summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2022-10-06Merge pull request #1567 from aapostoliuk/T4660-sagittaChristian Poessinger
policy: T4660: Changed CLI syntax in route-map set community
2022-10-06T4727: add support for RADIUS rate limiting to PPTP (#1570)Daniil Baturin
2022-10-03policy: T4660: Changed CLI syntax in route-map set communityaapostoliuk
Changed CLI syntax in route-map set community, set large-community, set extcommunity Allows to add multiple communities, large-communities and extcommunities in clear view. Added new well-known communities. Added non-transitive feature in extcommunities. Fixed community's validators.
2022-09-30bgp: evpn: T1315: add route-target CLI node <multi/> propertyChristian Poessinger
FRR supports multiple route-targets to be used for import/export: address-family l2vpn evpn route-target import 20:10 route-target import 20:11 route-target import 20:12 route-target import 40:40 route-target export 1:2 route-target export 1:3 route-target export 40:40 exit-address-family Thus the <multi/> property is added to the relevant CLI nodes.
2022-09-28Merge pull request #1561 from sever-sever/T4715Christian Poessinger
login: T4715: Auto logout user after inactivity
2022-09-28op-mode: ipsec: T4719: bugfix IKEv2 road-warrior profile generatorChristian Poessinger
Commit bd4588827b ("ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer") changed the CLI syntax of ipsec. This resulted in a node not renamed in the op-mode generator when generating IKEv2 IPSec iOS configuration profiles.
2022-09-28login: T4715: Auto logout user after inactivityViacheslav Hletenko
Ability to terminate interactive sessions (TTY/PTS) after a period of inactivity. set system login timeout '300'
2022-09-28conserver: T4717: Support for setting a name for console-server devicesWilliam Hughes
This adds a new 'alias' property to the console-server device definition to allow users to connect to a console using a human-readable name rather than just the device name. For a configuration like: service { console-server { device ttyUSB0 { speed 115200 alias my-server } } } Users can connect either by doing `connect console ttyUSB0`, or `connect console my-server`. Names: * Must be unique * Are limited to 128 characters * Are optional - if not specified, only the `connect console ttyX` form can be used
2022-09-26Merge pull request #1545 from sever-sever/T4557Christian Poessinger
ids: T4557: Migrate threshold and add new threshold types
2022-09-26ids: T4557: Migrate threshold and add new threshold typesViacheslav Hletenko
Migrate "service ids ddos-protection threshold xxx" to "service ids ddos-protection general threshold xxx" Add new threshold types: set service ids ddos-protection threshold tcp xxx set service ids ddos-protection threshold udp xxx set service ids ddos-protection threshold icmp xxx
2022-09-22Merge pull request #1521 from sever-sever/T3476Christian Poessinger
update-check: T3476: Allow update-check for VyOS images
2022-09-22Merge pull request #1552 from sarthurdev/nat_refactorChristian Poessinger
nat: nat66: T4605: T4706: Refactor NAT/NAT66 and use new table name
2022-09-22telegraf: T4680: fix prometheus client listen-address invalid formatKyleM
2022-09-21nat: T4605: Refactor static NAT to use python module for parsing rulessarthurdev
* Rename table to vyos_nat * Add static NAT smoketest
2022-09-21nat66: T4605: Refactor NAT66 to use python module for parsing rulessarthurdev
* Rename table to vyos_nat * Refactor tests to use `verify_nftables` format
2022-09-21nat: T4605: Refactor NAT to use python module for parsing rulessarthurdev
* Rename table to vyos_nat * Refactor tests to use `verify_nftables` format
2022-09-21dhcpv6-pd: T2821: bugfix Jinja2 template - missing conditional ifChristian Poessinger
Specifying "dhcpv6-options pd 0" for any interface without an interface where we delegate an address to resulted in a commit error: {% for interface, interface_config in pd_config.interface.items() if pd_config.interface is vyos_defined %} jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'interface'
2022-09-21ipoe: T4678: T4703: rewrite to get_config_dict()Christian Poessinger
In addition to the rewrite to make use of get_config_dict() the CLI is slightly adjusted as specified in T4703. * Rename vlan-id and vlan-range to simply vlan * Rename network-mode to simply mode * Re-use existing common Jinja2 template for Accel-PPP which are shared with PPPoE and SSTP server. * Retrieve default values via defaultValue XML node
2022-09-20ipsec: T4118: bugfix migration of IKEv2 road-warrior "id" CLI optionChristian Poessinger
The "authentication id" option for road-warriors did not get migrated to the new local-id CLI node. This has been fixed.
2022-09-18Merge pull request #1543 from Cheeze-It/currentChristian Poessinger
isis: T4693: Fix ISIS segment routing configurations, part deux
2022-09-18Update protocols_isis.pyCheeze_It
isis: T4693: Fix ISIS segment routing configurations This change is to fix more bugs in which ISIS segment routing was broken due to a refactor. This change also introduces a few additions to the ISIS handler for checking per prefix validations for segment value and mutual exclusivity for two options.
