diff options
| author | rebortg <github@ghlr.de> | 2020-12-08 14:57:44 +0100 | 
|---|---|---|
| committer | rebortg <github@ghlr.de> | 2020-12-08 14:57:44 +0100 | 
| commit | f6c43343bbea7c98b6e735f5204da1759343ca23 (patch) | |
| tree | 8ddd1150ffaf65cd36678ebc95c7d9fb22ae1dce /docs | |
| parent | e6d0a80db37769a3d40084a8d55abfd7b24b941a (diff) | |
| parent | 0bb741b58bc0dd7f0beae7364ed519f7165bdbb7 (diff) | |
| download | vyos-documentation-f6c43343bbea7c98b6e735f5204da1759343ca23.tar.gz vyos-documentation-f6c43343bbea7c98b6e735f5204da1759343ca23.zip | |
Merge branch 'sagitta' of https://github.com/rebortg/vyos-documentation
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/.gitignore | 1 | ||||
| -rw-r--r-- | docs/_ext/testcoverage.py | 351 | ||||
| -rw-r--r-- | docs/_ext/vyos.py | 265 | ||||
| -rw-r--r-- | docs/_include/common-references.txt (renamed from docs/common-references.rst) | 0 | ||||
| -rw-r--r-- | docs/_include/draw.io/pbr_example_1.drawio (renamed from docs/draw.io/pbr_example_1.drawio) | 0 | ||||
| -rw-r--r-- | docs/_include/draw.io/vpn_s2s_ikev2.drawio (renamed from docs/draw.io/vpn_s2s_ikev2.drawio) | 0 | ||||
| -rw-r--r-- | docs/_include/interface-common-with-dhcp.txt | 8 | ||||
| -rw-r--r-- | docs/_include/interface-common-without-dhcp.txt | 4 | ||||
| -rw-r--r-- | docs/_include/interface-common.txt | 14 | ||||
| -rw-r--r-- | docs/_include/interface-vlan-8021ad.txt | 20 | ||||
| -rw-r--r-- | docs/_include/interface-vlan-8021q.txt | 20 | ||||
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/_static/css/custom.css | 74 | ||||
| -rw-r--r-- | docs/_static/images/vyos-logo.png | bin | 118757 -> 68746 bytes | |||
| -rw-r--r-- | docs/appendix/release-notes.rst | 435 | ||||
| -rw-r--r-- | docs/appendix/virtual/index.rst | 12 | ||||
| -rw-r--r-- | docs/appendix/vyos-on-clouds.rst | 173 | ||||
| -rw-r--r-- | docs/automation/command-scripting.rst (renamed from docs/appendix/command-scripting.rst) | 0 | ||||
| -rw-r--r-- | docs/automation/index.rst | 15 | ||||
| -rw-r--r-- | docs/changelog/1.2.1.rst | 52 | ||||
| -rw-r--r-- | docs/changelog/1.2.2.rst | 46 | ||||
| -rw-r--r-- | docs/changelog/1.2.3.rst | 62 | ||||
| -rw-r--r-- | docs/changelog/1.2.4.rst | 65 | ||||
| -rw-r--r-- | docs/changelog/1.2.5.rst | 60 | ||||
| -rw-r--r-- | docs/changelog/1.2.6.rst | 106 | ||||
| -rw-r--r-- | docs/changelog/index.rst | 18 | ||||
| -rw-r--r-- | docs/cli.rst | 750 | ||||
| -rw-r--r-- | docs/command-list-configuration.rst | 7 | ||||
| -rw-r--r-- | docs/command-list-operation.rst | 7 | ||||
| -rw-r--r-- | docs/conf.py | 6 | ||||
| -rw-r--r-- | docs/configexamples/azure-vpn-bgp.rst (renamed from docs/appendix/examples/azure-vpn-bgp.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/azure-vpn-dual-bgp.rst (renamed from docs/appendix/examples/azure-vpn-dual-bgp.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/bgp-ipv6-unnumbered.rst (renamed from docs/appendix/examples/bgp-ipv6-unnumbered.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/dhcp-relay-through-gre-bridge.rst (renamed from docs/appendix/examples/dhcp-relay-through-gre-bridge.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/ha.rst (renamed from docs/appendix/examples/ha.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/index.rst (renamed from docs/appendix/examples/index.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/ospf-unnumbered.rst (renamed from docs/appendix/examples/ospf-unnumbered.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/tunnelbroker-ipv6.rst (renamed from docs/appendix/examples/tunnelbroker-ipv6.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/wan-load-balancing.rst (renamed from docs/appendix/examples/wan-load-balancing.rst) | 0 | ||||
| -rw-r--r-- | docs/configexamples/zone-policy.rst (renamed from docs/appendix/examples/zone-policy.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration-overview.rst | 730 | ||||
| -rw-r--r-- | docs/configuration/firewall/index.rst (renamed from docs/firewall.rst) | 114 | ||||
| -rw-r--r-- | docs/configuration/highavailability/index.rst (renamed from docs/high-availability.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/index.rst | 23 | ||||
| -rw-r--r-- | docs/configuration/interfaces/bonding.rst (renamed from docs/interfaces/bond.rst) | 4 | ||||
| -rw-r--r-- | docs/configuration/interfaces/bridge.rst (renamed from docs/interfaces/bridge.rst) | 4 | ||||
| -rw-r--r-- | docs/configuration/interfaces/dummy.rst (renamed from docs/interfaces/dummy.rst) | 8 | ||||
| -rw-r--r-- | docs/configuration/interfaces/ethernet.rst (renamed from docs/interfaces/ethernet.rst) | 6 | ||||
| -rw-r--r-- | docs/configuration/interfaces/geneve.rst (renamed from docs/interfaces/geneve.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/index.rst (renamed from docs/interfaces/advanced-index.rst) | 17 | ||||
| -rw-r--r-- | docs/configuration/interfaces/l2tpv3.rst (renamed from docs/interfaces/l2tpv3.rst) | 4 | ||||
| -rw-r--r-- | docs/configuration/interfaces/loopback.rst (renamed from docs/interfaces/loopback.rst) | 4 | ||||
| -rw-r--r-- | docs/configuration/interfaces/macsec.rst (renamed from docs/interfaces/macsec.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/openvpn.rst (renamed from docs/vpn/openvpn.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/pppoe.rst (renamed from docs/interfaces/pppoe.rst) | 8 | ||||
| -rw-r--r-- | docs/configuration/interfaces/pseudo-ethernet.rst (renamed from docs/interfaces/pseudo-ethernet.rst) | 4 | ||||
| -rw-r--r-- | docs/configuration/interfaces/tunnel.rst (renamed from docs/interfaces/tunnel.rst) | 21 | ||||
| -rw-r--r-- | docs/configuration/interfaces/vti.rst | 22 | ||||
| -rw-r--r-- | docs/configuration/interfaces/vxlan.rst (renamed from docs/interfaces/vxlan.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wireguard.rst (renamed from docs/vpn/wireguard.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wireless.rst (renamed from docs/interfaces/wireless.rst) | 6 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wirelessmodem.rst (renamed from docs/interfaces/wirelessmodem.rst) | 6 | ||||
| -rw-r--r-- | docs/configuration/loadbalancing/index.rst (renamed from docs/load-balancing.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/nat/index.rst (renamed from docs/nat.rst) | 8 | ||||
| -rw-r--r-- | docs/configuration/nat/nptv6.rst (renamed from docs/nptv6.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/policy/index.rst (renamed from docs/routing/pbr.rst) | 72 | ||||
| -rw-r--r-- | docs/configuration/protocols/bfd.rst (renamed from docs/routing/bfd.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/protocols/bgp.rst (renamed from docs/routing/bgp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/protocols/igmp-proxy.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/protocols/igmp.rst (renamed from docs/routing/multicast.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/protocols/index.rst | 23 | ||||
| -rw-r--r-- | docs/configuration/protocols/isis.rst (renamed from docs/routing/isis.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/protocols/mpls.rst (renamed from docs/routing/mpls.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/protocols/ospf.rst | 70 | ||||
| -rw-r--r-- | docs/configuration/protocols/ospfv3.rst (renamed from docs/routing/ospf.rst) | 70 | ||||
| -rw-r--r-- | docs/configuration/protocols/pim.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/protocols/rip.rst (renamed from docs/routing/rip.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/protocols/ripng.rst | 3 | ||||
| -rw-r--r-- | docs/configuration/protocols/rpki.rst (renamed from docs/routing/rpki.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/protocols/static.rst (renamed from docs/routing/static.rst) | 68 | ||||
| -rw-r--r-- | docs/configuration/protocols/vrf.rst | 3 | ||||
| -rw-r--r-- | docs/configuration/service/broadcast-relay.rst (renamed from docs/services/udp-broadcast-relay.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/conntrack-sync.rst (renamed from docs/services/conntrack.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/service/console-server.rst (renamed from docs/services/console-server.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-relay.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-server.rst (renamed from docs/services/dhcp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/dhcpv6-relay.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/service/dhcpv6-server.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/service/dns.rst (renamed from docs/services/dns-forwarding.rst) | 166 | ||||
| -rw-r--r-- | docs/configuration/service/https.rst (renamed from docs/appendix/http-api.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/index.rst | 29 | ||||
| -rw-r--r-- | docs/configuration/service/ipoe-server.rst (renamed from docs/services/ipoe-server.rst) | 4 | ||||
| -rw-r--r-- | docs/configuration/service/lldp.rst (renamed from docs/services/lldp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/mdns.rst (renamed from docs/services/mdns-repeater.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/pppoe-advert.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/service/pppoe-server.rst (renamed from docs/services/pppoe-server.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/service/router-advert.rst (renamed from docs/services/router-advert.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/salt-minion.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/service/snmp.rst (renamed from docs/services/snmp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/ssh.rst (renamed from docs/services/ssh.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/tftp-server.rst (renamed from docs/services/tftp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/service/webproxy.rst (renamed from docs/services/webproxy.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/acceleration.rst | 7 | ||||
| -rw-r--r-- | docs/configuration/system/config-management.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/conntrack.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/console.rst (renamed from docs/system/serial-console.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/default-route.rst (renamed from docs/system/default-route.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/domain-name.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/domain-search.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/eventhandler.rst (renamed from docs/system/eventhandler.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/flow-accounting.rst (renamed from docs/system/flow-accounting.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/host-name.rst (renamed from docs/system/host-information.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/index.rst | 40 | ||||
| -rw-r--r-- | docs/configuration/system/ip.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/ipv6.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/lcd.rst (renamed from docs/system/lcd.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/system/login.rst (renamed from docs/system/user-management.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/name-server.rst (renamed from docs/system/system-dns.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/name-servers-dhcp.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/ntp.rst (renamed from docs/system/ntp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/option.rst (renamed from docs/system/option.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/proxy.rst (renamed from docs/system/proxy.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/static-host-mapping.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/sysctl.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/syslog.rst (renamed from docs/system/syslog.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/task-scheduler.rst (renamed from docs/system/task-scheduler.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/time-zone.rst (renamed from docs/system/time-zone.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/system/wifi-requlatory-domain.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/trafficpolicy/index.rst (renamed from docs/qos.rst) | 5 | ||||
| -rw-r--r-- | docs/configuration/vpn/dmvpn.rst (renamed from docs/vpn/dmvpn.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/vpn/index.rst | 26 | ||||
| -rw-r--r-- | docs/configuration/vpn/ipsec.rst (renamed from docs/vpn/ipsec.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/vpn/l2tp.rst (renamed from docs/vpn/l2tp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/vpn/openconnect.rst (renamed from docs/vpn/openconnect.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/vpn/pptp.rst (renamed from docs/vpn/pptp.rst) | 0 | ||||
| -rw-r--r-- | docs/configuration/vpn/rsa-keys.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/vpn/site2site_ipsec.rst (renamed from docs/vpn/site2site_ipsec.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/vpn/sstp.rst (renamed from docs/vpn/sstp.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/vrf/index.rst (renamed from docs/vrf.rst) | 2 | ||||
| -rw-r--r-- | docs/configuration/zonepolicy/index.rst | 8 | ||||
| -rw-r--r-- | docs/contributing/debugging.rst | 2 | ||||
| -rw-r--r-- | docs/contributing/development.rst | 2 | ||||
| -rw-r--r-- | docs/contributing/documentation.rst | 84 | ||||
| -rw-r--r-- | docs/contributing/index.rst | 13 | ||||
| -rw-r--r-- | docs/contributing/issues-features.rst | 2 | ||||
| -rw-r--r-- | docs/copyright.rst | 19 | ||||
| -rw-r--r-- | docs/coverage.rst | 41 | ||||
| -rw-r--r-- | docs/index.rst | 107 | ||||
| -rw-r--r-- | docs/installation/cloud/aws.rst | 54 | ||||
| -rw-r--r-- | docs/installation/cloud/azure.rst | 53 | ||||
| -rw-r--r-- | docs/installation/cloud/gcp.rst | 55 | ||||
| -rw-r--r-- | docs/installation/cloud/index.rst | 13 | ||||
| -rw-r--r-- | docs/installation/cloud/oracel.rst | 8 | ||||
| -rw-r--r-- | docs/installation/image.rst (renamed from docs/image-mgmt.rst) | 78 | ||||
| -rw-r--r-- | docs/installation/index.rst | 19 | ||||
| -rw-r--r-- | docs/installation/install.rst (renamed from docs/install.rst) | 0 | ||||
| -rw-r--r-- | docs/installation/iso.rst | 2 | ||||
| -rw-r--r-- | docs/installation/migrate-from-vyatta.rst (renamed from docs/appendix/migrate-from-vyatta.rst) | 0 | ||||
| -rw-r--r-- | docs/installation/update.rst | 79 | ||||
| -rw-r--r-- | docs/installation/virtual/eve-ng.rst | 8 | ||||
| -rw-r--r-- | docs/installation/virtual/gns3.rst (renamed from docs/appendix/virtual/vyos-on-gns3.rst) | 0 | ||||
| -rw-r--r-- | docs/installation/virtual/index.rst | 12 | ||||
| -rw-r--r-- | docs/installation/virtual/libvirt.rst (renamed from docs/appendix/virtual/libvirt.rst) | 0 | ||||
| -rw-r--r-- | docs/installation/virtual/proxmox.rst | 8 | ||||
| -rw-r--r-- | docs/installation/virtual/vmware.rst (renamed from docs/appendix/virtual/vyos-on-vmware.rst) | 0 | ||||
| -rw-r--r-- | docs/installation/vyos-on-baremetal.rst (renamed from docs/appendix/vyos-on-baremetal.rst) | 0 | ||||
| -rw-r--r-- | docs/interfaces/basic-index.rst | 12 | ||||
| -rw-r--r-- | docs/introducing/about.rst (renamed from docs/about.rst) | 4 | ||||
| -rw-r--r-- | docs/introducing/history.rst (renamed from docs/history.rst) | 0 | ||||
| -rw-r--r-- | docs/operation/boot-options.rst (renamed from docs/system/boot-options.rst) | 0 | ||||
| -rw-r--r-- | docs/operation/index.rst | 11 | ||||
| -rw-r--r-- | docs/operation/information.rst (renamed from docs/information.rst) | 0 | ||||
| -rw-r--r-- | docs/operation/ip-commands.rst (renamed from docs/routing/ip-commands.rst) | 0 | ||||
| -rw-r--r-- | docs/routing/arp.rst | 59 | ||||
| -rw-r--r-- | docs/routing/index.rst | 23 | ||||
| -rw-r--r-- | docs/routing/mss-clamp.rst | 63 | ||||
| -rw-r--r-- | docs/routing/policy.rst | 65 | ||||
| -rw-r--r-- | docs/services/dynamic-dns.rst | 164 | ||||
| -rw-r--r-- | docs/services/index.rst | 26 | ||||
| -rw-r--r-- | docs/system/advanced-index.rst | 19 | ||||
| -rw-r--r-- | docs/system/basic-index.rst | 14 | ||||
| -rw-r--r-- | docs/troubleshooting/index.rst (renamed from docs/troubleshooting.rst) | 0 | ||||
| -rw-r--r-- | docs/vpn/index.rst | 18 | 
183 files changed, 3104 insertions, 2253 deletions
| diff --git a/docs/.gitignore b/docs/.gitignore deleted file mode 100644 index 69fa449d..00000000 --- a/docs/.gitignore +++ /dev/null @@ -1 +0,0 @@ -_build/ diff --git a/docs/_ext/testcoverage.py b/docs/_ext/testcoverage.py new file mode 100644 index 00000000..70714d6b --- /dev/null +++ b/docs/_ext/testcoverage.py @@ -0,0 +1,351 @@ +''' +generate json with all commands from xml for vyos documentation coverage + +''' + + +import sys +import os +import json +import re +import logging + +from io import BytesIO +from lxml import etree as ET +import shutil + +default_constraint_err_msg = "Invalid value" +validator_dir = "" + + +input_data = [ +    { +        "kind": "cfgcmd", +        "input_dir": "_include/vyos-1x/interface-definitions/", +        "schema_file": "_include/vyos-1x/schema/interface_definition.rng", +        "files": [] +    }, +    { +        "kind": "opcmd", +        "input_dir": "_include/vyos-1x/op-mode-definitions/", +        "schema_file": "_include/vyos-1x/schema/op-mode-definition.rng", +        "files": [] +    } +] + +node_data = { +    'cfgcmd': {}, +    'opcmd': {}, +} + +def get_properties(p): +    props = {} +    props['valueless'] = False + +    try: +        if p.find("valueless") is not None: +            props['valueless'] = True +    except: +        pass + +    if p is None: +        return props + +    # Get the help string +    try: +        props["help"] = p.find("help").text +    except: +        pass + +    # Get value help strings +    try: +        vhe = p.findall("valueHelp") +        vh = [] +        for v in vhe: +            vh.append( (v.find("format").text, v.find("description").text) ) +        props["val_help"] = vh +    except: +        props["val_help"] = [] + +    # Get the constraint statements +    error_msg = default_constraint_err_msg +    # Get the error message if it's there +    try: +        error_msg = p.find("constraintErrorMessage").text +    except: +        pass +     + +    vce = p.find("constraint") +    vc = [] +    if vce is not None: +        # The old backend doesn't support multiple validators in OR mode +        # so we emulate it + +        regexes = [] +        regex_elements = vce.findall("regex") +        if regex_elements is not None: +            regexes = list(map(lambda e: e.text.strip(), regex_elements)) +        if "" in regexes: +            print("Warning: empty regex, node will be accepting any value") + +        validator_elements = vce.findall("validator") +        validators = [] +        if validator_elements is not None: +            for v in validator_elements: +                v_name = os.path.join(validator_dir, v.get("name")) + +                # XXX: lxml returns None for empty arguments +                v_argument = None +                try: +                    v_argument = v.get("argument") +                except: +                    pass +                if v_argument is None: +                    v_argument = "" + +                validators.append("{0} {1}".format(v_name, v_argument)) + + +        regex_args = " ".join(map(lambda s: "--regex \\\'{0}\\\'".format(s), regexes)) +        validator_args = " ".join(map(lambda s: "--exec \\\"{0}\\\"".format(s), validators)) +        validator_script = '${vyos_libexec_dir}/validate-value.py' +        validator_string = "exec \"{0} {1} {2} --value \\\'$VAR(@)\\\'\"; \"{3}\"".format(validator_script, regex_args, validator_args, error_msg) + +        props["constraint"] = validator_string + +    # Get the completion help strings +    try: +        che = p.findall("completionHelp") +        ch = "" +        for c in che: +            scripts = c.findall("script") +            paths = c.findall("path") +            lists = c.findall("list") + +            # Current backend doesn't support multiple allowed: tags +            # so we get to emulate it +            comp_exprs = [] +            for i in lists: +                comp_exprs.append("echo \"{0}\"".format(i.text)) +            for i in paths: +                comp_exprs.append("/bin/cli-shell-api listNodes {0}".format(i.text)) +            for i in scripts: +                comp_exprs.append("sh -c \"{0}\"".format(i.text)) +            comp_help = " && ".join(comp_exprs) +            props["comp_help"] = comp_help +    except: +        props["comp_help"] = [] + +    # Get priority +    try: +        props["priority"] = p.find("priority").text +    except: +        pass + +    # Get "multi" +    if p.find("multi") is not None: +        props["multi"] = True + +    # Get "valueless" +    if p.find("valueless") is not None: +        props["valueless"] = True + +    return props + +def process_node(n, f): + +    props_elem = n.find("properties") +    children = n.find("children") +    command = n.find("command") +    children_nodes = [] +    owner = n.get("owner") +    node_type = n.tag + +    name = n.get("name") +    props = get_properties(props_elem) + +    if node_type != "node": +        if "valueless" not in props.keys(): +            props["type"] = "txt" +    if node_type == "tagNode": +        props["tag"] = "True" +     +    if node_type == "node" and children is not None: +        inner_nodes = children.iterfind("*") +        index_child = 0 +        for inner_n in inner_nodes: +            children_nodes.append(process_node(inner_n, f)) +            index_child = index_child + 1 + +    if node_type == "tagNode" and children is not None: +        inner_nodes = children.iterfind("*") +        index_child = 0 +        for inner_n in inner_nodes: +            children_nodes.append(process_node(inner_n, f)) +            index_child = index_child + 1 +    else: +        # This is a leaf node +        pass +     +    if command is not None: +        test_command = True +    else: +        test_command = False +    node = { +        'name': name, +        'type': node_type, +        'children': children_nodes, +        'props': props, +        'command': test_command, +        'filename': f +    } +    return node + + + +def create_commands(data, parent_list=[], level=0): +    result = [] +    command = { +        'name': [], +        'help': None, +        'tag_help': [], +        'level': level, +        'no_childs': False, +        'filename': None +    } +    command['filename'] = data['filename'] +    command['name'].extend(parent_list) +    command['name'].append(data['name']) + +    if data['type'] == 'tagNode': +        command['name'].append("<" + data['name'] + ">") + +    if 'val_help' in data['props'].keys(): +        for val_help in data['props']['val_help']: +            command['tag_help'].append(val_help) +     +    if len(data['children']) == 0: +        command['no_childs'] = True +     +    if data['command']: +        command['no_childs'] = True +     +    try: +        help_text = data['props']['help'] +        command['help'] = re.sub(r"[\n\t]*", "", help_text) +         +    except: +        command['help'] = "" +     +    command['valueless'] = data['props']['valueless'] +     +    if 'children' in data.keys(): +        children_bool = True +        for child in data['children']: +            result.extend(create_commands(child, command['name'], level + 1)) +     +    if command['no_childs']: +        result.append(command) +     + + +    return result + + +def include_file(line, input_dir): +    string = "" +    if "#include <include" in line.strip(): +        include_filename = line.strip().split('<')[1][:-1] +        with open(input_dir + include_filename) as ifp: +            iline = ifp.readline() +            while iline: +                string = string + include_file(iline.strip(), input_dir) +                iline = ifp.readline() +    else: +        string = line +    return string + + +def get_working_commands(): +    for entry in input_data: +        for (dirpath, dirnames, filenames) in os.walk(entry['input_dir']): +            entry['files'].extend(filenames) +            break + +        for f in entry['files']: + +            string = "" +            with open(entry['input_dir'] + f) as fp: +                line = fp.readline() +                while line:                 +                    string = string + include_file(line.strip(), entry['input_dir']) +                    line = fp.readline() +             +            try: +                xml = ET.parse(BytesIO(bytes(string, 'utf-8'))) +            except Exception as e: +                print("Failed to load interface definition file {0}".format(f)) +                print(e) +                sys.exit(1) +             +            try: +                relaxng_xml = ET.parse(entry['schema_file']) +                validator = ET.RelaxNG(relaxng_xml) + +                if not validator.validate(xml): +                    print(validator.error_log) +                    print("Interface definition file {0} does not match the schema!".format(f)) +                    sys.exit(1) +            except Exception as e: +                print("Failed to load the XML schema {0}".format(entry['schema_file'])) +                print(e) +                sys.exit(1) + +            root = xml.getroot() +            nodes = root.iterfind("*") +            for n in nodes: +                node_data[entry['kind']][f] = process_node(n, f) + +    # build config tree and sort + +    config_tree_new = { +        'cfgcmd': {}, +        'opcmd': {}, +    } + +    for kind in node_data: +        for entry in node_data[kind]: +            node_0 = node_data[kind][entry]['name'] +             +            if node_0 not in config_tree_new[kind].keys(): +                config_tree_new[kind][node_0] = { +                    'name': node_0, +                    'type': node_data[kind][entry]['type'], +                    'props': node_data[kind][entry]['props'], +                    'children': [], +                    'command': node_data[kind][entry]['command'], +                    'filename': node_data[kind][entry]['filename'], +                } +            config_tree_new[kind][node_0]['children'].extend(node_data[kind][entry]['children']) +     +    result = { +        'cfgcmd': [], +        'opcmd': [], +    } +    for kind in  config_tree_new: +        for e in config_tree_new[kind]: +            result[kind].extend(create_commands(config_tree_new[kind][e])) +     +    for cmd in result['cfgcmd']: +        cmd['cmd'] = " ".join(cmd['name']) +    for cmd in result['opcmd']: +        cmd['cmd'] = " ".join(cmd['name']) +    return result + + + +if __name__ == "__main__": +    res = get_working_commands() +    print(json.dumps(res)) +    #print(res['cfgcmd'][0])
