summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2023-05-12ocserv: T3896: improve XML definition and add warning about 3rd party configsChristian Breunig
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.
2023-05-12Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-xChristian Breunig
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
2023-05-11T5171: Set default value icmp for load-balancing test checkViacheslav Hletenko
Use 'ICMP' type check as default
2023-05-10Merge pull request #1996 from frebib/veth-netnsChristian Breunig
veth: T3829: Allow moving veth into netns
2023-05-10veth: T3829: Allow moving veth into netnsJoe Groocock
This makes netns infinitely more useful as they can be chained together in many ways to build complex network structures all on the host. Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-10Merge pull request #1987 from dmbaturin/T5251-vrrp-group-pingChristian Breunig
T5215: add a built-in ping check for VRRP groups
2023-05-10vrrp: T5215: Add built-in ping check for VRRP groupsDaniil Baturin
2023-05-10T5213: Add accounting-interim-interval option for L2TP-serverViacheslav Hletenko
Add RADIUS accounting-interim-interval option for L2TP-server Specifies interval in seconds to send accounting information (may be overridden by radius Acct-Interim-Interval attribute) set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
2023-05-09Merge pull request #1984 from sever-sever/T5060Christian Breunig
T5060: Add disable option for high-availability
2023-05-09Merge pull request #1985 from c-po/t2778-syslogChristian Breunig
syslog: T2778: T2769: refactoring and VRF support
2023-05-09T5213: Add accounting-interim-interval option for PPPoE IPoE SSTPViacheslav Hletenko
Add RADIUS accounting-interim-interval option for PPPoE/IPoE/SSTP servers. Specifies interval in seconds to send accounting information (may be overridden by radius Acct-Interim-Interval attribute) set service pppoe-server authentication radius accounting-interim-interval '60'
2023-05-08syslog: T2769: add VRF supportChristian Breunig
Allow syslog messages to be sent through a VRF (e.g. management).
2023-05-08syslog: T2778: migrate to get_config_dict()Christian Breunig
2023-05-08T4780: bump firewall version 9 -> 10Christian Breunig
2023-05-08T5060: Add disable option for high-availabilityViacheslav Hletenko
Add 'maintenance mode' (option disable) for high-availability set high-availability disable
2023-05-08Merge pull request #1964 from indrajitr/ddclient-improvement-round-1Christian Breunig
dns: T5144: Improve dynamic DNS validations and completions
2023-05-08dns: T4144: additional improvements to dynamic DNS XML definitionsChristian Breunig
* Re-use XML building blocks when poossible * Use XML constraints when possible (password) * Capitalize protocols (HTTP) in <help> strings
2023-05-06lldp: T671: use the new interface list generator for LLDP helpDaniil Baturin
2023-05-05syslog: T2769: xml: improve completion helpersChristian Breunig
2023-05-05syslog: T2769: xml: provide common facility building blockChristian Breunig
2023-05-05syslog: T2769: xml: provide common constraint for system usernamesChristian Breunig
2023-05-04dns-forwarding: T5193: implement NS resource typeChristian Breunig
2023-05-04dns-forwarding: T5193: cleanup help stringsChristian Breunig
Remove superfluous quotes on resource types.
2023-05-04Merge pull request #1973 from sever-sever/T5171Christian Breunig
T5171: Use XML for loadbalancing wan instead of old templates
2023-05-02T5171: Rewrite load-balancing wan to XML and python3Viacheslav Hletenko
Use XML and python3 for 'load-balancing wan' Use Jinja2 templates instead of old vyatta-wanloadbalance.pl to generate configuration '/run/load-balance/wlb.conf' wich used by /opt/vyatta/sbin/wan_lb
2023-05-02T5163: Add match protocol filter for route-mapViacheslav Hletenko
Ability to match 'source-protocol' for the route-map filters set policy route-map foo rule 10 action 'permit' set policy route-map foo rule 10 match protocol 'bgp'
2023-04-29static: T5161: add BFD monitoring for static IPv6 routesfett0
2023-04-29static: T5161: add BFD monitoring for static routesfett0
2023-04-27Revert "bgp: T3734: only support "l2vpn-evpn advertise-all-vni" in default VRF"Christian Breunig
This reverts commit bfe57cf80f4c71236f0885408d704a69575f0b30.
