summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2026-05-27ipsec: T8912: Fix log level not respected in system journalOleksandr Kuchmystyi
When setting 'vpn ipsec logging log-level 0', DPD informational messages (log level 1) were still appearing in the system journal. The root cause is that charon-systemd reads both `charon-systemd.conf` and `charon-logging.conf` and applies the higher of the two log levels to the journal. The VyOS only managed `charon-systemd.conf`, leaving `charon-logging.conf` at its default level of 1, which silently overrode the user-configured level. Fix this by rendering `charon-logging.conf` on every commit with syslog backend set to -1 (silent), making `charon-systemd.conf` the sole authoritative source for journal log verbosity. This also eliminates duplicate log entries in the journal that occurred when both backends were active and writing to the same destination.
2026-05-26Merge pull request #5197 from alexandr-san4ez/T7555-currentViacheslav Hletenko
ipsec: T7555: Implement `ikev2-reauth` for site-to-site peers
2026-05-26Merge pull request #5119 from AppMana/T8480Christian Breunig
wan: T8480: add suppress_prefixlength ip rules for internal routing
2026-05-25Merge pull request #5215 from alexk37/T8910-ipoe-idle-timeoutChristian Breunig
T8910: ipoe-server: expose accel-ppp idle-timeout option
2026-05-22Merge pull request #5214 from giga1699/T7654Christian Breunig
openconnect: T7654: OpenConnect Script Execution
2026-05-22T8910: ipoe-server: expose accel-ppp idle-timeout optionAlex Kudentsov
Add a CLI knob to terminate idle IPoE sessions after a configurable timeout: set service ipoe-server idle-timeout <0-86400> Today there is no way to age out stale IPoE sessions: clients that go silent (powered off, link down) leave a session record on the router indefinitely. accel-ppp natively supports idle-timeout in its [ipoe] section but VyOS did not expose it. The option is added as a shared accel-ppp include so it can be reused by other accel-ppp services in follow-up PRs.
2026-05-22Merge pull request #5198 from indrajitr/T8862-dhcpv6-reservation-multiViacheslav Hletenko
dhcpv6: T8862: Allow multiple addresses and prefixes for reservations
2026-05-21openconnect: T7654: OpenConnect Script ExecutionGiga Murphy
2026-05-21ntp: T8601: add local stratum optionanderbak
2026-05-21T8822: Add BFD strict mode for BGPViacheslav Hletenko
2026-05-20ipsec: T7555: Implement `ikev2-reauth` for site-to-site peersOleksandr Kuchmystyi
IKEv2 reauthentication was configurable via CLI but never translated into `swanctl.conf`. Add `reauth_time` to the peer connection template, driven by the `ikev2-reauth` flag on the ike-group and the per-peer override (yes/no/inherit).
2026-05-19high-availability: T7059: Allow disabling persistent connections for ↵Nataliia S.
virtual-server (#5205)
2026-05-16dhcpv6: T8862: Allow multiple addresses and prefixes for reservationsIndrajit Raychaudhuri
Add support for allowing DHCPv6 to assign reservations for multiple addresses and prefixes to a single client simultaneously.
2026-05-14dhcpv6: T8849: Add time-zone support for Kea DHCPv6 (#5190)Indrajit Raychaudhuri
* dhcpv6: T8849: Add time-zone support for Kea DHCPv6 Add DHCPv6 option support for time zone (RFC4833 options 41 and 42). This includes both the POSIX-style TZ string (`new-posix-timezone`) and the IANA time zone name (`new-tzdb-timezone`). * dhcpv6: T8849: Refactor per code-review suggestion * dhcpv6: T8849: Reformat for compliance
2026-05-13bgp: T8588: Add match source-peer to policy route-map (#5149)Robin Christ
2026-05-13T8600: Add option to change logging verbosity in Kea (#5178)Nataliia S.
2026-05-12wan: T8480: make only-default-route opt-indoctorpangloss
2026-05-12frr: T8606: add watchfrr timeout option (#5165)anderbak
Co-authored-by: Christian Breunig <christian@breunig.cc>
2026-05-11bgp: T8607: Add CLI support for BGP update-delay and establish-waitNataliia Solomko
2026-05-06xml: T8467: remove duplicate lineJohn Estabrook
This duplication did not cause any harm, but was found in the general clean up related to element 'properties' collisions.
2026-05-06xml: T8467: remove unnecessary include, obscuring value helpJohn Estabrook
The include is unnecessary, as the element is fully defined in the subsequent lines. As node.def files are only populated on the first instance, this leads to loss of the proper value help entries hence completions. Without these changes, for example: vyos@vyos# set system conntrack ignore ipv4 rule 137 protocol will not list 'all', 'tcp_udp', etc. as intended.
2026-04-30T6750: sr-te: Adding initial Segment Routing Traffic Engineering portion of ↵Cheeze-It
FRR (#4994) * sr-te: T6750: Adding Segment Routing Traffic Engineering portion of FRR --------- Co-authored-by: Cheeze_It <none@none.com> Co-authored-by: Christian Breunig <christian@breunig.cc>
2026-04-29Merge pull request #5148 from yahyacivelek/currentChristian Breunig
T8587: fix XML data type from u32 to u64 where range exceeds uint32 max
2026-04-29Merge pull request #5150 from robinchrist/T8589-bgp-route-map-evpn-route-typesViacheslav Hletenko
bgp: T8589: Add ead, es and [1-5] to route-map match evpn route-type
2026-04-28Merge pull request #5151 from natali-rs1985/T8293Daniil Baturin
T8293: Add ability to set timeout for high-availability health-check
2026-04-27T8293: Add ability to set timeout for high-availability health-checkNataliia Solomko
Setting a timeout allows VRRP health-check scripts to run longer than the set interval. Without timeout, keepalived considers the script as failed after interval seconds. With timeout set higher than interval, the script has more time to complete before being marked as failed and transitioning VRRP to FAULT state.