\ No newline at end of file diff --git a/docs/_ext/vyos.py b/docs/_ext/vyos.py index 4001f0fe..4a974b46 100644 --- a/docs/_ext/vyos.py +++ b/docs/_ext/vyos.py @@ -1,25 +1,41 @@  import re -import io +import json  import os  from docutils import io, nodes, utils, statemachine -from docutils.utils.error_reporting import SafeString, ErrorString  from docutils.parsers.rst.roles import set_classes -from docutils.parsers.rst import Directive, directives +from docutils.parsers.rst import Directive, directives, states +  from sphinx.util.docutils import SphinxDirective +from testcoverage import get_working_commands +  def setup(app):      app.add_config_value(          'vyos_phabricator_url', -        'https://phabricator.vyos.net/', '' +        'https://phabricator.vyos.net/', +        'html' +    ) + +    app.add_config_value( +        'vyos_working_commands', +        get_working_commands(), +        'html'      ) +    app.add_config_value( +        'vyos_coverage', +        { +            'cfgcmd': [0,len(app.config.vyos_working_commands['cfgcmd'])], +            'opcmd': [0,len(app.config.vyos_working_commands['opcmd'])] +        }, +        'html' +    ) +      app.add_role('vytask', vytask_role)      app.add_role('cfgcmd', cmd_role)      app.add_role('opcmd', cmd_role) -    print(app.config.vyos_phabricator_url) -      app.add_node(          inlinecmd,          html=(inlinecmd.visit_span, inlinecmd.depart_span), @@ -46,9 +62,11 @@ def setup(app):          text=(CmdHeader.visit_div, CmdHeader.depart_div)      )      app.add_node(CfgcmdList) +    app.add_node(CfgcmdListCoverage)      app.add_directive('cfgcmdlist', CfgcmdlistDirective)      app.add_node(OpcmdList) +    app.add_node(OpcmdListCoverage)      app.add_directive('opcmdlist', OpcmdlistDirective)      app.add_directive('cfgcmd', CfgCmdDirective) @@ -56,15 +74,17 @@ def setup(app):      app.add_directive('cmdinclude', CfgInclude)      app.connect('doctree-resolved', process_cmd_nodes) -  class CfgcmdList(nodes.General, nodes.Element):      pass -  class OpcmdList(nodes.General, nodes.Element):      pass -import json +class CfgcmdListCoverage(nodes.General, nodes.Element): +    pass + +class OpcmdListCoverage(nodes.General, nodes.Element): +    pass  class CmdHeader(nodes.General, nodes.Element): @@ -153,7 +173,7 @@ class inlinecmd(nodes.inline):          #self.literal_whitespace -= 1 -class CfgInclude(Directive): +class CfgInclude(SphinxDirective):      required_arguments = 1      optional_arguments = 0      final_argument_whitespace = True @@ -169,10 +189,15 @@ class CfgInclude(Directive):          'var8': str,          'var9': str      } +    standard_include_path = os.path.join(os.path.dirname(states.__file__), +                                         'include')      def run(self):          ### Copy from include directive docutils           """Include a file as part of the content of this reST file.""" +        rel_filename, filename = self.env.relfn2path(self.arguments[0]) +        self.arguments[0] = filename +        self.env.note_included(filename)          if not self.state.document.settings.file_insertion_enabled:              raise self.warning('"%s" directive disabled.' % self.name)          source = self.state_machine.input_lines.source( @@ -199,9 +224,9 @@ class CfgInclude(Directive):                                'Cannot encode input file path "%s" '                                '(wrong locale?).' %                                (self.name, SafeString(path))) -        except IOError: -            raise self.severe(u'Problems with "%s" directive path.' % -                      (self.name)) +        except IOError as error: +            raise self.severe(u'Problems with "%s" directive path:\n%s.' % +                      (self.name, error))          startline = self.options.get('start-line', None)          endline = self.options.get('end-line', None)          try: @@ -275,9 +300,8 @@ class CfgInclude(Directive):                                    self.state,                                    self.state_machine)              return codeblock.run() - +                  new_include_lines = [] -          for line in include_lines:              for i in range(10):                  value = self.options.get(f'var{i}','') @@ -285,22 +309,41 @@ class CfgInclude(Directive):                      line = re.sub('\s?{{\s?var' + str(i) + '\s?}}',value,line)                  else:                      line = re.sub('{{\s?var' + str(i) + '\s?}}',value,line) -              new_include_lines.append(line)          self.state_machine.insert_input(new_include_lines, path)          return []  class CfgcmdlistDirective(Directive): +    has_content = False +    required_arguments = 0 +    option_spec = { +        'show-coverage': directives.flag +    }      def run(self): -        return [CfgcmdList('')] +        cfglist = CfgcmdList() +        cfglist['coverage'] = False +        if 'show-coverage' in self.options: +            cfglist['coverage'] = True +        return [cfglist]  class OpcmdlistDirective(Directive): +    has_content = False +    required_arguments = 0 +    option_spec = { +        'show-coverage': directives.flag +    }      def run(self): -        return [OpcmdList('')] +        oplist = OpcmdList() +        oplist['coverage'] = False +        if 'show-coverage' in self.options: +            oplist['coverage'] = True +             +        return [oplist] +  class CmdDirective(SphinxDirective): @@ -308,7 +351,8 @@ class CmdDirective(SphinxDirective):      has_content = True      custom_class = '' -    def run(self): +    def run(self):         +          title_list = []          content_list = []          title_text = '' @@ -386,7 +430,134 @@ class CfgCmdDirective(CmdDirective):      custom_class = 'cfg' -def process_cmd_node(app, cmd, fromdocname): +def strip_cmd(cmd): +    cmd = re.sub('set','',cmd) +    cmd = re.sub('\s\|\s','',cmd) +    cmd = re.sub('<\S*>','',cmd) +    cmd = re.sub('\[\S\]','',cmd) +    cmd = re.sub('\s+','',cmd) +    return cmd + +def build_row(app, fromdocname, rowdata): +    row = nodes.row() +    for cell in rowdata: +        entry = nodes.entry() +        row += entry +        if isinstance(cell, list): +            for item in cell: +                if isinstance(item, dict): +                    entry += process_cmd_node(app, item, fromdocname, '') +                else: +                    entry += nodes.paragraph(text=item) +        elif isinstance(cell, bool): +            if cell: +                entry += nodes.paragraph(text="") +                entry['classes'] = ['coverage-ok'] +            else: +                entry += nodes.paragraph(text="") +                entry['classes'] = ['coverage-fail'] +        else: +            entry += nodes.paragraph(text=cell) +    return row + + + +def process_coverage(app, fromdocname, doccmd, xmlcmd, cli_type): +    coverage_list = {} +    int_docs = 0 +    int_xml = 0 +    for cmd in doccmd: +        coverage_item = { +            'doccmd': None, +            'xmlcmd': None, +            'doccmd_item': None, +            'xmlcmd_item': None, +            'indocs': False, +            'inxml': False, +            'xmlfilename': None +        } +        coverage_item['doccmd'] = cmd['cmd'] +        coverage_item['doccmd_item'] = cmd +        coverage_item['indocs'] = True +        int_docs += 1 +        coverage_list[strip_cmd(cmd['cmd'])] = dict(coverage_item) +     +    for cmd in xmlcmd: +         +        strip = strip_cmd(cmd['cmd']) +        if strip not in coverage_list.keys(): +            coverage_item = { +                'doccmd': None, +                'xmlcmd': None, +                'doccmd_item': None, +                'xmlcmd_item': None, +                'indocs': False, +                'inxml': False, +                'xmlfilename': None +            } +            coverage_item['xmlcmd'] = cmd['cmd'] +            coverage_item['xmlcmd_item'] = cmd +            coverage_item['inxml'] = True +            coverage_item['xmlfilename'] = cmd['filename'] +            int_xml += 1 +            coverage_list[strip] = dict(coverage_item) +        else: +            #print("===BEGIN===") +            #print(cmd) +            #print(coverage_list[strip]) +            #print(strip) +            #print("===END====") +            coverage_list[strip]['xmlcmd'] = cmd['cmd'] +            coverage_list[strip]['xmlcmd_item'] = cmd +            coverage_list[strip]['inxml'] = True +            coverage_list[strip]['xmlfilename'] = cmd['filename'] +            int_xml += 1 + + +     + +    table = nodes.table() +    tgroup = nodes.tgroup(cols=3) +    table += tgroup + +    header = (f'{int_docs}/{len(coverage_list)} in Docs', f'{int_xml}/{len(coverage_list)} in XML', 'Command') +    colwidths = (1, 1, 8) +    table = nodes.table() +    tgroup = nodes.tgroup(cols=len(header)) +    table += tgroup +    for colwidth in colwidths: +        tgroup += nodes.colspec(colwidth=colwidth) +    thead = nodes.thead() +    tgroup += thead +    thead += build_row(app, fromdocname, header) +    tbody = nodes.tbody() +    tgroup += tbody +    for entry in sorted(coverage_list): +        body_text_list = [] +        if coverage_list[entry]['indocs']: +            body_text_list.append(coverage_list[entry]['doccmd_item']) +        else: +            body_text_list.append('Not documented yet') + +        if coverage_list[entry]['inxml']: +            body_text_list.append("------------------") +            body_text_list.append(str(coverage_list[entry]['xmlfilename']) + ":") +            body_text_list.append(coverage_list[entry]['xmlcmd']) +        else: +            body_text_list.append('Nothing found in XML Definitions') + +             +        tbody += build_row(app, fromdocname,  +            ( +                coverage_list[entry]['indocs'], +                coverage_list[entry]['inxml'], +                body_text_list +            ) +        ) + +    return table + +def process_cmd_node(app, cmd, fromdocname, cli_type):      para = nodes.paragraph()      newnode = nodes.reference('', '')      innernode = cmd['cmdnode'] @@ -401,21 +572,45 @@ def process_cmd_node(app, cmd, fromdocname):  def process_cmd_nodes(app, doctree, fromdocname): -    env = app.builder.env - -    for node in doctree.traverse(CfgcmdList): -        content = [] - -        for cmd in sorted(env.vyos_cfgcmd, key=lambda i: i['cmd']): -            content.append(process_cmd_node(app, cmd, fromdocname)) -        node.replace_self(content) - -    for node in doctree.traverse(OpcmdList): -        content = [] +    try: +        env = app.builder.env +         +        for node in doctree.traverse(CfgcmdList): +            content = [] +            if node.attributes['coverage']: +                node.replace_self( +                    process_coverage( +                        app, +                        fromdocname, +                        env.vyos_cfgcmd, +                        app.config.vyos_working_commands['cfgcmd'], +                        'cfgcmd' +                        ) +                    ) +            else: +                for cmd in sorted(env.vyos_cfgcmd, key=lambda i: i['cmd']): +                    content.append(process_cmd_node(app, cmd, fromdocname, 'cfgcmd'))                 +                node.replace_self(content) +             +        for node in doctree.traverse(OpcmdList): +            content = [] +            if node.attributes['coverage']: +                node.replace_self( +                    process_coverage( +                        app, +                        fromdocname, +                        env.vyos_opcmd, +                        app.config.vyos_working_commands['opcmd'], +                        'opcmd' +                        ) +                    ) +            else: +                for cmd in sorted(env.vyos_opcmd, key=lambda i: i['cmd']): +                    content.append(process_cmd_node(app, cmd, fromdocname, 'opcmd')) +                node.replace_self(content) -        for cmd in sorted(env.vyos_opcmd, key=lambda i: i['cmd']): -            content.append(process_cmd_node(app, cmd, fromdocname)) -        node.replace_self(content) +    except Exception as inst: +        print(inst)  def vytask_role(name, rawtext, text, lineno, inliner, options={}, content=[]): @@ -430,4 +625,4 @@ def vytask_role(name, rawtext, text, lineno, inliner, options={}, content=[]):  def cmd_role(name, rawtext, text, lineno, inliner, options={}, content=[]):      node = nodes.literal(text, text) -    return [node], [] +    return [node], []
\ No newline at end of file diff --git a/docs/common-references.rst b/docs/_include/common-references.txt index 79881972..79881972 100644 --- a/docs/common-references.rst +++ b/docs/_include/common-references.txt diff --git a/docs/draw.io/pbr_example_1.drawio b/docs/_include/draw.io/pbr_example_1.drawio index 0d496572..0d496572 100644 --- a/docs/draw.io/pbr_example_1.drawio +++ b/docs/_include/draw.io/pbr_example_1.drawio diff --git a/docs/draw.io/vpn_s2s_ikev2.drawio b/docs/_include/draw.io/vpn_s2s_ikev2.drawio index b240c191..b240c191 100644 --- a/docs/draw.io/vpn_s2s_ikev2.drawio +++ b/docs/_include/draw.io/vpn_s2s_ikev2.drawio diff --git a/docs/_include/interface-common-with-dhcp.txt b/docs/_include/interface-common-with-dhcp.txt index 38a60346..46dddb9b 100644 --- a/docs/_include/interface-common-with-dhcp.txt +++ b/docs/_include/interface-common-with-dhcp.txt @@ -1,18 +1,18 @@ -.. cmdinclude:: ../_include/interface-address-with-dhcp.txt +.. cmdinclude:: /_include/interface-address-with-dhcp.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-common.txt +.. cmdinclude:: /_include/interface-common.txt    :var0: {{ var0 }}    :var1: {{ var1 }}  **DHCP(v6)** -.. cmdinclude:: ../_include/interface-dhcp-options.txt +.. cmdinclude:: /_include/interface-dhcp-options.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-dhcpv6-options.txt +.. cmdinclude:: /_include/interface-dhcpv6-options.txt    :var0: {{ var0 }}    :var1: {{ var1 }} diff --git a/docs/_include/interface-common-without-dhcp.txt b/docs/_include/interface-common-without-dhcp.txt index d861f003..73d39dd0 100644 --- a/docs/_include/interface-common-without-dhcp.txt +++ b/docs/_include/interface-common-without-dhcp.txt @@ -1,7 +1,7 @@ -.. cmdinclude:: ../_include/interface-address.txt +.. cmdinclude:: /_include/interface-address.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-common.txt +.. cmdinclude:: /_include/interface-common.txt    :var0: {{ var0 }}    :var1: {{ var1 }} diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt index cbe32cfb..79269fe3 100644 --- a/docs/_include/interface-common.txt +++ b/docs/_include/interface-common.txt @@ -1,24 +1,24 @@ -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-disable-flow-control.txt +.. cmdinclude:: /_include/interface-disable-flow-control.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-disable-link-detect.txt +.. cmdinclude:: /_include/interface-disable-link-detect.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-mac.txt +.. cmdinclude:: /_include/interface-mac.txt    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-mtu.txt +.. cmdinclude:: /_include/interface-mtu.txt    :var0: {{ var0 }}    :var1: {{ var1 }} @@ -30,6 +30,6 @@    :var0: {{ var0 }}    :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt    :var0: {{ var0 }}    :var1: {{ var1 }} diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt index e293fb48..6a34786f 100644 --- a/docs/_include/interface-vlan-8021ad.txt +++ b/docs/_include/interface-vlan-8021ad.txt @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt  IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as  an amendment to IEEE standard 802.1q VLAN interfaces as described above. @@ -28,7 +28,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG  (service tag with Ethernet Type = 0x88a8). -.. cmdinclude:: ../_include/interface-address-with-dhcp.txt +.. cmdinclude:: /_include/interface-address-with-dhcp.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -38,7 +38,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -48,7 +48,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -58,7 +58,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: ../_include/interface-disable-link-detect.txt +.. cmdinclude:: /_include/interface-disable-link-detect.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -68,7 +68,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: ../_include/interface-mac.txt +.. cmdinclude:: /_include/interface-mac.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -78,7 +78,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: ../_include/interface-mtu.txt +.. cmdinclude:: /_include/interface-mtu.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -108,7 +108,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -120,7 +120,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG  **DHCP(v6)** -.. cmdinclude:: ../_include/interface-dhcp-options.txt +.. cmdinclude:: /_include/interface-dhcp-options.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s @@ -130,7 +130,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG     :var6: <vlan-id>     :var7: 20 -.. cmdinclude:: ../_include/interface-dhcpv6-options.txt +.. cmdinclude:: /_include/interface-dhcpv6-options.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif-s diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt index 39f10073..e4ed9db0 100644 --- a/docs/_include/interface-vlan-8021q.txt +++ b/docs/_include/interface-vlan-8021q.txt @@ -29,42 +29,42 @@ term used for this is ``vif``.    .. note:: Only 802.1Q-tagged packets are accepted on Ethernet vifs. -.. cmdinclude:: ../_include/interface-address-with-dhcp.txt +.. cmdinclude:: /_include/interface-address-with-dhcp.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: ../_include/interface-disable-link-detect.txt +.. cmdinclude:: /_include/interface-disable-link-detect.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: ../_include/interface-mac.txt +.. cmdinclude:: /_include/interface-mac.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: ../_include/interface-mtu.txt +.. cmdinclude:: /_include/interface-mtu.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif @@ -85,7 +85,7 @@ term used for this is ``vif``.     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif @@ -94,14 +94,14 @@ term used for this is ``vif``.  **DHCP(v6)** -.. cmdinclude:: ../_include/interface-dhcp-options.txt +.. cmdinclude:: /_include/interface-dhcp-options.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif     :var3: <vlan-id>     :var4: 10 -.. cmdinclude:: ../_include/interface-dhcpv6-options.txt +.. cmdinclude:: /_include/interface-dhcpv6-options.txt     :var0: {{ var0 }}     :var1: {{ var1 }}     :var2: vif @@ -115,4 +115,4 @@ term used for this is ``vif``.     :var3: <vlan-id>     :var4: 10 -.. include:: ../common-references.rst
\ No newline at end of file +.. include:: ../common-references.rst diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x new file mode 160000 +Subproject 64d6e689a8274845a49e6931eda6cda04615de4 diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css index 7faf7b7f..6d36283d 100644 --- a/docs/_static/css/custom.css +++ b/docs/_static/css/custom.css @@ -10,12 +10,49 @@ span.cfgcmd {      font-family: SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;  } -.opcmd-heading, +span.cfgcmd:before { +  content: "#"; +  margin-right: 0px; +} + +td p a.cmdlink span.cfgcmd:before, +td p a.cmdlink span.opcmd:before  { +  content: ""; +} + +td p a.cmdlink, +td p a.cmdlink { +  margin-left: 0px; +} + +tr td p { +  margin-bottom:0px + } + +span.opcmd:before { +  content: "$"; +  margin-right: 0px; +} +  .cfgcmd-heading {      display: inline-block;      margin: 6px 0;      font-size: 90%;      line-height: normal; +    background: #f0d481; +    color: #2980B9; +    border-top: solid 3px #6ab0de; +    border-top-width: 3px; +    border-top-style: solid; +    border-top-color: #FF9302; +    padding: 6px; +} + +.opcmd-heading { +    display: inline-block; +    margin: 6px 0; +    font-size: 90%; +    line-height: normal;      background: #e7f2fa;      color: #2980B9;      border-top: solid 3px #6ab0de; @@ -34,7 +71,7 @@ span.cfgcmd {  .cfgcmd-heading .cmdlink:after, -.opcmd-heading .cmdlink:after { +.opcmd-heading .cmdlink:after{      content: "";      font-family: FontAwesome  } @@ -97,21 +134,44 @@ a.cmdlink span:hover{  }  .wy-side-nav-search { -  background-color : #FF0000 !important; +  background-color : #ffffff !important;  }  .wy-side-nav-search img { -  background-color : #FF0000 !important; +  background-color : #ffffff !important;  }  .wy-side-nav-search > div.version { -  color : rgba(255, 255, 255, 0.7) !important; +  color : #000000 !important; +} + +.wy-side-nav-search>a, +.wy-side-nav-search .wy-dropdown>a { + color:#000000; + font-size:100%; + font-weight:bold; + display:inline-block; + padding:4px 6px; + margin-bottom:.809em  }  .wy-nav-top { -  background-color : #FF0000 !important; +  background-color : #ffffff !important;  }  .wy-nav-top img { -  background-color : #FF0000 !important; +  background-color : #000000 !important; +} + +.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-ok, +.rst-content table.docutils td.coverage-ok { +  background-color: green; +  color: black;  } + + +.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-fail, +.rst-content table.docutils td.coverage-fail { +  background-color: red; +  color: black; +}
\ No newline at end of file diff --git a/docs/_static/images/vyos-logo.png b/docs/_static/images/vyos-logo.pngBinary files differ index bc1abe15..e3d6f68b 100644 --- a/docs/_static/images/vyos-logo.png +++ b/docs/_static/images/vyos-logo.png diff --git a/docs/appendix/release-notes.rst b/docs/appendix/release-notes.rst deleted file mode 100644 index 7ba8baaf..00000000 --- a/docs/appendix/release-notes.rst +++ /dev/null @@ -1,435 +0,0 @@ -.. _release-notes: - -############# -Release Notes -############# - -****************** -Version 1.2 - Crux -****************** - -1.2.6-S1 -======== - -1.2.6-S1 is a security release release made in September 2020. - -Resolved issues ---------------- - -VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It's a low- -impact vulnerability in the PowerDNS recursor that allows an attacker to cause -performance degradation via a specially crafted authoritative DNS server reply. - -* :vytask:`2899` remote syslog server migration error on update - -1.2.6 -===== - -1.2.6 is a maintenance release made in September 2020. - -Resolved issues ---------------- - -* :vytask:`103` DHCP server prepends shared network name to hostnames -* :vytask:`125` Missing PPPoE interfaces in l2tp configuration -* :vytask:`1194` cronjob is being setup even if not saved -* :vytask:`1205` module pcspkr missing -* :vytask:`1219` Redundant active-active configuration, asymmetric routing and -  conntrack-sync cache -* :vytask:`1220` Show transceiver information from plugin modules, e.g SFP+, -  QSFP -* :vytask:`1221` BGP - Default route injection is not processed by the specific -  route-map -* :vytask:`1241` Remove of policy route throws CLI error -* :vytask:`1291` Under certain conditions the VTI will stay forever down -* :vytask:`1463` Missing command `show ip bgp scan` appears in command -  completion -* :vytask:`1575` `show snmp mib ifmib` crashes with IndexError -* :vytask:`1699` Default net.ipv6.route.max_size 32768 is too low -* :vytask:`1729` PIM (Protocol Independent Multicast) implementation -* :vytask:`1901` Semicolon in values is interpreted as a part of the shell -  command by validators -* :vytask:`1934` Change default hostname when deploy from OVA without params. -* :vytask:`1938` syslog doesn't start automatically -* :vytask:`1949` Multihop IPv6 BFD is unconfigurable -* :vytask:`1953` DDNS service name validation rejects valid service names -* :vytask:`1956` PPPoE server: support PADO-delay -* :vytask:`1973` Allow route-map to match on BGP local preference value -* :vytask:`1974` Allow route-map to set administrative distance -* :vytask:`1982` Increase rotation for atop.acct -* :vytask:`1983` Expose route-map when BGP routes are programmed in to FIB -* :vytask:`1985` pppoe: Enable ipv6 modules without configured ipv6 pools -* :vytask:`2000` strongSwan does not install routes to table 220 in certain -  cases -* :vytask:`2021` OSPFv3 doesn't support decimal area syntax -* :vytask:`2062` Wrong dhcp-server static route subnet bytes -* :vytask:`2091` swanctl.conf file is not generated properly is more than one -  IPsec profile is used -* :vytask:`2131` Improve syslog remote host CLI definition -* :vytask:`2224` Update Linux Kernel to v4.19.114 -* :vytask:`2286` IPoE server vulnerability -* :vytask:`2303` Unable to delete the image version that came from OVA -* :vytask:`2305` Add release name to "show version" command -* :vytask:`2311` Statically configured name servers may not take precedence -  over ones from DHCP -* :vytask:`2327` Unable to create syslog server entry with different port -* :vytask:`2332` Backport node option for a syslog server -* :vytask:`2342` Bridge l2tpv3 + ethX errors -* :vytask:`2344` PPPoE server client static IP assignment silently fails -* :vytask:`2385` salt-minion: improve completion helpers -* :vytask:`2389` BGP community-list unknown command -* :vytask:`2398` op-mode "dhcp client leases interface" completion helper -  misses interfaces -* :vytask:`2402` Live ISO should warn when configuring that changes won't -  persist -* :vytask:`2443` NHRP: Add debugging information to syslog -* :vytask:`2448` `monitor protocol bgp` subcommands fail with 'command -  incomplete' -* :vytask:`2458` Update FRR to 7.3.1 -* :vytask:`2476` Bond member description change leads to network outage -* :vytask:`2478` login radius: use NAS-IP-Address if defined source address -* :vytask:`2482` Update PowerDNS recursor to 4.3.1 for CVE-2020-10995 -* :vytask:`2517` vyos-container: link_filter: No such file or directory -* :vytask:`2526` Wake-On-Lan CLI implementation -* :vytask:`2528` "update dns dynamic" throws FileNotFoundError excepton -* :vytask:`2536` "show log dns forwarding" still refers to dnsmasq -* :vytask:`2538` Update Intel NIC drivers to recent release (preparation for -  Kernel >=5.4) -* :vytask:`2545` Show physical device offloading capabilities for specified -  ethernet interface -* :vytask:`2563` Wrong interface binding for Dell VEP 1445 -* :vytask:`2605` SNMP service is not disabled by default -* :vytask:`2625` Provide generic Library for package builds -* :vytask:`2686` FRR: BGP: large-community configuration is not applied -  properly after upgrading FRR to 7.3.x series -* :vytask:`2701` `vpn ipsec pfs enable` doesn't work with IKE groups -* :vytask:`2728` Protocol option ignored for IPSec peers in transport mode -* :vytask:`2734` WireGuard: fwmark CLI definition is inconsistent -* :vytask:`2757` "show system image version" contains additional new-line -  character breaking output -* :vytask:`2797` Update Linux Kernel to v4.19.139 -* :vytask:`2822` Update Linux Kernel to v4.19.141 -* :vytask:`2829` PPPoE server: mppe setting is implemented as node instead of -  leafNode -* :vytask:`2831` Update Linux Kernel to v4.19.142 -* :vytask:`2852` rename dynamic dns interface breaks ddclient.cache permissions -* :vytask:`2853` Intel QAT acceleration does not work - -1.2.5 -===== - -1.2.5 is a maintenance release made in April 2020. - -Resolved issues ---------------- - -* :vytask:`1020` OSPF Stops distributing default route after a while -* :vytask:`1228` pppoe default-route force option not working (Rel 1.2.0-rc11) -* :vytask:`1301` bgp peer-groups don't work when "no-ipv4-unicast" is enabled. -* :vytask:`1341` Adding rate-limiter for pppoe server users -* :vytask:`1376` Incorrect DHCP lease counting -* :vytask:`1392` Large firewall rulesets cause the system to lose configuration -  and crash at startup -* :vytask:`1416` 2 dhcp server run in failover mode can't sync hostname with -  each other -* :vytask:`1452` accel-pppoe - add vendor option to shaper -* :vytask:`1490` BGP configuration (is lost|not applied) when updating 1.1.8 -> -  1.2.1 -* :vytask:`1780` Adding ipsec ike closeaction -* :vytask:`1803` Unbind NTP while it's not requested... -* :vytask:`1821` "authentication mode radius" has no effect for PPPoE server -* :vytask:`1827` Increase default gc_thresh -* :vytask:`1828` Missing completion helper for "set system syslog host -  192.0.2.1 facility all protocol" -* :vytask:`1832` radvd adding feature DNSSL branch.example.com example.com to -  existing package -* :vytask:`1837` PPPoE unrecognized option 'replacedefaultroute' -* :vytask:`1851` wireguard - changing the pubkey on an existing peer seems to -  destroy the running config. -* :vytask:`1858` l2tp: Delete depricated outside-nexthop and add gateway-address -* :vytask:`1864` Lower IPSec DPD timeout lower limit from 10s -> 2s -* :vytask:`1879` Extend Dynamic DNS XML definition value help strings and -  validators -* :vytask:`1881` Execute permissions are removed from custom SNMP scripts at -  commit time -* :vytask:`1884` Keeping VRRP transition-script native behaviour and adding -  stop-script -* :vytask:`1891` Router announcements broken on boot -* :vytask:`1900` Enable SNMP for VRRP. -* :vytask:`1902` Add redistribute non main table in bgp -* :vytask:`1909` Incorrect behaviour of static routes with overlapping networks -* :vytask:`1913` "system ipv6 blacklist" command has no effect -* :vytask:`1914` IPv6 multipath hash policy does not apply -* :vytask:`1917` Update WireGuard to Debian release 0.0.20191219-1 -* :vytask:`1934` Change default hostname when deploy from OVA without params. -* :vytask:`1935` NIC identification and usage problem in Hyper-V environments -* :vytask:`1936` pppoe-server CLI control features -* :vytask:`1964` SNMP Script-extensions allows names with spaces, but commit -  fails -* :vytask:`1967` BGP parameter "enforce-first-as" does not work anymore -* :vytask:`1970` Correct adding interfaces on boot -* :vytask:`1971` Missing modules in initrd.img for PXE boot -* :vytask:`1998` Update FRR to 7.3 -* :vytask:`2001` Error when router reboot -* :vytask:`2032` Monitor bandwidth bits -* :vytask:`2059` Set source-validation on bond vif don't work -* :vytask:`2066` PPPoE interface can be created multiple times - last wins -* :vytask:`2069` PPPoE-client does not works with service-name option -* :vytask:`2077` ISO build from crux branch is failing -* :vytask:`2079` Update Linux Kernel to v4.19.106 -* :vytask:`2087` Add maxfail 0 option to pppoe configuration. -* :vytask:`2100` BGP route adverisement wih checks rib -* :vytask:`2120` "reset vpn ipsec-peer" doesn't work with named peers -* :vytask:`2197` Cant add vif-s interface into a bridge -* :vytask:`2228` WireGuard does not allow ports < 1024 to be used -* :vytask:`2252` HTTP API add system image can return '504 Gateway Time-out' -* :vytask:`2272` Set system flow-accounting disable-imt has syntax error -* :vytask:`2276` PPPoE server vulnerability - - -1.2.4 -===== - -1.2.4 is a maintenance release made in December 2019. - -Resolved issues ---------------- - -* :vytask:`T258` Can not configure wan load-balancing on vyos-1.2 -* :vytask:`T818` SNMP v3 - remove required engineid from user node -* :vytask:`T1030` Upgrade ddclient from 3.8.2 to 3.9.0 (support Cloudflare -  API v4) -* :vytask:`T1183` BFD Support via FRR -* :vytask:`T1299` Allow SNMPd to be extended with custom scripts -* :vytask:`T1351` accel-pppoe adding CIDR based IP pool option -* :vytask:`T1391` In route-map set community additive -* :vytask:`T1394` syslog systemd and host_name.py race condition -* :vytask:`T1401` Copying files with the FTP protocol fails if the password -  contains special characters -* :vytask:`T1421` OpenVPN client push-route stopped working, needs added quotes -  to fix -* :vytask:`T1430` Add options for custom DHCP client-id and hostname -* :vytask:`T1447` Python subprocess called without import in host_name.py -* :vytask:`T1470` improve output of "show dhcpv6 server leases" -* :vytask:`T1485` Enable 'AdvIntervalOpt' option in for radvd.conf -* :vytask:`T1496` Separate rolling release and LTS kernel builds -* :vytask:`T1560` "set load-balancing wan rule 0" causes segfault and prevents -  load balancing from starting -* :vytask:`T1568` strip-private command improvement for additional masking of -  IPv6 and MAC address -* :vytask:`T1578` completion offers "show table", but show table does not exist -* :vytask:`T1593` Support ip6gre -* :vytask:`T1597` /usr/sbin/rsyslogd after deleting "system syslog" -* :vytask:`T1638` vyos-hostsd not setting system domain name -* :vytask:`T1678` hostfile-update missing line feed -* :vytask:`T1694` NTPd: Do not listen on all interfaces by default -* :vytask:`T1701` Delete domain-name and domain-search won't work -* :vytask:`T1705` High CPU usage by bgpd when snmp is active -* :vytask:`T1707` DHCP static mapping and exclude address not working -* :vytask:`T1708` Update Rolling Release Kernel to 4.19.76 -* :vytask:`T1709` Update WireGuard to 0.0.20190913 -* :vytask:`T1716` Update Intel NIC drivers to recent versions -* :vytask:`T1726` Update Linux Firmware binaries to a more recent version -  2019-03-14 -> 2019-10-07 -* :vytask:`T1728` Update Linux Kernel to 4.19.79 -* :vytask:`T1737` SNMP tab completion missing -* :vytask:`T1738` Copy SNMP configuration from node to node raises exception -* :vytask:`T1740` Broken OSPFv2 virtual-link authentication -* :vytask:`T1742` NHRP unable to commit. -* :vytask:`T1745` dhcp-server commit fails with "DHCP range stop address x must -  be greater or equal to the range start address y!" when static mapping has -  same IP as range stop -* :vytask:`T1749` numeric validator doesn't support multiple ranges -* :vytask:`T1769` Remove complex SNMPv3 Transport Security Model (TSM) -* :vytask:`T1772` <regex> constraints in XML are partially broken -* :vytask:`T1778` Kilobits/Megabits difference in configuration Vyos/FRR -* :vytask:`T1780` Adding ipsec ike closeaction -* :vytask:`T1786` disable-dhcp-nameservers is missed in current host_name.py -  implementation -* :vytask:`T1788` Intel QAT (QuickAssist Technology ) implementation -* :vytask:`T1792` Update WireGuard to Debian release 0.0.20191012-1 -* :vytask:`T1800` Update Linux Kernel to v4.19.84 -* :vytask:`T1809` Wireless: SSID scan does not work in AP mode -* :vytask:`T1811` Upgrade from 1.1.8: Config file migration failed: module=l2tp -* :vytask:`T1812` DHCP: hostnames of clients not resolving after update v1.2.3 -  -> 1.2-rolling -* :vytask:`T1819` Reboot kills SNMPv3 configuration -* :vytask:`T1822` Priority inversion wireless interface dhcpv6 -* :vytask:`T1825` Improve DHCP configuration error message -* :vytask:`T1836` import-conf-mode-commands in vyos-1x/scripts fails to create -  an XML -* :vytask:`T1839` LLDP shows "VyOS unknown" instead of "VyOS" -* :vytask:`T1841` PPP ipv6-up.d direcotry missing -* :vytask:`T1893` igmp-proxy: Do not allow adding unknown interface -* :vytask:`T1903` Implementation udev predefined interface naming -* :vytask:`T1904` update eth1 and eth2 link files for the vep4600 - - -1.2.3 -===== - -1.2.3 is a maintenance and feature backport release made in September 2019. - -New features ------------- - -* HTTP API -* :vytask:`T1524` "set service dns forwarding allow-from <IPv4 net|IPv6 net>" -  option for limiting queries to specific client networks -* :vytask:`T1503` Functions for checking if a commit is in progress -* :vytask:`T1543` "set system contig-mangement commit-archive source-address" -  option -* :vytask:`T1554` Intel NIC drivers now support receive side scaling and -  multiqueue - -Resolved issues ---------------- - -* :vytask:`T1209` OSPF max-metric values over 100 no longer causes commit -  errors -* :vytask:`T1333` Fixes issue with DNS forwarding not performing recursive -  lookups on domain specific forwarders -* :vytask:`T1362` Special characters in VRRP passwords are handled correctly -* :vytask:`T1377` BGP weight is applied properly -* :vytask:`T1420` Fixed permission for log files -* :vytask:`T1425` Wireguard interfaces now support /31 addresses -* :vytask:`T1428` Wireguard correctly handles firewall marks -* :vytask:`T1439` DHCPv6 static mappings now work correctly -* :vytask:`T1450` Flood ping commands now works correctly -* :vytask:`T1460` Op mode "show firewall" commands now support counters longer -  than 8 digits (T1460) -* :vytask:`T1465` Fixed priority inversion in VTI commands -* :vytask:`T1468` Fixed remote-as check in the BGP route-reflector-client option -* :vytask:`T1472` It's now possible to re-create VRRP groups with RFC -  compatibility mode enabled -* :vytask:`T1527` Fixed a typo in DHCPv6 server help strings -* :vytask:`T1529` Unnumbered BGP peers now support VLAN interfaces -* :vytask:`T1530` Fixed "set system syslog global archive file" command -* :vytask:`T1531` Multiple fixes in cluster configuration scripts -* :vytask:`T1537` Fixed missing help text for "service dns" -* :vytask:`T1541` Fixed input validation in DHCPv6 relay options -* :vytask:`T1551` It's now possible to create a QinQ interface and a firewall -  assigned to it in one commit -* :vytask:`T1559` URL filtering now uses correct rule database path and works -  again -* :vytask:`T1579` "show log vpn ipsec" command works again -* :vytask:`T1576` "show arp interface <intf>" command works again -* :vytask:`T1605` Fixed regression in L2TP/IPsec server -* :vytask:`T1613` Netflow/sFlow captures IPv6 traffic correctly -* :vytask:`T1616` "renew dhcpv6" command now works from op mode -* :vytask:`T1642` BGP remove-private-as option iBGP vs eBGP check works -  correctly now -* :vytask:`T1540`, :vytask:`T1360`, :vytask:`T1264`, :vytask:`T1623` Multiple -  improvements in name servers and hosts configuration handling - -Internals ---------- - -``/etc/resolv.conf`` and ``/etc/hosts`` files are now managed by the -*vyos-hostsd* service that listens on a ZMQ socket for update messages. - -1.2.2 -===== - -1.2.2 is a maintenance release made in July 2019. - -New features ------------- - -* Options for per-interface MSS clamping. -* BGP extended next-hop capability -* Relaxed BGP multipath option -* Internal and external options for "remote-as" (accept any AS as long as it's -  the same to this router or different, respectively) -* "Unnumbered" (interface-based) BGP peers -* BGP no-prepend option -* Additive BGP community option -* OSPFv3 network type option -* Custom arguments for VRRP scripts -* A script for querying values from config files - -Resolved issues ---------------- - -* Linux kernel 4.19.54, including a fix for the TCP SACK vulnerability -* :vytask:`T1371` VRRP health-check scripts now can use arguments -* :vytask:`T1497` DNS server addresses coming from a DHCP server are now -  correctly propagated to resolv.conf -* :vytask:`T1469` Domain-specific name servers in DNS forwarding are now used -  for recursive queries -* :vytask:`T1433` ``run show dhcpv6 server leases`` now display leases correctly -* :vytask:`T1461` Deleting ``firewall options`` node no longer causes errors -* :vytask:`T1458` Correct hostname is sent to remote syslog again -* :vytask:`T1438` Board serial number from DMI is correctly displayed in -  ``show version`` -* :vytask:`T1358`, :vytask:`T1355`, :vytask:`T1294` Multiple corrections in -  remote syslog config -* :vytask:`T1255` Fixed missing newline in ``/etc/hosts`` -* :vytask:`T1174` ``system domain-name`` is correctly included in -  ``/etc/resolv.conf`` -* :vytask:`T1465` Fixed priority inversion in ``interfaces vti vtiX ip`` -  settings -* :vytask:`T1446` Fixed errors when installing with RAID1 on UEFI machines -* :vytask:`T1387` Fixed an error on disabling an interfaces that has no address -* :vytask:`T1367` Fixed deleting VLAN interface with non-default MTU -* :vytask:`T1505` vyos.config ``return_effective_values()`` function now -  correctly returns a list rather than a string - -1.2.1 -===== - -VyOS 1.2.1 is a maintenance release made in April 2019. - -Resolved issues ---------------- - -* Package updates: kernel 4.19.32, open-vm-tools 10.3, latest Intel NIC drivers -* :vytask:`T1326` The kernel now includes drivers for various USB serial -  adapters, which allows people to add a serial console to a machine without -  onboard RS232, or connect to something else from the router -* The collection of network card firmware is now much more extensive -* :vytask:`T1271` VRRP now correctly uses a virtual rather than physical MAC -  addresses in the RFC-compliant mode -* :vytask:`T1330` DHCP WPAD URL option works correctly again -* :vytask:`T1312` Many to many NAT rules now can use source/destination and -  translation networks of non-matching size. If 1:1 network bits translation is -  desired, it's now users responsibility to check if prefix length matches. -* :vytask:`T1290` IPv6 network prefix translation is fixed -* :vytask:`T1308` Non-alphanumeric characters such as ``>`` can now be safely -  used in PPPoE passwords -* :vytask:`T1305` ``show | commands`` no longer fails when a config section ends -  with a leaf node such as ``timezone`` in ``show system | commands`` -* :vytask:`T1235` ``show | commands`` correctly works in config mode now -* :vytask:`T1298` VTI is now compatible with the DHCP-interface IPsec option -* :vytask:`T1277` ``show dhcp server statistics`` command was broken in latest -  Crux -* :vytask:`T1261` An issue with TFTP server refusing to listen on addresses -  other than loopback was fixed -* :vytask:`T1224` Template issue that might cause UDP broadcast relay fail to -  start is fixed -* :vytask:`T1067` VXLAN value validation is improved -* :vytask:`T1211` Blank hostnames in DHCP updates no longer can crash DNS -  forwarding -* :vytask:`T1322` Correct configuration is now generated for DHCPv6 relays with -  more than one upstream interface -* :vytask:`T1234` ``relay-agents-packets`` option works correctly now -* :vytask:`T1231` Dynamic DNS data is now cleaned on configuration change -* :vytask:`T1282` Remote Syslog can now use a fully qualified domain name -* :vytask:`T1279` ACPI power off works again -* :vytask:`T1247` Negation in WAN load balancing rules works again -* :vytask:`T1218` FRR staticd now starts on boot correctly -* :vytask:`T1296` The installer now correctly detects SD card devices -* :vytask:`T1225` Wireguard peers can be disabled now -* :vytask:`T1217` The issue with Wireguard interfaces impossible to delete -  is fixed -* :vytask:`T1160` Unintended IPv6 access is fixed in SNMP configuration -* :vytask:`T1060` It's now possible to exclude hosts from the transparent -  web proxy -* :vytask:`T484` An issue with rules impossible to delete from the zone-based -  firewall is fixed - -Earlier releases -================ - -Release notes for legacy versions (1.1.x, 1.0.x) can be found in the -`archived wiki <https://web.archive.org/web/20200212180711/https://wiki.vyos.net/wiki/Category:Release_notes>`_. diff --git a/docs/appendix/virtual/index.rst b/docs/appendix/virtual/index.rst deleted file mode 100644 index 7ede37b5..00000000 --- a/docs/appendix/virtual/index.rst +++ /dev/null @@ -1,12 +0,0 @@ -.. _virtual: - -Running on Virtual Environments -=============================== - - -.. toctree:: -   :maxdepth: 2 - -   libvirt -   vyos-on-vmware -   vyos-on-gns3 diff --git a/docs/appendix/vyos-on-clouds.rst b/docs/appendix/vyos-on-clouds.rst deleted file mode 100644 index 33b7011e..00000000 --- a/docs/appendix/vyos-on-clouds.rst +++ /dev/null @@ -1,173 +0,0 @@ -.. _vyos-on-clouds: - -Running on Clouds -################# - -Amazon AWS -********** - -Deploy VM ---------- - -Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)` - -1. Click to ``Instances`` and ``Launch Instance`` - -.. figure:: /_static/images/cloud-aws-01.png - -2. On the marketplace search "VyOS" - -.. figure:: /_static/images/cloud-aws-02.png - -3. Choose the instance type. Minimum recommendation start from ``m3.medium`` - -.. figure:: /_static/images/cloud-aws-03.png - -4. Configure instance for your requirements. Select number of instances / network / subnet - -.. figure:: /_static/images/cloud-aws-04.png - -5. Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skeep this step. - -.. figure:: /_static/images/cloud-aws-05.png - -6. Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default). - -.. figure:: /_static/images/cloud-aws-06.png - -7. Select SSH key pair and click ``Launch Instances`` - -.. figure:: /_static/images/cloud-aws-07.png - -8. Find out your public IP address. - -.. figure:: /_static/images/cloud-aws-08.png - -9. Connect to the instance by SSH key. - -  .. code-block:: none - -    ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3 -    vyos@ip-192-0-2-10:~$ - - - - -References ----------- -https://console.aws.amazon.com/ - -Azure -***** - -Deploy VM ---------- - -Deploy VyOS on Azure. - -1. Go to the Azure services and Click to **Add new Virtual machine** - -2. Choose vm name, resource group, region and click **Browse all public and private images** - -.. figure:: /_static/images/cloud-azure-01.png - -3. On the marketplace search ``VyOS`` - -.. figure:: /_static/images/cloud-azure-02.png - -4. Generate new SSH key pair or use existing. - -.. figure:: /_static/images/cloud-azure-03.png - -5. Define network, subnet, Public IP. Or it will be created by default. - -.. figure:: /_static/images/cloud-azure-04.png - -6. Click ``Review + create``. After fiew second your deployment will be complete - -.. figure:: /_static/images/cloud-azure-05.png - -7. Click to your new vm and find out your Public IP address. - -.. figure:: /_static/images/cloud-azure-06.png - -8. Connect to the instance by SSH key. - -  .. code-block:: none - -    ssh -i ~/.ssh/vyos_azure vyos@203.0.113.3 -    vyos@vyos-doc-r1:~$ - -Add interface -------------- - -If instance was deployed with one **eth0** ``WAN`` interface and want to add new one. -To add new interface an example **eth1** ``LAN`` you need shutdown the instance. Attach the interface in the Azure portal and then start the instance. - -.. NOTE:: Azure does not allow you attach interface when the instance in the **Running** state. - -References ----------- -https://azure.microsoft.com - -Google Cloud Platform -********************* - -Deploy VM ---------- - -To deploy VyOS on GCP (Google Cloud Platform) - -1. Generate SSH key pair type **ssh-rsa** from the host that will connect to VyOS. - -  Example: - -  .. code-block:: none - -    ssh-keygen -t rsa -f ~/.ssh/vyos_gcp -C "vyos@mypc" - - -.. NOTE:: In name "vyos@mypc" The first value must be "**vyos**". Because default user is vyos and google api uses this option. - - -2. Open GCP console and navigate to the menu **Metadata**. Choose **SSH Keys** and click ``edit``. - -.. figure:: /_static/images/cloud-gcp-01.png - - -Click **Add item** and paste your public ssh key. Click ``Save``. - -.. figure:: /_static/images/cloud-gcp-02.png - - -2. On marketplace search "VyOS" - -3. Change Deployment name/Zone/Machine type and click ``Deploy`` - -.. figure:: /_static/images/cloud-gcp-03.png - -4. After fiew seconds click to ``instance`` - -.. figure:: /_static/images/cloud-gcp-04.png - -5. Find out your external IP address - -.. figure:: /_static/images/cloud-gcp-05.png - -6. Connect to the instance. SSH key was generated in the first step. - -  .. code-block:: none - -    ssh -i ~/.ssh/vyos_gcp vyos@203.0.113.3 -    vyos@vyos-r1-vm:~$ - -References ----------- -https://console.cloud.google.com/ - -Oracle -***************** - -References ----------- -https://www.oracle.com/cloud/ diff --git a/docs/appendix/command-scripting.rst b/docs/automation/command-scripting.rst index 7d0ab6c5..7d0ab6c5 100644 --- a/docs/appendix/command-scripting.rst +++ b/docs/automation/command-scripting.rst diff --git a/docs/automation/index.rst b/docs/automation/index.rst new file mode 100644 index 00000000..e07dfecc --- /dev/null +++ b/docs/automation/index.rst @@ -0,0 +1,15 @@ +############### +VyOS Automation +############### + + +  * Ansible +  * Saltstack +  * HTTP-API +  * startup scripts + + +.. toctree:: +   :maxdepth: 1 + +   command-scripting
\ No newline at end of file diff --git a/docs/changelog/1.2.1.rst b/docs/changelog/1.2.1.rst new file mode 100644 index 00000000..4f22dd0a --- /dev/null +++ b/docs/changelog/1.2.1.rst @@ -0,0 +1,52 @@ +1.2.1 +===== + +VyOS 1.2.1 is a maintenance release made in April 2019. + +Resolved issues +--------------- + +* Package updates: kernel 4.19.32, open-vm-tools 10.3, latest Intel NIC drivers +* :vytask:`T1326` The kernel now includes drivers for various USB serial +  adapters, which allows people to add a serial console to a machine without +  onboard RS232, or connect to something else from the router +* The collection of network card firmware is now much more extensive +* :vytask:`T1271` VRRP now correctly uses a virtual rather than physical MAC +  addresses in the RFC-compliant mode +* :vytask:`T1330` DHCP WPAD URL option works correctly again +* :vytask:`T1312` Many to many NAT rules now can use source/destination and +  translation networks of non-matching size. If 1:1 network bits translation is +  desired, it's now users responsibility to check if prefix length matches. +* :vytask:`T1290` IPv6 network prefix translation is fixed +* :vytask:`T1308` Non-alphanumeric characters such as ``>`` can now be safely +  used in PPPoE passwords +* :vytask:`T1305` ``show | commands`` no longer fails when a config section ends +  with a leaf node such as ``timezone`` in ``show system | commands`` +* :vytask:`T1235` ``show | commands`` correctly works in config mode now +* :vytask:`T1298` VTI is now compatible with the DHCP-interface IPsec option +* :vytask:`T1277` ``show dhcp server statistics`` command was broken in latest +  Crux +* :vytask:`T1261` An issue with TFTP server refusing to listen on addresses +  other than loopback was fixed +* :vytask:`T1224` Template issue that might cause UDP broadcast relay fail to +  start is fixed +* :vytask:`T1067` VXLAN value validation is improved +* :vytask:`T1211` Blank hostnames in DHCP updates no longer can crash DNS +  forwarding +* :vytask:`T1322` Correct configuration is now generated for DHCPv6 relays with +  more than one upstream interface +* :vytask:`T1234` ``relay-agents-packets`` option works correctly now +* :vytask:`T1231` Dynamic DNS data is now cleaned on configuration change +* :vytask:`T1282` Remote Syslog can now use a fully qualified domain name +* :vytask:`T1279` ACPI power off works again +* :vytask:`T1247` Negation in WAN load balancing rules works again +* :vytask:`T1218` FRR staticd now starts on boot correctly +* :vytask:`T1296` The installer now correctly detects SD card devices +* :vytask:`T1225` Wireguard peers can be disabled now +* :vytask:`T1217` The issue with Wireguard interfaces impossible to delete +  is fixed +* :vytask:`T1160` Unintended IPv6 access is fixed in SNMP configuration +* :vytask:`T1060` It's now possible to exclude hosts from the transparent +  web proxy +* :vytask:`T484` An issue with rules impossible to delete from the zone-based +  firewall is fixed
\ No newline at end of file diff --git a/docs/changelog/1.2.2.rst b/docs/changelog/1.2.2.rst new file mode 100644 index 00000000..17ba941f --- /dev/null +++ b/docs/changelog/1.2.2.rst @@ -0,0 +1,46 @@ +1.2.2 +===== + +1.2.2 is a maintenance release made in July 2019. + +New features +------------ + +* Options for per-interface MSS clamping. +* BGP extended next-hop capability +* Relaxed BGP multipath option +* Internal and external options for "remote-as" (accept any AS as long as it's +  the same to this router or different, respectively) +* "Unnumbered" (interface-based) BGP peers +* BGP no-prepend option +* Additive BGP community option +* OSPFv3 network type option +* Custom arguments for VRRP scripts +* A script for querying values from config files + +Resolved issues +--------------- + +* Linux kernel 4.19.54, including a fix for the TCP SACK vulnerability +* :vytask:`T1371` VRRP health-check scripts now can use arguments +* :vytask:`T1497` DNS server addresses coming from a DHCP server are now +  correctly propagated to resolv.conf +* :vytask:`T1469` Domain-specific name servers in DNS forwarding are now used +  for recursive queries +* :vytask:`T1433` ``run show dhcpv6 server leases`` now display leases correctly +* :vytask:`T1461` Deleting ``firewall options`` node no longer causes errors +* :vytask:`T1458` Correct hostname is sent to remote syslog again +* :vytask:`T1438` Board serial number from DMI is correctly displayed in +  ``show version`` +* :vytask:`T1358`, :vytask:`T1355`, :vytask:`T1294` Multiple corrections in +  remote syslog config +* :vytask:`T1255` Fixed missing newline in ``/etc/hosts`` +* :vytask:`T1174` ``system domain-name`` is correctly included in +  ``/etc/resolv.conf`` +* :vytask:`T1465` Fixed priority inversion in ``interfaces vti vtiX ip`` +  settings +* :vytask:`T1446` Fixed errors when installing with RAID1 on UEFI machines +* :vytask:`T1387` Fixed an error on disabling an interfaces that has no address +* :vytask:`T1367` Fixed deleting VLAN interface with non-default MTU +* :vytask:`T1505` vyos.config ``return_effective_values()`` function now +  correctly returns a list rather than a string
\ No newline at end of file diff --git a/docs/changelog/1.2.3.rst b/docs/changelog/1.2.3.rst new file mode 100644 index 00000000..653beec1 --- /dev/null +++ b/docs/changelog/1.2.3.rst @@ -0,0 +1,62 @@ +1.2.3 +===== + +1.2.3 is a maintenance and feature backport release made in September 2019. + +New features +------------ + +* HTTP API +* :vytask:`T1524` "set service dns forwarding allow-from <IPv4 net|IPv6 net>" +  option for limiting queries to specific client networks +* :vytask:`T1503` Functions for checking if a commit is in progress +* :vytask:`T1543` "set system contig-mangement commit-archive source-address" +  option +* :vytask:`T1554` Intel NIC drivers now support receive side scaling and +  multiqueue + +Resolved issues +--------------- + +* :vytask:`T1209` OSPF max-metric values over 100 no longer causes commit +  errors +* :vytask:`T1333` Fixes issue with DNS forwarding not performing recursive +  lookups on domain specific forwarders +* :vytask:`T1362` Special characters in VRRP passwords are handled correctly +* :vytask:`T1377` BGP weight is applied properly +* :vytask:`T1420` Fixed permission for log files +* :vytask:`T1425` Wireguard interfaces now support /31 addresses +* :vytask:`T1428` Wireguard correctly handles firewall marks +* :vytask:`T1439` DHCPv6 static mappings now work correctly +* :vytask:`T1450` Flood ping commands now works correctly +* :vytask:`T1460` Op mode "show firewall" commands now support counters longer +  than 8 digits (T1460) +* :vytask:`T1465` Fixed priority inversion in VTI commands +* :vytask:`T1468` Fixed remote-as check in the BGP route-reflector-client option +* :vytask:`T1472` It's now possible to re-create VRRP groups with RFC +  compatibility mode enabled +* :vytask:`T1527` Fixed a typo in DHCPv6 server help strings +* :vytask:`T1529` Unnumbered BGP peers now support VLAN interfaces +* :vytask:`T1530` Fixed "set system syslog global archive file" command +* :vytask:`T1531` Multiple fixes in cluster configuration scripts +* :vytask:`T1537` Fixed missing help text for "service dns" +* :vytask:`T1541` Fixed input validation in DHCPv6 relay options +* :vytask:`T1551` It's now possible to create a QinQ interface and a firewall +  assigned to it in one commit +* :vytask:`T1559` URL filtering now uses correct rule database path and works +  again +* :vytask:`T1579` "show log vpn ipsec" command works again +* :vytask:`T1576` "show arp interface <intf>" command works again +* :vytask:`T1605` Fixed regression in L2TP/IPsec server +* :vytask:`T1613` Netflow/sFlow captures IPv6 traffic correctly +* :vytask:`T1616` "renew dhcpv6" command now works from op mode +* :vytask:`T1642` BGP remove-private-as option iBGP vs eBGP check works +  correctly now +* :vytask:`T1540`, :vytask:`T1360`, :vytask:`T1264`, :vytask:`T1623` Multiple +  improvements in name servers and hosts configuration handling + +Internals +--------- + +``/etc/resolv.conf`` and ``/etc/hosts`` files are now managed by the +*vyos-hostsd* service that listens on a ZMQ socket for update messages.
