diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/_include/interface-common-without-dhcp1.txt | 7 | ||||
-rw-r--r-- | docs/_include/interface-common-without-mac.txt | 31 | ||||
m--------- | docs/_include/vyos-1x | 0 | ||||
-rw-r--r-- | docs/changelog/1.3.rst | 44 | ||||
-rw-r--r-- | docs/changelog/1.4.rst | 122 | ||||
-rw-r--r-- | docs/conf.py | 6 | ||||
-rw-r--r-- | docs/configuration/interfaces/tunnel.rst | 2 | ||||
-rw-r--r-- | docs/configuration/policy/examples.rst | 29 | ||||
-rw-r--r-- | docs/contributing/build-vyos.rst | 73 |
9 files changed, 263 insertions, 51 deletions
diff --git a/docs/_include/interface-common-without-dhcp1.txt b/docs/_include/interface-common-without-dhcp1.txt new file mode 100644 index 00000000..60ac951d --- /dev/null +++ b/docs/_include/interface-common-without-dhcp1.txt @@ -0,0 +1,7 @@ +.. cmdinclude:: /_include/interface-address.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-common-without-mac.txt + :var0: {{ var0 }} + :var1: {{ var1 }} diff --git a/docs/_include/interface-common-without-mac.txt b/docs/_include/interface-common-without-mac.txt new file mode 100644 index 00000000..cc01db12 --- /dev/null +++ b/docs/_include/interface-common-without-mac.txt @@ -0,0 +1,31 @@ +.. cmdinclude:: /_include/interface-description.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-disable.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-disable-flow-control.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-disable-link-detect.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-mtu.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-ip.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-ipv6.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + +.. cmdinclude:: /_include/interface-vrf.txt + :var0: {{ var0 }} + :var1: {{ var1 }} diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 288d917b7c87b9a328220c8e978f2952fc7dbc3 +Subproject 4b8534e2f67f41931c3ff262c4fbbf4b43d7afc diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 76f6a616..fa016e56 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,43 @@ _ext/releasenotes.py +2022-11-06 +========== + +* :vytask:`T2913` (bug): Failure to install fpm while building builder docker image + + +2022-11-04 +========== + +* :vytask:`T2417` (feature): Python validator cleanup + + +2022-11-01 +========== + +* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring + + +2022-10-31 +========== + +* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range) +* :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name + + +2022-10-21 +========== + +* :vytask:`T2189` (bug): Adding a large port-range will take ~ 20 minutes to commit + + +2022-10-18 +========== + +* :vytask:`T4533` (bug): Radius clients don’t have simple permissions + + 2022-10-13 ========== @@ -525,12 +562,6 @@ * :vytask:`T4198` (bug): Error shown on commit -2022-01-29 -========== - -* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working - - 2022-01-28 ========== @@ -1283,7 +1314,6 @@ * :vytask:`T2759` (bug): validate-value prints error messages from validators that fail even if overall validation succeeds * :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions * :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes -* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND * :vytask:`T1962` (default): Add syntax version to schema diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index af8be17b..a1b77a24 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,10 +8,121 @@ _ext/releasenotes.py +2022-11-12 +========== + +* :vytask:`T4814` (bug): Regression in bundled powerdns version + + +2022-11-09 +========== + +* :vytask:`T4800` (bug): undefined var includes_chroot_dir in build-vyos-image + + +2022-11-08 +========== + +* :vytask:`T4771` (feature): Rewrite protocol BGP op-mode to vyos.opmode format +* :vytask:`T4806` (default): Update FRR to 8.4 in 1.4 version + + +2022-11-06 +========== + +* :vytask:`T4803` (bug): The header 'Authorization' needs to be explictly allowed in http-api CORS middleware + + +2022-11-05 +========== + +* :vytask:`T4802` (feature): Ability to define per container shared-memory size + + +2022-11-01 +========== + +* :vytask:`T4764` (bug): NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat +* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring + + +2022-10-31 +========== + +* :vytask:`T4786` (feature): Add package python3-pyhumps +* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range) +* :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name +* :vytask:`T4787` (feature): ipsec: add support for road-warrior/remote-access RADIUS timeout + + +2022-10-29 +========== + +* :vytask:`T4783` (default): Add support for stunnel +* :vytask:`T4784` (feature): Add description node for static route/route6 tagNodes + + +2022-10-28 +========== + +* :vytask:`T4291` (default): Consolidate component version read/write functions + + +2022-10-27 +========== + +* :vytask:`T4763` (feature): Change XML for Show nat destination