Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-08-06 | smoketest: T6614: add op-mode test for Kernel version (#3946) | Christian Breunig | |
2024-08-06 | Merge pull request #3945 from c-po/T3204-sysctl | Christian Breunig | |
sysctl: T3204: restore sysctl setttings overwritten by tuned | |||
2024-08-06 | T6634: README: Add image graphs of contributors (#3944) | Viacheslav Hletenko | |
2024-08-05 | sysctl: T3204: restore sysctl setttings overwritten by tuned | Christian Breunig | |
2024-08-05 | Merge pull request #3947 from c-po/openvpn-T6555 | Christian Breunig | |
smoketest: T6555: openvpn: NameError: name 'elf' is not defined | |||
2024-08-05 | smoketest: T6555: openvpn: NameError: name 'elf' is not defined | Christian Breunig | |
2024-08-05 | Merge pull request #3942 from c-po/bugfixes | Daniil Baturin | |
T6560: T4694: T6555: multiple minor bugfixes for package build | |||
2024-08-05 | smoketest: T6555: openvpn: SyntaxError: '(' was never closed | Christian Breunig | |
2024-08-05 | firewall: T4694: fix GRE key include path in XML | Christian Breunig | |
2024-08-05 | GitHub: T6560: checkout pull request HEAD commit instead of merge commit | Christian Breunig | |
2024-08-05 | Merge pull request #3637 from talmakion/feature/T4694/gre-match-fields | Christian Breunig | |
firewall: T4694: Adding GRE flags & fields matches to firewall rules | |||
2024-08-05 | Merge branch 'current' into feature/T4694/gre-match-fields | Christian Breunig | |
2024-08-05 | Merge pull request #3920 from fett0/T6555 | Christian Breunig | |
OPENVPN: T6555: add server-bridge options in mode server | |||
2024-08-05 | Merge pull request #3939 from c-po/unused-imports | Christian Breunig | |
T5873: T6619: remove unused imports | |||
2024-08-04 | firewall: T4694: Adding GRE flags & fields matches to firewall rules | Andrew Topp | |
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest | |||
2024-08-04 | Merge pull request #3901 from nicolas-fort/T4072-extend-bridge-fwall | Christian Breunig | |
T4072: firewall extend bridge firewall | |||
2024-08-04 | ipsec: T5873: remove unused imports | Christian Breunig | |
2024-08-04 | multicast: T6619: remove unused imports | Christian Breunig | |
2024-08-02 | Merge pull request #3933 from jestabro/add-missing-standard-func | Daniil Baturin | |
T6632: add missing standard functions to config scripts | |||
2024-08-02 | Merge pull request #3932 from jestabro/check-kmod-under-configd | Daniil Baturin | |
T6629: call check_kmod within a standard config function | |||
2024-08-02 | T6619: Remove the remaining uses of per-protocol FRR configs (#3916) | Roman Khramshin | |
2024-08-02 | T6486: generate OpenVPN use data-ciphers instead of ncp-ciphers (#3930) | Viacheslav Hletenko | |
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers were replaced with `data-ciphers` fix template for "generate openvpn client-config" | |||
2024-08-02 | OPENVPN: T6555: fix name to bridge | fett0 | |
2024-08-02 | T6632: add missing standard functions to config scripts | John Estabrook | |
2024-08-02 | OPENVPN: T6555: fix name to bridge | fett0 | |
2024-08-02 | T6629: call check_kmod within a standard config function | John Estabrook | |
Move the remaining calls to check_kmod within a standard function, with placement determined by the needs of the config script. | |||
2024-08-02 | Merge pull request #3927 from jestabro/nat64-check-kmod | Daniil Baturin | |
nat64: T6627: call check_kmod within standard config function | |||
2024-08-02 | nat64: T6627: call check_kmod within standard config function | John Estabrook | |
Functions called from config scripts outside of the standard functions get_config/verify/generate/apply will not be called when run under configd. Move as appropriate for the general config script structure and the specific script requirements. | |||
2024-08-02 | T4072: change same helpers in xml definitions; add notrack action for ↵ | Nicolas Fort | |
prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest | |||
2024-08-01 | Merge pull request #3923 from c-po/console-T3334 | Christian Breunig | |
console: T3334: remove unused directories imported from vyos.defaults | |||
2024-08-01 | T4072: firewall: extend firewall bridge smoketest | Nicolas Fort | |
2024-08-01 | T6570: firewall: add global-option to configure sysctl parameter for ↵ | Nicolas Fort | |
enabling/disabling sending traffic from bridge layer to ipvX layer | |||
2024-08-01 | T4072: firewall: improve error handling when firewall configuration is ↵ | Nicolas Fort | |
wrong. Use nft -c option to check temporary file, and use output provided by nftables to parse the error if possible, or print it as it is if it's an unknown error | |||
2024-08-01 | T4072: firewall: extend firewall bridge capabilities, in order to include ↵ | Nicolas Fort | |
new chains, priorities, and firewall groups | |||
2024-08-01 | Merge pull request #3221 from lucasec/t5873 | Christian Breunig | |
T5873: ipsec remote access VPN: support VTI interfaces. | |||
2024-08-01 | console: T3334: remove unused directories imported from vyos.defaults | Christian Breunig | |
2024-08-01 | Merge pull request #3903 from lucasec/ipsec-remote-access-profile | Christian Breunig | |
T6617: T6618: vpn ipsec remote-access: fix profile generators | |||
2024-08-01 | Merge pull request #3919 from sever-sever/T5657 | Christian Breunig | |
T5657: Add VRF support for zabbix-agent | |||
2024-07-31 | OPENVPN: T6555: add server-bridge options in mode server | fett0 | |
2024-07-31 | T5657: Add VRF support for zabbix-agent | Viacheslav Hletenko | |
To start the service under VRF requires starting under User=root otherwise it had issues with cgroups | |||
2024-07-31 | ipsec: T6148: Removed unused imports (#3915) | aapostoliuk | |
Removed unused pprint module | |||
2024-07-30 | Merge pull request #3902 from vyos/c-po-patch-1 | Christian Breunig | |
GitHub: T6560: action must be run on forked repo | |||
2024-07-30 | Merge pull request #3747 from sever-sever/T6486 | Christian Breunig | |
T6486: T6379: Rewrite generate openvpn client-config | |||
2024-07-30 | Merge pull request #3698 from talmakion/bugfix/T3334 | Christian Breunig | |
system: op-mode: T3334: allow delayed getty restart when configuring serial ports | |||
2024-07-30 | system: op-mode: T3334: replace some print() statements with Warning() | Christian Breunig | |
Make it more obvious for the user aber the severity of his action. | |||
2024-07-30 | system: op-mode: T3334: allow delayed getty restart when configuring serial ↵ | Andrew Topp | |
ports * Created op-mode command "restart serial console" * Relocated service control to vyos.utils.serial helpers, used by conf- and op-mode serial console handling * Checking for logged-in serial sessions that may be affected by getty reconfig * Warning the user when changes are committed and serial sessions are active, otherwise restart services as normal. No prompts issued during commit, all config gen/commit steps still occur except for the service restarts (everything remains consistent) * To apply committed changes, user will need to run "restart serial console" to complete the process or reboot the whole router * Added additional flags and target filtering for generic use of helpers. | |||
2024-07-30 | T6572: trigger remote pr only for circinus pr merge (#3899) | Vijayakumar A | |
2024-07-30 | Merge pull request #3883 from c-po/vrf-conntrack | Christian Breunig | |
vrf: T6603: conntrack ct_iface_map must only contain one entry for iifname/oifname | |||
2024-07-30 | T6617: T6618: vpn ipsec remote-access: fix profile generators | Lucas Christian | |
2024-07-30 | Merge pull request #3740 from talmakion/feature/T6430-vrf-direct | Christian Breunig | |
pbr: T6430: Allow forwarding into VRFs by name as well as route table IDs |