summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-06-11dns forwarding: T2486: add conf nodes 'addnta', 'recursion-desired', migratorJernej Jakob
Add new nodes for 'service dns forwarding domain': 'addnta': adds addNTA to lua-config-file 'recursion-desired': sets '+' before the zone in forward-zones-file The migrator sets both options for all configured domains. This is usually the desired config.
2020-06-11system: T2486: migrate disable-dhcp-nameservers to name-servers-dhcpJernej Jakob
The previous implementation only supported disabling DHCP nameservers for all interfaces, and was implemented improperly so it didn't work anyway. This migrates it to name-servers-dhcp <interface>, which allows us to enable just the interfaces we want to use for system DNS, identical in syntax to 'service dns forwarding dhcp <interface>'. The migrator searches through all interfaces that have address 'dhcp(v6)?' and adds them to the name-servers-dhcp list if disable-dhcp-nameservers is not set, else it does nothing.
2020-06-11ssh: T2321: add VRF supportChristian Poessinger
2020-06-09console: T2529: migrate from ttyUSB device to new device in /dev/serial/by-busChristian Poessinger
During testing it was discovered that there is a well known problem (we had for ethernet interfaces) also in the serial port world. They will be enumerated and mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially painful on my development APU4 board which also has a Sierra Wireless MC7710 LTE module installed. The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the amount of serial port extenders attached (FT4232H). The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves this by enumerating the devices into /dev/serial/by-id folder with their name and serial number - it's a very good idea but I've found that not all of the FT4232H dongles have a serial number programmed - this leads to the situation that when you plug in two cables with both having serial number 0 - only one device symlink will appear - the previous one is always overwritten by the latter one. Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus directory and group devices by attached USB root port.
2020-06-09console: T2569: initial implementation with XML and PythonChristian Poessinger
Migrate the serial console subsystem to XML and Python.
2020-06-09wwan: T2529: add XML device constraintChristian Poessinger
2020-06-07wwan: T2529: harden device completion helperChristian Poessinger
Commit 1c7d7cbd39 ("wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.Z") added a new completion helper path for USB based serial interfaces. If no USB based serial port was available on the system this produced the following error: "ls: cannot access '/dev/serial/by-bus': No such file or directory" Only list USB based serial interfaces if there is at least one connected to the system.
2020-06-07wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.ZChristian Poessinger
During testing it was discovered that there is a well known problem (we had for ethernet interfaces) also in the serial port world. They will be enumerated and mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially painful on my development APU4 board which also has a Sierra Wireless MC7710 LTE module installed. The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the amount of serial port extenders attached (FT4232H). The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves this by enumerating the devices into /dev/serial/by-id folder with their name and serial number - it's a very good idea but I've found that not all of the FT4232H dongles have a serial number programmed - this leads to the situation that when you plug in two cables with both having serial number 0 - only one device symlink will appear - the previous one is always overwritten by the latter one. Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus directory and group devices by attached USB root port. vyos@vyos:~$ find /dev/serial/by-bus/ -name usb* -exec basename {} \; | sort usb0b1.3p1.0 usb0b1.3p1.2 usb0b1.3p1.3 usb0b2.4p1.0 usb0b2.4p1.1 usb0b2.4p1.2 usb0b2.4p1.3 So we have USB root 0 with bus 1.3 and port 1.0. The enumeration is constant accross reboots.
2020-06-06isis: T2495: add XML definitions for "protocol isis"Viacheslav Hletenko
2020-06-05Merge pull request #443 from mrozentsvayg/openvpn-T2550-ipv4-remote-hostChristian Poessinger
openvpn: T2550: fix for IPv4 remote-host addresses
2020-06-04openvpn: T2550: fix for IPv4 remote-host addressesMikhail Rozentsvayg
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only configurations stopped working (Address family for hostname not supported) Commit fc467519 fixed some scenarios by using IPv4 protocols if 'local-host' is IPv4 address, but the client mode is using 'remote-host' instead and was still broken. This commit in addition to 'local-host' also checks all the 'remote-host' addresses.
