summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-04-03interfaces: XML: constraint: add start of line ^ to regexChristian Poessinger
2020-04-03vrf: T31: name of isntance is not allowed to mimic an interface nameChristian Poessinger
Every VRF that's created is not allowed to be named like any interface that can be active on the system. This includes eth, lan, br, dum, lo .... In theoriy this would work but as soon as such a regular interface is created things will go sideways rather quick thus we limit the namespace which can be used to create a VRF. Appending an interface name is still possible like coolvrf-eth0.
2020-04-02wwan: vrf: T2200: add CLI options and parse configuration to dictionaryChristian Poessinger
2020-04-02bridge: l2tpv3: T1823: readjust overall prioritiesChristian Poessinger
Every interface on the system can be a member of a bridge - thus the bridge interface must be the one interface which has the highest priority compared to all other interfaces - incl. l2tpv3. With this change the system boots up fine with also l2tpv3 interfaces participating as bridge members. This change was needed as a l2tpv3 interface requires proper configured routing oin the system, else adding the interface will fail miserably: FileNotFoundError: [Errno 2] ip l2tp add tunnel tunnel_id 200 peer_tunnel_id 100 udp_sport 4000 udp_dport 3000 encap udp local 172.18.201.10 remote 172.18.203.10 returned: RTNETLINK answers: Network is unreachable
2020-04-02l2tpv3: T1823: change interface priorityChristian Poessinger
As L2TPv3 interfaces can be member interface of a bridge device it must be configured prior to the bridge - else the system will boot with an error as member adding fails.
2020-03-30http api: T2160: allow restricting HTTP API to specific serversJohn Estabrook
By default, the HTTP API will be proxied by any nginx virtual server. Allow specifying a subset of servers to act as proxy.
2020-03-29vrf: T2178: table id must start at 100Christian Poessinger
... to not cause any issues with buildin tables or PBR. PBR uses table 1 - 200 so there is a small overlap (by intention)
2020-03-28wwan: T1988: add ipv6 addressing nodesChristian Poessinger
2020-03-28wwan: T1988: support interface disableChristian Poessinger
2020-03-28wwan: T1988: initial XML/Python representationChristian Poessinger
2020-03-28ipv6: T1831: migrate eui64 addressing to XML and pythonChristian Poessinger
2020-03-28ipv6: T1831: migrate autoconf nodeChristian Poessinger
Autoconfigure addresses using Prefix Information in Router Advertisements.
2020-03-28ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodesChristian Poessinger
... to new XML and Python based frontend/backend.
2020-03-27pim: T1729: Basic PIM implementationDmitriyEshenko
2020-03-24service https: T2157: Organize server block directives as 'virtual host'John Estabrook
2020-03-24router-advert: T1831: new implementation using XML and PythonChristian Poessinger
2020-03-23tunnel: T31: add support for vrf on tunnelsThomas Mangin
2020-03-22tunnel: T2028: move interface tunnel to XML/PythonThomas Mangin
This patch migrates the "interface tunnel" section to xml/python
2020-03-22sstp: T2150: use full file path on SSL certificatesChristian Poessinger
2020-03-21salt: import salt-minion configuration from vyos-salt-minionChristian Poessinger
2020-03-20sstp: T2008: migrate SSL certificate nodesChristian Poessinger
2020-03-20sstp: T2006: fix valueHelp and validators for numeric valuesChristian Poessinger
2020-03-20sstp: T2008: remove req-limit config nodeChristian Poessinger
Limiting the amount of requests passed to a server seems to be the wrong way to tackle a problem.
2020-03-20sstp: T2110: use uniform RADIUS CLI syntaxChristian Poessinger
- migrate RADIUS configuration to a more uniform syntax accross the system - authentication radius-server x.x.x.x to authentication radius server x.x.x.x - authentication radius-settings to authentication radius
2020-03-20sstp: T2008: dns: unwind configurationChristian Poessinger
2020-03-20sstp: T2008: move to vpn nodeChristian Poessinger
2020-03-20sstp: T2007: fix MTU boundariesChristian Poessinger
2020-03-19Merge pull request #247 from DmitriyEshenko/mpls-implChristian Poessinger
mpls: T915: Basic MPLS implementation
2020-03-18mpls: T915: Basic MPLS implementationDmitriyEshenko
2020-03-16syslog: T2131: improve valueHelpChristian Poessinger
2020-03-16syslog: T2131: add generic fqdn validatorChristian Poessinger
2020-03-08radius: T2110: move timeout back to system-loginChristian Poessinger
... as e.g. wireless interfaces can not have a timeout specified.
2020-03-08wireless: radius: T2110: migrate to XML includeChristian Poessinger
2020-03-08radius: T2110: provide uniform XML include file for server configurationChristian Poessinger
2020-03-08vrf: T31: enable vrf support for wireless interfaceChristian Poessinger
2020-03-08vrf: T31: enable vrf support for pseudo-ethernet/macvlan interfaceChristian Poessinger
2020-03-08vrf: T31: support VRF usage on VLAN/VIF interfacesChristian Poessinger
2020-03-07vrf: T31: enable vrf support for pppoe interfaceChristian Poessinger
2020-03-06vrf: T31: enable vrf support for bridge interfaceChristian Poessinger
2020-03-06vrf: T31: enable vrf support for bonding interfaceChristian Poessinger
2020-03-06vrf: T31: enable vrf support for ethernet interfaceChristian Poessinger
2020-03-04vrf: T31: enable vrf support for dummy interfaceChristian Poessinger
2020-03-04vrf: T31: rename 'vrf disable-bind-to-all ipv4' to 'vrf bind-to-all'Christian Poessinger
By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to an l3mdev and processes may bind to the same port if they bind to an l3mdev. TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling the 'vrf bind-to-all' option.
2020-03-04vrf: T31: support add/remove of interfaces from vrfChristian Poessinger
2020-03-04xml: include: description: adjust help messageChristian Poessinger
2020-03-04vrf: T31: improve help for routing tableChristian Poessinger
2020-03-04vrf: T31: reuse interface-description.xml.i for instance descriptionChristian Poessinger
2020-03-04vrf: T31: use embedded regex on 'vrf name' instead of python scriptChristian Poessinger
2020-03-04vrf: T31: initial support for a VRF backend in XML/PythonThomas Mangin
This is a work in progress to complete T31 whoever thought it was less than 1 hour of work was ..... optimistic. Only VRF vreation and show is supported right now. No interface can be bound to any one VRF.
2020-02-27openvpn: T2075: add support for OpenVPN tls-crypt file optionChristian Poessinger
Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy)