summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-03Merge pull request #3572 from talmakion/bugfix/T6403Daniil Baturin
nat64: T6403: validate source prefix for RFC compliance
2024-06-03Merge pull request #3579 from h5t4/currentDaniil Baturin
bfd: T6440: BFD peer length typo
2024-06-03bfd: T6440: BFD peer length typoHannes Tamme
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-06-01vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need itAndrew Topp
`bridge vni show dev vxlanX` will exit with an error if no VNI filters are installed, but the getter is used even when we haven't installed any. This fix avoids fetching a list of VNI filters unless we know we've created some.
2024-06-01nat64: T6403: validate source prefix for RFC complianceAndrew Topp
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed.
2024-05-31isis: T6429: fix isis metric-style configuration missingfett0
2024-05-31Merge pull request #3570 from talmakion/bugfix/T6157Daniil Baturin
tunnel: T6157: fixing GRE tunnel uniqueness checks
2024-05-31Merge pull request #3569 from vyos/feature/T6415-repo-sync-pull_request_targetDaniil Baturin
T6415: repo sync using pull_request_target
2024-05-31tunnel: T6157: fixing GRE tunnel uniqueness checksAndrew Topp
Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately.
2024-05-31T6415: repo sync using pull_request_targetVijayakumar A
2024-05-31Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-recordsChristian Breunig
dns: T6422: allow multiple redundant NS records
2024-05-31T5307: QoS - traffic-class-map services (#3492)Roman Khramshin
added new syntax to work with class match filters in QoS policy
2024-05-31Merge pull request #3564 from c-po/snmpv3-op-modeChristian Breunig
op-mode: T683: remove superfluous debug print in snmpv3 display code
2024-05-31Merge pull request #3563 from Giggum/vyos_t6396Christian Breunig
conntrack: T6396: correction to helper message for ipv4/ipv6 custom timeout rule
2024-05-31GitHub: add action to build package on PRChristian Breunig
2024-05-31op-mode: T683: remove superfluous debug print in snmpv3 display codeChristian Breunig
This was a leftover from the early days.
2024-05-30conntrack: T6396: correction to helper message for custom timeout ruleGiggum
2024-05-30T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵Haim Gelfenbeyn
style fixes
2024-05-30Merge pull request #3531 from Embezzle/T6409Christian Breunig
reverse-proxy: T6409: Remove unused backend parameters
2024-05-30Merge pull request #3510 from HollyGurza/T4576Daniil Baturin
T4576: Accel-ppp logging level configuration
2024-05-30reverse-proxy: T6409: unindent migration script code pathChristian Breunig
2024-05-30Merge pull request #3552 from c-po/ipsec-profileChristian Breunig
op-mode: ipsec: T6407: fix profile generation
2024-05-30dns: T6422: allow multiple redundant NS recordsHaim Gelfenbeyn
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
2024-05-30Merge pull request #3546 from c-po/haproxyChristian Breunig
reverse-proxy: T6419: build full CA chain when verifying backend server
2024-05-30Merge pull request #3547 from c-po/container-fixesChristian Breunig
container: T6406: fix NameError: name 'vyos' is not defined
2024-05-30Merge pull request #3551 from c-po/hostname-priorityChristian Breunig
hostname: T6421: enforce explicit CLI priority for host-name and domain-name
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile.
2024-05-30vyos.ifconfig: T6421: verify /etc/hostname exists before readingChristian Breunig
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com>
2024-05-30hostname: T6421: enforce explicit CLI priority for host-name and domain-nameChristian Breunig
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities!
2024-05-30Merge pull request #3549 from sever-sever/T6415-dispatchVijayakumar A
T6415: Allow repo-sync workflow to be triggered manually
2024-05-30T6415: Enable repo-sync workflow to be triggered manuallyViacheslav Hletenko
2024-05-29container: T6406: fix NameError: name 'vyos' is not definedChristian Breunig
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module.
2024-05-29reverse-proxy: T6419: build full CA chain for frontend SSL certificateChristian Breunig
2024-05-29reverse-proxy: T6419: build full CA chain when verifying backend serverChristian Breunig
2024-05-29reverse-proxy: T5231: remove frontend ca-certificate code pathChristian Breunig
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service.
2024-05-29reverse-proxy: T5231: better mark v4v6 listen any addressChristian Breunig
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way.
2024-05-29op-mode: T5231: add command to restart reverse-proxyChristian Breunig
2024-05-29nat: T6371: fix op mode display of configured ports when comma separated ↵Ginko
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration.
2024-05-29Merge pull request #3543 from sever-sever/T6415-fixChristian Breunig
T6415: Fix variables for repo sync
2024-05-29Merge pull request #3541 from dmbaturin/T6374-openvpn-s2s-tls-validation-fixChristian Breunig
openvpn: T6374: only check TLS role for s2s if TLS is configured
2024-05-29T6415: Fix variables for repo syncViacheslav Hletenko
2024-05-29openvpn: T6374: only check TLS role for s2s if TLS is configuredDaniil Baturin
2024-05-29Merge pull request #3540 from sever-sever/T6415-reuseDaniil Baturin
T6349: Reuse repo sync
2024-05-29T6349: Reuse repo syncViacheslav Hletenko
2024-05-29Merge pull request #3534 from sever-sever/T6411Daniil Baturin
T6411: CGNAT fix sequences for external address ranges
2024-05-29Merge pull request #3537 from fett0/T6332Christian Breunig
ISIS: T6332: Fix isis not working only ipv6
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-28Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validationChristian Breunig
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS
2024-05-28Merge pull request #3533 from natali-rs1985/T6389-currentJohn Estabrook
op_mode: T6389: Check architecture and flavor compatibility on upgrade attempts