summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2023-01-02T4904: keepalived virtual-server allow multiple ports with fwmarkViacheslav Hletenko
Allow multiple ports for high-availability virtual-server The current implementation allows balance only one "virtual" address and port between between several "real servers" Allow matching "fwmark" to set traffic which should be balanced Allow to set port 0 (all traffic) if we use "fwmark" Add health-check script set high-availability virtual-server 203.0.113.1 fwmark '111' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'
2022-12-30T4893: Add ppp-options ipv6-interface-id for L2TPViacheslav Hletenko
Add ppp-options IPv6 interface id for vpn L2TP - fixed or random interface identifier for IPv6 - peer interface identifier for IPv6 - whether to accept peer’s interface identifier set vpn l2tp remote-access ppp-options ipv6-accept-peer-intf-id set vpn l2tp remote-access ppp-options ipv6-intf-id 'random' set vpn l2tp remote-access ppp-options ipv6-peer-intf-id 'calling-sid'
2022-12-24container: T4870: update to overlay2 driverChristian Poessinger
overlay2 is the preferred storage driver for all currently supported Linux distributions, and requires no extra configuration.
2022-12-23Merge pull request #1702 from TGNThump/patch-1Christian Poessinger
container: T4870: Update podman to use overlay storage driver
2022-12-20radvd: T4809: fix AdvRASrcAddress missing semicolonChristian Poessinger
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new feature to set the RA source-address. Unfortunately it missed a semicolon.
2022-12-17sstp: T4384: disable compression and creacke exclusive lock fileChristian Poessinger
2022-12-17Merge pull request #1669 from vfreex/dhcp-v6-only-option-1.4Christian Poessinger
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-12-17Merge pull request #1711 from roedie/T4884Christian Poessinger
T4884: snmpd: add community6 fallback
2022-12-17webproxy: T3810: multiple squidGuard fixesaapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 4. Fixed generation dest local sections in squidGuard.conf 5. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf
2022-12-17Merge pull request #1712 from roedie/T4809-2Christian Poessinger
T4809: radvd: Allow the use of AdvRASrcAddress
2022-12-17Merge pull request #1358 from sever-sever/T1237Christian Poessinger
routing: T1237: Add new feature failover route
2022-12-16T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-16T4884: snmpd: add community6 fallbackSander Klein
If no client and network is defined only a `community` config is created. This also adds the `community6` part
2022-12-14routing: T1237: Add new feature failover routeViacheslav Hletenko
Failover route allows to install static routes to the kernel routing table only if required target or gateway is alive When target or gateway doesn't respond for ICMP/ARP checks this route deleted from the routing table Routes are marked as protocol 'failover' (rt_protos) cat /etc/iproute2/rt_protos.d/failover.conf 111 failover ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover $ sudo ip route show proto failover 203.0.113.1 via 192.0.2.1 dev eth0 metric 1 So we can safely flush such routes
2022-12-11sstp: T4384: initial implementation of SSTP client CLIChristian Poessinger
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
2022-12-09container: T4870: Update to overlay driverBen Pilgrim
2022-12-09T4868: Fix l2tp ppp IPv6 options in template and config get dictViacheslav Hletenko
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool As we can get addresses via RADIUS attributes: - Framed-IPv6-Prefix - Delegated-IPv6-Prefix
2022-12-08T4117: Fix for L2TP DAE CoA server configurationViacheslav Hletenko
Fix l2tp dae server template and python config dict for correctlly handling Dynamic Authorization Extension server configuration
2022-12-08T4862: Added the generation config for webproxy domain-blockaapostoliuk
Added the generation in the config file /etc/squid/squid.conf for command: set service webroxy domain-block <domain>
2022-12-02 T4854: route reflector allows to apply route-mapsfett0
2022-11-26ospf: T4739: Adding missing OSPF FRR templateCheeze-It
Adding the parameters that were missing to the OSPF FRR template.
2022-11-23T4835: snmpd: Fix copy/paste error in snmpd.confSander Klein
The variable 'client' was accidently used where 'network should have been used. This lead to missing community6 string when an IPv6 network was defined instead of an IPv6 client.