\ No newline at end of file diff --git a/docs/changelog/1.2.4.rst b/docs/changelog/1.2.4.rst new file mode 100644 index 00000000..397c9bb9 --- /dev/null +++ b/docs/changelog/1.2.4.rst @@ -0,0 +1,65 @@ +1.2.4 +===== + +1.2.4 is a maintenance release made in December 2019. + +Resolved issues +--------------- + +* :vytask:`T258` Can not configure wan load-balancing on vyos-1.2 +* :vytask:`T818` SNMP v3 - remove required engineid from user node +* :vytask:`T1030` Upgrade ddclient from 3.8.2 to 3.9.0 (support Cloudflare API v4) +* :vytask:`T1183` BFD Support via FRR +* :vytask:`T1299` Allow SNMPd to be extended with custom scripts +* :vytask:`T1351` accel-pppoe adding CIDR based IP pool option +* :vytask:`T1391` In route-map set community additive +* :vytask:`T1394` syslog systemd and host_name.py race condition +* :vytask:`T1401` Copying files with the FTP protocol fails if the password contains special characters +* :vytask:`T1421` OpenVPN client push-route stopped working, needs added quotes to fix +* :vytask:`T1430` Add options for custom DHCP client-id and hostname +* :vytask:`T1447` Python subprocess called without import in host_name.py +* :vytask:`T1470` improve output of "show dhcpv6 server leases" +* :vytask:`T1485` Enable 'AdvIntervalOpt' option in for radvd.conf +* :vytask:`T1496` Separate rolling release and LTS kernel builds +* :vytask:`T1560` "set load-balancing wan rule 0" causes segfault and prevents load balancing from starting +* :vytask:`T1568` strip-private command improvement for additional masking of IPv6 and MAC address +* :vytask:`T1578` completion offers "show table", but show table does not exist +* :vytask:`T1593` Support ip6gre +* :vytask:`T1597` /usr/sbin/rsyslogd after deleting "system syslog" +* :vytask:`T1638` vyos-hostsd not setting system domain name +* :vytask:`T1678` hostfile-update missing line feed +* :vytask:`T1694` NTPd: Do not listen on all interfaces by default +* :vytask:`T1701` Delete domain-name and domain-search won't work +* :vytask:`T1705` High CPU usage by bgpd when snmp is active +* :vytask:`T1707` DHCP static mapping and exclude address not working +* :vytask:`T1708` Update Rolling Release Kernel to 4.19.76 +* :vytask:`T1709` Update WireGuard to 0.0.20190913 +* :vytask:`T1716` Update Intel NIC drivers to recent versions +* :vytask:`T1726` Update Linux Firmware binaries to a more recent version 2019-03-14 -> 2019-10-07 +* :vytask:`T1728` Update Linux Kernel to 4.19.79 +* :vytask:`T1737` SNMP tab completion missing +* :vytask:`T1738` Copy SNMP configuration from node to node raises exception +* :vytask:`T1740` Broken OSPFv2 virtual-link authentication +* :vytask:`T1742` NHRP unable to commit. +* :vytask:`T1745` dhcp-server commit fails with "DHCP range stop address x must be greater or equal to the range start address y!" when static mapping has same IP as range stop +* :vytask:`T1749` numeric validator doesn't support multiple ranges +* :vytask:`T1769` Remove complex SNMPv3 Transport Security Model (TSM) +* :vytask:`T1772` <regex> constraints in XML are partially broken +* :vytask:`T1778` Kilobits/Megabits difference in configuration Vyos/FRR +* :vytask:`T1780` Adding ipsec ike closeaction +* :vytask:`T1786` disable-dhcp-nameservers is missed in current host_name.py implementation +* :vytask:`T1788` Intel QAT (QuickAssist Technology ) implementation +* :vytask:`T1792` Update WireGuard to Debian release 0.0.20191012-1 +* :vytask:`T1800` Update Linux Kernel to v4.19.84 +* :vytask:`T1809` Wireless: SSID scan does not work in AP mode +* :vytask:`T1811` Upgrade from 1.1.8: Config file migration failed: module=l2tp +* :vytask:`T1812` DHCP: hostnames of clients not resolving after update v1.2.3 -> 1.2-rolling +* :vytask:`T1819` Reboot kills SNMPv3 configuration +* :vytask:`T1822` Priority inversion wireless interface dhcpv6 +* :vytask:`T1825` Improve DHCP configuration error message +* :vytask:`T1836` import-conf-mode-commands in vyos-1x/scripts fails to create an xml +* :vytask:`T1839` LLDP shows "VyOS unknown" instead of "VyOS" +* :vytask:`T1841` PPP ipv6-up.d direcotry missing +* :vytask:`T1893` igmp-proxy: Do not allow adding unknown interface +* :vytask:`T1903` Implementation udev predefined interface naming +* :vytask:`T1904` update eth1 and eth2 link files for the vep4600
\ No newline at end of file diff --git a/docs/changelog/1.2.5.rst b/docs/changelog/1.2.5.rst new file mode 100644 index 00000000..231e92f2 --- /dev/null +++ b/docs/changelog/1.2.5.rst @@ -0,0 +1,60 @@ +1.2.5 +===== + +1.2.5 is a maintenance release made in April 2020. + +Resolved issues +--------------- + +* :vytask:`1020` OSPF Stops distributing default route after a while +* :vytask:`1228` pppoe default-route force option not working (Rel 1.2.0-rc11) +* :vytask:`1301` bgp peer-groups don't work when "no-ipv4-unicast" is enabled. +* :vytask:`1341` Adding rate-limiter for pppoe server users +* :vytask:`1376` Incorrect DHCP lease counting +* :vytask:`1392` Large firewall rulesets cause the system to lose configuration and crash at startup +* :vytask:`1416` 2 dhcp server run in failover mode can't sync hostname with each other +* :vytask:`1452` accel-pppoe - add vendor option to shaper +* :vytask:`1490` BGP configuration (is lost|not applied) when updating 1.1.8 -> 1.2.1 +* :vytask:`1780` Adding ipsec ike closeaction +* :vytask:`1803` Unbind NTP while it's not requested... +* :vytask:`1821` "authentication mode radius" has no effect for PPPoE server +* :vytask:`1827` Increase default gc_thresh +* :vytask:`1828` Missing completion helper for "set system syslog host 192.0.2.1 facility all protocol" +* :vytask:`1832` radvd adding feature DNSSL branch.example.com example.com to existing package +* :vytask:`1837` PPPoE unrecognized option 'replacedefaultroute' +* :vytask:`1851` wireguard - changing the pubkey on an existing peer seems to destroy the running config. +* :vytask:`1858` l2tp: Delete depricated outside-nexthop and add gateway-address +* :vytask:`1864` Lower IPSec DPD timeout lower limit from 10s -> 2s +* :vytask:`1879` Extend Dynamic DNS XML definition value help strings and validators +* :vytask:`1881` Execute permissions are removed from custom SNMP scripts at commit time +* :vytask:`1884` Keeping VRRP transition-script native behaviour and adding stop-script +* :vytask:`1891` Router announcements broken on boot +* :vytask:`1900` Enable SNMP for VRRP. +* :vytask:`1902` Add redistribute non main table in bgp +* :vytask:`1909` Incorrect behaviour of static routes with overlapping networks +* :vytask:`1913` "system ipv6 blacklist" command has no effect +* :vytask:`1914` IPv6 multipath hash policy does not apply +* :vytask:`1917` Update WireGuard to Debian release 0.0.20191219-1 +* :vytask:`1934` Change default hostname when deploy from OVA without params. +* :vytask:`1935` NIC identification and usage problem in Hyper-V environments +* :vytask:`1936` pppoe-server CLI control features +* :vytask:`1964` SNMP Script-extensions allows names with spaces, but commit fails +* :vytask:`1967` BGP parameter "enforce-first-as" does not work anymore +* :vytask:`1970` Correct adding interfaces on boot +* :vytask:`1971` Missing modules in initrd.img for PXE boot +* :vytask:`1998` Update FRR to 7.3 +* :vytask:`2001` Error when router reboot +* :vytask:`2032` Monitor bandwidth bits +* :vytask:`2059` Set source-validation on bond vif don't work +* :vytask:`2066` PPPoE interface can be created multiple times - last wins +* :vytask:`2069` PPPoE-client does not works with service-name option +* :vytask:`2077` ISO build from crux branch is failing +* :vytask:`2079` Update Linux Kernel to v4.19.106 +* :vytask:`2087` Add maxfail 0 option to pppoe configuration. +* :vytask:`2100` BGP route adverisement wih checks rib +* :vytask:`2120` "reset vpn ipsec-peer" doesn't work with named peers +* :vytask:`2197` Cant add vif-s interface into a bridge +* :vytask:`2228` WireGuard does not allow ports < 1024 to be used +* :vytask:`2252` HTTP API add system image can return '504 Gateway Time-out' +* :vytask:`2272` Set system flow-accounting disable-imt has syntax error +* :vytask:`2276` PPPoE server vulnerability
\ No newline at end of file diff --git a/docs/changelog/1.2.6.rst b/docs/changelog/1.2.6.rst new file mode 100644 index 00000000..9c048f58 --- /dev/null +++ b/docs/changelog/1.2.6.rst @@ -0,0 +1,106 @@ +1.2.6-S1 +======== + +1.2.6-S1 is a security release release made in September 2020. + +Resolved issues +--------------- + +VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It's a low- +impact vulnerability in the PowerDNS recursor that allows an attacker to cause +performance degradation via a specially crafted authoritative DNS server reply. + +* :vytask:`2899` remote syslog server migration error on update + +1.2.6 +===== + +1.2.6 is a maintenance release made in September 2020. + +Resolved issues +--------------- + +* :vytask:`103` DHCP server prepends shared network name to hostnames +* :vytask:`125` Missing PPPoE interfaces in l2tp configuration +* :vytask:`1194` cronjob is being setup even if not saved +* :vytask:`1205` module pcspkr missing +* :vytask:`1219` Redundant active-active configuration, asymmetric routing and +  conntrack-sync cache +* :vytask:`1220` Show transceiver information from plugin modules, e.g SFP+, +  QSFP +* :vytask:`1221` BGP - Default route injection is not processed by the specific +  route-map +* :vytask:`1241` Remove of policy route throws CLI error +* :vytask:`1291` Under certain conditions the VTI will stay forever down +* :vytask:`1463` Missing command `show ip bgp scan` appears in command +  completion +* :vytask:`1575` `show snmp mib ifmib` crashes with IndexError +* :vytask:`1699` Default net.ipv6.route.max_size 32768 is too low +* :vytask:`1729` PIM (Protocol Independent Multicast) implementation +* :vytask:`1901` Semicolon in values is interpreted as a part of the shell +  command by validators +* :vytask:`1934` Change default hostname when deploy from OVA without params. +* :vytask:`1938` syslog doesn't start automatically +* :vytask:`1949` Multihop IPv6 BFD is unconfigurable +* :vytask:`1953` DDNS service name validation rejects valid service names +* :vytask:`1956` PPPoE server: support PADO-delay +* :vytask:`1973` Allow route-map to match on BGP local preference value +* :vytask:`1974` Allow route-map to set administrative distance +* :vytask:`1982` Increase rotation for atop.acct +* :vytask:`1983` Expose route-map when BGP routes are programmed in to FIB +* :vytask:`1985` pppoe: Enable ipv6 modules without configured ipv6 pools +* :vytask:`2000` strongSwan does not install routes to table 220 in certain +  cases +* :vytask:`2021` OSPFv3 doesn't support decimal area syntax +* :vytask:`2062` Wrong dhcp-server static route subnet bytes +* :vytask:`2091` swanctl.conf file is not generated properly is more than one +  IPsec profile is used +* :vytask:`2131` Improve syslog remote host CLI definition +* :vytask:`2224` Update Linux Kernel to v4.19.114 +* :vytask:`2286` IPoE server vulnerability +* :vytask:`2303` Unable to delete the image version that came from OVA +* :vytask:`2305` Add release name to "show version" command +* :vytask:`2311` Statically configured name servers may not take precedence +  over ones from DHCP +* :vytask:`2327` Unable to create syslog server entry with different port +* :vytask:`2332` Backport node option for a syslog server +* :vytask:`2342` Bridge l2tpv3 + ethX errors +* :vytask:`2344` PPPoE server client static IP assignment silently fails +* :vytask:`2385` salt-minion: improve completion helpers +* :vytask:`2389` BGP community-list unknown command +* :vytask:`2398` op-mode "dhcp client leases interface" completion helper +  misses interfaces +* :vytask:`2402` Live ISO should warn when configuring that changes won't +  persist +* :vytask:`2443` NHRP: Add debugging information to syslog +* :vytask:`2448` `monitor protocol bgp` subcommands fail with 'command +  incomplete' +* :vytask:`2458` Update FRR to 7.3.1 +* :vytask:`2476` Bond member description change leads to network outage +* :vytask:`2478` login radius: use NAS-IP-Address if defined source address +* :vytask:`2482` Update PowerDNS recursor to 4.3.1 for CVE-2020-10995 +* :vytask:`2517` vyos-container: link_filter: No such file or directory +* :vytask:`2526` Wake-On-Lan CLI implementation +* :vytask:`2528` "update dns dynamic" throws FileNotFoundError excepton +* :vytask:`2536` "show log dns forwarding" still refers to dnsmasq +* :vytask:`2538` Update Intel NIC drivers to recent release (preparation for +  Kernel >=5.4) +* :vytask:`2545` Show physical device offloading capabilities for specified +  ethernet interface +* :vytask:`2563` Wrong interface binding for Dell VEP 1445 +* :vytask:`2605` SNMP service is not disabled by default +* :vytask:`2625` Provide generic Library for package builds +* :vytask:`2686` FRR: BGP: large-community configuration is not applied +  properly after upgrading FRR to 7.3.x series +* :vytask:`2701` `vpn ipsec pfs enable` doesn't work with IKE groups +* :vytask:`2728` Protocol option ignored for IPSec peers in transport mode +* :vytask:`2734` WireGuard: fwmark CLI definition is inconsistent +* :vytask:`2757` "show system image version" contains additional new-line +  character breaking output +* :vytask:`2797` Update Linux Kernel to v4.19.139 +* :vytask:`2822` Update Linux Kernel to v4.19.141 +* :vytask:`2829` PPPoE server: mppe setting is implemented as node instead of +  leafNode +* :vytask:`2831` Update Linux Kernel to v4.19.142 +* :vytask:`2852` rename dynamic dns interface breaks ddclient.cache permissions +* :vytask:`2853` Intel QAT acceleration does not work
\ No newline at end of file diff --git a/docs/changelog/index.rst b/docs/changelog/index.rst new file mode 100644 index 00000000..ae964145 --- /dev/null +++ b/docs/changelog/index.rst @@ -0,0 +1,18 @@ +.. _release-notes: + + +######### +Changelog +######### + + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   1.2.6 +   1.2.5 +   1.2.4 +   1.2.3 +   1.2.2 +   1.2.1 diff --git a/docs/cli.rst b/docs/cli.rst index 4694cc5d..7964c490 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -1,19 +1,18 @@  .. _cli: -### -CLI -### +##################### +Comand Line Interface +#####################  The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a  configuration mode.  Operational Mode -================ +################  Operational mode allows for commands to perform operational system tasks and  view system and service status, while configuration mode allows for the -modification of system configuration. The list of all operational level commands -is available at :ref:`operational_level_commands`. +modification of system configuration.  The CLI provides a built-in help system. In the CLI the ``?`` key may be used  to display available commands. The ``TAB`` key can be used to auto-complete @@ -73,10 +72,7 @@ When viewing in page mode the following commands are available:     in the event that the output has lines which exceed the terminal size.  Configuration Mode -================== - -The list of all operational level commands is available at -:ref:`configuration_level_commands`. +##################  To enter configuration mode use the ``configure`` command: @@ -97,3 +93,737 @@ To enter configuration mode use the ``configure`` command:  See the configuration section of this document for more information on  configuration mode. + + +.. _configuration-overview: + +###################### +Configuration Overview +###################### + +VyOS makes use of a unified configuration file for the entire system's +configuration: ``/config/config.boot``. This allows easy template +creation, backup, and replication of system configuration. A system can +thus also be easily cloned by simply copying the required configuration +files. + +Terminology +########### + +live +A VyOS system has three major types of configurations: + +* **Active** or **running configuration** is the system configuration +  that is loaded  and currently active (used by VyOS). Any change in +  the configuration will have to be committed to belong to the +  active/running configuration. + +* **Working configuration** is the one that is currently being modified +  in configuration mode. Changes made to the working configuration do +  not go into effect until the changes are committed with the +  :cfgcmd:`commit` command. At which time the working configuration will +  become the active or running configuration. + +* **Saved configuration** is the one saved to a file using the +  :cfgcmd:`save` command. It allows you to keep safe a configuration for +  future uses. There can be multiple configuration files. The default or +  "boot" configuration is saved and loaded from the file +  ``/config/config.boot``. + +Seeing and navigating the configuration +======================================= + +.. opcmd:: show configuration + +   View the current active configuration, also known as the running +   configuration, from the operational mode. + +   .. code-block:: none + +     vyos@vyos:~$ show configuration +     interfaces { +         ethernet eth0 { +             address dhcp +             hw-id 00:53:00:00:aa:01 +         } +         loopback lo { +         } +     } +     service { +         ssh { +             port 22 +         } +     } +     system { +         config-management { +             commit-revisions 20 +         } +         console { +             device ttyS0 { +                 speed 9600 +             } +         } +         login { +             user vyos { +                 authentication { +                     encrypted-password **************** +                 } +                 level admin +             } +         } +         ntp { +             server 0.pool.ntp.org { +             } +             server 1.pool.ntp.org { +             } +             server 2.pool.ntp.org { +             } +         } +         syslog { +             global { +                 facility all { +                     level notice +                 } +                 facility protocols { +                     level debug +                 } +             } +         } +     } + +By default, the configuration is displayed in a hierarchy like the above +example, this is only one of the possible ways to display the +configuration. When the configuration is generated and the device is +configured, changes are added through a collection of :cfgcmd:`set` and +:cfgcmd:`delete` commands. + +.. opcmd:: show configuration commands + +   Get a collection of all the set commands required which led to the +   running configuration. + +   .. code-block:: none + +     vyos@vyos:~$ show configuration commands +     set interfaces ethernet eth0 address 'dhcp' +     set interfaces ethernet eth0 hw-id '00:53:dd:44:3b:0f' +     set interfaces loopback 'lo' +     set service ssh port '22' +     set system config-management commit-revisions '20' +     set system console device ttyS0 speed '9600' +     set system login user vyos authentication encrypted-password '$6$Vt68...QzF0' +     set system login user vyos level 'admin' +     set system ntp server '0.pool.ntp.org' +     set system ntp server '1.pool.ntp.org' +     set system ntp server '2.pool.ntp.org' +     set system syslog global facility all level 'notice' +     set system syslog global facility protocols level 'debug' + +Both these ``show`` commands should be executed when in operational +mode, they do not work directly in configuration mode. There is a +special way on how to :ref:`run_opmode_from_config_mode`. + +.. hint:: Use the ``show configuration commands | strip-private`` +   command when you want to hide private data. You may want to do so if +   you want to share your configuration on the `forum`_. + +.. _`forum`: https://forum.vyos.io + + +The config mode +--------------- + +When entering the configuration mode you are navigating inside a tree +structure, to enter configuration mode enter the command +:opcmd:`configure` when in operational mode. + +.. code-block:: none + +  vyos@vyos$ configure +  [edit] +  vyos@vyos# + + +.. note:: When going into configuration mode, prompt changes from +   ``$`` to ``#``. + + +All commands executed here are relative to the configuration level you +have entered. You can do everything from the top level, but commands +will be quite lengthy when manually typing them. + +The current hierarchy level can be changed by the :cfgcmd:`edit` +command. + +.. code-block:: none + +  [edit] +  vyos@vyos# edit interfaces ethernet eth0 + +  [edit interfaces ethernet eth0] +  vyos@vyos# + +You are now in a sublevel relative to ``interfaces ethernet eth0``, all +commands executed from this point on are relative to this sublevel. Use +eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top +of the hierarchy. You can also use the :cfgcmd:`up` command to move only +one level up at a time. + +.. cfgcmd:: show + +The :cfgcmd:`show` command within configuration mode will show the +working configuration indicating line changes with ``+`` for additions, +``>`` for replacements and ``-`` for deletions. + +**Example:** + +.. code-block:: none + + vyos@vyos:~$ configure + [edit] + vyos@vyos# show interfaces +  ethernet eth0 { +      description MY_OLD_DESCRIPTION +      disable +      hw-id 00:53:dd:44:3b:03 +  } +  loopback lo { +  } + [edit] + vyos@vyos# set interfaces ethernet eth0 address dhcp + [edit] + vyos@vyos# set interfaces ethernet eth0 description MY_NEW_DESCRIPTION + [edit] + vyos@vyos# delete interfaces ethernet eth0 disable + [edit] + vyos@vyos# show interfaces +  ethernet eth0 { + +    address dhcp + >    description MY_NEW_DESCRIPTION + -    disable +      hw-id 00:53:dd:44:3b:03 +  } +  loopback lo { +  } + +It is also possible to display all `set` commands within configuration +mode using :cfgcmd:`show | commands` + +.. code-block:: none + +  vyos@vyos# show interfaces ethernet eth0 | commands +  set address dhcp +  set hw-id 00:53:ad:44:3b:03 + +These commands are also relative to the level you are inside and only  +relevant configuration blocks will be displayed when entering a +sub-level. + +.. code-block:: none + +  [edit interfaces ethernet eth0] +  vyos@vyos# show +   address dhcp +   hw-id 00:53:ad:44:3b:03 + +Exiting from the configuration mode is done via the :cfgcmd:`exit` +command from the top level, executing :cfgcmd:`exit` from within a +sub-level takes you back to the top level. + +.. code-block:: none + +  [edit interfaces ethernet eth0] +  vyos@vyos# exit +  [edit] +  vyos@vyos# exit +  Warning: configuration changes have not been saved. + + +Editing the configuration +========================= + +The configuration can be edited by the use of :cfgcmd:`set` and +:cfgcmd:`delete` commands from within configuration mode. + +.. cfgcmd:: set + +   Use this command to set the value of a parameter or to create a new +   element. + +Configuration commands are flattened from the tree into 'one-liner' +commands shown in :opcmd:`show configuration commands` from operation +mode. Commands are relative to the level where they are executed and all +redundant information from the current level is removed from the command +entered. + +.. code-block:: none + +  [edit] +  vyos@vyos# set interface ethernet eth0 address 192.0.2.100/24 + + +.. code-block:: none + +  [edit interfaces ethernet eth0] +  vyos@vyos# set address 203.0.113.6/24 + + +These two commands above are essentially the same, just executed from +different levels in the hierarchy. + +.. cfgcmd:: delete + +   To delete a configuration entry use the :cfgcmd:`delete` command, +   this also deletes all sub-levels under the current level you've +   specified in the :cfgcmd:`delete` command. Deleting an entry will +   also result in the element reverting back to its default value if one +   exists. + +   .. code-block:: none + +     [edit interfaces ethernet eth0] +     vyos@vyos# delete address 192.0.2.100/24 + +.. cfgcmd:: commit + +  Any change you do on the configuration, will not take effect until +  committed using the :cfgcmd:`commit` command in configuration mode. + +  .. code-block:: none + +    vyos@vyos# commit +    [edit] +    vyos@vyos# exit +    Warning: configuration changes have not been saved. +    vyos@vyos:~$ + +.. _save: + +.. cfgcmd:: save + +   Use this command to preserve configuration changes upon reboot. By +   default it is stored at */config/config.boot*. In the case you want +   to store the configuration file somewhere else, you can add a local +   path, an SCP address, an FTP address or a TFTP address.  + +   .. code-block:: none + +     vyos@vyos# save +     Saving configuration to '/config/config.boot'... +     Done + +   .. code-block:: none + +     vyos@vyos# save [tab] +     Possible completions: +       <Enter>       Save to system config file +       <file>        Save to file on local machine +       scp://<user>:<passwd>@<host>:/<file> Save to file on remote machine +       ftp://<user>:<passwd>@<host>/<file> Save to file on remote machine +       tftp://<host>/<file>      Save to file on remote machine +     vyos@vyos# save tftp://192.168.0.100/vyos-test.config.boot +     Saving configuration to 'tftp://192.168.0.100/vyos-test.config.boot'... +     ######################################################################## 100.0% +     Done + +.. cfgcmd:: exit [discard] + +   Configuration mode can not be exited while uncommitted changes exist. +   To exit configuration mode without applying changes, the +   :cfgcmd:`exit discard` command must be used. + +   All changes in the working config will thus be lost. + +   .. code-block:: none + +     vyos@vyos# exit +     Cannot exit: configuration modified. +     Use 'exit discard' to discard the changes and exit. +     [edit] +     vyos@vyos# exit discard + + +.. cfgcmd:: commit-confirm <minutes> + +   Use this command to temporarily commit your changes and set the +   number of minutes available for validation. ``confirm`` must +   be entered within those minutes, otherwise the system will reboot +   into the previous configuration. The default value is 10 minutes. + + +   What if you are doing something dangerous? Suppose you want to setup +   a firewall, and you are not sure there are no mistakes that will lock +   you out of your system. You can use confirmed commit. If you issue +   the ``commit-confirm`` command, your changes will be commited, and if +   you don't issue issue the ``confirm`` command in 10 minutes, your +   system will reboot into previous config revision. + +   .. code-block:: none +    +      vyos@router# set interfaces ethernet eth0 firewall local name FromWorld +      vyos@router# commit-confirm  +      commit confirm will be automatically reboot in 10 minutes unless confirmed +      Proceed? [confirm]y +      [edit] +      vyos@router# confirm  +      [edit] + + +   .. note:: A reboot because you did not enter ``confirm`` will not +      take you necessarily to the *saved configuration*, but to the +      point before the unfortunate commit. + + +.. cfgcmd:: copy + +   Copy a configuration element. + +   You can copy and remove configuration subtrees. Suppose you set up a +   firewall ruleset ``FromWorld`` with one rule that allows traffic from +   specific subnet. Now you want to setup a similar rule, but for +   different subnet. Change your edit level to +   ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then +   modify rule 20. + + +   .. code-block:: none +    +      vyos@router# show firewall name FromWorld  +       default-action drop +       rule 10 { +           action accept +           source { +               address 203.0.113.0/24 +           } +       } +      [edit] +      vyos@router# edit firewall name FromWorld  +      [edit firewall name FromWorld] +      vyos@router# copy rule 10 to rule 20 +      [edit firewall name FromWorld] +      vyos@router# set rule 20 source address 198.51.100.0/24 +      [edit firewall name FromWorld] +      vyos@router# commit +      [edit firewall name FromWorld] + + +.. cfgcmd:: rename + +   Rename a configuration element. + +   You can also rename config subtrees: + +   .. code-block:: none +    +      vyos@router# rename rule 10 to rule 5 +      [edit firewall name FromWorld] +      vyos@router# commit +      [edit firewall name FromWorld] + +   Note that ``show`` command respects your edit level and from this +   level you can view the modified firewall ruleset with just ``show`` +   with no parameters. + +   .. code-block:: none +    +      vyos@router# show  +       default-action drop +       rule 5 { +           action accept +           source { +               address 203.0.113.0/24 +           } +       } +       rule 20 { +           action accept +           source { +               address 198.51.100.0/24 +           } +       } + + +.. cfgcmd:: comment <config node> "comment text" + +   Add comment as an annotation to a configuration node. + +   The ``comment`` command allows you to insert a comment above the +   ``<config node>`` configuration section. When shown, comments are +   enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments +   need to be commited, just like other config changes. + +   To remove an existing comment from your current configuration, +   specify an empty string enclosed in double quote marks (``""``) as +   the comment text. + +   Example: + +   .. code-block:: none + +     vyos@vyos# comment firewall all-ping "Yes I know this VyOS is cool" +     vyos@vyos# commit +     vyos@vyos# show +      firewall { +          /* Yes I know this VyOS is cool */ +          all-ping enable +          broadcast-ping disable +          ... +      } + +   .. note:: An important thing to note is that since the comment is +      added on top of the section, it will not appear if the ``show +      <section>`` command is used. With the above example, the `show +      firewall` command would return starting after the ``firewall +      {`` line, hiding the comment. + + + + +    + +.. _run_opmode_from_config_mode: + +Access opmode from config mode +============================== + +When inside configuration mode you are not directly able to execute +operational commands. + +.. cfgcmd:: run + +  Access to these commands are possible through the use of the +  ``run [command]`` command. From this command you will have access to +  everything accessible from operational mode. + +  Command completion and syntax help with ``?