summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2023-03-21T5099: IPoE-server add option next-pool for named ip poolsViacheslav Hletenko
In cases with multiple named IP pools, it is required the option 'next' to be sure that if IP addresses ended in one pool, then they would begin to be allocated from the next named pool. For accel-ppp it requires specific order as pool must be defined before we can use it with the 'next-option' set service ipoe-server client-ip-pool name first-pool subnet '192.0.2.0/25' set service ipoe-server client-ip-pool name first-pool next-pool 'second-pool' set service ipoe-server client-ip-pool name second-pool subnet '203.0.113.0/25' [ip-pool] 203.0.113.0/25,name=second-pool 192.0.2.0/25,name=first-pool,next=second-pool
2023-03-17T5086: Add sFlow drop-monitor-limit optionViacheslav Hletenko
hsflowd will export the headers of dropped packets (along with the name of the function in the Linux kernel where that skb was dropped) as part of the standard sFlow feed. This measurement complements the sFlow packet sampling and counter-telemetry well because it provides visibility into the traffic that is not flowing. Very helpful for troubleshooting. The limit (a rate limit max of N drops per second sent out in the sFlow datagrams) is the parameter you would set in the CLI. set system sflow drop-monitor-limit 50
2023-03-16Merge pull request #1891 from sever-sever/T5086Christian Breunig
T5086: Add sFlow feature based on hsflowd
2023-03-16T5086: Add sFlow feature based on hsflowdViacheslav Hletenko
Add sFlow feature based on hsflowd According to user reviews, it works more stable and more productive than pmacct I haven't deleted 'pmacct' 'system flow-accounting sflow' yet It could be migrated or deprecated later set system sflow agent-address '192.0.2.14' set system sflow interface 'eth0' set system sflow interface 'eth1' set system sflow polling '30' set system sflow sampling-rate '100' set system sflow server 192.0.2.1 port '6343' set system sflow server 192.0.2.11 port '6343'
2023-03-14Merge pull request #1890 from nicolas-fort/T5055Viacheslav Hletenko
T5055: NAT: extend packet-type to NAT
2023-03-14T5055: NAT: extend packet-type match option which was previously introduced ↵Nicolas Fort
in firewall, to NAT
2023-03-10openvpn: xml: T1843: re-use generic username and password building blockChristian Breunig
2023-03-10rpki: xml: T3255: re-use generic username building blockChristian Breunig
2023-03-10system: proxy: xml: T1843: re-use generic username and password building blockChristian Breunig
2023-03-10Merge pull request #1871 from nicolas-fort/T5055Christian Breunig
T5055: Firewall: add packet-type matcher in firewall and route policy
2023-03-10container: T4959: add registry authentication optionChristian Breunig
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry.
2023-03-09xml: T4952: improve interface completion helper CLI experienceChristian Breunig
2023-03-06T5055: Firewall: add packet-type matcher in firewall and route policyNicolas Fort
2023-03-02login: T5039: Support hashing rounds in `encrypted-password` valuessarthurdev
Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$id$" characters in the salt are followed by "rounds=xxx$", where xxx is an integer, then the result has the form $id$rounds=yyy$salt$encrypted where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is equal to xxx otherwise.
