summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/_include/interface-common-without-dhcp1.txt7
-rw-r--r--docs/_include/interface-common-without-mac.txt31
m---------docs/_include/vyos-1x0
-rw-r--r--docs/changelog/1.3.rst44
-rw-r--r--docs/changelog/1.4.rst122
-rw-r--r--docs/conf.py6
-rw-r--r--docs/configuration/interfaces/tunnel.rst2
-rw-r--r--docs/configuration/policy/examples.rst29
-rw-r--r--docs/contributing/build-vyos.rst73
9 files changed, 263 insertions, 51 deletions
diff --git a/docs/_include/interface-common-without-dhcp1.txt b/docs/_include/interface-common-without-dhcp1.txt
new file mode 100644
index 00000000..60ac951d
--- /dev/null
+++ b/docs/_include/interface-common-without-dhcp1.txt
@@ -0,0 +1,7 @@
+.. cmdinclude:: /_include/interface-address.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-common-without-mac.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
diff --git a/docs/_include/interface-common-without-mac.txt b/docs/_include/interface-common-without-mac.txt
new file mode 100644
index 00000000..cc01db12
--- /dev/null
+++ b/docs/_include/interface-common-without-mac.txt
@@ -0,0 +1,31 @@
+.. cmdinclude:: /_include/interface-description.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-disable.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-disable-flow-control.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-disable-link-detect.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-mtu.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-ip.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-ipv6.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-vrf.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject 288d917b7c87b9a328220c8e978f2952fc7dbc3
+Subproject 4b8534e2f67f41931c3ff262c4fbbf4b43d7afc
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index 76f6a616..fa016e56 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,43 @@
_ext/releasenotes.py
+2022-11-06
+==========
+
+* :vytask:`T2913` (bug): Failure to install fpm while building builder docker image
+
+
+2022-11-04
+==========
+
+* :vytask:`T2417` (feature): Python validator cleanup
+
+
+2022-11-01
+==========
+
+* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring
+
+
+2022-10-31
+==========
+
+* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range)
+* :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name
+
+
+2022-10-21
+==========
+
+* :vytask:`T2189` (bug): Adding a large port-range will take ~ 20 minutes to commit
+
+
+2022-10-18
+==========
+
+* :vytask:`T4533` (bug): Radius clients don’t have simple permissions
+
+
2022-10-13
==========
@@ -525,12 +562,6 @@
* :vytask:`T4198` (bug): Error shown on commit
-2022-01-29
-==========
-
-* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working
-
-
2022-01-28
==========
@@ -1283,7 +1314,6 @@
* :vytask:`T2759` (bug): validate-value prints error messages from validators that fail even if overall validation succeeds
* :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions
* :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes
-* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND
* :vytask:`T1962` (default): Add syntax version to schema
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index af8be17b..a1b77a24 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,10 +8,121 @@
_ext/releasenotes.py
+2022-11-12
+==========
+
+* :vytask:`T4814` (bug): Regression in bundled powerdns version
+
+
+2022-11-09
+==========
+
+* :vytask:`T4800` (bug): undefined var includes_chroot_dir in build-vyos-image
+
+
+2022-11-08
+==========
+
+* :vytask:`T4771` (feature): Rewrite protocol BGP op-mode to vyos.opmode format
+* :vytask:`T4806` (default): Update FRR to 8.4 in 1.4 version
+
+
+2022-11-06
+==========
+
+* :vytask:`T4803` (bug): The header 'Authorization' needs to be explictly allowed in http-api CORS middleware
+
+
+2022-11-05
+==========
+
+* :vytask:`T4802` (feature): Ability to define per container shared-memory size
+
+
+2022-11-01
+==========
+
