summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2021-11-24openconnect: T3695: Fix certificate files validationDmitriyEshenko
2021-11-15l2tp: T3724: allow setting accel-ppp l2tp host-nameMarek Isalski
(cherry picked from commit 3d00140453b3967370c77ddd9dac4af223a7ddce)
2021-11-14dhcp-server: T3982: dot (.) is an allowed static-mapping characterChristian Poessinger
This reverts a part of commit ac682795b7d69f11076ddf022c3452e411a0fdc5. (cherry picked from commit 1353757247c027f6352000a9450b502c25c460c8)
2021-11-10dhcp-server: T3982: remove support for invalid characters . and +Christian Poessinger
(cherry picked from commit c45e4beadf30accb1838b3bad1f21c2146469bf8)
2021-11-07bonding: T1614: add constraint on member interface names to be usedChristian Poessinger
(cherry picked from commit a4cf71912d52de4398273405b5682d8da5e1dbe3)
2021-11-04sstp: accel-ppp: T3964: add missing input validator for static-ip assignmentChristian Poessinger
(cherry picked from commit b8f702bc7b6e92b8841271b4a2355d2b65ccb247)
2021-11-03sstp: T2566: use XML defaultValue over Jinja2 hardcoded valueChristian Poessinger
2021-11-02sstp: T2566: Fix to allow IPv6 only poolsViacheslav
To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it.
2021-10-31console: T3954: bugfix RuntimeError: dictionary keys changed during iterationChristian Poessinger
(cherry picked from commit f227987ccf41e01d4ddafb6db7b36ecf13148c78)
2021-10-21tunnel: T3925: dhcp-interface was of no use - use source-interface insteadChristian Poessinger
2021-10-13dns: T3277: DNS Forwarding - reverse zones for RFC1918 addressesHard7Rock
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c) (cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
2021-10-10lcd: T2564: add support for hd44780 displaysChristian Poessinger
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
2021-09-30vrrp: T3877: backport handlers to solve "default rfc3768-compatibility" issueJohn Estabrook
Do not create rfc3768-compatibility interfaces by default because of wrong Jinja2 syntax. Backporting the entire system makes it easier in the future to additional bugfixes.
2021-09-26vxlan: T3867: add multicast validator for group addressChristian Poessinger
The group CLI node takes a multicast IPv4 or IPv6 address - this must be input validated to not case any OS exception cpo@LR1.wue3# show interfaces vxlan vxlan vxlan0 { + group 254.0.0.1 source-address 172.18.254.201 + source-interface dum0 vni 10 } Results in OSError beeing rasied with the following context: Error: argument "254.0.0.1" is wrong: invalid group address (cherry picked from commit 0d7cd4ed5725d3e79faad5abc0801631c2ffc813)
2021-09-23T3850: Revert "login: T1948: add missing ssh-public key name regex"Christian Poessinger
This reverts commit 38e02c12a50de685c6d70954cd94a224e8083f0b.
2021-09-21xml: vrrp: T616: add missing valueHelp for "authentication type"Christian Poessinger
(cherry picked from commit 6541bdbe792a3cc420f0367e673f27763528376c)
2021-09-21dhcp-server: T3839: support domain-search and ntp-server config per ↵Christian Poessinger
shared-network (cherry picked from commit 689d1824d251ea9fbd81bf0c941dbd36e33ef420)
2021-09-19xml: dhcp-server: move building blocks to dhcp subdirectoryChristian Poessinger
(cherry picked from commit 59e5b5eb4c0507f9d3831483152a748b58560bfd)
2021-09-19dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' (cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b)
2021-09-19dhcpv6-server: xml: add description CLI nodeChristian Poessinger
(cherry picked from commit 90dffcb3c14ec976fecae32d19a979f05a40d9c8)
2021-09-19dhcp-server: xml: use description building blockChristian Poessinger
(cherry picked from commit 564f05614b6e8650185c46b9625f6a0cd9661639)
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides. (cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
2021-09-19dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. (cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
2021-09-19dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } (cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
2021-09-19T3840: Allow larger DNS forwarding cache sizesLucas Christian
(cherry picked from commit 60f34805d72973e510d1381e4b67a73d0a0952f4)
2021-09-18OpenConnect: Fix typo in help propertyMarcel Gisselmann
2021-09-15typo: remove unnecessary 'i' from helpJavinator9889
(cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25)
2021-09-11Merge pull request #1001 from erkin/equuleusDaniil Baturin
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
2021-09-10T3275: conntrack: Backport XML/Python implementation of conntrack CLIerkin
2021-09-05name-server: T3804: merge "system name-servers-dhcp" into "system name-server"Christian Poessinger
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP address we wan't to use. We also have "set system name-servers-dhcp <interface>" which does the same, but the name-server in question is retrieved via DHCP. Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>" to keep things as they are in real life - we need a name-server.
