diff options
Diffstat (limited to 'docs')
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/automation/index.rst | 2 | ||||
| -rw-r--r-- | docs/automation/vyos-pyvyos.rst | 148 | ||||
| -rw-r--r-- | docs/changelog/1.3.rst | 13 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 68 | ||||
| -rw-r--r-- | docs/changelog/1.5.rst | 67 | ||||
| -rw-r--r-- | docs/configuration/nat/index.rst | 1 | ||||
| -rw-r--r-- | docs/configuration/nat/nat64.rst | 81 | ||||
| -rw-r--r-- | docs/configuration/service/lldp.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/frr.rst | 38 | ||||
| -rw-r--r-- | docs/configuration/system/index.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/updates.rst | 37 | ||||
| -rw-r--r-- | docs/configuration/vpn/sstp.rst | 3 | ||||
| -rw-r--r-- | docs/contributing/testing.rst | 9 |
14 files changed, 465 insertions, 6 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 18b2bb669bb87cde14324cbc2ae3a16d11fa578 +Subproject f991faab2c0d95cbec5d46996b154145955572d diff --git a/docs/automation/index.rst b/docs/automation/index.rst index dd7b596a..ee8282ac 100644 --- a/docs/automation/index.rst +++ b/docs/automation/index.rst @@ -17,3 +17,5 @@ VyOS Automation vyos-salt command-scripting cloud-init + vyos-pyvyos + diff --git a/docs/automation/vyos-pyvyos.rst b/docs/automation/vyos-pyvyos.rst new file mode 100644 index 00000000..fba9b8b7 --- /dev/null +++ b/docs/automation/vyos-pyvyos.rst @@ -0,0 +1,148 @@ +:lastproofread: 2023-12-15 + +.. _vyos-pyvyos: + +PyVyOS +====== + +PyVyOS is a Python library for interacting with VyOS devices via their API. +This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. +The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), +and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) +and [PyPI](https://pypi.org/project/pyvyos/). + +Installation +------------ + +You can install PyVyOS using pip: + +.. code-block:: bash + + pip install pyvyos + +Getting Started +--------------- + +Importing and Disabling Warnings for verify=False +------------------------------------------------- + +.. code-block:: none + + import urllib3 + urllib3.disable_warnings() + +Using API Response Class +------------------------ + +.. code-block:: none + + @dataclass + class ApiResponse: + status: int + request: dict + result: dict + error: str + +Initializing a VyDevice Object +------------------------------ + +.. code-block:: none + + from dotenv import load_dotenv + load_dotenv() + + hostname = os.getenv('VYDEVICE_HOSTNAME') + apikey = os.getenv('VYDEVICE_APIKEY') + port = os.getenv('VYDEVICE_PORT') + protocol = os.getenv('VYDEVICE_PROTOCOL') + verify_ssl = os.getenv('VYDEVICE_VERIFY_SSL') + + verify = verify_ssl.lower() == "true" if verify_ssl else True + + device = VyDevice(hostname=hostname, apikey=apikey, port=port, protocol=protocol, verify=verify) + +Using PyVyOS +------------ + +Configure, then Set +^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.configure_set(path=["interfaces", "ethernet", "eth0", "address", "192.168.1.1/24"]) + if not response.error: + print(response.result) + +Configure, then Show a Single Object Value +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.retrieve_return_values(path=["interfaces", "dummy", "dum1", "address"]) + print(response.result) + +Configure, then Show Object +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.retrieve_show_config(path=[]) + if not response.error: + print(response.result) + +Configure, then Delete Object +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.configure_delete(path=["interfaces", "dummy", "dum1"]) + +Configure, then Save +^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.config_file_save() + +Configure, then Save File +------------------------- + +.. code-block:: none + + response = device.config_file_save(file="/config/test300.config") + +Show Object +^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.show(path=["system", "image"]) + print(response.result) + +Generate Object +^^^^^^^^^^^^^^^^ + +.. code-block:: none + + randstring = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(20)) + keyrand = f'/tmp/key_{randstring}' + response = device.generate(path=["ssh", "client-key", keyrand]) + +Reset Object +^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.reset(path=["conntrack-sync", "internal-cache"]) + if not response.error: + print(response.result) + +Configure, then Load File +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: none + + response = device.config_file_load(file="/config/test300.config") + + +.. _pyvyos: https://github.com/robertoberto/pyvyos
\ No newline at end of file diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 11d3be91..4d5d802d 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,19 @@ _ext/releasenotes.py +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` + + +2023-12-12 +========== + +* :vytask:`T5817` ``(bug): Show openvpn server fails in some cases`` +* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` + + 2023-11-30 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 3919ade7..1db86da5 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,74 @@ _ext/releasenotes.py +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` +* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` + + +2023-12-14 +========== + +* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` +* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` +* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` +* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` +* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` +* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` +* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` + + +2023-12-13 +========== + +* :vytask:`T591` ``(feature): Support SRv6`` + + +2023-12-12 +========== + +* :vytask:`T4704` ``(feature): Allow to set metric (MED) to rtt with rtt,+rtt or -rtt`` +* :vytask:`T5815` ``(enhancment): Add load_config module`` +* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` + + +2023-12-11 +========== + +* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` + + +2023-12-10 +========== + +* :vytask:`T5658` ``(default): Add VRF support for mtr`` + + +2023-12-09 +========== + +* :vytask:`T5808` ``(bug): op-mode: ipv6 ospfv3 graceful-restart description contains incorrect info`` +* :vytask:`T5802` ``(bug): ping (ip or hostname) interface <tab> produces error`` +* :vytask:`T5747` ``(feature): op-mode add MAC VRF and MTU for show interfaces summary`` +* :vytask:`T3983` ``(bug): show pki certificate Doesnt show x509 certificates`` + + +2023-12-08 +========== + +* :vytask:`T5782` ``(enhancment): Use a single config mode script for https and http-api`` +* :vytask:`T5768` ``(enhancment): Remove auxiliary http-api.conf for simplification of http-api config mode script`` +* :vytask:`T5809` ``(default): Enable GRUB support for gzip compressed kernels`` + + +2023-12-04 +========== + +* :vytask:`T5769` ``(bug): VTI tunnels lose their v6 Link Local addresses when set down/up`` + + 2023-12-03 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index 00f105e6..f8207e80 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,73 @@ _ext/releasenotes.py +2023-12-15 +========== + +* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` +* :vytask:`T5770` ``(bug): MACsec not encrypting`` +* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` + + +2023-12-14 +========== + +* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` +* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` +* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` +* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` +* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` +* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` +* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` + + +2023-12-13 +========== + +* :vytask:`T5688` ``(default): Create the same view of pool configuration for all accel-ppp services`` +* :vytask:`T591` ``(feature): Support SRv6`` + + +2023-12-12 +========== + +* :vytask:`T5815` ``(enhancment): Add load_config module`` + + +2023-12-11 +========== + +* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` + + +2023-12-10 +========== + +* :vytask:`T5658` ``(default): Add VRF support for mtr`` + + +2023-12-09 +========== + +* :vytask:`T5808` ``(bug): op-mode: ipv6 ospfv3 graceful-restart description contains incorrect info`` +* :vytask:`T5802` ``(bug): ping (ip or hostname) interface <tab> produces error`` +* :vytask:`T5747` ``(feature): op-mode add MAC VRF and MTU for show interfaces summary`` +* :vytask:`T3983` ``(bug): show pki certificate Doesnt show x509 certificates`` + + +2023-12-08 +========== + +* :vytask:`T5782` ``(enhancment): Use a single config mode script for https and http-api`` +* :vytask:`T5768` ``(enhancment): Remove auxiliary http-api.conf for simplification of http-api config mode script`` + + +2023-12-04 +========== + +* :vytask:`T5769` ``(bug): VTI tunnels lose their v6 Link Local addresses when set down/up`` + + 2023-12-03 ========== diff --git a/docs/configuration/nat/index.rst b/docs/configuration/nat/index.rst index 90275226..6556b7f9 100644 --- a/docs/configuration/nat/index.rst +++ b/docs/configuration/nat/index.rst @@ -9,4 +9,5 @@ NAT :includehidden: nat44 + nat64 nat66 diff --git a/docs/configuration/nat/nat64.rst b/docs/configuration/nat/nat64.rst new file mode 100644 index 00000000..e8a3a0e6 --- /dev/null +++ b/docs/configuration/nat/nat64.rst @@ -0,0 +1,81 @@ +.. _nat64: + +##### +NAT64 +##### + +:abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in +modern networking, facilitating communication between IPv6 and IPv4 networks. +This documentation outlines the setup, configuration, and usage of the NAT64 +feature in your project. Whether you are transitioning to IPv6 or need to +seamlessly connect IPv4 and IPv6 devices. +NAT64 is a stateful translation mechanism that translates IPv6 addresses to +IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable +IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP. + + +Overview +======== + +Different NAT Types +------------------- + +.. _source-nat64: + +SNAT64 +^^^^^^ + +:abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful +translation mechanism that translates IPv6 addresses to IPv4 addresses. + +``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. +The prefix is used to represent IPv4 addresses in an IPv6 address format. +The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. +The high-order 32 bits are set to the well-known prefix 64:ff9b::/96. + + +Configuration Examples +====================== + +The following examples show how to configure NAT64 on a VyOS router. +The 192.0.2.10 address is used as the IPv4 address for the translation pool. + + +NAT64 server configuration: + +.. code-block:: none + + set interfaces ethernet eth0 address '192.0.2.1/24' + set interfaces ethernet eth0 address '192.0.2.10/24' + set interfaces ethernet eth0 