summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2023-01-24Merge pull request #1773 from c-po/equuleusChristian Breunig
container: T4947: support mounting container volumes as ro or rw (equuleus backport)
2023-01-22validators: T4798: replace python file-exists validator with file-pathChristian Breunig
(cherry-picked from commit 046bb9ccd56ac5e97c638bb4a9ca856d3d36026a)
2023-01-21validators: T4875: use file-path to replace validator 'interface-name'Christian Breunig
(cherry picked from commit f0bc6c62016d285f0645c4b3ba8b1451c40c637f)
2023-01-21container: T4947: support mounting container volumes as ro or rwChristian Breunig
Whenever a container is used and a folder is mounted, this happenes as read-write which is the default in Docker/Podman - so is the default in VyOS. A new option is added "set container name foo volume mode <ro|rw>" to specify explicitly if rw (default) or ro should be used for this mounted folder. (cherry picked from commit 275ea7303cfdb79c042da1b710622aee17a488a8)
2023-01-15Merge pull request #1670 from vfreex/dhcp-v6-only-option-1.3Christian Breunig
[1.3] T4832: dhcp: Add dhcp option to signal IPv6-only support (RFC 8925)
2023-01-08ssh: T4922: add source-interface support ssh-clientChristian Poessinger
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
2022-12-31Merge pull request #1731 from c-po/t578-container-backportChristian Poessinger
container: T578: backport podman from 1.4 development branch (equuleus)
2022-12-30container: T578: backport podman from 1.4 development branchChristian Poessinger
2022-12-30dummy: T4898: add missing IPv6 options for smoketestsChristian Poessinger
(cherry picked from commit e5a5684eb4004772439b2dc33ec21b7546db3fe1)
2022-12-30T4898: Add mtu config option for dummy interfacesYuxiang Zhu
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to force VXLAN send underlay UDP traffic through the VRF where the dummy interface resides. However dummy interface has no mtu option so it always gets an MTU of 1500. This will cause an error when the mtu of dummy is not large enough for the VXLAN traffic. Adding this option in the config template will solve this. (cherry picked from commit 1440ef93e13d15e2247cbfc2cb4ea2afb266fc9e)
2022-12-26Merge pull request #1717 from roedie/1.3-T4809Christian Poessinger
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
2022-12-22Merge pull request #1722 from aapostoliuk/webproxybackportChristian Poessinger
T3810: Fixed all issues in T3810
2022-12-22T3810: Fixed all issues in T3810aapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 5. Fixed generation dest local sections in squidGuard.conf 6. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf 7. Backported all changes from 1.4 to 1.3 which were made in T3810 8. Fixed webproxy smoketest
2022-12-17T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-17Merge pull request #1259 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-12-17Merge pull request #1557 from initramfs/equuleus-fix-tcp-mssChristian Poessinger
firewall: T4709: fix firewall MSS clamping issues
2022-11-21T4832: dhcp: Add dhcp option to signal IPv6-only supportYuxiang Zhu
Clients supporting this DHCP option (DHCP option 108, per RFC 8925) will disable its IPv4 network stack for configured number of seconds and operate in IPv6-only mode. Example clients supporting this option including iOS 15+ and macOS 12.0.1+.
2022-10-30snmp: T4785: allow @, * and # in SNMP community nameChristian Poessinger
(cherry picked from commit 3f91033927d80748b70e1ef58b2941643d1aca33)
2022-10-29snmp: T4785: allow ! in community nameChristian Poessinger
(cherry picked from commit dda62226353ebc198b4dbbd319412bb5d1d1ece2)
2022-10-15Merge pull request #1579 from sever-sever/T4743Viacheslav Hletenko
ddclient: T4743: Add option for IPv6 Dynamic DNS
2022-10-13monitoring: T4312: Ability to set IP address in the URLViacheslav Hletenko
Use common "url.xml" which allow URL as domain name or IP entrie
2022-10-10ddclient: T4743: Add option for IPv6 Dynamic DNSViacheslav Hletenko
Allow to set IPv6 address for Dynamic DNS set service dns dynamic interface eth2 ipv6-enable
2022-09-26firewall: T4709: adjust TCP MSS clamping ranges and optionsinitramfs
This commit fixes MSS clamping ranges as well as reintroduces the clamp-mss-to-pmtu option value to clamp to PMTU instead.
