Age | Commit message (Collapse) | Author |
|
When enabling identity-based-config, users can add arbitrary config keys
that are processed by ocserv. The user "must know" what he is been doing, as
invalid config option will make the ocserv daemon go ... whoop!
Thus add a warning and inform the user about this setting.
|
|
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
|
|
Use 'ICMP' type check as default
|
|
veth: T3829: Allow moving veth into netns
|
|
This makes netns infinitely more useful as they can be chained together
in many ways to build complex network structures all on the host.
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
T5215: add a built-in ping check for VRRP groups
|
|
|
|
Add RADIUS accounting-interim-interval option for L2TP-server
Specifies interval in seconds to send accounting information
(may be overridden by radius Acct-Interim-Interval attribute)
set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
|
|
T5060: Add disable option for high-availability
|
|
syslog: T2778: T2769: refactoring and VRF support
|
|
Add RADIUS accounting-interim-interval option for PPPoE/IPoE/SSTP
servers.
Specifies interval in seconds to send accounting information
(may be overridden by radius Acct-Interim-Interval attribute)
set service pppoe-server authentication radius accounting-interim-interval '60'
|
|
Allow syslog messages to be sent through a VRF (e.g. management).
|
|
|
|
|
|
Add 'maintenance mode' (option disable) for high-availability
set high-availability disable
|
|
dns: T5144: Improve dynamic DNS validations and completions
|
|
* Re-use XML building blocks when poossible
* Use XML constraints when possible (password)
* Capitalize protocols (HTTP) in <help> strings
|
|
|
|
|
|
|
|
|
|
|
|
Remove superfluous quotes on resource types.
|
|
T5171: Use XML for loadbalancing wan instead of old templates
|
|
Use XML and python3 for 'load-balancing wan'
Use Jinja2 templates instead of old vyatta-wanloadbalance.pl to
generate configuration '/run/load-balance/wlb.conf' wich used by
/opt/vyatta/sbin/wan_lb
|
|
Ability to match 'source-protocol' for the route-map filters
set policy route-map foo rule 10 action 'permit'
set policy route-map foo rule 10 match protocol 'bgp'
|
|
|
|
|
|
This reverts commit bfe57cf80f4c71236f0885408d704a69575f0b30.
|
|
T1237: Failover route add policy for targets checking
|
|
|
|
Add policy (any-available|all-available) for target checking for failover route
set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check policy 'any-available'
set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '192.168.122.1'
set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '192.168.122.11'
It depends if we need that all targets must be alive on just one target.
|
|
Apply validations and completions to dynamic DNS protocols supported.
This also opens up additional protocols supported by ddclient 3.10.
Additional details:
- Validation and constraint have been added for interface names as well.
- While at it, the help texts got some copyedit and rewording.
|
|
Changes the node name from config-per-x to identity-based-config, as a result the j2 templates and vpn_openeconnect.py has been refactored to update the node name when accessing it's child nodes.
|
|
|
|
T5150: implementation of new Kernel/Zebra route-map support
|
|
The (v)bash completion helpers trigger on the "txt" keyword for the valueHelp
strings when asking for the tab completion helper.
Replace text -> txt
|
|
|
|
|
|
|
|
It is possible to install a route-map which filters the routes between routing
daemons and the OS kernel (zebra)
As of now this can be done by e.g.
* set protocols ospf route-map foo
* set protocols ospfv3 route-map foo
* set protocols bgp route-map foo
Which in turn will install the following lines into FRR
* ip protocol ospf route-map foo
* ipv6 protocol ospf6 route-map foo
* ip protocol bgp route-map foo
The current state of the VyOS CLI is incomplete as there is no way to:
* Install a filter for BGP IPv6 routes
* Install a filter for static routes
* Install a filter for connected routes
Thus the CLI should be redesigned to close match what FRR does for both the
default and any other VRF
* set system ip protocol ospf route-map foo
* set system ipv6 protocol ospfv3 route-map foo
* set system ip protocol bgp route-map foo
* set system ipv6 protocol bgp route-map foo
The configuration can be migrated accordingly. This commit does not come with
the migrator, it will be comitted later.
|
|
dns: T5143: Apply constraint for domain name in DNS forwarding
|
|
|
|
T5081: ISIS and OSPF syncronization with IGP-LDP sync
|
|
Initially the option 'rate-limit' was implemented with the
wrong place in the CLI:
set vpn pptp remote-access authentication rate-limit <xxx>
Expected under 'radius' section:
set vpn pptp remote-access authentication radius rate-limit <xxx>
Configuration for 'rate-limit' (Jinja2 template) never worked for
pptp, fix it.
|
|
There is only one target for checking ICMP/ARP
Extend it for checking multiple targets
set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '203.0.113.1'
set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '203.0.113.11'
The route will be installed only if all targets are 'alive'
|
|
|
|
maxsyslogins
maximum number of all logins on system; user is not
allowed to log-in if total number of all user logins is
greater than specified number (this limit does not apply
to user with uid=0)
set system login max-login-session 2
|
|
This will prevent arbitrary strings from being entered as domain names.
Additionally, reuse the fqdn validator instead of a custom regex.
|
|
IKE lifetime should starting from 0 for disabling rekeying
|