summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
m---------docs/_include/vyos-1x0
-rw-r--r--docs/changelog/1.3.rst38
-rw-r--r--docs/changelog/1.4.rst79
-rw-r--r--docs/changelog/1.5.rst63
-rw-r--r--docs/configexamples/ansible.rst18
-rw-r--r--docs/configexamples/policy-based-ipsec-and-firewall.rst24
6 files changed, 199 insertions, 23 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject 9edf1e7c23f13e682bbe4b2ae75ff4be897822a
+Subproject 96f7fb69fb6ba34f15e35b4cddbb108eebda619
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index 769afdf7..b22bf02a 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,44 @@
_ext/releasenotes.py
+2024-04-07
+==========
+
+* :vytask:`T1244` ``(default): Support for StartupResync in conntrackd``
+
+
+2024-04-05
+==========
+
+* :vytask:`T2590` ``(bug): DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
+
+
+2024-04-04
+==========
+
+* :vytask:`T4146` ``(bug): Nginx should not listen on port 80``
+* :vytask:`T1976` ``(default): deleting address-family under neighbor will disable neighbor``
+* :vytask:`T5625` ``(default): "restart vpn" does not work if ipsec-interfaces is not set``
+* :vytask:`T3020` ``(bug): The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location"``
+* :vytask:`T2250` ``(default): vyos-build "make iso" error if configure was ran outside of the docker container``
+* :vytask:`T2139` ``(default): openvpn: allow "dh-file none" to disable DH for ECDH keys``
+* :vytask:`T2014` ``(default): Use vendor specific NTP Pool hostname``
+* :vytask:`T1118` ``(bug): Obsolete "utc" option in time selector in firewall``
+* :vytask:`T948` ``(feature): integrate aws cloud watch scripts into AMI``
+
+
+2024-04-02
+==========
+
+* :vytask:`T6150` ``(bug): Impossible to set a static IP address via Radius in IPoE``
+
+
+2024-04-01
+==========
+
+* :vytask:`T6193` ``(bug): dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
+
+
2024-03-22
==========
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index 36e9c88c..8921afbe 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,85 @@
_ext/releasenotes.py
+2024-04-07
+==========
+
+* :vytask:`T6205` ``(bug): ipoe: error in migration script logic while renaming mac-address to mac node``
+* :vytask:`T6039` ``(bug): cloud-init DNS search-domain causes configuration migration/validation error``
+* :vytask:`T5862` ``(bug): Default MTU is not acceptable in some environments``
+* :vytask:`T6208` ``(feature): container: rename "cap-add" CLI node to "capability"``
+* :vytask:`T6188` ``(feature): Add Firewall Rule Description to "show firewall" commands``
+* :vytask:`T1244` ``(default): Support for StartupResync in conntrackd``
+
+
+2024-04-06
+==========
+
+* :vytask:`T6203` ``(enhancment): Remove obsoleted xml lib``
+* :vytask:`T6202` ``(bug): Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1``
+
+
+2024-04-05
+==========
+
+* :vytask:`T6089` ``(bug): [1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added``
+* :vytask:`T2590` ``(bug): DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
+* :vytask:`T6199` ``(feature): spring cleaning - drop unused Python imports``
+
+
+2024-04-04
+==========
+
+* :vytask:`T6119` ``(default): Use a compliant TOML parser``
+* :vytask:`T6171` ``(feature): dhcp server fail-over - Rename fail-over node``
+* :vytask:`T6115` ``(bug): Build from Git tags fail``
+* :vytask:`T5122` ``(feature): Move "archive-areas" to defaults.toml to support "non-free-firmware" repository``
+* :vytask:`T5121` ``(bug): Incorrect "architecture" config loaded``
+* :vytask:`T4951` ``(default): Add an op mode exception for cases when operations fail due to insufficient system resources``
+* :vytask:`T4883` ``(default): Add a description field for routing tables``
+* :vytask:`T4796` ``(bug): build-vyos-image ignores multiple options``
+* :vytask:`T4795` ``(feature): Cleanup custom python validators``
+* :vytask:`T4761` ``(default): Add a generic URL validator``
+* :vytask:`T3843` ``(bug): l2tp configuration not cleared after delete``
+* :vytask:`T3681` ``(default): The VMware Tools resume script did not run successfully in this virtual machine.``
+* :vytask:`T1991` ``(feature): Rework time services``
+* :vytask:`T5711` ``(default): Put the version data file inside the ISO image``
+* :vytask:`T5672` ``(default): Remove the old-style command definition importer``
+* :vytask:`T5639` ``(default): Group vyos-1x dependencies by their VyOS components and specify their purpose``
