summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.github/workflows/update-translations.yml9
m---------docs/_include/vyos-1x0
-rw-r--r--docs/changelog/1.4.rst25
-rw-r--r--docs/changelog/1.5.rst18
-rw-r--r--docs/cli.rst4
-rw-r--r--docs/configuration/protocols/rpki.rst4
-rw-r--r--docs/configuration/service/mdns.rst69
-rw-r--r--docs/configuration/service/ssh.rst28
-rw-r--r--docs/configuration/vpn/rsa-keys.rst2
-rw-r--r--docs/contributing/build-vyos.rst18
10 files changed, 150 insertions, 27 deletions
diff --git a/.github/workflows/update-translations.yml b/.github/workflows/update-translations.yml
index dfb5dde4..f1ff4ba1 100644
--- a/.github/workflows/update-translations.yml
+++ b/.github/workflows/update-translations.yml
@@ -13,9 +13,14 @@ jobs:
uses: actions/checkout@v3
- name: Set Up Python
- uses: actions/setup-python@v2
+ uses: actions/setup-python@v4
with:
- python-version: 3.x
+ python-version: 3.11.x
+
+ - name: install lxml dependencies
+ run: |
+ sudo apt update
+ sudo apt install -y libxml2-dev libxslt-dev python3-lxml
- name: Install Dev Dependencies
run: |
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject 4766fc5aae39ccc9c7619c89f0fc974bb9309d8
+Subproject fd9e2c24e739fd327f860c45fa00241fd1acca7
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index 9bfe9f2a..86b201df 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,31 @@
_ext/releasenotes.py
+2023-11-05
+==========
+
+* :vytask:`T4020` ``(feature): Add ability to control FRR daemons options``
+
+
+2023-11-03
+==========
+
+* :vytask:`T5700` ``(bug): Monitoring telegraf deprecated plugins inputs outputs``
+* :vytask:`T5018` ``(bug): Redirect to IFB removed after change in qos policy``
+
+
+2023-11-02
+==========
+
+* :vytask:`T5701` ``(feature): Update telegraf package``
+
+
+2023-11-01
+==========
+
+* :vytask:`T5690` ``(bug): Change to definition of environment variable 'vyos_rootfs_dir' is incorrect``
+
+
2023-10-31
==========
diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst
index e70aa9df..3cb54a85 100644
--- a/docs/changelog/1.5.rst
+++ b/docs/changelog/1.5.rst
@@ -8,6 +8,24 @@
_ext/releasenotes.py
+2023-11-03
+==========
+
+* :vytask:`T5700` ``(bug): Monitoring telegraf deprecated plugins inputs outputs``
+
+
+2023-11-02
+==========
+
+* :vytask:`T5701` ``(feature): Update telegraf package``
+
+
+2023-11-01
+==========
+
+* :vytask:`T5690` ``(bug): Change to definition of environment variable 'vyos_rootfs_dir' is incorrect``
+
+
2023-10-31
==========
diff --git a/docs/cli.rst b/docs/cli.rst
index 0a5fddf9..2e5d55fc 100644
--- a/docs/cli.rst
+++ b/docs/cli.rst
@@ -369,7 +369,7 @@ command.
You are now in a sublevel relative to ``interfaces ethernet eth0``, all
commands executed from this point on are relative to this sublevel. Use
-eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top
+either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top
of the hierarchy. You can also use the :cfgcmd:`up` command to move only
one level up at a time.
