summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-10-11tftp-server: T2974: migrate to get_config_dict()Christian Poessinger
2020-10-11nat: T2198: use proper validators for dnat translation addressChristian Poessinger
2020-10-07Merge pull request #563 from lucasec/dns-source-addressChristian Poessinger
pdns_recursor: T2964: Expose query-local-address to dns config.
2020-10-06pdns_recursor: T2964: Expose query-local-address to dns config.Lucas Christian
In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family.
2020-10-06openconnect: T2036: reuse accel-name-server.xml.iChristian Poessinger
2020-10-06xml: tftp-server: include/reuse port-number.xml.iChristian Poessinger
2020-10-06xml: include: add common helper file for listen-addressChristian Poessinger
2020-10-05Update search domain error message to match new validation logic.Lucas Christian
(also converted file to unix line endings)
2020-10-05wireless: T2963: set default "both" on "security wpa mode"Christian Poessinger
2020-10-05dhcp(v6)-server: T2961: use fqdn validator wnd move to include snippedChristian Poessinger
Migrate the domain-search node (which occurs three times) to an includable snippet. Also re-use the fqdn validator to keep the regex patterns to as few locations as possible.
2020-10-05Merge pull request #562 from lucasec/dhcpv6-statelessChristian Poessinger
dhcpv6: T2961: support stateless dhcpv6 clients
2020-10-04dhcpv6: T2961: support stateless dhcpv6 clientsLucas Christian
This commit adds support for configuring the DHCPv6 server to serve "stateless" DHCPv6 clients (those that send an information-request message and do not request an address). The change introduces a `common-options` node at the `shared-network-name` level, which allows specifying options applicable to clients regardless of subnet assigned (or in the case of stateless clients, when no subnet is assigned). Parameters specified at the subnet level take precedence over those set at the shared-network level. Presently, only parameters that are meaningful to stateless clients have been exposed under `common-options`, as there is no precedent of exposing parameters at multiple levels under the current DHCPv4 or DHCPv6 configuration syntax. If desired, additional parameters could certainly be added with relative ease.
2020-10-04sstp: T2960: migrate to get_config_dict() and reusable templatesChristian Poessinger
2020-10-04l2tp: pptp: pppoe-server: T2953: use common Accel-PPP MTU include fileChristian Poessinger
2020-10-04l2tp: pptp: sstp: pppoe-server: T2953: use common include for client-ip-poolChristian Poessinger
2020-10-04pppoe-server: T2953: rename CLI local-ip to gateway-addressChristian Poessinger
Required to get a common CLI for all services provided by Accel-PPP. Once the CLI for each service is consitent - Jinja2 templates can be reused together with get_config_dict().
2020-10-04xml: include: add comment about source filename to every include snippetChristian Poessinger
2020-10-04sstp: T2953: migrate gateway-address, client-ip-settings to common levelChristian Poessinger
* move "network-settings gateway-address" to "gateway-address" * move "network-settings client-ip-settings" to "client-ip-pool"
2020-10-03sstp: T2953: migrate mtu to common levelChristian Poessinger
Preparation before using get_config_dict() and common Jinja2 templates.
2020-10-03sstp: T2953: migrate name-server settions to common levelChristian Poessinger
In order to reuse as much as possible before migrationg to get_config_dict() and re-use Jinja2 snippets the name-server node must be moved one level up to 'set vpn sstp name-server'.
2020-10-03pppoe-server: T2956: make use of defaultValue list featureChristian Poessinger
2020-10-03accel-ppp: T2953: fix missing defaultValue on mppeChristian Poessinger
Commit ba050937 ("accel-ppp: T2953: drop redundant CLI definitions ") dropped the defaultValue of 'prefer' for MPPE making the smoketests fail. This has been corrected.
2020-10-02sstp: T2953: migrate ppp-settings to ppp-options nodeChristian Poessinger
2020-10-02acces-ppp: T2953: drop redundant CLI definitionsChristian Poessinger
2020-10-01pppoe-server: T2936: move to get_config_dict()Christian Poessinger
For easier configuration read in (CLI) validation and also template rendering it makes sense to drop the old, single implementation and move to the new, generic get_config_dict() approach. Recurring configuration parts like ip-pool, ipv6-pool and nameservers have also been split our into individual templates which will be included through Jinja2 - leading to a single-source of the template sections, too.
