summaryrefslogtreecommitdiff
path: root/interface-definitions/include
AgeCommit message (Collapse)Author
2023-11-20PAM: T5577: Optimized RADIUS PAM configzsdc
- Added system `radius` group - Added `mandatory` and `optional` modes for RADIUS - Improved PAM config for RADIUS New modes: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode.
2023-11-06Merge pull request #2348 from c-po/t4269-cli-defaults-backportChristian Breunig
scripts: T4269: node.def generator should automatically add default values (backport)
2023-10-08scripts: T4269: node.def generator should automatically add default valuesChristian Breunig
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help. (cherry picked from commit a68c9238111c6caee78bb28f8054b8f0cfa0e374)
2023-10-03T5213: Add accounting-interim-interval option for PPPoE-serverViacheslav Hletenko
Add accounting-interim-interval option for PPPoE-server set service pppoe-server authentication radius accounting-interim-interval '60'
2023-08-28T5428: fix DHCP address renewal/release when running in VRFChristian Breunig
2023-04-01container: T4959: add registry authentication optionChristian Breunig
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry. (cherry picked from commit fe82d86d3e87cb8d92ebc9d0652c08e3dd79a12c)
2023-03-01T4967: xml: provide re-usable constraint for CLI host-name definitionsChristian Breunig
(cherry picked from commit d14a6814acb173cdc6df13212620f7da330434ed)
2023-02-13Merge pull request #1813 from sever-sever/T4971-eqChristian Breunig
T4971: PPPoE server add named ip pool and attr Framed-Pool
2023-02-12T4971: Add accel-ppp include client-ip-pool-nameViacheslav Hletenko
Add accel-ppp include client-ip-pool-name.xml.i Can be used in other accep-ppp CLI as "include"
2023-02-12T1993: PPPoE-server add section shaper and fwmark optionViacheslav Hletenko
Extended PPPoE-server rate-limiter to avoid shaping marked resources Often this feature needs for ISP, which provides access to some IX or its resources. set service pppoe-server shaper fwmark '223'
2023-01-21validators: T4875: use file-path to replace validator 'interface-name'Christian Breunig
(cherry picked from commit f0bc6c62016d285f0645c4b3ba8b1451c40c637f)
2022-12-17Merge pull request #1259 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-10-13monitoring: T4312: Ability to set IP address in the URLViacheslav Hletenko
Use common "url.xml" which allow URL as domain name or IP entrie
2022-08-01mtu: T4572: Add DHCP-option MTU to get values from DHCP-serverViacheslav Hletenko
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured (cherry picked from commit 29b0ee30bf2622a40ca3d17e3f6b9e94e5b62072)
2022-07-09Merge pull request #1392 from sever-sever/T4507-eqChristian Poessinger
accel-ppp: T4373: T4507: Add options multiplier for shaper
2022-07-05pppoe-server: T4373: Add option multiplier for correct shapingViacheslav Hletenko
Multiplier option is required by some vendors for correct shaping For RADIUS based rate-limits edit service pppoe-server set authentication radius rate-limit multiplier '0.001'
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name> (cherry picked from commit 6732df1edd632b56d3d02970939f51d05d4262e9)
2022-06-09Merge pull request #1271 from sever-sever/T2580-equChristian Poessinger
ipoe: T2580: Add pools and gateway options
2022-05-27dhcp6: pd: T4447: bugfix sla-id limits (must be greater then 128Christian Poessinger
The sla-id parameter of DHCPv6 prefix delegations is limited to 128. While this is enough to use all /64 subnets of a /57 prefix, with a /56 prefix that is no longer sufficient. Increased sla-id length tp 65535 so one could delegate an entire /48. (cherry picked from commit 283276d457a09c100416c0d4ffccd4f94ccd2540)
2022-05-25ipoe: T2580: Add pools and gateway optionsViacheslav Hletenko
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-05-09monitoring: T4315: Add telegraf output plugin prometheus-clientViacheslav Hletenko
Add output Plugin "prometheus-client" for telegraf set service monitoring telegraf prometheus-client xxx
2022-04-06isis: T4336: add support for MD5 authentication password on a circuitChristian Poessinger
(cherry picked from commit a6c936997611de85dc73152297679d0b53095713)
2022-03-31Revert "Revert "backport: T4515: T4219: policy local-route6 and ↵Henning Surmeier
inbound-interface support"" This reverts commit 45a2a7d0adc7e9d27d6c7aee1ccbd9b64a1437ad.
2022-03-28Revert "backport: T4515: T4219: policy local-route6 and inbound-interface ↵Daniil Baturin
support"
2022-03-25xml: T4319: use common building block for table-size CLI optionChristian Poessinger
(cherry picked from commit eaf4b60c9e7fa094d17b87b29bebaf81182ee7a1)
2022-03-23Merge pull request #1235 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-02-23backport: policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-02-22Revert "backport: policy: T4219: add local-route(6) incoming-interface"Christian Poessinger
This reverts commit 72d7152f794cfe48821797d62865024c1843096e.
2022-02-21vxlan: T4120: rename tunnel-remotes.xml.i -> tunnel-remote-multi.xml.iChristian Poessinger
(cherry picked from commit d418cd36027aef5993122ec62419e8c66fe7a1ed)
2022-02-21vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command. (cherry picked from commit 0ecddff7cffa8900d351d5c15e32420f9d780c0b)
2022-02-19Merge pull request #1219 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-02-16backport: policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-02-16vrrp: T1972: Ability to set IP address on not vrrp interfaceViacheslav Hletenko
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group set high-avail vrrp group WAN interface 'eth0' set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2' set high-avail vrrp group WAN track exclude-vrrp-interface set high-avail vrrp group WAN track interface 'eth1'
2022-02-13xml: ssh: T4233: sync regex for allow/deny usernames to "system login"Christian Poessinger
(cherry picked from commit d96bab4e6da517f07133667834cd6f8bcfb5160f)
2022-01-15listen-address: T4110: Ability to set IPv6 link-local for servicesViacheslav
Add ability to set for services like "SSH/NTP" listen IPv6 link-local addresses
2022-01-03vrf: xml: rename text -> txt format identifier in valueHelpChristian Poessinger
2021-12-03tftp: T4012: Add TFTP VRF supportDmitriyEshenko
2021-11-26Merge pull request #1079 from erkin/equuleusChristian Poessinger
conf-mode: NAT interface definition typo fix (Equuleus)
2021-11-24openconnect: T3695: Fix certificate files validationDmitriyEshenko
2021-11-24conf-mode: NAT interface definition typo fixerkin
2021-11-04sstp: accel-ppp: T3964: add missing input validator for static-ip assignmentChristian Poessinger
(cherry picked from commit b8f702bc7b6e92b8841271b4a2355d2b65ccb247)
2021-11-03sstp: T2566: use XML defaultValue over Jinja2 hardcoded valueChristian Poessinger
2021-11-02sstp: T2566: Fix to allow IPv6 only poolsViacheslav
To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it.
2021-09-21dhcp-server: T3839: support domain-search and ntp-server config per ↵Christian Poessinger
shared-network (cherry picked from commit 689d1824d251ea9fbd81bf0c941dbd36e33ef420)
2021-09-19xml: dhcp-server: move building blocks to dhcp subdirectoryChristian Poessinger
(cherry picked from commit 59e5b5eb4c0507f9d3831483152a748b58560bfd)
2021-09-19dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' (cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b)
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
2021-09-19dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. (cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
2021-09-15typo: remove unnecessary 'i' from helpJavinator9889
(cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25)
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)