diff options
| -rw-r--r-- | docs/appendix/http-api.rst | 13 | ||||
| -rw-r--r-- | docs/appendix/release-notes.rst | 62 | ||||
| -rw-r--r-- | docs/contributing/development.rst | 55 | ||||
| -rw-r--r-- | docs/interfaces/pseudo-ethernet.rst | 2 | ||||
| -rw-r--r-- | docs/interfaces/vxlan.rst | 22 | ||||
| -rw-r--r-- | docs/routing/bfd.rst | 16 | ||||
| -rw-r--r-- | docs/vpn/wireguard.rst | 15 |
7 files changed, 161 insertions, 24 deletions
diff --git a/docs/appendix/http-api.rst b/docs/appendix/http-api.rst index 827bcd9e..fe990269 100644 --- a/docs/appendix/http-api.rst +++ b/docs/appendix/http-api.rst @@ -69,3 +69,16 @@ If you don't specify the file when saving, it saves to ``/config/config.boot``. # curl -k -X POST -F key=MY-HTTP-API-PLAINTEXT-KEY -Fdata='{"op": "save", "file": "/config/config.boot"}' https://192.168.122.127/config-file + + +Reading config +-------------- + +To retrieve raw configs: + + # curl -X POST -F data='{"op": "showConfig", "path": ["interfaces", "dummy"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/retrieve + +It will returns: + {"success": true, "data": " /* So very dummy */\n dummy dum0 {\n address 192.168.168.1/32\n address 192.168.168.2/32\n /* That is a description */\n description \"Test interface\"\n }\n dummy dum1 {\n address 203.0.113.76/32\n address 203.0.113.79/32\n }\n", "error": null} + + diff --git a/docs/appendix/release-notes.rst b/docs/appendix/release-notes.rst index 2923beb5..89454fa0 100644 --- a/docs/appendix/release-notes.rst +++ b/docs/appendix/release-notes.rst @@ -7,6 +7,68 @@ Release Notes 1.2 (Crux) ========== +1.2.5 +----- + +1.2.5 is a maintenance release made in April 2020. + +Resolved issues +^^^^^^^^^^^^^^^ + +* :vytask:`1020` OSPF Stops distributing default route after a while +* :vytask:`1228` pppoe default-route force option not working (Rel 1.2.0-rc11) +* :vytask:`1301` bgp peer-groups don't work when "no-ipv4-unicast" is enabled. +* :vytask:`1341` Adding rate-limiter for pppoe server users +* :vytask:`1376` Incorrect DHCP lease counting +* :vytask:`1392` Large firewall rulesets cause the system to lose configuration and crash at startup +* :vytask:`1416` 2 dhcp server run in failover mode can't sync hostname with each other +* :vytask:`1452` accel-pppoe - add vendor option to shaper +* :vytask:`1490` BGP configuration (is lost|not applied) when updating 1.1.8 -> 1.2.1 +* :vytask:`1780` Adding ipsec ike closeaction +* :vytask:`1803` Unbind NTP while it's not requested... +* :vytask:`1821` "authentication mode radius" has no effect for PPPoE server +* :vytask:`1827` Increase default gc_thresh +* :vytask:`1828` Missing completion helper for "set system syslog host 192.0.2.1 facility all protocol" +* :vytask:`1832` radvd adding feature DNSSL branch.example.com example.com to existing package +* :vytask:`1837` PPPoE unrecognized option 'replacedefaultroute' +* :vytask:`1851` wireguard - changing the pubkey on an existing peer seems to destroy the running config. +* :vytask:`1858` l2tp: Delete depricated outside-nexthop and add gateway-address +* :vytask:`1864` Lower IPSec DPD timeout lower limit from 10s -> 2s +* :vytask:`1879` Extend Dynamic DNS XML definition value help strings and validators +* :vytask:`1881` Execute permissions are removed from custom SNMP scripts at commit time +* :vytask:`1884` Keeping VRRP transition-script native behaviour and adding stop-script +* :vytask:`1891` Router announcements broken on boot +* :vytask:`1900` Enable SNMP for VRRP. +* :vytask:`1902` Add redistribute non main table in bgp +* :vytask:`1909` Incorrect behaviour of static routes with overlapping networks +* :vytask:`1913` "system ipv6 blacklist" command has no effect +* :vytask:`1914` IPv6 multipath hash policy does not apply +* :vytask:`1917` Update WireGuard to Debian release 0.0.20191219-1 +* :vytask:`1934` Change default hostname when deploy from OVA without params. +* :vytask:`1935` NIC identification and usage problem in Hyper-V environments +* :vytask:`1936` pppoe-server CLI control features +* :vytask:`1964` SNMP Script-extensions allows names with spaces, but commit fails +* :vytask:`1967` BGP parameter "enforce-first-as" does not work anymore +* :vytask:`1970` Correct adding interfaces on boot +* :vytask:`1971` Missing modules in initrd.img for PXE boot +* :vytask:`1998` Update FRR to 7.3 +* :vytask:`2001` Error when router reboot +* :vytask:`2032` Monitor bandwidth bits +* :vytask:`2059` Set source-validation on bond vif don't work +* :vytask:`2066` PPPoE interface can be created multiple times - last wins +* :vytask:`2069` PPPoE-client does not works with service-name option +* :vytask:`2077` ISO build from crux branch is failing +* :vytask:`2079` Update Linux Kernel to v4.19.106 +* :vytask:`2087` Add maxfail 0 option to pppoe configuration. +* :vytask:`2100` BGP route adverisement wih checks rib +* :vytask:`2120` "reset vpn ipsec-peer" doesn't work with named peers +* :vytask:`2197` Cant add vif-s interface into a bridge +* :vytask:`2228` WireGuard does not allow ports < 1024 to be used +* :vytask:`2252` HTTP API add system image can return '504 Gateway Time-out' +* :vytask:`2272` Set system flow-accounting disable-imt has syntax error +* :vytask:`2276` PPPoE server vulnerability + + 1.2.4 ----- diff --git a/docs/contributing/development.rst b/docs/contributing/development.rst index 953e398a..66344ead 100644 --- a/docs/contributing/development.rst +++ b/docs/contributing/development.rst @@ -701,6 +701,61 @@ circumstance, the kernel boot parameter ``vyos-config-debug`` will ensure access to the system as user ``vyos``, and will log a Python stack trace to ``/tmp/boot-config-trace``. + +Debugging features +------------------ + +A number of flags can be set up to change the behaviour of VyOS at runtime. +These flags can be toggled using either environment variables or creating +files. + +For each feature, a file called ``vyos.feature.debug`` can be created to toggle +the feature on. If a parameter is required it can be placed inside the file as +its first line. + +The file can be placed in ``/tmp`` for one time debugging (as the file will be +removed on reboot) or placed in '/config' to stay permanently. + +For example, ``/tmp/vyos.ifconfig.debug`` can be created to enable interface +debugging. + +It is also possible to set up the debugging using environment variables. +In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG. + +for example running, ``export VYOS_IFCONFIG_DEBUG=""`` on your vash, will have +the same effect as ``touch /tmp/vyos.ifconfig.debug``. + +``ifconfig`` +^^^^^^^^^^^^ + +Once set, all commands used, and their responses received from the OS, will be +presented on the screen for inspection. + +``command`` +^^^^^^^^^^^ + +Once set, all commands used, and their responses received from the OS, will be +presented on the screen for inspection. + +``developer`` +^^^^^^^^^^^^^ + +Should a command fail, instead of printing a message to the user explaining how +to report issues, the python interpreter will start a PBD post-mortem session +to allow the developer to debug the issue. + +As the debugger will wait from input from the developer, it has the capacity to +prevent a router to boot and therefore should only be permanently set up on +production if you are ready to see the OS fail to boot. + +``log`` +^^^^^^^ + +In some rare cases, it may be useful to see what the OS is doing, including +during boot. This option sends all commands used by VyOS to a file. +The default file is ``/tmp/full-log`` but it can be changed. + + Priorities ========== diff --git a/docs/interfaces/pseudo-ethernet.rst b/docs/interfaces/pseudo-ethernet.rst index 1cdd5856..bdd06b7e 100644 --- a/docs/interfaces/pseudo-ethernet.rst +++ b/docs/interfaces/pseudo-ethernet.rst @@ -65,7 +65,7 @@ Address Physical Asignment ------------------ -.. cfgcmd:: set interfaces pseudo-ethernet <interface> link <ethX> +.. cfgcmd:: set interfaces pseudo-ethernet <interface> source-interface <ethX> Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`. diff --git a/docs/interfaces/vxlan.rst b/docs/interfaces/vxlan.rst index 409131e1..a11f4b62 100644 --- a/docs/interfaces/vxlan.rst +++ b/docs/interfaces/vxlan.rst @@ -69,7 +69,16 @@ Address set interfaces vxlan vxlan0 ipv6 address eui64 2001:db8:beef::/64 -.. cfgcmd:: set interfaces vxlan <interface> link <interface> +.. cfgcmd:: set interfaces vxlan <interface> vni <number> + + Each VXLAN segment is identified through a 24-bit segment ID, termed the + :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))`, This allows + up to 16M VXLAN segments to coexist within the same administrative domain. + +Multicast +^^^^^^^^^ + +.. cfgcmd:: set interfaces vxlan <interface> source-interface <interface> Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface. @@ -82,6 +91,8 @@ Address Both IPv4 and IPv6 multicast is possible. +Unicast +^^^^^^^ .. cfgcmd:: set interfaces vxlan <interface> remote <address> @@ -97,12 +108,13 @@ Address as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472. +L2VVPN / EVPN +^^^^^^^^^^^^^ -.. cfgcmd:: set interfaces vxlan <interface> vni <number> +.. cfgcmd:: set interfaces vxlan <interface> source-address <interface> - Each VXLAN segment is identified through a 24-bit segment ID, termed the - :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))`, This allows - up to 16M VXLAN segments to coexist within the same administrative domain. + Source IP address used for VXLAN underlay. This is mandatory when using + VXLAN via L2VPN/EVPN. Link Administration diff --git a/docs/routing/bfd.rst b/docs/routing/bfd.rst index 38963b94..1d494332 100644 --- a/docs/routing/bfd.rst +++ b/docs/routing/bfd.rst @@ -13,35 +13,35 @@ the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`. Configure BFD ============= -.. cfgcmd:: set protocols bfd <address> +.. cfgcmd:: set protocols bfd peer <address> Set BFD peer IPv4 address or IPv6 address -.. cfgcmd:: set protocols bfd <address> echo-mode +.. cfgcmd:: set protocols bfd peer <address> echo-mode Enables the echo transmission mode -.. cfgcmd:: set protocols bfd <address> multihop +.. cfgcmd:: set protocols bfd peer <address> multihop Allow this BFD peer to not be directly connected -.. cfgcmd:: set protocols bfd <address> source [address <address> | interface <interface>] +.. cfgcmd:: set protocols bfd peer <address> source [address <address> | interface <interface>] Bind listener to specifid interface/address, mandatory for IPv6 -.. cfgcmd:: set protocols bfd <address> interval echo-interval <10-60000> +.. cfgcmd:: set protocols bfd peer <address> interval echo-interval <10-60000> The minimal echo receive transmission interval that this system is capable of handling -.. cfgcmd:: set protocols bfd <address> interval multiplier <2-255> +.. cfgcmd:: set protocols bfd peer <address> interval multiplier <2-255> Remote transmission interval will be multiplied by this value -.. cfgcmd:: set protocols bfd <address> interval [receive | transmit] <10-60000> +.. cfgcmd:: set protocols bfd peer <address> interval [receive | transmit] <10-60000> Interval in milliseconds -.. cfgcmd:: set protocols bfd <address> shutdown +.. cfgcmd:: set protocols bfd peer <address> shutdown Disable a BFD peer diff --git a/docs/vpn/wireguard.rst b/docs/vpn/wireguard.rst index bb0b8880..afd9abfd 100644 --- a/docs/vpn/wireguard.rst +++ b/docs/vpn/wireguard.rst @@ -20,18 +20,14 @@ Generate keypair .. opcmd:: generate wireguard default-keypair -It generates the keypair, that is its public and private part and stores -it within VyOS. It will be used per default on any configured WireGuard -interface, even if multiple interfaces are being configured. - - + It generates the keypair, that is its public and private part and stores + it within VyOS. It will be used per default on any configured WireGuard + interface, even if multiple interfaces are being configured. .. opcmd:: show wireguard keypairs pubkey default -It shows the public key which needs to be shared with your peer(s). Your -peer will encrypt all traffic to your system using this public key. - - + It shows the public key which needs to be shared with your peer(s). Your + peer will encrypt all traffic to your system using this public key. .. code-block:: none @@ -39,7 +35,6 @@ peer will encrypt all traffic to your system using this public key. hW17UxY7zeydJNPIyo3UtGnBHkzTK/NeBOrDSIU9Tx0= - Generate named keypair ---------------------- |