summaryrefslogtreecommitdiff
path: root/interface-definitions/include
AgeCommit message (Collapse)Author
2023-03-14T5055: NAT: extend packet-type match option which was previously introduced ↵Nicolas Fort
in firewall, to NAT
2023-03-10Merge pull request #1871 from nicolas-fort/T5055Christian Breunig
T5055: Firewall: add packet-type matcher in firewall and route policy
2023-03-10container: T4959: add registry authentication optionChristian Breunig
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry.
2023-03-09xml: T4952: improve interface completion helper CLI experienceChristian Breunig
2023-03-06T5055: Firewall: add packet-type matcher in firewall and route policyNicolas Fort
2023-03-01Merge pull request #1854 from Yuanandcircle/currentChristian Breunig
policy: T5035: Add more actions to policy route rule
2023-02-28T4967: xml: provide re-usable constraint for CLI host-name definitionsChristian Breunig
2023-02-28Merge pull request #1857 from nicolas-fort/nft_queueChristian Breunig
T5037: Firewall: Add queue action and options to firewall
2023-02-28T5037: Firewall: Add queue action and options to firewallNicolas Fort
2023-02-28Merge branch 'vyos:current' into currentYouyuan
2023-02-28Merge pull request #1800 from vfreex/feature-babelChristian Breunig
T4977: Add Babel routing protocol support
2023-02-26policy: T5035: Add more actions to policy route ruleYouyuan
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command
2023-02-23T5017: Add interface ifbX to constraint interface-nameViacheslav Hletenko
2023-02-18T4886: allow connection-mark 0 value, which is acceptableNicolas Fort
2023-02-17qos: classes: helptext: T5015: Escape % in printfSilvan Raijer
2023-02-17T5005: PPPoE server allow any login with option noauthViacheslav Hletenko
Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth'
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-12pppoe: wwan: T4998: fix typo in constraintErrorMessageChristian Breunig
2023-02-12pppoe: wwan: T4998: fix username not accepting dot (.)Christian Breunig
This fixes a regressin introduced in commit e22e9c9210cb5 ("wwan: T3622: add constraint for username/password CLI nodes").
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-02-10Merge pull request #1808 from sever-sever/T1993Christian Breunig
T1993: PPPoE-server add section shaper and fwmark option
2023-02-09wwan: T3622: add constraint for username/password CLI nodesChristian Breunig
- Username is up to 128 alphanumerical characters, -, _, #, and @ - Password is limited to ASCII characters only, with a total lenght of 128
2023-02-08T1993: PPPoE-server add section shaper and fwmark optionViacheslav Hletenko
Extended PPPoE-server rate-limiter to avoid shaping marked resources Often this feature needs for ISP, which provides access to some IX or its resources. set service pppoe-server shaper fwmark '223'
2023-02-08T4977: Add Babel routing protocol supportYuxiang Zhu
This PR adds basic Babel routing protocol support using the implementation in FRR. Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
2023-02-07T4971: PPPoE server add named ip pool and attr Framed-PoolViacheslav Hletenko
Add a new feature to allow to use named pools Also it can be used with RADIUS attribute 'Framed-Pool' set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2023-02-04qos: xml: T4284: bandwidh unit suffix is optionalChristian Breunig
2023-02-04bgp: T4817: improve help and constraint error messagesChristian Breunig
2023-02-04bgp: T4817: add local-role (RFC9234) support for peer-groupsChristian Breunig
Extend commit 8a75e92d ("T4817 added support for RFC 9234") to also support peer-groups.
2023-02-04qos: T4969: update "match mark" value rangeChristian Breunig
This improves commit d2885ad0 ("T4969: fix class match mark number").
2023-02-04Merge pull request #1792 from DaniilHarun/currentChristian Breunig
T4969: fix class match mark number
2023-02-04T4817 added support for RFC 9234Kyle McClammy
2023-02-02ocserv: T3896: CLI help and description rewordingJamie Austin
2023-01-31T4969: fix class match mark numberDaniilHarun
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-29xml: T1579: allow zero length for descriptionChristian Breunig
Some older VyOS 1.3 installations seem to use zero-length description fields. Do not break them!
2023-01-28vrrp: T1297: improve gratuitous ARP default value handling and help stringsChristian Breunig
2023-01-28T4958: ocserv: openconnect: adds support for configuring RADIUS accountingJamie Austin
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-26ocserv: T3896: add CLI options to configure ocserv config-per-user/groupJamie Austin
Adds CLI configurations under VPN - OpenConnect to facilitate per user/group vpn session configurations. Validation has been added to restrict config-per-group to be exclusive to OpenConnect RADIUS authentication as the config file is looked up based on a RADIUS response attribute - as well as sanity check that the necessary configs are configured when not disabled.
2023-01-25T1297: VRRP: add garp options to vrrpNicolas Fort
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18ocserv: T4656: only one IP address is supported to listen onChristian Breunig
2023-01-18T4857: change description in cli, and change word oid to uppercase OIDs in ↵Nicolas Fort
warning message
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-07xml: T1579: merge generic-description.xml.i and interface/description.xml.iChristian Poessinger
No need to have two distinct include blocks as one superseeds the other. Also this makes the entire behavior of "description" CLI node simpler.
2023-01-06xml: T4883: allow whitespace in generic-descriptionChristian Poessinger
2023-01-05static: T4883: re-use description XML building blockChristian Poessinger
2023-01-04qos: T4284: add bandwidth percentage valueChristian Poessinger
2023-01-04Merge pull request #1735 from sever-sever/T4904Viacheslav Hletenko
T4904: keepalived virtual-server allow multiple ports with fwmark