summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-12T4118: Add default value any for connection remote-idViacheslav Hletenko
If IPsec "peer <tag> authentication remote-id" is not set it should be "%any" by default https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote Set XML default value in use it in the python vpn_ipsec.py script
2023-01-07xml: T1579: merge generic-description.xml.i and interface/description.xml.iChristian Poessinger
No need to have two distinct include blocks as one superseeds the other. Also this makes the entire behavior of "description" CLI node simpler.
2023-01-06xml: T4883: allow whitespace in generic-descriptionChristian Poessinger
2023-01-05static: T4883: re-use description XML building blockChristian Poessinger
2023-01-05Merge pull request #1710 from dmbaturin/routing-table-descriptionsChristian Breunig
T4883: add a description field for routing tables
2023-01-04ssh: T2651: add source-interface support ssh-clientChristian Poessinger
2023-01-04qos: T4284: bugfix fair-queue queue-limit rangeChristian Poessinger
2023-01-04qos: T4284: add bandwidth percentage valueChristian Poessinger
2023-01-04Merge pull request #1735 from sever-sever/T4904Viacheslav Hletenko
T4904: keepalived virtual-server allow multiple ports with fwmark
2023-01-02xml: qos: T4284: fix DSCP CLI valuesChristian Poessinger
2023-01-02T4904: keepalived virtual-server allow multiple ports with fwmarkViacheslav Hletenko
Allow multiple ports for high-availability virtual-server The current implementation allows balance only one "virtual" address and port between between several "real servers" Allow matching "fwmark" to set traffic which should be balanced Allow to set port 0 (all traffic) if we use "fwmark" Add health-check script set high-availability virtual-server 203.0.113.1 fwmark '111' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'
2023-01-02Merge pull request #1725 from sever-sever/T4893Christian Poessinger
T4893: Add ppp-options ipv6-interface-id for L2TP
2023-01-01qos: T2721: set fq-codel as default leaf qdisc for shaperChristian Poessinger
Set fq-codel as the default queuing discipline for the shaper traffic-policy if queue-type has not been configured. fq-codel has been the default qdisc for OpenWRT as well as systemd (and thus various linux distributions) for a decent while now. It has proven itself to be a highly effective qdisc for fighting bufferbloat whilst maintaining high link utilization. The combination of HTB + fq-codel has also seen wide deployment in cases when additional traffic classification and/or rate/burst management is required. This change will allow the configuration of a shaper traffic-policy with suitable defaults, saving the pain of having to specify fq-codel as a queue-type for every class.
2023-01-01qos: T4284: first implementation introducing a new vyos.qos moduleChristian Poessinger
2023-01-01qos: T4284: xml: fix path for completion helperChristian Poessinger
2022-12-30dummy: T4898: add missing IPv6 options for smoketestsChristian Poessinger
2022-12-30T4893: Add ppp-options ipv6-interface-id for L2TPViacheslav Hletenko
Add ppp-options IPv6 interface id for vpn L2TP - fixed or random interface identifier for IPv6 - peer interface identifier for IPv6 - whether to accept peer’s interface identifier set vpn l2tp remote-access ppp-options ipv6-accept-peer-intf-id set vpn l2tp remote-access ppp-options ipv6-intf-id 'random' set vpn l2tp remote-access ppp-options ipv6-peer-intf-id 'calling-sid'
2022-12-29T4898: Add mtu config option for dummy interfacesYuxiang Zhu
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to force VXLAN send underlay UDP traffic through the VRF where the dummy interface resides. However dummy interface has no mtu option so it always gets an MTU of 1500. This will cause an error when the mtu of dummy is not large enough for the VXLAN traffic. Adding this option in the config template will solve this.
2022-12-26static: T4883: add a description field for routing tablesDaniil Baturin
2022-12-25container: T2216: use defaultValue XML definition to define port protocolChristian Poessinger
Instead of hardcoding the default protocol as TCP in the Python script we shall use the XML based defaultValue approach instead. This also automatically exports the default to the CLI completion helper.