statistics +* :vytask:`T4762` (bug): Show nat rules with empty rules incorrect error +* :vytask:`T4778` (bug): Raise error UnconfiguredSubsystem if op-mode ipsec.py fails initialization + + +2022-10-26 +========== + +* :vytask:`T4773` (default): Add camel_case to snake_case conversion utility + + +2022-10-25 +========== + +* :vytask:`T4574` (default): Add token based authentication to GraphQL API + + +2022-10-24 +========== + +* :vytask:`T4772` (default): Return list of dicts in 'raw' output of route.py instead of dict with redundant information + + +2022-10-23 +========== + +* :vytask:`T3723` (bug): op-mode IPSec show vpn ipsec sa output with underscores + + +2022-10-21 +========== + +* :vytask:`T4768` (default): Change name of api child node from 'gql' to 'graphql' + + +2022-10-18 +========== + +* :vytask:`T4684` (feature): Rewrite show ip route by protocol to vyos.opmode format +* :vytask:`T4533` (bug): Radius clients don’t have simple permissions +* :vytask:`T4753` (enhancment): Extend automatic generation of schema to query SystemStatus + + +2022-10-17 +========== + +* :vytask:`T4725` (bug): Unable to reset vpn IPsec peer + + 2022-10-14 ========== -* :vytask:`T4750` (feature): Support of higher level SSH keys (sk-ssh-ed25519) * :vytask:`T4672` (bug): RADIUS server disable does not work * :vytask:`T4749` (enhancment): Use config_dict for conf_mode http-api.py @@ -1113,12 +1224,6 @@ * :vytask:`T4138` (bug): NAT configuration allows to set incorrect port range and invalid port -2022-01-29 -========== - -* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working - - 2022-01-28 ========== @@ -1213,7 +1318,6 @@ * :vytask:`T4182` (bug): Show vrrp if vrrp not configured bug * :vytask:`T4179` (feature): Add op-mode CLI for show high-availability virtual-server -* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring 2022-01-13 @@ -2012,7 +2116,6 @@ * :vytask:`T3764` (bug): Unconfigurable IKE and ESP lifetime * :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions * :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes -* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND * :vytask:`T3759` (default): [L3VPN] VPNv4/VPNv6 add commands @@ -2812,7 +2915,6 @@ ========== * :vytask:`T2848` (feature): bgp-add-path configuration options -* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range) 2021-02-12 diff --git a/docs/conf.py b/docs/conf.py index b86c869c..23b595aa 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -74,6 +74,12 @@ master_doc = 'index' # Usually you set "language" from the command line for these cases. language = None +# https://docs.readthedocs.io/en/stable/guides/manage-translations-sphinx.html#create-translatable-files +locale_dirs = ['_locale/'] +gettext_compact = False +gettext_uuid = True + + # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. # This pattern also affects html_static_path and html_extra_path . diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index 6a5fb171..eac74d91 100644 --- a/docs/configuration/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -18,7 +18,7 @@ a closer look at the protocols and options currently supported by VyOS. Common interface configuration ------------------------------ -.. cmdinclude:: /_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp1.txt :var0: tunnel :var1: tun0 diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst index 2d44f4bc..f52a7950 100644 --- a/docs/configuration/policy/examples.rst +++ b/docs/configuration/policy/examples.rst @@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority set policy local-route rule 101 source '203.0.113.253' set policy local-route rule 101 source '198.51.100.0/24' +########################### +Clamp MSS for a specific IP +########################### + +This example shows how to target an MSS clamp (in our example to 1360 bytes) +to a specific destination IP. + +.. code-block:: none + + set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for 198.51.100.30' + set policy route IP-MSS-CLAMP rule 10 destination address '198.51.100.30/32' + set policy route IP-MSS-CLAMP rule 10 protocol 'tcp' + set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360' + set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN' + +To apply this policy to the correct interface, configure it on the +interface the inbound local host will send through to reach our +destined target host (in our example eth1). + +.. code-block:: none + + set interfaces ethernet eth1 policy route IP-MSS-CLAMP + +You can view that the policy is being correctly (or incorrectly) utilised +with the following command: + +.. code-block:: none + + show policy route statistics diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index c2350ba1..afb1c27c 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -59,10 +59,10 @@ yourusername``. Build Container --------------- -The container can be built by hand or by fetching the pre-built one from -DockerHub. Using the pre-built containers from the `VyOS DockerHub -organisation`_ will ensure that the container is always up-to-date. A rebuild -is triggered once the container changes (please note this will take 2-3 hours +The container can be built by hand or by fetching the pre-built one from +DockerHub. Using the pre-built containers from the `VyOS DockerHub +organisation`_ will ensure that the container is always up-to-date. A rebuild +is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository). .. note: If you are using the pre-built container, it will be automatically @@ -132,9 +132,10 @@ your development containers in your current working directory. .. note:: Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to - build the ``vyos-1x`` package (which is our main development package) you need - to start your Docker container using the following argument: - ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail. + build the ``vyos-1x`` package (which is our main development package) you + need to start your Docker container using the following argument: + ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will + fail. .. _build_native: @@ -158,7 +159,7 @@ To start, clone the repository to your local machine: $ git clone -b current --single-branch https://github.com/vyos/vyos-build For the packages required, you can refer to the ``docker/Dockerfile`` file -in the repository_. The ``./configure`` script will also warn you if any +in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing. Once you have the required dependencies installed, you may proceed with the @@ -214,8 +215,8 @@ Start the build: .. code-block:: none - vyos_bld@d4220bb519a0:/vyos# ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io" - vyos_bld@d4220bb519a0:/vyos# sudo make iso + vyos_bld@8153428c7e1f:/vyos$ sudo make clean + vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io" When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``. @@ -234,46 +235,52 @@ Customize ========= This ISO can be customized with the following list of configure options. -The full and current list can be generated with ``./configure --help``: +The full and current list can be generated with ``./build-vyos-image --help``: .. code-block:: none - $ ./configure --help - usage: configure [-h] [--architecture ARCHITECTURE] [--build-by BUILD_BY] - [--debian-mirror DEBIAN_MIRROR] - [--debian-security-mirror DEBIAN_SECURITY_MIRROR] - [--pbuilder-debian-mirror PBUILDER_DEBIAN_MIRROR] - [--vyos-mirror VYOS_MIRROR] [--build-type BUILD_TYPE] - [--version VERSION] [--build-comment BUILD_COMMENT] [--debug] - [--custom-apt-entry CUSTOM_APT_ENTRY] - [--custom-apt-key CUSTOM_APT_KEY] - [--custom-package CUSTOM_PACKAGE] + $ vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image --help + I: Checking if packages required for VyOS image build are installed + usage: build-vyos-image [-h] [--architecture ARCHITECTURE] + [--build-by BUILD_BY] [--debian-mirror DEBIAN_MIRROR] + [--debian-security-mirror DEBIAN_SECURITY_MIRROR] + [--pbuilder-debian-mirror PBUILDER_DEBIAN_MIRROR] + [--vyos-mirror VYOS_MIRROR] [--build-type BUILD_TYPE] + [--version VERSION] [--build-comment BUILD_COMMENT] [--debug] [--dry-run] + [--custom-apt-entry CUSTOM_APT_ENTRY] [--custom-apt-key CUSTOM_APT_KEY] + [--custom-package CUSTOM_PACKAGE] + [build_flavor] - optional arguments: + positional arguments: + build_flavor Build flavor + + optional arguments: -h, --help show this help message and exit --architecture ARCHITECTURE - Image target architecture (amd64 or i386 or armhf) + Image target architecture (amd64 or arm64) --build-by BUILD_BY Builder identifier (e.g. jrandomhacker@example.net) --debian-mirror DEBIAN_MIRROR - Debian repository mirror for ISO build + Debian repository mirror --debian-security-mirror DEBIAN_SECURITY_MIRROR - Debian security updates mirror + Debian security updates mirror --pbuilder-debian-mirror PBUILDER_DEBIAN_MIRROR - Debian repository mirror for pbuilder env bootstrap + Debian repository mirror for pbuilder env bootstrap --vyos-mirror VYOS_MIRROR - VyOS package mirror + VyOS package mirror --build-type BUILD_TYPE - Build type, release or development + Build type, release or development --version VERSION Version number (release builds only) --build-comment BUILD_COMMENT - Optional build comment + Optional build comment --debug Enable debug output + --dry-run Check build configuration and exit --custom-apt-entry CUSTOM_APT_ENTRY - Custom APT entry + Custom APT entry --custom-apt-key CUSTOM_APT_KEY - Custom APT key file + Custom APT key file --custom-package CUSTOM_PACKAGE - Custom package to install from repositories + Custom package to install from repositories + .. _iso_build_issues: @@ -304,7 +311,7 @@ more or less similar looking error message: (10:13) vyos_bld ece068908a5b:/vyos [current] # To debug the build process and gain additional information of what could be the -root cause, you need to use `chroot` to change into the build directry. This is +root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure: .. code-block:: none |