summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2019-09-20Merge pull request #133 from vindenesen/openvpn-minimum-tls-versionDaniil Baturin
[OpenVPN] T1675: Added setting for minimum tls version
2019-09-20OpenVPN - changed tls-minimum-version to tls-version-minvindenesen
2019-09-20openvpn: T1548: add validator for TLS cert filesChristian Poessinger
2019-09-19OpenVPN - Added setting for minimum tls versionvindenesen
2019-09-19Added setting for tls-auth. Added check for if tls_cert and tls_key was defined.vindenesen
2019-09-16[IPoE] - T1664: Ipoe with bond per vlan don't workhagbard
2019-09-12[l2tp] T834 Implementation advanced ppp-options/lcp.DmitriyEshenko
2019-09-10[wireguard]: T1572 - Wireguard keyPair per interfacehagbard
- param key location added in op-mode script - param delkey and listkey implemented in op-mode script - param delkey implemented in op-mode script - generate and store named keys - interface implementation tu use cli option 'private-key'
2019-09-06vxlan: T1636: initial rewrite with XML and PythonChristian Poessinger
Tested using: Site 1 (VyOS 1.2.2) ------------------- set interfaces vxlan vxlan100 address '10.10.10.2/24' set interfaces vxlan vxlan100 remote '172.18.201.10' set interfaces vxlan vxlan100 vni '100' Site 2 (rewrite) ---------------- set interfaces vxlan vxlan100 address '10.10.10.1/24' set interfaces vxlan vxlan100 description 'VyOS VXLAN' set interfaces vxlan vxlan100 remote '172.18.202.10' set interfaces vxlan vxlan100 vni '100'
2019-09-06Python/ifconfig: T1557: vxlan: initial support via VXLANIfChristian Poessinger
2019-09-06openvpn: T1548: use long syntax on list_interfaces.py '--type' instead of '-t'Christian Poessinger
2019-09-06bridge: T1556: make ARP cache constraint error message more genericChristian Poessinger
2019-09-06bonding: T1614: make ARP cache constraint error message more genericChristian Poessinger
2019-09-04[service https] T1443: rename "server-names" option to "server-name".Daniil Baturin
2019-09-04[service https] T1443: use "listen-address" option instead of "listen-addresses"Daniil Baturin
to follow the established convention.
2019-09-04bonding: T1614: Initial version in new style XML/Python interfaceChristian Poessinger
The node 'interfaces ethernet eth0 bond-group' has been changed and de-nested. Bond members are now configured in the bond interface itself. set interfaces bonding bond0 member interface eth0
2019-09-01Revert "bridge: T1556: increase max-age range to 1200 (30 minutes)"Christian Poessinger
This reverts commit 3b119c91ca70c51aab24d4ef8b3913f47281321a.
2019-09-01bridge: T1556: change 'aging' help textChristian Poessinger
2019-08-31bridge: T1556: increase max-age range to 1200 (30 minutes)Christian Poessinger
2019-08-27[service https] T1443: Correct the use of listen/server_name directivesJohn Estabrook
2019-08-26bridge: T1556: bugfix: aging range validatorChristian Poessinger
2019-08-26bridge: T1556: bugfix: disable node must be valuelessChristian Poessinger
2019-08-23[dummy] T1609 migrate to vyos.interfaceconfig, adding check ip-cidr, adding ↵DmitriyEshenko
vyos.interfaceconfig common ipv4/ipv6 functions
2019-08-23[dummy] T1609 Fixing dummy interface stateDmitriyEshenko
2019-08-21loopback: T1601: rewrite using XML/Python definitionsChristian Poessinger
2019-08-20powerdns: T1595: remove 'listen-on' CLI optionChristian Poessinger
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-08-19dummy: T1580: rewrite in new style XML/PythonChristian Poessinger
2019-08-19openvpn: T1548: remove authy 2fa providerChristian Poessinger
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device.
2019-08-18[bridge] T1156: increase bridge priority - bridge interfaces after all ↵Christian Poessinger
member interfaces are configured
2019-08-17openvpn: T1548: 'disabled' leafNode must be valuelessChristian Poessinger
2019-08-17Merge pull request #107 from c-po/t1548-openvpnChristian Poessinger
T1548 openvpn
2019-08-16openvpn: T1548: initial rewrite with XML and PythonChristian Poessinger
2019-08-14[bfd] T1183: Added validations and fixing bugs in BFD:zsdc
* added validations for "source address IP" and "bfd peer IP" * added check for configuring multihop together with an interface name * fixed "show protocols bfd peer X" for peers with custom options
2019-08-14[service https] T1443: add self-signed TLS certificateJohn Estabrook
2019-08-09[bfd] T1183: Added some new functionality and fixed bugs in BFD:zsdc
* added option "echo-mode" and "echo-interval" for BFD peers * added configuration check for usage "multihop" and "echo-mode" * added configuration check for denying deletion BFD peers, which are used in BGP configuration * fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.) * deleted wrong skipping of configuration check for "shutdown" BFD peers
2019-08-07[l2tp] T1566 ipv6 implementationDmitriyEshenko
2019-08-07XML: WireGuard: run interfacedefinition through XML lintChristian Poessinger
2019-08-07Validator: rename cidr -> ip-cidr to match existing patternsChristian Poessinger
2019-08-05[bridge] T1156: add XML completion helpers for interface address (dhcp and ↵Christian Poessinger
dhcpv6)
2019-08-05[bridge] T1156: add XML address constraintsChristian Poessinger
2019-08-05[bridge] T1156: remove priority of address nodeChristian Poessinger
2019-08-04[bridge] T1156: rename igmp-snooping node to igmpChristian Poessinger
2019-08-03[bridge] T1156: support adding and removing bridge member interfacesChristian Poessinger
This is the new syntax bridge br0 { member { interface eth0 { cost 10 } interface eth1 { cost 11 } } }
2019-08-02[bridge] T1156: first working implementation using Python and XMLChristian Poessinger
2019-08-02WireGuard: rename wireguard.py -> interface-wireguard.pyChristian Poessinger
2019-08-02WireGuard: rename wireguard.xml -> interfaces-wireguard.xmlChristian Poessinger
2019-07-31T1555 Implementation shared-secret for LNS. Implementation command disabling ↵DmitriyEshenko
ccp.
2019-07-30Merge pull request #94 from hagbard-01/sstphagbard-01
[SSTP] - T853: accel-ppp: SSTP implementation
2019-07-30[SSTP] - T853: accel-ppp: SSTP implementationhagbard