diff options
| -rw-r--r-- | docs/404.rst | 3 | ||||
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/automation/cloud-init.rst | 16 | ||||
| -rw-r--r-- | docs/changelog/1.3.rst | 51 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 80 | ||||
| -rw-r--r-- | docs/configuration/policy/local-route.rst | 31 | ||||
| -rw-r--r-- | docs/configuration/protocols/bfd.rst | 8 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-server.rst | 10 |
8 files changed, 183 insertions, 16 deletions
diff --git a/docs/404.rst b/docs/404.rst index 85444615..5073773a 100644 --- a/docs/404.rst +++ b/docs/404.rst @@ -7,4 +7,5 @@ Sorry, We could not find a page. Try using the search box or go to the release homepage: * `1.2.x (crux) <https://docs.vyos.io/en/crux/>`_ - * `rolling release (equuleus) <https://docs.vyos.io/en/latest/>`_
\ No newline at end of file + * `1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_ + * `rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_ diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 221aee86f4d4291434dc60569d3d58da99639ff +Subproject b4185f8356d69476292906ebe32daf1c4867601 diff --git a/docs/automation/cloud-init.rst b/docs/automation/cloud-init.rst index 3ca8739b..0096d428 100644 --- a/docs/automation/cloud-init.rst +++ b/docs/automation/cloud-init.rst @@ -20,9 +20,11 @@ VyOS support three types of config sources. * Metadata - Metadata is sourced by the cloud platform or hypervisor. In some clouds, there is implemented as an HTTP endpoint at ``http://169.254.169.254``. + * Network configuration - This config source informs the system about the network settings like IP addresses, routes, DNS. Available only in several cloud and virtualization platforms. + * User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot. @@ -49,9 +51,9 @@ In VyOS, by default, enables only two modules: * ``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. + * ``vyos_userdata`` - the module accepts a list of CLI configuration commands in a ``vyos_config_commands`` section, which gives an easy way to configure the - system during deployment. ************************ @@ -75,9 +77,9 @@ commands are supported. Commands requirements: -* one command per line -* if command ends in a value, it must be inside single quotes -* a single-quote symbol is not allowed inside command or value +* One command per line. +* If command ends in a value, it must be inside single quotes. +* A single-quote symbol is not allowed inside command or value. The commands list produced by the ``show configuration commands`` command on a VyOS router should comply with all the requirements, so it is easy to get a @@ -105,9 +107,9 @@ System Defaults/Fallbacks These are the VyOS defaults and fallbacks. -* SSH is configured on port 22 -* ``vyos``/``vyos`` credentials if no others specified by data source -* DHCP on first Ethernet interface if no network configuration is provided +* SSH is configured on port 22. +* ``vyos``/``vyos`` credentials if no others specified by data source. +* DHCP on first Ethernet interface if no network configuration is provided. All of these can be overridden using the configuration in user-data. diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 8dcc08b0..210a17fa 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,55 @@ _ext/releasenotes.py +2022-02-06 +========== + +* :vytask:`T4228` (bug): bond: OS error thrown when two bonds use the same member + + +2022-02-05 +========== + +* :vytask:`T4226` (bug): VRRP transition-script does not work for groups name which contains -(minus) sign + + +2022-02-04 +========== + +* :vytask:`T4196` (bug): DHCP server client-prefix-length parameter results in non-functional leases + + +2022-02-03 +========== + +* :vytask:`T3643` (bug): show vpn ipsec sa doesn't show tunnels in "down" state + + +2022-02-01 +========== + +* :vytask:`T4198` (bug): Error shown on commit + + +2022-01-29 +========== + +* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working + + +2022-01-28 +========== + +* :vytask:`T4184` (bug): NTP allow-clients address doesn't work it allows to use ntp server for all addresses +* :vytask:`T4115` (bug): reboot in <x> not working as expected + + +2022-01-24 +========== + +* :vytask:`T4204` (feature): Update Accel-PPP to a newer revision + + 2022-01-17 ========== @@ -1418,7 +1467,7 @@ 2021-02-16 ========== -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.172 / 5.10.92 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.175 / 5.10.95 2021-02-14 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 4d9c1ada..25a09d5e 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,84 @@ _ext/releasenotes.py +2022-02-06 +========== + +* :vytask:`T4223` (bug): policy route cannot have several entries with the same table +* :vytask:`T4216` (bug): Firewall: can't use negated groups in firewall rules +* :vytask:`T4178` (bug): policy based routing tcp flags issue +* :vytask:`T4164` (bug): PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf` +* :vytask:`T3970` (feature): Add support for op-mode PKI direct install into an active config session +* :vytask:`T3828` (bug): ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta +* :vytask:`T4228` (bug): bond: OS error thrown when two bonds use the same member + + +2022-02-05 +========== + +* :vytask:`T4226` (bug): VRRP transition-script does not work for groups name which contains -(minus) sign + + +2022-02-04 +========== + +* :vytask:`T4196` (bug): DHCP server client-prefix-length parameter results in non-functional leases + + +2022-02-03 +========== + +* :vytask:`T4218` (bug): firewall: rule name is not allowed to start with a number +* :vytask:`T3643` (bug): show vpn ipsec sa doesn't show tunnels in "down" state + + +2022-02-01 +========== + +* :vytask:`T4224` (bug): Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso) +* :vytask:`T4225` (bug): Performance degration with latest rolling release +* :vytask:`T4220` (bug): Commit broke dhclient 78b247b724f74bdabab0706aaa7f5b00e5809bc1 +* :vytask:`T4138` (bug): NAT configuration allows to set incorrect port range and invalid port + + +2022-01-29 +========== + +* :vytask:`T4153` (bug): Monitor bandwidth-test initiate not working + + +2022-01-28 +========== + +* :vytask:`T4184` (bug): NTP allow-clients address doesn't work it allows to use ntp server for all addresses +* :vytask:`T4115` (bug): reboot in <x> not working as expected +* :vytask:`T4217` (bug): firewall: port-group requires protocol to be set - but not in VyOS 1.3 + + +2022-01-27 +========== + +* :vytask:`T4213` (default): ipv6 policy routing not working anymore +* :vytask:`T4188` (bug): Firewall does not correctly handle conntracking +* :vytask:`T3762` (feature): Support network and address groups for policy ipv6-route +* :vytask:`T3560` (feature): Ability to create groups of MAC addresses +* :vytask:`T3495` (feature): Modernising port/protocol definitions + + +2022-01-25 +========== + +* :vytask:`T4205` (feature): Disable Debian Version in SSH (DebianBanner->no) +* :vytask:`T4131` (bug): Show firewall group incorrect format members + + +2022-01-24 +========== + +* :vytask:`T4204` (feature): Update Accel-PPP to a newer revision +* :vytask:`T1795` (default): Commit rollback by timeout + + 2022-01-23 ========== @@ -1661,7 +1739,7 @@ ========== * :vytask:`T3313` (bug): ospfv3 interface missing options -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.172 / 5.10.92 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.175 / 5.10.95 2021-02-15 diff --git a/docs/configuration/policy/local-route.rst b/docs/configuration/policy/local-route.rst index 0b0122ab..e938f3cc 100644 --- a/docs/configuration/policy/local-route.rst +++ b/docs/configuration/policy/local-route.rst @@ -8,8 +8,8 @@ Policies for local traffic are defined in this section. Configuration ************* -Local Route -=========== +Local Route IPv4 +================ .. cfgcmd:: set policy local-route rule <1-32765> set table <1-200|main> @@ -18,3 +18,30 @@ Local Route .. cfgcmd:: set policy local-route rule <1-32765> source <x.x.x.x|x.x.x.x/x> Set source address or prefix to match. + +.. cfgcmd:: set policy local-route rule <1-32765> destination <x.x.x.x|x.x.x.x/x> + + Set destination address or prefix to match. + +.. cfgcmd:: set policy local-route rule <1-32765> inbound-interface <interface> + + Set inbound interface to match. + +Local Route IPv6 +================ + +.. cfgcmd:: set policy local-route6 rule <1-32765> set table <1-200|main> + + Set routing table to forward packet to. + +.. cfgcmd:: set policy local-route6 rule <1-32765> source <h:h:h:h:h:h:h:h|<h:h:h:h:h:h:h:h/x> + + Set source address or prefix to match. + +.. cfgcmd:: set policy local-route6 rule <1-32765> destination <h:h:h:h:h:h:h:h|<h:h:h:h:h:h:h:h/x> + + Set destination address or prefix to match. + +.. cfgcmd:: set policy local-route6 rule <1-32765> inbound-interface <interface> + + Set inbound interface to match.
\ No newline at end of file diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst index 60f9ffd0..dac1bf0f 100644 --- a/docs/configuration/protocols/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-09-28 +:lastproofread: 2022-02-05 .. include:: /_include/need_improvement.txt @@ -72,11 +72,11 @@ Enable BFD in BGP Enable BFD in OSPF ------------------ -.. cfgcmd:: set interfaces ethernet <interface> ip ospf bfd +.. cfgcmd:: set protocols ospf interface <interface> bfd Enable BFD for OSPF on an interface -.. cfgcmd:: set interfaces ethernet <interface> ipv6 ospfv3 bfd +.. cfgcmd:: set protocols ospfv3 interface <interface> bfd Enable BFD for OSPFv3 on an interface @@ -93,7 +93,7 @@ Enable BFD in ISIS Operational Commands ==================== -.. opcmd:: show protocols bfd peer +.. opcmd:: show bfd peers Show all BFD peers diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index 9d0e0855..357203fd 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -21,6 +21,16 @@ address. Configuration ============= +.. cfgcmd:: set service dhcp-server hostfile-update + + Create DNS record per client lease, by adding clients to /etc/hosts file. + Entry will have format: `<shared-network-name>_<hostname>.<domain-name>` + +.. cfgcmd:: set service dhcp-server host-decl-name + + Will drop `<shared-network-name>_` from client DNS record, using only the + host declaration name and domain: `<hostname>.<domain-name>` + .. cfgcmd:: set service dhcp-server shared-network-name <name> domain-name <domain-name> The domain-name parameter should be the domain name that will be appended to |