`` and ``[tab]`` will also +  work. + +  .. code-block:: none + +    [edit] +    vyos@vyos# run show interfaces +    Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down +    Interface        IP Address                        S/L  Description +    ---------        ----------                        ---  ----------- +    eth0             0.0.0.0/0                         u/u + +Managing configurations +======================= + +VyOS comes with an integrated versioning system for the system +configuration. It automatically maintains a backup of every previous +configuration which has been committed to the system. The configurations +are versioned locally for rollback but they can also be stored on a +remote host for archiving/backup reasons. + +Local Archive +------------- + +Revisions are stored on disk. You can view, compare and rollback them to +any previous revisions if something goes wrong. + +.. opcmd:: show system commit + +   View all existing revisions on the local system. + +   .. code-block:: none + +     vyos@vyos:~$ show system commit +     0   2015-03-30 08:53:03 by vyos via cli +     1   2015-03-30 08:52:20 by vyos via cli +     2   2015-03-26 21:26:01 by root via boot-config-loader +     3   2015-03-26 20:43:18 by root via boot-config-loader +     4   2015-03-25 11:06:14 by root via boot-config-loader +     5   2015-03-25 01:04:28 by root via boot-config-loader +     6   2015-03-25 00:16:47 by vyos via cli +     7   2015-03-24 23:43:45 by root via boot-config-loader + + +.. cfgcmd:: set system config-management commit-revisions <N> + +   You can specify the number of revisions stored on disk. N can be in +   the range of 0 - 65535. When the number of revisions exceeds the +   configured value, the oldest revision is removed. The default setting +   for this value is to store 100 revisions locally. + + +Compare configurations +---------------------- + +VyOS lets you compare different configurations. + +.. cfgcmd:: compare <saved | N> <M> + +   Use this command to spot what the differences are between different +   configurations. + +   .. code-block:: none + +     vyos@vyos# compare [tab] +     Possible completions: +       <Enter>	Compare working & active configurations +       saved		Compare working & saved configurations +       <N>		Compare working with revision N +       <N> <M>	Compare revision N with M +       Revisions: +         0	   2013-12-17 20:01:37 root by boot-config-loader +         1	   2013-12-13 15:59:31 root by boot-config-loader +         2	   2013-12-12 21:56:22 vyos by cli +         3	   2013-12-12 21:55:11 vyos by cli +         4	   2013-12-12 21:27:54 vyos by cli +         5	   2013-12-12 21:23:29 vyos by cli +         6	   2013-12-12 21:13:59 root by boot-config-loader +         7	   2013-12-12 16:25:19 vyos by cli +         8	   2013-12-12 15:44:36 vyos by cli +         9	   2013-12-12 15:42:07 root by boot-config-loader +         10   2013-12-12 15:42:06 root by init + +   The command :cfgcmd:`compare` allows you to compare different type of +   configurations. It also lets you compare different revisions through +   the :cfgcmd:`compare N M` command, where N and M are revision +   numbers. The output will describe how the configuration N is when +   compared to M indicating with a plus sign (``+``) the additional +   parts N has when compared to M, and indicating with a minus sign +   (``-``) the lacking parts N misses when compared to M. + +   .. code-block:: none + +     vyos@vyos# compare 0 6 +     [edit interfaces] +     +dummy dum1 { +     +    address 10.189.0.1/31 +     +} +     [edit interfaces ethernet eth0] +     +vif 99 { +     +    address 10.199.0.1/31 +     +} +     -vif 900 { +     -    address 192.0.2.4/24 +     -} + + +.. opcmd:: show system commit diff <number> + +   Show commit revision difference. + + +The command above also lets you see the difference between two commits. +By default the difference with the running config is shown. + +.. code-block:: none + +   vyos@router# run show system commit diff 4 +   [edit system] +   +ipv6 { +   +    disable-forwarding +   +} + +This means four commits ago we did ``set system ipv6 disable-forwarding``. + + +Rollback Changes +---------------- + +You can rollback configuration changes using the rollback command. This +will apply the selected revision and trigger a system reboot. + +.. cfgcmd:: rollback <N> + +   Rollback to revision N (currently requires reboot) + +   .. code-block:: none + +     vyos@vyos# compare 1 +     [edit system] +     >host-name vyos-1 +     [edit] + +     vyos@vyos# rollback 1 +     Proceed with reboot? [confirm][y] +     Broadcast message from root@vyos-1 (pts/0) (Tue Dec 17 21:07:45 2013): +     The system is going down for reboot NOW! + +Remote Archive +-------------- + +VyOS can upload the configuration to a remote location after each call +to :cfgcmd:`commit`. You will have to set the commit-archive location. +TFTP, FTP, SCP and SFTP servers are supported. Every time a +:cfgcmd:`commit` is successfull the ``config.boot`` file will be copied +to the defined destination(s). The filename used on the remote host will +be ``config.boot-hostname.YYYYMMDD_HHMMSS``.  + +.. cfgcmd:: set system config-management commit-archive location <URI> + +   Specify remote location of commit archive as any of the below +   :abbr:`URI (Uniform Resource Identifier)` + +   * ``scp://<user>:<passwd>@<host>:/<dir>`` +   * ``sftp://<user>:<passwd>@<host>/<dir>`` +   * ``ftp://<user>:<passwd>@<host>/<dir>`` +   * ``tftp://<host>/<dir>`` + +.. note:: The number of revisions don't affect the commit-archive. + +.. note:: You may find VyOS not allowing the secure connection because +   it cannot verify the legitimacy of the remote server. You can use +   the workaround below to quickly add the remote host's SSH +   fingerprint to your ``~/.ssh/known_hosts`` file: + +   .. code-block:: none + +     vyos@vyos# ssh-keyscan <host> >> ~/.ssh/known_hosts + +Saving and loading manually +--------------------------- + +You can use the ``save`` and ``load`` commands if you want to manually +manage specific configuration files. + +When using the save_ command, you can add a specific location where +to store your configuration file. And, when needed it, you will be able +to load it with the ``load`` command: + +.. cfgcmd:: load <URI> + +   Use this command to load a configuration which will replace the +   running configuration. Define the location of the configuration file +   to be loaded. You can use a path to a local file, an SCP address, an +   SFTP address, an FTP address, an HTTP address, an HTTPS address or a +   TFTP address. + +  .. code-block:: none + +     vyos@vyos# load  +     Possible completions: +       <Enter>				        Load from system config file +       <file>			        	Load from file on local machine +       scp://<user>:<passwd>@<host>:/<file>	Load from file on remote machine +       sftp://<user>:<passwd>@<host>/<file>	Load from file on remote machine +       ftp://<user>:<passwd>@<host>/<file>	Load from file on remote machine +       http://<host>/<file>			Load from file on remote machine +       https://<host>/<file>			Load from file on remote machine +       tftp://<host>/<file>			Load from file on remote machine +      + + +Restore Default +--------------- + +In the case you want to completely delete your configuration and restore +the default one, you can enter the following command in configuration +mode: + +.. code-block:: none + +  load /opt/vyatta/etc/config.boot.default + +You will be asked if you want to continue. If you accept, you will have +to use :cfgcmd:`commit` if you want to make the changes active. + +Then you may want to :cfgcmd:`save` in order to delete the saved +configuration too. + +.. note:: If you are remotely connected, you will lose your connection. +   You may want to copy first the config, edit it to ensure +   connectivity, and load the edited config. + diff --git a/docs/command-list-configuration.rst b/docs/command-list-configuration.rst deleted file mode 100644 index 7b981518..00000000 --- a/docs/command-list-configuration.rst +++ /dev/null @@ -1,7 +0,0 @@ -.. _configuration_level_commands: - -******************************** -Configuration Level Command List -******************************** - -.. cfgcmdlist:: diff --git a/docs/command-list-operation.rst b/docs/command-list-operation.rst deleted file mode 100644 index bbb0298c..00000000 --- a/docs/command-list-operation.rst +++ /dev/null @@ -1,7 +0,0 @@ -.. _operational_level_commands: - -****************************** -Operational Level Command List -****************************** - -.. opcmdlist:: diff --git a/docs/conf.py b/docs/conf.py index bb32aa33..4bb2da3c 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -26,10 +26,10 @@ copyright = u'2020, VyOS maintainers and contributors'  author = u'VyOS maintainers and contributors'  # The short X.Y version -version = u'1.3' +version = u'1.4'  # The full version, including alpha/beta/rc tags -release = u'1.3.x (equuleus)' +release = u'1.4.x (sagitta)'  # -- General configuration --------------------------------------------------- @@ -70,7 +70,7 @@ language = None  # List of patterns, relative to source directory, that match files and  # directories to ignore when looking for source files.  # This pattern also affects html_static_path and html_extra_path . -exclude_patterns = [u'_build', 'Thumbs.db', '.DS_Store'] +exclude_patterns = [u'_build', 'Thumbs.db', '.DS_Store', '_include/vyos-1x']  # The name of the Pygments (syntax highlighting) style to use.  pygments_style = 'sphinx' diff --git a/docs/appendix/examples/azure-vpn-bgp.rst b/docs/configexamples/azure-vpn-bgp.rst index 176e0ae0..176e0ae0 100644 --- a/docs/appendix/examples/azure-vpn-bgp.rst +++ b/docs/configexamples/azure-vpn-bgp.rst diff --git a/docs/appendix/examples/azure-vpn-dual-bgp.rst b/docs/configexamples/azure-vpn-dual-bgp.rst index 13d4b5a2..13d4b5a2 100644 --- a/docs/appendix/examples/azure-vpn-dual-bgp.rst +++ b/docs/configexamples/azure-vpn-dual-bgp.rst diff --git a/docs/appendix/examples/bgp-ipv6-unnumbered.rst b/docs/configexamples/bgp-ipv6-unnumbered.rst index ccc1f69a..ccc1f69a 100644 --- a/docs/appendix/examples/bgp-ipv6-unnumbered.rst +++ b/docs/configexamples/bgp-ipv6-unnumbered.rst diff --git a/docs/appendix/examples/dhcp-relay-through-gre-bridge.rst b/docs/configexamples/dhcp-relay-through-gre-bridge.rst index f94eb67f..f94eb67f 100644 --- a/docs/appendix/examples/dhcp-relay-through-gre-bridge.rst +++ b/docs/configexamples/dhcp-relay-through-gre-bridge.rst diff --git a/docs/appendix/examples/ha.rst b/docs/configexamples/ha.rst index 702cb2b2..702cb2b2 100644 --- a/docs/appendix/examples/ha.rst +++ b/docs/configexamples/ha.rst diff --git a/docs/appendix/examples/index.rst b/docs/configexamples/index.rst index b2f7bfde..b2f7bfde 100644 --- a/docs/appendix/examples/index.rst +++ b/docs/configexamples/index.rst diff --git a/docs/appendix/examples/ospf-unnumbered.rst b/docs/configexamples/ospf-unnumbered.rst index 39f8f69a..39f8f69a 100644 --- a/docs/appendix/examples/ospf-unnumbered.rst +++ b/docs/configexamples/ospf-unnumbered.rst diff --git a/docs/appendix/examples/tunnelbroker-ipv6.rst b/docs/configexamples/tunnelbroker-ipv6.rst index 868b225f..868b225f 100644 --- a/docs/appendix/examples/tunnelbroker-ipv6.rst +++ b/docs/configexamples/tunnelbroker-ipv6.rst diff --git a/docs/appendix/examples/wan-load-balancing.rst b/docs/configexamples/wan-load-balancing.rst index 7093defe..7093defe 100644 --- a/docs/appendix/examples/wan-load-balancing.rst +++ b/docs/configexamples/wan-load-balancing.rst diff --git a/docs/appendix/examples/zone-policy.rst b/docs/configexamples/zone-policy.rst index bfe77c2e..bfe77c2e 100644 --- a/docs/appendix/examples/zone-policy.rst +++ b/docs/configexamples/zone-policy.rst diff --git a/docs/configuration-overview.rst b/docs/configuration-overview.rst deleted file mode 100644 index 5658cdbb..00000000 --- a/docs/configuration-overview.rst +++ /dev/null @@ -1,730 +0,0 @@ -.. _configuration-overview: - -###################### -Configuration Overview -###################### - -VyOS makes use of a unified configuration file for the entire system's -configuration: ``/config/config.boot``. This allows easy template -creation, backup, and replication of system configuration. A system can -thus also be easily cloned by simply copying the required configuration -files. - -Terminology -=========== -live -A VyOS system has three major types of configurations: - -* **Active** or **running configuration** is the system configuration -  that is loaded  and currently active (used by VyOS). Any change in -  the configuration will have to be committed to belong to the -  active/running configuration. - -* **Working configuration** is the one that is currently being modified -  in configuration mode. Changes made to the working configuration do -  not go into effect until the changes are committed with the -  :cfgcmd:`commit` command. At which time the working configuration will -  become the active or running configuration. - -* **Saved configuration** is the one saved to a file using the -  :cfgcmd:`save` command. It allows you to keep safe a configuration for -  future uses. There can be multiple configuration files. The default or -  "boot" configuration is saved and loaded from the file -  ``/config/config.boot``. - -Seeing and navigating the configuration -======================================= - -.. opcmd:: show configuration - -   View the current active configuration, also known as the running -   configuration, from the operational mode. - -   .. code-block:: none - -     vyos@vyos:~$ show configuration -     interfaces { -         ethernet eth0 { -             address dhcp -             hw-id 00:53:00:00:aa:01 -         } -         loopback lo { -         } -     } -     service { -         ssh { -             port 22 -         } -     } -     system { -         config-management { -             commit-revisions 20 -         } -         console { -             device ttyS0 { -                 speed 9600 -             } -         } -         login { -             user vyos { -                 authentication { -                     encrypted-password **************** -                 } -                 level admin -             } -         } -         ntp { -             server 0.pool.ntp.org { -             } -             server 1.pool.ntp.org { -             } -             server 2.pool.ntp.org { -             } -         } -         syslog { -             global { -                 facility all { -                     level notice -                 } -                 facility protocols { -                     level debug -                 } -             } -         } -     } - -By default, the configuration is displayed in a hierarchy like the above -example, this is only one of the possible ways to display the -configuration. When the configuration is generated and the device is -configured, changes are added through a collection of :cfgcmd:`set` and -:cfgcmd:`delete` commands. - -.. opcmd:: show configuration commands - -   Get a collection of all the set commands required which led to the -   running configuration. - -   .. code-block:: none - -     vyos@vyos:~$ show configuration commands -     set interfaces ethernet eth0 address 'dhcp' -     set interfaces ethernet eth0 hw-id '00:53:dd:44:3b:0f' -     set interfaces loopback 'lo' -     set service ssh port '22' -     set system config-management commit-revisions '20' -     set system console device ttyS0 speed '9600' -     set system login user vyos authentication encrypted-password '$6$Vt68...QzF0' -     set system login user vyos level 'admin' -     set system ntp server '0.pool.ntp.org' -     set system ntp server '1.pool.ntp.org' -     set system ntp server '2.pool.ntp.org' -     set system syslog global facility all level 'notice' -     set system syslog global facility protocols level 'debug' - -Both these ``show`` commands should be executed when in operational -mode, they do not work directly in configuration mode. There is a -special way on how to :ref:`run_opmode_from_config_mode`. - -.. hint:: Use the ``show configuration commands | strip-private`` -   command when you want to hide private data. You may want to do so if -   you want to share your configuration on the `forum`_. - -.. _`forum`: https://forum.vyos.io - - -The config mode ---------------- - -When entering the configuration mode you are navigating inside a tree -structure, to enter configuration mode enter the command -:opcmd:`configure` when in operational mode. - -.. code-block:: none - -  vyos@vyos$ configure -  [edit] -  vyos@vyos# - - -.. note:: When going into configuration mode, prompt changes from -   ``$`` to ``#``. - - -All commands executed here are relative to the configuration level you -have entered. You can do everything from the top level, but commands -will be quite lengthy when manually typing them. - -The current hierarchy level can be changed by the :cfgcmd:`edit` -command. - -.. code-block:: none - -  [edit] -  vyos@vyos# edit interfaces ethernet eth0 - -  [edit interfaces ethernet eth0] -  vyos@vyos# - -You are now in a sublevel relative to ``interfaces ethernet eth0``, all -commands executed from this point on are relative to this sublevel. Use -eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top -of the hierarchy. You can also use the :cfgcmd:`up` command to move only -one level up at a time. - -.. cfgcmd:: show - -The :cfgcmd:`show` command within configuration mode will show the -working configuration indicating line changes with ``+`` for additions, -``>`` for replacements and ``-`` for deletions. - -**Example:** - -.. code-block:: none - - vyos@vyos:~$ configure - [edit] - vyos@vyos# show interfaces -  ethernet eth0 { -      description MY_OLD_DESCRIPTION -      disable -      hw-id 00:53:dd:44:3b:03 -  } -  loopback lo { -  } - [edit] - vyos@vyos# set interfaces ethernet eth0 address dhcp - [edit] - vyos@vyos# set interfaces ethernet eth0 description MY_NEW_DESCRIPTION - [edit] - vyos@vyos# delete interfaces ethernet eth0 disable - [edit] - vyos@vyos# show interfaces -  ethernet eth0 { - +    address dhcp - >    description MY_NEW_DESCRIPTION - -    disable -      hw-id 00:53:dd:44:3b:03 -  } -  loopback lo { -  } - -It is also possible to display all `set` commands within configuration -mode using :cfgcmd:`show | commands` - -.. code-block:: none - -  vyos@vyos# show interfaces ethernet eth0 | commands -  set address dhcp -  set hw-id 00:53:ad:44:3b:03 - -These commands are also relative to the level you are inside and only  -relevant configuration blocks will be displayed when entering a -sub-level. - -.. code-block:: none - -  [edit interfaces ethernet eth0] -  vyos@vyos# show -   address dhcp -   hw-id 00:53:ad:44:3b:03 - -Exiting from the configuration mode is done via the :cfgcmd:`exit` -command from the top level, executing :cfgcmd:`exit` from within a -sub-level takes you back to the top level. - -.. code-block:: none - -  [edit interfaces ethernet eth0] -  vyos@vyos# exit -  [edit] -  vyos@vyos# exit -  Warning: configuration changes have not been saved. - - -Editing the configuration -========================= - -The configuration can be edited by the use of :cfgcmd:`set` and -:cfgcmd:`delete` commands from within configuration mode. - -.. cfgcmd:: set - -   Use this command to set the value of a parameter or to create a new -   element. - -Configuration commands are flattened from the tree into 'one-liner' -commands shown in :opcmd:`show configuration commands` from operation -mode. Commands are relative to the level where they are executed and all -redundant information from the current level is removed from the command -entered. - -.. code-block:: none - -  [edit] -  vyos@vyos# set interface ethernet eth0 address 192.0.2.100/24 - - -.. code-block:: none - -  [edit interfaces ethernet eth0] -  vyos@vyos# set address 203.0.113.6/24 - - -These two commands above are essentially the same, just executed from -different levels in the hierarchy. - -.. cfgcmd:: delete - -   To delete a configuration entry use the :cfgcmd:`delete` command, -   this also deletes all sub-levels under the current level you've -   specified in the :cfgcmd:`delete` command. Deleting an entry will -   also result in the element reverting back to its default value if one -   exists. - -   .. code-block:: none - -     [edit interfaces ethernet eth0] -     vyos@vyos# delete address 192.0.2.100/24 - -.. cfgcmd:: commit - -  Any change you do on the configuration, will not take effect until -  committed using the :cfgcmd:`commit` command in configuration mode. - -  .. code-block:: none - -    vyos@vyos# commit -    [edit] -    vyos@vyos# exit -    Warning: configuration changes have not been saved. -    vyos@vyos:~$ - -.. _save: - -.. cfgcmd:: save - -   Use this command to preserve configuration changes upon reboot. By -   default it is stored at */config/config.boot*. In the case you want -   to store the configuration file somewhere else, you can add a local -   path, an SCP address, an FTP address or a TFTP address.  - -   .. code-block:: none - -     vyos@vyos# save -     Saving configuration to '/config/config.boot'... -     Done - -   .. code-block:: none - -     vyos@vyos# save [tab] -     Possible completions: -       <Enter>       Save to system config file -       <file>        Save to file on local machine -       scp://<user>:<passwd>@<host>:/<file> Save to file on remote machine -       ftp://<user>:<passwd>@<host>/<file> Save to file on remote machine -       tftp://<host>/<file>      Save to file on remote machine -     vyos@vyos# save tftp://192.168.0.100/vyos-test.config.boot -     Saving configuration to 'tftp://192.168.0.100/vyos-test.config.boot'... -     ######################################################################## 100.0% -     Done - -.. cfgcmd:: exit [discard] - -   Configuration mode can not be exited while uncommitted changes exist. -   To exit configuration mode without applying changes, the -   :cfgcmd:`exit discard` command must be used. - -   All changes in the working config will thus be lost. - -   .. code-block:: none - -     vyos@vyos# exit -     Cannot exit: configuration modified. -     Use 'exit discard' to discard the changes and exit. -     [edit] -     vyos@vyos# exit discard - - -.. cfgcmd:: commit-confirm <minutes> - -   Use this command to temporarily commit your changes and set the -   number of minutes available for validation. ``confirm`` must -   be entered within those minutes, otherwise the system will reboot -   into the previous configuration. The default value is 10 minutes. - - -   What if you are doing something dangerous? Suppose you want to setup -   a firewall, and you are not sure there are no mistakes that will lock -   you out of your system. You can use confirmed commit. If you issue -   the ``commit-confirm`` command, your changes will be commited, and if -   you don't issue issue the ``confirm`` command in 10 minutes, your -   system will reboot into previous config revision. - -   .. code-block:: none -    -      vyos@router# set interfaces ethernet eth0 firewall local name FromWorld -      vyos@router# commit-confirm  -      commit confirm will be automatically reboot in 10 minutes unless confirmed -      Proceed? [confirm]y -      [edit] -      vyos@router# confirm  -      [edit] - - -   .. note:: A reboot because you did not enter ``confirm`` will not -      take you necessarily to the *saved configuration*, but to the -      point before the unfortunate commit. - - -.. cfgcmd:: copy - -   Copy a configuration element. - -   You can copy and remove configuration subtrees. Suppose you set up a -   firewall ruleset ``FromWorld`` with one rule that allows traffic from -   specific subnet. Now you want to setup a similar rule, but for -   different subnet. Change your edit level to -   ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then -   modify rule 20. - - -   .. code-block:: none -    -      vyos@router# show firewall name FromWorld  -       default-action drop -       rule 10 { -           action accept -           source { -               address 203.0.113.0/24 -           } -       } -      [edit] -      vyos@router# edit firewall name FromWorld  -      [edit firewall name FromWorld] -      vyos@router# copy rule 10 to rule 20 -      [edit firewall name FromWorld] -      vyos@router# set rule 20 source address 198.51.100.0/24 -      [edit firewall name FromWorld] -      vyos@router# commit -      [edit firewall name FromWorld] - - -.. cfgcmd:: rename - -   Rename a configuration element. - -   You can also rename config subtrees: - -   .. code-block:: none -    -      vyos@router# rename rule 10 to rule 5 -      [edit firewall name FromWorld] -      vyos@router# commit -      [edit firewall name FromWorld] - -   Note that ``show`` command respects your edit level and from this -   level you can view the modified firewall ruleset with just ``show`` -   with no parameters. - -   .. code-block:: none -    -      vyos@router# show  -       default-action drop -       rule 5 { -           action accept -           source { -               address 203.0.113.0/24 -           } -       } -       rule 20 { -           action accept -           source { -               address 198.51.100.0/24 -           } -       } - - -.. cfgcmd:: comment <config node> "comment text" - -   Add comment as an annotation to a configuration node. - -   The ``comment`` command allows you to insert a comment above the -   ``<config node>`` configuration section. When shown, comments are -   enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments -   need to be commited, just like other config changes. - -   To remove an existing comment from your current configuration, -   specify an empty string enclosed in double quote marks (``""``) as -   the comment text. - -   Example: - -   .. code-block:: none - -     vyos@vyos# comment firewall all-ping "Yes I know this VyOS is cool" -     vyos@vyos# commit -     vyos@vyos# show -      firewall { -          /* Yes I know this VyOS is cool */ -          all-ping enable -          broadcast-ping disable -          ... -      } - -   .. note:: An important thing to note is that since the comment is -      added on top of the section, it will not appear if the ``show -      <section>`` command is used. With the above example, the `show -      firewall` command would return starting after the ``firewall -      {`` line, hiding the comment. - - - - -    - -.. _run_opmode_from_config_mode: - -Access opmode from config mode -============================== - -When inside configuration mode you are not directly able to execute -operational commands. - -.. cfgcmd:: run - -  Access to these commands are possible through the use of the -  ``run [command]`` command. From this command you will have access to -  everything accessible from operational mode. - -  Command completion and syntax help with ``?`` and ``[tab]`` will also -  work. - -  .. code-block:: none - -    [edit] -    vyos@vyos# run show interfaces -    Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down -    Interface        IP Address                        S/L  Description -    ---------        ----------                        ---  ----------- -    eth0             0.0.0.0/0                         u/u - -Managing configurations -======================= - -VyOS comes with an integrated versioning system for the system -configuration. It automatically maintains a backup of every previous -configuration which has been committed to the system. The configurations -are versioned locally for rollback but they can also be stored on a -remote host for archiving/backup reasons. - -Local Archive -------------- - -Revisions are stored on disk. You can view, compare and rollback them to -any previous revisions if something goes wrong. - -.. opcmd:: show system commit - -   View all existing revisions on the local system. - -   .. code-block:: none - -     vyos@vyos:~$ show system commit -     0   2015-03-30 08:53:03 by vyos via cli -     1   2015-03-30 08:52:20 by vyos via cli -     2   2015-03-26 21:26:01 by root via boot-config-loader -     3   2015-03-26 20:43:18 by root via boot-config-loader -     4   2015-03-25 11:06:14 by root via boot-config-loader -     5   2015-03-25 01:04:28 by root via boot-config-loader -     6   2015-03-25 00:16:47 by vyos via cli -     7   2015-03-24 23:43:45 by root via boot-config-loader - - -.. cfgcmd:: set system config-management commit-revisions <N> - -   You can specify the number of revisions stored on disk. N can be in -   the range of 0 - 65535. When the number of revisions exceeds the -   configured value, the oldest revision is removed. The default setting -   for this value is to store 100 revisions locally. - - -Compare configurations ----------------------- - -VyOS lets you compare different configurations. - -.. cfgcmd:: compare <saved | N> <M> - -   Use this command to spot what the differences are between different -   configurations. - -   .. code-block:: none - -     vyos@vyos# compare [tab] -     Possible completions: -       <Enter>	Compare working & active configurations -       saved		Compare working & saved configurations -       <N>		Compare working with revision N -       <N> <M>	Compare revision N with M -       Revisions: -         0	   2013-12-17 20:01:37 root by boot-config-loader -         1	   2013-12-13 15:59:31 root by boot-config-loader -         2	   2013-12-12 21:56:22 vyos by cli -         3	   2013-12-12 21:55:11 vyos by cli -         4	   2013-12-12 21:27:54 vyos by cli -         5	   2013-12-12 21:23:29 vyos by cli -         6	   2013-12-12 21:13:59 root by boot-config-loader -         7	   2013-12-12 16:25:19 vyos by cli -         8	   2013-12-12 15:44:36 vyos by cli -         9	   2013-12-12 15:42:07 root by boot-config-loader -         10   2013-12-12 15:42:06 root by init - -   The command :cfgcmd:`compare` allows you to compare different type of -   configurations. It also lets you compare different revisions through -   the :cfgcmd:`compare N M` command, where N and M are revision -   numbers. The output will describe how the configuration N is when -   compared to M indicating with a plus sign (``+``) the additional -   parts N has when compared to M, and indicating with a minus sign -   (``-``) the lacking parts N misses when compared to M. - -   .. code-block:: none - -     vyos@vyos# compare 0 6 -     [edit interfaces] -     +dummy dum1 { -     +    address 10.189.0.1/31 -     +} -     [edit interfaces ethernet eth0] -     +vif 99 { -     +    address 10.199.0.1/31 -     +} -     -vif 900 { -     -    address 192.0.2.4/24 -     -} - - -.. opcmd:: show system commit diff <number> - -   Show commit revision difference. - - -The command above also lets you see the difference between two commits. -By default the difference with the running config is shown. - -.. code-block:: none - -   vyos@router# run show system commit diff 4 -   [edit system] -   +ipv6 { -   +    disable-forwarding -   +} - -This means four commits ago we did ``set system ipv6 disable-forwarding``. - - -Rollback Changes ----------------- - -You can rollback configuration changes using the rollback command. This -will apply the selected revision and trigger a system reboot. - -.. cfgcmd:: rollback <N> - -   Rollback to revision N (currently requires reboot) - -   .. code-block:: none - -     vyos@vyos# compare 1 -     [edit system] -     >host-name vyos-1 -     [edit] - -     vyos@vyos# rollback 1 -     Proceed with reboot? [confirm][y] -     Broadcast message from root@vyos-1 (pts/0) (Tue Dec 17 21:07:45 2013): -     The system is going down for reboot NOW! - -Remote Archive --------------- - -VyOS can upload the configuration to a remote location after each call -to :cfgcmd:`commit`. You will have to set the commit-archive location. -TFTP, FTP, SCP and SFTP servers are supported. Every time a -:cfgcmd:`commit` is successfull the ``config.boot`` file will be copied -to the defined destination(s). The filename used on the remote host will -be ``config.boot-hostname.YYYYMMDD_HHMMSS``.  - -.. cfgcmd:: set system config-management commit-archive location <URI> - -   Specify remote location of commit archive as any of the below -   :abbr:`URI (Uniform Resource Identifier)` - -   * ``scp://<user>:<passwd>@<host>:/<dir>`` -   * ``sftp://<user>:<passwd>@<host>/<dir>`` -   * ``ftp://<user>:<passwd>@<host>/<dir>`` -   * ``tftp://<host>/<dir>`` - -.. note:: The number of revisions don't affect the commit-archive. - -.. note:: You may find VyOS not allowing the secure connection because -   it cannot verify the legitimacy of the remote server. You can use -   the workaround below to quickly add the remote host's SSH -   fingerprint to your ``~/.ssh/known_hosts`` file: - -   .. code-block:: none - -     vyos@vyos# ssh-keyscan <host> >> ~/.ssh/known_hosts - -Saving and loading manually ---------------------------- - -You can use the ``save`` and ``load`` commands if you want to manually -manage specific configuration files. - -When using the save_ command, you can add a specific location where -to store your configuration file. And, when needed it, you will be able -to load it with the ``load`` command: - -.. cfgcmd:: load <URI> - -   Use this command to load a configuration which will replace the -   running configuration. Define the location of the configuration file -   to be loaded. You can use a path to a local file, an SCP address, an -   SFTP address, an FTP address, an HTTP address, an HTTPS address or a -   TFTP address. - -  .. code-block:: none - -     vyos@vyos# load  -     Possible completions: -       <Enter>				        Load from system config file -       <file>			        	Load from file on local machine -       scp://<user>:<passwd>@<host>:/<file>	Load from file on remote machine -       sftp://<user>:<passwd>@<host>/<file>	Load from file on remote machine -       ftp://<user>:<passwd>@<host>/<file>	Load from file on remote machine -       http://<host>/<file>			Load from file on remote machine -       https://<host>/<file>			Load from file on remote machine -       tftp://<host>/<file>			Load from file on remote machine -      - - -Restore Default ---------------- - -In the case you want to completely delete your configuration and restore -the default one, you can enter the following command in configuration -mode: - -.. code-block:: none - -  load /opt/vyatta/etc/config.boot.default - -You will be asked if you want to continue. If you accept, you will have -to use :cfgcmd:`commit` if you want to make the changes active. - -Then you may want to :cfgcmd:`save` in order to delete the saved -configuration too. - -.. note:: If you are remotely connected, you will lose your connection. -   You may want to copy first the config, edit it to ensure -   connectivity, and load the edited config. diff --git a/docs/firewall.rst b/docs/configuration/firewall/index.rst index 870e9a08..e95ecb53 100644 --- a/docs/firewall.rst +++ b/docs/configuration/firewall/index.rst @@ -1,10 +1,12 @@  .. _firewall: +########  Firewall -======== +######## +********  Overview --------- +********  VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet  filtering. @@ -23,8 +25,9 @@ or zone based firewall policy.     OS, is a reference to as `local` with respect to its input interface. +***************  Global settings ---------------- +***************  Some firewall settings are global and have a affect on the whole system. @@ -139,8 +142,9 @@ Some firewall settings are global and have a affect on the whole system.     Set the global setting for related connections. +******  Groups ------- +******  Firewall groups represent collections of IP addresses, networks, or  ports. Once created, a group can be referenced by firewall rules as @@ -157,7 +161,7 @@ names.  Address Groups -************** +==============  In a **address group** a single IP adresses or IP address ranges are  definded. @@ -181,7 +185,7 @@ definded.  Network Groups -************** +==============  While **network groups** accept IP networks in CIDR notation, specific  IP addresses can be added as a 32-bit prefix. If you foresee the need @@ -206,7 +210,7 @@ recommended.  Port Groups -*********** +===========  A **port group** represents only port numbers, not the protocol. Port  groups can be referenced for either TCP or UDP. It is recommended that @@ -231,8 +235,9 @@ filtering unnecessary ports. Ranges of ports can be specified by using     Provide a port group description. +*********  Rule-Sets ----------- +*********  A rule-set is a named collection of firewall rules that can be applied  to an interface or zone. Each rule is numbered, has an action to apply @@ -280,7 +285,7 @@ the action of the rule will executed.     If you want to disable a rule but let it in the configuration.  Matching criteria -***************** +=================  There are a lot of matching criteria gainst which the package can be tested. @@ -412,8 +417,9 @@ There are a lot of matching criteria gainst which the package can be tested.     Match against the state of a packet. +***********************************  Applying a Rule-Set to an Interface ------------------------------------ +***********************************  A Rule-Set can be appliend to every inteface: @@ -438,8 +444,9 @@ A Rule-Set can be appliend to every inteface:        several interfaces. An interface can only have one rule-set per chain. +**************************  Zone-based Firewall Policy --------------------------- +**************************  As an alternative to applying policy to an interface directly, a  zone-based firewall can be created to simplify configuration when @@ -452,7 +459,7 @@ An basic introduction to zone-based firewalls can be found `here  and an example at :ref:`examples-zone-policy`.  Define a Zone -************* +=============  To define a zone setup either one with interfaces or a local zone. @@ -476,7 +483,7 @@ To define a zone setup either one with interfaces or a local zone.  Applying a Rule-Set to a Zone -***************************** +=============================  Before you are able to apply a rule-set to a zone you have to create the zones   first.  @@ -495,11 +502,12 @@ first.        set zone-policy zone LAN from DMZ firewall name DMZv4-to-LANv4 +***********************  Operation-mode Firewall ------------------------ +***********************  Rule-set overview -***************** +=================  .. opcmd:: show firewall @@ -662,7 +670,7 @@ Rule-set overview  Zone-Policy Overview -******************** +====================  .. opcmd:: show zone-policy zone <name> @@ -683,7 +691,7 @@ Zone-Policy Overview  Show Firewall log -***************** +=================  .. opcmd:: show log firewall [name | ipv6name] <name> @@ -697,7 +705,7 @@ Show Firewall log  Example Partial Config ----------------------- +======================  .. code-block:: none @@ -765,3 +773,73 @@ Example Partial Config           }       }    } + + +.. _routing-mss-clamp: + + +**************** +TCP-MSS Clamping +**************** + +As Internet wide PMTU discovery rarely works, we sometimes need to clamp +our TCP MSS value to a specific value. This is a field in the TCP +Options part of a SYN packet. By setting the MSS value, you are telling +the remote side unequivocally 'do not try to send me packets bigger than +this value'. + +Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS +value for IPv4 and IPv6. + + +.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting +   in 1452 bytes on a 1492 byte MTU. + + + +IPv4 +==== + + +.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes> + +   Use this command to set the maximum segment size for IPv4 transit +   packets on a specific interface (500-1460 bytes). + +Example +------- + +Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and +`1372` +for your WireGuard `wg02` tunnel. + +.. code-block:: none + +  set firewall options interface pppoe0 adjust-mss '1452' +  set firewall options interface wg02 adjust-mss '1372' + + + +IPv6 +==== + +.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes> + +   Use this command to set the maximum segment size for IPv6 transit +   packets on a specific interface (1280-1492 bytes). + +Example +------- + +Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and +`wg02` interface. + +.. code-block:: none + +  set firewall options interface pppoe0 adjust-mss6 '1280' +  set firewall options interface wg02 adjust-mss6 '1280' + + + +.. hint:: When doing your byte calculations, you might find useful this +   `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_. diff --git a/docs/high-availability.rst b/docs/configuration/highavailability/index.rst index ad714597..ad714597 100644 --- a/docs/high-availability.rst +++ b/docs/configuration/highavailability/index.rst diff --git a/docs/configuration/index.rst b/docs/configuration/index.rst new file mode 100644 index 00000000..bce013cb --- /dev/null +++ b/docs/configuration/index.rst @@ -0,0 +1,23 @@ +################### +Configuration Guide +################### + +The following structure respresent the cli structure. + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   firewall/index +   highavailability/index +   interfaces/index +   loadbalancing/index +   nat/index +   policy/index +   protocols/index +   service/index +   system/index +   trafficpolicy/index +   vpn/index +   vrf/index +   zonepolicy/index
\ No newline at end of file diff --git a/docs/interfaces/bond.rst b/docs/configuration/interfaces/bonding.rst index 7faddd6f..8ec8f34d 100644 --- a/docs/interfaces/bond.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -17,7 +17,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt     :var0: bond     :var1: bond0 @@ -259,7 +259,7 @@ Bond options  VLAN  ==== -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt     :var0: bond     :var1: bond0 diff --git a/docs/interfaces/bridge.rst b/docs/configuration/interfaces/bridge.rst index dc94a761..766d2aa5 100644 --- a/docs/interfaces/bridge.rst +++ b/docs/configuration/interfaces/bridge.rst @@ -21,7 +21,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt     :var0: bridge     :var1: br0 @@ -116,7 +116,7 @@ links providing fault tolerance if an active link fails.  VLAN  ==== -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt     :var0: bridge     :var1: br0 diff --git a/docs/interfaces/dummy.rst b/docs/configuration/interfaces/dummy.rst index c36d0024..c9845230 100644 --- a/docs/interfaces/dummy.rst +++ b/docs/configuration/interfaces/dummy.rst @@ -25,19 +25,19 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-address.txt +.. cmdinclude:: /_include/interface-address.txt     :var0: dummy     :var1: dum0 -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt     :var0: dummy     :var1: dum0 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt     :var0: dummy     :var1: dum0 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt     :var0: dummy     :var1: dum0 diff --git a/docs/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index f2ab3f67..9311c947 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -14,7 +14,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt     :var0: ethernet     :var1: eth0 @@ -72,14 +72,14 @@ VLAN  Regular VLANs (802.1q)  ---------------------- -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt     :var0: ethernet     :var1: eth0  QinQ (802.1ad)  -------------- -.. cmdinclude:: ../_include/interface-vlan-8021ad.txt +.. cmdinclude:: /_include/interface-vlan-8021ad.txt     :var0: ethernet     :var1: eth0 diff --git a/docs/interfaces/geneve.rst b/docs/configuration/interfaces/geneve.rst index 47068687..9e00d621 100644 --- a/docs/interfaces/geneve.rst +++ b/docs/configuration/interfaces/geneve.rst @@ -39,7 +39,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt     :var0: geneve     :var1: gnv0 diff --git a/docs/interfaces/advanced-index.rst b/docs/configuration/interfaces/index.rst index 7b9bde1e..85d2c177 100644 --- a/docs/interfaces/advanced-index.rst +++ b/docs/configuration/interfaces/index.rst @@ -1,23 +1,28 @@ -.. _advanced_network-interfaces: +########## +Interfaces +########## -################## -Network Interfaces -##################  .. toctree::     :maxdepth: 1 +   :includehidden: -   bond +   bonding     bridge     dummy     ethernet     geneve -   loopback     l2tpv3 +   loopback     macsec +   openvpn     pppoe     pseudo-ethernet     tunnel +   vti     vxlan +   wireguard     wireless     wirelessmodem + + diff --git a/docs/interfaces/l2tpv3.rst b/docs/configuration/interfaces/l2tpv3.rst index 4c9cbf9b..a4b7be36 100644 --- a/docs/interfaces/l2tpv3.rst +++ b/docs/configuration/interfaces/l2tpv3.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt  .. _l2tpv3-interface: @@ -31,7 +31,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt     :var0: l2tpv3     :var1: l2tpeth0 diff --git a/docs/interfaces/loopback.rst b/docs/configuration/interfaces/loopback.rst index a6d659b5..f7386c62 100644 --- a/docs/interfaces/loopback.rst +++ b/docs/configuration/interfaces/loopback.rst @@ -26,11 +26,11 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-address.txt +.. cmdinclude:: /_include/interface-address.txt     :var0: loopback     :var1: lo -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt     :var0: loopback     :var1: lo diff --git a/docs/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index ebc8f151..2bf643aa 100644 --- a/docs/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -20,7 +20,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt     :var0: macsec     :var1: macsec0 diff --git a/docs/vpn/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index c6934335..f503ae84 100644 --- a/docs/vpn/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -581,4 +581,4 @@ The following commands let you reset OpenVPN. -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index a7c0048f..393c71ed 100644 --- a/docs/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -59,15 +59,15 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt     :var0: pppoe     :var1: pppoe0 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt     :var0: pppoe     :var1: pppoe0 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt     :var0: pppoe     :var1: pppoe0 @@ -173,7 +173,7 @@ IPv6     Use this command to enable acquisition of IPv6 address using stateless     autoconfig (SLAAC). -.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt    :var0: pppoe    :var1: pppoe0 diff --git a/docs/interfaces/pseudo-ethernet.rst b/docs/configuration/interfaces/pseudo-ethernet.rst index c2baca39..0471d2e1 100644 --- a/docs/interfaces/pseudo-ethernet.rst +++ b/docs/configuration/interfaces/pseudo-ethernet.rst @@ -45,7 +45,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt     :var0: pseudo-ethernet     :var1: peth0 @@ -60,6 +60,6 @@ Pseudo Ethernet/MACVLAN options  VLAN  ==== -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt     :var0: pseudo-ethernet     :var1: peth0 diff --git a/docs/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index c14314d1..7b1502f8 100644 --- a/docs/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -16,7 +16,7 @@ a closer look at the protocols and options currently supported by VyOS.  Common interface configuration  ------------------------------ -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt     :var0: tunnel     :var1: tun0 @@ -210,26 +210,7 @@ that are discarding IP protocol 47 or blocking your source/desintation traffic.    4 packets transmitted, 4 received, 0% packet loss, time 3008ms    rtt min/avg/max/mdev = 1.055/1.729/1.989/0.395 ms -Virtual Tunnel Interface (VTI) ------------------------------- - -Set Virtual Tunnel Interface - -.. code-block:: none - -  set interfaces vti vti0 address 192.168.2.249/30 -  set interfaces vti vti0 address 2001:db8:2::249/64 - -Results in: - -.. code-block:: none -  vyos@vyos# show interfaces vti -  vti vti0 { -      address 192.168.2.249/30 -      address 2001:db8:2::249/64 -      description "Description" -  }  .. _`other proposals`: https://www.isc.org/othersoftware/  .. _`Hurricane Electric`: https://tunnelbroker.net/ diff --git a/docs/configuration/interfaces/vti.rst b/docs/configuration/interfaces/vti.rst new file mode 100644 index 00000000..62cd13f3 --- /dev/null +++ b/docs/configuration/interfaces/vti.rst @@ -0,0 +1,22 @@ +############################## +Virtual Tunnel Interface (VTI) +############################## + + +Set Virtual Tunnel Interface + +.. code-block:: none + +  set interfaces vti vti0 address 192.168.2.249/30 +  set interfaces vti vti0 address 2001:db8:2::249/64 + +Results in: + +.. code-block:: none + +  vyos@vyos# show interfaces vti +  vti vti0 { +      address 192.168.2.249/30 +      address 2001:db8:2::249/64 +      description "Description" +  }
\ No newline at end of file diff --git a/docs/interfaces/vxlan.rst b/docs/configuration/interfaces/vxlan.rst index 40dc5400..95f8de35 100644 --- a/docs/interfaces/vxlan.rst +++ b/docs/configuration/interfaces/vxlan.rst @@ -39,7 +39,7 @@ Configuration  Common interface configuration  ------------------------------ -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt    :var0: vxlan    :var1: vxlan0 diff --git a/docs/vpn/wireguard.rst b/docs/configuration/interfaces/wireguard.rst index 3580fac3..3580fac3 100644 --- a/docs/vpn/wireguard.rst +++ b/docs/configuration/interfaces/wireguard.rst diff --git a/docs/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst index 16e3b7d2..fca285eb 100644 --- a/docs/interfaces/wireless.rst +++ b/docs/configuration/interfaces/wireless.rst @@ -30,7 +30,7 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt     :var0: wireless     :var1: wlan0 @@ -380,14 +380,14 @@ VLAN  Regular VLANs (802.1q)  ---------------------- -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt     :var0: wireless     :var1: wlan0  QinQ (802.1ad)  -------------- -.. cmdinclude:: ../_include/interface-vlan-8021ad.txt +.. cmdinclude:: /_include/interface-vlan-8021ad.txt     :var0: wireless     :var1: wlan0 diff --git a/docs/interfaces/wirelessmodem.rst b/docs/configuration/interfaces/wirelessmodem.rst index f9dfa228..a65a47f4 100644 --- a/docs/interfaces/wirelessmodem.rst +++ b/docs/configuration/interfaces/wirelessmodem.rst @@ -15,15 +15,15 @@ Configuration  Common interface configuration  ============================== -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt     :var0: wirelessmodem     :var1: wlm0 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt     :var0: wirelessmodem     :var1: wlm0 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt     :var0: wirelessmodem     :var1: wlm0 diff --git a/docs/load-balancing.rst b/docs/configuration/loadbalancing/index.rst index 6b0bede9..6b0bede9 100644 --- a/docs/load-balancing.rst +++ b/docs/configuration/loadbalancing/index.rst diff --git a/docs/nat.rst b/docs/configuration/nat/index.rst index 17698c26..5aeffb63 100644 --- a/docs/nat.rst +++ b/docs/configuration/nat/index.rst @@ -4,6 +4,12 @@  NAT  ### +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   nptv6 +  :abbr:`NAT (Network Address Translation)` is a common method of  remapping one IP address space into another by modifying network address  information in the IP header of packets while they are in transit across @@ -600,7 +606,7 @@ The ASP requests that all connections from this company should come from  172.29.41.89 - an address that is assigned by the ASP and not in use at  the customer site. -.. figure:: _static/images/nat_before_vpn_topology.png +.. figure:: /_static/images/nat_before_vpn_topology.png     :scale: 100 %     :alt: NAT before VPN Topology diff --git a/docs/nptv6.rst b/docs/configuration/nat/nptv6.rst index f4e08325..c09c8336 100644 --- a/docs/nptv6.rst +++ b/docs/configuration/nat/nptv6.rst @@ -1,4 +1,4 @@ -.. include:: _include/need_improvement.txt +.. include:: /_include/need_improvement.txt  .. _nptv6: diff --git a/docs/routing/pbr.rst b/docs/configuration/policy/index.rst index 7b0341cb..4b7d48ee 100644 --- a/docs/routing/pbr.rst +++ b/docs/configuration/policy/index.rst @@ -1,4 +1,71 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt + +###### +Policy +###### + +Routing Policies could be used to tell the router (self or neighbors) what +routes and their attributes needs to be put into the routing table. + +There could be a wide range of routing policies. Some examples are below: + +* Set some metric to routes learned from a particular neighbor +* Set some attributes (like AS PATH or Community value) to advertised routes to neighbors +* Prefer a specific routing protocol routes over another routing protocol running on the same router + +Example +======= + +**Policy definition:** + +.. code-block:: none + +  # Create policy +  set policy route-map setmet rule 2 action 'permit' +  set policy route-map setmet rule 2 set as-path-prepend '2 2 2' + +  # Apply policy to BGP +  set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' +  set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' + +Using 'soft-reconfiguration' we get the policy update without bouncing the +neighbor. + +**Routes learned before routing policy applied:** + +.. code-block:: none + +  vyos@vos1:~$ show ip bgp +  BGP table version is 0, local router ID is 192.168.56.101 +  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, +                r RIB-failure, S Stale, R Removed +  Origin codes: i - IGP, e - EGP, ? - incomplete + +     Network          Next Hop            Metric LocPrf Weight Path +  *> 198.51.100.3/32   203.0.113.2           1             0 2 i  < Path + +  Total number of prefixes 1 + +**Routes learned after routing policy applied:** + +.. code-block:: none + +  vyos@vos1:~$ sho ip b +  BGP table version is 0, local router ID is 192.168.56.101 +  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, +                r RIB-failure, S Stale, R Removed +  Origin codes: i - IGP, e - EGP, ? - incomplete + +     Network          Next Hop            Metric LocPrf Weight Path +  *> 198.51.100.3/32   203.0.113.2           1             0 2 2 2 2 i + +  Total number of prefixes 1 +  vyos@vos1:~$ + +You now see the longer AS path. + + +.. include:: /_include/need_improvement.txt  .. _routing-pbr: @@ -58,7 +125,7 @@ Routing tables that will be used in this example are:  * ``main`` Routing table used by VyOS and other interfaces not    participating in PBR -.. figure:: ../_static/images/pbr_example_1.png +.. figure:: /_static/images/pbr_example_1.png     :scale: 80 %     :alt: PBR multiple uplinks @@ -135,3 +202,4 @@ Add multiple source IP in one rule with same priority    set policy local-route rule 101 source '192.0.1.254'    set policy local-route rule 101 source '192.0.1.253'    set policy local-route rule 101 source '203.0.113.0/24' + diff --git a/docs/routing/bfd.rst b/docs/configuration/protocols/bfd.rst index 1d494332..b8fdf489 100644 --- a/docs/routing/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt  .. _routing-bfd: diff --git a/docs/routing/bgp.rst b/docs/configuration/protocols/bgp.rst index c576d836..c576d836 100644 --- a/docs/routing/bgp.rst +++ b/docs/configuration/protocols/bgp.rst diff --git a/docs/configuration/protocols/igmp-proxy.rst b/docs/configuration/protocols/igmp-proxy.rst new file mode 100644 index 00000000..cce5f948 --- /dev/null +++ b/docs/configuration/protocols/igmp-proxy.rst @@ -0,0 +1,2 @@ +igmp-proxy +##########
\ No newline at end of file diff --git a/docs/routing/multicast.rst b/docs/configuration/protocols/igmp.rst index 9104b0c9..9104b0c9 100644 --- a/docs/routing/multicast.rst +++ b/docs/configuration/protocols/igmp.rst diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst new file mode 100644 index 00000000..819db4df --- /dev/null +++ b/docs/configuration/protocols/index.rst @@ -0,0 +1,23 @@ +######### +Protocols +######### + + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   bfd +   bgp +   igmp +   igmp-proxy +   is-is +   mpls +   ospf +   ospfv3 +   pim +   rip +   ripng +   rpki +   static +   vrf diff --git a/docs/routing/isis.rst b/docs/configuration/protocols/isis.rst index 807dca83..807dca83 100644 --- a/docs/routing/isis.rst +++ b/docs/configuration/protocols/isis.rst diff --git a/docs/routing/mpls.rst b/docs/configuration/protocols/mpls.rst index 4451c5c3..4451c5c3 100644 --- a/docs/routing/mpls.rst +++ b/docs/configuration/protocols/mpls.rst diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst new file mode 100644 index 00000000..ff7c5e64 --- /dev/null +++ b/docs/configuration/protocols/ospf.rst @@ -0,0 +1,70 @@ +.. include:: /_include/need_improvement.txt + +.. _routing-ospf: + +#### +OSPF +#### + +:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet +Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls +into the group of interior gateway protocols (IGPs), operating within a single +autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) +for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` +(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` +addressing model. + +OSPF is a widely used IGP in large enterprise networks. + +OSPFv2 (IPv4) +############# + +In order to have a VyOS system exchanging routes with OSPF neighbors, you will +at least need to configure an OSPF area and some network. + +.. code-block:: none + +  set protocols ospf area 0 network 192.168.0.0/24 + +That is the minimum configuration you will need. +It is a good practice to define the router ID too. + +.. code-block:: none + +  set protocols ospf parameters router-id 10.1.1.1 + + +Below you can see a typical configuration using 2 nodes, redistribute loopback +address and the node 1 sending the default route: + +**Node 1** + +.. code-block:: none + +  set interfaces loopback lo address 10.1.1.1/32 +  set protocols ospf area 0 network 192.168.0.0/24 +  set protocols ospf default-information originate always +  set protocols ospf default-information originate metric 10 +  set protocols ospf default-information originate metric-type 2 +  set protocols ospf log-adjacency-changes +  set protocols ospf parameters router-id 10.1.1.1 +  set protocols ospf redistribute connected metric-type 2 +  set protocols ospf redistribute connected route-map CONNECT + +  set policy route-map CONNECT rule 10 action permit +  set policy route-map CONNECT rule 10 match interface lo + +**Node 2** + +.. code-block:: none + +  set interfaces loopback lo address 10.2.2.2/32 +  set protocols ospf area 0 network 192.168.0.0/24 +  set protocols ospf log-adjacency-changes +  set protocols ospf parameters router-id 10.2.2.2 +  set protocols ospf redistribute connected metric-type 2 +  set protocols ospf redistribute connected route-map CONNECT + +  set policy route-map CONNECT rule 10 action permit +  set policy route-map CONNECT rule 10 match interface lo + diff --git a/docs/routing/ospf.rst b/docs/configuration/protocols/ospfv3.rst index fe05178b..f0e28983 100644 --- a/docs/routing/ospf.rst +++ b/docs/configuration/protocols/ospfv3.rst @@ -1,73 +1,3 @@ -.. include:: ../_include/need_improvement.txt - -.. _routing-ospf: - -#### -OSPF -#### - -:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet -Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls -into the group of interior gateway protocols (IGPs), operating within a single -autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) -for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` -(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` -addressing model. - -OSPF is a widely used IGP in large enterprise networks. - -OSPFv2 (IPv4) -############# - -In order to have a VyOS system exchanging routes with OSPF neighbors, you will -at least need to configure an OSPF area and some network. - -.. code-block:: none - -  set protocols ospf area 0 network 192.168.0.0/24 - -That is the minimum configuration you will need. -It is a good practice to define the router ID too. - -.. code-block:: none - -  set protocols ospf parameters router-id 10.1.1.1 - - -Below you can see a typical configuration using 2 nodes, redistribute loopback -address and the node 1 sending the default route: - -**Node 1** - -.. code-block:: none - -  set interfaces loopback lo address 10.1.1.1/32 -  set protocols ospf area 0 network 192.168.0.0/24 -  set protocols ospf default-information originate always -  set protocols ospf default-information originate metric 10 -  set protocols ospf default-information originate metric-type 2 -  set protocols ospf log-adjacency-changes -  set protocols ospf parameters router-id 10.1.1.1 -  set protocols ospf redistribute connected metric-type 2 -  set protocols ospf redistribute connected route-map CONNECT - -  set policy route-map CONNECT rule 10 action permit -  set policy route-map CONNECT rule 10 match interface lo - -**Node 2** - -.. code-block:: none - -  set interfaces loopback lo address 10.2.2.2/32 -  set protocols ospf area 0 network 192.168.0.0/24 -  set protocols ospf log-adjacency-changes -  set protocols ospf parameters router-id 10.2.2.2 -  set protocols ospf redistribute connected metric-type 2 -  set protocols ospf redistribute connected route-map CONNECT - -  set policy route-map CONNECT rule 10 action permit -  set policy route-map CONNECT rule 10 match interface lo -  OSPFv3 (IPv6)  ############# diff --git a/docs/configuration/protocols/pim.rst b/docs/configuration/protocols/pim.rst new file mode 100644 index 00000000..1dd373d8 --- /dev/null +++ b/docs/configuration/protocols/pim.rst @@ -0,0 +1,2 @@ +PIM +###
\ No newline at end of file diff --git a/docs/routing/rip.rst b/docs/configuration/protocols/rip.rst index 68868e37..0d73ad34 100644 --- a/docs/routing/rip.rst +++ b/docs/configuration/protocols/rip.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt  .. _rip: diff --git a/docs/configuration/protocols/ripng.rst b/docs/configuration/protocols/ripng.rst new file mode 100644 index 00000000..dec6bddf --- /dev/null +++ b/docs/configuration/protocols/ripng.rst @@ -0,0 +1,3 @@ +##### +RIPng +#####