2020-09-29vrrp: T2933: Add option virtual-address-excludedsever-sever
2020-09-28pppoe-server: T2919: Add possibility change Called-Station-Id formatDmitriyEshenko
2020-09-27vxlan: geneve: T2930: add CLI node to set MAC addressChristian Poessinger
2020-09-26Merge pull request #554 from sever-sever/T2918Christian Poessinger
accel-ppp: T2918: Add accounting interim jitter option
2020-09-26macsec: T2023: shift priority to run on vxlan/geneve source-interfaceChristian Poessinger
2020-09-26accel-ppp: T2918: Add accounting interim jitter optionsever-sever
2020-09-26accel-ppp: T2917: Add Preallocate NAS-port-idsever-sever
2020-09-26xml: interface-definitions: fix wrong file extension of inlcude filesChristian Poessinger
Files which are included by others whouls have the ".xml.i" extension.
2020-09-25dns: forwarding: T2921: migrate to get_config_dict()Christian Poessinger
2020-09-24wireless: T2241: add "wds" CLI optionChristian Poessinger
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-09-22conf-mode: T2915: Adding lost option proxy-arp-pvlan for vlansever-sever
2020-09-20macsec: T2023: add missing mtu CLI optionChristian Poessinger
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come.
2020-09-20wwan: ifconfig: T2905: sync CLI nodes in dialup interfacesChristian Poessinger
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use different CLI nodes for the same functionality. PPPoE has "connect-on-demand" to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose. Rename WWAN "ondemand" node to "connect-on-demand".
2020-09-20vif-s: ifconfig: T2903: use explicit VLAN protocol over raw numbersChristian Poessinger
In the past we had to provide the ethertype value used for the VLAN protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q). This should be changed to a more user friendly CLI node (protocol over ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in presenting RAW information from the ethernet header to the user. Also iproute2 calls it protocol which makes way more sense over the "raw" value.
2020-09-17Merge pull request #546 from DmitriyEshenko/cur-1x-rbChristian Poessinger
ethernet: T2891: Add ethernet ring-buffer CLI commands
2020-09-17ethernet: T2891: Add ethernet ring-buffer CLI commandsDmitriyEshenko
2020-09-16wireless: T1627: "capabilities ht smps" is not a multi nodeChristian Poessinger
2020-09-16wireless: T1627: "capabilities ht max_amsdu" is not a multi nodeChristian Poessinger
VyOS 1.2 confirmed it was a regular node - copy/paste error.
2020-09-13bonding: T2877: support configuration of minimum number of active linksChristian Poessinger
Specifies the minimum number of links that must be active before asserting carrier. It is similar to the Cisco EtherChannel min-links feature. This allows setting the minimum number of member ports that must be up (link-up state) before marking the bond device as up (carrier on). This is useful for situations where higher level services such as clustering want to ensure a minimum number of low bandwidth links are active before switchover. This option only affects 802.3ad mode. The default value is 0. This will cause carrier to be asserted (for 802.3ad mode) whenever there is an active aggregator, regardless of the number of available links in that aggregator. Note that, because an aggregator cannot be active without at least one available link, setting this option to 0 or to 1 has the exact same effect.
2020-09-13ddclient: T2858: migrate to get_config_dict()Christian Poessinger
2020-09-09openconnect: T2036: Move CLI commands under vpn openconnectDmitriyEshenko
2020-08-26pppoe-server: bugfix MPPE node definitionChristian Poessinger
PPPoE server supports setting the MPPE preferences, it is implemented as node with leafNodes for require, prefer and deny. This will render a wrong AccelPPP configuration as it will be "None" if specified. pppoe-server { ppp-options { mppe { deny require } } } instead it must be: pppoe-server { ppp-options { mppe require } }
2020-08-23dhcpv6-pd: T2677: add support for rapid-commit optionChristian Poessinger
When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements.
2020-08-22dhcpv6-pd: T2677: optimize CLI interface for PD configurationChristian Poessinger
The current CLI did not support multiple prefix-delegations per interface. Some ISPs only send one /64 to a client per prefix-delegation request, but they allow the customer to request multiple prefixes. The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0). In the past the user needed to know what prefix will be assigned and required to calculate the sla-len by himself. The 'sla-len' node was dropped and is now calculated in the background from the 'dhcpv6-options pd 0 length' node. It is no longer mandatory to supply the 'sla-id' node, if sla-id is not specified it is 'guessed' by counting upwards. Example configuration: ---------------------- ethernet eth1 { address dhcpv6 dhcpv6-options { pd 0 { length 56 interface eth2 { address 1 } } } } This will request a /56 assignment from the ISP and will delegate a /64 network to interface eth2. VyOS will use the interface address ::1 on the delegate interface (eth2) as its local address.