2026-04-27bgp: T8589: Add ead, es and [1-5] to route-map match evpn route-typeRobin Christ
2026-04-27T8587: fix XML data type from u32 to u64 where range exceeds uint32 maxYahya Civelek
The following nodes specified u32 but their range values exceed the uint32 maximum (4,294,967,295): - service lldp interface location coordinate-based elin: u32:0-9999999999 -> u64:0-9999999999 - vpn ipsec esp-group life-bytes: u32:1024-26843545600000 -> u64:1024-26843545600000 - vpn ipsec esp-group life-packets: u32:1000-26843545600000 -> u64:1000-26843545600000
2026-04-27T8535: Remove next-hop-self for BGP link stateKyrylo Yatsenko
BGP link-state doesn't support next-hop-self, so remove it.
2026-04-21bridge: T8411: Allow disabling MAC learning on bridge member interfacesNataliia Solomko
2026-04-15T8457: BGP link-state address familyKyrylo Yatsenko
2026-04-14Merge pull request #5092 from c-po/kernel-serial-activationChristian Breunig
serial: T8375: use boot activation script to define a serial console on the CLI
2026-04-10Merge pull request #5108 from sever-sever/T8448Christian Breunig
T8448: add an option to enable SNMP traps in VRRP
2026-04-10T8448: VRRP add configuration for the SNMP trapsViacheslav Hletenko
Allow to configure Keepalived VRRP traps - set high-availability vrrp snmp trap
2026-04-10Merge pull request #5115 from c-po/commit-archive-vrfDaniil Baturin
remote: T4732: add VRF option for commit-archive
2026-04-09serial: T8375: add CLI option to explicitly set kernel consoleChristian Breunig
Previously, VyOS hardcoded the kernel boot log console to either ttyS0 or tty0, with no post-install CLI method to change it (manual GRUB edits were required). This commit adds a new CLI node: system console device <name> kernel When set, the selected serial console is used as the kernel boot console. When removed, the kernel boot console falls back to tty0.
2026-04-09xml: T8375: add CLI help for ttyAMA serial console interfacesChristian Breunig
2026-04-09conntrack-sync: T8189: Add conntrackd FTFW PurgeTimeout settingNataliia Solomko
2026-04-06remote: T4732: add VRF option for commit-archiveChristian Breunig
Add new CLI option to make transfers to the commit-archive working using a dedicated (e.g. management) VRF. set system config-management commit-archive vrf MGMT All transfers using vyos.remote module will now run through the VRF defined on the CLI.
2026-03-30Merge pull request #5089 from robinchrist/T7338-bgp-as-notationChristian Breunig
bgp: T7338: Add support for "parameters as-notation <asdot|asdot+>"
2026-03-30Merge pull request #5094 from sever-sever/T8222Daniil Baturin
T8222: Set the default VXLAN interface TTL to 64
2026-03-29bgp: T7338: Add support for "parameters as-notation <asdot|asdot+>"Robin Christ
We explicitly omit the "plain" option, as it is the implicit default in FRR We also do not want to add "plain" as VyOS default value and emit it by default as this makes the config a bit ugly (frr puts it in the router line so you get "router bgp <AS> as-notation plain"). Additionally, setting plain as default value and emitting it by default would break pretty much all BGP tests, as they commonly do self.getFRRconfig(f'router bgp {ASN}', stop_section='^exit') and getFRRConfig does a "^<content>$" match, which breaks when you add the "as-notation plain"
2026-03-27T8410: Fix typos and mistakes for comments and messagesViacheslav Hletenko
Fix typos and mistakes No functional changes
2026-03-27T8222: Set the default VXLAN interface TTL to 64Viacheslav Hletenko
Default TTL of 16 is insufficient in many deployments, especially in multi-hop or routed underlay networks. Increase it to 64 to provide better compatibility and avoid packet drop in real-world topologies.
2026-03-26pseudo-ethernet: T8434: source-interface does not show bridge or bond interfacesChristian Breunig
We can create pseudo-ethernet (peth, macvlan) interfaces from bond or bridge interfaces as the unddelraying parent, so the completion helper should honor it.
2026-03-24T8410: Fix typos and mistakes for operational and configuration commandsViacheslav Hletenko
Fix typos and mistakes in the commands and comments No functional changes
2026-03-24Merge pull request #5039 from natali-rs1985/T8355Daniil Baturin
vpp: T8355: Set MTU for vpp interfaces
2026-03-23vpp: T8355: Set MTU for vpp interfacesNataliia Solomko
2026-03-20dhcpv6: T8414: missing prefix-delegation interface constraintChristian Breunig
2026-03-18Merge pull request #5041 from alexandr-san4ez/T8315-currentDaniil Baturin
vpp: T8315: Add support for configuring unsupported NICs and update compatible list