summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2022-03-24ike-group: T4288 : close-action is missing in swanctl.confsrividya0208
close-action parameter is missing in the swanctl.conf file
2022-03-09policy: T2493 ip-next-hop unchanged & peer-addressPaul Lettington
Also add ipv6-next-hop peer-address
2022-03-07ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpnsrividya0208
It accepts network as the input value but the completion help is showing ip address, continuation of previous commit
2022-03-03static: T4283: support "reject" routes - emit an ICMP unreachable when matchedChristian Poessinger
2022-03-03static: T4283: create re-usable XML interface definitions for blackholeChristian Poessinger
2022-03-03static: T4283: fix help string for route/route6Christian Poessinger
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-28ipsec prefix: T4275: Incorrect val_help for local/remote prefixsrividya0208
It accepts network as the input value but the completion help is showing ip address
2022-02-28open-connect: T4274: extend RADIUS authentication timeoutRageLtMan
RADIUS authentication can be handled by a variety of mechanisms, including proxy for 2FA systems requiring user interaction with a separate device, token acquisition, or other time-consuming action. Given the delays required for certain 2FA implementations, a thirty second timeout can range from onerous to untenable. Accomodate the 2FA time requirements by extending the hard-coded RADIUS time limit from 30 seconds to 240. Co-authored-by: RageLtMan <rageltman [at] sempervictus>
2022-02-28ssh: T4273: bugfix cipher and key-exchange multi nodesChristian Poessinger
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility
2022-02-26lldp: T4272: migrate to get_config_dict()Christian Poessinger
2022-02-25nat: T1083: use defaultValue from XML when handling translationsChristian Poessinger
2022-02-25zone-policy: T2199: bugfix defaultValue usageChristian Poessinger
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands.
2022-02-25vpn: ipsec: T3093: add missing defaultValue entriesChristian Poessinger
2022-02-25monitoring: T3872: re-use "port" building block from port-number.xml.iChristian Poessinger
2022-02-25xml: webproxy: add comment about explicitly not set defaultValueChristian Poessinger
2022-02-25wireless: ifconfig: T2653: add missing defaultValue for mgmt-frame-protectionChristian Poessinger
2022-02-25dhcp-relay: T3095: add missing max-size default valueChristian Poessinger
2022-02-24scripts: T4269: node.def generator should automatically add default valuesChristian Poessinger
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help.
2022-02-22Merge pull request #1230 from sever-sever/T1856Christian Poessinger
ipsec: T1856: Ability to set SA life bytes and packets
2022-02-21Merge pull request #1231 from sever-sever/T3948Christian Poessinger
ipsec: T3948: Add CLI site-to-site peer connection-type none
2022-02-21Merge pull request #1234 from srividya0208/T3656Christian Poessinger
vpn_ipsec: T3656: modified completion help for key-exchange
2022-02-21vpn_ipsec: T3656: modified completion help for key-exchangesrividya0208
In latest releases, default IKE version is removed, which allows the connection to be IKEv1 or IKEv2. The completion help shows IKEv1 as default so removed it.
2022-02-20vxlan: T4120: rename tunnel-remotes.xml.i -> tunnel-remote-multi.xml.iChristian Poessinger
2022-02-20vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command.
2022-02-20ipsec: T3948: Add CLI site-to-site peer connection-type noneViacheslav Hletenko
set vpn ipsec site-to-site peer 192.0.2.14 connection-type none
2022-02-20macsec: T4261: add dhcp client supportChristian Poessinger
2022-02-20ipsec: T1856: Ability to set SA life bytes and packetsViacheslav Hletenko
set vpn ipsec esp-group grp-ESP life-bytes '100000' set vpn ipsec esp-group grp-ESP life-packets '2000000'
2022-02-20Merge branch 't4203-dhcp' into currentChristian Poessinger
* t4203-dhcp: smoketest: dhcp: T4203: move testcase to base class static: T4203: obey interface dhcp default route distance interface: T4203: prevent DHCP client restart if not necessary
2022-02-20Merge pull request #1226 from sever-sever/T4254Christian Poessinger
vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on options
2022-02-20static: T4203: obey interface dhcp default route distanceChristian Poessinger
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes") added a bug whenever a static route is modified - the DHCP interface will always end up with metric 210 - if there was a default route over a DHCP interface.
2022-02-19containers: T4249: Allow to connect host device to the containerViacheslav Hletenko
Ability to attach host devices to the container It can be disk, USB device or any device from the directory /dev set container name alp01 device disk source '/dev/vdb1' set container name alp01 device disk destination '/dev/mydisk'
2022-02-19vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on optionsViacheslav Hletenko
Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn charon.install_virtual_ip_on swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z set vpn ipsec options flexvpn set vpn ipsec options virtual-ip set vpn ipsec options interface tunX set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x
2022-02-16xml: T3474: add component version include filesJohn Estabrook
Add the include files containing the syntaxVersion element defining the version of the respective component; these files are included by the top level file 'xml-component-versions.xml.in'. Processing of these elements was previously added to the python xml lib in commit 40f5359d. This will replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy packages.
2022-02-16policy: T2425: add completion helper script when referencing IP addressesChristian Poessinger
2022-02-07xml: ssh: T4233: sync regex for allow/deny usernames to "system login"Christian Poessinger
2022-02-05Merge pull request #1206 from sarthurdev/T4209Christian Poessinger
firewall: T4209: Fix support for rule `recent` matches
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-02-03T4227:Bridge: Typo in completion help of hello-time optionsrividya0208
There is spelling mistake in "advertisement" of hello-time option's completion help
2022-01-31upnpd: T3420: use proper include directivesChristian Poessinger
2022-01-31Merge pull request #1196 from hensur/current-ipv6-local-route-iifChristian Poessinger
policy: T4219: add local-route(6) inbound-interface support
2022-01-30firewall: T2199: Add constraint for tagnode namessarthurdev
2022-01-30policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-01-30Merge pull request #789 from jack9603301/T3420Daniil Baturin
upnpd: T3420: Support UPNP protocol
2022-01-25nat: T4138: Add port-range validation for NATViacheslav Hletenko
Add port-validators for NAT rules that prevent to set incorrect port-ranges (21-5) and incorrect ports (70000)
2022-01-22Merge pull request #1184 from sarthurdev/firewall_icmpChristian Poessinger
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix
2022-01-21Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done ↵Nicolas Fort
for icmp
2022-01-21Firewall: T4186: typo correction on address-mask-reply descriptionNicolas Fort
2022-01-21Firewall: T4186: Correct icmp type-name options for firewall rulesNicolas Fort
2022-01-20Merge pull request #1144 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: Add policy ipv6-local-route