\ No newline at end of file diff --git a/docs/routing/rpki.rst b/docs/configuration/protocols/rpki.rst index 9813b1b6..9813b1b6 100644 --- a/docs/routing/rpki.rst +++ b/docs/configuration/protocols/rpki.rst diff --git a/docs/routing/static.rst b/docs/configuration/protocols/static.rst index 523627fa..43b77c41 100644 --- a/docs/routing/static.rst +++ b/docs/configuration/protocols/static.rst @@ -15,8 +15,9 @@ collection of all routes the router has learned from its configuration or from  its dynamic routing protocols is stored in the RIB. Unicast routes are directly  used to determine the forwarding table used for unicast packet forwarding. +*************  Static Routes -############# +*************  .. cfgcmd:: set protocols static route <subnet> next-hop <address> @@ -132,3 +133,68 @@ TBD  Alternate routing tables are used with policy based routing of by utilizing  :ref:`vrf`. + + +.. _routing-arp: + +### +ARP +### + +:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for +discovering the link layer address, such as a MAC address, associated with a +given internet layer address, typically an IPv4 address. This mapping is a +critical function in the Internet protocol suite. ARP was defined in 1982 by +:rfc:`826` which is Internet Standard STD 37. + +In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is +provided by the Neighbor Discovery Protocol (NDP). + +To manipulate or display ARP_ table entries, the following commands are +implemented. + +********* +Configure +********* + +.. cfgcmd:: set protocols static arp <address> hwaddr <mac> + +   This will configure a static ARP entry always resolving `<address>` to +   `<mac>`. + +   Example: + +   .. code-block:: none + +     set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa + + +********* +Operation +********* + + +.. opcmd:: show protocols static arp + +   Display all known ARP table entries spanning across all interfaces + +.. code-block:: none + +  vyos@vyos:~$ show protocols static arp +  Address                  HWtype  HWaddress           Flags Mask     Iface +  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1 +  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1 + + +.. opcmd:: show protocols static arp interface eth1 + +   Display all known ARP table entries on a given interface only (`eth1`): + +.. code-block:: none + +  vyos@vyos:~$ show protocols static arp interface eth1 +  Address                  HWtype  HWaddress           Flags Mask     Iface +  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1 +  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1 + +.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol diff --git a/docs/configuration/protocols/vrf.rst b/docs/configuration/protocols/vrf.rst new file mode 100644 index 00000000..e7609a77 --- /dev/null +++ b/docs/configuration/protocols/vrf.rst @@ -0,0 +1,3 @@ +############# +Protocols VRF +############# diff --git a/docs/services/udp-broadcast-relay.rst b/docs/configuration/service/broadcast-relay.rst index df48bfd6..df48bfd6 100644 --- a/docs/services/udp-broadcast-relay.rst +++ b/docs/configuration/service/broadcast-relay.rst diff --git a/docs/services/conntrack.rst b/docs/configuration/service/conntrack-sync.rst index c361d293..55cd088e 100644 --- a/docs/services/conntrack.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt  Conntrack  --------- diff --git a/docs/services/console-server.rst b/docs/configuration/service/console-server.rst index cf222544..cf222544 100644 --- a/docs/services/console-server.rst +++ b/docs/configuration/service/console-server.rst diff --git a/docs/configuration/service/dhcp-relay.rst b/docs/configuration/service/dhcp-relay.rst new file mode 100644 index 00000000..445519b3 --- /dev/null +++ b/docs/configuration/service/dhcp-relay.rst @@ -0,0 +1,2 @@ +dhcp-relay +##########
\ No newline at end of file diff --git a/docs/services/dhcp.rst b/docs/configuration/service/dhcp-server.rst index 6cb0bc83..6cb0bc83 100644 --- a/docs/services/dhcp.rst +++ b/docs/configuration/service/dhcp-server.rst diff --git a/docs/configuration/service/dhcpv6-relay.rst b/docs/configuration/service/dhcpv6-relay.rst new file mode 100644 index 00000000..2d105fdf --- /dev/null +++ b/docs/configuration/service/dhcpv6-relay.rst @@ -0,0 +1,2 @@ +dhcpv6-relay +############
\ No newline at end of file diff --git a/docs/configuration/service/dhcpv6-server.rst b/docs/configuration/service/dhcpv6-server.rst new file mode 100644 index 00000000..64e523a0 --- /dev/null +++ b/docs/configuration/service/dhcpv6-server.rst @@ -0,0 +1,2 @@ +dhcpv6-server +#############
\ No newline at end of file diff --git a/docs/services/dns-forwarding.rst b/docs/configuration/service/dns.rst index 5c154fdf..f332c55c 100644 --- a/docs/services/dns-forwarding.rst +++ b/docs/configuration/service/dns.rst @@ -145,3 +145,169 @@ Operation  .. opcmd:: restart dns forwarding     Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache. + + +.. _dynamic-dns: + +########### +Dynamic DNS +########### + +VyOS is able to update a remote DNS record when an interface gets a new IP +address. In order to do so, VyOS includes ddclient_, a Perl script written for +this only one purpose. + +ddclient_ uses two methods to update a DNS record. The first one will send +updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second +one involves a third party service, like DynDNS.com or any other similar +website. This method uses HTTP requests to transmit the new IP address. You +can configure both in VyOS. + +Configuration +============= + +:rfc:`2136` Based +----------------- + +.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> + +   Create new :rfc:`2136` DNS update configuration which will update the IP +   address assigned to `<interface>` on the service you configured under +   `<service-name>`. + +.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> key <keyfile> + +   File identified by `<keyfile>` containing the secret RNDC key shared with +   remote DNS server. + +.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> server <server> + +   Configure the DNS `<server>` IP/FQDN used when updating this dynamic +   assignment. + +.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> zone <zone> + +   Configure DNS `<zone>` to be updated. + +.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> record <record> + +   Configure DNS `<record>` which should be updated. This can be set multiple +   times. + +.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> ttl <ttl> + +   Configure optional TTL value on the given resource record. This defualts to +   600 seconds. + +Example +^^^^^^^ + +* Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io`` +* Use auth key file at ``/config/auth/my.key`` +* Set TTL to 300 seconds + +.. code-block:: none + +  vyos@vyos# show service dns dynamic +   interface eth0.7 { +       rfc2136 VyOS-DNS { +           key /config/auth/my.key +           record example.vyos.io +           server ns1.vyos.io +           ttl 300 +           zone vyos.io +       } +   } + +This will render the following ddclient_ configuration entry: + +.. code-block:: none + +  # +  # ddclient configuration for interface "eth0.7": +  # +  use=if, if=eth0.7 + +  # RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io +  server=ns1.vyos.io +  protocol=nsupdate +  password=/config/auth/my.key +  ttl=300 +  zone=vyos.io +  example.vyos.io + +.. note:: You can also keep different DNS zone updated. Just create a new +   config node: ``set service dns dynamic interface <interface> rfc2136 +   <other-service-name>`` + +HTTP based services +------------------- + +VyOS is also able to use any service relying on protocols supported by ddclient. + +To use such a service, one must define a login, password, one or multiple +hostnames, protocol and server. + +.. cfgcmd:: set service dns dynamic interface <interface> service <service> host-name <hostname> + +   Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS +   provider identified by `<service>` when the IP address on interface +   `<interface>` changes. + +.. cfgcmd:: set service dns dynamic interface <interface> service <service> login <username> + +   Configure `<username>` used when authenticating the update request for +   DynDNS service identified by `<service>`. +   For Namecheap, set the <domain> you wish to update. + +.. cfgcmd:: set service dns dynamic interface <interface> service <service> password <password> + +   Configure `<password>` used when authenticating the update request for +   DynDNS service identified by `<service>`. + +.. cfgcmd:: set service dns dynamic interface <interface> service <service> protocol <protocol> + +   When a ``custom`` DynDNS provider is used the protocol used for communicating +   to the provider must be specified under `<protocol>`. See the embedded +   completion helper for available protocols. + +.. cfgcmd:: set service dns dynamic interface <interface> service <service> server <server> + +   When a ``custom`` DynDNS provider is used the `<server>` where update +   requests are being sent to must be specified. + +Example: +^^^^^^^^ + +Use DynDNS as your preferred provider: + +.. code-block:: none + +  set service dns dynamic interface eth0 service dyndns +  set service dns dynamic interface eth0 service dyndns login my-login +  set service dns dynamic interface eth0 service dyndns password my-password +  set service dns dynamic interface eth0 service dyndns host-name my-dyndns-hostname + +.. note:: Multiple services can be used per interface. Just specify as many +   serives per interface as you like! + +Running Behind NAT +------------------ + +By default, ddclient_ will update a dynamic dns record using the IP address +directly attached to the interface. If your VyOS instance is behind NAT, your +record will be updated to point to your internal IP. + +ddclient_ has another way to determine the WAN IP address. This is controlled +by: + +.. cfgcmd:: set service dns dynamic interface <interface> use-web url <url> + +   Use configured `<url>` to determine your IP address. ddclient_ will load +   `<url>` and tries to extract your IP address from the response. + +.. cfgcmd:: set service dns dynamic interface <interface> use-web skip <pattern> + +   ddclient_ will skip any address located before the string set in `<pattern>`. + +.. _ddclient: https://github.com/ddclient/ddclient diff --git a/docs/appendix/http-api.rst b/docs/configuration/service/https.rst index 49f2dbd9..49f2dbd9 100644 --- a/docs/appendix/http-api.rst +++ b/docs/configuration/service/https.rst diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst new file mode 100644 index 00000000..0ef2bbd3 --- /dev/null +++ b/docs/configuration/service/index.rst @@ -0,0 +1,29 @@ +####### +Service +####### + + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   broadcast-relay +   conntrack-sync +   console-server +   dhcp-relay +   dhcp-server +   dhcpv6-relay +   dhcpv6-server +   dns +   https +   ipoe-server +   lldp +   mdns +   pppoe-advert +   pppoe-server +   router-advert +   salt-minion +   snmp +   ssh +   tftp-server +   webproxy diff --git a/docs/services/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 3aedf966..3f794af8 100644 --- a/docs/services/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt  .. _ipoe_server: @@ -146,4 +146,4 @@ The rate-limit is set in kbit/sec.    -------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------    ipoe0  | eth2       | 08:00:27:2f:d8:06 | 192.168.0.2 |     |        | 500/500    | active | 00:00:05 | dccc870fd31349fb -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/services/lldp.rst b/docs/configuration/service/lldp.rst index 4b1743e6..4b1743e6 100644 --- a/docs/services/lldp.rst +++ b/docs/configuration/service/lldp.rst diff --git a/docs/services/mdns-repeater.rst b/docs/configuration/service/mdns.rst index 9d6a292a..9d6a292a 100644 --- a/docs/services/mdns-repeater.rst +++ b/docs/configuration/service/mdns.rst diff --git a/docs/configuration/service/pppoe-advert.rst b/docs/configuration/service/pppoe-advert.rst new file mode 100644 index 00000000..bbb82202 --- /dev/null +++ b/docs/configuration/service/pppoe-advert.rst @@ -0,0 +1,2 @@ +pppoe-advert +############
\ No newline at end of file diff --git a/docs/services/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index 1b7082ec..224ff0d8 100644 --- a/docs/services/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -394,4 +394,4 @@ a /56 subnet for the clients internal use.    --------+----------+-------------+--------------------------+---------------------+-------------------+------------+--------+----------+----------+----------     ppp0   | test     | 192.168.0.1 | 2001:db8:8002:0:200::/64 | 2001:db8:8003::1/56 | 00:53:00:12:42:eb |            | active | 00:00:49 | 875 B    | 2.1 KiB -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/services/router-advert.rst b/docs/configuration/service/router-advert.rst index bc92f315..bc92f315 100644 --- a/docs/services/router-advert.rst +++ b/docs/configuration/service/router-advert.rst diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst new file mode 100644 index 00000000..63df57a4 --- /dev/null +++ b/docs/configuration/service/salt-minion.rst @@ -0,0 +1,2 @@ +salt-minion +###########
\ No newline at end of file diff --git a/docs/services/snmp.rst b/docs/configuration/service/snmp.rst index 3f445ea8..3f445ea8 100644 --- a/docs/services/snmp.rst +++ b/docs/configuration/service/snmp.rst diff --git a/docs/services/ssh.rst b/docs/configuration/service/ssh.rst index 0153d918..0153d918 100644 --- a/docs/services/ssh.rst +++ b/docs/configuration/service/ssh.rst diff --git a/docs/services/tftp.rst b/docs/configuration/service/tftp-server.rst index 276ce5fb..276ce5fb 100644 --- a/docs/services/tftp.rst +++ b/docs/configuration/service/tftp-server.rst diff --git a/docs/services/webproxy.rst b/docs/configuration/service/webproxy.rst index 654e73f2..654e73f2 100644 --- a/docs/services/webproxy.rst +++ b/docs/configuration/service/webproxy.rst diff --git a/docs/configuration/system/acceleration.rst b/docs/configuration/system/acceleration.rst new file mode 100644 index 00000000..b09da38b --- /dev/null +++ b/docs/configuration/system/acceleration.rst @@ -0,0 +1,7 @@ +.. _acceleration: + +############ +Acceleration +############ + + diff --git a/docs/configuration/system/config-management.rst b/docs/configuration/system/config-management.rst new file mode 100644 index 00000000..40973713 --- /dev/null +++ b/docs/configuration/system/config-management.rst @@ -0,0 +1,2 @@ +config-management +#################
\ No newline at end of file diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst new file mode 100644 index 00000000..7d5d4308 --- /dev/null +++ b/docs/configuration/system/conntrack.rst @@ -0,0 +1,2 @@ +conntrack +#########
\ No newline at end of file diff --git a/docs/system/serial-console.rst b/docs/configuration/system/console.rst index 4a750ada..4a750ada 100644 --- a/docs/system/serial-console.rst +++ b/docs/configuration/system/console.rst diff --git a/docs/system/default-route.rst b/docs/configuration/system/default-route.rst index 27c74188..27c74188 100644 --- a/docs/system/default-route.rst +++ b/docs/configuration/system/default-route.rst diff --git a/docs/configuration/system/domain-name.rst b/docs/configuration/system/domain-name.rst new file mode 100644 index 00000000..9028b65b --- /dev/null +++ b/docs/configuration/system/domain-name.rst @@ -0,0 +1,2 @@ +domain-name +###########
\ No newline at end of file diff --git a/docs/configuration/system/domain-search.rst b/docs/configuration/system/domain-search.rst new file mode 100644 index 00000000..f4aef62e --- /dev/null +++ b/docs/configuration/system/domain-search.rst @@ -0,0 +1,2 @@ +domain-search +#############
\ No newline at end of file diff --git a/docs/system/eventhandler.rst b/docs/configuration/system/eventhandler.rst index a68b3924..a68b3924 100644 --- a/docs/system/eventhandler.rst +++ b/docs/configuration/system/eventhandler.rst diff --git a/docs/system/flow-accounting.rst b/docs/configuration/system/flow-accounting.rst index f09c1c9a..f09c1c9a 100644 --- a/docs/system/flow-accounting.rst +++ b/docs/configuration/system/flow-accounting.rst diff --git a/docs/system/host-information.rst b/docs/configuration/system/host-name.rst index 30efe01e..30efe01e 100644 --- a/docs/system/host-information.rst +++ b/docs/configuration/system/host-name.rst diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst new file mode 100644 index 00000000..4bb16c42 --- /dev/null +++ b/docs/configuration/system/index.rst @@ -0,0 +1,40 @@ +###### +System +###### + + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   acceleration +   config-management +   conntrack +   console +   domain-name +   domain-search +   flow-accounting +   host-name +   ip +   ipv6 +   lcd +   login +   name-server +   name-servers-dhcp +   ntp +   option +   proxy +   static-host-mapping +   sysctl +   syslog +   task-scheduler +   time-zone +   wifi-requlatory-domain + + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   default-route +   eventhandler diff --git a/docs/configuration/system/ip.rst b/docs/configuration/system/ip.rst new file mode 100644 index 00000000..74116eb0 --- /dev/null +++ b/docs/configuration/system/ip.rst @@ -0,0 +1,2 @@ +ip +##
\ No newline at end of file diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst new file mode 100644 index 00000000..19ed6d62 --- /dev/null +++ b/docs/configuration/system/ipv6.rst @@ -0,0 +1,2 @@ +ipv6 +####
\ No newline at end of file diff --git a/docs/system/lcd.rst b/docs/configuration/system/lcd.rst index 441becf5..808d45a2 100644 --- a/docs/system/lcd.rst +++ b/docs/configuration/system/lcd.rst @@ -41,5 +41,5 @@ Configuration     .. note:: We can't support all displays from the beginning. If your display        type is missing, please create a feature request via Phabricator_. -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/system/user-management.rst b/docs/configuration/system/login.rst index 6d89735f..6d89735f 100644 --- a/docs/system/user-management.rst +++ b/docs/configuration/system/login.rst diff --git a/docs/system/system-dns.rst b/docs/configuration/system/name-server.rst index 59cfdb5d..59cfdb5d 100644 --- a/docs/system/system-dns.rst +++ b/docs/configuration/system/name-server.rst diff --git a/docs/configuration/system/name-servers-dhcp.rst b/docs/configuration/system/name-servers-dhcp.rst new file mode 100644 index 00000000..6719fef9 --- /dev/null +++ b/docs/configuration/system/name-servers-dhcp.rst @@ -0,0 +1,2 @@ +name-servers-dhcp +#################
\ No newline at end of file diff --git a/docs/system/ntp.rst b/docs/configuration/system/ntp.rst index 223447f5..223447f5 100644 --- a/docs/system/ntp.rst +++ b/docs/configuration/system/ntp.rst diff --git a/docs/system/option.rst b/docs/configuration/system/option.rst index e7661492..e7661492 100644 --- a/docs/system/option.rst +++ b/docs/configuration/system/option.rst diff --git a/docs/system/proxy.rst b/docs/configuration/system/proxy.rst index 8e0339a7..8e0339a7 100644 --- a/docs/system/proxy.rst +++ b/docs/configuration/system/proxy.rst diff --git a/docs/configuration/system/static-host-mapping.rst b/docs/configuration/system/static-host-mapping.rst new file mode 100644 index 00000000..97d9a443 --- /dev/null +++ b/docs/configuration/system/static-host-mapping.rst @@ -0,0 +1,2 @@ +static-host-mapping +###################
\ No newline at end of file diff --git a/docs/configuration/system/sysctl.rst b/docs/configuration/system/sysctl.rst new file mode 100644 index 00000000..82ffd159 --- /dev/null +++ b/docs/configuration/system/sysctl.rst @@ -0,0 +1,2 @@ +sysctl +######
\ No newline at end of file diff --git a/docs/system/syslog.rst b/docs/configuration/system/syslog.rst index 3449c15b..3449c15b 100644 --- a/docs/system/syslog.rst +++ b/docs/configuration/system/syslog.rst diff --git a/docs/system/task-scheduler.rst b/docs/configuration/system/task-scheduler.rst index 382da39f..382da39f 100644 --- a/docs/system/task-scheduler.rst +++ b/docs/configuration/system/task-scheduler.rst diff --git a/docs/system/time-zone.rst b/docs/configuration/system/time-zone.rst index 025c4376..025c4376 100644 --- a/docs/system/time-zone.rst +++ b/docs/configuration/system/time-zone.rst diff --git a/docs/configuration/system/wifi-requlatory-domain.rst b/docs/configuration/system/wifi-requlatory-domain.rst new file mode 100644 index 00000000..2b6ce7d4 --- /dev/null +++ b/docs/configuration/system/wifi-requlatory-domain.rst @@ -0,0 +1,2 @@ +wifi-requlatory-domain +######################
\ No newline at end of file diff --git a/docs/qos.rst b/docs/configuration/trafficpolicy/index.rst index 6826b83c..babccd6f 100644 --- a/docs/qos.rst +++ b/docs/configuration/trafficpolicy/index.rst @@ -1,5 +1,10 @@  .. _qos: +############## +Traffic Policy +############## + +  ***  QoS  *** diff --git a/docs/vpn/dmvpn.rst b/docs/configuration/vpn/dmvpn.rst index 662165a9..62c0f002 100644 --- a/docs/vpn/dmvpn.rst +++ b/docs/configuration/vpn/dmvpn.rst @@ -26,7 +26,7 @@ peers.     complete solution also incorporates the use of a routing protocol. BGP is     particularly well suited for use with DMVPN. -.. figure:: ../_static/images/vpn_dmvpn_topology01.png +.. figure:: /_static/images/vpn_dmvpn_topology01.png     :scale: 40 %     :alt: Baseline DMVPN topology diff --git a/docs/configuration/vpn/index.rst b/docs/configuration/vpn/index.rst new file mode 100644 index 00000000..abaca198 --- /dev/null +++ b/docs/configuration/vpn/index.rst @@ -0,0 +1,26 @@ +### +VPN +### + + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   ipsec +   l2tp +   openconnect +   pptp +   rsa-keys +   sstp + + + +pages to sort + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   dmvpn +   site2site_ipsec
\ No newline at end of file diff --git a/docs/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst index 647f3753..647f3753 100644 --- a/docs/vpn/ipsec.rst +++ b/docs/configuration/vpn/ipsec.rst diff --git a/docs/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 0d8dde08..0d8dde08 100644 --- a/docs/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst diff --git a/docs/vpn/openconnect.rst b/docs/configuration/vpn/openconnect.rst index a409ed9d..a409ed9d 100644 --- a/docs/vpn/openconnect.rst +++ b/docs/configuration/vpn/openconnect.rst diff --git a/docs/vpn/pptp.rst b/docs/configuration/vpn/pptp.rst index 72b3feb0..72b3feb0 100644 --- a/docs/vpn/pptp.rst +++ b/docs/configuration/vpn/pptp.rst diff --git a/docs/configuration/vpn/rsa-keys.rst b/docs/configuration/vpn/rsa-keys.rst new file mode 100644 index 00000000..9f289d0d --- /dev/null +++ b/docs/configuration/vpn/rsa-keys.rst @@ -0,0 +1,4 @@ + +######## +RSA-Keys +########
\ No newline at end of file diff --git a/docs/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst index 08ccc648..97f27b43 100644 --- a/docs/vpn/site2site_ipsec.rst +++ b/docs/configuration/vpn/site2site_ipsec.rst @@ -218,7 +218,7 @@ IKEv2  Imagine the following topology -.. figure:: ../_static/images/vpn_s2s_ikev2.png +.. figure:: /_static/images/vpn_s2s_ikev2.png     :scale: 50 %     :alt: IPSec IKEv2 site2site VPN diff --git a/docs/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index e5567cb6..dbaa41c0 100644 --- a/docs/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -344,4 +344,4 @@ A connection attempt will be shown as:  .. _sstpc: https://github.com/reliablehosting/sstp-client -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/vrf.rst b/docs/configuration/vrf/index.rst index 75075be6..a47175f2 100644 --- a/docs/vrf.rst +++ b/docs/configuration/vrf/index.rst @@ -304,4 +304,4 @@ For VR Fmaintenance the followin operational commands are in place.     useful when the host specified is a hostname rather than an IP address. -.. include:: common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/configuration/zonepolicy/index.rst b/docs/configuration/zonepolicy/index.rst new file mode 100644 index 00000000..31784dc3 --- /dev/null +++ b/docs/configuration/zonepolicy/index.rst @@ -0,0 +1,8 @@ +########### +Zone Policy +########### + + +.. toctree:: +   :maxdepth: 1 +   :includehidden:
\ No newline at end of file diff --git a/docs/contributing/debugging.rst b/docs/contributing/debugging.rst index 40633535..a4c73d15 100644 --- a/docs/contributing/debugging.rst +++ b/docs/contributing/debugging.rst @@ -148,4 +148,4 @@ order of the scripts.  .. _vyatta-cfg: https://github.com/vyos/vyatta-cfg  .. _bootchart.conf: https://github.com/vyos/vyos-build/blob/current/data/live-build-config/includes.chroot/etc/systemd/bootchart.conf -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/contributing/development.rst b/docs/contributing/development.rst index 86371845..73b8b22e 100644 --- a/docs/contributing/development.rst +++ b/docs/contributing/development.rst @@ -711,4 +711,4 @@ http://dev.packages.vyos.net/repositories/.  .. _`VLAN (VIF)`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/vif.xml.i  .. _`MAC address`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/interface-mac.xml.i -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/contributing/documentation.rst b/docs/contributing/documentation.rst index e8d1dba5..1766d6ca 100644 --- a/docs/contributing/documentation.rst +++ b/docs/contributing/documentation.rst @@ -1,7 +1,8 @@  .. _documentation: +#############  Documentation -============= +#############  As most software projects we also have a lack in documentation. We encourage  every VyOS user to help us improve our documentation. This will not only be @@ -15,7 +16,7 @@ guide how to do so.     documentation.  Forking Workflow ----------------- +================  The Forking Workflow is fundamentally different than other popular Git  workflows. Instead of using a single server-side repository to act as the @@ -102,17 +103,20 @@ access to the official codebase.    push origin master``  Style Guide ------------ +=========== -Sections -^^^^^^^^ +Formating and Sphinxmarkup +-------------------------- + +TOC Level +^^^^^^^^^^  We use the following syntax for Headlines.  .. code-block:: none    ##### -  Parts +  Title    #####    ******** @@ -159,16 +163,17 @@ render the documentation.  cfgcmd  """""" -When documenting CLI commands use the ``.. cfgcmd::`` directive for all -configuration mode commands. An explanation of the described command should be -added below this statement. +When documenting CLI commands use the ``.. cfgcmd::`` directive +for all configuration mode commands. An explanation of the described command +should be added below this statement. +Replace all variable contents with <value> or somthing similar.  With those custom commands it will be possible to render them in a more  descriptive way in the resulting HTML/PDF manual.  .. code-block:: none -  .. cfgcmd:: set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa +  .. cfgcmd:: protocols static arp <ipaddress> hwaddr <macaddress>       This will configure a static ARP entry always resolving `192.0.2.100` to       `00:53:27:de:23:aa`. @@ -250,10 +255,67 @@ URL. This is heavily used in the :ref:`release-notes` section.    * :vytask:`T1605` Fixed regression in L2TP/IPsec server    * :vytask:`T1613` Netflow/sFlow captures IPv6 traffic correctly +Page content +------------ + +The documentation have 3 different types of pages, the same kind of pages must  +have the same structure to achieve a recognition factor. + +All RST files must follow the same TOC Level syntax and have to start with + +.. code-block:: + +   ##### +   Titel +   ##### + +Configuration mode pages +^^^^^^^^^^^^^^^^^^^^^^^^ + +A configuration mode folder and article covers a specific level of a command. +The exact level depends on the command. This should provide stability for URLs +used in the forum or blogpost. + +For example: + +  * ``set zone-policy`` is written in ``zone-policy/index.rst`` +  * ``set interfaces ethernet`` is written in ``interfaces/ethernet.rst`` + +The article starts with a short intruducing about the command or the technologie. +Please include some helpfull links or background informations. + +After this a optional section follows. Some commands have requirements like the +compatible hardware (e.g. Wifi) or some commands you have to set before. For +example it is recommended to set a route-map before configure bgp. + +In the configuration part of the page all possible confiuration options +should be documented. Use ``.. cfgcmd::`` like described above. + +Related Operation command must be documented in the next part of the article. +Use ``::opcmd..`` for these commands. + +If there some troubleshooting guides releated to the commands. Explain it in the +next optional part. + +Operation mode pages +^^^^^^^^^^^^^^^^^^^^ + +Operation mode commands, which didn't fit in a related configuraton mode command +must documented in this part of the documentation. + +General concepts for troubleshooting belong here as well as detailed process +descriptions. + +Anything else +^^^^^^^^^^^^^ + +Anything else what is not a configuration or a operation command have no +predefined structure. +  .. _Sphinx-doc: https://www.sphinx-doc.org  .. _reStructuredText: http://www.sphinx-doc.org/en/master/usage/restructuredtext/index.html  .. _reStructuredTextDirectives: https://docutils.sourceforge.io/docs/ref/rst/directives.html  .. _README.md: https://github.com/vyos/vyos-documentation/blob/master/README.md -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/contributing/index.rst b/docs/contributing/index.rst new file mode 100644 index 00000000..c3bb2688 --- /dev/null +++ b/docs/contributing/index.rst @@ -0,0 +1,13 @@ +############ +Contributing +############ + +.. toctree:: +   :maxdepth: 2 + +   build-vyos +   debugging +   development +   documentation +   issues-features +   upstream-packages
\ No newline at end of file diff --git a/docs/contributing/issues-features.rst b/docs/contributing/issues-features.rst index 60e49974..9b6602f9 100644 --- a/docs/contributing/issues-features.rst +++ b/docs/contributing/issues-features.rst @@ -77,4 +77,4 @@ the left side under the specific project.  .. _Slack: https://slack.vyos.io  .. _Forum: https://forum.vyos.io -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/copyright.rst b/docs/copyright.rst new file mode 100644 index 00000000..beebc2a2 --- /dev/null +++ b/docs/copyright.rst @@ -0,0 +1,19 @@ +################ +Copyright Notice +################ + +Copyright (C) 2018-2020 VyOS maintainers and contributors + +Permission is granted to make and distribute verbatim copies of this manual +provided the copyright notice and this permission notice are preserved on all +copies. + +Permission is granted to copy and distribute modified versions of this manual +under the conditions for verbatim copying, provided that the entire resulting +derived work is distributed under the terms of a permission notice identical +to this one. + +Permission is granted to copy and distribute translations of this manual into +another language, under the above conditions for modified versions, except that +this permission notice may be stated in a translation approved by the VyOS +maintainers.
