summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-06-20openconnect: T6500: add support for multiple ca-certificatesChristian Breunig
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates (cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452)
2024-06-12bgp: T6473: missing completion helper for peer-groups inside a VRFChristian Breunig
Using BGP peer-groups inside a VRF instance will make use if the global VRFs peer-group list during tab-completion and not the peer-groups defined within the BGP instance of the given VRF. (cherry picked from commit 80ea3d53b2224676d3e9287bce80df4407fe6c01)
2024-06-11T6219: Add support for container sysctl parameter (backport #3614) (#3629)mergify[bot]
* container: T6219: Add support for container sysctl / kernel parameters (cherry picked from commit 717ea64e4c54a8be619ffc29c16c6203b29319dd) * T6219: align with system sysctl and limit parameters to supported (cherry picked from commit f030464952168b553b5b3e29b461d437c2642a9b) --------- Co-authored-by: Ben Pilgrim <ben@pilgrim.me.uk> Co-authored-by: Nicolas Vollmar <nvollmar@gmail.com>
2024-06-09Merge pull request #3605 from vyos/mergify/bp/sagitta/pr-3598Christian Breunig
reverse-proxy: T6454: Set default value of http for haproxy mode (backport #3598)
2024-06-09reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
(cherry picked from commit 60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c)
2024-06-09xml: T6423: enforce priority on nodes having an ownerNataliia Solomko
(cherry picked from commit 61f8250184e927de9ab6bddc207b917bef7da42b)
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574) (#3577)mergify[bot]
(cherry picked from commit 3e5cc0b7fb8ae4a0f8b7c9270d9db0a0f252c448) Co-authored-by: Alex W <embezzle.dev@proton.me>
2024-05-31dns: T6422: allow multiple redundant NS recordsHaim Gelfenbeyn
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. (cherry picked from commit 19d8415512dcf87dc3a87feabf128652ffc74594)
2024-05-31conntrack: T6396: correction to helper message for custom timeout ruleGiggum
(cherry picked from commit 0c75e2470f8db900ffcac4e3c84669b6aa4580dd)
2024-05-30Merge pull request #3559 from vyos/mergify/bp/sagitta/pr-3531Christian Breunig
reverse-proxy: T6409: Remove unused backend parameters (backport #3531)
2024-05-30reverse-proxy: T6409: Remove unused backend parametersAlex W
(cherry picked from commit fb6602f431f5595b97ea3726467ec782fa50ceb8)
2024-05-30T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve (cherry picked from commit 4d84f786f64d2b80046100ead5d0e8c1eef7418c)
2024-05-30hostname: T6421: enforce explicit CLI priority for host-name and domain-nameChristian Breunig
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities! (cherry picked from commit 96d0e23a32a0e1b990ce022546ed7225956a0494)
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
(cherry picked from commit 03fd368ed263ca28c9b1b5e29f486217784d15ef)
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
(cherry picked from commit 74910564f82e2837cd7eb35ea21f07601e5f8f0d)
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
(cherry picked from commit 81dea053e7178b8fea836a85aacde2a38ffb9e09)
2024-05-27dhcpv6-server: T3493: add constraintGroup for prefix-delegation start/stop ↵Christian Breunig
address In addition for testing that the supplied IPv6 address ends with ::, we also verify that it's a proper IPv6 address, just in case.
2024-05-26dhcpv6-server: T3493: add proper validation for prefix-delegation start/stop ↵Christian Breunig
address ISC DHCP server expects a string: "prefix6 2001:db8:290:: 2001:db8:29f:: /64;" where the IPv6 prefix/range must be :: terminaated with a delegated prefix length at the end. This commit changes the validator that the IPv6 address defined on the CLI must always end with ::. In addition a verify() step is added to check that the stop address is greater than start address.