2020-06-05T2548: interface address does not support IP network definitionChristian Poessinger
When migrating all single instances of the IP address XML definition to the reusable include file an error was ported, too. This allowed an interface be assigned an IPv4/IPv6 network address es e.g. 192.0.2.0/24 which is invalid. The validator has been fixed to only allow IPv4/IPv6 host addresses instead.
2020-06-04rip-xml: T2547: XML for conf-mode protocol RIPsever-sever
2020-06-01bgp: T2387: move "aggregate address" to XML includeChristian Poessinger
2020-06-01firewall: T1843: no need to call "sudo" for ownerChristian Poessinger
2020-06-01nat: T2198: no need to call "sudo" for ownerChristian Poessinger
2020-05-31openvpn: T2532: add VRF supportChristian Poessinger
2020-05-30vrf: T2530: instance name must be 15 characters or lessChristian Poessinger
2020-05-29wwan: T1988: add CLI completion helper for "device" nodeChristian Poessinger
2020-05-26dhcpv6-pd: pppoe: T2506: restructure CLIChristian Poessinger
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate <interface>" to "dhcpv6-options prefix-delegation interface <interface>". The change is required to add the possibility to request for specific prefix sized via the CLI. That option was not possible with the old configuration tree.
2020-05-26bgp: xml: T2387: fix warning: missing terminating ' characterChristian Poessinger
2020-05-24fromdos: fix wrong line encodingChristian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger
2020-05-20macvlan: T2023: prepare common source interface include fileChristian Poessinger
2020-05-19Merge pull request #378 from sever-sever/bgp-xml-confChristian Poessinger
bgp-xml: T2387:Commands in XML for [conf_mode] bgp
2020-05-19wireguard: T2481: support IPv6 based underlayChristian Poessinger
2020-05-19dhcpv6-pd: T421: support ethernet based interfacesChristian Poessinger
Add support for prefix delegation when receiving the prefix via ethernet, bridge, bond, wireless.
2020-05-19bgp-xml: T2387:Commands in XML for [conf_mode] bgpsever-sever
2020-05-17pppoe: dhcpv6-pd: T421: initial supportChristian Poessinger
The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0. pppoe pppoe0 { authentication { password vyos user vyos } description sadfas dhcpv6-options { delegate eth0 { interface-id 65535 sla-id 0 sla-len 8 } } ipv6 { address { autoconf } enable } source-interface eth1 } vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 2001:db8:8003:400::ffff/64 u/u
2020-05-17xml: split dhcp, dhcpv6 to individual filesChristian Poessinger
2020-05-16nat: nptv6: T2198: add XML/Python skeletonChristian Poessinger
- define XML CLI interface - read CLI into Python dict
2020-05-16nat: T2198: add common ip-protocol validatorChristian Poessinger
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the negated form with a leading "!".
2020-05-16nat: T2198: add protocol completion helper and regex constraintChristian Poessinger
2020-05-16nat: T2198: split nat-address-port include into individual filesChristian Poessinger
2020-05-16nat: T2198: add ipv4-{address,prefix,rage}-exclude validatorsChristian Poessinger
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
2020-05-16nat: T2198: add new ipv4-range validatorChristian Poessinger
2020-05-16nat: T2198: initial XML and Python representationChristian Poessinger
2020-05-07wireless: T2427: add common interface includes to templateJernej Jakob
2020-05-06sstp: T2392: add IPv6 DNS supportChristian Poessinger
New command added: * set vpn sstp network-settings name-server 2001:db8::1111
2020-05-06sstp: T2392: add initial IPv6 supportChristian Poessinger
New commands added: * set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112 * set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64
2020-04-30dhcpv6-server: T2406: add lease-time validator to XMLChristian Poessinger
2020-04-30dhcpv6-server: T2406: merge sip-server-{address,name} to sip-server nodeChristian Poessinger
The subnet specific nodes sip-server-address & sip-server-name do the same for the user - specify a SIP server. Only the backend is rendered in a different way, as ISC DHCPv6 expects different options. There is absolutely no need for the user to distinguish between both two nodes.