summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2022-12-17Merge pull request #1358 from sever-sever/T1237Christian Poessinger
routing: T1237: Add new feature failover route
2022-12-16T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-16T4884: snmpd: add community6 fallbackSander Klein
If no client and network is defined only a `community` config is created. This also adds the `community6` part
2022-12-14routing: T1237: Add new feature failover routeViacheslav Hletenko
Failover route allows to install static routes to the kernel routing table only if required target or gateway is alive When target or gateway doesn't respond for ICMP/ARP checks this route deleted from the routing table Routes are marked as protocol 'failover' (rt_protos) cat /etc/iproute2/rt_protos.d/failover.conf 111 failover ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover $ sudo ip route show proto failover 203.0.113.1 via 192.0.2.1 dev eth0 metric 1 So we can safely flush such routes
2022-12-12Merge pull request #1699 from jestabro/op-mode-openvpnJohn Estabrook
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
2022-12-12openvpn: T4770: add openvpn.py to op-mode-standardized.jsonJohn Estabrook
2022-12-11sstp: T4384: initial implementation of SSTP client CLIChristian Poessinger
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
2022-12-09container: T4870: Update to overlay driverBen Pilgrim
2022-12-09T4868: Fix l2tp ppp IPv6 options in template and config get dictViacheslav Hletenko
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool As we can get addresses via RADIUS attributes: - Framed-IPv6-Prefix - Delegated-IPv6-Prefix
2022-12-08T4117: Fix for L2TP DAE CoA server configurationViacheslav Hletenko
Fix l2tp dae server template and python config dict for correctlly handling Dynamic Authorization Extension server configuration
2022-12-08T4862: Added the generation config for webproxy domain-blockaapostoliuk
Added the generation in the config file /etc/squid/squid.conf for command: set service webroxy domain-block <domain>
2022-12-02 T4854: route reflector allows to apply route-mapsfett0
2022-12-02http-api: T4859: correct calling of script dependencies from http-api.pyJohn Estabrook
2022-11-29pki: T4847: add config-mode script dependenciesJohn Estabrook
2022-11-28conf-mode: T4845: add external file for dict of config-mode dependenciesJohn Estabrook
2022-11-26ospf: T4739: Adding missing OSPF FRR templateCheeze-It
Adding the parameters that were missing to the OSPF FRR template.
2022-11-23T4835: snmpd: Fix copy/paste error in snmpd.confSander Klein
The variable 'client' was accidently used where 'network should have been used. This lead to missing community6 string when an IPv6 network was defined instead of an IPv6 client.
2022-11-21T4823: Fix IPsec transport mode remote TSViacheslav Hletenko
Remote TS for transport mode GRE must be remote-address and not peer name
2022-11-21T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)Yuxiang Zhu
Clients supporting this DHCP option (DHCP option 108, RFC 8925) will disable its IPv4 network stack for configured number of seconds and operate in IPv6-only mode. This option is known to work on iOS 15+ and macOS 12.0.1+. Example command: ```sh set service dhcp-server shared-network-name LAN6 subnet 192.168.64.0/24 ipv6-only-preferred 0 ```
2022-11-20op-mode: dns-forwarding: T4578: drop sudo callsChristian Poessinger
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added the implementation for the new standardized op-mode definitions/implementation. As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again. Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be generated.
2022-11-19T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵Nicolas Fort
so this new group can be used in inbound and outbound matcher
2022-11-17Merge pull request #1654 from sarthurdev/pbr_refactorChristian Poessinger
policy: T2199: T4605: Migrate policy route interface node
2022-11-13l3VPN : T4182: add l3vpn over gre option from route-mapfett0
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-10Merge pull request #1643 from sever-sever/T4789Christian Poessinger
T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoE
2022-11-10T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoEViacheslav Hletenko
Ability to get 'raw' data sessions and statistics for accel-ppp protocols IPoE/PPPoE/L2TP/PPTP/SSTP server
2022-11-10dns: T738: add CLI option for PowerDNS local-portZen3515
2022-11-03Merge pull request #1633 from sarthurdev/fqdnChristian Poessinger
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT
2022-11-03nat: T1877: T970: Add firewall groups to NATsarthurdev
2022-11-03firewall: T970: Refactor domain resolver, add firewall source/destination ↵sarthurdev
`fqdn` node
2022-11-02T4758: Fix conflicts op-mode-standardizedViacheslav Hletenko
2022-11-02T4758: Rewrite show DHCP(v6) server leases to vyos.opmode formatViacheslav Hletenko
Rewrite op-mode DHCP and DHCPv6 leases to vyos.opmode format Abbility to show 'raw' format show dhcp server leases show dhcpv6 server leases
2022-11-02Merge pull request #1623 from sever-sever/T4771Daniil Baturin
T4771: Ability to get raw format for op-mode BGP commands
2022-11-01T4777: Ability to get logs in machine-readable formatViacheslav Hletenko
Ability to get logs in JSON format Possible filter by unit. Options for count lines, UTC time, facility or logs since boot
2022-10-31ipsec: T4787: add support for road-warrior/remote-access RADIUS timeoutChristian Poessinger
This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor.
2022-10-31T4771: Ability to get raw format for op-mode BGP commandsViacheslav Hletenko
2022-10-29containers: T3903: Use systemd units for containerssarthurdev
* ExecStop action with defined timeout allows for quicker reboot/shutdown with containers
2022-10-25nat: T4764: Remove tables on NAT deletionsarthurdev
2022-10-18T2408: dhcp-relay: Add listen-interface and upstream-interface featureNicolas Fort
2022-10-17ssh: T4720: Ability to configure SSH-server HostKeyAlgorithmsViacheslav Hletenko
Ability to configure SSH-server HostKeyAlgorithms. Specifies the host key signature algorithms that the server offers. Can accept multiple values.
2022-10-14login: 2fa: T874: fix Google authenticator issuesChristian Poessinger
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos'
2022-10-13T4739: ISIS segment routing being refactoredCheeze_It
2022-10-12ospf: T4707: fix segment-routing Jinja2 template for explicit-null and ↵Christian Poessinger
no-php-flag The nested if statement was not properly evaluated during smoketests making them fail. There is no need to nest the if's - as a simple string can be appended by {{ 'foo' if bar is vyos_defined }}
2022-10-12Merge pull request #1555 from goodNETnick/ssh_otpChristian Poessinger
system login: T874: add 2FA support for local and ssh authentication
2022-10-11system login: T874: add 2FA support for local and ssh authenticationgoodNETnick
2022-10-11monitoring: T4747: Fix template check influxdb configViacheslav Hletenko
Due to monitoring telegraf was rewritten - fix template for inputs.exec plugin We do not use 'influxdb_configured' in the dictionary anymore and use just 'influxdb'
2022-10-11Merge pull request #1574 from Cheeze-It/currentChristian Poessinger
isis: T4739: ISIS segment routing being refactored
2022-10-11isis: T4739: ISIS segment routing being refactoredCheeze_It
This is to refactor ISIS segment routing to match up with OSPF segment routing.
2022-10-10Merge pull request #1577 from sarthurdev/T4741Christian Poessinger
firewall: policy: T4741: T4742: Verify zone `from` is defined, autocomplete policy route tables
2022-10-10Merge pull request #1563 from sever-sever/T4716Christian Poessinger
ssh: T4716: Ability to configure RekeyLimit data and time