2022-09-17Merge pull request #1546 from nicolas-fort/fwall-jumpChristian Poessinger
T4699: Firewall: Add jump action in firewall ruleset
2022-09-17pppoe-server: T4703: combine vlan-id and vlan-range into single CLI nodeChristian Poessinger
The initial Accel-PPP PPPoE implementation used: set service pppoe-server interface <name> vlan-id <id> set service pppoe-server interface <name> vlan-range <start-stop> This is actually a duplicated CLI node.
2022-09-16firewall: T2199: enable "auto-merge" on setsChristian Poessinger
vyos@vyos# show firewall +name foo { + rule 1 { + action accept + packet-length 100 + packet-length 105 + packet-length 200-300 + packet-length 220-250 + } +} will report a nftables error upon load: Error: conflicting intervals specified With nftables 1.0.3 there is an "auto-merge" option which corrects this: https://lwn.net/Articles/896732/
2022-09-16Merge pull request #1463 from sever-sever/T4118Daniil Baturin
ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer
2022-09-16T4699: Firewall: Add jump action in firewall rulestNicolas Fort
2022-09-16ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peerViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script
2022-09-16ocserv: openconnect: T4656: add listen-address CLI optionDemon_H
This will set the listen-host ocserv configuration option.
2022-09-15Merge pull request #1477 from sempervictus/feature/ocserv_groupsViacheslav Hletenko
T3896(adjacent): Fix ocserv local user requirement, add groupconfig
2022-09-15bgp: T4696: add support for "bestpath peer-type multipath-relax"Christian Poessinger
Add new VyOS CLI command: set protocols bgp parameters bestpath peer-type multipath-relax This command specifies that BGP decision process should consider paths from all peers for multipath computation. If this option is enabled, paths learned from any of eBGP, iBGP, or confederation neighbors will be multipath if they are otherwise considered equal cost. [1] [1]: http://docs.frrouting.org/en/stable-8.3/bgp.html#clicmd-bgp-bestpath-peer-type-multipath-relax
2022-09-14Merge pull request #1537 from sarthurdev/nhrp_nftablesChristian Poessinger
nhrp: T2199: Use separate table in nftables for NHRP rules
2022-09-14nhrp: T2199: Use separate table in nftables for NHRP rulessarthurdev
2022-09-14Merge pull request #1534 from sarthurdev/firewall_interfacesChristian Poessinger
firewall: zone-policy: T2199: T4605: Refactor firewall, migrate zone-policy
2022-09-13isis: T4693: Fix ISIS segment routing configurationsCheeze_It
This change is to fix a bug in which ISIS segment routing was broken due to a refactor. This change also is going to introduce a smoketest to make sure this is caught in the future.
2022-09-13zone-policy: T2199: Migrate zone-policy to firewall nodesarthurdev
2022-09-13firewall: T4605: Rename filter tables to vyos_filtersarthurdev
2022-09-13firewall: T2199: Move initial firewall tables to datasarthurdev
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-09-12telegraf: T4617: add Restart=always to systemd unitChristian Poessinger
2022-09-12Merge pull request #1526 from roedie/T4665-2Christian Poessinger
T4665: Keepalived: Fix interface names
2022-09-11T4665: Keepalived: Fix interface namesSander Klein
When applying the same VRID for IPv4 and IPv6 with RFC3768 compatibility enabled, the IPv6 interfaces came back with the wrong name. For example: Name Interface VRID State Priority Last Transition ------ ----------- ------ ------- ---------- ----------------- v4-10 eth1v10 10 MASTER 100 21s v6-10 vrrpv10 10 MASTER 100 21s Because of this, the IPv6 interface didn't show up in `show int`. This change suffixes the interface with the IP version so `show int` works again. Name Interface VRID State Priority Last Transition ------ ----------- ------ ------- ---------- ----------------- v4-10 eth1v10v4 10 MASTER 100 21s v6-10 eth1v10v6 10 MASTER 100 21s vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- [....] eth1v10v4 192.168.10.60/24 u/u eth1v10v6 2001:ffff::1/64 u/u [....]
2022-09-09Merge branch 'current' into standardize-show-system-storageChristian Poessinger
2022-09-08system: T4682: standardize op-mode 'show system storage'John Estabrook
2022-09-08system: T4681: convert 'show_uptime.py' script to standardized formatJohn Estabrook
2022-09-07update-check: T3476: Allow update-check for VyOS imagesViacheslav Hletenko
Ability to autocheck available new images Parse remote URL JSON image-version.json file and compare version VyOS with a local current version, if find diff sent wall message that the new image is available Also, add op-mode command to check images "show system image" With option "auto-check" check will be once per 12 hours set system update-check auto-check set system update-check url 'http://example.com/image-version.json' If new version is available shows it per login (MOTD)
2022-09-06radius: T4672: Fix RADIUS server disable template logicBenjamin M. Hughes
2022-09-01Merge pull request #1466 from sever-sever/T538Christian Poessinger
nat: T538: Add static NAT one-to-one
2022-09-01policy-route: T4655: Remove default_action from templateViacheslav Hletenko
Remove `default_action` from template "nftables-policy" as XML policy route does not use it Set default action 'accept' for policy route, as default action 'drop' must be used only for firewall and not related to the policy route
2022-08-31nat: T538: Move nat configs to /run directoryViacheslav Hletenko
2022-08-26Merge pull request #1482 from sever-sever/T4631Christian Poessinger
nat66: T4631: Add port and protocol to nat66 conf