Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-10-12 | T562: Config syntax for defining DNS forward authoritative zones | Lucas Christian | |
2021-10-02 | dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5 | Christian Poessinger | |
(cherry picked from commit 8e6c48563d1612916bd7fcc665d70bfa77ec5667) | |||
2021-09-30 | dhcp-server: T2230: add subnet description into rendered config | Christian Poessinger | |
2021-09-27 | igmp: T2230: fix Jinja2 and FRR indention | Christian Poessinger | |
2021-09-27 | frr: T2175: rename daemon Jinja2 templates to match (d)aemon suffix | Christian Poessinger | |
2021-09-27 | openvpn: T690: Fix template for gateway and metric | Viacheslav | |
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity. (cherry picked from commit 96681d8bf1ede069b573a4cbe3a2493c374d048e) | |||
2021-09-26 | ospfv3: T3859: add "log-adjacency-changes" CLI command | Christian Poessinger | |
2021-09-25 | bgp: T3657: add "neighbor fe80::202 interface source-interface 'eth1'" command | Christian Poessinger | |
2021-09-23 | openvpn: T3642: Openvpn does not work without dh parameter in EC mode | Nicolas Riebesel | |
2021-09-22 | vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict() | Christian Poessinger | |
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _. | |||
2021-09-21 | vrrp: keepalived: T3847: migrate/streamline CLI options | Christian Poessinger | |
Rename virtual-address -> address as we always talk about an IP address. | |||
2021-09-21 | vrrp: keepalived: T3847: migrate to get_config_dict() | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: enable script security | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: move configuration to volatile /run directory | Christian Poessinger | |
Move keepalived configuration from /etc/keepalived to /run/keepalived. | |||
2021-09-21 | vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks feature | Christian Poessinger | |
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file. | |||
2021-09-21 | dhcp-server: T3839: support domain-search and ntp-server config per ↵ | Christian Poessinger | |
shared-network | |||
2021-09-19 | ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | Lucas Christian | |
2021-09-19 | dhcp-server: T3672: bugfix Jinja2 template | Christian Poessinger | |
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases. | |||
2021-09-19 | dhcp-server: T3672: re-add missing "name" CLI option | Christian Poessinger | |
This option is mandatory and must be user configurable as it needs to match on both sides. | |||
2021-09-19 | dhcp-server: T3841: add option to perform ICMP check before address assignment | Christian Poessinger | |
2021-09-19 | dhcp-server: T3672: only one failover peer is supported | Christian Poessinger | |
2021-09-18 | dhcp-server: T3839: support name-servers and domain config per shared-network | Christian Poessinger | |
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' | |||
2021-09-18 | dhcp-server: T3838: rename dns-server to name-server node | Christian Poessinger | |
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. | |||
2021-09-18 | dhcp-server: T1968: allow multiple static-routes to be configured | Christian Poessinger | |
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } | |||
2021-09-18 | ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by one | Christian Poessinger | |
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface. | |||
2021-09-15 | ipsec: T3830: "authentication id|use-x509-id" are mutually exclusive | Christian Poessinger | |
Manually set peer id and use-x509-id are mutually exclusive! | |||
2021-09-15 | ipsec: T3830: set connections.<conn>.remote<suffix>.id to "peer" if undefined | Christian Poessinger | |
Restore "default" behavior from ipsec.conf | |||
2021-09-13 | ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable` | sarthurdev | |
2021-09-10 | Merge pull request #1000 from sever-sever/T3810 | Christian Poessinger | |
squid: squidguard: T3810: Fix template for sourcre-group and rule | |||
2021-09-10 | squid: squidguard: T3810: Fix template for sourcre-group and rule | Viacheslav | |
Modify template for squid Replace old directives to actual | |||
2021-09-10 | squid: T3810: Remove build in acl vars localost and to_localhost | Viacheslav | |
2021-09-08 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-09-06 | https: T2230: only support TLS1.2 and TLS1.3 | Christian Poessinger | |
2021-09-04 | bgp: T3798: "replace-as" option can only be used when "no-prepend" is defined | Christian Poessinger | |
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend". | |||
2021-09-03 | bgp: T3798: add support for neighbor local-as <n> replace-as | Christian Poessinger | |
2021-09-02 | pptp-server: T3790: Change ippool priority and define gw-ip-address | DmitriyEshenko | |
(cherry picked from commit 23388fe193f04ab05f270098123cbb3e5f0b9f75) | |||
2021-08-29 | ospf: T3236: add possibility to redistribute "table" | Christian Poessinger | |
Add new CLI command: * "set protocols ospf redistribute table <n>" | |||
2021-08-29 | isis: T3783: bugfix configuring spf-delay-ietf | Christian Poessinger | |
Mandatory FRR options for spf-delay-ietf did not get rendered in the Jinja2 template. | |||
2021-08-27 | ipsec: T1210: Jinj2 template did not honor inactivity/timeout setting | Christian Poessinger | |
2021-08-26 | Merge pull request #965 from c-po/t3739-evpn-route-map | Christian Poessinger | |
bgp: evpn: T3739: add route-map match support | |||
2021-08-22 | l2tp: Jinja2 add trailing newline | Christian Poessinger | |
2021-08-22 | pppoe: T1318: set source interface next to rp-pppoe.so plugin in peer template | Christian Poessinger | |
2021-08-22 | pppoe: T3641: set "noipv6" if IPv6 is not configured in newer pppd version | Christian Poessinger | |
2021-08-21 | pppoe: T1318: implement missing access-concentrator CLI option | Christian Poessinger | |
2021-08-21 | pppoe: T3090: migrate to vyos.ifconfig library to use the full potential | Christian Poessinger | |
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down. | |||
2021-08-21 | route: static: T2450: add next-hop interface on dhcp routes | Christian Poessinger | |
2021-08-21 | interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵ | Christian Poessinger | |
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value. | |||
2021-08-20 | bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/export | Christian Poessinger | |
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in | |||
2021-08-20 | ipsec: T1210: add missing if clause around unique key | Christian Poessinger | |
2021-08-19 | ipsec: dmvpn: T3764: bugfix mixed up IKE/ESP lifetime variable | Christian Poessinger | |
IKE lifetime is life_time, and ESP lifetime is rekey_time. |