summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2019-10-27snmp: T1769: remove TSM (Transport Security Mode) supportChristian Poessinger
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script. (cherry picked from commit 556b528ef9cc1eca9d142ebe1f8f88cd02d536da)
2019-10-27snmp: T818: T1738: remove per user/trap engine idChristian Poessinger
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID. (cherry picked from commit d523111279b3a9a5266b442db5f04049a31685f7)
2019-10-17snmp: T1737: add missing completion helpersChristian Poessinger
(cherry picked from commit 7f9dceaa7898d6418edcdf148b52b66ccd3bd36a)
2019-09-04T1439: remove beginning and end anchors, they are implied with re.fullmatchJernej Jakob
(cherry picked from commit 03c09b1b0d7dfdab9fc87bc7b017455c45141ced)
2019-09-04T1439: move DUID validator to regexJernej Jakob
(cherry picked from commit 6a6634b02d73cc93cd7368cf2290940b57fae9c7)
2019-09-04T1439: add dhcpv6-client-id validatorJernej Jakob
(cherry picked from commit 87df87e3983e120ad171ae9dc2966309fc14fcd8)
2019-09-04[service https] T1443: rename "server-names" option to "server-name".Daniil Baturin
2019-09-04[service https] T1443: use "listen-address" option instead of "listen-addresses"Daniil Baturin
to follow the established convention.
2019-09-04T1443: backport the HTTP API to crux.Daniil Baturin
Implementation by Daniil Baturin and John Estabrook.
2019-08-29T1598: import the static-host-mappings CLI from current.Daniil Baturin
2019-08-25powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } } (cherry picked from commit dc0f641956d002fa8588ef8d1213791cf36e92f2)
2019-07-23[wireguard] fixing value help typohagbard
(cherry picked from commit 36f8a1e4e5966c43c5330ff223fa2ef07d346b6e)
2019-07-23[wireguard] T1425 - assign a /31 address on Wireguard interfacehagbard
- added a validator for checking if the address is any cidr noted address (cherry picked from commit 2ee0eff1bd04ef02b0769341eee22543f8011b68)
2019-07-21T1537: add missing help for 'set service dns'Christian Poessinger
(cherry picked from commit d99bf6a3a623433e743bb2d1d72e2ef3e0ab5057)
2019-07-19T1527: fix typo, s/IPv5/IPv6/Daniil Baturin
2019-07-01T1498: Nameservers are not propagated into resolv.confKim Hagen
2019-05-20T1174: migrate local hostname/DNS handling to vyos-1xChristian Poessinger
Conflicts: src/conf_mode/host_name.py
2019-04-21[firewall] T314: add firewall options for MSS clampingChristian Poessinger
* clamp MSS IPv4 set firewall options interface pppoe0 adjust-mss '1452' * clamp MSS IPv6 set firewall options interface pppoe0 adjust-mss6 '1452' * disable entire rule set firewall options interface pppoe0 disable Output ------ $ sudo iptables-save -t mangle # Generated by iptables-save v1.4.21 on Sun Apr 21 12:56:25 2019 *mangle :PREROUTING ACCEPT [1217:439885] :INPUT ACCEPT [290:52459] :FORWARD ACCEPT [920:375774] :OUTPUT ACCEPT [301:100053] :POSTROUTING ACCEPT [1221:475827] :VYOS_FW_OPTIONS - [0:0] -A FORWARD -j VYOS_FW_OPTIONS -A VYOS_FW_OPTIONS -o pppoe0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452 COMMIT Completed on Sun Apr 21 12:56:25 2019
2019-04-03[dhcpv6-relay] T1322: support multiple upstream serversChristian Poessinger
Add support for relaying a DHCPv6 packet to multiple servers on one upstream interface. (cherry picked from commit d5b113923aaa776f89749c820d6283b593e80c3a)
2019-03-20[rsyslog] T1282 - Configure VyOS to send syslog messages to remote syslog ↵hagbard
using fully-qualified domain name
2019-03-17T103: [dhcp-server] add support to configure host declarative namesChristian Poessinger
(cherry picked from commit 0fefe3c3b9250ad2ba841287a94036119728c708)
2019-02-28enhancement: T1225 - wireguard implement 'set int wireguard wg0 peer name ↵hagbard
disable' to disable single peers Conflicts: debian/changelog
2019-02-28IP validation for allowed ip corrected.hagbard
2019-02-28fixes T1238 - Wireguard allows invalid IP'shagbard
Conflicts: debian/changelog
2019-01-30dynamic-dns: add completion list for service providersChristian Poessinger
(cherry picked from commit 31b1b2cb8873f62f8054c87953cd8bd59b59add1)
2019-01-12T1041: make upstream DNS server optionalChristian Poessinger
The name-server option under "service dns-forwarding" was never mandatory so users never needed to specify an upstream server. With the recent switch to PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when there is no upstream DNS server configured. (cherry picked from commit 3c563b3ae8397da33a03c0429c17b97eb9625c5f)
2018-12-16Revert "T1087: Firewall on Wireguard Interface implementation"Daniil Baturin
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9. It's not how it's done, those templates are generated by a script in vyatta-cfg-firewall. If we are planning a firewall overhaul in 1.3.x, there's no reason to transplant the old approach to new code.