@@ -410,7 +410,7 @@ working configuration indicating line changes with ``+`` for additions,
loopback lo {
}
-It is also possible to display all `set` commands within configuration
+It is also possible to display all :cfgcmd:`set` commands within configuration
mode using :cfgcmd:`show | commands`
.. code-block:: none
diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst
index 294a91f8..827bfe1a 100644
--- a/docs/configuration/protocols/rpki.rst
+++ b/docs/configuration/protocols/rpki.rst
@@ -127,8 +127,8 @@ SSH
===
Connections to the RPKI caching server can not only be established by HTTP/TLS
-but you can also rely on a secure SSH session to the server. To enable SSH you
-first need to create yoursels an SSH client keypair using ``generate ssh
+but you can also rely on a secure SSH session to the server. To enable SSH,
+first you need to create an SSH client keypair using ``generate ssh
client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup
the connection.
diff --git a/docs/configuration/service/mdns.rst b/docs/configuration/service/mdns.rst
index 9d6a292a..dcb01207 100644
--- a/docs/configuration/service/mdns.rst
+++ b/docs/configuration/service/mdns.rst
@@ -5,33 +5,49 @@ Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functionality is
provided. Additional information can be obtained from
https://en.wikipedia.org/wiki/Multicast_DNS.
-Multicast DNS uses the 224.0.0.251 address, which is "administratively scoped"
-and does not leave the subnet. It retransmits mDNS packets from one interface
-to other interfaces. This enables support for e.g. Apple Airplay devices across
-multiple VLANs.
+Multicast DNS uses the reserved address ``224.0.0.251``, which is
+`"administratively scoped"` and does not leave the subnet. mDNS repeater
+retransmits mDNS packets from one interface to other interfaces. This enables
+support for devices using mDNS discovery (like network printers, Apple Airplay,
+Chromecast, various IP based home-automation devices etc) across multiple VLANs.
-Since the mDNS protocol sends the AA records in the packet itself, the repeater
-does not need to forge the source address. Instead, the source address is of
-the interface that repeats the packet.
+Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in
+the packet itself, the repeater does not need to forge the source address.
+Instead, the source address is of the interface that repeats the packet.
Configuration
=============
.. cfgcmd:: set service mdns repeater interface <interface>
- To enable mDNS repeater you need to configure at least two interfaces. To
- re-broadcast all incoming mDNS packets from any interface configured here to
- any other interface configured under this section.
+ To enable mDNS repeater you need to configure at least two interfaces so that
+ all incoming mDNS packets from one interface configured here can be
+ re-broadcasted to any other interface(s) configured under this section.
.. cfgcmd:: set service mdns repeater disable
mDNS repeater can be temporarily disabled without deleting the service using
+.. cfgcmd:: set service mdns repeater ip-version <ipv4 | ipv6 | both>
+
+ mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both
+ to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6.
+
+.. cfgcmd:: set service mdns repeater allow-service <service>
+
+ mDNS repeater can be configured to re-broadcast only specific services. By
+ default, all services are re-broadcasted.
+
+.. cfgcmd:: set service mdns repeater browse-domain <domain>
+
+ Allow listing additional custom domains to be browsed (in addition to the
+ default ``local``) so that they can be reflected.
+
.. note:: You can not run this in a VRRP setup, if multiple mDNS repeaters
are launched in a subnet you will experience the mDNS packet storm death!
Example
-=======
+-------
To listen on both `eth0` and `eth1` mDNS packets and also repeat packets
received on `eth0` to `eth1` (and vice-versa) use the following commands:
@@ -41,4 +57,35 @@ received on `eth0` to `eth1` (and vice-versa) use the following commands:
set service mdns repeater interface 'eth0'
set service mdns repeater interface 'eth1'
+To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``,
+(instead of all services) to be re-broadcasted, use the following command:
+
+.. code-block:: none
+
+ set service mdns repeater allow-service '_airplay._tcp'
+ set service mdns repeater allow-service '_ipp._tcp'
+
+To allow listing additional custom domain, for example
+``openthread.thread.home.arpa``, so that it can reflected in addition to the
+default ``local``, use the following command:
+
+.. code-block:: none
+
+ set service mdns repeater browse-domain 'openthread.thread.home.arpa'
+
.. _`Multicast DNS`: https://en.wikipedia.org/wiki/Multicast_DNS
+
+Operation
+=========
+
+.. opcmd:: restart mdns repeater
+
+ Restart mDNS repeater service.
+
+.. opcmd:: show log mdns repeater
+
+ Show logs for mDNS repeater service.
