7 files changed, 87 insertions, 24 deletions

diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject ac01b026ab2d84d9a5df48cc75e8cc7e4092bd9
+Subproject b6301bfd6a6cb084671fd24970a4a06b10a89d9
diff --git a/docs/_static/images/wireguard_qrcode.jpg b/docs/_static/images/wireguard_qrcode.jpg
index 8b03e4d3..0a9a98c0 100644
--- a/docs/_static/images/wireguard_qrcode.jpg
+++ b/docs/_static/images/wireguard_qrcode.jpg
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index 51593dc1..75973009 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,20 @@
    _ext/releasenotes.py
 
 
+2021-04-25
+==========
+
+* :vytask:`T3468` (bug): Tunnel interfaces aren't suggested as being available for bridging (regression)
+* :vytask:`T1802` (feature): Wireguard QR code in cli for mobile devices
+
+
+2021-04-23
+==========
+
+* :vytask:`T3395` (bug): WAN load-balancing fails with nexthop dhcp
+* :vytask:`T3290` (bug): Disabling GRE conntrack module fails
+
+
 2021-04-18
 ==========
 
@@ -249,7 +263,7 @@
 2021-02-16
 ==========
 
-* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.112 / 5.10.30
+* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.114 / 5.10.32
 
 
 2021-02-14
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index ee484c62..0d0bf654 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,36 @@
    _ext/releasenotes.py
 
 
+2021-04-25
+==========
+
+* :vytask:`T3490` (bug): priority inversion on PBR "policy route" create, breaks default route from dhcp (live iso)
+* :vytask:`T3468` (bug): Tunnel interfaces aren't suggested as being available for bridging (regression)
+* :vytask:`T3497` (bug): Prefix list with rule containing only action is not detected as error during parse
+* :vytask:`T3492` (bug): BGP Configuration Migration failed (badly!) from rolling 202102240218 to rolling 202104221210
+* :vytask:`T1802` (feature): Wireguard QR code in cli for mobile devices
+
+
+2021-04-24
+==========
+
+* :vytask:`T3472` (bug): commit-confirm script not found
+* :vytask:`T3439` (bug): Commit-archive location not working for scp
+
+
+2021-04-23
+==========
+
+* :vytask:`T3395` (bug): WAN load-balancing fails with nexthop dhcp
+* :vytask:`T3290` (bug): Disabling GRE conntrack module fails
+
+
+2021-04-20
+==========
+
+* :vytask:`T3488` (bug): Specifying an invalid "interface address" like dhcph leads to commit error
+
+
 2021-04-18
 ==========
 
@@ -308,7 +338,7 @@
 ==========
 
 * :vytask:`T3313` (bug): ospfv3 interface missing options
-* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.112 / 5.10.30
+* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.114 / 5.10.32
 
 
 2021-02-15
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index 35fdfb4a..02cfc7d1 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -306,7 +306,7 @@ There are a lot of matching criteria gainst which the package can be tested.
 
       set firewall name WAN-IN-v4 rule 100 source address 192.0.2.10-192.0.2.11
       # with a '!' the rule match everything except the specified subnet
-      set fitewall name WAN-IN-v4 rule 101 source address !203.0.113.0/24
+      set firewall name WAN-IN-v4 rule 101 source address !203.0.113.0/24
       set firewall ipv6-name WAN-IN-v6 rule 100 source address 2001:db8::202
 
 
diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst
index 07ced733..ddfbe620 100644
--- a/docs/configuration/interfaces/wireguard.rst
+++ b/docs/configuration/interfaces/wireguard.rst
@@ -1,5 +1,7 @@
 .. _wireguard:
 
+.. include:: /_include/need_improvement.txt
+
 #########
 WireGuard
 #########
@@ -43,12 +45,14 @@ Named keypairs can be used on a interface basis when configured. If
 multiple WireGuard interfaces are being configured, each can have their
 own keypairs.
 
