summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-04-17wireless: T2306: bugfix: insert missing </leafNode>Alain Lamar
2020-04-17wireless: T2306: Add new cipher suites to the WiFi configurationAlain Lamar
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully.
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-13Merge pull request #325 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2235: add custom server pool handling
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field
2020-04-13XML: T2282: clarify on ethernet and wireless hw-id nodesChristian Poessinger
2020-04-11vpn: l2tp: T2264: migrate IPv6 prefix node to common CLI styleChristian Poessinger
Combining multiple options into a single CLI node is considered bad practice. IPv6 prefixes consited of the prefix itself and a mask send to the client in one node only. The following CLI parts have been migrated from client-ipv6-pool { delegate-prefix fc00:0:1::/48,64 prefix 2001:db8::/64,64 } to client-ipv6-pool { delegate fc00:0:1::/48 { delegation-prefix 48 } prefix 2001:db8::/48 { mask 64 } } Thus regular validation steps from the VyOS CLI can be used when a prefix is configured.
2020-04-11vpn: l2tp: T2110: re-use RADIUS XML include fileChristian Poessinger
2020-04-11vpn: l2tp: T2264: remove RADIUS req-limit nodeChristian Poessinger
It makes less sense for the user to specify this behavior.
2020-04-11vpn: l2tp: T2264: combine WINS CLI syntaxChristian Poessinger
There is no reason to distinguish between WINS servers in terms of priority. This is solely a task which can be done in the underlaying Python scripts.
2020-04-11vpn: l2tp: T2264: combine IPv4/IPv6 name-server CLI syntaxChristian Poessinger
There is no reason to distinguish between an IPv4 and IPv6 name-server node on the CLI - this can be done in the underlaying Python scripts.
2020-04-11vpn: l2tp: T2264: rename files to match CLI levelsChristian Poessinger
2020-04-10l2tp: xml: group interface definition into vpn sectionChristian Poessinger
2020-04-10vif-c: T2240: add VRF supportChristian Poessinger
2020-04-10Revert "vif-s: T2240: add VRF support"Christian Poessinger
This reverts commit 2d33cf656f5856fb06e8390fc2250bb99ea0206b.
2020-04-09vxlan: T2172: add source-address optionChristian Poessinger
This is a base requirement for l2vpn evpn. When source-address is configured, the option "local <source-addr> nolearning" is appended when creating the interface as mentioned here: https://vincent.bernat.ch/en/blog/2017-vxlan-bgp-evpn
2020-04-09xml: radius: update source-address valueHelpChristian Poessinger
2020-04-09vxlan: pseudo-ethernet: T2260: convert link nodes to source-interfaceChristian Poessinger
2020-04-08vif-s: T2240: add VRF supportChristian Poessinger
2020-04-08wireguard: T2244: split port configuration to XML include fileChristian Poessinger
2020-04-08wireguard: T2247: add VRF supportChristian Poessinger
2020-04-08wireguard: T2244: use xml include for mtuChristian Poessinger
2020-04-08tunnel: T1579: Change help value for encapsulation nodeEshenko Dmitriy
2020-04-07http api: T2160: move 'api virtual-host' to 'api-restrict virtual-host'John Estabrook
Restriction of api proxy should be owned by https.py, not http-api.py.
2020-04-05flow-accounting: improve value help on ipfixChristian Poessinger
2020-04-05wireless: T2212: bugfix for BF-ANTENNA and SOUNDING-DIMENSION flagsalainlamar
VHT flags deal with many variables which depend on antenna count and supported features. BF-ANTENNA-(2|3|4) and SOUNDING-DIMENSION-(2|3|4) were not dealt with correctly. IEEE 802.11ac (VHT) supports at least 1 antenna and up to 8 antennas at most. The hsotapd VHT flags may support as many but most do not. Therefore, we need to be picky here...
