summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2021-09-21vrrp: keepalived: T616: enable script securityChristian Poessinger
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-09-21vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks featureChristian Poessinger
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file.
2021-09-21dhcp-server: T3839: support domain-search and ntp-server config per ↵Christian Poessinger
shared-network
2021-09-19ipsec: T1441: Clean up vti-up-down script for XFRM interfacesLucas Christian
2021-09-19dhcp-server: T3672: bugfix Jinja2 templateChristian Poessinger
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases.
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides.
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
2021-09-18dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1'
2021-09-18dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6.
2021-09-18dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } }
2021-09-18ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by oneChristian Poessinger
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface.
2021-09-15ipsec: T3830: "authentication id|use-x509-id" are mutually exclusiveChristian Poessinger
Manually set peer id and use-x509-id are mutually exclusive!
2021-09-15ipsec: T3830: set connections.<conn>.remote<suffix>.id to "peer" if undefinedChristian Poessinger
Restore "default" behavior from ipsec.conf
2021-09-13ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable`sarthurdev
2021-09-10Merge pull request #1000 from sever-sever/T3810Christian Poessinger
squid: squidguard: T3810: Fix template for sourcre-group and rule
2021-09-10squid: squidguard: T3810: Fix template for sourcre-group and ruleViacheslav
Modify template for squid Replace old directives to actual
2021-09-10squid: T3810: Remove build in acl vars localost and to_localhostViacheslav
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-06https: T2230: only support TLS1.2 and TLS1.3Christian Poessinger
2021-09-04bgp: T3798: "replace-as" option can only be used when "no-prepend" is definedChristian Poessinger
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend".
2021-09-03bgp: T3798: add support for neighbor local-as <n> replace-asChristian Poessinger
2021-09-02pptp-server: T3790: Change ippool priority and define gw-ip-addressDmitriyEshenko
(cherry picked from commit 23388fe193f04ab05f270098123cbb3e5f0b9f75)
2021-08-29ospf: T3236: add possibility to redistribute "table"Christian Poessinger
Add new CLI command: * "set protocols ospf redistribute table <n>"
2021-08-29isis: T3783: bugfix configuring spf-delay-ietfChristian Poessinger
Mandatory FRR options for spf-delay-ietf did not get rendered in the Jinja2 template.
2021-08-27ipsec: T1210: Jinj2 template did not honor inactivity/timeout settingChristian Poessinger
2021-08-26Merge pull request #965 from c-po/t3739-evpn-route-mapChristian Poessinger
bgp: evpn: T3739: add route-map match support
2021-08-22l2tp: Jinja2 add trailing newlineChristian Poessinger
2021-08-22pppoe: T1318: set source interface next to rp-pppoe.so plugin in peer templateChristian Poessinger
2021-08-22pppoe: T3641: set "noipv6" if IPv6 is not configured in newer pppd versionChristian Poessinger
2021-08-21pppoe: T1318: implement missing access-concentrator CLI optionChristian Poessinger
2021-08-21pppoe: T3090: migrate to vyos.ifconfig library to use the full potentialChristian Poessinger
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down.
2021-08-21route: static: T2450: add next-hop interface on dhcp routesChristian Poessinger
2021-08-21interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵Christian Poessinger
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value.
2021-08-20bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/exportChristian Poessinger
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in
2021-08-20ipsec: T1210: add missing if clause around unique keyChristian Poessinger
2021-08-19ipsec: dmvpn: T3764: bugfix mixed up IKE/ESP lifetime variableChristian Poessinger
IKE lifetime is life_time, and ESP lifetime is rekey_time.
2021-08-19ipsec: T3764: add additional quantifier for IKE and ESP lifetimeChristian Poessinger
Commit 7a873eb6 ("ipsec: T3764: bugfix missing IKE and ESP lifetime values") re-added the lost in translation IKE/ESP rekey values. But it did not specify the unit, which is s(econd).
2021-08-19ipsec: T3764: bugfix missing IKE and ESP lifetime valuesChristian Poessinger
During the migration the IKE and ESP key/re-key lifetime settings got lost in translation. This is now fixed and the values/defaults correspond to VyOS 1.3.
2021-08-18bgp: evpn: T1513: fix indention when writing address-family configChristian Poessinger
2021-08-18bgp: T3759: add l3vpn "route-target vpn" commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast route-target vpn both 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn export 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn import 1.1.1.1:100
2021-08-18bgp: T3759: fix indention when writing address-family configChristian Poessinger
2021-08-18bgp: T3759: add l3vpn "rd" route-distinguisher commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast rd vpn export * set protocols bgp address-family ipv6-unicast rd vpn export
2021-08-18bgp: T2387: fix indention when writing address-family configChristian Poessinger
2021-08-18bgp: T3759: add l3vpn "label vpn export" commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast label vpn export (auto | 0-1048575) * set protocols bgp address-family ipv6-unicast label vpn export (auto | 0-1048575)
2021-08-18nat66: ndppd: T2518: rename Jinja2 template folder to match common naming ↵Christian Poessinger
convention
2021-08-18ndppd: T2518: add missing if statement for translation address in Jinja2 ↵Christian Poessinger
template This triggered a bug during smoketesting. File "/usr/share/vyos/templates/proxy-ndp/ndppd.conf.tmpl", line 24, in top-level template code {% if config.translation.address is defined and config.translation.address | is_ip_network %} File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 471, in getattr return getattr(obj, attribute) jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'translation'
2021-08-17bgp: T3759: add l3vpn "import vrf" commandsChristian Poessinger
2021-08-17bgp: T3759: add l3vpn import/export vpn command for IPv4/IPv6 AFIChristian Poessinger