summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2022-07-05ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-07-05pppoe-server: T4373: Add option multiplier for correct shapingViacheslav Hletenko
Multiplier option is required by some vendors for correct shaping For RADIUS based rate-limits edit service pppoe-server set authentication radius rate-limit multiplier '0.001'
2022-07-05hosts: T2683: Allow multiple entries for static-host-mappingViacheslav
(cherry picked from commit b1db3de80b8b5f4e2dcbc6d687d342986345c4b2)
2022-06-09Merge pull request #1271 from sever-sever/T2580-equChristian Poessinger
ipoe: T2580: Add pools and gateway options
2022-05-26http-api: T4442: Add action resetViacheslav Hletenko
Add action 'reset' (op-mode) for HTTP-API http://localhost/reset curl --unix-socket /run/api.sock -X POST -Fkey=mykey \ -Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \ http://localhost/reset
2022-05-25ipoe: T2580: Add pools and gateway optionsViacheslav Hletenko
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-05-19Merge pull request #1315 from sever-sever/T4315-equDaniil Baturin
monitoring: T4315: Add telegraf output plugin prometheus-client
2022-05-09monitoring: T4315: Add telegraf output plugin prometheus-clientViacheslav Hletenko
Add output Plugin "prometheus-client" for telegraf set service monitoring telegraf prometheus-client xxx
2022-05-01T4402: fix ifconfig-pool generation logicDaniil Baturin
2022-04-19T4268: monitoring: Fixed unnatural LA elevationAndrii
2022-04-18dhcp-server: T4344: Fix underscores for shared network nameViacheslav Hletenko
Shared network name should not be handled by tag node mangling I.e. should not replace underscores with dashed set service dhcp-server shared-network-name NET_01 shared-network NET_01 { authoritative; ... on commit { set shared-networkname = "NET_01"; } } (cherry picked from commit b75b351b7dd2ec87407f98668468b1fc146428bf)
2022-04-06isis: T4336: add support for MD5 authentication password on a circuitChristian Poessinger
(cherry picked from commit a6c936997611de85dc73152297679d0b53095713)
2022-04-03isis: T4337: IETF SPF delay algorithm can not be configuredChristian Poessinger
To reproduce: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6800.1002.00' Now enable SPF: set protocols isis spf-delay-ietf holddown '20' set protocols isis spf-delay-ietf init-delay '31' set protocols isis spf-delay-ietf long-delay '30' set protocols isis spf-delay-ietf short-delay '32' set protocols isis spf-delay-ietf time-to-learn '44' This will only render the FRR config line: spf-delay-ietf init-delay 31 which is incomplete: frr-reload output: 2 2022-04-03 12:35:24,764 ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 4: frr-reload output: 3 b'line 15: % Command incomplete: spf-delay-ietf init-delay 31\n\n'
2022-02-19dhcp: T4258: set correct port for dhcp-failoverfett0
(cherry picked from commit 5fc9ef9e31eb566a601f8a150c69b183a4331564)
2022-02-17Merge pull request #1221 from sever-sever/T3686-equChristian Poessinger
openvpn: T3686: Fix for check local-address in script and tmpl
2022-02-16vrrp: T1972: Ability to set IP address on not vrrp interfaceViacheslav Hletenko
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group set high-avail vrrp group WAN interface 'eth0' set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2' set high-avail vrrp group WAN track exclude-vrrp-interface set high-avail vrrp group WAN track interface 'eth1'
2022-02-15openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template (cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
2022-02-08monitoring: T3872: Add tamplates for monitoringViacheslav Hletenko
2022-01-23DHCP: T4196: fix client-prefix-length parametergoodNETnick
2022-01-15ntp: T4184: Fix allow-clients addressViacheslav
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address (cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a)
2022-01-06vrrp: T4141: bugfix missing {% if %} clause when adding sync-groupsChristian Poessinger
(cherry picked from commit 0a91c5de32b52235f4c9c12a6ec34c017011c3df)
2021-12-31Merge pull request #1122 from sever-sever/T4081-equDaniil Baturin
keepalived: T4081: Fix health-checking when syn-group is used
2021-12-29l2tp-server: T4117: Add dae-server configuration to templateDmitriyEshenko
2021-12-27keepalived: T4081: Fix health-checking when syn-group is usedViacheslav
If health-check scripts are used in vrrp group and vrrp group is member of sync-group, then health-check scripts should be part of the section "vrrp_sync_group". In another case the health-scripts won't work anymore.