2021-09-04T3697: do not try to restart charon if it's not requiredDaniil Baturin
The root cause is that the ipsec-settings.py script is run _twice_: first from "vpn ipsec options", then from the top level "vpn" node. The case when it's not required is when: * "vpn ipsec" configuration doesn't exist yet * user configured it with "vpn ipsec options" * the ipsec-settings.py script is run first time, from "vpn ipsec options" Trying to restart charon at that stage leads to a deadlock.
2021-09-03openvpn: T690: Add metric for pushed routesViacheslav
2021-09-02nipsec: T3093: Delete temporarily generated codeViacheslav
This code was generated before to rewrite IPSec to XML style And this was rewriten/fixed and used in the next 1.4 releases So we realy don't need it in 1.3 as we use old nodes for it.
2021-09-01login: T1948: add missing ssh-public key name regexChristian Poessinger
(cherry picked from commit 514da738173696c70440c959b9d7ec9afd77fbae)
2021-09-01login: T1948: fix username regex - add missing start ^ and end $Christian Poessinger
(cherry picked from commit bbe0deda9bfcfd4116c44b42156a628de8400b48)
2021-08-31ssh: T3789: add custom validator for base64 encoded CLI dataChristian Poessinger
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. (cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
2021-08-30ethernet: T3787: remove deprecated UDP fragmentation offloading optionChristian Poessinger
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net: Remove references to NETIF_F_UFO from ethtool.").
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)
2021-08-25isis: T3779: backport entire 1.4 (current) featuresetChristian Poessinger
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time.
2021-08-22bridge: T3137: backport vlan features from 1.4 currentChristian Poessinger
2021-08-22pppoe: T1318: bump priority by 1 so we can source from pseudo-ethernet ↵Christian Poessinger
interfaces (cherry picked from commit 081e0334c00887c373fafde761cca960667be21b)
2021-08-22pppoe: T1318: implement missing access-concentrator CLI optionChristian Poessinger
(cherry picked from commit b121ee14ff1961b56568b0116de3c246ea4af934)
2021-08-22xml: interfaces: use one common building block for "disable-forwarding"Christian Poessinger
Both building blocks only differed in the help text, so use IP for both IPv4 and IPv6. (cherry picked from commit 0e751221d0832acac807e7f0bc97d7bb31230c3a)
2021-08-22xml: remove superfluous "interface" prefix from interface includesChristian Poessinger
(cherry picked from commit 0a8a0188033d6b27c521f082fdddae9873dd5d3d)
2021-08-19xml: T3768: drop early XML syntaxVersion implementationJohn Estabrook
2021-08-17xml: cleanup - replace format "text" with "txt" as required by the BASH helpersChristian Poessinger
(cherry picked from commit 51f7ce31bc60ea9933848bc23efda9386e39a151)
2021-08-05nat: T1083: add translation options for persistent/random mapping of address ↵Igor Melnyk
and port Tested using: set destination rule 100 inbound-interface 'eth0' set destination rule 100 translation address '19.13.23.42' set destination rule 100 translation options address-mapping 'random' set destination rule 100 translation options port-mapping 'none' set source rule 1000 outbound-interface 'eth0' set source rule 1000 translation address '122.233.231.12' set source rule 1000 translation options address-mapping 'persistent' set source rule 1000 translation options port-mapping 'fully-random'
2021-07-25tunnel: T3173: add new options "no-pmtu-discovery" and "ignore-df"Christian Poessinger