2022-09-20policy: local-route(6): set priority propertyHenning Surmeier
Co-authored-by: initramfs <initramfs@initramfs.io>
2022-09-20local-route6: use ipv6 value help for sourceHenning Surmeier
2022-08-29rpki: T4654: Fix RPKI cache descriptionViacheslav Hletenko
Fix wrong descriptions for the RPKI server It was mentioned about the NTP server
2022-08-25proxy: T4642: allow https proxy transportsChristian Poessinger
(cherry picked from commit 73be77ec42d06a369974bfb1255839164f73c276)
2022-08-24proxy: T4642: bugfix regex, add hyphen to allow listChristian Poessinger
(cherry picked from commit bfa13e367d0b77105ba350a34da8212859f07f59)
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain> (cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
2022-08-15macsec: T4537: allow 32-byte keys for gcm-aes-256Christian Poessinger
(cherry picked from commit 393355f7feaa921eba46b83d4f15ad4a5c37adab)
2022-08-01mtu: T4572: Add DHCP-option MTU to get values from DHCP-serverViacheslav Hletenko
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured (cherry picked from commit 29b0ee30bf2622a40ca3d17e3f6b9e94e5b62072)
2022-07-24Merge pull request #1416 from sever-sever/T2763-eqDaniil Baturin
snmp: T2763: Add protocol TCP for service SNMP
2022-07-18Merge pull request #1406 from c-po/equuleus-interface-fixesDaniil Baturin
equuleus: Bond and Bridge interface fixes + new smoketests
2022-07-18bond: T4522: add ability to specify mii monitor interval via CLIChristian Poessinger
Linux Kernel supports to specify the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 100. set interfaces bonding bond0 mii-mon-interval <n> (cherry picked from commit 4315c8fa5bb090e2b7edd6bda205041623e2511d)
2022-07-15snmp: T2763: Add protocol TCP for service SNMPViacheslav Hletenko
Ability to listen TCP port for service SNMP set service snmp protocol tcp
2022-07-09Merge pull request #1364 from sever-sever/T4468-eqChristian Poessinger
webproxy: T4468: Fix regex for squidguard source-group 1.3
2022-07-09Merge pull request #1392 from sever-sever/T4507-eqChristian Poessinger
accel-ppp: T4373: T4507: Add options multiplier for shaper
2022-07-07Merge pull request #1390 from c-po/t4456-ntp-equuleusChristian Poessinger
ntp: T4456: support listening on specified interface (equuleus)
2022-07-07Merge pull request #1400 from c-po/t4509-pdns-6to4-equuleusChristian Poessinger
dns: T4509: Add dns64-prefix option (equuleus)
2022-07-07dns: T4509: Add dns64-prefix optionViacheslav Hletenko
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96 (cherry picked from commit 2bdf4798570222b57af2de2f0b443529abdc3feb)
2022-07-05ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-07-05pppoe-server: T4373: Add option multiplier for correct shapingViacheslav Hletenko
Multiplier option is required by some vendors for correct shaping For RADIUS based rate-limits edit service pppoe-server set authentication radius rate-limit multiplier '0.001'
2022-07-05hosts: T2683: Allow multiple entries for static-host-mappingViacheslav
(cherry picked from commit b1db3de80b8b5f4e2dcbc6d687d342986345c4b2)
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name> (cherry picked from commit 6732df1edd632b56d3d02970939f51d05d4262e9)
2022-06-28mpls: T4489: Set priority 400 for MPLS after tunnelViacheslav Hletenko
Fix wrong behavior with priority by using tunnel interfaces MPLS configuration must be applied after tunnel interfaces as we use an addition sysctl option 'net.mpls.conf.tun0.input = 1' which doesn't exist without a tunnel interface Change priority: 299 protocols/mpls 380 interfaces/tunnel To: 380 interfaces/tunnel 400 protocols/mpls
2022-06-17webproxy: T4468: Fix regex for squidguard source-groupViacheslav Hletenko
(cherry picked from commit fbd3bef2248de5785f96d2e7803a6811eee78710)
2022-06-09Merge pull request #1271 from sever-sever/T2580-equChristian Poessinger
ipoe: T2580: Add pools and gateway options
2022-05-27dhcp6: pd: T4447: bugfix sla-id limits (must be greater then 128Christian Poessinger
The sla-id parameter of DHCPv6 prefix delegations is limited to 128. While this is enough to use all /64 subnets of a /57 prefix, with a /56 prefix that is no longer sufficient. Increased sla-id length tp 65535 so one could delegate an entire /48. (cherry picked from commit 283276d457a09c100416c0d4ffccd4f94ccd2540)
2022-05-25ipoe: T2580: Add pools and gateway optionsViacheslav Hletenko
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-05-09monitoring: T4315: Add telegraf output plugin prometheus-clientViacheslav Hletenko
Add output Plugin "prometheus-client" for telegraf set service monitoring telegraf prometheus-client xxx