summaryrefslogtreecommitdiff
path: root/interface-definitions/include
AgeCommit message (Collapse)Author
2023-04-29static: T5161: add BFD monitoring for static IPv6 routesfett0
2023-04-29static: T5161: add BFD monitoring for static routesfett0
2023-04-27Revert "bgp: T3734: only support "l2vpn-evpn advertise-all-vni" in default VRF"Christian Breunig
This reverts commit bfe57cf80f4c71236f0885408d704a69575f0b30.
2023-04-20ocserv: T3896: refactor: change ocserv config-per-x node nameJamie Austin
Changes the node name from config-per-x to identity-based-config, as a result the j2 templates and vpn_openeconnect.py has been refactored to update the node name when accessing it's child nodes.
2023-04-17bgp: T3734: only support "l2vpn-evpn advertise-all-vni" in default VRFChristian Breunig
2023-04-13T5150: migrate CLI configs to new Kernel/Zebra route-map supportChristian Breunig
2023-04-13T5150: do not apply zebra route-map from routing-daemon config levelChristian Breunig
2023-04-13T5150: initial implementation of new Kernel/Zebra route-map supportChristian Breunig
It is possible to install a route-map which filters the routes between routing daemons and the OS kernel (zebra) As of now this can be done by e.g. * set protocols ospf route-map foo * set protocols ospfv3 route-map foo * set protocols bgp route-map foo Which in turn will install the following lines into FRR * ip protocol ospf route-map foo * ipv6 protocol ospf6 route-map foo * ip protocol bgp route-map foo The current state of the VyOS CLI is incomplete as there is no way to: * Install a filter for BGP IPv6 routes * Install a filter for static routes * Install a filter for connected routes Thus the CLI should be redesigned to close match what FRR does for both the default and any other VRF * set system ip protocol ospf route-map foo * set system ipv6 protocol ospfv3 route-map foo * set system ip protocol bgp route-map foo * set system ipv6 protocol bgp route-map foo The configuration can be migrated accordingly. This commit does not come with the migrator, it will be comitted later.
2023-04-12xml: T5081: generate common holddown XML building block for IS-IS and OSPFChristian Breunig
2023-04-04T5081: ISIS and OSPF syncronization with IGP-LDP syncCheeze_It
2023-04-01xml: include building block file name should end with .i and not .inChristian Breunig
2023-04-01xml: T5128: streamline help string for interface CLI node building blocksChristian Breunig
2023-04-01xml: allow-client: T5126: re-use new building block also for NTP serviceChristian Breunig
2023-03-31http-api: T5126: allow restricting client IP addressJohn Estabrook
2023-03-31T5128: Policy Route: allow wildcard on interfaceNicolas Fort
2023-03-29T5115: bump version dns-forwarding 3 -> 4Christian Breunig
2023-03-28dns: T5115: Support custom port for name servers for forwarding zones.Indrajit Raychaudhuri
This would allow using custom ports in name server operating on non- default port for forwarding zones. This is a follow-up to T5113 for sake of completeness and having consistent treatment of all name servers configured in PowerDNS recursor. Additionally, migrate `service dns forwarding domain example.com server` to `service dns forwarding domain foo3.com name-server` for consistency and reusability.
2023-03-27bgp: T5114: support configuring TCP keepalive messagesChristian Breunig
2023-03-27bgp: T5114: add "neighbor path-attribute discard"Christian Breunig
2023-03-27bgp: T5114: add peer-group "port" CLI commandChristian Breunig
2023-03-27dns: T5113: Support custom port for name-server forwardersIndrajit Raychaudhuri
Support custom port for name-server forwarders that would allow using custom ports in name server forwarders to enable forwarding to alternative name servers (unbound, stubby, dnscrypt-proxy etc.) operating on non-default port. This would also allow using DNS Over TLS in PowerDNS Recursor 4.6 onwards (pdns doesn't support certificate check for validity yet) by enabling 'dot-to-port-853'. This is set by default if compiled in with DoT support. See: https://doc.powerdns.com/recursor/settings.html#dot-to-port-853 This also partially implements T921, T2195 (DoT without certificate check). Implementation details: - In 'dns/forwarding' configuration, 'name-server' now allows optional 'port' (defaults to 53). - Instead of modifying 'name-server-ipv4-ipv6.xml.i' to add optional 'port', a new file 'name-server-ipv4-ipv6-port.xml.i' has been used to avoid impacting other places where it is reused because not all of them honor ports (mostly VPN related). - The `host:port` entries to be used by PowerDNS recursor config are normalized eagerly at the point of loading VyOS `Config` instead of doing them lazily while rendering the Jinja2 template to keep the implementation less intrusive. The alternative would entail making quite a bit of change in how 'vyos-hostsd' processes 'static' 'name_servers' entries or persists their runtime states.
