Age | Commit message (Collapse) | Author |
|
T6021: Fix QoS shaper r2q calculation
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
|
|
Always enable VRF strict_mode
|
|
The current calculation `r2q` is wrong as it uses `Floor division`
but expecting `division`
This way `math.ceil` calculate wrong value as we expect
round a number upward to its nearest integer
For example for speed 710 mbits expected value `444` but we get `443`
```
from math import ceil
MAXQUANTUM = 200000
speed = 710000000
speed_bps = int(speed) // 8
>>> speed_bps // MAXQUANTUM
443
>>> speed_bps / MAXQUANTUM
443.75
>>>
>>>
>>> ceil(speed_bps // MAXQUANTUM)
443
>>> ceil(speed_bps / MAXQUANTUM)
444
>>>
```
|
|
image-tools: T6016: wait for umount in cleanup function
|
|
T5921: Fix OpenConnect verify for local users
|
|
Fix verify error for the VPN OpenConnect configuration with
local authentication and without any user
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify
if not ocserv["authentication"]["local_users"]:
KeyError: 'local_users'
|
|
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
|
|
op-mode:T6015:Fix for charon file generated by ipsec debug script (backport #2942)
|
|
(cherry picked from commit 0c9c496961dc88110da53943a14dd88086ea920d)
|
|
|
|
rpki: T6011: known-hosts-file is no longer supported by FRR
|
|
init: T2044: always start/stop rpki during system boot
|
|
T6018: adjust smoketest for update to FastAPI web framework
|
|
|
|
|
|
|
|
ipsec: T5998: add replay-windows setting
|
|
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node
to explicitly change this.
* set vpn ipsec site-to-site peer <name> replay-window <0-2040>
|
|
configdict: T5894: preserve old behavior when dealing with PKI
|
|
Commit b152b5202 ("configdict: T5894: add get_config_dict() flag with_pki")
added the generic PKI flag but if there was no PKI subsystem available
in the configuration, no pki dict key ever manifested in the resulting
dictionary requested by the caller.
This is different to the old behavior (which each caller implementing the call
itself) where there always was a pki key present - even if it was empty.
This triggered a bug in the IPSec script
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 600, in <module>
verify(ipsec)
File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 372, in verify
verify_pki_rsa(ipsec['pki'], rsa)
~~~~~^^^^^^^
KeyError: 'pki'
As it wanted to verify keys, but there was no pki dictionary key available.
This commit restores the previous behavior.
|
|
qos: T5848: Add triple-isolate option to CAKE policy config
|
|
|
|
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
|
|
container: T5955: add uid/gid settings
|
|
|
|
|
|
T5971: Rewritten ppp options in accel-ppp services
|
|
|
|
T4839: firewall: Add dynamic address group in firewall configuration
|
|
ddclient: T5966: Adjust dynamic dns config address subpath
|
|
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor
|
|
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS
recursor") added a helper "_set_required_options()" method to reduce duplicate
code when setting up the base interface test.
This refactors the test class to call this code always in setUp() so we have
it written only once.
|
|
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a
proper constraint enforcing this.
|
|
T5974: Fix QoS shape bandwidth and ceil calculation for default
|
|
T5941: Migration policy delete orphaned interface policy
|
|
T5941: Migration QoS delete orphaned interface traffic-policy
|
|
|
|
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together
|
|
Denied using command 'route-target vpn export/import'
with 'both' together in bgp configuration.
|
|
T5977: firewall: remove ipsec options in output chain rule definition…
|
|
T5254: Deleted extra file git
|
|
Deleted extra file git.
|
|
reverse-proxy: T5999: Allow root for exact match in backend rule URL
|
|
Fix option descriptions
|
|
|
|
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'
|
|
|
|
vrf: T5973: multiple bugfixes and improvements
|
|
https: T6000: fix error in migration of path https certbot
|