summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2021-08-21interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵Christian Poessinger
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value.
2021-08-20bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/exportChristian Poessinger
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in
2021-08-20bgp: T3759: fix DOS -> UNIX line endings on route-target building blocksChristian Poessinger
2021-08-20bgp: T3759: create common export/import building block for re-usable route-mapsChristian Poessinger
2021-08-20xml: remove superfluous "interface" prefix from interface includesChristian Poessinger
2021-08-19xml: T3768: drop early XML syntaxVersion implementationJohn Estabrook
2021-08-18bgp: T3759: add l3vpn "route-target vpn" commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast route-target vpn both 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn export 1.1.1.1:100 * set protocols bgp address-family ipv4-unicast route-target vpn import 1.1.1.1:100
2021-08-18bgp: evpn: T1513: re-structure route-target XML blocksChristian Poessinger
Make the both, export and import XML block re-usable by the IPv4 AFI.
2021-08-18bgp: T3759: fix "label vpn" help stringChristian Poessinger
2021-08-18bgp: T3759: add l3vpn "rd" route-distinguisher commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast rd vpn export * set protocols bgp address-family ipv6-unicast rd vpn export
2021-08-18bgp: T3759: add l3vpn "label vpn export" commandsChristian Poessinger
Add the following new commands: * set protocols bgp address-family ipv4-unicast label vpn export (auto | 0-1048575) * set protocols bgp address-family ipv6-unicast label vpn export (auto | 0-1048575)
2021-08-18bgp: T3759: import/export is for AFI "ipv4 unicast" not "ipv4 multicast"Christian Poessinger
2021-08-17bgp: T3759: add l3vpn "import vrf" commandsChristian Poessinger
2021-08-17xml: cleanup - replace format "text" with "txt" as required by the BASH helpersChristian Poessinger
2021-08-17bgp: T3759: add l3vpn import/export vpn command for IPv4/IPv6 AFIChristian Poessinger
2021-08-17bgp: T2174: create building block for path-limit which is used in IPv4/IPv6 AFIChristian Poessinger
2021-08-17policy: T2425: bgp large-community-list name also supports - and _Christian Poessinger
2021-08-17policy: T2425: bgp ext-community-list name also supports - and _Christian Poessinger
2021-08-17policy: T2425: add missing validator for large-community-listsChristian Poessinger
without the validators FRR commit errors would happen.
2021-08-17policy: T2425: add missing constraints for extended and large community listsChristian Poessinger
2021-08-17policy: T2425: update help test for BGP communitiesChristian Poessinger
2021-08-17xml: proxy: use port-number building block for system proxyChristian Poessinger
2021-08-17xml: webproxy: use port-number building block for LDAP connectionChristian Poessinger
2021-08-17xml: wireguard: use port-number building blockChristian Poessinger
2021-08-17xml: syslog: use port-number building blockChristian Poessinger
2021-08-17xml: tftp: use port-number building blockChristian Poessinger
2021-08-17xml: bcast-relay: use port-number building blockChristian Poessinger
2021-08-17xml: vxlan: use port-number building blockChristian Poessinger
2021-08-17xml: include: add error message to port-numberChristian Poessinger
2021-08-17isis: T1316: use common redistribute XML building block for IPv4 and IPv6Christian Poessinger
2021-08-16openvpn: T690: Add metric for pushed routesViacheslav
2021-08-15ospf: T3757: support to configure area at an interface levelChristian Poessinger
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 }
2021-08-15conntrack: T3275: bugfix XML generationChristian Poessinger
This commit fixes an error introduced by 43fcc0db0 ("conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new default behavior") as the <valueless/> option can only be used on leafNodes. THis triggered the following build error: ValueError: <valueless/> is only allowed in <leafNode>
2021-08-15Merge pull request #944 from sever-sever/T3702Christian Poessinger
pbr: T3702: Add rules match fwmark
2021-08-15conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new ↵Lulu Cathrinus Grimalkin
default behavior
2021-08-13vrf: T3734: T3728: vni must be configured with a higher priority then bgpdChristian Poessinger
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp.
2021-08-13Merge pull request #914 from sever-sever/T3673Christian Poessinger
policy: T3673: Add set large-comm-list for route-map
2021-08-13policy: T3673: Add set large-comm-list-delete for route-mapViacheslav
2021-08-11bgp: T3739: add common route-distinguisher XML building blockChristian Poessinger
2021-08-10snmp: T3709: Allow enable oid ipCidrRouteTableViacheslav
2021-08-04ipsec: T3718: fix default processing of ike dh-group proposalsChristian Poessinger
IKE dh-group defaults to 2 (modp1024).
2021-08-02pbr: T3702: Add rules match fwmarkViacheslav
2021-08-01Merge pull request #943 from Cheeze-It/currentChristian Poessinger
isis: T3693: Adding IPv6 redistribution to ISIS
2021-07-31isis: T3693: Adding IPv6 redistribution to ISISCheeze_It
In this commit we add the ability to redistribute into ISIS for IPv6 address family.
2021-07-30bgp: T1176: Add solo option for neighborViacheslav
2021-07-25xml: tunnel: use source-interface building blockChristian Poessinger
2021-07-25ipsec: T1210: add RADIUS authentication for remote-access IKEv2 VPNChristian Poessinger
set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius' set vpn ipsec remote-access connection rw authentication id '192.0.2.1' set vpn ipsec remote-access connection rw authentication server-mode 'x509' set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root' set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos' set vpn ipsec remote-access connection rw esp-group 'ESP-RW' set vpn ipsec remote-access connection rw ike-group 'IKE-RW' set vpn ipsec remote-access connection rw local-address '192.0.2.1' set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4' set vpn ipsec remote-access connection rw unique 'never' set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.2' set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.168.22.0/24' set vpn ipsec remote-access radius nas-identifier 'fooo' set vpn ipsec remote-access radius server 172.16.100.10 key 'secret'
2021-07-25xml: add building block for RADIUS nas-identifierChristian Poessinger
2021-07-25ipsec: T1210: move DHCP server configuration unter remote-access nodeChristian Poessinger
As this is only related to remote-access, keeping it under "options" simply feels wrong.
2021-07-22ipsec: T2816: remove "auto-update" CLI optionChristian Poessinger
Update/refresh of DNS records is now handled internally by Strongswan.