-The commands below generates 2 keypairs unrelated to each other.
+.. opcmd:: generate wireguard named-keypairs <name>
 
-.. code-block:: none
+  The commands below generates 2 keypairs unrelated to each other.
+
+  .. code-block:: none
 
-  vyos@vyos:~$ generate wireguard named-keypairs KP01
-  vyos@vyos:~$ generate wireguard named-keypairs KP02
+    vyos@vyos:~$ generate wireguard named-keypairs KP01
+    vyos@vyos:~$ generate wireguard named-keypairs KP02
 
 
 Interface configuration
@@ -89,17 +93,17 @@ or allows the traffic.
    WireGuard peers. This a a design decission. For more information please
    check the `WireGuard mailing list`_.
 
+.. cfgcmd:: set interfaces wireguard <interface> private-key <name>
 
-To use a named key on an interface, the option private-key needs to be
-set.
+  To use a named key on an interface, the option private-key needs to be
+  set.
 
-.. code-block:: none
+  .. code-block:: none
 
-  set interfaces wireguard wg01 private-key KP01
-  set interfaces wireguard wg02 private-key KP02
+    set interfaces wireguard wg01 private-key KP01
 
-The command ``run show wireguard keypairs pubkey KP01`` will then show
-the public key, which needs to be shared with the peer.
+  The command :opcmd:`show wireguard keypairs pubkey KP01` will then show the
+  public key, which needs to be shared with the peer.
 
 
 **remote side**
@@ -292,15 +296,19 @@ the VyOS CLI.
   private portion on your own and only hand out the public key. Please keep this
   in mind when using this convenience feature.
 
-.. opcmd:: generate wireguard mobile-config <interface> server <ip | fqdn> address <client ip>
+.. opcmd:: generate wireguard client-config <name> interface <interface> server <ip|fqdn> address <client-ip>
+
+  Using this command you will create a new client configuration which can
+  connect to ``interface`` on this router. The public key from the specified
+  interface is automatically extracted and embedded into the configuration.
 
-  Using this command you will create a client configuration which can connect to
-  ``interface`` on this router. The public key from the specified interface is
-  automatically extracted and embedded into the configuration.
+  The command also generates a configuration snipped which can be copy/pasted
+  into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become
+  the peer name in the snippet.
 
   In addition you will specifiy the IP address or FQDN for the client where it
-  will connect to. The address parameter is used to assign a given client an
-  IPv4 or IPv6 address.
+  will connect to. The address parameter can be used up to two times and is used
+  to assign the client its specific IPv4 (/32) or IPv6 (/128) address.
 
   .. figure:: /_static/images/wireguard_qrcode.jpg
      :alt: WireGuard Client QR code
diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst
index 453edd30..c8924462 100644
--- a/docs/contributing/build-vyos.rst
+++ b/docs/contributing/build-vyos.rst
@@ -188,6 +188,21 @@ Now a fresh build of the VyOS ISO can begin. Change directory to the
   # For VyOS 1.3 (equuleus, current)
   $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash
 
+.. code-block:: none
+
+  # For MacOS (crux, equuleus, sagitta)
+  $ git clone https://github.com/vyos/vyos-utils-misc
+  $ cd build-tools/macos-build 
+
+  # For VyOS 1.2 (crux)
+  $ os=jessie64 branch=crux make build
+
+  # For VyOS 1.3 (equuleus)
+  $ os=buster64 branch=equuleus make build
+
+  # For VyOS 1.4 (sagitta)
+  $ os=buster64 branch=sagitta make build
+
 Start the build:
 
 .. code-block:: none
@@ -200,10 +215,6 @@ When the build is successful, the resulting iso can be found inside the
 
 Good luck!
 
-.. hint:: Attempting to use the Docker build image on MacOS will fail as
-   Docker does not expose all the filesystem feature required to the container.
-   Building within a VirtualBox server on Mac however possible.
-
 .. hint:: Building VyOS on Windows WSL2 with Docker integrated into WSL2 will
    work like a charm. No problems are known so far!