2022-11-21T4823: Fix IPsec transport mode remote TSViacheslav Hletenko
Remote TS for transport mode GRE must be remote-address and not peer name
2022-11-21T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)Yuxiang Zhu
Clients supporting this DHCP option (DHCP option 108, RFC 8925) will disable its IPv4 network stack for configured number of seconds and operate in IPv6-only mode. This option is known to work on iOS 15+ and macOS 12.0.1+. Example command: ```sh set service dhcp-server shared-network-name LAN6 subnet 192.168.64.0/24 ipv6-only-preferred 0 ```
2022-11-19T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵Nicolas Fort
so this new group can be used in inbound and outbound matcher
2022-11-17Merge pull request #1654 from sarthurdev/pbr_refactorChristian Poessinger
policy: T2199: T4605: Migrate policy route interface node
2022-11-13l3VPN : T4182: add l3vpn over gre option from route-mapfett0
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-10dns: T738: add CLI option for PowerDNS local-portZen3515
2022-11-03Merge pull request #1633 from sarthurdev/fqdnChristian Poessinger
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT
2022-11-03nat: T1877: T970: Add firewall groups to NATsarthurdev
2022-11-03firewall: T970: Refactor domain resolver, add firewall source/destination ↵sarthurdev
`fqdn` node
2022-10-31ipsec: T4787: add support for road-warrior/remote-access RADIUS timeoutChristian Poessinger
This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor.
2022-10-29containers: T3903: Use systemd units for containerssarthurdev
* ExecStop action with defined timeout allows for quicker reboot/shutdown with containers
2022-10-25nat: T4764: Remove tables on NAT deletionsarthurdev
2022-10-17ssh: T4720: Ability to configure SSH-server HostKeyAlgorithmsViacheslav Hletenko
Ability to configure SSH-server HostKeyAlgorithms. Specifies the host key signature algorithms that the server offers. Can accept multiple values.
2022-10-14login: 2fa: T874: fix Google authenticator issuesChristian Poessinger
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos'
2022-10-13T4739: ISIS segment routing being refactoredCheeze_It
2022-10-12ospf: T4707: fix segment-routing Jinja2 template for explicit-null and ↵Christian Poessinger
no-php-flag The nested if statement was not properly evaluated during smoketests making them fail. There is no need to nest the if's - as a simple string can be appended by {{ 'foo' if bar is vyos_defined }}
2022-10-12Merge pull request #1555 from goodNETnick/ssh_otpChristian Poessinger
system login: T874: add 2FA support for local and ssh authentication
2022-10-11system login: T874: add 2FA support for local and ssh authenticationgoodNETnick
2022-10-11monitoring: T4747: Fix template check influxdb configViacheslav Hletenko
Due to monitoring telegraf was rewritten - fix template for inputs.exec plugin We do not use 'influxdb_configured' in the dictionary anymore and use just 'influxdb'
2022-10-11Merge pull request #1574 from Cheeze-It/currentChristian Poessinger
isis: T4739: ISIS segment routing being refactored
2022-10-11isis: T4739: ISIS segment routing being refactoredCheeze_It
This is to refactor ISIS segment routing to match up with OSPF segment routing.
2022-10-10Merge pull request #1577 from sarthurdev/T4741Christian Poessinger
firewall: policy: T4741: T4742: Verify zone `from` is defined, autocomplete policy route tables
2022-10-10Merge pull request #1563 from sever-sever/T4716Christian Poessinger
ssh: T4716: Ability to configure RekeyLimit data and time
2022-10-10firewall: T4741: Verify zone `from` is defined before usesarthurdev
2022-10-10conntrack-sync: T4730: Fix listen-address jinja2 templateViacheslav Hletenko
Listen address has option 'multi' As resulte we have incorrect template value for listen address - conntrack-sync listen-address '192.0.2.11' in template It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf but the correct string expected without brackets Fix it
2022-10-10ssh: T4716: Ablity to configure RekeyLimit data and timeViacheslav Hletenko
Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60