2023-03-01Merge pull request #1854 from Yuanandcircle/currentChristian Breunig
policy: T5035: Add more actions to policy route rule
2023-02-28T4967: xml: provide re-usable constraint for CLI host-name definitionsChristian Breunig
2023-02-28Merge pull request #1857 from nicolas-fort/nft_queueChristian Breunig
T5037: Firewall: Add queue action and options to firewall
2023-02-28T4967: Allow setting container hostnameViacheslav Hletenko
Ability setting container hostname This host name is used as /etc/hostname set container name <tag> host-name 'mybox'
2023-02-28T5037: Firewall: Add queue action and options to firewallNicolas Fort
2023-02-28Merge branch 'vyos:current' into currentYouyuan
2023-02-28Merge pull request #1800 from vfreex/feature-babelChristian Breunig
T4977: Add Babel routing protocol support
2023-02-28Merge pull request #1784 from Zen3515/current-add-container-command-argChristian Breunig
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
2023-02-26policy: T5035: Add more actions to policy route ruleYouyuan
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command
2023-02-23T5017: Add interface ifbX to constraint interface-nameViacheslav Hletenko
2023-02-22T5025: Fix timezones and validator use timedatectlViacheslav Hletenko
Fix timezones completion help and validotor Use 'timedatectl' insted of find zoneinfo
2023-02-18T4886: allow connection-mark 0 value, which is acceptableNicolas Fort
2023-02-17qos: classes: helptext: T5015: Escape % in printfSilvan Raijer
2023-02-17Merge pull request #1826 from aapostoliuk/T5008-sagittaChristian Breunig
macsec: T5008: Changed length of CKN to (2..64 hex-digits)
2023-02-17T5005: PPPoE server allow any login with option noauthViacheslav Hletenko
Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth'
2023-02-17macsec: T5008: Changed length of CKN to (2..64 hex-digits)aapostoliuk
Based on wpa_supplicant documentation. mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string (2..64 hex-digits) Changed allowable length of CKN from strong 64 hex-digits to the range (2..64 hex-digits)
2023-02-16T5002: Add uk United Kindom keymapViacheslav Hletenko
set system option keyboard-layout uk
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-13ipsec: T4968: Added default values to dpd and close actionaapostoliuk
Based on https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html Added default value to dpd_action - clear Added default value to close_action - none
2023-02-12pppoe: wwan: T4998: fix typo in constraintErrorMessageChristian Breunig
2023-02-12pppoe: wwan: T4998: fix username not accepting dot (.)Christian Breunig
This fixes a regressin introduced in commit e22e9c9210cb5 ("wwan: T3622: add constraint for username/password CLI nodes").
2023-02-10Merge pull request #1805 from nicolas-fort/T4857-frr-fixChristian Breunig
T4857: snmp: Fix error when not defining client|network under community
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-02-10Merge pull request #1808 from sever-sever/T1993Christian Breunig
T1993: PPPoE-server add section shaper and fwmark option
2023-02-09wwan: T3622: add constraint for username/password CLI nodesChristian Breunig
- Username is up to 128 alphanumerical characters, -, _, #, and @ - Password is limited to ASCII characters only, with a total lenght of 128
2023-02-09Revert "container: T4959: Add container registry authentication config for ↵Christian Breunig
containers" This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
2023-02-09Merge pull request #1790 from Zen3515/current-add-container-loginChristian Breunig
container: T4959: Add container registry authentication config for containers
2023-02-09Merge pull request #1803 from sever-sever/T4971Christian Breunig
T4971: PPPoE server add named ip pool and attr Framed-Pool
2023-02-08T1993: PPPoE-server add section shaper and fwmark optionViacheslav Hletenko
Extended PPPoE-server rate-limiter to avoid shaping marked resources Often this feature needs for ISP, which provides access to some IX or its resources. set service pppoe-server shaper fwmark '223'
2023-02-08T4977: Add Babel routing protocol supportYuxiang Zhu
This PR adds basic Babel routing protocol support using the implementation in FRR. Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
2023-02-08T2603: PPPoE-server change default min-mtu value 1280Viacheslav Hletenko
Minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Change 'min-mtu' from 1492 to 1280
2023-02-07T4971: PPPoE server add named ip pool and attr Framed-PoolViacheslav Hletenko
Add a new feature to allow to use named pools Also it can be used with RADIUS attribute 'Framed-Pool' set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2023-02-04dhcp-relay: xml: T2408: fix CLI constraintsChristian Breunig
The old interface-name validator was replaced by a faster implementation in OCaml. Interface validator can be selected by including the appropriate code snippet.
2023-02-04dhcp-relay: T2408: use Warning() on deprecated interface CLI nodeChristian Breunig