Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-09-20 | xml: Update routing-passive-interface-xml.i file extension to standard .xml.i | sarthurdev | |
2021-09-19 | dhcp-server: T3672: re-add missing "name" CLI option | Christian Poessinger | |
This option is mandatory and must be user configurable as it needs to match on both sides. | |||
2021-09-19 | xml: dhcp-server: move building blocks to dhcp subdirectory | Christian Poessinger | |
2021-09-19 | dhcp-server: T3841: add option to perform ICMP check before address assignment | Christian Poessinger | |
2021-09-19 | dhcp-server: T3672: only one failover peer is supported | Christian Poessinger | |
2021-09-18 | T3840: Allow larger DNS forwarding cache sizes | Lucas Christian | |
2021-09-18 | container: T2216: add IPv6 support to container networks | Christian Poessinger | |
2021-09-18 | dhcp-server: T3839: support name-servers and domain config per shared-network | Christian Poessinger | |
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' | |||
2021-09-18 | dhcp-server: xml: use description building block | Christian Poessinger | |
2021-09-18 | dhcpv6-server: xml: add description CLI node | Christian Poessinger | |
2021-09-18 | dhcp-server: T3838: rename dns-server to name-server node | Christian Poessinger | |
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. | |||
2021-09-18 | dhcp-server: T1968: allow multiple static-routes to be configured | Christian Poessinger | |
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } | |||
2021-09-15 | typo: remove unnecessary 'i' from help | Javinator9889 | |
2021-09-14 | ipsec: T3828: Update interface definitions for new behaviour | sarthurdev | |
2021-09-10 | squid: T3810: Node source-group address should be multi | Viacheslav | |
2021-09-06 | pki: xml: T3642: use "txt" as format identifier | Christian Poessinger | |
2021-09-05 | name-server: T3804: merge "system name-servers-dhcp" into "system name-server" | Christian Poessinger | |
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP address we wan't to use. We also have "set system name-servers-dhcp <interface>" which does the same, but the name-server in question is retrieved via DHCP. Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>" to keep things as they are in real life - we need a name-server. (cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7) | |||
2021-09-04 | bgp: T3798: "replace-as" option can only be used when "no-prepend" is defined | Christian Poessinger | |
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend". | |||
2021-09-03 | bgp: T3798: add support for neighbor local-as <n> replace-as | Christian Poessinger | |
2021-09-03 | do not use capitals in opmode | Kim Hagen | |
rename t0 to drift add subnemu for 2fa to make it more readable | |||
2021-09-03 | remove default values from xml | Kim Hagen | |
2021-09-01 | login: T1948: add missing ssh-public key name regex | Christian Poessinger | |
2021-09-01 | login: T1948: fix username regex - add missing start ^ and end $ | Christian Poessinger | |
2021-09-01 | more 2fa changes | Kim Hagen | |
2021-08-31 | ssh: T3789: add custom validator for base64 encoded CLI data | Christian Poessinger | |
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. | |||
2021-08-30 | ethernet: T3787: remove deprecated UDP fragmentation offloading option | Christian Poessinger | |
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net: Remove references to NETIF_F_UFO from ethtool."). (cherry picked from commit f5e46ee6cc2b6c1c1869e26beca4ccd5bf52b62f) | |||
2021-08-29 | xml: add missing "u32:" value declarator on integer ranges | Christian Poessinger | |
2021-08-29 | ospf: T3236: add possibility to redistribute "table" | Christian Poessinger | |
Add new CLI command: * "set protocols ospf redistribute table <n>" | |||
2021-08-29 | ospf: xml: T3236: update help strings | Christian Poessinger | |
2021-08-27 | ipsec: T1210: Jinj2 template did not honor inactivity/timeout setting | Christian Poessinger | |
2021-08-26 | Merge pull request #965 from c-po/t3739-evpn-route-map | Christian Poessinger | |
bgp: evpn: T3739: add route-map match support | |||
2021-08-26 | ipsec: T1210: support road-warrior IP assignment via RADIUS Framed-IP-Address | Christian Poessinger | |
Extended CLI command: "set vpn ipsec remote-access connection rw pool" with a "radius" option. | |||
2021-08-24 | bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differ | Christian Poessinger | |
The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values. | |||
2021-08-24 | policy: T2425: rename validator large-community-list -> bgp-large-community-list | Christian Poessinger | |
... as we will get another bgp route-target validator soon. | |||
2021-08-23 | container: T2216: add option to "disable" a container | Christian Poessinger | |
2021-08-23 | container: T2216: use common "generic-description.xml.i" building block | Christian Poessinger | |
2021-08-23 | container: T2216: increase default memory limit to 512MB | Christian Poessinger | |
2021-08-23 | container: T2216: name of container must be alphanumeric and can contain a ↵ | Christian Poessinger | |
hyphen | |||
2021-08-23 | containers: T2216: add CLI commands to specify restart behavior and memory usage | Christian Poessinger | |
A container is limited to 256MB memory by default and will always restart on failure. | |||
2021-08-23 | containers: T2216: xml: impove help string for address command | Christian Poessinger | |
2021-08-23 | containers: T2216: add environmnet variable constraint | Christian Poessinger | |
An environment variable passed to podman can only consist out of alphanumeric characters, a hypend and an underscore. | |||
2021-08-22 | ipsec: T2816: l2tp ipsec VPN must be started after strongSwan | Christian Poessinger | |
2021-08-21 | pppoe: T1318: bump priority by 1 so we can source from pseudo-ethernet ↵ | Christian Poessinger | |
interfaces | |||
2021-08-21 | pppoe: T1318: implement missing access-concentrator CLI option | Christian Poessinger | |
2021-08-21 | pppoe: T3090: support forward disable on a PPPoE link | Christian Poessinger | |
2021-08-21 | xml: interfaces: use one common building block for "disable-forwarding" | Christian Poessinger | |
Both building blocks only differed in the help text, so use IP for both IPv4 and IPv6. | |||
2021-08-21 | vti: T1441: enable ipv4/ipv6 interface options | Christian Poessinger | |
Now that we are based on XFRM interfaces we can also enable specific IPv4 and IPv6 interface options. | |||
2021-08-21 | interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵ | Christian Poessinger | |
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value. | |||
2021-08-20 | bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/export | Christian Poessinger | |
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in | |||
2021-08-20 | bgp: T3759: fix DOS -> UNIX line endings on route-target building blocks | Christian Poessinger | |