summaryrefslogtreecommitdiff
path: root/interface-definitions/include
AgeCommit message (Collapse)Author
2024-05-23nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 (cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
2024-05-16T5756: L2TP RADIUS backup and weight settingskhramshinr
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
2024-05-12ethernet: T6306: add support for EVPN MH uplink/core trackingChristian Breunig
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink (cherry picked from commit 5565f27d15c5e7378e94aae8db8a894a12e25d7b)
2024-05-07T6305: accept ipoe interfaces on firewall rulesetNicolas Fort
(cherry picked from commit b5f22f70006eed6c7e62700128d5034b1b95db31)
2024-05-02netns: T6295: disable incomplete support in VyOS 1.4 sagittaChristian Breunig
The netns support currently available on the VyOS CLI is only a proof-of-technology, we have no real support for any service behind it. In order to not confuse anyone on the LTS branch we decided to remove the netns option for interfaces until there is a proper usecase and implementation available.
2024-05-01pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
(cherry picked from commit 107ee099e82397b31fca8cf1ac3860cbf76f0596)
2024-04-30Merge pull request #3377 from vyos/mergify/bp/sagitta/pr-3371Christian Breunig
openconnect: T4982: Support defining minimum TLS version in openconnect VPN (backport #3371)
2024-04-30T6273: Allowed the use of "-" and "_" in PPPoE access-concentrator nameaapostoliuk
Allowed the use of "-" and "_" in PPPoE access-concentrator name (cherry picked from commit de38b01710958b7f7dababcff9557e4be98c8450)
2024-04-30openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
(cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5)
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms (cherry picked from commit 0bf4b570fe2d239b9fbabd3ae801ad3f04a06bde)
2024-04-23T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵Windom WU
config (cherry picked from commit 984c386d11ead8371b7ac381e6c0921473e557ed)
2024-04-22xml: T5738: fix typo in radius-additions.xml.iAndré Luiz dos Santos
(cherry picked from commit 8d0aa7bfb83aecb989ab01b6d1975cf23f1c7dcb)
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos (cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
2024-04-13qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy (cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
2024-04-11T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> ↵Nicolas Fort
in order to not allow string starting with dot character; use such constraint in firewall group definitions. (cherry picked from commit c455a1f71674300b8a74863ddfe6e551fe8fd252)
2024-04-07xml: T5862: drop defaultValue from mtu-68-16000.xml.i - use individual valuesChristian Breunig
In order to lower the Ethernet default MTU we need to drop the common defaultValue from the XML mtu-68-16000.xml.i building block. Per interface default MTU is later overloaded by XML. (cherry picked from commit e86761fa1307596c721c3ddf3a61d263e8f5177b)
2024-04-07container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones. (cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
2024-04-03T6068: T6171: change <fail-over> node from dhcp-server to ↵Nicolas Fort
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
2024-04-02ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. (cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
2024-04-02xml: T5738: extend VRF building blocks with common constraint definitionChristian Breunig
(cherry picked from commit 32d6a693de99021d2cd44fb4235e929caf7b4a6d)
2024-04-01bgp: T6151: Fix description in PEER disable-connected-checkfett0
(cherry picked from commit 24d0400b9c55cadef1eb99b3e84a363dd6ad5033)
2024-04-01bgp: T6151: Fix description in PEER disable-connected-checkfett0
(cherry picked from commit 84b6f6bcf59d526c35928c974e3f2d03c4d5ec06)
2024-04-01bgp: T6151: Allow configuration of disable-ebgp-connected-route-checkfett0
(cherry picked from commit 85e5ccbab85c8ded426896d61bcf64d329768f2c)
2024-04-01bgp: T6010: Allow configuration of disable-ebgp-connected-route-checkfett0
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
2024-03-28ipsec: T5606: T5871: Use multi node for CA certificatessarthurdev
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended. (cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
