summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
m---------docs/_include/vyos-1x0
-rw-r--r--docs/changelog/1.3.rst12
-rw-r--r--docs/changelog/1.4.rst22
-rw-r--r--docs/configuration/highavailability/index.rst59
-rw-r--r--docs/configuration/service/dhcp-relay.rst33
-rw-r--r--docs/configuration/service/dhcp-server.rst2
6 files changed, 123 insertions, 5 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject 6eea12512e59cc28f5c2e5ca5ec7e9e7b21731d
+Subproject 2622902ac76bc1c3356bb722f63e931119f3eb0
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index dfb4917e..1f3fa6e8 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,18 @@
_ext/releasenotes.py
+2023-02-01
+==========
+
+* :vytask:`T4970` (default): pin OCaml pcre package to avoid JIT support
+
+
+2023-01-30
+==========
+
+* :vytask:`T4954` (bug): DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init
+
+
2023-01-24
==========
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index a1687f87..274c302f 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,28 @@
_ext/releasenotes.py
+2023-02-01
+==========
+
+* :vytask:`T4970` (default): pin OCaml pcre package to avoid JIT support
+
+
+2023-01-31
+==========
+
+* :vytask:`T4964` (bug): FRR bgp address-family l2vpn-evpn route-target export/import not working
+* :vytask:`T4780` (feature): Firewall - Add interface group
+* :vytask:`T4157` (default): Add jinja2 to pip test requirements
+
+
+2023-01-30
+==========
+
+* :vytask:`T4958` (feature): Add OpenConnect RADIUS Accounting support
+* :vytask:`T4954` (bug): DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init
+* :vytask:`T4118` (default): IPsec syntax overhaul
+
+
2023-01-29
==========
diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst
index 9150b1bd..bc8aad99 100644
--- a/docs/configuration/highavailability/index.rst
+++ b/docs/configuration/highavailability/index.rst
@@ -357,6 +357,21 @@ Forward method
set high-availability virtual-server 203.0.113.1 forward-method 'nat'
+Health-check
+^^^^^^^^^^^^
+Custom health-check script allows checking real-server availability
+
+.. code-block:: none
+
+ set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script <path-to-script>
+
+Fwmark
+^^^^^^
+Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value
+
+.. code-block:: none
+
+ set high-availability virtual-server 203.0.113.1 fwmark '111'
Real server
^^^^^^^^^^^
@@ -395,3 +410,47 @@ Real server is auto-excluded if port check with this server fail.
set high-availability virtual-server 203.0.113.1 protocol 'tcp'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '80'
set high-availability virtual-server 203.0.113.1 real-server 192.0.2.12 port '80'
+
+
+A firewall mark ``fwmark`` allows using multiple ports for high-availability
+virtual-server.
+It uses fwmark value.
+
+In this example all traffic destined to ports "80, 2222, 8888" protocol TCP
+marks to fwmark "111" and balanced between 2 real servers.
+Port "0" is required if multiple ports are used.
+
+.. code-block:: none
+
+ set interfaces ethernet eth0 address 'dhcp'
+ set interfaces ethernet eth0 description 'WAN'
+ set interfaces ethernet eth1 address '192.0.2.1/24'
+ set interfaces ethernet eth1 description 'LAN'
+
+ set policy route PR interface 'eth0'
+ set policy route PR rule 10 destination port '80,2222,8888'
+ set policy route PR rule 10 protocol 'tcp'
+ set policy route PR rule 10 set mark '111'
+
+ set high-availability virtual-server vyos fwmark '111'
+ set high-availability virtual-server vyos protocol 'tcp'
+ set high-availability virtual-server vyos real-server 192.0.2.11 health-check script '/config/scripts/check-real-server-first.sh'
+ set high-availability virtual-server vyos real-server 192.0.2.11 port '0'
+ set high-availability virtual-server vyos real-server 192.0.2.12 health-check script '/config/scripts/check-real-server-second.sh'
+ set high-availability virtual-server vyos real-server 192.0.2.12 port '0'
+
+ set nat source rule 100 outbound-interface 'eth0'
+ set nat source rule 100 source address '192.0.2.0/24'
+ set nat source rule 100 translation address 'masquerade'
+
+Op-mode check virtual-server status
+
+.. code-block:: none
+
+ vyos@r14:~$ run show virtual-server
+ IP Virtual Server version 1.2.1 (size=4096)
+ Prot LocalAddress:Port Scheduler Flags
+ -> RemoteAddress:Port Forward Weight ActiveConn InActConn
+ FWM 111 lc persistent 300
+ -> 192.0.2.11:0 Masq 1 0 0
+ -> 192.0.2.12:0 Masq 1 1 0
diff --git a/docs/configuration/service/dhcp-relay.rst b/docs/configuration/service/dhcp-relay.rst
index a93c1046..43abf254 100644
--- a/docs/configuration/service/dhcp-relay.rst
+++ b/docs/configuration/service/dhcp-relay.rst
@@ -20,8 +20,20 @@ Configuration
.. cfgcmd:: set service dhcp-relay interface <interface>
- Interfaces that participate in the DHCP relay process, including the uplink
- to the DHCP server.
+ Interfaces that participate in the DHCP relay process. If this command is
+ used, at least two entries of it are required: one for the interface that
+ captures the dhcp-requests, and one for the interface to forward such
+ requests. A warning message will be shown if this command is used, since
+ new implementations should use ``listen-interface`` and
+ ``upstream-interface``.
+
+.. cfgcmd:: set service dhcp-relay listen-interface <interface>
+
+ Interface for DHCP Relay Agent to listen for requests.
+
+.. cfgcmd:: set service dhcp-relay upstream-interface <interface>
+
+ Interface for DHCP Relay Agent to forward requests out.
.. cfgcmd:: set service dhcp-relay server <server>
@@ -70,8 +82,8 @@ Example
* Listen for DHCP requests on interface ``eth1``.
* DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``.
-* Router receives DHCP client requests on ``eth1`` and relays them to the server
- at 10.0.1.4 on ``eth2``.
+* Router receives DHCP client requests on ``eth1`` and relays them to the
+ server at 10.0.1.4 on ``eth2``.
.. figure:: /_static/images/service_dhcp-relay01.png
:scale: 80 %
@@ -84,6 +96,19 @@ The generated configuration will look like:
.. code-block:: none
show service dhcp-relay
+ listen-interface eth1
+ upstrem-interface eth2
+ server 10.0.1.4
+ relay-options {
+ relay-agents-packets discard
+ }
+
+Also, for backwards compatibility this configuration, which uses generic
+interface definition, is still valid:
+
+.. code-block:: none
+
+ show service dhcp-relay
interface eth1
interface eth2
server 10.0.1.4
diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst
index 3f4b7b89..b4245f0c 100644
--- a/docs/configuration/service/dhcp-server.rst
+++ b/docs/configuration/service/dhcp-server.rst
@@ -234,7 +234,7 @@ inside the subnet definition but can be outside of the range statement.
**Example:**
-* IP address ``192.168.1.100`` shall be statically mapped to client named ``client100``
+* IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``
.. code-block:: none