Age | Commit message (Collapse) | Author |
|
We drop default values 'port' but don't set it again per server
Fix it
|
|
T5091: IPoE-server verify RADIUS settings
|
|
As we don't have global option 'gateway-address' for ipoe-server
we cannot use general configverify.verify_accel_ppp_base_service
Add verify radius setting for configuration mode 'radius'
Radius authentication required at least one RADIUS server
|
|
Add sFlow feature based on hsflowd
According to user reviews, it works more stable and more productive
than pmacct
I haven't deleted 'pmacct' 'system flow-accounting sflow' yet
It could be migrated or deprecated later
set system sflow agent-address '192.0.2.14'
set system sflow interface 'eth0'
set system sflow interface 'eth1'
set system sflow polling '30'
set system sflow sampling-rate '100'
set system sflow server 192.0.2.1 port '6343'
set system sflow server 192.0.2.11 port '6343'
|
|
Add template to generate zebra
"ipv6 protocol ospf6 route-map xxx"
|
|
Container registry CLI node changed from leafNode to tagNode with the same
defaults. In addition we can now configure an authentication option per
registry.
|
|
This will check if mirror/redirect is present on a QoS interface and use `vyos.configdep` module to update the interface again after QoS is applied.
|
|
IPoE-server 'interface ethX vlan xxx' (aka vlan-mon) must not be
used with 'interface ethX client-subnet'
So instead of shared pool accel-ppp uses the same pool for each
dynamically added VLAN
eth1 client-subnet '192.0.2.0/24'
eth1 vlan '2000-2021'
It cause this issue:
eth1.2000 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
eth2.2001 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
Only named pools with vlan option must be used.
|
|
|
|
|
|
T5037: Firewall: Add queue action and options to firewall
|
|
Ability setting container hostname
This host name is used as /etc/hostname
set container name <tag> host-name 'mybox'
|
|
|
|
T4977: Add Babel routing protocol support
|
|
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
|
|
Renamed local function to be identical to 1.3 ver
Changed error messages after commit to be identical to 1.3 ver
|
|
T4790: Added check of the sum of radius timeouts
|
|
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13
DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
|
|
|
|
|
|
|
|
ipsec: T4593: Remove references to deleted variables
|
|
|
|
As we have the same variable name 'default_values' for container
name, port and volume, it rewrites default container parameters
with default port parameters
Fix it
|
|
Not supported with swanctl
|
|
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
T4857: snmp: Fix error when not defining client|network under community
|
|
After the RESTRICTED view was introduced snmpd requires a network to be
specified. Before adding the RESTRICTED view snmpd always assumed the default
network 0.0.0.0/0.
This commit re-adds the build in default networks for IPv4 and IPv6 and
exposes it as a proper default to the CLI so the user is informed about it:
vyos@vyos# set service snmp community foooo
Possible completions:
authorization Authorization type (default: ro)
+ client IP address of SNMP client allowed to contact system
+ network Subnet of SNMP client(s) allowed to contact system (default:
0.0.0.0/0, ::/0)
|
|
sstp-client
|
|
containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
|
|
container: T4959: Add container registry authentication config for containers
|
|
This PR adds basic Babel routing protocol support using the implementation in
FRR.
Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
When shaper is bound to a dialup (e.g. PPPoE) interface it is possible, that
it is yet not availbale when to QoS code runs. Skip the configuration and
inform the user.
|
|
bgp: T4817: add support for RFC9234
|
|
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8.
A general solution is implemented in Commit 29a44a73 ("T4975: always sync()
filesystem after commit").
|
|
|
|
User profile files are not saved to disk after configuration is fully applied.
Because of this, after a fast system reset, profile files can be empty, and CLI
is broken.
This fix adds a `sync()` call after the user's configuration, which should
protect from data loss and fix the problem with profiles.
|
|
options for containers
|
|
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
|
|
Removes port key from accounting server merged config dictionary.
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
|