summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2021-09-18ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by oneChristian Poessinger
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface.
2021-09-15ipsec: T3830: "authentication id|use-x509-id" are mutually exclusiveChristian Poessinger
Manually set peer id and use-x509-id are mutually exclusive!
2021-09-15ipsec: T3830: set connections.<conn>.remote<suffix>.id to "peer" if undefinedChristian Poessinger
Restore "default" behavior from ipsec.conf
2021-09-13ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable`sarthurdev
2021-09-10Merge pull request #1000 from sever-sever/T3810Christian Poessinger
squid: squidguard: T3810: Fix template for sourcre-group and rule
2021-09-10squid: squidguard: T3810: Fix template for sourcre-group and ruleViacheslav
Modify template for squid Replace old directives to actual
2021-09-10squid: T3810: Remove build in acl vars localost and to_localhostViacheslav
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-06https: T2230: only support TLS1.2 and TLS1.3Christian Poessinger
2021-09-04bgp: T3798: "replace-as" option can only be used when "no-prepend" is definedChristian Poessinger
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend".
2021-09-03bgp: T3798: add support for neighbor local-as <n> replace-asChristian Poessinger
2021-09-02pptp-server: T3790: Change ippool priority and define gw-ip-addressDmitriyEshenko
(cherry picked from commit 23388fe193f04ab05f270098123cbb3e5f0b9f75)
2021-08-29ospf: T3236: add possibility to redistribute "table"Christian Poessinger
Add new CLI command: * "set protocols ospf redistribute table <n>"
2021-08-29isis: T3783: bugfix configuring spf-delay-ietfChristian Poessinger
Mandatory FRR options for spf-delay-ietf did not get rendered in the Jinja2 template.
2021-08-27ipsec: T1210: Jinj2 template did not honor inactivity/timeout settingChristian Poessinger
2021-08-26Merge pull request #965 from c-po/t3739-evpn-route-mapChristian Poessinger
bgp: evpn: T3739: add route-map match support
2021-08-22l2tp: Jinja2 add trailing newlineChristian Poessinger
2021-08-22pppoe: T1318: set source interface next to rp-pppoe.so plugin in peer templateChristian Poessinger
2021-08-22pppoe: T3641: set "noipv6" if IPv6 is not configured in newer pppd versionChristian Poessinger
2021-08-21pppoe: T1318: implement missing access-concentrator CLI optionChristian Poessinger
2021-08-21pppoe: T3090: migrate to vyos.ifconfig library to use the full potentialChristian Poessinger
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down.
2021-08-21route: static: T2450: add next-hop interface on dhcp routesChristian Poessinger
2021-08-21interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵Christian Poessinger
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value.
2021-08-20bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/exportChristian Poessinger
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in
2021-08-20ipsec: T1210: add missing if clause around unique keyChristian Poessinger
2021-08-19ipsec: dmvpn: T3764: bugfix mixed up IKE/ESP lifetime variableChristian Poessinger
IKE lifetime is life_time, and ESP lifetime is rekey_time.
2021-08-19ipsec: T3764: add additional quantifier for IKE and ESP lifetimeChristian Poessinger
Commit 7a873eb6 ("ipsec: T3764: bugfix missing IKE and ESP lifetime values") re-added the lost in translation IKE/ESP rekey values. But it did not specify the unit, which is s(econd).
2021-08-19ipsec: T3764: bugfix missing IKE and ESP lifetime valuesChristian Poessinger
During the migration the IKE and ESP key/re-key lifetime settings got lost in translation. This is now fixed and the values/defaults correspond to VyOS 1.3.
2021-08-18bgp: evpn: T1513: fix indention when writing address-family configChristian Poessinger
2021-08-18bgp: T3759: add l3vpn "route-target vpn" commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast route-target vpn both 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn export 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn import 1.1.1.1:100
2021-08-18bgp: T3759: fix indention when writing address-family configChristian Poessinger
2021-08-18bgp: T3759: add l3vpn "rd" route-distinguisher commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast rd vpn export * set protocols bgp address-family ipv6-unicast rd vpn export
2021-08-18bgp: T2387: fix indention when writing address-family configChristian Poessinger
2021-08-18bgp: T3759: add l3vpn "label vpn export" commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast label vpn export (auto | 0-1048575) * set protocols bgp address-family ipv6-unicast label vpn export (auto | 0-1048575)
2021-08-18nat66: ndppd: T2518: rename Jinja2 template folder to match common naming ↵Christian Poessinger
convention
2021-08-18ndppd: T2518: add missing if statement for translation address in Jinja2 ↵Christian Poessinger
template This triggered a bug during smoketesting. File "/usr/share/vyos/templates/proxy-ndp/ndppd.conf.tmpl", line 24, in top-level template code {% if config.translation.address is defined and config.translation.address | is_ip_network %} File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 471, in getattr return getattr(obj, attribute) jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'translation'
2021-08-17bgp: T3759: add l3vpn "import vrf" commandsChristian Poessinger
2021-08-17bgp: T3759: add l3vpn import/export vpn command for IPv4/IPv6 AFIChristian Poessinger
2021-08-16openvpn: T690: Add metric for pushed routesViacheslav
2021-08-15ospf: T3236: improve Jinja2 template - always use if before a loopChristian Poessinger
2021-08-15ospf: T3757: support to configure area at an interface levelChristian Poessinger
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 }
2021-08-14ospf: T3236: use proper daemon named template fileChristian Poessinger
2021-08-13vrf: T3734: T3728: vni must be configured with a higher priority then bgpdChristian Poessinger
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp.
2021-08-13Merge pull request #914 from sever-sever/T3673Christian Poessinger
policy: T3673: Add set large-comm-list for route-map
2021-08-13policy: T3673: Add set large-comm-list-delete for route-mapViacheslav
2021-08-13nginx: T3740: use bracketize_ipv6 Jinja2 filter on server addressChristian Poessinger
2021-08-11bgp: evpn: T3739: add prefix-list match supportChristian Poessinger
FRR 7.5.1 supports: vyos(config-route-map)# match evpn default-route default EVPN type-5 route rd Route Distinguisher route-type Match route-type vni Match VNI This commit adds a proper VyOS CLI abstraction.
2021-08-10Merge pull request #961 from sarthurdev/T3727Christian Poessinger
ipsec: T3727: Fix ESP proposals not being set from tunnel esp-group
2021-08-10ipsec: T3727: Fix ESP proposals not being set from tunnel esp-groupsarthurdev
2021-08-10snmp: T3709: Allow enable oid ipCidrRouteTableViacheslav