2024-05-24load-balancing haproxy: T6391: fix typo in timeout help (#3513) (#3514)mergify[bot]
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de> (cherry picked from commit 609563d6acfeafbed46b1ac5e6bd497ce097e3bc) Co-authored-by: Gregor Michels <gregor.michels@web.de>
2024-05-23reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
2024-05-23nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 (cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum> (cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
2024-05-17T6358: Add config option for host process namespaceNicolas Vollmar
(cherry picked from commit f5051de4fc034bd95677ef142423e59eae47cd2f)
2024-05-16T5756: L2TP RADIUS backup and weight settingskhramshinr
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
2024-05-12ethernet: T6306: add support for EVPN MH uplink/core trackingChristian Breunig
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink (cherry picked from commit 5565f27d15c5e7378e94aae8db8a894a12e25d7b)
2024-05-10bond: T6303: add system mac address on bondfett0
(cherry picked from commit 234f35d8bae71b5d33ad97cdabc236ec6b13c3a2)
2024-05-09sstp: T4393: Add support to configure host-name (SNI)Nataliia Solomko
(cherry picked from commit 92b468b9a0d5eee8484601568227f7c56e71b119)
2024-05-09T6323: openvpn: Correction of auto-completion description of "mfa totp digits"srividya0208
(cherry picked from commit 7dab763df070dd5138d6428450496f54b1f33d44)
2024-05-07T6305: accept ipoe interfaces on firewall rulesetNicolas Fort
(cherry picked from commit b5f22f70006eed6c7e62700128d5034b1b95db31)
2024-05-04T6287: Config-sync add the ability to configure API portViacheslav Hletenko
Add the ability to configure the API port if the API on the secondary server works on a non-default port. The primary node will connect to configured port for config-sync ``` set service config-sync secondary address '192.0.2.11' set service config-sync secondary port '8443' ``` (cherry picked from commit a7c3f202ffea7859463f204cccf526f7517321f6)
2024-05-03T6121: add section system time-zoneJohn Estabrook
(cherry picked from commit b6c5e66cc44fdec21e6731d98a1065e2adf87b3b)
2024-05-02netns: T6295: disable incomplete support in VyOS 1.4 sagittaChristian Breunig
The netns support currently available on the VyOS CLI is only a proof-of-technology, we have no real support for any service behind it. In order to not confuse anyone on the LTS branch we decided to remove the netns option for interfaces until there is a proper usecase and implementation available.
2024-05-02Merge pull request #3393 from vyos/mergify/bp/sagitta/pr-3392Daniil Baturin
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF (backport #3392)
2024-05-01vrf: T6189: render FRR L3VNI configuration when creating VRF instanceChristian Breunig
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place. (cherry picked from commit e7bb65894f86372dc0f6e8fd39b1628e0a224c68)
2024-05-01pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
(cherry picked from commit 107ee099e82397b31fca8cf1ac3860cbf76f0596)
2024-04-30Merge pull request #3377 from vyos/mergify/bp/sagitta/pr-3371Christian Breunig
openconnect: T4982: Support defining minimum TLS version in openconnect VPN (backport #3371)
2024-04-30T6169: DNS forwarding should allow underscore for srv recordViacheslav Hletenko
This srv recors looks valid: ``` set service dns forwarding authoritative-domain _tcp.db.mongors1.example.com records srv _mongodb entry 0 hostname 'mongors1.example.com' ``` But FQDN validator cannot validate it correctly, use regex to fix (cherry picked from commit 3c37b6a44dca552da950b5288a30c7e074d58704)
2024-04-30T6273: Allowed the use of "-" and "_" in PPPoE access-concentrator nameaapostoliuk
Allowed the use of "-" and "_" in PPPoE access-concentrator name (cherry picked from commit de38b01710958b7f7dababcff9557e4be98c8450)
2024-04-30openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
(cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5)
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms (cherry picked from commit 0bf4b570fe2d239b9fbabd3ae801ad3f04a06bde)
2024-04-23T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵Windom WU
config (cherry picked from commit 984c386d11ead8371b7ac381e6c0921473e557ed)
2024-04-22xml: T5738: fix typo in radius-additions.xml.iAndré Luiz dos Santos
(cherry picked from commit 8d0aa7bfb83aecb989ab01b6d1975cf23f1c7dcb)
2024-04-22T6237: IPSec remote access VPN: ability to set EAP ID of clientsAlex W
(cherry picked from commit 78ea623df20b44309cc6ac9848ed18e97fc4ed03)
2024-04-21Merge pull request #3332 from vyos/mergify/bp/sagitta/pr-3325Christian Breunig
T6246: basic haproxy http-check configuration (backport #3325)
2024-04-21T6246: improve haproxy http check configurationNicolas Vollmar
(cherry picked from commit 050f24770aec7a74c1a07ba64cf2cb83afb72f1a)
2024-04-20gre: T6252: allow tunnel MTU to exceed 8024 bytesfett0
(cherry picked from commit 4cde677e9e128bc9b62fad720b1b6f6cac506954)
2024-04-19T6246: adds basic haproxy http-check configurationNicolas Vollmar
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
2024-04-16Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315Christian Breunig
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
2024-04-16T5722: Failover route add option onlinkViacheslav Hletenko
onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. Useful when gateway not in the same interface network set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10 set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink ``` vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover Error: Nexthop has invalid gateway. [edit] vyos@r4# [edit] vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover [edit] vyos@r4# ``` (cherry picked from commit bb832acb97881d747a57da2728eab3ad138b8129)
2024-04-16T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates (cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)