Age | Commit message (Collapse) | Author |
|
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations
- IKE changes:
- replace 'ipsec ike-group <tag> mobike disable'
=> 'ipsec ike-group <tag> disable-mobike'
- replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
=> 'ipsec ike-group <tag> ikev2-reauth'
- ESP changes:
- replace 'ipsec esp-group <tag> compression enable'
=> 'ipsec esp-group <tag> compression'
- PEER changes:
- replace: 'peer <tag> id xxx'
=> 'peer <tag> local-id xxx'
- replace: 'peer <tag> force-encapsulation enable'
=> 'peer <tag> force-udp-encapsulation'
- add option: 'peer <tag> remote-address x.x.x.x'
Add 'peer <name> remote-address <name>' via migration script
|
|
and nat-rule.xml.i
|
|
|
|
* https://github.com/Cheeze-It/vyos-1x:
bgp: T4257: Changing BGP "local-as" to "system-as"
|
|
nat66: T4586: Add SNAT destination prefix and DNAT address
|
|
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config
|
|
Ability to configure SNAT destination prefix and
DNAT source address
Add option "!" - not address/prefix for NAT66
|
|
Ability to get MTU from DHCP-server and don't touch it per
any interface change if interface 'dhcp-options mtu' is
configured
|
|
bgp: T4257: Changing BGP "local-as" to "system-as"
This change is to change the global BGP name for the node "local-as" to "system-as"
This is needed so that there's less ambiguity with the local-as feature per neighbor.
bgp: T4257: Changing BGP "local-as" to "system-as"
bgp: T4257: Changing BGP "local-as" to "system-as"
This change is to change the global BGP name for the node "local-as" to "system-as"
This is needed so that there's less ambiguity with the local-as feature per neighbor.
|
|
lb-wan: T4518: Add XML for conf mode load-balancing wan
|
|
hosts/networks that should be ignored.
|
|
|
|
|
|
|
|
T4550: router-advert: Add deprecate-prefix & decrement-lifetimes options
|
|
|
|
|
|
|
|
DeprecatePrefix and DecrementLifetimes options in radvd is useful in a DHCPv6-PD environment to accommodate prefix changes from ISP's delegating router. Though there is currently no integration between the DHCP PD client (wide-dhcpv6-client) and radvd, it could be a good start point to have the 2 options configurable by the user.
https://phabricator.vyos.net/T4550
- deprecate-prefix: Upon shutdown, deprecate the prefix. This is useful
in a DHCPv6 PD environment: When ISP re-assigns a new prefix,
deprecate the old prefix that was advertised.
- decrement-lifetimes: Decrement the values of the preferred and valid
lifetimes for the prefix over time. This is also useful in a DHCPv6
PD environment to keep the advertised prefix's lifetimes in sync with
the prefix from delegating router.
|
|
|
|
Fix conflicts
|
|
|
|
|
|
When adding a new component version file, one must also include the file
in xml-component-version.xml.in
|
|
Linux Kernel supports to specify the MII link monitoring frequency in
milliseconds. This determines how often the link state of each slave is
inspected for link failures. A value of zero disables MII link monitoring.
A value of 100 is a good starting point.
The default value is 100.
set interfaces bonding bond0 mii-mon-interval <n>
|
|
disable-directed-broadcast-forwarding"
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
Add XML for configuration mode "load-balancing wan" for the future
rewriting this to Python
Remove node from Makefile as Python code is not yet completed
|
|
As we have specific configuration for each plugin:
set service monitoring telegraf xxx
- azure-data-explorer
- prometheus-client
- splunk
We should to move configuration that related to influxdb under
influxdb node
Replace:
set service monitoring telegraf
- authentication xxx
- bucket xxx
- port xxx
- url
To:
set service monitoring telegraf influxdb xxx
|
|
After discussion with @zsdc this was decided the better long term fix
* Removes hourly logrotate cron in favour of systemd timer override
|
|
|
|
dns: T4509: Add dns64-prefix option
|
|
rfc6147: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
set service dns forwarding dns64-prefix 2001:db8:aabb::/96
|
|
firewall: T4299: Add ability to inverse match country-codes
|
|
|
|
When clients only use DHCP for interface addressing we can not bind NTPd to
an address - as it will fail if the address changes. This commit adds support
to bind ntpd to a given interface in addition to a given address.
set system ntp interface <name>
|
|
|
|
dns: T4378: Allow wildcard A AAAA record with option all
|
|
Ability to set wildcard record for authoritative-domain
set authoritative-domain example.com records a any address 192.0.2.11
cat /run/powerdns/zone.example.com.conf
* 300 A 192.0.2.11
|
|
Add rate-limit options: attribute, muptiplier and vendor
set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit'
set service ipoe-server auth radius rate-limit enable
set service ipoe-server auth radius rate-limit multiplier '0.001'
set service ipoe-server auth radius rate-limit vendor 'Miktorik'
|
|
openvpn: T4485: Accept multiple tls ca-certificate values
|
|
|
|
|
|
|
|
|
|
set service router-advert interface eth0 name-server-lifetime <value>
|
|
Some files that described the CLI used underscores to split CLI levels, some
others did not. This commit removes all underscores from the filename and only
makes use of a hyphen.
|
|
This PR adds an config option to enable/disable IGMP/MLD snooping.
```
set interfaces bridge brN igmp snooping
```
|
|
|
|
Fix worng behavior with priority with using tunnel interfaces
MPLS configuration must be applied after tunnel interfaces
as we use an addition sysctl option 'net.mpls.conf.tun0.input = 1'
which doesn't exist without tunnel interface
Change priority:
299 protocols/mpls
380 interfaces/tunnel
To:
380 interfaces/tunnel
400 protocols/mpls
|