summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2021-10-04OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-10-02dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5Christian Poessinger
(cherry picked from commit 8e6c48563d1612916bd7fcc665d70bfa77ec5667)
2021-09-30dhcp-server: T2230: add subnet description into rendered configChristian Poessinger
2021-09-27igmp: T2230: fix Jinja2 and FRR indentionChristian Poessinger
2021-09-27frr: T2175: rename daemon Jinja2 templates to match (d)aemon suffixChristian Poessinger
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity. (cherry picked from commit 96681d8bf1ede069b573a4cbe3a2493c374d048e)
2021-09-26ospfv3: T3859: add "log-adjacency-changes" CLI commandChristian Poessinger
2021-09-25bgp: T3657: add "neighbor fe80::202 interface source-interface 'eth1'" commandChristian Poessinger
2021-09-23openvpn: T3642: Openvpn does not work without dh parameter in EC modeNicolas Riebesel
2021-09-22vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict()Christian Poessinger
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _.
2021-09-21vrrp: keepalived: T3847: migrate/streamline CLI optionsChristian Poessinger
Rename virtual-address -> address as we always talk about an IP address.
2021-09-21vrrp: keepalived: T3847: migrate to get_config_dict()Christian Poessinger
2021-09-21vrrp: keepalived: T616: enable script securityChristian Poessinger
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-09-21vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks featureChristian Poessinger
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file.
2021-09-21dhcp-server: T3839: support domain-search and ntp-server config per ↵Christian Poessinger
shared-network
2021-09-19ipsec: T1441: Clean up vti-up-down script for XFRM interfacesLucas Christian
2021-09-19dhcp-server: T3672: bugfix Jinja2 templateChristian Poessinger
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases.
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides.
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
2021-09-18dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1'
2021-09-18dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6.
2021-09-18dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } }
2021-09-18ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by oneChristian Poessinger
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface.
2021-09-15ipsec: T3830: "authentication id|use-x509-id" are mutually exclusiveChristian Poessinger
Manually set peer id and use-x509-id are mutually exclusive!
2021-09-15ipsec: T3830: set connections.<conn>.remote<suffix>.id to "peer" if undefinedChristian Poessinger
Restore "default" behavior from ipsec.conf
2021-09-13ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable`sarthurdev
2021-09-10Merge pull request #1000 from sever-sever/T3810Christian Poessinger
squid: squidguard: T3810: Fix template for sourcre-group and rule
2021-09-10squid: squidguard: T3810: Fix template for sourcre-group and ruleViacheslav
Modify template for squid Replace old directives to actual
2021-09-10squid: T3810: Remove build in acl vars localost and to_localhostViacheslav
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-06https: T2230: only support TLS1.2 and TLS1.3Christian Poessinger
2021-09-04bgp: T3798: "replace-as" option can only be used when "no-prepend" is definedChristian Poessinger
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend".
2021-09-03bgp: T3798: add support for neighbor local-as <n> replace-asChristian Poessinger
2021-09-02pptp-server: T3790: Change ippool priority and define gw-ip-addressDmitriyEshenko
(cherry picked from commit 23388fe193f04ab05f270098123cbb3e5f0b9f75)
2021-08-29ospf: T3236: add possibility to redistribute "table"Christian Poessinger
Add new CLI command: * "set protocols ospf redistribute table <n>"
2021-08-29isis: T3783: bugfix configuring spf-delay-ietfChristian Poessinger
Mandatory FRR options for spf-delay-ietf did not get rendered in the Jinja2 template.
2021-08-27ipsec: T1210: Jinj2 template did not honor inactivity/timeout settingChristian Poessinger
2021-08-26Merge pull request #965 from c-po/t3739-evpn-route-mapChristian Poessinger
bgp: evpn: T3739: add route-map match support
2021-08-22l2tp: Jinja2 add trailing newlineChristian Poessinger
2021-08-22pppoe: T1318: set source interface next to rp-pppoe.so plugin in peer templateChristian Poessinger
2021-08-22pppoe: T3641: set "noipv6" if IPv6 is not configured in newer pppd versionChristian Poessinger
2021-08-21pppoe: T1318: implement missing access-concentrator CLI optionChristian Poessinger
2021-08-21pppoe: T3090: migrate to vyos.ifconfig library to use the full potentialChristian Poessinger
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down.
2021-08-21route: static: T2450: add next-hop interface on dhcp routesChristian Poessinger
2021-08-21interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵Christian Poessinger
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value.
2021-08-20bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/exportChristian Poessinger
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in
2021-08-20ipsec: T1210: add missing if clause around unique keyChristian Poessinger
2021-08-19ipsec: dmvpn: T3764: bugfix mixed up IKE/ESP lifetime variableChristian Poessinger
IKE lifetime is life_time, and ESP lifetime is rekey_time.