description 'WAN' + set interfaces ethernet eth1 address '2001:db8::1/64' + set interfaces ethernet eth1 description 'LAN' + + set service dns forwarding allow-from '2001:db8::/64' + set service dns forwarding dns64-prefix '64:ff9b::/96' + set service dns forwarding listen-address '2001:db8::1' + + set nat64 source rule 100 source prefix '64:ff9b::/96' + set nat64 source rule 100 translation pool 10 address '192.0.2.10' + set nat64 source rule 100 translation pool 10 port '1-65535' + +NAT64 client configuration: + +.. code-block:: none + + set interfaces ethernet eth1 address '2001:db8::2/64' + set protocols static route6 64:ff9b::/96 next-hop 2001:db8::1 + set system name-server '2001:db8::1' + +Test from the IPv6 only client: + +.. code-block:: none + + vyos@r1:~$ ping 64:ff9b::192.0.2.1 count 2 + PING 64:ff9b::192.0.2.1(64:ff9b::c000:201) 56 data bytes + 64 bytes from 64:ff9b::c000:201: icmp_seq=1 ttl=63 time=0.351 ms + 64 bytes from 64:ff9b::c000:201: icmp_seq=2 ttl=63 time=0.373 ms + + --- 64:ff9b::192.0.2.1 ping statistics --- + 2 packets transmitted, 2 received, 0% packet loss, time 1023ms + rtt min/avg/max/mdev = 0.351/0.362/0.373/0.011 ms diff --git a/docs/configuration/service/lldp.rst b/docs/configuration/service/lldp.rst index aa357211..12a9e0b6 100644 --- a/docs/configuration/service/lldp.rst +++ b/docs/configuration/service/lldp.rst @@ -54,7 +54,7 @@ Configuration Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled. -.. cfgcmd:: set service lldp snmp enable +.. cfgcmd:: set service lldp snmp Enable SNMP queries of the LLDP database diff --git a/docs/configuration/system/frr.rst b/docs/configuration/system/frr.rst new file mode 100644 index 00000000..a7f7ff93 --- /dev/null +++ b/docs/configuration/system/frr.rst @@ -0,0 +1,38 @@ +.. _system_frr: + +### +FRR +### + +VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic +and static routing. The routing daemon behavior can be adjusted during runtime, +but require either a restart of the routing daemon, or a reboot of the system. + +.. cfgcmd:: set system frr bmp + + Enable :abbr:`BMP (BGP Monitoring Protocol)` support + +.. cfgcmd:: set system frr descriptors <numer> + + This allows the operator to control the number of open file descriptors + each daemon is allowed to start with. If the operator plans to run bgp with + several thousands of peers then this is where we would modify FRR to allow + this to happen. + +.. cfgcmd:: set system frr irdp + + Enable ICMP Router Discovery Protocol support + +.. cfgcmd:: set system frr snmp <daemon> + + Enable SNMP support for an individual routing daemon. + + Supported daemons: + + - bgpd + - isisd + - ldpd + - ospf6d + - ospfd + - ripd + - zebra diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index 23edaa3f..dbb63d09 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -11,6 +11,7 @@ System conntrack console flow-accounting + frr host-name ip ipv6 @@ -24,6 +25,7 @@ System sysctl task-scheduler time-zone + updates .. toctree:: diff --git a/docs/configuration/system/updates.rst b/docs/configuration/system/updates.rst new file mode 100644 index 00000000..a55bfa9a --- /dev/null +++ b/docs/configuration/system/updates.rst @@ -0,0 +1,37 @@ +####### +Updates +####### + +VyOS supports online checking for updates + +Configuration +============= + +.. cfgcmd:: set system update-check auto-check + + Configure auto-checking for new images + + +.. cfgcmd:: set system update-check url <url> + + Configure a URL that contains information about images. + + +Example +======= + +.. code-block:: none + + set system update-check auto-check + set system update-check url 'https://raw.githubusercontent.com/vyos/vyos-rolling-nightly-builds/main/version.json' + +Check: + +.. code-block:: none + + vyos@r4:~$ show system updates + Current version: 1.5-rolling-202312220023 + + Update available: 1.5-rolling-202312250024 + Update URL: https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312250024/1.5-rolling-202312250024-amd64.iso + vyos@r4:~$ diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index fa2b96c8..d9bb4353 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -293,7 +293,8 @@ Example set vpn sstp authentication local-users username vyos password vyos set vpn sstp authentication mode local set vpn sstp gateway-address 192.0.2.254 - set vpn sstp client-ip-pool subnet 192.0.2.0/25 + set vpn sstp client-ip-pool SSTP-POOL range 192.0.2.0/25 + set vpn sstp default-pool 'SSTP-POOL' set vpn sstp name-server 10.0.0.1 set vpn sstp name-server 10.0.0.2 set vpn sstp ssl ca-cert-file /config/auth/ca.crt diff --git a/docs/contributing/testing.rst b/docs/contributing/testing.rst index d5df9d59..772ff04a 100644 --- a/docs/contributing/testing.rst +++ b/docs/contributing/testing.rst @@ -4,10 +4,11 @@ Testing ####### -One of the major advantages introduced in VyOS 1.3 is an autmated test framework. -When assembling an ISO image multiple things can go wrong badly and publishing -a faulty ISO makes no sense. The user is disappointed by the quality of the image -and the developers get flodded with bug reports over and over again. +One of the major advantages introduced in VyOS 1.3 is an automated test +framework. When assembling an ISO image multiple things can go wrong badly and +publishing a faulty ISO makes no sense. The user is disappointed by the quality +of the image and the developers get flodded with bug reports over and over +again. As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated |