summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-06-05Merge pull request #443 from mrozentsvayg/openvpn-T2550-ipv4-remote-hostChristian Poessinger
openvpn: T2550: fix for IPv4 remote-host addresses
2020-06-04openvpn: T2550: fix for IPv4 remote-host addressesMikhail Rozentsvayg
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only configurations stopped working (Address family for hostname not supported) Commit fc467519 fixed some scenarios by using IPv4 protocols if 'local-host' is IPv4 address, but the client mode is using 'remote-host' instead and was still broken. This commit in addition to 'local-host' also checks all the 'remote-host' addresses.
2020-06-05T2548: interface address does not support IP network definitionChristian Poessinger
When migrating all single instances of the IP address XML definition to the reusable include file an error was ported, too. This allowed an interface be assigned an IPv4/IPv6 network address es e.g. 192.0.2.0/24 which is invalid. The validator has been fixed to only allow IPv4/IPv6 host addresses instead.
2020-06-04rip-xml: T2547: XML for conf-mode protocol RIPsever-sever
2020-06-01bgp: T2387: move "aggregate address" to XML includeChristian Poessinger
2020-06-01firewall: T1843: no need to call "sudo" for ownerChristian Poessinger
2020-06-01nat: T2198: no need to call "sudo" for ownerChristian Poessinger
2020-05-31openvpn: T2532: add VRF supportChristian Poessinger
2020-05-30vrf: T2530: instance name must be 15 characters or lessChristian Poessinger
2020-05-29wwan: T1988: add CLI completion helper for "device" nodeChristian Poessinger
2020-05-26dhcpv6-pd: pppoe: T2506: restructure CLIChristian Poessinger
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate <interface>" to "dhcpv6-options prefix-delegation interface <interface>". The change is required to add the possibility to request for specific prefix sized via the CLI. That option was not possible with the old configuration tree.
2020-05-26bgp: xml: T2387: fix warning: missing terminating ' characterChristian Poessinger
2020-05-24fromdos: fix wrong line encodingChristian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger
2020-05-20macvlan: T2023: prepare common source interface include fileChristian Poessinger
2020-05-19Merge pull request #378 from sever-sever/bgp-xml-confChristian Poessinger
bgp-xml: T2387:Commands in XML for [conf_mode] bgp
2020-05-19wireguard: T2481: support IPv6 based underlayChristian Poessinger
2020-05-19dhcpv6-pd: T421: support ethernet based interfacesChristian Poessinger
Add support for prefix delegation when receiving the prefix via ethernet, bridge, bond, wireless.
2020-05-19bgp-xml: T2387:Commands in XML for [conf_mode] bgpsever-sever
2020-05-17pppoe: dhcpv6-pd: T421: initial supportChristian Poessinger
The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0. pppoe pppoe0 { authentication { password vyos user vyos } description sadfas dhcpv6-options { delegate eth0 { interface-id 65535 sla-id 0 sla-len 8 } } ipv6 { address { autoconf } enable } source-interface eth1 } vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 2001:db8:8003:400::ffff/64 u/u
2020-05-17xml: split dhcp, dhcpv6 to individual filesChristian Poessinger
2020-05-16nat: nptv6: T2198: add XML/Python skeletonChristian Poessinger
- define XML CLI interface - read CLI into Python dict
2020-05-16nat: T2198: add common ip-protocol validatorChristian Poessinger
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the negated form with a leading "!".
2020-05-16nat: T2198: add protocol completion helper and regex constraintChristian Poessinger
2020-05-16nat: T2198: split nat-address-port include into individual filesChristian Poessinger
2020-05-16nat: T2198: add ipv4-{address,prefix,rage}-exclude validatorsChristian Poessinger
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
2020-05-16nat: T2198: add new ipv4-range validatorChristian Poessinger
2020-05-16nat: T2198: initial XML and Python representationChristian Poessinger
2020-05-07wireless: T2427: add common interface includes to templateJernej Jakob
2020-05-06sstp: T2392: add IPv6 DNS supportChristian Poessinger
New command added: * set vpn sstp network-settings name-server 2001:db8::1111
2020-05-06sstp: T2392: add initial IPv6 supportChristian Poessinger
New commands added: * set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112 * set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64
2020-04-30dhcpv6-server: T2406: add lease-time validator to XMLChristian Poessinger
2020-04-30dhcpv6-server: T2406: merge sip-server-{address,name} to sip-server nodeChristian Poessinger
The subnet specific nodes sip-server-address & sip-server-name do the same for the user - specify a SIP server. Only the backend is rendered in a different way, as ISC DHCPv6 expects different options. There is absolutely no need for the user to distinguish between both two nodes.
2020-04-26salt: T2385: xml: improve help of id and master-keyChristian Poessinger
2020-04-26salt: T2385: xml: improve completion helpers in intervalChristian Poessinger
2020-04-26salt: T2384: migrate config optionsChristian Poessinger
- delete log_file, log_level and user nodes - rename hash_type to hash - rename mine_interval to interval
2020-04-26salt: T2385: XML: improve completion helpers on hash_typeChristian Poessinger
2020-04-26salt: T2384: always log to syslogChristian Poessinger
2020-04-26salt: T2382: XML: add proper valueHelp and validators for masterChristian Poessinger
2020-04-25login: radius: T2304: add VRF supportChristian Poessinger
This allows the radius client to work when a management VRF is in use.
2020-04-23Merge pull request #374 from DmitriyEshenko/pppoe-impl-auth-protoChristian Poessinger
pppoe-server: T2373: Implement CLI commands for auth protocols
2020-04-23pppoe-server: T2373: Implement CLI commands for auth protocolsDmitriyEshenko