summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-06-01firewall: T1843: no need to call "sudo" for ownerChristian Poessinger
2020-06-01nat: T2198: no need to call "sudo" for ownerChristian Poessinger
2020-05-31openvpn: T2532: add VRF supportChristian Poessinger
2020-05-30vrf: T2530: instance name must be 15 characters or lessChristian Poessinger
2020-05-29wwan: T1988: add CLI completion helper for "device" nodeChristian Poessinger
2020-05-26dhcpv6-pd: pppoe: T2506: restructure CLIChristian Poessinger
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate <interface>" to "dhcpv6-options prefix-delegation interface <interface>". The change is required to add the possibility to request for specific prefix sized via the CLI. That option was not possible with the old configuration tree.
2020-05-26bgp: xml: T2387: fix warning: missing terminating ' characterChristian Poessinger
2020-05-24fromdos: fix wrong line encodingChristian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger
2020-05-20macvlan: T2023: prepare common source interface include fileChristian Poessinger
2020-05-19Merge pull request #378 from sever-sever/bgp-xml-confChristian Poessinger
bgp-xml: T2387:Commands in XML for [conf_mode] bgp
2020-05-19wireguard: T2481: support IPv6 based underlayChristian Poessinger
2020-05-19dhcpv6-pd: T421: support ethernet based interfacesChristian Poessinger
Add support for prefix delegation when receiving the prefix via ethernet, bridge, bond, wireless.
2020-05-19bgp-xml: T2387:Commands in XML for [conf_mode] bgpsever-sever
2020-05-17pppoe: dhcpv6-pd: T421: initial supportChristian Poessinger
The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0. pppoe pppoe0 { authentication { password vyos user vyos } description sadfas dhcpv6-options { delegate eth0 { interface-id 65535 sla-id 0 sla-len 8 } } ipv6 { address { autoconf } enable } source-interface eth1 } vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 2001:db8:8003:400::ffff/64 u/u
2020-05-17xml: split dhcp, dhcpv6 to individual filesChristian Poessinger
2020-05-16nat: nptv6: T2198: add XML/Python skeletonChristian Poessinger
- define XML CLI interface - read CLI into Python dict
2020-05-16nat: T2198: add common ip-protocol validatorChristian Poessinger
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the negated form with a leading "!".
2020-05-16nat: T2198: add protocol completion helper and regex constraintChristian Poessinger
2020-05-16nat: T2198: split nat-address-port include into individual filesChristian Poessinger
2020-05-16nat: T2198: add ipv4-{address,prefix,rage}-exclude validatorsChristian Poessinger
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
2020-05-16nat: T2198: add new ipv4-range validatorChristian Poessinger
2020-05-16nat: T2198: initial XML and Python representationChristian Poessinger
2020-05-07wireless: T2427: add common interface includes to templateJernej Jakob
2020-05-06sstp: T2392: add IPv6 DNS supportChristian Poessinger
New command added: * set vpn sstp network-settings name-server 2001:db8::1111
2020-05-06sstp: T2392: add initial IPv6 supportChristian Poessinger
New commands added: * set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112 * set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64
2020-04-30dhcpv6-server: T2406: add lease-time validator to XMLChristian Poessinger
2020-04-30dhcpv6-server: T2406: merge sip-server-{address,name} to sip-server nodeChristian Poessinger
The subnet specific nodes sip-server-address & sip-server-name do the same for the user - specify a SIP server. Only the backend is rendered in a different way, as ISC DHCPv6 expects different options. There is absolutely no need for the user to distinguish between both two nodes.
2020-04-26salt: T2385: xml: improve help of id and master-keyChristian Poessinger
2020-04-26salt: T2385: xml: improve completion helpers in intervalChristian Poessinger
2020-04-26salt: T2384: migrate config optionsChristian Poessinger
- delete log_file, log_level and user nodes - rename hash_type to hash - rename mine_interval to interval
2020-04-26salt: T2385: XML: improve completion helpers on hash_typeChristian Poessinger
2020-04-26salt: T2384: always log to syslogChristian Poessinger
2020-04-26salt: T2382: XML: add proper valueHelp and validators for masterChristian Poessinger
2020-04-25login: radius: T2304: add VRF supportChristian Poessinger
This allows the radius client to work when a management VRF is in use.
2020-04-23Merge pull request #374 from DmitriyEshenko/pppoe-impl-auth-protoChristian Poessinger
pppoe-server: T2373: Implement CLI commands for auth protocols
2020-04-23pppoe-server: T2373: Implement CLI commands for auth protocolsDmitriyEshenko
2020-04-23interfaces: T2362: add node to delete the default IPv6 link-local addressJernej Jakob
2020-04-23interfaces: T2362: allow setting multiple 'ipv6 address eui64'Jernej Jakob
2020-04-22Merge branch 'pptp-rewrite' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'pptp-rewrite' of github.com:c-po/vyos-1x: accel-ppp: fix wrong reference in verify() on missing attributes accel-ppp: T2314: bugfix wrong placement of endif in Jinja2 template vpn: pptp: T2351: add support for common radius-additions XML vpn: pptp: T2351: migrate to common radius CLI vpn: pptp: T2351: migrate to common name-server, wins-server nodes accel-ppp: provide common wins-server include definition vpn: pptp: T2351: use first IP from client pool as gateway address vpn: pptp: T2351: align configuration to other accel implementations vpn: pptp: T2351: migrate from SysVinit to systemd vyos.util: migrate all cpu_count() occurances to common get_half_cpus()
2020-04-22vpn: pptp: T2351: add support for common radius-additions XMLChristian Poessinger
2020-04-22vpn: pptp: T2351: migrate to common radius CLIChristian Poessinger