summaryrefslogtreecommitdiff
path: root/interface-definitions/include/version
AgeCommit message (Collapse)Author
2023-10-31nat: T5681: fix CLI versionChristian Breunig
Fix commit 51abbc0f1b2 ("T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher (valid for interfaces and groups) in firewal, nat and nat66") that added a migrator but did not bump the version number.
2023-10-22Merge pull request #2386 from c-po/vxlan-t5671Christian Breunig
vxlan: T5671: change port to IANA assigned default port
2023-10-20vxlan: T5671: change port to IANA assigned default portChristian Breunig
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work!
2023-10-19cluster: T2897: add a migration script for converting cluster to VRRPDaniil Baturin
2023-10-12Merge pull request #2277 from aapostoliuk/T5254-1-sagittaDaniil Baturin
bonding: T5254: Fixed changing ethernet when it is a bond member
2023-10-12openvpn: T5634: fix typoJohn Estabrook
2023-10-12openvpn: T5634: Remove support for insecure DES and Blowfish ciphersDaniil Baturin
2023-10-03bonding: T5254: Fixed changing ethernet when it is a bond memberaapostoliuk
If ethernet interface is a bond memeber: 1. Allow for changing only specific parameters which are specified in EthernetIf.get_bond_member_allowed_options function. 2. Added inheritable parameters from bond interface to ethernet interface which are scpecified in BondIf.get_inherit_bond_options. Users can change inheritable options under ethernet interface but in commit it will be copied from bond interface. 3. All other parameters are denied for changing. Added migration script. It deletes all denied parameters under ethernet interface if it is a bond member.
2023-09-29T5165: Migrate policy local-route rule x destination to addressViacheslav Hletenko
Migrate policy local-route <destination|source> to node address replace 'policy local-route{v6} rule <tag> destination|source <x.x.x.x>' => 'policy local-route{v6} rule <tag> destination|source address <x.x.x.x>'
2023-09-04conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵sarthurdev
add IPv6 support and firewall groups
2023-08-11T5160: firewall refactor: new cli structure. Update only all xmlNicolas Fort
2023-08-02wireguard: T5413: Blocked adding the peer with the router's public keyaapostoliuk
Disabeled adding the peer with the same public key as the router has. Added smoketest
2023-07-26Merge pull request #2078 from nicolas-fort/T5154Viacheslav Hletenko
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
2023-07-25T5154: NTP: allow maximum of one ipv4 and one ipv6 address on parameter ↵Nicolas Fort
<listen-address>. Also allow only one single value <interface>.
2023-07-11T5341: HA migrate virtual-server tag to node addressViacheslav Hletenko
Migrate: high-availability virtual-server 203.0.113.1 to: high-availability virtual-server <name> address 203.0.113.1
2023-06-12T5286: drop XDP support for ethernet and bonding interfacesChristian Breunig
... this is a step towards a new and better implementation that will utilize VPP.
2023-06-04dns: T5144: Apply migration for dynamic dns path updateIndrajit Raychaudhuri
Create migration and bump package version from 0 -> 1 for dynamic dns
2023-05-09Merge pull request #1985 from c-po/t2778-syslogChristian Breunig
syslog: T2778: T2769: refactoring and VRF support
2023-05-08syslog: T2778: migrate to get_config_dict()Christian Breunig
2023-05-08T4780: bump firewall version 9 -> 10Christian Breunig
2023-04-13T5150: migrate CLI configs to new Kernel/Zebra route-map supportChristian Breunig
2023-03-29T5115: bump version dns-forwarding 3 -> 4Christian Breunig
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18T4857: change description in cli, and change word oid to uppercase OIDs in ↵Nicolas Fort
warning message
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-01qos: T4284: first implementation introducing a new vyos.qos moduleChristian Poessinger
2022-12-23container: T4870: bump package version 0 -> 1 for filesystem changeChristian Poessinger
move from vfs to overlay driver The following pre iage upgrade script must be executed to have containers after the reboot: for pod in $(cli-shell-api listActiveNodes container name); do systemctl stop vyos-container-${pod//\'}.service done sed -i 's/vfs/overlay/g' /etc/containers/storage.conf /usr/share/vyos/templates/container/storage.conf.j2 rm -rf /usr/lib/live/mount/persistence/container/storage/libpod for pod in $(cli-shell-api listActiveNodes container name); do image=$(cli-shell-api returnActiveValue container name ${pod//\'} image) podman image pull $image systemctl start vyos-container-${pod//\'}.service done for dir in vfs vfs-containers vfs-images vfs-layers; do rm -rf /usr/lib/live/mount/persistence/container/storage/$dir done
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-11-19T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵Nicolas Fort
so this new group can be used in inbound and outbound matcher
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-10-21graphql: T4768: change name of api child node from 'gql' to 'graphql'John Estabrook
2022-10-11isis: T4739: ISIS segment routing being refactoredCheeze_It
This is to refactor ISIS segment routing to match up with OSPF segment routing.
2022-10-03policy: T4660: Changed CLI syntax in route-map set communityaapostoliuk
Changed CLI syntax in route-map set community, set large-community, set extcommunity Allows to add multiple communities, large-communities and extcommunities in clear view. Added new well-known communities. Added non-transitive feature in extcommunities. Fixed community's validators.
2022-09-26Merge pull request #1545 from sever-sever/T4557Christian Poessinger
ids: T4557: Migrate threshold and add new threshold types
2022-09-26ids: T4557: Migrate threshold and add new threshold typesViacheslav Hletenko
Migrate "service ids ddos-protection threshold xxx" to "service ids ddos-protection general threshold xxx" Add new threshold types: set service ids ddos-protection threshold tcp xxx set service ids ddos-protection threshold udp xxx set service ids ddos-protection threshold icmp xxx
2022-09-17pppoe-server: T4703: combine vlan-id and vlan-range into single CLI nodeChristian Poessinger
The initial Accel-PPP PPPoE implementation used: set service pppoe-server interface <name> vlan-id <id> set service pppoe-server interface <name> vlan-range <start-stop> This is actually a duplicated CLI node.
2022-09-16Merge pull request #1463 from sever-sever/T4118Daniil Baturin
ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer
2022-09-16ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peerViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-07-30bgp: T4257: Changing BGP "local-as" to "system-as"Cheeze_It
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor.
2022-07-07monitoring: T4411: Migrate influxdb options to influxdb nodeViacheslav Hletenko
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx
2022-07-07syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotatesarthurdev
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override
2022-05-31policy: T3976: bump version 2 -> 3Christian Poessinger
2022-05-05policy: T4414: add support for route-map "as-path prepend last-as x"Christian Poessinger
2022-04-28arp: T4397: bump component version numberChristian Poessinger