summaryrefslogtreecommitdiff
path: root/interface-definitions/interfaces-openvpn.xml.in
AgeCommit message (Collapse)Author
2022-04-07qos: T4284: rename "traffic-policy" node to "qos policy"Christian Poessinger
"set traffic-policy" now becomes "set qos policy" "set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
2022-04-07qos: T4284: support mirror and redirect on all interface typesChristian Poessinger
2022-03-21qos: T4284: initial XML interface definitions for rewriteChristian Poessinger
2022-02-24scripts: T4269: node.def generator should automatically add default valuesChristian Poessinger
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help.
2021-12-06policy: T2199: Migrate policy route to XML/Pythonsarthurdev
2021-12-06firewall: T2199: Migrate firewall to XML/Pythonsarthurdev
2021-10-07Merge branch 'current' into 2faKim
2021-10-07pull request fixesKim Hagen
2021-09-23openvpn: T3642: Add option for TLS 1.3Nicolas Riebesel
2021-09-18dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6.
2021-09-03do not use capitals in opmodeKim Hagen
rename t0 to drift add subnemu for 2fa to make it more readable
2021-09-03remove default values from xmlKim Hagen
2021-09-01more 2fa changesKim Hagen
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
2021-08-20xml: remove superfluous "interface" prefix from interface includesChristian Poessinger
2021-08-17add part 2faKim Hagen
2021-08-16openvpn: T690: Add metric for pushed routesViacheslav
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-06-25openvpn: T1704: drop deprecated disable-ncp optionChristian Poessinger
2021-03-14xml: T1579: re-arrange xml interface include building blocksChristian Poessinger
As the amount of include files now has reached a certain amount, it is getting more and more crowsded, thuse introducing "per topic" subdirectories on the filesystem to keep a clean structure makes sense.
2021-01-07xml: include: provide generic include for disable nodeChristian Poessinger
2020-12-29xml: use new valueHelp format identifier "filename"Christian Poessinger
2020-12-29xml: T1466: provide common includes for SSL certificate CLI nodesChristian Poessinger
Gather all SSL certificate, ca and key nodes into a single representation of XML which can be #included into the XML definitions of the CLI interface to be rendered.
2020-12-04vyos.ifconfig: T1579: migrate "ip source-validation" option from ↵Christian Poessinger
vyatta-cfg-quagga
2020-11-01openvpn: T3036: support IPv6 remote-addressChristian Poessinger
2020-10-30openvpn: T2994: migrate to get_config_dict()Christian Poessinger
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-06-04openvpn: T2550: fix for IPv4 remote-host addressesMikhail Rozentsvayg
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only configurations stopped working (Address family for hostname not supported) Commit fc467519 fixed some scenarios by using IPv4 protocols if 'local-host' is IPv4 address, but the client mode is using 'remote-host' instead and was still broken. This commit in addition to 'local-host' also checks all the 'remote-host' addresses.
2020-05-31openvpn: T2532: add VRF supportChristian Poessinger
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field
2020-04-03interfaces: XML: constraint: add start of line ^ to regexChristian Poessinger
2020-03-28ipv6: T1831: migrate autoconf nodeChristian Poessinger
Autoconfigure addresses using Prefix Information in Router Advertisements.
2020-03-28ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodesChristian Poessinger
... to new XML and Python based frontend/backend.
2020-02-27openvpn: T2075: add support for OpenVPN tls-crypt file optionChristian Poessinger
Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy)
2020-01-26Interfaces: unify interface help textChristian Poessinger
2019-12-22interfaces: fix tagNode regex constraint (remove ^)Christian Poessinger
2019-12-06T1843: use include files to disable interface (admin down)Christian Poessinger
2019-12-06T1843: use include files for interface descriptionChristian Poessinger
2019-12-06T1843: run interface-definitions though GCC preprocessorChristian Poessinger
A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor.