summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-04-30Merge pull request #3377 from vyos/mergify/bp/sagitta/pr-3371Christian Breunig
openconnect: T4982: Support defining minimum TLS version in openconnect VPN (backport #3371)
2024-04-30T6169: DNS forwarding should allow underscore for srv recordViacheslav Hletenko
This srv recors looks valid: ``` set service dns forwarding authoritative-domain _tcp.db.mongors1.example.com records srv _mongodb entry 0 hostname 'mongors1.example.com' ``` But FQDN validator cannot validate it correctly, use regex to fix (cherry picked from commit 3c37b6a44dca552da950b5288a30c7e074d58704)
2024-04-30T6273: Allowed the use of "-" and "_" in PPPoE access-concentrator nameaapostoliuk
Allowed the use of "-" and "_" in PPPoE access-concentrator name (cherry picked from commit de38b01710958b7f7dababcff9557e4be98c8450)
2024-04-30openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
(cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5)
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms (cherry picked from commit 0bf4b570fe2d239b9fbabd3ae801ad3f04a06bde)
2024-04-23T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵Windom WU
config (cherry picked from commit 984c386d11ead8371b7ac381e6c0921473e557ed)
2024-04-22xml: T5738: fix typo in radius-additions.xml.iAndré Luiz dos Santos
(cherry picked from commit 8d0aa7bfb83aecb989ab01b6d1975cf23f1c7dcb)
2024-04-22T6237: IPSec remote access VPN: ability to set EAP ID of clientsAlex W
(cherry picked from commit 78ea623df20b44309cc6ac9848ed18e97fc4ed03)
2024-04-21Merge pull request #3332 from vyos/mergify/bp/sagitta/pr-3325Christian Breunig
T6246: basic haproxy http-check configuration (backport #3325)
2024-04-21T6246: improve haproxy http check configurationNicolas Vollmar
(cherry picked from commit 050f24770aec7a74c1a07ba64cf2cb83afb72f1a)
2024-04-20gre: T6252: allow tunnel MTU to exceed 8024 bytesfett0
(cherry picked from commit 4cde677e9e128bc9b62fad720b1b6f6cac506954)
2024-04-19T6246: adds basic haproxy http-check configurationNicolas Vollmar
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
2024-04-16Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315Christian Breunig
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
2024-04-16T5722: Failover route add option onlinkViacheslav Hletenko
onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. Useful when gateway not in the same interface network set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10 set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink ``` vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover Error: Nexthop has invalid gateway. [edit] vyos@r4# [edit] vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover [edit] vyos@r4# ``` (cherry picked from commit bb832acb97881d747a57da2728eab3ad138b8129)
2024-04-16T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates (cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos (cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
2024-04-13qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy (cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
2024-04-11T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> ↵Nicolas Fort
in order to not allow string starting with dot character; use such constraint in firewall group definitions. (cherry picked from commit c455a1f71674300b8a74863ddfe6e551fe8fd252)
2024-04-09container: T6210: add capability sys-nicetheflakes
(cherry picked from commit b8f3c61ca514cacdfc2495f16869c1b1e07d2bbc)
2024-04-07xml: T5862: drop defaultValue from mtu-68-16000.xml.i - use individual valuesChristian Breunig
In order to lower the Ethernet default MTU we need to drop the common defaultValue from the XML mtu-68-16000.xml.i building block. Per interface default MTU is later overloaded by XML. (cherry picked from commit e86761fa1307596c721c3ddf3a61d263e8f5177b)
2024-04-07container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones. (cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
2024-04-06conntrack-sync: T1244: add CLI support for StartupResyncNataliia Solomko
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
2024-04-03T6068: T6171: change <fail-over> node from dhcp-server to ↵Nicolas Fort
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
2024-04-02ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. (cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
2024-04-02xml: T5738: extend VRF building blocks with common constraint definitionChristian Breunig
(cherry picked from commit 32d6a693de99021d2cd44fb4235e929caf7b4a6d)
2024-04-01bgp: T6151: Fix description in PEER disable-connected-checkfett0
(cherry picked from commit 24d0400b9c55cadef1eb99b3e84a363dd6ad5033)
2024-04-01bgp: T6151: Fix description in PEER disable-connected-checkfett0
(cherry picked from commit 84b6f6bcf59d526c35928c974e3f2d03c4d5ec06)
2024-04-01bgp: T6151: Allow configuration of disable-ebgp-connected-route-checkfett0
(cherry picked from commit 85e5ccbab85c8ded426896d61bcf64d329768f2c)
2024-04-01bgp: T6010: Allow configuration of disable-ebgp-connected-route-checkfett0
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