2020-04-05wireguard: T2228: support ports less then 1024Christian Poessinger
2020-04-05wireguard: T2206: add valueHelp for listen portChristian Poessinger
2020-04-05wireguard: T2206: split endpoint node into address and portChristian Poessinger
WireGuard has been the only subsystem combining a remote ip address and a remote port number into a single node. This is bad as there is no possiblity for the XML based input validation for IP address and port numbers. That's the reason the peer endpoint node goets migrated into a peer address and a peer port node utilizing the embedded syntax node checking for IP addresses and port ranges.
2020-04-05wwan: T1988: remove trailing whitespace in XMLChristian Poessinger
2020-04-05Merge pull request #304 from DmitriyEshenko/cur-pim-igm-p2Christian Poessinger
pim: T1729: Add dr-priority and IGMP join support
2020-04-04pim: T1729: Add dr-priority and IGMP join supportDmitriyEshenko
2020-04-04wireless: T2208: bugfix: errors in the XML and Python fileAlain Lamar
Commits to "interfaces wireless wlanX capabilities vht link-adaptation (unsolicited|both)" always failed.
2020-04-04pppoe: T1318: support more then 99 dialer interfacesChristian Poessinger
2020-04-03Merge pull request #296 from zdc/T1820Christian Poessinger
VRRP: T1820: Added transition-script support for sync-groups
2020-04-03interfaces: XML: constraint: add start of line ^ to regexChristian Poessinger
2020-04-03vrf: T31: name of isntance is not allowed to mimic an interface nameChristian Poessinger
Every VRF that's created is not allowed to be named like any interface that can be active on the system. This includes eth, lan, br, dum, lo .... In theoriy this would work but as soon as such a regular interface is created things will go sideways rather quick thus we limit the namespace which can be used to create a VRF. Appending an interface name is still possible like coolvrf-eth0.
2020-04-02wwan: vrf: T2200: add CLI options and parse configuration to dictionaryChristian Poessinger
2020-04-02bridge: l2tpv3: T1823: readjust overall prioritiesChristian Poessinger
Every interface on the system can be a member of a bridge - thus the bridge interface must be the one interface which has the highest priority compared to all other interfaces - incl. l2tpv3. With this change the system boots up fine with also l2tpv3 interfaces participating as bridge members. This change was needed as a l2tpv3 interface requires proper configured routing oin the system, else adding the interface will fail miserably: FileNotFoundError: [Errno 2] ip l2tp add tunnel tunnel_id 200 peer_tunnel_id 100 udp_sport 4000 udp_dport 3000 encap udp local 172.18.201.10 remote 172.18.203.10 returned: RTNETLINK answers: Network is unreachable
2020-04-02l2tpv3: T1823: change interface priorityChristian Poessinger
As L2TPv3 interfaces can be member interface of a bridge device it must be configured prior to the bridge - else the system will boot with an error as member adding fails.
2020-04-02VRRP: T1820: Added transition-script support for sync-groupszsdc
Note: if transition-scripts configured for both vrrp instance and sync group, which are it a member of, both scripts will be executed.
2020-03-30http api: T2160: allow restricting HTTP API to specific serversJohn Estabrook
By default, the HTTP API will be proxied by any nginx virtual server. Allow specifying a subset of servers to act as proxy.
2020-03-29vrf: T2178: table id must start at 100Christian Poessinger
... to not cause any issues with buildin tables or PBR. PBR uses table 1 - 200 so there is a small overlap (by intention)
2020-03-28wwan: T1988: add ipv6 addressing nodesChristian Poessinger
2020-03-28wwan: T1988: support interface disableChristian Poessinger
2020-03-28wwan: T1988: initial XML/Python representationChristian Poessinger
2020-03-28ipv6: T1831: migrate eui64 addressing to XML and pythonChristian Poessinger
2020-03-28ipv6: T1831: migrate autoconf nodeChristian Poessinger
Autoconfigure addresses using Prefix Information in Router Advertisements.
2020-03-28ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodesChristian Poessinger
... to new XML and Python based frontend/backend.