summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-04-21accel-ppp: unify "authentication mode" XML definition to common include fileChristian Poessinger
2020-04-21tunnel: T2204: add source-interfaceThomas Mangin
2020-04-21macvlan: T1635: fix source-interface descriptionChristian Poessinger
2020-04-21dhcpv6: T2341: remove obsolete priority causing priority inversionChristian Poessinger
2020-04-20macvlan: pseudo-ethernet: T2341: adjust priority to support bond ↵Christian Poessinger
source-interfaces
2020-04-19xml: T2337: bugfix on missing hw-id nodeChristian Poessinger
Commit 021a2470bd67 ("XML: T2282: clarify on ethernet and wireless hw-id nodes") created a common XML include file out of the MAC address include file which totally blew everything as we now have two "mac" nodes as it was not renamed to "hw-id".
2020-04-19{pppoe,ipoe}-server: T2324: T2314: migrate to common accel-name-server XMLChristian Poessinger
2020-04-19ipoe-server: T2324: use common accel-radius-additions XML fileChristian Poessinger
2020-04-19pppoe-server: T2314: add common accel-radius-additions XML fileChristian Poessinger
2020-04-18ipoe-server: T2324: migrate IPv6 client IP pool to common CLI nodesChristian Poessinger
2020-04-18ipoe-server: T2324: migrate RADIUS configuration to common CLI syntaxChristian Poessinger
2020-04-18ipoe-server: T2324: migrate IPv4/IPv6 name-servers to common nodeChristian Poessinger
2020-04-18ipoe-server: T2324: remove boilerplate code and adjust to other accel ↵Christian Poessinger
implementations
2020-04-18router-advert: rename XML/Python files for a common patternChristian Poessinger
2020-04-18ipoe-server: rename XML/Python files for a common patternChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validationChristian Poessinger
2020-04-18pppoe-server: T2314: migrate RADIUS configuration to common CLI syntaxChristian Poessinger
2020-04-18vpn: l2tp: pptp: sstp: rename files to common patternChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common nodeChristian Poessinger
Instead of having "dns-server server-1|server-2" nodes and the same for IPv6 all DNS nameservers are migrated to a common name-servers node.
2020-04-18pppoe-server: T2314: remove boilerplate code and adjustChristian Poessinger
2020-04-17wireless: T2306: bugfix: insert missing </leafNode>Alain Lamar
2020-04-17wireless: T2306: Add new cipher suites to the WiFi configurationAlain Lamar
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully.
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-13Merge pull request #325 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2235: add custom server pool handling
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field
2020-04-13XML: T2282: clarify on ethernet and wireless hw-id nodesChristian Poessinger
2020-04-11vpn: l2tp: T2264: migrate IPv6 prefix node to common CLI styleChristian Poessinger
Combining multiple options into a single CLI node is considered bad practice. IPv6 prefixes consited of the prefix itself and a mask send to the client in one node only. The following CLI parts have been migrated from client-ipv6-pool { delegate-prefix fc00:0:1::/48,64 prefix 2001:db8::/64,64 } to client-ipv6-pool { delegate fc00:0:1::/48 { delegation-prefix 48 } prefix 2001:db8::/48 { mask 64 } } Thus regular validation steps from the VyOS CLI can be used when a prefix is configured.
2020-04-11vpn: l2tp: T2110: re-use RADIUS XML include fileChristian Poessinger
2020-04-11vpn: l2tp: T2264: remove RADIUS req-limit nodeChristian Poessinger
It makes less sense for the user to specify this behavior.
2020-04-11vpn: l2tp: T2264: combine WINS CLI syntaxChristian Poessinger
There is no reason to distinguish between WINS servers in terms of priority. This is solely a task which can be done in the underlaying Python scripts.
2020-04-11vpn: l2tp: T2264: combine IPv4/IPv6 name-server CLI syntaxChristian Poessinger
There is no reason to distinguish between an IPv4 and IPv6 name-server node on the CLI - this can be done in the underlaying Python scripts.
2020-04-11vpn: l2tp: T2264: rename files to match CLI levelsChristian Poessinger
2020-04-10l2tp: xml: group interface definition into vpn sectionChristian Poessinger
2020-04-10vif-c: T2240: add VRF supportChristian Poessinger
2020-04-10Revert "vif-s: T2240: add VRF support"Christian Poessinger
This reverts commit 2d33cf656f5856fb06e8390fc2250bb99ea0206b.
2020-04-09vxlan: T2172: add source-address optionChristian Poessinger
This is a base requirement for l2vpn evpn. When source-address is configured, the option "local <source-addr> nolearning" is appended when creating the interface as mentioned here: https://vincent.bernat.ch/en/blog/2017-vxlan-bgp-evpn
2020-04-09xml: radius: update source-address valueHelpChristian Poessinger
2020-04-09vxlan: pseudo-ethernet: T2260: convert link nodes to source-interfaceChristian Poessinger
2020-04-08vif-s: T2240: add VRF supportChristian Poessinger
2020-04-08wireguard: T2244: split port configuration to XML include fileChristian Poessinger
2020-04-08wireguard: T2247: add VRF supportChristian Poessinger
2020-04-08wireguard: T2244: use xml include for mtuChristian Poessinger
2020-04-08tunnel: T1579: Change help value for encapsulation nodeEshenko Dmitriy
2020-04-07http api: T2160: move 'api virtual-host' to 'api-restrict virtual-host'John Estabrook
Restriction of api proxy should be owned by https.py, not http-api.py.
2020-04-05flow-accounting: improve value help on ipfixChristian Poessinger
2020-04-05wireless: T2212: bugfix for BF-ANTENNA and SOUNDING-DIMENSION flagsalainlamar
VHT flags deal with many variables which depend on antenna count and supported features. BF-ANTENNA-(2|3|4) and SOUNDING-DIMENSION-(2|3|4) were not dealt with correctly. IEEE 802.11ac (VHT) supports at least 1 antenna and up to 8 antennas at most. The hsotapd VHT flags may support as many but most do not. Therefore, we need to be picky here...
2020-04-05wireguard: T2228: support ports less then 1024Christian Poessinger
2020-04-05wireguard: T2206: add valueHelp for listen portChristian Poessinger
2020-04-05wireguard: T2206: split endpoint node into address and portChristian Poessinger
WireGuard has been the only subsystem combining a remote ip address and a remote port number into a single node. This is bad as there is no possiblity for the XML based input validation for IP address and port numbers. That's the reason the peer endpoint node goets migrated into a peer address and a peer port node utilizing the embedded syntax node checking for IP addresses and port ranges.