+* :vytask:`T4764` (bug): NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat
+* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring
+
+
+2022-10-31
+==========
+
+* :vytask:`T4786` (feature): Add package python3-pyhumps
+* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range)
+* :vytask:`T4785` (feature): snmp: Allow !, @, * and # in community name
+* :vytask:`T4787` (feature): ipsec: add support for road-warrior/remote-access RADIUS timeout
+
+
+2022-10-29
+==========
+
+* :vytask:`T4783` (default): Add support for stunnel
+* :vytask:`T4784` (feature): Add description node for static route/route6 tagNodes
+
+
+2022-10-28
+==========
+
+* :vytask:`T4291` (default): Consolidate component version read/write functions
+
+
+2022-10-27
+==========
+
+* :vytask:`T4763` (feature): Change XML for Show nat destination statistics
+* :vytask:`T4762` (bug): Show nat rules with empty rules incorrect error
+* :vytask:`T4778` (bug): Raise error UnconfiguredSubsystem if op-mode ipsec.py fails initialization
+
+
+2022-10-26
+==========
+
+* :vytask:`T4773` (default): Add camel_case to snake_case conversion utility
+
+
+2022-10-25
+==========
+
+* :vytask:`T4574` (default): Add token based authentication to GraphQL API
+
+
+2022-10-24
+==========
+
+* :vytask:`T4772` (default): Return list of dicts in 'raw' output of route.py instead of dict with redundant information
+
+
+2022-10-23
+==========
+
+* :vytask:`T3723` (bug): op-mode IPSec show vpn ipsec sa output with underscores
+
+
+2022-10-21
+==========
+
+* :vytask:`T4768` (default): Change name of api child node from 'gql' to 'graphql'
+
+
+2022-10-18
+==========
+
+* :vytask:`T4684` (feature): Rewrite show ip route by protocol to vyos.opmode format
+* :vytask:`T4533` (bug): Radius clients don’t have simple permissions
+* :vytask:`T4753` (enhancment): Extend automatic generation of schema to query SystemStatus
+
+
+2022-10-17
+==========
+
+* :vytask:`T4725` (bug): Unable to reset vpn IPsec peer
+
+
2022-10-14
==========
-* :vytask:`T4750` (feature): Support of higher level SSH keys (sk-ssh-ed25519)
* :vytask:`T4672` (bug): RADIUS server disable does not work
* :vytask:`T4749` (enhancment): Use config_dict for conf_mode http-api.py
@@ -1113,12 +1224,6 @@
* :vytask:`T4138` (bug): NAT configuration allows to set incorrect port range and invalid port
-2022-01-29
-==========
-
-* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working
-
-
2022-01-28
==========
@@ -1213,7 +1318,6 @@
* :vytask:`T4182` (bug): Show vrrp if vrrp not configured bug
* :vytask:`T4179` (feature): Add op-mode CLI for show high-availability virtual-server
-* :vytask:`T4177` (bug): Strip-private doesn't work for service monitoring
2022-01-13
@@ -2012,7 +2116,6 @@
* :vytask:`T3764` (bug): Unconfigurable IKE and ESP lifetime
* :vytask:`T3234` (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions
* :vytask:`T3732` (feature): override-default helper should support adding defaultValues to default less nodes
-* :vytask:`T3574` (default): Add constraintGroup for combining validators with logical AND
* :vytask:`T3759` (default): [L3VPN] VPNv4/VPNv6 add commands
@@ -2812,7 +2915,6 @@
==========
* :vytask:`T2848` (feature): bgp-add-path configuration options
-* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range)
2021-02-12
diff --git a/docs/conf.py b/docs/conf.py
index b86c869c..23b595aa 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -74,6 +74,12 @@ master_doc = 'index'
# Usually you set "language" from the command line for these cases.
language = None
+# https://docs.readthedocs.io/en/stable/guides/manage-translations-sphinx.html#create-translatable-files
+locale_dirs = ['_locale/']
+gettext_compact = False
+gettext_uuid = True
+
+
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path .
diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst
index 6a5fb171..eac74d91 100644
--- a/docs/configuration/interfaces/tunnel.rst
+++ b/docs/configuration/interfaces/tunnel.rst
@@ -18,7 +18,7 @@ a closer look at the protocols and options currently supported by VyOS.