+* :vytask:`T5638` ``(default): Add support for requiring numeric values to be ranges rather than single numbers``
+* :vytask:`T5634` ``(default): Remove support for Blowfish and DES from OpenVPN``
+* :vytask:`T5605` ``(default): Do not generate keysize option in OpenVPN configs``
+* :vytask:`T5582` ``(default): Add a command to force NTP sync``
+* :vytask:`T5449` ``(default): Add options for TCP MSS probing``
+* :vytask:`T4440` ``(default): Add OCI compliant image labels to vyos-build and vyos containers``
+* :vytask:`T671` ``(enhancment): Identify and remove dead code``
+* :vytask:`T5109` ``(feature): Improve OCaml XML validator``
+* :vytask:`T1449` ``(feature): Add opportunity to include custom default configs (few) at building``
+
+
+2024-04-03
+==========
+
+* :vytask:`T6198` ``(feature): configverify: add common helper for PKI certificate validation``
+* :vytask:`T6192` ``(feature): Multi VRF support for SSH``
+
+
+2024-04-02
+==========
+
+* :vytask:`T6167` ``(bug): VNI not set on VRF after reboot``
+* :vytask:`T6151` ``(default): BGP VRF - Route-leaking not work when the next-hop is a recursive route.``
+* :vytask:`T6033` ``(bug): hsflowd fails to start when using a tunnel interface``
+
+
+2024-04-01
+==========
+
+* :vytask:`T6195` ``(feature): dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1``
+* :vytask:`T6193` ``(bug): dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
+* :vytask:`T6178` ``(bug): Reverse-proxy should check that certificate exists during commit``
+
+
2024-03-31
==========
diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst
index a24c3c82..07743ba2 100644
--- a/docs/changelog/1.5.rst
+++ b/docs/changelog/1.5.rst
@@ -8,6 +8,67 @@
_ext/releasenotes.py
+2024-04-07
+==========
+
+* :vytask:`T6205` ``(bug): ipoe: error in migration script logic while renaming mac-address to mac node``
+* :vytask:`T5862` ``(bug): Default MTU is not acceptable in some environments``
+* :vytask:`T6208` ``(feature): container: rename "cap-add" CLI node to "capability"``
+* :vytask:`T6188` ``(feature): Add Firewall Rule Description to "show firewall" commands``
+* :vytask:`T1244` ``(default): Support for StartupResync in conntrackd``
+
+
+2024-04-06
+==========
+
+* :vytask:`T6203` ``(enhancment): Remove obsoleted xml lib``
+* :vytask:`T6202` ``(bug): Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1``
+
+
+2024-04-05
+==========
+
+* :vytask:`T6089` ``(bug): [1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added``
+* :vytask:`T2590` ``(bug): DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
+* :vytask:`T6199` ``(feature): spring cleaning - drop unused Python imports``
+
+
+2024-04-04
+==========
+
+* :vytask:`T6119` ``(default): Use a compliant TOML parser``
+* :vytask:`T6171` ``(feature): dhcp server fail-over - Rename fail-over node``
+* :vytask:`T6128` ``(bug): minisign.pub is wrong on https://vyos.net/get/nightly-builds/``
+* :vytask:`T5882` ``(feature): vyos-utils: move to Dune as build system``
+* :vytask:`T5864` ``(default): 'show ntp' Commands Not Working``
+* :vytask:`T3843` ``(bug): l2tp configuration not cleared after delete``
+* :vytask:`T2187` ``(feature): Python Unit testing``
+* :vytask:`T788` ``(bug): Nightly builds are not signed``
+
+
+2024-04-03
+==========
+
+* :vytask:`T6198` ``(feature): configverify: add common helper for PKI certificate validation``
+* :vytask:`T6192` ``(feature): Multi VRF support for SSH``
+
+
+2024-04-02
+==========
+
+* :vytask:`T6167` ``(bug): VNI not set on VRF after reboot``
+* :vytask:`T6151` ``(default): BGP VRF - Route-leaking not work when the next-hop is a recursive route.``
+* :vytask:`T6033` ``(bug): hsflowd fails to start when using a tunnel interface``
+
+
+2024-04-01
+==========
+
+* :vytask:`T6195` ``(feature): dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1``
+* :vytask:`T6193` ``(bug): dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
+* :vytask:`T6178` ``(bug): Reverse-proxy should check that certificate exists during commit``
+
+
2024-03-31
==========
@@ -65,7 +126,6 @@
* :vytask:`T6130` ``(bug): [1.3.6->1.4.0-epa2 Migration] BGP "set community" missing``
* :vytask:`T6090` ``(bug): [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity``
* :vytask:`T6155` ``(default): ixgbe: failed to initialize because an unsupported SFP+ module type was detected.``
-* :vytask:`T6137` ``(bug): dhcp files and directory permission not correct after image uprgading``
* :vytask:`T6125` ``(feature): Support 802.1ad (0x88a8) vlan filtering for bridge``
@@ -516,7 +576,6 @@
==========
* :vytask:`T5898` ``(bug): Replace partprobe with partx due to unable to install VyOS``
-* :vytask:`T5862` ``(bug): Default MTU is not acceptable in some environments``
* :vytask:`T5840` ``(feature): Upgrade Kea to 2.4.x``
* :vytask:`T5838` ``(feature): Add Infiniband kernel modules``
* :vytask:`T5785` ``(bug): API output of show container image broken``
diff --git a/docs/configexamples/ansible.rst b/docs/configexamples/ansible.rst
index fc243c44..0f4dbbda 100644
--- a/docs/configexamples/ansible.rst
+++ b/docs/configexamples/ansible.rst
@@ -1,4 +1,4 @@
-:lastproofread: 2023-10-18
+:lastproofread: 2024-04-09
.. _examples-ansible:
@@ -33,14 +33,14 @@ We have four pre-configured routers with this configuration:
* vyos9 - 192.0.2.107
* vyos10 - 192.0.2.108
-Install the Ansible:
+Install Ansible:
====================
.. code-block:: none
# apt-get install ansible
Do you want to continue? [Y/n] y
-Install the paramiko:
+Install Paramiko:
=====================
.. code-block:: none
@@ -60,7 +60,7 @@ Check the version:
executable location = /usr/bin/ansible
python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
-Basik configuration of the ansible.cfg:
+Basic configuration of ansible.cfg:
=======================================
.. code-block:: none
@@ -69,8 +69,8 @@ Basik configuration of the ansible.cfg:
[defaults]
host_key_checking = no
-Add all the hosts of VyOS:
-==========================
+Add all the VyOS hosts:
+=======================
.. code-block:: none
@@ -95,8 +95,8 @@ Add general variables:
ansible_ssh_pass: vyos
-Add the simple playbook with the tasks for each router:
-=======================================================
+Add a simple playbook with the tasks for each router:
+=====================================================
.. code-block:: none
@@ -213,4 +213,4 @@ The simple way without configuration of the hostname (one task for all routers):
vyos9 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
-In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables.
+In the next chapter of the example, we'll use Ansible with jinja2 templates and variables.
diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst
index 9b7ba73a..2337c1ac 100644
--- a/docs/configexamples/policy-based-ipsec-and-firewall.rst
+++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst
@@ -5,35 +5,35 @@ Policy-Based Site-to-Site VPN and Firewall Configuration
--------------------------------------------------------
This guide shows an example policy-based IKEv2 site-to-site VPN between two
-VyOS routers, and firewall configiuration.
+VyOS routers, and firewall configuration.
-For simplicity, configuration and tests are done only using ipv4, and firewall
-configuration in done only on one router.
+For simplicity, configuration and tests are done only using IPv4, and firewall
+configuration is done only on one router.
Network Topology and requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-This configuration example and the requirments consists on:
+This configuration example and the requirments consists of:
- Two VyOS routers with public IP address.
- 2 private subnets on each site.
-- Local subnets should be able to reach internet using source nat.
+- Local subnets should be able to reach internet using source NAT.
-- Communication between private subnets should be done through ipsec tunnel
- without nat.
+- Communication between private subnets should be done through IPSec tunnel
+ without NAT.
- Configuration of basic firewall in one site, in order to:
- - Protect the router on 'WAN' interface, allowing only ipsec connections
- and ssh access from trusted ips.
+ - Protect the router on 'WAN' interface, allowing only IPSec connections
+ and SSH access from trusted IPs.
- Allow access to the router only from trusted networks.
- - Allow dns requests only only for local networks.
+ - Allow DNS requests only only for local networks.
- - Allow icmp on all interfaces.
+ - Allow ICMP on all interfaces.
- Allow all new connections from local subnets.
@@ -203,7 +203,7 @@ And NAT Configuration:
Checking through op-mode commands
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-After some testing, we can check ipsec status, and counter on every tunnel:
+After some testing, we can check IPSec status, and counter on every tunnel:
.. code-block:: none
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 22:21:36 +0000