summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2023-02-04dhcp-relay: T2408: use Warning() on deprecated interface CLI nodeChristian Breunig
2023-02-04Merge pull request #1603 from nicolas-fort/T2408Christian Breunig
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
2023-02-04qos: xml: T4284: policy-name is alpha-numeric onlyChristian Breunig
2023-02-04qos: xml: T4284: bandwidh unit suffix is optionalChristian Breunig
2023-02-04bgp: T4817: improve help and constraint error messagesChristian Breunig
2023-02-04bgp: T4817: add local-role (RFC9234) support for peer-groupsChristian Breunig
Extend commit 8a75e92d ("T4817 added support for RFC 9234") to also support peer-groups.
2023-02-04qos: T4969: update "match mark" value rangeChristian Breunig
This improves commit d2885ad0 ("T4969: fix class match mark number").
2023-02-04Merge pull request #1792 from DaniilHarun/currentChristian Breunig
T4969: fix class match mark number
2023-02-04T4817 added support for RFC 9234Kyle McClammy
2023-01-31T4969: fix class match mark numberDaniilHarun
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-29xml: T1579: allow zero length for descriptionChristian Breunig
Some older VyOS 1.3 installations seem to use zero-length description fields. Do not break them!
2023-01-28vrrp: T1297: improve gratuitous ARP default value handling and help stringsChristian Breunig
2023-01-28T4958: ocserv: openconnect: adds support for configuring RADIUS accountingJamie Austin
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-25config-mgmt: T4957: set priorityJohn Estabrook
2023-01-25Merge pull request #1777 from nicolas-fort/T1297-garpChristian Breunig
T1297: VRRP: add garp options to vrrp
2023-01-25T1297: VRRP: add garp options to vrrpNicolas Fort
2023-01-24vrrp: T4109: improve "address" CLI node help stringsChristian Breunig
CLI expects ipv4net/ipv6net but the help strings only suggested it should be ipv4/ipv6. This has been corrected.
2023-01-22pppoe: T4948: add CLI option to allow definition of host-uniq flagChristian Breunig
Some ISPs seem to use the host-uniq flag to authenticate client equipment. Add CLI option in VyOS to allow specification of the host-uniq flag. set interfaces pppoe pppoeN host-uniq <value>
2023-01-21container: T4947: support mounting container volumes as ro or rwChristian Breunig
Whenever a container is used and a folder is mounted, this happenes as read-write which is the default in Docker/Podman - so is the default in VyOS. A new option is added "set container name foo volume mode <ro|rw>" to specify explicitly if rw (default) or ro should be used for this mounted folder.
2023-01-20Merge pull request #1767 from jestabro/config-mgmtJohn Estabrook
config-mgmt: T4942: rewrite vyatta-config-mgmt to Python/XML
2023-01-20config-mgmt: T4942: add interface-definitionsJohn Estabrook
2023-01-19 T4939: VRRP startup delay for bonding fixfett0
2023-01-19 T4939: VRRP startup delay for bonding fixfett0
2023-01-19 T4939: VRRP startup delay for bonding fixfett0
2023-01-19Merge pull request #1765 from aapostoliuk/T4925-sagittaChristian Breunig
ipsec: T4925: Added PRF into IKE group
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18ocserv: T4656: only one IP address is supported to listen onChristian Breunig
2023-01-18T4857: change description in cli, and change word oid to uppercase OIDs in ↵Nicolas Fort
warning message
2023-01-18ipsec: T4925: Added PRF into IKE groupaapostoliuk
Added the possibility to configure Pseudo-Random Functions (PRF) in IKE group set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF>
2023-01-18T4857: Cleaning prNicolas Fort
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-12T4118: Add default value any for connection remote-idViacheslav Hletenko
If IPsec "peer <tag> authentication remote-id" is not set it should be "%any" by default https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote Set XML default value in use it in the python vpn_ipsec.py script
2023-01-07xml: T1579: merge generic-description.xml.i and interface/description.xml.iChristian Poessinger
No need to have two distinct include blocks as one superseeds the other. Also this makes the entire behavior of "description" CLI node simpler.
2023-01-06xml: T4883: allow whitespace in generic-descriptionChristian Poessinger
2023-01-05static: T4883: re-use description XML building blockChristian Poessinger
2023-01-05Merge pull request #1710 from dmbaturin/routing-table-descriptionsChristian Breunig
T4883: add a description field for routing tables
2023-01-04ssh: T2651: add source-interface support ssh-clientChristian Poessinger
2023-01-04qos: T4284: bugfix fair-queue queue-limit rangeChristian Poessinger
2023-01-04qos: T4284: add bandwidth percentage valueChristian Poessinger
2023-01-04Merge pull request #1735 from sever-sever/T4904Viacheslav Hletenko
T4904: keepalived virtual-server allow multiple ports with fwmark
2023-01-02xml: qos: T4284: fix DSCP CLI valuesChristian Poessinger
2023-01-02T4904: keepalived virtual-server allow multiple ports with fwmarkViacheslav Hletenko
Allow multiple ports for high-availability virtual-server The current implementation allows balance only one "virtual" address and port between between several "real servers" Allow matching "fwmark" to set traffic which should be balanced Allow to set port 0 (all traffic) if we use "fwmark" Add health-check script set high-availability virtual-server 203.0.113.1 fwmark '111' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'
2023-01-02Merge pull request #1725 from sever-sever/T4893Christian Poessinger
T4893: Add ppp-options ipv6-interface-id for L2TP
2023-01-01qos: T2721: set fq-codel as default leaf qdisc for shaperChristian Poessinger
Set fq-codel as the default queuing discipline for the shaper traffic-policy if queue-type has not been configured. fq-codel has been the default qdisc for OpenWRT as well as systemd (and thus various linux distributions) for a decent while now. It has proven itself to be a highly effective qdisc for fighting bufferbloat whilst maintaining high link utilization. The combination of HTB + fq-codel has also seen wide deployment in cases when additional traffic classification and/or rate/burst management is required. This change will allow the configuration of a shaper traffic-policy with suitable defaults, saving the pain of having to specify fq-codel as a queue-type for every class.
2023-01-01qos: T4284: first implementation introducing a new vyos.qos moduleChristian Poessinger
2023-01-01qos: T4284: xml: fix path for completion helperChristian Poessinger
2022-12-30dummy: T4898: add missing IPv6 options for smoketestsChristian Poessinger
2022-12-30T4893: Add ppp-options ipv6-interface-id for L2TPViacheslav Hletenko
Add ppp-options IPv6 interface id for vpn L2TP - fixed or random interface identifier for IPv6 - peer interface identifier for IPv6 - whether to accept peer’s interface identifier set vpn l2tp remote-access ppp-options ipv6-accept-peer-intf-id set vpn l2tp remote-access ppp-options ipv6-intf-id 'random' set vpn l2tp remote-access ppp-options ipv6-peer-intf-id 'calling-sid'