diff options
Diffstat (limited to 'docs')
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 25 | ||||
| -rw-r--r-- | docs/changelog/1.5.rst | 18 | ||||
| -rw-r--r-- | docs/cli.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/protocols/rpki.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/service/mdns.rst | 69 | ||||
| -rw-r--r-- | docs/configuration/service/ssh.rst | 28 | ||||
| -rw-r--r-- | docs/configuration/vpn/rsa-keys.rst | 2 | ||||
| -rw-r--r-- | docs/contributing/build-vyos.rst | 18 |
9 files changed, 143 insertions, 25 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 4766fc5aae39ccc9c7619c89f0fc974bb9309d8 +Subproject fd9e2c24e739fd327f860c45fa00241fd1acca7 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 9bfe9f2a..86b201df 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,31 @@ _ext/releasenotes.py +2023-11-05 +========== + +* :vytask:`T4020` ``(feature): Add ability to control FRR daemons options`` + + +2023-11-03 +========== + +* :vytask:`T5700` ``(bug): Monitoring telegraf deprecated plugins inputs outputs`` +* :vytask:`T5018` ``(bug): Redirect to IFB removed after change in qos policy`` + + +2023-11-02 +========== + +* :vytask:`T5701` ``(feature): Update telegraf package`` + + +2023-11-01 +========== + +* :vytask:`T5690` ``(bug): Change to definition of environment variable 'vyos_rootfs_dir' is incorrect`` + + 2023-10-31 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index e70aa9df..3cb54a85 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,24 @@ _ext/releasenotes.py +2023-11-03 +========== + +* :vytask:`T5700` ``(bug): Monitoring telegraf deprecated plugins inputs outputs`` + + +2023-11-02 +========== + +* :vytask:`T5701` ``(feature): Update telegraf package`` + + +2023-11-01 +========== + +* :vytask:`T5690` ``(bug): Change to definition of environment variable 'vyos_rootfs_dir' is incorrect`` + + 2023-10-31 ========== diff --git a/docs/cli.rst b/docs/cli.rst index 0a5fddf9..2e5d55fc 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -369,7 +369,7 @@ command. You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use -eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top +either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time. @@ -410,7 +410,7 @@ working configuration indicating line changes with ``+`` for additions, loopback lo { } -It is also possible to display all `set` commands within configuration +It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands` .. code-block:: none diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst index 294a91f8..827bfe1a 100644 --- a/docs/configuration/protocols/rpki.rst +++ b/docs/configuration/protocols/rpki.rst @@ -127,8 +127,8 @@ SSH === Connections to the RPKI caching server can not only be established by HTTP/TLS -but you can also rely on a secure SSH session to the server. To enable SSH you -first need to create yoursels an SSH client keypair using ``generate ssh +but you can also rely on a secure SSH session to the server. To enable SSH, +first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection. diff --git a/docs/configuration/service/mdns.rst b/docs/configuration/service/mdns.rst index 9d6a292a..dcb01207 100644 --- a/docs/configuration/service/mdns.rst +++ b/docs/configuration/service/mdns.rst @@ -5,33 +5,49 @@ Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functionality is provided. Additional information can be obtained from https://en.wikipedia.org/wiki/Multicast_DNS. -Multicast DNS uses the 224.0.0.251 address, which is "administratively scoped" -and does not leave the subnet. It retransmits mDNS packets from one interface -to other interfaces. This enables support for e.g. Apple Airplay devices across -multiple VLANs. +Multicast DNS uses the reserved address ``224.0.0.251``, which is +`"administratively scoped"` and does not leave the subnet. mDNS repeater +retransmits mDNS packets from one interface to other interfaces. This enables +support for devices using mDNS discovery (like network printers, Apple Airplay, +Chromecast, various IP based home-automation devices etc) across multiple VLANs. -Since the mDNS protocol sends the AA records in the packet itself, the repeater -does not need to forge the source address. Instead, the source address is of -the interface that repeats the packet. +Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in +the packet itself, the repeater does not need to forge the source address. +Instead, the source address is of the interface that repeats the packet. Configuration ============= .. cfgcmd:: set service mdns repeater interface <interface> - To enable mDNS repeater you need to configure at least two interfaces. To - re-broadcast all incoming mDNS packets from any interface configured here to - any other interface configured under this section. + To enable mDNS repeater you need to configure at least two interfaces so that + all incoming mDNS packets from one interface configured here can be + re-broadcasted to any other interface(s) configured under this section. .. cfgcmd:: set service mdns repeater disable mDNS repeater can be temporarily disabled without deleting the service using +.. cfgcmd:: set service mdns repeater ip-version <ipv4 | ipv6 | both> + + mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both + to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6. + +.. cfgcmd:: set