Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-06-03 | Merge pull request #3572 from talmakion/bugfix/T6403 | Daniil Baturin | |
nat64: T6403: validate source prefix for RFC compliance | |||
2024-06-03 | Merge pull request #3579 from h5t4/current | Daniil Baturin | |
bfd: T6440: BFD peer length typo | |||
2024-06-03 | bfd: T6440: BFD peer length typo | Hannes Tamme | |
2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
2024-06-01 | vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need it | Andrew Topp | |
`bridge vni show dev vxlanX` will exit with an error if no VNI filters are installed, but the getter is used even when we haven't installed any. This fix avoids fetching a list of VNI filters unless we know we've created some. | |||
2024-06-01 | nat64: T6403: validate source prefix for RFC compliance | Andrew Topp | |
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed. | |||
2024-05-31 | isis: T6429: fix isis metric-style configuration missing | fett0 | |
2024-05-31 | Merge pull request #3570 from talmakion/bugfix/T6157 | Daniil Baturin | |
tunnel: T6157: fixing GRE tunnel uniqueness checks | |||
2024-05-31 | Merge pull request #3569 from vyos/feature/T6415-repo-sync-pull_request_target | Daniil Baturin | |
T6415: repo sync using pull_request_target | |||
2024-05-31 | tunnel: T6157: fixing GRE tunnel uniqueness checks | Andrew Topp | |
Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately. | |||
2024-05-31 | T6415: repo sync using pull_request_target | Vijayakumar A | |
2024-05-31 | Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-records | Christian Breunig | |
dns: T6422: allow multiple redundant NS records | |||
2024-05-31 | T5307: QoS - traffic-class-map services (#3492) | Roman Khramshin | |
added new syntax to work with class match filters in QoS policy | |||
2024-05-31 | Merge pull request #3564 from c-po/snmpv3-op-mode | Christian Breunig | |
op-mode: T683: remove superfluous debug print in snmpv3 display code | |||
2024-05-31 | Merge pull request #3563 from Giggum/vyos_t6396 | Christian Breunig | |
conntrack: T6396: correction to helper message for ipv4/ipv6 custom timeout rule | |||
2024-05-31 | GitHub: add action to build package on PR | Christian Breunig | |
2024-05-31 | op-mode: T683: remove superfluous debug print in snmpv3 display code | Christian Breunig | |
This was a leftover from the early days. | |||
2024-05-30 | conntrack: T6396: correction to helper message for custom timeout rule | Giggum | |
2024-05-30 | T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵ | Haim Gelfenbeyn | |
style fixes | |||
2024-05-30 | Merge pull request #3531 from Embezzle/T6409 | Christian Breunig | |
reverse-proxy: T6409: Remove unused backend parameters | |||
2024-05-30 | Merge pull request #3510 from HollyGurza/T4576 | Daniil Baturin | |
T4576: Accel-ppp logging level configuration | |||
2024-05-30 | reverse-proxy: T6409: unindent migration script code path | Christian Breunig | |
2024-05-30 | Merge pull request #3552 from c-po/ipsec-profile | Christian Breunig | |
op-mode: ipsec: T6407: fix profile generation | |||
2024-05-30 | dns: T6422: allow multiple redundant NS records | Haim Gelfenbeyn | |
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. | |||
2024-05-30 | Merge pull request #3546 from c-po/haproxy | Christian Breunig | |
reverse-proxy: T6419: build full CA chain when verifying backend server | |||
2024-05-30 | Merge pull request #3547 from c-po/container-fixes | Christian Breunig | |
container: T6406: fix NameError: name 'vyos' is not defined | |||
2024-05-30 | Merge pull request #3551 from c-po/hostname-priority | Christian Breunig | |
hostname: T6421: enforce explicit CLI priority for host-name and domain-name | |||
2024-05-30 | op-mode: ipsec: T6407: fix profile generation | Christian Breunig | |
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. | |||
2024-05-30 | vyos.ifconfig: T6421: verify /etc/hostname exists before reading | Christian Breunig | |
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com> | |||
2024-05-30 | hostname: T6421: enforce explicit CLI priority for host-name and domain-name | Christian Breunig | |
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities! | |||
2024-05-30 | Merge pull request #3549 from sever-sever/T6415-dispatch | Vijayakumar A | |
T6415: Allow repo-sync workflow to be triggered manually | |||
2024-05-30 | T6415: Enable repo-sync workflow to be triggered manually | Viacheslav Hletenko | |
2024-05-29 | container: T6406: fix NameError: name 'vyos' is not defined | Christian Breunig | |
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module. | |||
2024-05-29 | reverse-proxy: T6419: build full CA chain for frontend SSL certificate | Christian Breunig | |
2024-05-29 | reverse-proxy: T6419: build full CA chain when verifying backend server | Christian Breunig | |
2024-05-29 | reverse-proxy: T5231: remove frontend ca-certificate code path | Christian Breunig | |
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service. | |||
2024-05-29 | reverse-proxy: T5231: better mark v4v6 listen any address | Christian Breunig | |
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way. | |||
2024-05-29 | op-mode: T5231: add command to restart reverse-proxy | Christian Breunig | |
2024-05-29 | nat: T6371: fix op mode display of configured ports when comma separated ↵ | Ginko | |
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. | |||
2024-05-29 | Merge pull request #3543 from sever-sever/T6415-fix | Christian Breunig | |
T6415: Fix variables for repo sync | |||
2024-05-29 | Merge pull request #3541 from dmbaturin/T6374-openvpn-s2s-tls-validation-fix | Christian Breunig | |
openvpn: T6374: only check TLS role for s2s if TLS is configured | |||
2024-05-29 | T6415: Fix variables for repo sync | Viacheslav Hletenko | |
2024-05-29 | openvpn: T6374: only check TLS role for s2s if TLS is configured | Daniil Baturin | |
2024-05-29 | Merge pull request #3540 from sever-sever/T6415-reuse | Daniil Baturin | |
T6349: Reuse repo sync | |||
2024-05-29 | T6349: Reuse repo sync | Viacheslav Hletenko | |
2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
T6411: CGNAT fix sequences for external address ranges | |||
2024-05-29 | Merge pull request #3537 from fett0/T6332 | Christian Breunig | |
ISIS: T6332: Fix isis not working only ipv6 | |||
2024-05-29 | ISIS: T6332: Fix isis not working only ipv6 | fett0 | |
2024-05-28 | Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validation | Christian Breunig | |
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | |||
2024-05-28 | Merge pull request #3533 from natali-rs1985/T6389-current | John Estabrook | |
op_mode: T6389: Check architecture and flavor compatibility on upgrade attempts |