Common interface configuration
------------------------------
-.. cmdinclude:: /_include/interface-common-without-dhcp.txt
+.. cmdinclude:: /_include/interface-common-without-dhcp1.txt
:var0: tunnel
:var1: tun0
diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst
index 2d44f4bc..f52a7950 100644
--- a/docs/configuration/policy/examples.rst
+++ b/docs/configuration/policy/examples.rst
@@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority
set policy local-route rule 101 source '203.0.113.253'
set policy local-route rule 101 source '198.51.100.0/24'
+###########################
+Clamp MSS for a specific IP
+###########################
+
+This example shows how to target an MSS clamp (in our example to 1360 bytes)
+to a specific destination IP.
+
+.. code-block:: none
+
+ set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for 198.51.100.30'
+ set policy route IP-MSS-CLAMP rule 10 destination address '198.51.100.30/32'
+ set policy route IP-MSS-CLAMP rule 10 protocol 'tcp'
+ set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360'
+ set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN'
+
+To apply this policy to the correct interface, configure it on the
+interface the inbound local host will send through to reach our
+destined target host (in our example eth1).
+
+.. code-block:: none
+
+ set interfaces ethernet eth1 policy route IP-MSS-CLAMP
+
+You can view that the policy is being correctly (or incorrectly) utilised
+with the following command:
+
+.. code-block:: none
+
+ show policy route statistics
diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst
index c2350ba1..afb1c27c 100644
--- a/docs/contributing/build-vyos.rst
+++ b/docs/contributing/build-vyos.rst
@@ -59,10 +59,10 @@ yourusername``.
Build Container
---------------
-The container can be built by hand or by fetching the pre-built one from
-DockerHub. Using the pre-built containers from the `VyOS DockerHub
-organisation`_ will ensure that the container is always up-to-date. A rebuild
-is triggered once the container changes (please note this will take 2-3 hours
+The container can be built by hand or by fetching the pre-built one from
+DockerHub. Using the pre-built containers from the `VyOS DockerHub
+organisation`_ will ensure that the container is always up-to-date. A rebuild
+is triggered once the container changes (please note this will take 2-3 hours
after pushing to the vyos-build repository).
.. note: If you are using the pre-built container, it will be automatically
@@ -132,9 +132,10 @@ your development containers in your current working directory.
.. note:: Some VyOS packages (namely vyos-1x) come with build-time tests which
verify some of the internal library calls that they work as expected. Those
tests are carried out through the Python Unittest module. If you want to
- build the ``vyos-1x`` package (which is our main development package) you need
- to start your Docker container using the following argument:
- ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail.
+ build the ``vyos-1x`` package (which is our main development package) you
+ need to start your Docker container using the following argument:
+ ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will
+ fail.
.. _build_native:
@@ -158,7 +159,7 @@ To start, clone the repository to your local machine:
$ git clone -b current --single-branch https://github.com/vyos/vyos-build
For the packages required, you can refer to the ``docker/Dockerfile`` file
-in the repository_. The ``./configure`` script will also warn you if any
+in the repository_. The ``./build-vyos-image`` script will also warn you if any
dependencies are missing.
Once you have the required dependencies installed, you may proceed with the
@@ -214,8 +215,8 @@ Start the build:
.. code-block:: none
- vyos_bld@d4220bb519a0:/vyos# ./configure --architecture amd64 --build-by "j.randomhacker@vyos.io"
- vyos_bld@d4220bb519a0:/vyos# sudo make iso
+ vyos_bld@8153428c7e1f:/vyos$ sudo make clean
+ vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image iso --architecture amd64 --build-by "j.randomhacker@vyos.io"
When the build is successful, the resulting iso can be found inside the
``build`` directory as ``live-image-[architecture].hybrid.iso``.
@@ -234,46 +235,52 @@ Customize
=========
This ISO can be customized with the following list of configure options.
-The full and current list can be generated with ``./configure --help``:
+The full and current list can be generated with ``./build-vyos-image --help``:
.. code-block:: none
- $ ./configure --help
- usage: configure [-h] [--architecture ARCHITECTURE] [--build-by BUILD_BY]
- [--debian-mirror DEBIAN_MIRROR]
- [--debian-security-mirror DEBIAN_SECURITY_MIRROR]
- [--pbuilder-debian-mirror PBUILDER_DEBIAN_MIRROR]
- [--vyos-mirror VYOS_MIRROR] [--build-type BUILD_TYPE]
- [--version VERSION] [--build-comment BUILD_COMMENT] [--debug]
- [--custom-apt-entry CUSTOM_APT_ENTRY]
- [--custom-apt-key CUSTOM_APT_KEY]
- [--custom-package CUSTOM_PACKAGE]
+ $ vyos_bld@8153428c7e1f:/vyos$ sudo ./build-vyos-image --help
+ I: Checking if packages required for VyOS image build are installed
+ usage: build-vyos-image [-h] [--architecture ARCHITECTURE]
+ [--build-by BUILD_BY] [--debian-mirror DEBIAN_MIRROR]
+ [--debian-security-mirror DEBIAN_SECURITY_MIRROR]
+ [--pbuilder-debian-mirror PBUILDER_DEBIAN_MIRROR]
+ [--vyos-mirror VYOS_MIRROR] [--build-type BUILD_TYPE]
+ [--version VERSION] [--build-comment BUILD_COMMENT] [--debug] [--dry-run]
+ [--custom-apt-entry CUSTOM_APT_ENTRY] [--custom-apt-key CUSTOM_APT_KEY]
+ [--custom-package CUSTOM_PACKAGE]
+ [build_flavor]
- optional arguments:
+ positional arguments:
+ build_flavor Build flavor
+
+ optional arguments:
-h, --help show this help message and exit
--architecture ARCHITECTURE
- Image target architecture (amd64 or i386 or armhf)
+ Image target architecture (amd64 or arm64)
--build-by BUILD_BY Builder identifier (e.g. jrandomhacker@example.net)
--debian-mirror DEBIAN_MIRROR
- Debian repository mirror for ISO build
+ Debian repository mirror
--debian-security-mirror DEBIAN_SECURITY_MIRROR
- Debian security updates mirror
+ Debian security updates mirror
--pbuilder-debian-mirror PBUILDER_DEBIAN_MIRROR
- Debian repository mirror for pbuilder env bootstrap
+ Debian repository mirror for pbuilder env bootstrap
--vyos-mirror VYOS_MIRROR
- VyOS package mirror
+ VyOS package mirror
--build-type BUILD_TYPE
- Build type, release or development
+ Build type, release or development
--version VERSION Version number (release builds only)
--build-comment BUILD_COMMENT
- Optional build comment
+ Optional build comment
--debug Enable debug output
+ --dry-run Check build configuration and exit
--custom-apt-entry CUSTOM_APT_ENTRY
- Custom APT entry
+ Custom APT entry
--custom-apt-key CUSTOM_APT_KEY
- Custom APT key file
+ Custom APT key file
--custom-package CUSTOM_PACKAGE
- Custom package to install from repositories
+ Custom package to install from repositories
+
.. _iso_build_issues:
@@ -304,7 +311,7 @@ more or less similar looking error message:
(10:13) vyos_bld ece068908a5b:/vyos [current] #
To debug the build process and gain additional information of what could be the
-root cause, you need to use `chroot` to change into the build directry. This is
+root cause, you need to use `chroot` to change into the build directry. This is
explained in the following step by step procedure:
.. code-block:: none