summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2019-04-21[firewall] T314: add firewall options for MSS clampingChristian Poessinger
* clamp MSS IPv4 set firewall options interface pppoe0 adjust-mss '1452' * clamp MSS IPv6 set firewall options interface pppoe0 adjust-mss6 '1452' * disable entire rule set firewall options interface pppoe0 disable Output ------ $ sudo iptables-save -t mangle # Generated by iptables-save v1.4.21 on Sun Apr 21 12:56:25 2019 *mangle :PREROUTING ACCEPT [1217:439885] :INPUT ACCEPT [290:52459] :FORWARD ACCEPT [920:375774] :OUTPUT ACCEPT [301:100053] :POSTROUTING ACCEPT [1221:475827] :VYOS_FW_OPTIONS - [0:0] -A FORWARD -j VYOS_FW_OPTIONS -A VYOS_FW_OPTIONS -o pppoe0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452 COMMIT Completed on Sun Apr 21 12:56:25 2019 (cherry picked from commit 476aa4c3a561ea0ef0bf9b4c26ec8b78d18a5d02)
2019-04-20Revert "[hostname] T1336: trailing dots in system domain-name are invalid"Christian Poessinger
This reverts commit 05c539ea5595790b297904569cbe13089ce79e18.
2019-04-20[hostname] T1336: trailing dots in system domain-name are invalidChristian Poessinger
Debian/Systemd provides hostnamectl which disabllows setting a FQDN when there is a trailing (.) in the provided hostname. Extend regex when setting "system domain-name" that there can't be a trailing (.). Provide migration script for current installations to remove the dot.
2019-04-18[pppoe-server] - typo correctedhagbard
2019-04-18[pppoe-server] T1341 - Adding rate-limiter for pppoe server usershagbard
- RADIUS shaper settings
2019-04-18[pppoe-server] T1341 - Adding rate-limiter for pppoe server usershagbard
- implementation for locally definied users
2019-04-03[dhcpv6-relay] T1322: support multiple upstream serversChristian Poessinger
Add support for relaying a DHCPv6 packet to multiple servers on one upstream interface.
2019-03-11[arp] - T1288: python implemtation of 'set protocols static arp'hagbard
2019-03-08T103: [dhcp-server] add support to configure host declarative namesChristian Poessinger
2019-03-07[rsyslog] T1282 - Configure VyOS to send syslog messages to remote syslog ↵hagbard
using fully-qualified domain name
2019-03-06[pptp] added command completion and regex to check user inputhagbard
2019-03-06[pptp] adding mppe interface menuhagbard
2019-03-06Merge remote-tracking branch 'upstream/current' into currenthagbard
2019-03-06[dhcp-relay] add completion helper to relay-agents-packetsChristian Poessinger
2019-03-05T833: accel-ppp: pptp implementationhagbard
2019-02-21Fixes: T1257: implement 'set system static-host-mapping' in host_name.py and ↵hagbard
remove old function calls
2019-02-14T1174: migrate local hostname/DNS handling to vyos-1xChristian Poessinger
2019-02-11IP validation for allowed ip corrected.hagbard
2019-02-09fixes T1238 - Wireguard allows invalid IP'shagbard
2019-02-04description text changed back for interface disablehagbard
2019-02-04enhancement: T1225 - wireguard implement 'set int wireguard wg0 peer name ↵hagbard
disable' to disable single peers
2019-01-30dynamic-dns: add completion list for service providersChristian Poessinger
2019-01-12T1041: make upstream DNS server optionalChristian Poessinger
The name-server option under "service dns-forwarding" was never mandatory so users never needed to specify an upstream server. With the recent switch to PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when there is no upstream DNS server configured.
2018-12-16Revert "T1087: Firewall on Wireguard Interface implementation"Daniil Baturin
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9. It's not how it's done, those templates are generated by a script in vyatta-cfg-firewall. If we are planning a firewall overhaul in 1.3.x, there's no reason to transplant the old approach to new code.
2018-12-11T1087: Firewall on Wireguard Interface implementationhagbard
2018-12-09T1091: extend DNS forwarding/DNSSEC completion help textChristian Poessinger
2018-12-09T1091: add DNS forwarding completion helpers for DNSSECChristian Poessinger
2018-11-30Fixes: T1061: Wireguard: Missing option to administrativly shutdown interfacehagbard
2018-11-26T835: improve help text for PPPoE CLI.Daniil Baturin
2018-11-23T835: adding description to ppp-optionshagbard
2018-11-19T835: migration script for radius' secret vs. key, rolled back thehagbard
change to 'mode local|radius'
2018-11-18T835: adding default pado delay and mode autocompletehagbard
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
2018-11-14Fixes: T940 adding immark to syslog optionshagbard
2018-11-14T835: accel-ppp pppoe implemetaionhagbard
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs - snmp subagent and master mode - connlimits configurable - more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.) - radius extended options (for HA etc.)
2018-11-09T835: pppoe-server adding radius server back inhagbard
2018-11-09T835: accel-ppp pppoe implementationhagbard
2018-11-07Add back trailing whitespace for smaller diffBrooks Swinnerton
2018-11-07T979: Allow spaces in wireguard interface descrsBrooks Swinnerton
Previous to this commit, setting a Wireguard interface description would result in a validation error similar to the following: ``` brooks@border# set interfaces wireguard wg0 description "Tunnel" [edit] brooks@border# set interfaces wireguard wg0 description "Tunnel tunnel tunnel" interface description is too long (limit 100 characters) Value validation failed Set failed [edit] ``` This commit makes the regex less restrictive up to 100 characters.
2018-11-04T959: XML/Python rewrite of "protocol igmp-proxy" and op-mode commandsChristian Poessinger
Examples: ========= CFG commands: vyos@vyos# set protocols igmp-proxy disable-quickleave vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24' vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24' vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream' vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream' vyos@vyos# show protocols igmp-proxy { disable-quickleave interface eth0 { alt-subnet 172.16.35.0/24 alt-subnet 172.31.0.0/24 role upstream } interface eth1 { role downstream } } OP mode commands: ----------------- vyos@vyos:~$ show ip multicast interface Interface BytesIn PktsIn BytesOut PktsOut Local eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65 eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201 vyos@vyos:~$ show ip multicast mfc Group Origin Pkts Bytes Wrong In Out xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1 xxx.x.xx.2 xxx.xx.0.1 --
2018-11-03T958: Problems with wireguard descriptionhagbard
2018-11-02T939: Remove possibility to specify DHCP relay portChristian Poessinger
2018-10-26T886: validation logic in `interfaces wireguard wgX address x.x.x.x brokenhagbard
- removed ip-host from tree, iproute2 will detect faulty addresses and return exit 1
2018-10-21T634: remove 'service ssh allow-root'Christian Poessinger
2018-10-19Merge branch 'dhcp-relay' into currentChristian Poessinger
* dhcp-relay: dhcpv6-relay: added missing verify() step for listen and upstream interfaces T913: DHCP relay service XML/Python rewrite for IPv6 T913: DHCP relay service XML/Python rewrite for IPv4 vyos-1x now depends on isc-dhcp-relay dns-forwarding: fix XML interface indenting
2018-10-19Add Client keepalive option for use with cloud-initUnicronNL
Add option to specify multiple listening ports Clean up template generation layout
2018-10-17Fixing check for local IP, using validator --is-any-host.hagbard
2018-10-17T913: DHCP relay service XML/Python rewrite for IPv6Christian Poessinger
2018-10-17T913: DHCP relay service XML/Python rewrite for IPv4Christian Poessinger
2018-10-17dns-forwarding: fix XML interface indentingChristian Poessinger