Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-02-03 | Merge pull request #2932 from c-po/ipsec-T5998 | Christian Breunig | |
ipsec: T5998: add replay-windows setting | |||
2024-02-03 | ipsec: T5998: add replay-windows setting | Christian Breunig | |
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> | |||
2024-02-03 | Merge pull request #2931 from c-po/configdict-bugfix | Viacheslav Hletenko | |
configdict: T5894: preserve old behavior when dealing with PKI | |||
2024-02-02 | configdict: T5894: preserve old behavior when dealing with PKI | Christian Breunig | |
Commit b152b5202 ("configdict: T5894: add get_config_dict() flag with_pki") added the generic PKI flag but if there was no PKI subsystem available in the configuration, no pki dict key ever manifested in the resulting dictionary requested by the caller. This is different to the old behavior (which each caller implementing the call itself) where there always was a pki key present - even if it was empty. This triggered a bug in the IPSec script Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 600, in <module> verify(ipsec) File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 372, in verify verify_pki_rsa(ipsec['pki'], rsa) ~~~~~^^^^^^^ KeyError: 'pki' As it wanted to verify keys, but there was no pki dictionary key available. This commit restores the previous behavior. | |||
2024-02-02 | Merge pull request #2748 from MattKobayashi/t5848 | Christian Breunig | |
qos: T5848: Add triple-isolate option to CAKE policy config | |||
2024-02-02 | qos: T5848: improve flow-isolation help strings | Christian Breunig | |
2024-02-02 | Merge pull request #2889 from sarthurdev/kea-hooks | Christian Breunig | |
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD | |||
2024-02-02 | Merge pull request #2927 from ishioni/T5955 | Christian Breunig | |
container: T5955: add uid/gid settings | |||
2024-02-02 | smoketest: T5955: verify container uid/gid setting | Christian Breunig | |
2024-02-02 | container: T5955: allow setting uid/gid | Piotr Maksymiuk | |
2024-02-02 | Merge pull request #2891 from aapostoliuk/T5971-circinus | Viacheslav Hletenko | |
T5971: Rewritten ppp options in accel-ppp services | |||
2024-02-01 | upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLs | Chris Buechler | |
2024-02-01 | Merge pull request #2756 from nicolas-fort/T4839 | Christian Breunig | |
T4839: firewall: Add dynamic address group in firewall configuration | |||
2024-02-01 | Merge pull request #2860 from indrajitr/ddclient-update-20240119 | Christian Breunig | |
ddclient: T5966: Adjust dynamic dns config address subpath | |||
2024-02-01 | Merge pull request #2903 from HollyGurza/T5687 | Christian Breunig | |
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | |||
2024-02-01 | smoketest: T5687: simplify "dns forwarding" test setup | Christian Breunig | |
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS recursor") added a helper "_set_required_options()" method to reduce duplicate code when setting up the base interface test. This refactors the test class to call this code always in setUp() so we have it written only once. | |||
2024-02-01 | dns forwarding: T5687: add missing constraints on ecs-add-for CLI node | Christian Breunig | |
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a proper constraint enforcing this. | |||
2024-02-01 | Merge pull request #2883 from sever-sever/T5974 | Viacheslav Hletenko | |
T5974: Fix QoS shape bandwidth and ceil calculation for default | |||
2024-02-01 | Merge pull request #2890 from sever-sever/T5941 | Christian Breunig | |
T5941: Migration policy delete orphaned interface policy | |||
2024-02-01 | Merge pull request #2892 from sever-sever/T5941-tp | Christian Breunig | |
T5941: Migration QoS delete orphaned interface traffic-policy | |||
2024-02-01 | GitHub: update PR request laballer to v5.0.0 tag | Christian Breunig | |
2024-02-01 | Merge pull request #2914 from aapostoliuk/T5930-circinus | Christian Breunig | |
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together | |||
2024-02-01 | bgp: T5930: Denied using rt vpn 'export/import' with 'both' together | aapostoliuk | |
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration. | |||
2024-02-01 | Merge pull request #2887 from nicolas-fort/T5977 | Christian Breunig | |
T5977: firewall: remove ipsec options in output chain rule definition… | |||
2024-01-31 | Merge pull request #2910 from aapostoliuk/T5254-fix | Christian Breunig | |
T5254: Deleted extra file git | |||
2024-01-31 | T5254: Deleted extra file git | aapostoliuk | |
Deleted extra file git. | |||
2024-01-31 | Merge pull request #2908 from cleopold73/cleopold73-patch-1 | Christian Breunig | |
reverse-proxy: T5999: Allow root for exact match in backend rule URL | |||
2024-01-31 | dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | khramshinr | |
Fix option descriptions | |||
2024-01-30 | reverse-proxy: T5999: Allow root for exact match in backend rule URL | cleopold73 | |
2024-01-30 | Merge pull request #2906 from jvoss/T6003 | Christian Breunig | |
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' | |||
2024-01-30 | rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' | Jonathan Voss | |
2024-01-30 | Merge pull request #2877 from c-po/vrf-5973 | Christian Breunig | |
vrf: T5973: multiple bugfixes and improvements | |||
2024-01-30 | Merge pull request #2902 from jestabro/migration-certbot | Christian Breunig | |
https: T6000: fix error in migration of path https certbot | |||
2024-01-30 | dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | khramshinr | |
2024-01-29 | https: T6000: fix error in migration of path https certbot | John Estabrook | |
2024-01-29 | T5971: Rewritten ppp options in accel-ppp services | aapostoliuk | |
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP. | |||
2024-01-28 | Merge pull request #2898 from jestabro/validate-name | Daniil Baturin | |
image-tools: T5988: validate image name in add_image | |||
2024-01-28 | Merge pull request #2899 from jestabro/typo-add-image-ftp | Daniil Baturin | |
remote: T5994: fix typo in check_storage for Ftp class | |||
2024-01-27 | remote: T5994: fix typo in check_storage for Ftp class | John Estabrook | |
2024-01-27 | image-tools: T5988: validate image name in add_image | John Estabrook | |
Add missing name validation in add_image, and fix typo in error msg string. | |||
2024-01-25 | Updates to Kea DHCPv6 PD route hook (#6) | Chris Buechler | |
* Fix route deletion errors when interface is missing. Clarify variable names. | |||
2024-01-25 | Merge pull request #2894 from vyos/mergify/bp/current/pr-2619 | Daniil Baturin | |
T5817: Fix for show openvpn server (backport #2619) | |||
2024-01-25 | op-mode: T4038: Python rewrite of image tools | erkin | |
2024-01-25 | T4839: firewall: Add dynamic address group in firewall configuration, and ↵ | Nicolas Fort | |
appropiate commands to populate such groups using source and destination address of the packet. | |||
2024-01-25 | T5817: Fix for show openvpn server | Viacheslav Hletenko | |
In some cases we can get error: ``` Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module> data = get_status(args.mode, intf) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address tunnel_ip = lst[0].split(',')[0] IndexError: list index out of range ``` (cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d) | |||
2024-01-25 | Merge pull request #2893 from jestabro/fix-regression-version-files | Daniil Baturin | |
image-tools: T5983: fix regression in prune_vyos_versions | |||
2024-01-24 | image-tools: T5983: fix regression in prune_vyos_versions | John Estabrook | |
2024-01-24 | dhcp: T3316: Change help text on `listen-interface` to be generic | sarthurdev | |
2024-01-24 | dhcp: T3316: Fix header on script | sarthurdev | |
2024-01-24 | dhcpv6: T3316: Add support for excluded-prefix in prefix delegation | sarthurdev | |