2023-04-22Merge pull request #1966 from sever-sever/T1237Christian Breunig
T1237: Failover route add policy for targets checking
2023-04-21vrf: T5150: l3vni must be removed prior to removing BGP VRF processChristian Breunig
2023-04-21T1237: Failover route add policy for targets checkingViacheslav Hletenko
Add policy (any-available|all-available) for target checking for failover route set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check policy 'any-available' set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '192.168.122.1' set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '192.168.122.11' It depends if we need that all targets must be alive on just one target.
2023-04-21dns: T5144: Improve dynamic DNS validations and completionsIndrajit Raychaudhuri
Apply validations and completions to dynamic DNS protocols supported. This also opens up additional protocols supported by ddclient 3.10. Additional details: - Validation and constraint have been added for interface names as well. - While at it, the help texts got some copyedit and rewording.
2023-04-20ocserv: T3896: refactor: change ocserv config-per-x node nameJamie Austin
Changes the node name from config-per-x to identity-based-config, as a result the j2 templates and vpn_openeconnect.py has been refactored to update the node name when accessing it's child nodes.
2023-04-17bgp: T3734: only support "l2vpn-evpn advertise-all-vni" in default VRFChristian Breunig
2023-04-13Merge pull request #1943 from c-po/t5150-frrDaniil Baturin
T5150: implementation of new Kernel/Zebra route-map support
2023-04-13xml: dns: T5143: valueHelp format should be txt instead of textChristian Breunig
The (v)bash completion helpers trigger on the "txt" keyword for the valueHelp strings when asking for the tab completion helper. Replace text -> txt
2023-04-13T5150: migrate CLI configs to new Kernel/Zebra route-map supportChristian Breunig
2023-04-13T5150: initial VRF support for Kernel/Zebra route-map filteringChristian Breunig
2023-04-13T5150: do not apply zebra route-map from routing-daemon config levelChristian Breunig
2023-04-13T5150: initial implementation of new Kernel/Zebra route-map supportChristian Breunig
It is possible to install a route-map which filters the routes between routing daemons and the OS kernel (zebra) As of now this can be done by e.g. * set protocols ospf route-map foo * set protocols ospfv3 route-map foo * set protocols bgp route-map foo Which in turn will install the following lines into FRR * ip protocol ospf route-map foo * ipv6 protocol ospf6 route-map foo * ip protocol bgp route-map foo The current state of the VyOS CLI is incomplete as there is no way to: * Install a filter for BGP IPv6 routes * Install a filter for static routes * Install a filter for connected routes Thus the CLI should be redesigned to close match what FRR does for both the default and any other VRF * set system ip protocol ospf route-map foo * set system ipv6 protocol ospfv3 route-map foo * set system ip protocol bgp route-map foo * set system ipv6 protocol bgp route-map foo The configuration can be migrated accordingly. This commit does not come with the migrator, it will be comitted later.
2023-04-13Merge pull request #1935 from indrajitr/pdns-round3Christian Breunig
dns: T5143: Apply constraint for domain name in DNS forwarding
2023-04-12xml: T5081: generate common holddown XML building block for IS-IS and OSPFChristian Breunig
2023-04-12Merge pull request #1904 from Cheeze-It/currentChristian Breunig
T5081: ISIS and OSPF syncronization with IGP-LDP sync
2023-04-11T4727: Change and fix RADIUS rate-limit option for pptpViacheslav Hletenko
Initially the option 'rate-limit' was implemented with the wrong place in the CLI: set vpn pptp remote-access authentication rate-limit <xxx> Expected under 'radius' section: set vpn pptp remote-access authentication radius rate-limit <xxx> Configuration for 'rate-limit' (Jinja2 template) never worked for pptp, fix it.
2023-04-07T1237: Failover route add checks for multiple targetsViacheslav Hletenko
There is only one target for checking ICMP/ARP Extend it for checking multiple targets set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '203.0.113.1' set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '203.0.113.11' The route will be installed only if all targets are 'alive'
2023-04-04T5081: ISIS and OSPF syncronization with IGP-LDP syncCheeze_It
2023-04-04T5145: Add maximum number of all logins on systemViacheslav Hletenko
maxsyslogins maximum number of all logins on system; user is not allowed to log-in if total number of all user logins is greater than specified number (this limit does not apply to user with uid=0) set system login max-login-session 2
2023-04-04dns: T5143: Apply constraint for domain name in DNS forwardingIndrajit Raychaudhuri
This will prevent arbitrary strings from being entered as domain names. Additionally, reuse the fqdn validator instead of a custom regex.
2023-04-03T5139: IPSec add IKE lifetime 0 for no rekeyingViacheslav Hletenko
IKE lifetime should starting from 0 for disabling rekeying