2022-12-24T4893: Move ppp-opt ipv6-intf-id to include section accel-pppViacheslav Hletenko
Move PPPoE-server ppp-options XML ipv6-intf-id to 'include' section accel-ppp It allows to use the same code for different accel-ppp services
2022-12-23firewall: T2199: Fix typo in `rule-log-level.xml.i` headersarthurdev
2022-12-23firewall: T2199: Add mac-address match to `destination` sidesarthurdev
2022-12-23container: T4870: bump package version 0 -> 1 for filesystem changeChristian Poessinger
move from vfs to overlay driver The following pre iage upgrade script must be executed to have containers after the reboot: for pod in $(cli-shell-api listActiveNodes container name); do systemctl stop vyos-container-${pod//\'}.service done sed -i 's/vfs/overlay/g' /etc/containers/storage.conf /usr/share/vyos/templates/container/storage.conf.j2 rm -rf /usr/lib/live/mount/persistence/container/storage/libpod for pod in $(cli-shell-api listActiveNodes container name); do image=$(cli-shell-api returnActiveValue container name ${pod//\'} image) podman image pull $image systemctl start vyos-container-${pod//\'}.service done for dir in vfs vfs-containers vfs-images vfs-layers; do rm -rf /usr/lib/live/mount/persistence/container/storage/$dir done
2022-12-19T4886: Firewall and route policy: Add connection-mark feature to vyos.Nicolas Fort
2022-12-17Merge pull request #1669 from vfreex/dhcp-v6-only-option-1.4Christian Poessinger
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-12-17Merge pull request #1709 from initramfs/current-T4882Christian Poessinger
firewall: T4882: add missing ICMPv6 type names
2022-12-17Merge pull request #1712 from roedie/T4809-2Christian Poessinger
T4809: radvd: Allow the use of AdvRASrcAddress
2022-12-17Merge pull request #1358 from sever-sever/T1237Christian Poessinger
routing: T1237: Add new feature failover route
2022-12-16T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-15firewall: T4882: add missing ICMPv6 type namesinitramfs
2022-12-14routing: T1237: Add new feature failover routeViacheslav Hletenko
Failover route allows to install static routes to the kernel routing table only if required target or gateway is alive When target or gateway doesn't respond for ICMP/ARP checks this route deleted from the routing table Routes are marked as protocol 'failover' (rt_protos) cat /etc/iproute2/rt_protos.d/failover.conf 111 failover ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover $ sudo ip route show proto failover 203.0.113.1 via 192.0.2.1 dev eth0 metric 1 So we can safely flush such routes
2022-12-14Merge pull request #1706 from jestabro/validator-file-existsJohn Estabrook
validators: T4798: replace python file-exists validator with file-path
2022-12-14validators: T4875: use file-path to replace validator 'interface-name'John Estabrook
2022-12-13validators: T4798: replace python file-exists validator with file-pathJohn Estabrook
2022-12-11sstp: T4384: initial implementation of SSTP client CLIChristian Poessinger
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
2022-12-11pppoe: xml: T4792: split "no-peer-dns" CLI node into building blockChristian Poessinger
2022-12-11xml: ddns: T4792: split "server" CLI node into building blockChristian Poessinger
2022-12-08T4117: Fix for L2TP DAE CoA server configurationViacheslav Hletenko
Fix l2tp dae server template and python config dict for correctlly handling Dynamic Authorization Extension server configuration
2022-12-02 T4854: route reflector allows to apply route-mapsfett0
2022-12-02 T4858: Fix l3vpn Route Distinguisher validatorfett0
2022-11-29xml: telegraf: T4680: add missing comment in listen-address-single.xml.iChristian Poessinger
2022-11-25veth: T4825: add dhcp(v6) client options to CLIChristian Poessinger
2022-11-24Merge pull request #1641 from Rain/T4612-arbitrary-netmasksChristian Poessinger
firewall: T4612: Support arbitrary netmasks
2022-11-24veth: T4825: minor improvements on XML peer-name handlingChristian Poessinger
2022-11-24Merge branch 'T4825' of https://github.com/sever-sever/vyos-1x into t4825-vethChristian Poessinger
* 'T4825' of https://github.com/sever-sever/vyos-1x: T4825: Add basic smoketest for veth interfaces T4825: Add interface type veth
2022-11-24T4825: Add interface type vethViacheslav Hletenko
Add interface type veth (Virtual ethernet) One of the usecases it's interconnect different vrf's and default vrf via bridge set interfaces virtual-ethernet veth0 peer-name 'veth1010' set interfaces virtual-ethernet veth1010 address '10.0.0.10/24' set interfaces virtual-ethernet veth1010 peer-name 'veth0' set interfaces virtual-ethernet veth1010 vrf 'foo' set interfaces bridge br0 address '10.0.0.1/24' set interfaces bridge br0 member interface veth0