+
+.. opcmd:: monitor log mdns repeater
+
+ Follow the logs for mDNS repeater service.
diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst
index 15c2390c..efdbc651 100644
--- a/docs/configuration/service/ssh.rst
+++ b/docs/configuration/service/ssh.rst
@@ -218,3 +218,31 @@ Operation
commit
save
exit
+
+.. opcmd:: show log ssh
+
+ Show SSH server log.
+
+.. opcmd:: monitor log ssh
+
+ Follow the SSH server log.
+
+.. opcmd:: show log ssh dynamic-protection
+
+ Show SSH dynamic-protection log.
+
+.. opcmd:: monitor log ssh dynamic-protection
+
+ Follow the SSH dynamic-protection log.
+
+.. opcmd:: show ssh dynamic-protection
+
+ Show list of IPs currently blocked by SSH dynamic-protection.
+
+.. opcmd:: show ssh fingerprints
+
+ Show SSH server public key fingerprints.
+
+.. opcmd:: show ssh fingerprints ascii
+
+ Show SSH server public key fingerprints, including a visual ASCII art representation.
diff --git a/docs/configuration/vpn/rsa-keys.rst b/docs/configuration/vpn/rsa-keys.rst
index a95f5f33..1ebab731 100644
--- a/docs/configuration/vpn/rsa-keys.rst
+++ b/docs/configuration/vpn/rsa-keys.rst
@@ -17,7 +17,7 @@ install <key-pair nam>>". You may choose different length than 2048 of course.
Note: If you plan to use the generated key on this router, do not encrypt the private key.
Do you want to encrypt the private key with a passphrase? [y/N] N
Configure mode commands to install key pair:
- Do you want to install the public key? [Y/n] Yrgerg
+ Do you want to install the public key? [Y/n] Y
set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'
Do you want to install the private key? [Y/n] Y
set pki key-pair ipsec-LEFT private key 'MIIEvgIBADAN...'
diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst
index 80f800c2..bb212e2f 100644
--- a/docs/contributing/build-vyos.rst
+++ b/docs/contributing/build-vyos.rst
@@ -92,8 +92,8 @@ The container can also be built directly from source:
$ git clone -b crux --single-branch https://github.com/vyos/vyos-build
# For VyOS 1.3 (equuleus)
$ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build
- # For VyOS 1.4 (sagitta, current)
- $ git clone -b current --single-branch https://github.com/vyos/vyos-build
+ # For VyOS 1.4 (sagitta)
+ $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build
$ cd vyos-build
$ docker build -t vyos/vyos-build:crux docker # For VyOS 1.2
@@ -151,7 +151,7 @@ following Debian versions installed:
- Debian Jessie for VyOS 1.2 (crux)
- Debian Buster for VyOS 1.3 (equuleus)
-- Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release
+- Debian Bullseye for VyOS 1.4 (sagitta)
To start, clone the repository to your local machine:
@@ -163,8 +163,8 @@ To start, clone the repository to your local machine:
# For VyOS 1.3 (equuleus)
$ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build
- # For VyOS 1.4 (sagitta, current)
- $ git clone -b current --single-branch https://github.com/vyos/vyos-build
+ # For VyOS 1.4 (sagitta)
+ $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build
For the packages required, you can refer to the ``docker/Dockerfile`` file
@@ -193,8 +193,8 @@ Please note as this will differ for both `current` and `crux`.
# For VyOS 1.3 (equuleus)
$ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build
- # For VyOS 1.4 (sagitta, current)
- $ git clone -b current --single-branch https://github.com/vyos/vyos-build
+ # For VyOS 1.4 (sagitta)
+ $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build
Now a fresh build of the VyOS ISO can begin. Change directory to the
``vyos-build`` directory and run:
@@ -208,8 +208,8 @@ Now a fresh build of the VyOS ISO can begin. Change directory to the
# For VyOS 1.3 (equuleus)
$ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:equuleus bash
- # For VyOS 1.4 (sagitta, current)
- $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash
+ # For VyOS 1.4 (sagitta)
+ $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:sagitta bash
.. code-block:: none