2018-12-11T1087: Firewall on Wireguard Interface implementationhagbard
2018-12-09T1091: extend DNS forwarding/DNSSEC completion help textChristian Poessinger
2018-12-09T1091: add DNS forwarding completion helpers for DNSSECChristian Poessinger
2018-11-30Fixes: T1061: Wireguard: Missing option to administrativly shutdown interfacehagbard
2018-11-26T835: improve help text for PPPoE CLI.Daniil Baturin
2018-11-23T835: adding description to ppp-optionshagbard
2018-11-19T835: migration script for radius' secret vs. key, rolled back thehagbard
change to 'mode local|radius'
2018-11-18T835: adding default pado delay and mode autocompletehagbard
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
2018-11-14Fixes: T940 adding immark to syslog optionshagbard
2018-11-14T835: accel-ppp pppoe implemetaionhagbard
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs - snmp subagent and master mode - connlimits configurable - more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.) - radius extended options (for HA etc.)
2018-11-09T835: pppoe-server adding radius server back inhagbard
2018-11-09T835: accel-ppp pppoe implementationhagbard
2018-11-07Add back trailing whitespace for smaller diffBrooks Swinnerton
2018-11-07T979: Allow spaces in wireguard interface descrsBrooks Swinnerton
Previous to this commit, setting a Wireguard interface description would result in a validation error similar to the following: ``` brooks@border# set interfaces wireguard wg0 description "Tunnel" [edit] brooks@border# set interfaces wireguard wg0 description "Tunnel tunnel tunnel" interface description is too long (limit 100 characters) Value validation failed Set failed [edit] ``` This commit makes the regex less restrictive up to 100 characters.
2018-11-04T959: XML/Python rewrite of "protocol igmp-proxy" and op-mode commandsChristian Poessinger
Examples: ========= CFG commands: vyos@vyos# set protocols igmp-proxy disable-quickleave vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24' vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24' vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream' vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream' vyos@vyos# show protocols igmp-proxy { disable-quickleave interface eth0 { alt-subnet 172.16.35.0/24 alt-subnet 172.31.0.0/24 role upstream } interface eth1 { role downstream } } OP mode commands: ----------------- vyos@vyos:~$ show ip multicast interface Interface BytesIn PktsIn BytesOut PktsOut Local eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65 eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201 vyos@vyos:~$ show ip multicast mfc Group Origin Pkts Bytes Wrong In Out xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1 xxx.x.xx.2 xxx.xx.0.1 --
2018-11-03T958: Problems with wireguard descriptionhagbard
2018-11-02T939: Remove possibility to specify DHCP relay portChristian Poessinger
2018-10-26T886: validation logic in `interfaces wireguard wgX address x.x.x.x brokenhagbard
- removed ip-host from tree, iproute2 will detect faulty addresses and return exit 1
2018-10-21T634: remove 'service ssh allow-root'Christian Poessinger
2018-10-19Merge branch 'dhcp-relay' into currentChristian Poessinger
* dhcp-relay: dhcpv6-relay: added missing verify() step for listen and upstream interfaces T913: DHCP relay service XML/Python rewrite for IPv6 T913: DHCP relay service XML/Python rewrite for IPv4 vyos-1x now depends on isc-dhcp-relay dns-forwarding: fix XML interface indenting
2018-10-19Add Client keepalive option for use with cloud-initUnicronNL
Add option to specify multiple listening ports Clean up template generation layout
2018-10-17Fixing check for local IP, using validator --is-any-host.hagbard