever-sever/T4730-eqViacheslav Hletenko
conntrack-sync: T4730: Fix listen-address jinja2 template
2022-10-11monitoring: T4680: Bracketize prometheus listen-addressViacheslav Hletenko
Fix correct format for prometheus listen-address when we use IPv6 address, we must use square 'brackets' http://[2001:db8::11e]:9273
2022-10-11conntrack-sync: T4730: Fix listen-address jinja2 templateViacheslav Hletenko
Listen address has option 'multi' As result we have an incorrect template value for listen-address - conntrack-sync listen-address '192.0.2.11' in template It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf but the correct string expected without brackets Fix it
2022-10-10ddclient: T4743: Add option for IPv6 Dynamic DNSViacheslav Hletenko
Allow to set IPv6 address for Dynamic DNS set service dns dynamic interface eth2 ipv6-enable
2022-08-27pppoe: T4648: stop default route from being installed under IPv6initramfs
Adds a sysctl parameter to ignore the default router obtained from router advertisements when pppoe default-route is set to 'none'.
2022-08-18Merge pull request #1470 from c-po/openconnect-T4614Daniil Baturin
ocserv: openconnect: T4614: add support for split-dns (equuleus)
2022-08-16syslog: T4039: Add protocol23format logging for UDPViacheslav
Add protocol23format for rsyslog protocol UDP Add ability to use IPv6 addresses (bracketize_ipv6) for protocol TCP and UDP, when protocol is configured explicity
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain> (cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
2022-08-15macsec: T4537: macsec_csindex can be set even without encryptionChristian Poessinger
(cherry picked from commit 0943ac00412b0049b7a20a54e27e7b8025726598)
2022-08-15macsec: T4537: add missing macsec_csindex option to support GCM-AES-256Christian Poessinger
(cherry picked from commit 258e6873b60531fe70d868d2e53ce2f921fe7f13)
2022-07-24Merge pull request #1416 from sever-sever/T2763-eqDaniil Baturin
snmp: T2763: Add protocol TCP for service SNMP
2022-07-15snmp: T2763: Add protocol TCP for service SNMPViacheslav Hletenko
Ability to listen TCP port for service SNMP set service snmp protocol tcp
2022-07-15smoketest: T4532: Fix for smoketest flow-accountingViacheslav Hletenko
Delete extra space for template uacctd.conf.tmpl Update smoketest to replace '.' with '-'
2022-07-14netflow: T4532: Fix flow-accounting server IPv6 bugViacheslav Hletenko
Fix for IPv6 netflow_plugin name When we use IPv6 uacctd.conf doesnt expect coluns in the plugin name. Replace coluns to dash. Place IPv6 address into [] brackets
2022-07-09Merge pull request #1392 from sever-sever/T4507-eqChristian Poessinger
accel-ppp: T4373: T4507: Add options multiplier for shaper
2022-07-07Merge pull request #1390 from c-po/t4456-ntp-equuleusChristian Poessinger
ntp: T4456: support listening on specified interface (equuleus)
2022-07-07Merge pull request #1400 from c-po/t4509-pdns-6to4-equuleusChristian Poessinger
dns: T4509: Add dns64-prefix option (equuleus)
2022-07-07dns: T4509: Add dns64-prefix optionViacheslav Hletenko
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96 (cherry picked from commit 2bdf4798570222b57af2de2f0b443529abdc3feb)
2022-07-05ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-07-05pppoe-server: T4373: Add option multiplier for correct shapingViacheslav Hletenko
Multiplier option is required by some vendors for correct shaping For RADIUS based rate-limits edit service pppoe-server set authentication radius rate-limit multiplier '0.001'
2022-07-05hosts: T2683: Allow multiple entries for static-host-mappingViacheslav
(cherry picked from commit b1db3de80b8b5f4e2dcbc6d687d342986345c4b2)
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name> (cherry picked from commit 6732df1edd632b56d3d02970939f51d05d4262e9)
2022-06-09Merge pull request #1271 from sever-sever/T2580-equChristian Poessinger
ipoe: T2580: Add pools and gateway options
2022-05-26http-api: T4442: Add action resetViacheslav Hletenko
Add action 'reset' (op-mode) for HTTP-API http://localhost/reset curl --unix-socket /run/api.sock -X POST -Fkey=mykey \ -Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \ http://localhost/reset
2022-05-25ipoe: T2580: Add pools and gateway optionsViacheslav Hletenko
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-05-19Merge pull request #1315 from sever-sever/T4315-equDaniil Baturin
monitoring: T4315: Add telegraf output plugin prometheus-client
2022-05-09monitoring: T4315: Add telegraf output plugin prometheus-clientViacheslav Hletenko
Add output Plugin "prometheus-client" for telegraf set service monitoring telegraf prometheus-client xxx
2022-05-01T4402: fix ifconfig-pool generation logicDaniil Baturin
2022-04-19T4268: monitoring: Fixed unnatural LA elevationAndrii
2022-04-18dhcp-server: T4344: Fix underscores for shared network nameViacheslav Hletenko
Shared network name should not be handled by tag node mangling I.e. should not replace underscores with dashed set service dhcp-server shared-network-name NET_01 shared-network NET_01 { authoritative; ... on commit { set shared-networkname = "NET_01"; } } (cherry picked from commit b75b351b7dd2ec87407f98668468b1fc146428bf)
2022-04-06isis: T4336: add support for MD5 authentication password on a circuitChristian Poessinger
(cherry picked from commit a6c936997611de85dc73152297679d0b53095713)
2022-04-03isis: T4337: IETF SPF delay algorithm can not be configuredChristian Poessinger
To reproduce: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6800.1002.00' Now enable SPF: set protocols isis spf-delay-ietf holddown '20' set protocols isis spf-delay-ietf init-delay '31' set protocols isis spf-delay-ietf long-delay '30' set protocols isis spf-delay-ietf short-delay '32' set protocols isis spf-delay-ietf time-to-learn '44' This will only render the FRR config line: spf-delay-ietf init-delay 31 which is incomplete: frr-reload output: 2 2022-04-03 12:35:24,764 ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 4: frr-reload output: 3 b'line 15: % Command incomplete: spf-delay-ietf init-delay 31\n\n'