2023-03-24xml: T5109: use common include file for alpha-numeric, hyphen and underscore ↵Christian Breunig
regex
2023-03-23Merge pull request #1901 from sever-sever/T5099Christian Breunig
T5099: IPoE-server add option next-pool for named ip pools
2023-03-21T5099: IPoE-server add option next-pool for named ip poolsViacheslav Hletenko
In cases with multiple named IP pools, it is required the option 'next' to be sure that if IP addresses ended in one pool, then they would begin to be allocated from the next named pool. For accel-ppp it requires specific order as pool must be defined before we can use it with the 'next-option' set service ipoe-server client-ip-pool name first-pool subnet '192.0.2.0/25' set service ipoe-server client-ip-pool name first-pool next-pool 'second-pool' set service ipoe-server client-ip-pool name second-pool subnet '203.0.113.0/25' [ip-pool] 203.0.113.0/25,name=second-pool 192.0.2.0/25,name=first-pool,next=second-pool
2023-03-21Merge pull request #1889 from nicolas-fort/T5050-logViacheslav Hletenko
T5050: Firewall: Add log options
2023-03-21T5050: Firewall: Add log optionsNicolas Fort
2023-03-14Merge pull request #1890 from nicolas-fort/T5055Viacheslav Hletenko
T5055: NAT: extend packet-type to NAT
2023-03-14T5055: NAT: extend packet-type match option which was previously introduced ↵Nicolas Fort
in firewall, to NAT
2023-03-10Merge pull request #1871 from nicolas-fort/T5055Christian Breunig
T5055: Firewall: add packet-type matcher in firewall and route policy
2023-03-10container: T4959: add registry authentication optionChristian Breunig
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry.
2023-03-09xml: T4952: improve interface completion helper CLI experienceChristian Breunig
2023-03-06T5055: Firewall: add packet-type matcher in firewall and route policyNicolas Fort
2023-03-01Merge pull request #1854 from Yuanandcircle/currentChristian Breunig
policy: T5035: Add more actions to policy route rule
2023-02-28T4967: xml: provide re-usable constraint for CLI host-name definitionsChristian Breunig
2023-02-28Merge pull request #1857 from nicolas-fort/nft_queueChristian Breunig
T5037: Firewall: Add queue action and options to firewall
2023-02-28T5037: Firewall: Add queue action and options to firewallNicolas Fort
2023-02-28Merge branch 'vyos:current' into currentYouyuan
2023-02-28Merge pull request #1800 from vfreex/feature-babelChristian Breunig
T4977: Add Babel routing protocol support
2023-02-26policy: T5035: Add more actions to policy route ruleYouyuan
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command
2023-02-23T5017: Add interface ifbX to constraint interface-nameViacheslav Hletenko
2023-02-18T4886: allow connection-mark 0 value, which is acceptableNicolas Fort
2023-02-17qos: classes: helptext: T5015: Escape % in printfSilvan Raijer
2023-02-17T5005: PPPoE server allow any login with option noauthViacheslav Hletenko
Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth'
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-12pppoe: wwan: T4998: fix typo in constraintErrorMessageChristian Breunig
2023-02-12pppoe: wwan: T4998: fix username not accepting dot (.)Christian Breunig
This fixes a regressin introduced in commit e22e9c9210cb5 ("wwan: T3622: add constraint for username/password CLI nodes").
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-02-10Merge pull request #1808 from sever-sever/T1993Christian Breunig
T1993: PPPoE-server add section shaper and fwmark option
2023-02-09wwan: T3622: add constraint for username/password CLI nodesChristian Breunig
- Username is up to 128 alphanumerical characters, -, _, #, and @ - Password is limited to ASCII characters only, with a total lenght of 128