2024-03-28Merge pull request #3197 from vyos/mergify/bp/sagitta/pr-3193Christian Breunig
T6121: Extend config-sync for QoS and system options (backport #3193)
2024-03-28T5832: VRRP allow set interface for exluded-addressViacheslav Hletenko
Ability to set interface for `excluded-address` The excluded-addresses are not listed in the VRRP packet (adverts packets). We have this ability for `address`, add the same feature for the excluded-address ``` set high-availability vrrp group GRP-01 excluded-address 192.0.2.202 interface 'dum2' set high-availability vrrp group GRP-01 excluded-address 192.0.2.203 interface 'dum3' ``` (cherry picked from commit 0daf445abcd00446da21fe0220d41d5fdde95ebd)
2024-03-28Merge pull request #3204 from vyos/mergify/bp/sagitta/pr-2965Daniil Baturin
T5872: ipsec remote access VPN: support dhcp-interface. (backport #2965)
2024-03-28ipsec: T5606: T5871: Use multi node for CA certificatessarthurdev
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended. (cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
2024-03-28T5872: ipsec remote access VPN: support dhcp-interface.Lucas Christian
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
2024-03-28T6121: Extend config-sync for QoS and system optionsViacheslav Hletenko
Extent the service config-sync for sections: - qos interface - qos policy - system conntrack - system flow-accounting - system option - system sflow - system static-host-mapping - system sysctl (cherry picked from commit 9d5ad172034ae510288b11313d307f0a24bb4b7d)
2024-03-25Merge pull request #3183 from vyos/mergify/bp/sagitta/pr-3181Daniil Baturin
xml: T5738: use common constraint include for container network (backport #3181)
2024-03-24container: T6062: add image name completion helperChristian Breunig
(cherry picked from commit 37a4fdf229a7ab74718655f1d6e35fd94e5ad69a)
2024-03-24xml: T5738: use common constraint include for container networkChristian Breunig
(cherry picked from commit 6be463fcca574e051420ae7549bed72e74486470)
2024-03-21bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad (cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
2024-03-20T6143: Increase configuratble timeout range for service config-syncViacheslav Hletenko
The maximum timeout for the `service config-sync` is 300 seconds (Connection API timeout). It could not be enough for the real massive configurations. Increase the maximum value to 3600 ``` set service config-sync secondary address 192.0.2.1 set service config-sync secondary timeout 3600 ``` (cherry picked from commit 4a90e00a886397d9f4202b78cc8995ed93d40014)
2024-03-20qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test (cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
2024-03-18T6121: Extend service config-sync to new sectionsViacheslav Hletenko
Extend `service config-sync` with new sections: - LeafNodes: pki, policy, vpn, vrf (syncs the whole sections) - Nodes: interfaces, protocols, service (syncs subsections) In this cae the Node allows to uses the next level section i.e subsection For example any of the subsection of the node `interfaces`: - set service config-sync section interfaces pseudo-ethernet - set service config-sync section interfaces virtual-ethernet Example of the config: ``` set service config-sync mode 'load' set service config-sync secondary address '192.0.2.1' set service config-sync secondary key 'xxx' set service config-sync section firewall set service config-sync section interfaces pseudo-ethernet set service config-sync section interfaces virtual-ethernet set service config-sync section nat set service config-sync section nat66 set service config-sync section protocols static set service config-sync section pki set service config-sync section vrf ``` (cherry picked from commit 25b611f504521181f85cb4460bfdfd702c377b5e)
2024-03-17policy: T6129: add route-map option "as-path exclude all"Christian Breunig
Remove all AS numbers from the AS_PATH of the BGP path's NLRI. set policy route-map <name> rule <rule> set as-path exclude all (cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
2024-03-15Merge pull request #3136 from vyos/mergify/bp/sagitta/pr-3135Christian Breunig
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s (backport #3135)
2024-03-14xml: T160: improve NAT64 help stringChristian Breunig
(cherry picked from commit 7ca0ad91744044f74690179eaec4160d9c4fee65)
2024-03-14xml: T2518: improve NAT66/NPTv6 help stringChristian Breunig
(cherry picked from commit 63de63f43aaa720993faf06ba2789789d87d63c6)
2024-03-14xml: T3642: improve PKI CLI help stringChristian Breunig
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
2024-03-13Merge pull request #3129 from vyos/mergify/bp/sagitta/pr-3125Daniil Baturin
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
2024-03-13radvd: T6118: add nat64prefix support RFC8781Christian Breunig
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96 (cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
2024-03-13T2447: add configurable kernel boot option 'disable-power-saving'Christian Breunig
Lower available CPU C states to a minimum if this option set. This will set Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1". (cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)