summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-23Merge pull request #616 from Cheeze-It/currentChristian Poessinger
mpls-conf: T915: Refactored template, handler, added global features
2020-11-22mpls-conf: T915: Refactored FRR LDP template, MPLS handler, added MPLS ↵Cheeze_It
global features So this is a big update. The first thing that was done was a refactor to the FRR LDP template, MPLS handler, and XML conf tree MPLS global additions. The refactors should work and I did test them in my lab. It seems that everything does work as needed so far in my testing. There is something here that is considered configuration breaking from the old setup though. In the old setup the MPLS interface operation (as in the interfaces accepting MPLS labels and processing them) was tied with LDP. What this means is that MPLS processing was enabled at the same time as LDP interfaces were configured. We do not want this behavior for the future as there's other MPLS underlay technologies like SR and RSVP. If someone wants to enable SR or RSVP without enabling LDP then they now can. Before, they couldn't. The other additions are global changes to MPLS TTL propagation and MPLS max TTL enforcement. They have now been added. Lastly, there is an frr-reload bug that Runar Borge found with this. We have found that when totally deleting LDP that there has to be 3 commits done. This is because frr-reload doesn't properly do what it needs to do in 1 operation so we had to do 3. This will only affect people that are doing an entire LDP clear using "delete protocols mpls ldp." Otherwise it isn't seen. Anyway, this refactor now works with the FRR daemon directly for all changes. This also makes it much easier for adding stuff in the future. Thank you
2020-11-22bgp: T2174: refactor Jinja template and reduce redundant pathsChristian Poessinger
The Jinja2 template contained a lot of redundant paths which only differed in either the address-family or neighbor vs. peer-group. This paths have been combined into for loops and a macro for generating a neighbor statement as peer-groups and regular neighbors share ~95% of the config.
2020-11-22openvpn: T3080: add missing multiplication on keepalive config optionChristian Poessinger
2020-11-21openvpn: T3060: fix client authentication username and password fileChristian Poessinger
2020-11-21openvpn: T3060: always listen op IPv4 and IPv6 socketsChristian Poessinger
2020-11-18Revert "wireless: T2241: add "wds" CLI option"Christian Poessinger
This reverts commit 806f35b5856c3f8dae634718a6a9e82cc90bb63a. Unfortunately this did not work our in the attempt to bridge a station to a bridge "brX" interface. Also adjusting the wireless interface during operation cause several exceptions and the feature is removed again as it was never in any production system.
2020-11-14openvpn: T2550: default connection protocol to udpChristian Poessinger
setting this to udp will allow both IPv4 and IPv6 connections. According to the MAN page: proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp". For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6.
2020-11-13isis: T1316: refactor config retrieval and Jinja2 templateChristian Poessinger
Make the entire template code more human readable by denesting it, as there can only be one ISIS daemon instance in FRR.
2020-11-13Merge branch 'T1316_october' of https://github.com/sever-sever/vyos-1x into ↵Christian Poessinger
t1616-isis * 'T1316_october' of https://github.com/sever-sever/vyos-1x: isis: T1316: October steps
2020-11-13openvpn: T3060: fix CLI to real config mapping for protocol nodeChristian Poessinger
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-11-13openvpn: T3051: fix creation of ifconfig-pool for client communicationChristian Poessinger
2020-11-13wwan: T3065: add IPv6 support for wirelessmodem interfacesChristian Poessinger
2020-11-11 mpls-conf: T915: Add MPLS misc parameters, add LDP misc parametersCheeze-It
This commit has to do with the addition of miscellaneous MPLS parameters, as well as miscellaneous LDP parameters. Per c-po, for miscellaneous options and whatnot that do not fit anywhere we will put them into a specific "parameters" node. I also did some global linux configuration changes here. We make changes to kernel options "net.mpls.ip_ttl_propagate" and "net.mpls.default_ttl" which should allow the behavior of VyOS to have the same as routers from the big vendors. I added two LDP options for cisco interoperation TLV and for a dual stack preference. Lastly, I went through and changes some of the help/description fields in the definitions page because I just felt they weren't uniform and the words seemed to not properly explain what they were doing. I also did some code clean up (or tried to...) with comments and whatnot.
2020-11-08mpls-conf: T915: Add targeted LDP neighbors with parametersCheeze_It
The commit has to do with the addition of targeted LDP neighbors and parameters being added. FRR allows for this functionality and I just wanted to add it. We have basically 4 options that are added. Enabling targeted LDP functionality, the targeted neighbor, the hello interval of targeted sessions, and the hold time of targeted sessions. Both IPv4 and IPv6 has been coded in.
2020-11-07interfaces: dhcp-client: T2997: add option to not request DHCP router addressChristian Poessinger
Some might want to have an IP address handed out by a DHCP server but not want a default route to be installed. This can be done using the CLI command: "set interfaces ethernet eth2 dhcp-options no-default-route"
2020-11-06openvpn: T3051: fix multiple pushed routes to preconfigured clientsChristian Poessinger
2020-11-04mpls-conf: T915: Add session hold time adjustment for static LDP neighborsCheeze_It
The commit has to do with the addition of session hold time parameter for LDP neighbors. This allows for being able to change said hold time on a static neighbor. The way that this works is to have it either delegated to a value (15-65535), or to just be default to whatever FRR stipulates or per the other session configuration values. I opted to remove the "-ipv4-" only because we know it's an IPv4 session that one has to create first. I figure it's redundant to add it there so I removed it.
