summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2024-12-23Merge pull request #4234 from takehaya/T6013-trusted-ca-keysChristian Breunig
T6013: Add support for configuring TrustedUserCAKeys for ssh service
2024-12-23Merge pull request #4247 from sever-sever/T6936Daniil Baturin
T6936: PPPoE-server add option combined to interface
2024-12-23T6013: Add support for configuring TrustedUserCAKeys in SSH service with ↵Takeru Hayasaka
local and remote CA keys
2024-12-20Merge pull request #4242 from nvollmar/T6953Christian Breunig
T6953: merges node and frr exporter under prometheus section
2024-12-20T6936: PPPoE-server add option combined to interfaceViacheslav Hletenko
Add option 'combined', it allows to listen to PPP requests on both VLANs and the base parent interface (wihtout tag) Before it was impossible to do it from our CLI set service pppoe-server interface eth1 combined set service pppoe-server interface eth1 vlan '10-122'
2024-12-19T6953: merges node and frr exporter under prometheus sectionNicolas Vollmar
2024-12-18Merge pull request #4233 from HollyGurza/T6934Christian Breunig
T6934: Add preshared key for zabbix-agent monitoring service
2024-12-18Merge pull request #4236 from opswill/currentDaniil Baturin
T6918: Accept invalid PPPoE Session in stateful bridge firewall.
2024-12-16babel: T6746: remove superfluous "end" in daemon templateChristian Breunig
2024-12-16static: T6746: migrate BFD CLI nodesChristian Breunig
Migrate "set protocols static route <x.x.x.x/x> next-hop <y.y.y.y> bfd multi-hop source <z.z.z.z> profile <NAME>" to: "set protocols static route <x.x.x.x/x> next-hop <y.y.y.y> bfd profile bar" FRR supports only one source IP address per BFD multi-hop session. VyOS had CLI cupport for multiple source addresses which made no sense.
2024-12-16frr: T6746: handle "system ip" and "system ipv6" with FRRender classChristian Breunig
FRR 10.2 will use "[no] ip forwarding" and "[no] ipv6 forwarding" to enable or disable IP(v6) forwarding. We no longer rely on sysctl as this was overridden by FRR later on. Remove code path for sysctl setting and solely rely on FRR.
2024-12-16multicast: T6746: flatten CLI by merging "multicast route" to "mroute" CLI ↵Christian Breunig
tagNode This will save an entire level for the configuration and there is no need for a parent "multicast" node, as it will only have "route" as tagNode below. Move set protocols static multicast route <x.x.x.x/y> to: * set protocols static mroute <x.x.x.x/y>
2024-12-16frr: T6747: migrate protocols to unified FRRender classChristian Breunig
With FRR 10.0 daemons started to be migrated to integrated FRR mgmtd and a northbound interface. This led to some drawbacks in the current state how changes to FRR are handled. The current implementation will use frr-reload.py and specifies excatly WHICH daemon needs a config update and will only replace this part inside FRR. With FRR10 and mgmtd when a partial configuration is sent to mgmtd, it will remove configuration parts from other daemons like bgpd or ospfd which have not yet been migrated to mgmtd. It's not possible to call frr-reload.py with daemon mgmtd - it will error out. This commit will also change the CLI for static routes: CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop source 1.1.1.1" will be split into: * set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd source-address 1.1.1.1 * set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop To make the XML blocks reusable, and comply with the FRR CLI - this was actually a wrong implementation from the beginning as you can not have multiple BFD source addresses. CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop source 1.1.1.1 profile bar" is changed to: * set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd profile bar CLI commands "set protocols static multicast interface-route" is moved to: * set protocols static multicast route <x.x.x.x/x> interface To have an identical look and feel with regular static routes.
2024-12-16frr: T6747: remove superfluous newlines from rendered templatesChristian Breunig
Drop newlines added by macro statement and Jinja2 comments. Jinja2 comments will be removed during package build on the shipped files.
2024-12-16ospf: T6747: add retransmit-window CLI optionChristian Breunig
2024-12-16pim6: T6747: adjust template to new "router pim6" FRR CLIChristian Breunig
2024-12-16pim: T6747: adjust template to new "router pim" FRR CLIChristian Breunig
2024-12-16rpki: T6747: adjust to new FRR cli interfaceChristian Breunig
2024-12-16Merge pull request #4238 from c-po/T6613-tacacsChristian Breunig
tacacs: T6613: dynamically build exclude_users list to avoid TACACS traffic
2024-12-16Merge pull request #4211 from natali-rs1985/T4214Daniil Baturin
static: T4214: Allow several dhcp-interfaces to the same static rote
2024-12-16Merge pull request #4219 from natali-rs1985/T6628Daniil Baturin
ipoe_server: T6628: Add option to assign static IP address to end users with local auth
2024-12-16T6934: Add preshared key for zabbix-agent monitoring servicekhramshinr
- Allow configure preshared key for zabbix-agent - Added op mode command for generatre random psk secret - Removed duplicate xml definition for psk settings Configure authentication mode: ``` # set service monitoring zabbix-agent authentication mode Possible completions: pre-shared-secret Use a pre-shared secret key ``` Configure PSK Settings: ``` # set service monitoring zabbix-agent authentication psk Possible completions: id ID for authentication secret pre-shared secret key ``` Generate Random PSK: ``` $ generate psk random Possible completions: <Enter> Execute the current command size Key size in bytes ```
2024-12-15tacacs: T6613: dynamically build exclude_users list to avoid TACACS trafficChristian Breunig
There is no need to send local base OS accounts like root or daemon to the tacacs server. This will only make the CLI experience sluggish. Build up a dynamic list of user accounts to exclude from TACACS lookup.
