summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-08-19dummy: T1580: rewrite in new style XML/PythonChristian Poessinger
2019-08-19openvpn: T1548: remove authy 2fa providerChristian Poessinger
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device.
2019-08-18[bridge] T1156: increase bridge priority - bridge interfaces after all ↵Christian Poessinger
member interfaces are configured
2019-08-17openvpn: T1548: 'disabled' leafNode must be valuelessChristian Poessinger
2019-08-17Merge pull request #107 from c-po/t1548-openvpnChristian Poessinger
T1548 openvpn
2019-08-16openvpn: T1548: initial rewrite with XML and PythonChristian Poessinger
2019-08-14[bfd] T1183: Added validations and fixing bugs in BFD:zsdc
* added validations for "source address IP" and "bfd peer IP" * added check for configuring multihop together with an interface name * fixed "show protocols bfd peer X" for peers with custom options
2019-08-14[service https] T1443: add self-signed TLS certificateJohn Estabrook
2019-08-09[bfd] T1183: Added some new functionality and fixed bugs in BFD:zsdc
* added option "echo-mode" and "echo-interval" for BFD peers * added configuration check for usage "multihop" and "echo-mode" * added configuration check for denying deletion BFD peers, which are used in BGP configuration * fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.) * deleted wrong skipping of configuration check for "shutdown" BFD peers
2019-08-07[l2tp] T1566 ipv6 implementationDmitriyEshenko
2019-08-07XML: WireGuard: run interfacedefinition through XML lintChristian Poessinger
2019-08-07Validator: rename cidr -> ip-cidr to match existing patternsChristian Poessinger
2019-08-05[bridge] T1156: add XML completion helpers for interface address (dhcp and ↵Christian Poessinger
dhcpv6)
2019-08-05[bridge] T1156: add XML address constraintsChristian Poessinger
2019-08-05[bridge] T1156: remove priority of address nodeChristian Poessinger
2019-08-04[bridge] T1156: rename igmp-snooping node to igmpChristian Poessinger
2019-08-03[bridge] T1156: support adding and removing bridge member interfacesChristian Poessinger
This is the new syntax bridge br0 { member { interface eth0 { cost 10 } interface eth1 { cost 11 } } }
2019-08-02[bridge] T1156: first working implementation using Python and XMLChristian Poessinger
2019-08-02WireGuard: rename wireguard.py -> interface-wireguard.pyChristian Poessinger
2019-08-02WireGuard: rename wireguard.xml -> interfaces-wireguard.xmlChristian Poessinger
2019-07-31T1555 Implementation shared-secret for LNS. Implementation command disabling ↵DmitriyEshenko
ccp.
2019-07-30Merge pull request #94 from hagbard-01/sstphagbard-01
[SSTP] - T853: accel-ppp: SSTP implementation
2019-07-30[SSTP] - T853: accel-ppp: SSTP implementationhagbard
2019-07-26T1546 fix syntax l2tp radius source-address and migrate other radius optionsDmitriyEshenko
2019-07-25[accel-l2tp] - T834: l2tp implementationhagbard
- node.def deletion for show remote-access - IPSec interface checking for L2TP - IPSec x509 for l2tp - verification of outside-address to warning since it was optional in the previous config
2019-07-22[wireguard] fixing value help typohagbard
2019-07-22[pppoe] typo fixedhagbard
2019-07-21T1537: add missing help for 'set service dns'Christian Poessinger
2019-07-15[T1299] - SNMP extension with custom scriptshagbard
2019-07-08[IPoE] - T1510: vlan-mon option implementationhagbard
2019-07-08[PPPoE] - T1489: vlan_mon config optionshagbard
2019-07-04T1435 plus other dhcp/dhcpv6-server enhancementsJernej Jakob
- T1435: dhcp-server: make ip-address optional in static-mapping - remove [REQUIRED] from dhcpv6-server static-mapping identifier and ipv6-address - verify if static-mapping ipv6-address is in subnet - make help and error messages in conf-mode more descriptive - remove regex ^$ anchors (implied in re.fullmatch)
2019-07-02[IPoE] T1495 - IA-PD via IPoE implementedhagbard
2019-07-01[service https] T1443: add service https and service https apiJohn Estabrook
2019-07-01T1498: Nameservers are not propagated into resolv.confKim Hagen
2019-06-28[IPoE] config structure improvedhagbard
* fixed minor issues * fixed lower function for mac addresses if user capitalized it (local mode only) * added some checks to verify() * cli ip-address checks on input
2019-06-27[IPoE] T989 - IPoE implementationhagbard
* chap-secrets file generation * noauth in accel config as option * local auth with csid implemented * radius implementation * shaper per user implemented * op comands for stats
2019-06-22bfd: T1183: move "multiplier" configuration node to "interval multiplier"Christian Poessinger
2019-06-22bfd: T1183: add rx/tx interval configurationChristian Poessinger
vyos@vyos# show protocols bfd { peer 1.1.1.1 { interval { receive 400 transmit 300 } } }
2019-06-22bfd: T1183: add support to configure detection multiplierChristian Poessinger
Configures the detection multiplier to determine packet loss. The remote transmission interval will be multiplied by this value to determine the connection loss detection timer. The default value is 3. Example: when the local system has detect-multiplier 3 and the remote system has transmission interval 300, the local system will detect failures only after 900 milliseconds without receiving packets.
2019-06-22bfd: T1183: adjust CLI syntax for source address/interfaceChristian Poessinger
Place address/interface under new source node. vyis@vyos# show protocols bfd peer 1.1.1.1 { source { address 1.2.3.4 interface eth0.201 } }
2019-06-22bfd: T1183: add support for multihopChristian Poessinger
multihop tells the BFD daemon that we should expect packets with TTL less than 254 (because it will take more than one hop) and to listen on the multihop port (4784). When using multi-hop mode echo-mode will not work (see RFC 5883 section 3).
2019-06-22bfd: T1183: initial CLI implementationChristian Poessinger
vyos@vyos# show protocols bfd peer 172.18.202.10 { local-address 172.18.201.10 local-interface eth0.201 shutdown } peer 172.18.202.12 { shutdown }
2019-06-19[wireguard] T1425 - assign a /31 address on Wireguard interfacehagbard
- added a validator for checking if the address is any cidr noted address
2019-06-18[pppoe-server] T1452 - add vendor option to shaperhagbard
2019-06-16T1439: remove beginning and end anchors, they are implied with re.fullmatchJernej Jakob
2019-06-16T1439: move DUID validator to regexJernej Jakob
2019-06-16T1439: add dhcpv6-client-id validatorJernej Jakob
2019-06-16dhcpv6-server: Add name constraint, clarify help, fix typosJernej Jakob