summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-03-16Merge pull request #3132 from sever-sever/T6121Christian Breunig
T6121: Extend service config-sync to new sections
2024-03-15T6121: Extend service config-sync to new sectionsViacheslav Hletenko
Extend `service config-sync` with new sections: - LeafNodes: pki, policy, vpn, vrf (syncs the whole sections) - Nodes: interfaces, protocols, service (syncs subsections) In this cae the Node allows to uses the next level section i.e subsection For example any of the subsection of the node `interfaces`: - set service config-sync section interfaces pseudo-ethernet - set service config-sync section interfaces virtual-ethernet Example of the config: ``` set service config-sync mode 'load' set service config-sync secondary address '192.0.2.1' set service config-sync secondary key 'xxx' set service config-sync section firewall set service config-sync section interfaces pseudo-ethernet set service config-sync section interfaces virtual-ethernet set service config-sync section nat set service config-sync section nat66 set service config-sync section protocols static set service config-sync section pki set service config-sync section vrf ```
2024-03-14Merge pull request #3135 from c-po/xml-nat66Christian Breunig
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s
2024-03-14xml: T160: improve NAT64 help stringChristian Breunig
2024-03-14xml: T2518: improve NAT66/NPTv6 help stringChristian Breunig
2024-03-14xml: T3642: improve PKI CLI help stringChristian Breunig
2024-03-12radvd: T6118: add nat64prefix support RFC8781Christian Breunig
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96
2024-03-10xml: T6098: relax description constraint to allow non-ascii charactersJohn Estabrook
A restriction to ascii in the constraint disallowed earlier support for unicode bytes.
2024-03-10dhcp-client: T6093: extend regex for client class-id's with DOTLucas
The regex used is not working if the string contains dots. Originally authored by: Lucas <pinheirolucas@pm.me>
2024-03-10xml: T5738: revert invalid change from lower character limit - 0 length must ↵Christian Breunig
be allowed This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum description to 255 characters") which incresaed the lower limit from 0 to 1. We actually require 0 length value for description nodes as introduced in commit 6eea12512e ("xml: T1579: allow zero length for description").
2024-03-10Merge pull request #3113 from c-po/firewall-T6071Daniil Baturin
firewall: T6071: truncate rule description field to 255 characters
2024-03-10xml: T5738: lower maximum description to 255 charactersChristian Breunig
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
2024-03-07http-api: T6107: add an option to increase the request body size limitDaniil Baturin
2024-03-07Merge pull request #2966 from HollyGurza/T6020Daniil Baturin
vrrp: T6020: vrrp health-check script not applied correctly
2024-03-07snmp: T2998: SNMP v3 oid "exclude" option fixNataliia Solomko
2024-03-06conntrack-sync: T6057: Add ability to disable syslog for conntrackdNataliia Solomko
2024-03-06Merge pull request #3090 from c-po/wifi-regdomainChristian Breunig
wifi: T6095: incorrect country "uk" it's actually "gb"
2024-03-05Merge pull request #3093 from c-po/kernel-T2447Christian Breunig
T2447: add configurable kernel boot option 'disable-power-saving'
2024-03-05T2447: add configurable kernel boot option 'disable-power-saving'Christian Breunig
Lower available CPU C states to a minimum if this option set. This will set Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
2024-03-05xml: T5738: use generic-disable-node building block for "disable" CLI nodesChristian Breunig
Make the code more uniform and maintainable.
2024-03-05wifi: T6095: incorrect country-code "uk" it's actually "gb"Christian Breunig
All valid country codes can be retrieved from [1] and extracted which resulted in the completion helper list of this commit. 1: https://git.kernel.org/pub/scm/linux/kernel/git/wens/wireless-regdb.git/tree/db.txt
2024-03-03ospfv3: T6087: add support to redistribute IS-IS routesChristian Breunig
2024-03-02ospfv3: T5717: allow metric and metric-type on redistributed routesChristian Breunig
Example: vyos@vyos# set protocols ospfv3 redistribute bgp Possible completions: metric OSPF default metric metric-type OSPF metric type for default routes (default: 2) route-map Specify route-map name to use
2024-03-01Merge pull request #3061 from sarthurdev/T6079_currentChristian Breunig
dhcp-server: T6079: Disable duplicate static-mappings on migration
2024-03-01vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test
2024-02-29vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test
2024-02-28dhcp-server: T6079: Increment Kea migrator versionssarthurdev
2024-02-28T5504 Keepalived VRRP ability to set more than one peer-addressNataliia Solomko
2024-02-25dhcp-server: T6063: Add `ignore-client-id` to relax client identifier checks ↵sarthurdev
for leases
2024-02-23pki: T3642: Fix typo in PKI includessarthurdev
2024-02-20T6050: Fixed descriptions of 'extended-scripts' commands in accel-pppaapostoliuk
Removed word 'PPPoE' from descriptions in common template for all accel-ppp services.
2024-02-17Merge pull request #3019 from c-po/login-T5972Christian Breunig
login: T5972: add possibility to disable individual local user accounts
2024-02-16login: T5972: add possibility to disable individual local user accountsChristian Breunig
* set system login user <name> disable
2024-02-16Merge pull request #3016 from c-po/nhtChristian Breunig
T6001: add option to disable next-hop-tracking resolve-via-default
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-default in VRF ↵Christian Breunig
context * set vrf name <name> ip nht no-resolve-via-default * set vrf name <name> ipv6 nht no-resolve-via-default
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-defaultChristian Breunig
* set system ip nht no-resolve-via-default * set system ipv6 nht no-resolve-via-default
2024-02-15Merge pull request #3004 from aapostoliuk/T6029-circinusDaniil Baturin
T6029: Rewritten Accel-PPP services to an identical feature set
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code.
2024-02-14eigrp: T2472: improve code for later testsChristian Breunig
2024-02-13Merge pull request #2999 from sever-sever/T5928Christian Breunig
T5928: Change firewall priority to 319
2024-02-13Merge pull request #3000 from sever-sever/T5064Christian Breunig
T5064: Firewall fix RegEx for for domain-group
2024-02-13Merge pull request #2987 from c-po/evpn-macvrf-sooChristian Breunig
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
2024-02-13T5064: Firewall fix RegEx for for domain-groupViacheslav Hletenko
Improve RegEx for firewall domain-groups. This domain group looks good, but the current RegEx validation fils: ``` set firewall group domain-group a_aa ```
2024-02-13T5928: Change firewall priority to 319Viacheslav Hletenko
Change the firewall priority to 319, after interface ethernet configuration For example if we use VLANs and the vlan interface must be created before we can use it in the firewall/flowtable The current priority ``` 199 firewall 300 interfaces/dummy 300 interfaces/loopback 300 interfaces/virtual-ethernet 310 interfaces/bridge 310 interfaces/input 318 interfaces/ethernet ... ```
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
2024-02-13dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally ↵sarthurdev
connected interfaces Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
2024-02-11Merge pull request #2980 from c-po/srv6-T5849Daniil Baturin
srv6: T5849: add segment support to "protocols static route6"
2024-02-11rpki: T6034: move SSH authentication keys to PKI subsystemChristian Breunig
2024-02-11pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa'
2024-02-11bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo