Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-02-06 | T5921: Fix OpenConnect verify for local users | Viacheslav Hletenko | |
Fix verify error for the VPN OpenConnect configuration with local authentication and without any user File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify if not ocserv["authentication"]["local_users"]: KeyError: 'local_users' | |||
2024-02-06 | vpn: T3843: l2tp configuration not cleared after delete | khramshinr | |
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl | |||
2024-02-06 | Merge pull request #2943 from vyos/mergify/bp/current/pr-2942 | Daniil Baturin | |
op-mode:T6015:Fix for charon file generated by ipsec debug script (backport #2942) | |||
2024-02-06 | op-mode:T6015:Fix the charon file generated by ipsec debug script | srividya0208 | |
(cherry picked from commit 0c9c496961dc88110da53943a14dd88086ea920d) | |||
2024-02-05 | image-tools: T6016: wait for umount in cleanup function | John Estabrook | |
2024-02-06 | Merge pull request #2936 from c-po/rpki-T6011 | Daniil Baturin | |
rpki: T6011: known-hosts-file is no longer supported by FRR | |||
2024-02-06 | Merge pull request #2935 from c-po/rpki | Daniil Baturin | |
init: T2044: always start/stop rpki during system boot | |||
2024-02-05 | Merge pull request #2937 from jestabro/overhead-advisory-update | John Estabrook | |
T6018: adjust smoketest for update to FastAPI web framework | |||
2024-02-05 | T6018: adjust smoketest for update to FastAPI web framework | John Estabrook | |
2024-02-03 | rpki: T6011: known-hosts-file is no longer supported by FRR | Christian Breunig | |
2024-02-03 | init: T2044: always start/stop rpki during system boot | Christian Breunig | |
2024-02-03 | Merge pull request #2932 from c-po/ipsec-T5998 | Christian Breunig | |
ipsec: T5998: add replay-windows setting | |||
2024-02-03 | ipsec: T5998: add replay-windows setting | Christian Breunig | |
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> | |||
2024-02-03 | Merge pull request #2931 from c-po/configdict-bugfix | Viacheslav Hletenko | |
configdict: T5894: preserve old behavior when dealing with PKI | |||
2024-02-02 | configdict: T5894: preserve old behavior when dealing with PKI | Christian Breunig | |
Commit b152b5202 ("configdict: T5894: add get_config_dict() flag with_pki") added the generic PKI flag but if there was no PKI subsystem available in the configuration, no pki dict key ever manifested in the resulting dictionary requested by the caller. This is different to the old behavior (which each caller implementing the call itself) where there always was a pki key present - even if it was empty. This triggered a bug in the IPSec script Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 600, in <module> verify(ipsec) File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 372, in verify verify_pki_rsa(ipsec['pki'], rsa) ~~~~~^^^^^^^ KeyError: 'pki' As it wanted to verify keys, but there was no pki dictionary key available. This commit restores the previous behavior. | |||
2024-02-02 | Merge pull request #2748 from MattKobayashi/t5848 | Christian Breunig | |
qos: T5848: Add triple-isolate option to CAKE policy config | |||
2024-02-02 | qos: T5848: improve flow-isolation help strings | Christian Breunig | |
2024-02-02 | Merge pull request #2889 from sarthurdev/kea-hooks | Christian Breunig | |
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD | |||
2024-02-02 | Merge pull request #2927 from ishioni/T5955 | Christian Breunig | |
container: T5955: add uid/gid settings | |||
2024-02-02 | smoketest: T5955: verify container uid/gid setting | Christian Breunig | |
2024-02-02 | container: T5955: allow setting uid/gid | Piotr Maksymiuk | |
2024-02-02 | Merge pull request #2891 from aapostoliuk/T5971-circinus | Viacheslav Hletenko | |
T5971: Rewritten ppp options in accel-ppp services | |||
2024-02-01 | upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLs | Chris Buechler | |
2024-02-01 | Merge pull request #2756 from nicolas-fort/T4839 | Christian Breunig | |
T4839: firewall: Add dynamic address group in firewall configuration | |||
2024-02-01 | Merge pull request #2860 from indrajitr/ddclient-update-20240119 | Christian Breunig | |
ddclient: T5966: Adjust dynamic dns config address subpath | |||
2024-02-01 | Merge pull request #2903 from HollyGurza/T5687 | Christian Breunig | |
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | |||
2024-02-01 | smoketest: T5687: simplify "dns forwarding" test setup | Christian Breunig | |
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS recursor") added a helper "_set_required_options()" method to reduce duplicate code when setting up the base interface test. This refactors the test class to call this code always in setUp() so we have it written only once. | |||
2024-02-01 | dns forwarding: T5687: add missing constraints on ecs-add-for CLI node | Christian Breunig | |
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a proper constraint enforcing this. | |||
2024-02-01 | Merge pull request #2883 from sever-sever/T5974 | Viacheslav Hletenko | |
T5974: Fix QoS shape bandwidth and ceil calculation for default | |||
2024-02-01 | Merge pull request #2890 from sever-sever/T5941 | Christian Breunig | |
T5941: Migration policy delete orphaned interface policy | |||
2024-02-01 | Merge pull request #2892 from sever-sever/T5941-tp | Christian Breunig | |
T5941: Migration QoS delete orphaned interface traffic-policy | |||
2024-02-01 | GitHub: update PR request laballer to v5.0.0 tag | Christian Breunig | |
2024-02-01 | Merge pull request #2914 from aapostoliuk/T5930-circinus | Christian Breunig | |
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together | |||
2024-02-01 | bgp: T5930: Denied using rt vpn 'export/import' with 'both' together | aapostoliuk | |
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration. | |||
2024-02-01 | Merge pull request #2887 from nicolas-fort/T5977 | Christian Breunig | |
T5977: firewall: remove ipsec options in output chain rule definition… | |||
2024-01-31 | Merge pull request #2910 from aapostoliuk/T5254-fix | Christian Breunig | |
T5254: Deleted extra file git | |||
2024-01-31 | T5254: Deleted extra file git | aapostoliuk | |
Deleted extra file git. | |||
2024-01-31 | Merge pull request #2908 from cleopold73/cleopold73-patch-1 | Christian Breunig | |
reverse-proxy: T5999: Allow root for exact match in backend rule URL | |||
2024-01-31 | dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | khramshinr | |
Fix option descriptions | |||
2024-01-30 | reverse-proxy: T5999: Allow root for exact match in backend rule URL | cleopold73 | |
2024-01-30 | Merge pull request #2906 from jvoss/T6003 | Christian Breunig | |
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' | |||
2024-01-30 | rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' | Jonathan Voss | |
2024-01-30 | Merge pull request #2877 from c-po/vrf-5973 | Christian Breunig | |
vrf: T5973: multiple bugfixes and improvements | |||
2024-01-30 | Merge pull request #2902 from jestabro/migration-certbot | Christian Breunig | |
https: T6000: fix error in migration of path https certbot | |||
2024-01-30 | dns forwarding: T5687: Implement ECS settings for PowerDNS recursor | khramshinr | |
2024-01-29 | https: T6000: fix error in migration of path https certbot | John Estabrook | |
2024-01-29 | T5971: Rewritten ppp options in accel-ppp services | aapostoliuk | |
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP. | |||
2024-01-28 | Merge pull request #2898 from jestabro/validate-name | Daniil Baturin | |
image-tools: T5988: validate image name in add_image | |||
2024-01-28 | Merge pull request #2899 from jestabro/typo-add-image-ftp | Daniil Baturin | |
remote: T5994: fix typo in check_storage for Ftp class | |||
2024-01-27 | remote: T5994: fix typo in check_storage for Ftp class | John Estabrook | |