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
(cherry picked from commit 4aaf0ba69139d84f89e5c3feee6edd845af8d1e5)
2021-12-15pppoe-server: T3006: Add range to regex generatorDmitriyEshenko
2021-12-14http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
2021-12-09https: T4055: add vrf supportChristian Poessinger
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
2021-12-07Merge pull request #1098 from goodNETnick/vrrpHealthChristian Poessinger
VRRP: T4033: VRRP script_security parameter removed
2021-12-06sflow: T4046: Add source-address for sflowViacheslav
(cherry picked from commit bb77dd269bfb9522f5b56ac027598ac20e101f13)
2021-12-06mpls: ldp: T3753: add proper indention to Jinja2 templateChristian Poessinger
(cherry picked from commit 3a29968d6b8dc0bc6966ae5a4713781ea8f9fff0)
2021-12-06VRRP: T4033: VRRP script_security parameter removedgoodNETnick
2021-12-03tftp: T4012: Add TFTP VRF supportDmitriyEshenko
2021-11-18console-server: T2490: display /etc/issue.net on SSH loginsChristian Poessinger
(cherry picked from commit c0bf019e9fc6251ce43c57903b85115f0e3ab2bc)
2021-11-18dhcp: T4008: change client retry interval form 300 -> 60 secondsChristian Poessinger
2021-11-17OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. (cherry picked from commit 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123)
2021-11-15l2tp: T3724: allow setting accel-ppp l2tp host-nameMarek Isalski
(cherry picked from commit 3d00140453b3967370c77ddd9dac4af223a7ddce)
2021-11-07http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
(cherry picked from commit b168b4cc7da456f14714d917cdc7a1c6b8df9af5)
2021-11-07http api: T3412: use FastAPI as web framework; support application/jsonJohn Estabrook
Replace the Flask micro-framework with FastAPI, in order to support extensions to the API and OpenAPI 3.* generation. This change will remain backwards compatible with previous versions. Notably, the multipart forms version of requests remain supported; in addition application/json requests are now natively supported. (cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
2021-11-03sstp: T2566: use XML defaultValue over Jinja2 hardcoded valueChristian Poessinger
2021-11-02sstp: T2566: Fix to allow IPv6 only poolsViacheslav
To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it.
2021-10-13ntp: T3904: Fix NTP pool associationsGeorgiy Tugai
As of NTP 4.2.7, 'nopeer' also blocks pool associations. See https://bugs.ntp.org/show_bug.cgi?id=2657 See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
2021-10-13dns: T3277: DNS Forwarding - reverse zones for RFC1918 addressesHard7Rock
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c) (cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
2021-10-10lcd: T2564: add support for hd44780 displaysChristian Poessinger
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
2021-10-02dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5Christian Poessinger
2021-09-30vrrp: T3877: backport handlers to solve "default rfc3768-compatibility" issueJohn Estabrook
Do not create rfc3768-compatibility interfaces by default because of wrong Jinja2 syntax. Backporting the entire system makes it easier in the future to additional bugfixes.
2021-09-30dhcp-server: T2230: add subnet description into rendered configChristian Poessinger
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity.
2021-09-21vrrp: keepalived: T616: drop /etc/default/keepalivedChristian Poessinger
This is a follow-up commit to 65398e5c8 ("vrrp: keepalived: T616: move configuration to volatile /run directory") as it makes no sense to store a static /etc/default/keepalived file marked as "Autogenerated by VyOS" that only enabled the SNMP option to keepalived. Better pass the --snmp switch via the systemd override file and drop all other references/files.
2021-09-21vrrp: keepalived: T616: enable script securityChristian Poessinger
(cherry picked from commit 590cf0e626f6a5e813ec4f3021c028a5e098e27d)