summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2022-12-04T4848: Fix for default route vpn openconnectViacheslav Hletenko
ocserv template expects list of routes but gets str "default" it cause wrong routes like: route = d route = e route = f route = a route = u route = l route = t Fix it
2022-12-03Merge pull request #1691 from sarthurdev/T478Christian Poessinger
firewall: T478: Fix firewall group circular dependency check
2022-12-03firewall: T478: Fix firewall group circular dependency checksarthurdev
2022-12-02Merge pull request #1685 from sever-sever/T4805Christian Poessinger
T4805: Restart pppoe-server if client pool was changed
2022-12-02Merge pull request #1687 from sever-sever/T4825Christian Poessinger
T4825: Verify if you are trying to add a new vethX to exists pair
2022-12-02http-api: T4859: correct calling of script dependencies from http-api.pyJohn Estabrook
2022-12-02T4825: Verify if you are trying to add a new vethX to exists pairViacheslav Hletenko
Verify if you are trying to add a new vethX to exists pair: set int virtual-ethernet veth0 peer-name 'veth1' set int virtual-ethernet veth1 peer-name 'veth0' set int virtual-ethernet veth12 peer-name 'veth0' Verify veth-name and peer-name cannot be the same: set interfaces virtual-ethernet veth0 peer-name veth0
2022-12-02T4805: Restart pppoe-server if client pool was changedViacheslav Hletenko
Some changes for 'service pppoe-server' require 'restart' the accel-ppp@pppoe.service But we use option 'reload-or-restart' that doesn't work correctly with 'accel-ppp' Restart pppoe-server if client pool was changed
2022-11-30pki: T4847: set and call dependent scriptsJohn Estabrook
2022-11-29pki: T4847: fix typosJohn Estabrook
2022-11-29mpls: T915: verify interface actually exists on the systemChristian Poessinger
2022-11-28conf-mode: T4845: add external file for dict of config-mode dependenciesJohn Estabrook
2022-11-25T4825: Verify if veth interface not used in conf before deletingViacheslav Hletenko
Prevent to delete interface "vethX" which used for another interface as "vethY peer-name vethX" set interfaces virtual-ethernet veth0 peer-name 'veth1' set interfaces virtual-ethernet veth1 peer-name 'veth0' commit delete interfaces virtual-ethernet veth0 commit
2022-11-24veth: T4825: minor improvements on XML peer-name handlingChristian Poessinger
2022-11-24T4825: Add interface type vethViacheslav Hletenko
Add interface type veth (Virtual ethernet) One of the usecases it's interconnect different vrf's and default vrf via bridge set interfaces virtual-ethernet veth0 peer-name 'veth1010' set interfaces virtual-ethernet veth1010 address '10.0.0.10/24' set interfaces virtual-ethernet veth1010 peer-name 'veth0' set interfaces virtual-ethernet veth1010 vrf 'foo' set interfaces bridge br0 address '10.0.0.1/24' set interfaces bridge br0 member interface veth0
2022-11-20T4827: Route-map state continue must be with action permit onlyViacheslav Hletenko
route-map action 'deny' cannot be used for "continue" as FRR does not validate it r14(config)# route-map FOO permit 100 r14(config-route-map)# route-map FOO deny 50 r14(config-route-map)# on-match goto 100 % Configuration failed. Error type: validation r14(config-route-map)#
2022-11-18Merge pull request #1662 from jestabro/config-script-dependencyDaniil Baturin
firewall: T4821: correct calling of conf_mode script dependencies
2022-11-18Merge pull request #1645 from aapostoliuk/T4793-sagittaChristian Poessinger
T4793: Added warning about disable-route-autoinstall
2022-11-18T4793: Added warning about disable-route-autoinstallaapostoliuk
Added warning message about disable-route-autoinstall when ipsec vti is used.
2022-11-17firewall: T4821: correct calling of conf_mode script dependenciesJohn Estabrook
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-05container: T4802: support per container shared-memory size configurationChristian Poessinger
Size of /dev/shm within a container can be defined via --shm-size when invoking the container. Add corresponding CLI node.
