Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-06-05 | Merge pull request #443 from mrozentsvayg/openvpn-T2550-ipv4-remote-host | Christian Poessinger | |
openvpn: T2550: fix for IPv4 remote-host addresses | |||
2020-06-04 | openvpn: T2550: fix for IPv4 remote-host addresses | Mikhail Rozentsvayg | |
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only configurations stopped working (Address family for hostname not supported) Commit fc467519 fixed some scenarios by using IPv4 protocols if 'local-host' is IPv4 address, but the client mode is using 'remote-host' instead and was still broken. This commit in addition to 'local-host' also checks all the 'remote-host' addresses. | |||
2020-06-05 | T2548: interface address does not support IP network definition | Christian Poessinger | |
When migrating all single instances of the IP address XML definition to the reusable include file an error was ported, too. This allowed an interface be assigned an IPv4/IPv6 network address es e.g. 192.0.2.0/24 which is invalid. The validator has been fixed to only allow IPv4/IPv6 host addresses instead. | |||
2020-06-04 | rip-xml: T2547: XML for conf-mode protocol RIP | sever-sever | |
2020-06-01 | bgp: T2387: move "aggregate address" to XML include | Christian Poessinger | |
2020-06-01 | firewall: T1843: no need to call "sudo" for owner | Christian Poessinger | |
2020-06-01 | nat: T2198: no need to call "sudo" for owner | Christian Poessinger | |
2020-05-31 | openvpn: T2532: add VRF support | Christian Poessinger | |
2020-05-30 | vrf: T2530: instance name must be 15 characters or less | Christian Poessinger | |
2020-05-29 | wwan: T1988: add CLI completion helper for "device" node | Christian Poessinger | |
2020-05-26 | dhcpv6-pd: pppoe: T2506: restructure CLI | Christian Poessinger | |
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate <interface>" to "dhcpv6-options prefix-delegation interface <interface>". The change is required to add the possibility to request for specific prefix sized via the CLI. That option was not possible with the old configuration tree. | |||
2020-05-26 | bgp: xml: T2387: fix warning: missing terminating ' character | Christian Poessinger | |
2020-05-24 | fromdos: fix wrong line encoding | Christian Poessinger | |
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-21 | macsec: T2023: add valueHelp for MKA keys | Christian Poessinger | |
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: remove gcm-aes-256 cipher type | Christian Poessinger | |
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2. | |||
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |
2020-05-20 | macvlan: T2023: prepare common source interface include file | Christian Poessinger | |
2020-05-19 | Merge pull request #378 from sever-sever/bgp-xml-conf | Christian Poessinger | |
bgp-xml: T2387:Commands in XML for [conf_mode] bgp | |||
2020-05-19 | wireguard: T2481: support IPv6 based underlay | Christian Poessinger | |
2020-05-19 | dhcpv6-pd: T421: support ethernet based interfaces | Christian Poessinger | |
Add support for prefix delegation when receiving the prefix via ethernet, bridge, bond, wireless. | |||
2020-05-19 | bgp-xml: T2387:Commands in XML for [conf_mode] bgp | sever-sever | |
2020-05-17 | pppoe: dhcpv6-pd: T421: initial support | Christian Poessinger | |
The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0. pppoe pppoe0 { authentication { password vyos user vyos } description sadfas dhcpv6-options { delegate eth0 { interface-id 65535 sla-id 0 sla-len 8 } } ipv6 { address { autoconf } enable } source-interface eth1 } vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 2001:db8:8003:400::ffff/64 u/u | |||
2020-05-17 | xml: split dhcp, dhcpv6 to individual files | Christian Poessinger | |
2020-05-16 | nat: nptv6: T2198: add XML/Python skeleton | Christian Poessinger | |
- define XML CLI interface - read CLI into Python dict | |||
2020-05-16 | nat: T2198: add common ip-protocol validator | Christian Poessinger | |
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the negated form with a leading "!". | |||
2020-05-16 | nat: T2198: add protocol completion helper and regex constraint | Christian Poessinger | |
2020-05-16 | nat: T2198: split nat-address-port include into individual files | Christian Poessinger | |
2020-05-16 | nat: T2198: add ipv4-{address,prefix,rage}-exclude validators | Christian Poessinger | |
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT. | |||
2020-05-16 | nat: T2198: add new ipv4-range validator | Christian Poessinger | |
2020-05-16 | nat: T2198: initial XML and Python representation | Christian Poessinger | |
2020-05-07 | wireless: T2427: add common interface includes to template | Jernej Jakob | |
2020-05-06 | sstp: T2392: add IPv6 DNS support | Christian Poessinger | |
New command added: * set vpn sstp network-settings name-server 2001:db8::1111 | |||
2020-05-06 | sstp: T2392: add initial IPv6 support | Christian Poessinger | |
New commands added: * set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112 * set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64 | |||
2020-04-30 | dhcpv6-server: T2406: add lease-time validator to XML | Christian Poessinger | |
2020-04-30 | dhcpv6-server: T2406: merge sip-server-{address,name} to sip-server node | Christian Poessinger | |
The subnet specific nodes sip-server-address & sip-server-name do the same for the user - specify a SIP server. Only the backend is rendered in a different way, as ISC DHCPv6 expects different options. There is absolutely no need for the user to distinguish between both two nodes. | |||
2020-04-26 | salt: T2385: xml: improve help of id and master-key | Christian Poessinger | |
2020-04-26 | salt: T2385: xml: improve completion helpers in interval | Christian Poessinger | |
2020-04-26 | salt: T2384: migrate config options | Christian Poessinger | |
- delete log_file, log_level and user nodes - rename hash_type to hash - rename mine_interval to interval | |||
2020-04-26 | salt: T2385: XML: improve completion helpers on hash_type | Christian Poessinger | |
2020-04-26 | salt: T2384: always log to syslog | Christian Poessinger | |
2020-04-26 | salt: T2382: XML: add proper valueHelp and validators for master | Christian Poessinger | |
2020-04-25 | login: radius: T2304: add VRF support | Christian Poessinger | |
This allows the radius client to work when a management VRF is in use. | |||
2020-04-23 | Merge pull request #374 from DmitriyEshenko/pppoe-impl-auth-proto | Christian Poessinger | |
pppoe-server: T2373: Implement CLI commands for auth protocols | |||
2020-04-23 | pppoe-server: T2373: Implement CLI commands for auth protocols | DmitriyEshenko | |