2020-11-04mpls-conf: T915: Add TTL security for static LDP neighborsCheeze_It
The commit has to do with the addition of TTL security for LDP neighbors. The code was 90% done by Viascheslav. I modified it a little bit to get it to properly work. We added more parameters to the neighbors dynamic loop. Once this is merged then we should be able to add more for the dynamic neighbor statements. The way that this works is to have either TTL disabled, or to add the amount of hops accepted for the neighbor.
2020-11-03Merge branch 'wifi-wpa3' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'wifi-wpa3' of github.com:c-po/vyos-1x: wireless: T3042: move wifi-regulatory-domain into individual interface definition wireless: T2653: reset wireless priority to crux state wireless: T3034: add WPA3 support wireless: T3043: rename "wpa mode both" to "wpa+wpa2" ifconfig: T2985: fix wireless-bridge creation
2020-11-03wireless: T3042: move wifi-regulatory-domain into individual interface ↵Christian Poessinger
definition
2020-11-03Merge pull request #585 from Cheeze-It/currentChristian Poessinger
mpls-conf: T915: Separate IPv4 and IPv6 hello timers, add IPv6 timers
2020-11-03wireless: T3034: add WPA3 supportChristian Poessinger
2020-11-03wireless: T3043: rename "wpa mode both" to "wpa+wpa2"Christian Poessinger
2020-11-03ifconfig: T2985: fix wireless-bridge creationChristian Poessinger
2020-11-03bgp: T2850: Fixing the priority of template processing and missing paramssever-sever
2020-11-02Merge pull request #589 from sever-sever/T2387Christian Poessinger
bgp-xml: T2387: Fix validators and add capability for new format bgp
2020-11-02bgp-xml: T2387: Fix validators and add capability for new format bgpsever-sever
2020-11-01openvpn: T2994: re-add ifconfig-pool statement in server configChristian Poessinger
Re-organize the template code and add addtitional Jinja2 filters for processing the ifconfig-pool statement. This reverts the changes from commit 7e546be9 ("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools").
2020-11-01openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keysChristian Poessinger
Remove workaround which split (local|remote)_address and also subnet keys into individual keys for the assigned IP address family (4/6). During template rendering check IP version by introducing new ipv4 and ipv6 Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options.
2020-10-31openvpn: T2994: temporary revert to 1.2 crux behavior for client poolsChristian Poessinger
2020-10-31openvpn: T2994: bugfix evaluating replace-default-route in templateChristian Poessinger
2020-10-30openvpn: T2994: migrate to get_config_dict()Christian Poessinger
2020-10-29Merge pull request #587 from sever-sever/T2850Christian Poessinger
bgp: T2850: Fix FRR template for new bgp scheme
2020-10-29bgp: T2850: Fix FRR template for new bgp schemesever-sever
2020-10-29T3029 Correct generated nginx contentCédric Jeanneret
The redirection was using the wrong variable ($server_name), making the browser going to https://_ instead of the right variable.
2020-10-27mpls-conf: T915: Separate IPv4 and IPv6 hello timers, add IPv6 timersCheeze_It
The commit has to do with separating the hello/hold timers from being only IPv4 to being both IPv4 and IPv6. I renamed the existing hello and hold timers with an "-ipv4" and added ones that were "-ipv6". I did verify that the commands properly commit under FRR as well. I also added some room on the protocols_mpls.py file for the different variables as it seems we're might end up having longer names. Removed some spaces that I found too that weren't needed on ldpd.frr.tmpl as well.
2020-10-27bgp: T2387: Fix XML sheme for new bgp and bgp.py handlersever-sever
2020-10-23isis: T1316: October stepssever-sever
2020-10-17Merge pull request #573 from sever-sever/T2938Christian Poessinger
conf-mode: T2938: Add format octet-counted for syslog
2020-10-17syslog: T2938: Add format octet-counted for syslog conf-modesever-sever
2020-10-17Merge pull request #575 from DmitriyEshenko/ipoe-fix-issue01Christian Poessinger
ipoe-server: T2978: Add required proxy-arp by default
2020-10-16ipoe-server: T2978: Add required proxy-arp by defaultDmitriyEshenko
2020-10-15conf-mode: T915: Add mpls ldp explicit and holdtime commandssever-sever
2020-10-11tftp-server: T2974: migrate to get_config_dict()Christian Poessinger
2020-10-06pdns_recursor: T2964: Expose query-local-address to dns config.Lucas Christian
In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family.
2020-10-05Merge pull request #562 from lucasec/dhcpv6-statelessChristian Poessinger
dhcpv6: T2961: support stateless dhcpv6 clients
2020-10-05nat: T2951: use proper comments for source/destination loggingChristian Poessinger
For both source and destination NAT always the LOG name contained DST - which is definately false. This has been corrected to use SRC and DST on the appropriate rules.