2022-11-03Merge pull request #1633 from sarthurdev/fqdnChristian Poessinger
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT
2022-11-03nat: T1877: T970: Add firewall groups to NATsarthurdev
2022-11-03firewall: T970: Refactor domain resolver, add firewall source/destination ↵sarthurdev
`fqdn` node
2022-10-31ipsec: T4787: add support for road-warrior/remote-access RADIUS timeoutChristian Poessinger
This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor.
2022-10-29Merge pull request #1621 from sarthurdev/T4774Christian Poessinger
wireguard: T4774: Prevent duplicate peer public keys
2022-10-29containers: T3903: Use systemd units for containerssarthurdev
* ExecStop action with defined timeout allows for quicker reboot/shutdown with containers
2022-10-28wireguard: T4774: Prevent duplicate peer public keyssarthurdev
2022-10-25nat: T4706: Verify translation address or port existssarthurdev
2022-10-25nat: T4764: Remove tables on NAT deletionsarthurdev
2022-10-21graphql: T4768: change name of api child node from 'gql' to 'graphql'John Estabrook
2022-10-14Merge pull request #1597 from jestabro/http-api-config-dictJohn Estabrook
http-api: T4749: transition to config_dict for conf_mode http-api.py
2022-10-14login: 2fa: T874: remove unused code path for global 1fa settingsChristian Poessinger
2022-10-14login: 2fa: T874: fix Google authenticator issuesChristian Poessinger
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos'
2022-10-14http-api: T4749: transition to config_dictJohn Estabrook
2022-10-13monitoring: T4746: Add exception if we do not have firewall rulesViacheslav Hletenko
Telegraf checks the firewall table 'vyos_filter' but it we don't have any firewall in the system we don't have this table by default It cause commit error for "service monitoring" Add exception if the table "vyos_filter" is not found
2022-10-12bgp: T4744: Directly connected neighbors and ebgp-multihop checkViacheslav Hletenko
BGP directly connected neighbors (interface neighbors) do not compatible with ebgp-multihop option
2022-10-12Merge pull request #1555 from goodNETnick/ssh_otpChristian Poessinger
system login: T874: add 2FA support for local and ssh authentication
2022-10-11system login: T874: add 2FA support for local and ssh authenticationgoodNETnick
2022-10-10Merge pull request #1563 from sever-sever/T4716Christian Poessinger
ssh: T4716: Ability to configure RekeyLimit data and time
2022-10-10ssh: T4716: Ablity to configure RekeyLimit data and timeViacheslav Hletenko
Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60
2022-10-06ospf: T4707: Add OSPF segment routing for FRRCheeze_It
In this commit we add OSPF segment routing, smoke tests, handlers, FRR template changes, and CLI commands.
2022-10-06Merge pull request #1567 from aapostoliuk/T4660-sagittaChristian Poessinger
policy: T4660: Changed CLI syntax in route-map set community
2022-10-03wwan: T4728: fix crontab file missing newlineBen Hughes
2022-10-03policy: T4660: Changed CLI syntax in route-map set communityaapostoliuk
Changed CLI syntax in route-map set community, set large-community, set extcommunity Allows to add multiple communities, large-communities and extcommunities in clear view. Added new well-known communities. Added non-transitive feature in extcommunities. Fixed community's validators.
2022-10-01T4722: consistently use the "IPsec" spelling for IPsecDaniil Baturin
2022-09-28Merge pull request #1561 from sever-sever/T4715Christian Poessinger
login: T4715: Auto logout user after inactivity
2022-09-28login: T4715: Auto logout user after inactivityViacheslav Hletenko
Ability to terminate interactive sessions (TTY/PTS) after a period of inactivity. set system login timeout '300'
2022-09-28conserver: T4717: Support for setting a name for console-server devicesWilliam Hughes
This adds a new 'alias' property to the console-server device definition to allow users to connect to a console using a human-readable name rather than just the device name. For a configuration like: service { console-server { device ttyUSB0 { speed 115200 alias my-server } } } Users can connect either by doing `connect console ttyUSB0`, or `connect console my-server`. Names: * Must be unique * Are limited to 128 characters * Are optional - if not specified, only the `connect console ttyX` form can be used