\ No newline at end of file diff --git a/docs/coverage.rst b/docs/coverage.rst new file mode 100644 index 00000000..01d51e90 --- /dev/null +++ b/docs/coverage.rst @@ -0,0 +1,41 @@ +######## +Coverage +######## + +Overview over all commands, which are documented in the ``.. cfgcmd::`` or ``.. opcmd::`` Directives. + +| The build process take all xml definition files from `vyos-1x <https://github.com/vyos/vyos-1x>`_  and extract each leaf command or executable command. +| After this the commands are compare and shown in the follwoing two tables. +| The script compare only the fixed part of a command. All varables or values will be erase and then compare: + +for example there are these two commands: + +  * documentation: ``interfaces ethernet <interface> address <address | dhcp | dhcpv6>``` +  * xml: ``interface ethernet <ethernet> address <address>`` + +Now the script earse all in between ``<`` and ``>`` and simply compare the strings. + +**There are 2 kind of problems:**    + +| ``Not documented yet`` +| A XML command are not found in ``.. cfgcmd::`` or ``.. opcmd::`` Commands +| The command should be documented + +| ``Nothing found in XML Definitions``:  +| ``.. cfgcmd::`` or ``.. opcmd::`` Command are not found in a XML command +| Maybe the command where changed in the XML Definition, or the feature is not anymore in VyOS +| Some commands are not yet translated to XML + + +Configuration Commands +====================== + +.. cfgcmdlist:: +    :show-coverage: + + +Operational Commands +==================== + +.. opcmdlist:: +    :show-coverage:
\ No newline at end of file diff --git a/docs/index.rst b/docs/index.rst index ab9d3f66..5d8bfd55 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -4,104 +4,47 @@  VyOS User Guide  ############### -  .. toctree:: -   :caption: Introduction -   :name: intro     :maxdepth: 2 +   :hidden: +   :caption: FIND CAPTION NAME -   about -   history -   install -   cli -   quick-start +   introducing/about +   introducing/history +   changelog/index  .. toctree:: -   :caption: Basic Configuration -   :name: basics     :maxdepth: 2 +   :hidden: +   :includehidden: +   :caption: first steps -   configuration-overview -   interfaces/basic-index -   system/basic-index -   image-mgmt - - +   installation/index +   quick-start +   cli +     .. toctree:: -   :caption: Advanced Configuration -   :name: advanced     :maxdepth: 2 +   :hidden: +   :includehidden: +   :caption: Adminguide -   interfaces/advanced-index -   system/advanced-index -   services/index -   firewall -   routing/index -   vrf -   nat -   nptv6 -   qos -   high-availability -   vpn/index -   load-balancing -   command-list-configuration - - -.. toctree:: -   :caption: System Operation -   :name: system-operation -   :maxdepth: 2 -   information -   troubleshooting -   command-list-operation +   configuration/index +   operation/index +   automation/index +   troubleshooting/index +   configexamples/index  .. toctree:: -   :caption: Appendix -   :name: appendix     :maxdepth: 2 - -   appendix/release-notes -   appendix/examples/index -   appendix/vyos-on-baremetal -   appendix/virtual/index -   appendix/vyos-on-clouds -   appendix/migrate-from-vyatta -   appendix/command-scripting -   appendix/http-api - - -.. toctree:: +   :hidden: +   :includehidden:     :caption: Contributing -   :name: contributing -   :maxdepth: 2 - -   contributing/build-vyos -   contributing/upstream-packages -   contributing/issues-features -   contributing/development -   contributing/debugging -   contributing/documentation - - -################ -Copyright Notice -################ - -Copyright (C) 2018-2020 VyOS maintainers and contributors - -Permission is granted to make and distribute verbatim copies of this manual -provided the copyright notice and this permission notice are preserved on all -copies. -Permission is granted to copy and distribute modified versions of this manual -under the conditions for verbatim copying, provided that the entire resulting -derived work is distributed under the terms of a permission notice identical -to this one. -Permission is granted to copy and distribute translations of this manual into -another language, under the above conditions for modified versions, except that -this permission notice may be stated in a translation approved by the VyOS -maintainers. +   contributing/index +   coverage +   copyright diff --git a/docs/installation/cloud/aws.rst b/docs/installation/cloud/aws.rst new file mode 100644 index 00000000..33684bb0 --- /dev/null +++ b/docs/installation/cloud/aws.rst @@ -0,0 +1,54 @@ +########## +Amazon AWS +########## + +Deploy VM +--------- + +Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)` + +1. Click to ``Instances`` and ``Launch Instance`` + +.. figure:: /_static/images/cloud-aws-01.png + +2. On the marketplace search "VyOS" + +.. figure:: /_static/images/cloud-aws-02.png + +3. Choose the instance type. Minimum recommendation start from ``m3.medium`` + +.. figure:: /_static/images/cloud-aws-03.png + +4. Configure instance for your requirements. Select number of instances / network / subnet + +.. figure:: /_static/images/cloud-aws-04.png + +5. Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skeep this step. + +.. figure:: /_static/images/cloud-aws-05.png + +6. Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default). + +.. figure:: /_static/images/cloud-aws-06.png + +7. Select SSH key pair and click ``Launch Instances`` + +.. figure:: /_static/images/cloud-aws-07.png + +8. Find out your public IP address. + +.. figure:: /_static/images/cloud-aws-08.png + +9. Connect to the instance by SSH key. + +  .. code-block:: none + +    ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3 +    vyos@ip-192-0-2-10:~$ + + + + +References +---------- +https://console.aws.amazon.com/
\ No newline at end of file diff --git a/docs/installation/cloud/azure.rst b/docs/installation/cloud/azure.rst new file mode 100644 index 00000000..39206f3b --- /dev/null +++ b/docs/installation/cloud/azure.rst @@ -0,0 +1,53 @@ +##### +Azure +##### + +Deploy VM +--------- + +Deploy VyOS on Azure. + +1. Go to the Azure services and Click to **Add new Virtual machine** + +2. Choose vm name, resource group, region and click **Browse all public and private images** + +.. figure:: /_static/images/cloud-azure-01.png + +3. On the marketplace search ``VyOS`` + +.. figure:: /_static/images/cloud-azure-02.png + +4. Generate new SSH key pair or use existing. + +.. figure:: /_static/images/cloud-azure-03.png + +5. Define network, subnet, Public IP. Or it will be created by default. + +.. figure:: /_static/images/cloud-azure-04.png + +6. Click ``Review + create``. After fiew second your deployment will be complete + +.. figure:: /_static/images/cloud-azure-05.png + +7. Click to your new vm and find out your Public IP address. + +.. figure:: /_static/images/cloud-azure-06.png + +8. Connect to the instance by SSH key. + +  .. code-block:: none + +    ssh -i ~/.ssh/vyos_azure vyos@203.0.113.3 +    vyos@vyos-doc-r1:~$ + +Add interface +------------- + +If instance was deployed with one **eth0** ``WAN`` interface and want to add new one. +To add new interface an example **eth1** ``LAN`` you need shutdown the instance. Attach the interface in the Azure portal and then start the instance. + +.. NOTE:: Azure does not allow you attach interface when the instance in the **Running** state. + +References +---------- +https://azure.microsoft.com diff --git a/docs/installation/cloud/gcp.rst b/docs/installation/cloud/gcp.rst new file mode 100644 index 00000000..66e75704 --- /dev/null +++ b/docs/installation/cloud/gcp.rst @@ -0,0 +1,55 @@ +##################### +Google Cloud Platform +##################### + +Deploy VM +--------- + +To deploy VyOS on GCP (Google Cloud Platform) + +1. Generate SSH key pair type **ssh-rsa** from the host that will connect to VyOS. + +  Example: + +  .. code-block:: none + +    ssh-keygen -t rsa -f ~/.ssh/vyos_gcp -C "vyos@mypc" + + +.. NOTE:: In name "vyos@mypc" The first value must be "**vyos**". Because default user is vyos and google api uses this option. + + +2. Open GCP console and navigate to the menu **Metadata**. Choose **SSH Keys** and click ``edit``. + +.. figure:: /_static/images/cloud-gcp-01.png + + +Click **Add item** and paste your public ssh key. Click ``Save``. + +.. figure:: /_static/images/cloud-gcp-02.png + + +2. On marketplace search "VyOS" + +3. Change Deployment name/Zone/Machine type and click ``Deploy`` + +.. figure:: /_static/images/cloud-gcp-03.png + +4. After fiew seconds click to ``instance`` + +.. figure:: /_static/images/cloud-gcp-04.png + +5. Find out your external IP address + +.. figure:: /_static/images/cloud-gcp-05.png + +6. Connect to the instance. SSH key was generated in the first step. + +  .. code-block:: none + +    ssh -i ~/.ssh/vyos_gcp vyos@203.0.113.3 +    vyos@vyos-r1-vm:~$ + +References +---------- +https://console.cloud.google.com/
\ No newline at end of file diff --git a/docs/installation/cloud/index.rst b/docs/installation/cloud/index.rst new file mode 100644 index 00000000..5236f092 --- /dev/null +++ b/docs/installation/cloud/index.rst @@ -0,0 +1,13 @@ +################################## +Running VyOS in Cloud Environments +################################## + + + +.. toctree:: +   :caption: Content + +   aws +   azure +   gcp +   oracel
\ No newline at end of file diff --git a/docs/installation/cloud/oracel.rst b/docs/installation/cloud/oracel.rst new file mode 100644 index 00000000..72c40127 --- /dev/null +++ b/docs/installation/cloud/oracel.rst @@ -0,0 +1,8 @@ +###### +Oracle +###### + + +References +---------- +https://www.oracle.com/cloud/
\ No newline at end of file diff --git a/docs/image-mgmt.rst b/docs/installation/image.rst index 143d02b2..074a0245 100644 --- a/docs/image-mgmt.rst +++ b/docs/installation/image.rst @@ -90,85 +90,7 @@ configured to be the default.        Copyright:        VyOS maintainers and contributors -.. _update_vyos: -Update VyOS -=========== - -New system images can be added using the :opcmd:`add system image` -command. The command will extract the chosen image and will prompt you -to use the current system configuration and SSH security keys, allowing -for the new image to boot using the current configuration. - -.. note:: Only LTS releases are PGP-signed. - -.. opcmd:: add system image <url | path> [vrf name] [username user [password pass]] - -   Use this command to install a new system image. You can reach the -   image from the web (http://, https://) or from your local system, -   e.g.  /tmp/vyos-1.2.3-amd64.iso. - -   The `add system image` command also supports installing new versions -   of VyOS through an optional given VRF. Also if URL in question requires -   authentication, you can specify an optional username and password via -   the commandline which will be passed as "Basic-Auth" to the server. - -If there is not enough **free disk space available**, the installation -will be canceled. To delete images use the :opcmd:`delete system image` -command. - -VyOS configuration is associated to each image, and **each image has a -unique copy of its configuration**. This is different than a traditional -network router where the configuration is shared across all images. - -.. note:: If you have any personal files, like some scripts you created, -   and you don't want them to be lost during the upgrade, make sure -   those files are stored in ``/config`` as this directory is always copied -   to newer installed images. - -You can access files from a previous installation and copy them to your -current image if they were located in the ``/config`` directory. This -can be done using the :opcmd:`copy` command. So, for instance, in order -to copy ``/config/config.boot`` from VyOS 1.2.1 image, you would use the -following command: - -.. code:: - -   copy file 1.2.1://config/config.boot to /tmp/config.boot.1.2.1 - - -Example -""""""" - -.. code-block:: none - -     vyos@vyos:~$ add system image https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso -     Trying to fetch ISO file from https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso -       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current -                                      Dload  Upload   Total   Spent    Left  Speed -     100  338M  100  338M    0     0  3837k      0  0:01:30  0:01:30 --:--:-- 3929k -     ISO download succeeded. -     Checking for digital signature file... -       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current -                                      Dload  Upload   Total   Spent    Left  Speed -       0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0 -     curl: (22) The requested URL returned error: 404 Not Found - -     Unable to fetch digital signature file. -     Do you want to continue without signature check? (yes/no) [yes] -     Checking MD5 checksums of files on the ISO image...OK. -     Done! - -     What would you like to name this image? [vyos-1.3-rolling-201912201452]: - -     OK.  This image will be named: vyos-1.3-rolling-201912201452 - - -.. hint:: | The most up-do-date Rolling Release for AMD64 can be accessed using the following URL: -   | https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso - -After reboot you might want to verify the version you are running with -the :opcmd:`show version` command.  System rollback diff --git a/docs/installation/index.rst b/docs/installation/index.rst new file mode 100644 index 00000000..e5a2a6fd --- /dev/null +++ b/docs/installation/index.rst @@ -0,0 +1,19 @@ +################################# +Installation and Image Management +################################# + + + +.. toctree:: +   :maxdepth: 2 +   :caption: Content + +   install +   iso +   virtual/index +   cloud/index +   vyos-on-baremetal +   update +   image +   migrate-from-vyatta +   
\ No newline at end of file diff --git a/docs/install.rst b/docs/installation/install.rst index 11d0fc88..11d0fc88 100644 --- a/docs/install.rst +++ b/docs/installation/install.rst diff --git a/docs/installation/iso.rst b/docs/installation/iso.rst new file mode 100644 index 00000000..f48ad91c --- /dev/null +++ b/docs/installation/iso.rst @@ -0,0 +1,2 @@ +iso +###
\ No newline at end of file diff --git a/docs/appendix/migrate-from-vyatta.rst b/docs/installation/migrate-from-vyatta.rst index f15c3d5a..f15c3d5a 100644 --- a/docs/appendix/migrate-from-vyatta.rst +++ b/docs/installation/migrate-from-vyatta.rst diff --git a/docs/installation/update.rst b/docs/installation/update.rst new file mode 100644 index 00000000..a3a887f0 --- /dev/null +++ b/docs/installation/update.rst @@ -0,0 +1,79 @@ +.. _update_vyos: + +Update VyOS +=========== + +New system images can be added using the :opcmd:`add system image` +command. The command will extract the chosen image and will prompt you +to use the current system configuration and SSH security keys, allowing +for the new image to boot using the current configuration. + +.. note:: Only LTS releases are PGP-signed. + +.. opcmd:: add system image <url | path> [vrf name] [username user [password pass]] + +   Use this command to install a new system image. You can reach the +   image from the web (http://, https://) or from your local system, +   e.g.  /tmp/vyos-1.2.3-amd64.iso. + +   The `add system image` command also supports installing new versions +   of VyOS through an optional given VRF. Also if URL in question requires +   authentication, you can specify an optional username and password via +   the commandline which will be passed as "Basic-Auth" to the server. + +If there is not enough **free disk space available**, the installation +will be canceled. To delete images use the :opcmd:`delete system image` +command. + +VyOS configuration is associated to each image, and **each image has a +unique copy of its configuration**. This is different than a traditional +network router where the configuration is shared across all images. + +.. note:: If you have any personal files, like some scripts you created, +   and you don't want them to be lost during the upgrade, make sure +   those files are stored in ``/config`` as this directory is always copied +   to newer installed images. + +You can access files from a previous installation and copy them to your +current image if they were located in the ``/config`` directory. This +can be done using the :opcmd:`copy` command. So, for instance, in order +to copy ``/config/config.boot`` from VyOS 1.2.1 image, you would use the +following command: + +.. code:: + +   copy file 1.2.1://config/config.boot to /tmp/config.boot.1.2.1 + + +Example +""""""" + +.. code-block:: none + +     vyos@vyos:~$ add system image https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso +     Trying to fetch ISO file from https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso +       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current +                                      Dload  Upload   Total   Spent    Left  Speed +     100  338M  100  338M    0     0  3837k      0  0:01:30  0:01:30 --:--:-- 3929k +     ISO download succeeded. +     Checking for digital signature file... +       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current +                                      Dload  Upload   Total   Spent    Left  Speed +       0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0 +     curl: (22) The requested URL returned error: 404 Not Found + +     Unable to fetch digital signature file. +     Do you want to continue without signature check? (yes/no) [yes] +     Checking MD5 checksums of files on the ISO image...OK. +     Done! + +     What would you like to name this image? [vyos-1.3-rolling-201912201452]: + +     OK.  This image will be named: vyos-1.3-rolling-201912201452 + + +.. hint:: | The most up-do-date Rolling Release for AMD64 can be accessed using the following URL: +   | https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso + +After reboot you might want to verify the version you are running with +the :opcmd:`show version` command.
\ No newline at end of file diff --git a/docs/installation/virtual/eve-ng.rst b/docs/installation/virtual/eve-ng.rst new file mode 100644 index 00000000..d5134838 --- /dev/null +++ b/docs/installation/virtual/eve-ng.rst @@ -0,0 +1,8 @@ +###### +EVE-NG +###### + +References +========== + +https://www.eve-ng.net/
\ No newline at end of file diff --git a/docs/appendix/virtual/vyos-on-gns3.rst b/docs/installation/virtual/gns3.rst index 93ea9ae2..93ea9ae2 100644 --- a/docs/appendix/virtual/vyos-on-gns3.rst +++ b/docs/installation/virtual/gns3.rst diff --git a/docs/installation/virtual/index.rst b/docs/installation/virtual/index.rst new file mode 100644 index 00000000..808439c7 --- /dev/null +++ b/docs/installation/virtual/index.rst @@ -0,0 +1,12 @@ +#################################### +Running VyOS in Virtual Environments +#################################### + +.. toctree:: +   :caption: Content + +   libvirt +   proxmox +   vmware +   gns3 +   eve-ng
\ No newline at end of file diff --git a/docs/appendix/virtual/libvirt.rst b/docs/installation/virtual/libvirt.rst index 0d624b94..0d624b94 100644 --- a/docs/appendix/virtual/libvirt.rst +++ b/docs/installation/virtual/libvirt.rst diff --git a/docs/installation/virtual/proxmox.rst b/docs/installation/virtual/proxmox.rst new file mode 100644 index 00000000..3ee9d70a --- /dev/null +++ b/docs/installation/virtual/proxmox.rst @@ -0,0 +1,8 @@ +####### +Proxmox +####### + +References +========== + +https://www.proxmox.com/en/proxmox-ve
\ No newline at end of file diff --git a/docs/appendix/virtual/vyos-on-vmware.rst b/docs/installation/virtual/vmware.rst index c4299cbf..c4299cbf 100644 --- a/docs/appendix/virtual/vyos-on-vmware.rst +++ b/docs/installation/virtual/vmware.rst diff --git a/docs/appendix/vyos-on-baremetal.rst b/docs/installation/vyos-on-baremetal.rst index db618431..db618431 100644 --- a/docs/appendix/vyos-on-baremetal.rst +++ b/docs/installation/vyos-on-baremetal.rst diff --git a/docs/interfaces/basic-index.rst b/docs/interfaces/basic-index.rst deleted file mode 100644 index 425792a2..00000000 --- a/docs/interfaces/basic-index.rst +++ /dev/null @@ -1,12 +0,0 @@ -.. _basic_network-interfaces: - -######################## -Basic Network Interfaces -######################## - -.. toctree:: -   :maxdepth: 1 - -   ethernet -   loopback -   pppoe diff --git a/docs/about.rst b/docs/introducing/about.rst index 383c95eb..0411344b 100644 --- a/docs/about.rst +++ b/docs/introducing/about.rst @@ -8,7 +8,7 @@ VyOS is an open source network operating system based on Debian GNU/Linux.  VyOS provides a free routing platform that competes directly with other  commercially available solutions from well known network providers. Because -VyOS is run on standard amd64, i586 and ARM systems, it can be used +VyOS is run on standard amd64, i586 and ARM systems, it is able to be used  as a router and firewall platform for cloud deployments.  We use multiple live versions of our manual hosted thankfully by @@ -16,7 +16,7 @@ https://readthedocs.org. We will provide one version of the manual for every  VyOS major version starting with VyOS 1.2 which will receive Long-term support  (LTS). -The manual version is selected/specified by its Git branch name. You can +The manual version is selected/specified by it's Git branch name. You can  switch between versions of the documentation by selecting the appropriate  branch on the bottom left corner. diff --git a/docs/history.rst b/docs/introducing/history.rst index 9a13e2b3..9a13e2b3 100644 --- a/docs/history.rst +++ b/docs/introducing/history.rst diff --git a/docs/system/boot-options.rst b/docs/operation/boot-options.rst index d054748f..d054748f 100644 --- a/docs/system/boot-options.rst +++ b/docs/operation/boot-options.rst diff --git a/docs/operation/index.rst b/docs/operation/index.rst new file mode 100644 index 00000000..647b5b25 --- /dev/null +++ b/docs/operation/index.rst @@ -0,0 +1,11 @@ +############## +Operation Mode +############## + +.. toctree:: +   :maxdepth: 1 +   :includehidden: + +   information +   ip-commands +   boot-options
\ No newline at end of file diff --git a/docs/information.rst b/docs/operation/information.rst index 02d6f1ec..02d6f1ec 100644 --- a/docs/information.rst +++ b/docs/operation/information.rst diff --git a/docs/routing/ip-commands.rst b/docs/operation/ip-commands.rst index eba4fd90..eba4fd90 100644 --- a/docs/routing/ip-commands.rst +++ b/docs/operation/ip-commands.rst diff --git a/docs/routing/arp.rst b/docs/routing/arp.rst deleted file mode 100644 index 5f3115ab..00000000 --- a/docs/routing/arp.rst +++ /dev/null @@ -1,59 +0,0 @@ -.. _routing-arp: - -### -ARP -### - -:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for -discovering the link layer address, such as a MAC address, associated with a -given internet layer address, typically an IPv4 address. This mapping is a -critical function in the Internet protocol suite. ARP was defined in 1982 by -:rfc:`826` which is Internet Standard STD 37. - -In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is -provided by the Neighbor Discovery Protocol (NDP). - -To manipulate or display ARP_ table entries, the following commands are -implemented. - -Configure -========= - -.. cfgcmd:: set protocols static arp <address> hwaddr <mac> - -   This will configure a static ARP entry always resolving `<address>` to -   `<mac>`. - -   Example: - -   .. code-block:: none - -     set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa - -Operation -========= - -.. opcmd:: show protocols static arp - -   Display all known ARP table entries spanning across all interfaces - -.. code-block:: none - -  vyos@vyos:~$ show protocols static arp -  Address                  HWtype  HWaddress           Flags Mask     Iface -  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1 -  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1 - - -.. opcmd:: show protocols static arp interface eth1 - -   Display all known ARP table entries on a given interface only (`eth1`): - -.. code-block:: none - -  vyos@vyos:~$ show protocols static arp interface eth1 -  Address                  HWtype  HWaddress           Flags Mask     Iface -  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1 -  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1 - -.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol diff --git a/docs/routing/index.rst b/docs/routing/index.rst deleted file mode 100644 index 9220cd29..00000000 --- a/docs/routing/index.rst +++ /dev/null @@ -1,23 +0,0 @@ -.. _routing: - -####### -Routing -####### - -.. toctree:: -   :maxdepth: 1 - -   arp -   bfd -   bgp -   mpls -   mss-clamp -   multicast -   ip-commands -   isis -   ospf -   pbr -   rip -   policy -   rpki -   static diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst deleted file mode 100644 index 3fdd1153..00000000 --- a/docs/routing/mss-clamp.rst +++ /dev/null @@ -1,63 +0,0 @@ -.. _routing-mss-clamp: - -################ -TCP-MSS Clamping -################ - -As Internet wide PMTU discovery rarely works, we sometimes need to clamp -our TCP MSS value to a specific value. This is a field in the TCP -Options part of a SYN packet. By setting the MSS value, you are telling -the remote side unequivocally 'do not try to send me packets bigger than -this value'. - -Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS -value for IPv4 and IPv6. - - -.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting -   in 1452 bytes on a 1492 byte MTU. - - -IPv4 -==== - -.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes> - -   Use this command to set the maximum segment size for IPv4 transit -   packets on a specific interface (500-1460 bytes). - -Example -------- - -Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and -`1372` -for your WireGuard `wg02` tunnel. - -.. code-block:: none - -  set firewall options interface pppoe0 adjust-mss '1452' -  set firewall options interface wg02 adjust-mss '1372' - -IPv6 -==== - -.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes> - -   Use this command to set the maximum segment size for IPv6 transit -   packets on a specific interface (1280-1492 bytes). - -Example -------- - -Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and -`wg02` interface. - -.. code-block:: none - -  set firewall options interface pppoe0 adjust-mss6 '1280' -  set firewall options interface wg02 adjust-mss6 '1280' - - - -.. hint:: When doing your byte calculations, you might find useful this -   `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_. diff --git a/docs/routing/policy.rst b/docs/routing/policy.rst deleted file mode 100644 index 4eeb40d6..00000000 --- a/docs/routing/policy.rst +++ /dev/null @@ -1,65 +0,0 @@ -.. include:: ../_include/need_improvement.txt - -###### -Policy -###### - -Routing Policies could be used to tell the router (self or neighbors) what -routes and their attributes needs to be put into the routing table. - -There could be a wide range of routing policies. Some examples are below: - -* Set some metric to routes learned from a particular neighbor -* Set some attributes (like AS PATH or Community value) to advertised routes to neighbors -* Prefer a specific routing protocol routes over another routing protocol running on the same router - -Example -======= - -**Policy definition:** - -.. code-block:: none - -  # Create policy -  set policy route-map setmet rule 2 action 'permit' -  set policy route-map setmet rule 2 set as-path-prepend '2 2 2' - -  # Apply policy to BGP -  set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' -  set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' - -Using 'soft-reconfiguration' we get the policy update without bouncing the -neighbor. - -**Routes learned before routing policy applied:** - -.. code-block:: none - -  vyos@vos1:~$ show ip bgp -  BGP table version is 0, local router ID is 192.168.56.101 -  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, -                r RIB-failure, S Stale, R Removed -  Origin codes: i - IGP, e - EGP, ? - incomplete - -     Network          Next Hop            Metric LocPrf Weight Path -  *> 198.51.100.3/32   203.0.113.2           1             0 2 i  < Path - -  Total number of prefixes 1 - -**Routes learned after routing policy applied:** - -.. code-block:: none - -  vyos@vos1:~$ sho ip b -  BGP table version is 0, local router ID is 192.168.56.101 -  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, -                r RIB-failure, S Stale, R Removed -  Origin codes: i - IGP, e - EGP, ? - incomplete - -     Network          Next Hop            Metric LocPrf Weight Path -  *> 198.51.100.3/32   203.0.113.2           1             0 2 2 2 2 i - -  Total number of prefixes 1 -  vyos@vos1:~$ - -You now see the longer AS path. diff --git a/docs/services/dynamic-dns.rst b/docs/services/dynamic-dns.rst deleted file mode 100644 index 3d802d29..00000000 --- a/docs/services/dynamic-dns.rst +++ /dev/null @@ -1,164 +0,0 @@ -.. _dynamic-dns: - -########### -Dynamic DNS -########### - -VyOS is able to update a remote DNS record when an interface gets a new IP -address. In order to do so, VyOS includes ddclient_, a Perl script written for -this only one purpose. - -ddclient_ uses two methods to update a DNS record. The first one will send -updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second -one involves a third party service, like DynDNS.com or any other similar -website. This method uses HTTP requests to transmit the new IP address. You -can configure both in VyOS. - -Configuration -============= - -:rfc:`2136` Based ------------------ - -.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> - -   Create new :rfc:`2136` DNS update configuration which will update the IP -   address assigned to `<interface>` on the service you configured under -   `<service-name>`. - -.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> key <keyfile> - -   File identified by `<keyfile>` containing the secret RNDC key shared with -   remote DNS server. - -.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> server <server> - -   Configure the DNS `<server>` IP/FQDN used when updating this dynamic -   assignment. - -.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> zone <zone> - -   Configure DNS `<zone>` to be updated. - -.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> record <record> - -   Configure DNS `<record>` which should be updated. This can be set multiple -   times. - -.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> ttl <ttl> - -   Configure optional TTL value on the given resource record. This defualts to -   600 seconds. - -Example -^^^^^^^ - -* Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io`` -* Use auth key file at ``/config/auth/my.key`` -* Set TTL to 300 seconds - -.. code-block:: none - -  vyos@vyos# show service dns dynamic -   interface eth0.7 { -       rfc2136 VyOS-DNS { -           key /config/auth/my.key -           record example.vyos.io -           server ns1.vyos.io -           ttl 300 -           zone vyos.io -       } -   } - -This will render the following ddclient_ configuration entry: - -.. code-block:: none - -  # -  # ddclient configuration for interface "eth0.7": -  # -  use=if, if=eth0.7 - -  # RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io -  server=ns1.vyos.io -  protocol=nsupdate -  password=/config/auth/my.key -  ttl=300 -  zone=vyos.io -  example.vyos.io - -.. note:: You can also keep different DNS zone updated. Just create a new -   config node: ``set service dns dynamic interface <interface> rfc2136 -   <other-service-name>`` - -HTTP based services -------------------- - -VyOS is also able to use any service relying on protocols supported by ddclient. - -To use such a service, one must define a login, password, one or multiple -hostnames, protocol and server. - -.. cfgcmd:: set service dns dynamic interface <interface> service <service> host-name <hostname> - -   Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS -   provider identified by `<service>` when the IP address on interface -   `<interface>` changes. - -.. cfgcmd:: set service dns dynamic interface <interface> service <service> login <username> - -   Configure `<username>` used when authenticating the update request for -   DynDNS service identified by `<service>`. -   For Namecheap, set the <domain> you wish to update. - -.. cfgcmd:: set service dns dynamic interface <interface> service <service> password <password> - -   Configure `<password>` used when authenticating the update request for -   DynDNS service identified by `<service>`. - -.. cfgcmd:: set service dns dynamic interface <interface> service <service> protocol <protocol> - -   When a ``custom`` DynDNS provider is used the protocol used for communicating -   to the provider must be specified under `<protocol>`. See the embedded -   completion helper for available protocols. - -.. cfgcmd:: set service dns dynamic interface <interface> service <service> server <server> - -   When a ``custom`` DynDNS provider is used the `<server>` where update -   requests are being sent to must be specified. - -Example: -^^^^^^^^ - -Use DynDNS as your preferred provider: - -.. code-block:: none - -  set service dns dynamic interface eth0 service dyndns -  set service dns dynamic interface eth0 service dyndns login my-login -  set service dns dynamic interface eth0 service dyndns password my-password -  set service dns dynamic interface eth0 service dyndns host-name my-dyndns-hostname - -.. note:: Multiple services can be used per interface. Just specify as many -   serives per interface as you like! - -Running Behind NAT ------------------- - -By default, ddclient_ will update a dynamic dns record using the IP address -directly attached to the interface. If your VyOS instance is behind NAT, your -record will be updated to point to your internal IP. - -ddclient_ has another way to determine the WAN IP address. This is controlled -by: - -.. cfgcmd:: set service dns dynamic interface <interface> use-web url <url> - -   Use configured `<url>` to determine your IP address. ddclient_ will load -   `<url>` and tries to extract your IP address from the response. - -.. cfgcmd:: set service dns dynamic interface <interface> use-web skip <pattern> - -   ddclient_ will skip any address located before the string set in `<pattern>`. - -.. _ddclient: https://github.com/ddclient/ddclient diff --git a/docs/services/index.rst b/docs/services/index.rst deleted file mode 100644 index 76520b52..00000000 --- a/docs/services/index.rst +++ /dev/null @@ -1,26 +0,0 @@ -.. _services: - -######## -Services -######## - -This chapter describes the available system/network services provided by VyOS. - -.. toctree:: -   :maxdepth: 1 - -   conntrack -   console-server -   dhcp -   dns-forwarding -   dynamic-dns -   lldp -   mdns-repeater -   ipoe-server -   pppoe-server -   udp-broadcast-relay -   router-advert -   snmp -   ssh -   tftp -   webproxy diff --git a/docs/system/advanced-index.rst b/docs/system/advanced-index.rst deleted file mode 100644 index 8e855789..00000000 --- a/docs/system/advanced-index.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. _advanced_system_tweaks: - -###### -System -###### - -.. toctree:: -   :maxdepth: 2 - -   boot-options -   eventhandler -   flow-accounting -   lcd -   ntp -   option -   proxy -   serial-console -   syslog -   task-scheduler diff --git a/docs/system/basic-index.rst b/docs/system/basic-index.rst deleted file mode 100644 index b7bbf1c5..00000000 --- a/docs/system/basic-index.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. _basic_system_tweaks: - -################### -Basic System Tweaks -################### - -.. toctree:: -   :maxdepth: 2 - -   user-management -   host-information -   default-route -   time-zone -   system-dns diff --git a/docs/troubleshooting.rst b/docs/troubleshooting/index.rst index 0b3420f4..0b3420f4 100644 --- a/docs/troubleshooting.rst +++ b/docs/troubleshooting/index.rst diff --git a/docs/vpn/index.rst b/docs/vpn/index.rst deleted file mode 100644 index c208b3c0..00000000 --- a/docs/vpn/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. _vpn: - -### -VPN -### - -.. toctree:: -   :maxdepth: 2 - -   dmvpn -   ipsec -   l2tp -   openconnect -   openvpn -   pptp -   site2site_ipsec -   sstp -   wireguard | 