2024-12-13T6918: Accept invalid PPPoE Session in stateful bridge firewall.opswill
2024-12-04ipoe_server: T6628: Add option to assign static IP address to end usersNataliia Solomko
2024-12-02Merge pull request #4208 from lucasec/t6630Christian Breunig
T6630: ntp: fix timestamp nested under ptp
2024-11-29static: T4214: Allow several dhcp-interfaces to the same static roteNataliia Solomko
2024-11-28T6906: IPoE-server add start-session option (#4206)Viacheslav Hletenko
Add the abbility to start IPoE session by unclassified-packet. It allows the cases when subscriber configures the address manually (static) and accel-ppp can start session on any packet. By default start session on DHCPv4 Discover packet. set service ipoe-server interface eth1 start-session unclassified-packet
2024-11-26Merge pull request #4196 from natali-rs1985/T6872Christian Breunig
ipoe_server: T6872: Add the ability to configure LUA scripts and username
2024-11-26Merge pull request #4198 from sever-sever/T264Christian Breunig
T264: IPsec add base64 encoded secret-type feature
2024-11-25T6630: ntp: fix timestamp nested under ptpLucas Christian
2024-11-23avahi: T6908: add option to define max-cache entries (#4207)Christian Breunig
* avahi: T6908: reduce runtime overhead in smoketests by using setUpClass/tearDownClass * avahi: T6908: add option to define mdns-repeater max-cache entries Add CLI option to configure `cache-entries-max` entries in Avahi daemon configuration. Default value of 4096 for "cache-entries" CVLI node was retrieved from source code.
2024-11-21T264: IPsec add base64 encoded secret-type featureViacheslav Hletenko
Add the ability to configure base64 encoded passwords for VPN IPSec site-to-site peers authentication psk PSK secret 'xxxxx==' authentication psk PSK secret-type <base64|plaintext>
2024-11-21ipoe_server: T6872: Add the ability to configure LUA scripts and usernameNataliia Solomko
2024-11-20serial: T3397: Remove `--keep-baud` which could result in unexpected baud ratesarthurdev
2024-11-14T6876: DHCP-server increase retries that Kea makes to open a socketViacheslav Hletenko
KEA DHCP-server sometimes could be in the race condition when an interface is not in the UP state. The server tries to open the socket 5 times with an interval of 5 seconds, then just starts as it is. In this case, users cannot get leases from the interface, which was in the DOWN state before starting KEA, but it is now in the UP state. Increase 'service-sockets-max-retries' from 5 to 60
2024-11-08Merge pull request #4185 from c-po/syslog-fixupDaniil Baturin
syslog: T6858: bugfix remote syslog using TCP
2024-11-08dhcp_server: T6031: DHCP Option Failures - windows-static-route (#4183)Nataliia S.
In "option-def" parameter "record-types" field is an array of uint8 in format "<netmask>, <network-byte1>, <network-byte2>, <network-byte3>, <router-byte1>, <router-byte2>, <router-byte3>" where <network-byte3> with the value 0 is omitted, so the minimal length of array is 7 (e.g. for routing 10.1.0.0/16 via 10.1.6.4 "record-types": "16,10,1,10,1,6,4")
2024-11-07syslog: T6858: bugfix remote syslog using TCPChristian Breunig
Commit 042be39cc ("syslog: T5367: add format option to include timezone in message") added an invalid, outer if-statement when rendering the rsyslog configuration option for TCP. Remote hosts only got added when the format option "octet-counting" was defined in addition to the TCP protocol. This has been fix and now TCP transport is decoupled from octet-counting mode.
2024-11-07Merge pull request #4151 from natali-rs1985/T6695Daniil Baturin
T6695: Machine-readable operational mode support for traceroute
2024-10-27login: T6712: honor 80x25 terminal size for nonproduction banner messageT6712-motd-80-25-terminalChristian Breunig
2024-10-21Merge branch 'current' into T6695Nataliia S.
2024-10-17T973: add basic frr_exporter implementation (#4150)Robert Göhler
2024-10-11T6695: Machine-readable operational mode support for tracerouteNataliia Solomko
2024-10-11T6712: Add nonproduction banner (#4149)mergify[bot]
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
2024-10-09haproxy: T6745: Rename `reverse-proxy` to `haproxy`sarthurdev
2024-10-04Merge pull request #4048 from rebortg/node_exporterChristian Breunig
T973: add basic node_exporter implementation
2024-10-03T973: remove irrelevant standard valuesrebortg
2024-10-02T6757: Openconnect: fix template for correct config parsing while ↵Nicolas Fort
configuring source address for radius authentication.
2024-09-30Merge pull request #4024 from nicolas-fort/T6687Daniil Baturin
T6687: add fqdn support to nat rules.