service mdns repeater allow-service <service> + + mDNS repeater can be configured to re-broadcast only specific services. By + default, all services are re-broadcasted. + +.. cfgcmd:: set service mdns repeater browse-domain <domain> + + Allow listing additional custom domains to be browsed (in addition to the + default ``local``) so that they can be reflected. + .. note:: You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death! Example -======= +------- To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands: @@ -41,4 +57,35 @@ received on `eth0` to `eth1` (and vice-versa) use the following commands: set service mdns repeater interface 'eth0' set service mdns repeater interface 'eth1' +To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, +(instead of all services) to be re-broadcasted, use the following command: + +.. code-block:: none + + set service mdns repeater allow-service '_airplay._tcp' + set service mdns repeater allow-service '_ipp._tcp' + +To allow listing additional custom domain, for example +``openthread.thread.home.arpa``, so that it can reflected in addition to the +default ``local``, use the following command: + +.. code-block:: none + + set service mdns repeater browse-domain 'openthread.thread.home.arpa' + .. _`Multicast DNS`: https://en.wikipedia.org/wiki/Multicast_DNS + +Operation +========= + +.. opcmd:: restart mdns repeater + + Restart mDNS repeater service. + +.. opcmd:: show log mdns repeater + + Show logs for mDNS repeater service. + +.. opcmd:: monitor log mdns repeater + + Follow the logs for mDNS repeater service. diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index 15c2390c..efdbc651 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -218,3 +218,31 @@ Operation commit save exit + +.. opcmd:: show log ssh + + Show SSH server log. + +.. opcmd:: monitor log ssh + + Follow the SSH server log. + +.. opcmd:: show log ssh dynamic-protection + + Show SSH dynamic-protection log. + +.. opcmd:: monitor log ssh dynamic-protection + + Follow the SSH dynamic-protection log. + +.. opcmd:: show ssh dynamic-protection + + Show list of IPs currently blocked by SSH dynamic-protection. + +.. opcmd:: show ssh fingerprints + + Show SSH server public key fingerprints. + +.. opcmd:: show ssh fingerprints ascii + + Show SSH server public key fingerprints, including a visual ASCII art representation. diff --git a/docs/configuration/vpn/rsa-keys.rst b/docs/configuration/vpn/rsa-keys.rst index a95f5f33..1ebab731 100644 --- a/docs/configuration/vpn/rsa-keys.rst +++ b/docs/configuration/vpn/rsa-keys.rst @@ -17,7 +17,7 @@ install <key-pair nam>>". You may choose different length than 2048 of course. Note: If you plan to use the generated key on this router, do not encrypt the private key. Do you want to encrypt the private key with a passphrase? [y/N] N Configure mode commands to install key pair: - Do you want to install the public key? [Y/n] Yrgerg + Do you want to install the public key? [Y/n] Y set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...' Do you want to install the private key? [Y/n] Y set pki key-pair ipsec-LEFT private key 'MIIEvgIBADAN...' diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index 80f800c2..bb212e2f 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -92,8 +92,8 @@ The container can also be built directly from source: $ git clone -b crux --single-branch https://github.com/vyos/vyos-build # For VyOS 1.3 (equuleus) $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build - # For VyOS 1.4 (sagitta, current) - $ git clone -b current --single-branch https://github.com/vyos/vyos-build + # For VyOS 1.4 (sagitta) + $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build $ cd vyos-build $ docker build -t vyos/vyos-build:crux docker # For VyOS 1.2 @@ -151,7 +151,7 @@ following Debian versions installed: - Debian Jessie for VyOS 1.2 (crux) - Debian Buster for VyOS 1.3 (equuleus) -- Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release +- Debian Bullseye for VyOS 1.4 (sagitta) To start, clone the repository to your local machine: @@ -163,8 +163,8 @@ To start, clone the repository to your local machine: # For VyOS 1.3 (equuleus) $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build - # For VyOS 1.4 (sagitta, current) - $ git clone -b current --single-branch https://github.com/vyos/vyos-build + # For VyOS 1.4 (sagitta) + $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build For the packages required, you can refer to the ``docker/Dockerfile`` file @@ -193,8 +193,8 @@ Please note as this will differ for both `current` and `crux`. # For VyOS 1.3 (equuleus) $ git clone -b equuleus --single-branch https://github.com/vyos/vyos-build - # For VyOS 1.4 (sagitta, current) - $ git clone -b current --single-branch https://github.com/vyos/vyos-build + # For VyOS 1.4 (sagitta) + $ git clone -b sagitta --single-branch https://github.com/vyos/vyos-build Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run: @@ -208,8 +208,8 @@ Now a fresh build of the VyOS ISO can begin. Change directory to the # For VyOS 1.3 (equuleus) $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:equuleus bash - # For VyOS 1.4 (sagitta, current) - $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash + # For VyOS 1.4 (sagitta) + $ docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:sagitta bash .. code-block:: none |