2024-03-24xml: T5738: use common constraint include for container networkChristian Breunig
(cherry picked from commit 6be463fcca574e051420ae7549bed72e74486470)
2024-03-21bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad (cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
2024-03-20qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test (cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
2024-03-11Merge pull request #3118 from c-po/T6093-sagittaChristian Breunig
dhcp-client: T6093: extend regex for client class-id's with DOT (backport #3117)
2024-03-10xml: T6098: relax description constraint to allow non-ascii charactersJohn Estabrook
A restriction to ascii in the constraint disallowed earlier support for unicode bytes. (cherry picked from commit 66b92e1cd4ec948c1e2df4bee9b21da9633f5bd8)
2024-03-10dhcp-client: T6093: extend regex for client class-id's with DOTLucas
The regex used is not working if the string contains dots. Originally authored by: Lucas <pinheirolucas@pm.me> (cherry picked from commit c8670ae7941a8bac31e2174d4c6426b47272bfcc)
2024-03-10xml: T5738: revert invalid change from lower character limit - 0 length must ↵Christian Breunig
be allowed This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum description to 255 characters") which incresaed the lower limit from 0 to 1. We actually require 0 length value for description nodes as introduced in commit 6eea12512e ("xml: T1579: allow zero length for description"). (cherry picked from commit 724c685cba423758bece827d6d286815933ba912)
2024-03-10xml: T5738: lower maximum description to 255 charactersChristian Breunig
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field. (cherry picked from commit a72ededa0b29c25efaab52f2db170c34eba50248)
2024-03-05xml: T5738: use generic-disable-node building block for "disable" CLI nodesChristian Breunig
Make the code more uniform and maintainable. (cherry picked from commit 21b0bf0168697fdbe514ae49a4a28b39a91ec777)
2024-03-04ospfv3: T6087: add support to redistribute IS-IS routesChristian Breunig
(cherry picked from commit 6a97fdfa1ba9b4135a51498ea5acabb804256b2c)
2024-03-02Merge pull request #3062 from sarthurdev/T6079_sagittaDaniil Baturin
dhcp-server: T6079: Disable duplicate static-mappings on migration
2024-03-02ospfv3: T5717: allow metric and metric-type on redistributed routesChristian Breunig
Example: vyos@vyos# set protocols ospfv3 redistribute bgp Possible completions: metric OSPF default metric metric-type OSPF metric type for default routes (default: 2) route-map Specify route-map name to use (cherry picked from commit ed2c288c8a9031f91acf76d20b84e2002696981c)
2024-02-29dhcp-server: T6079: Disable duplicate static-mappings on migrationsarthurdev
2024-02-23pki: T3642: Fix typo in PKI includessarthurdev
(cherry picked from commit e2adfdef9e79aa7550e82a12d661718a479aba90)
2024-02-20T6050: Fixed descriptions of 'extended-scripts' commands in accel-pppaapostoliuk
Removed word 'PPPoE' from descriptions in common template for all accel-ppp services. (cherry picked from commit 8e1793834bf453ff252f38ae5271f7f9bcea9bf9)
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-defaultChristian Breunig
* set system ip nht no-resolve-via-default * set system ipv6 nht no-resolve-via-default (cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code. (cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
2024-02-13pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa' (cherry picked from commit 8c78ef0879f22ffd4a5f7fdb175e9109b46e9d7b)
2024-02-13bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo (cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
2024-02-12Merge pull request #2990 from vyos/mergify/bp/sagitta/pr-2980Christian Breunig
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z' (cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
2024-02-11bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
2024-02-10xml: T5738: improve PKI building blocks for CLIChristian Breunig
(cherry picked from commit d4278cde2b153e163fe41e1bc461891397336bc3)
2024-02-09T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication. (cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
2024-02-07bgp: T6024: add additional missing FRR featuresChristian Breunig
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset" (cherry picked from commit fff6004d46c5b939800fc3e61fe2102224625c0d)