Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-09-16 | ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer | Viacheslav Hletenko | |
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script | |||
2022-08-08 | Merge pull request #1461 from nicolas-fort/nat66-exclude | Christian Poessinger | |
nat66: T4598: Add exclude options in nat66 | |||
2022-08-08 | nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵ | Nicolas Fort | |
and nat-rule.xml.i | |||
2022-08-05 | Merge pull request #1460 from sever-sever/T4597 | Christian Poessinger | |
ocserv: T4597: Check bind port before openconnect commit | |||
2022-08-05 | nat66: T4598: Add exclude options in nat66 | Nicolas Fort | |
2022-08-05 | ocserv: T4597: Check bind port before openconnect commit | Viacheslav Hletenko | |
Check if openconnect listen port is available and not used by another service | |||
2022-08-05 | Merge pull request #1459 from dmbaturin/genop-exn | Viacheslav Hletenko | |
T2719: add an exception hierarchy for op mode errors | |||
2022-08-05 | bgp: T4257: bugfixes after renaming "local-as" to "system-as" | Christian Poessinger | |
2022-08-04 | Merge https://github.com/Cheeze-It/vyos-1x into current | Christian Poessinger | |
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as" | |||
2022-08-04 | macsec: T4537: macsec_csindex can be set even without encryption | Christian Poessinger | |
2022-08-04 | smoketest: macsec: T4537: validate macsec_csindex for both AES-GCM-128 and ↵ | Christian Poessinger | |
AES-GCM-256 | |||
2022-08-04 | T2719: add an exception hierarchy for op mode errors | Daniil Baturin | |
2022-08-04 | Merge pull request #1457 from sever-sever/T4586 | Christian Poessinger | |
nat66: T4586: Add SNAT destination prefix and DNAT address | |||
2022-08-04 | macsec: T4592: can not create two interfaces using the same source-interface | Christian Poessinger | |
2022-08-04 | vyos.config.configdict: T4592: only print interface name, not interface dict ↵ | Christian Poessinger | |
on error | |||
2022-08-04 | smoketest: macsec: T4537: verify macsec_csindex | Christian Poessinger | |
2022-08-03 | Merge pull request #1369 from nicolas-fort/T4480 | Daniil Baturin | |
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config | |||
2022-08-03 | nat66: T4586: Add SNAT destination prefix and DNAT address | Viacheslav Hletenko | |
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66 | |||
2022-08-03 | validators: T4586: Add IPv6 exclude validators for address/prefix | Viacheslav Hletenko | |
Add IPV6 exclude validators: - ipv6-address-exclude - ipv6-prefix-exclude Will use in nat66 source/destination | |||
2022-08-02 | Merge pull request #1456 from sever-sever/T4585 | Christian Poessinger | |
containers: T4585: Add option restart to containers.py | |||
2022-08-02 | containers: T4585: Add option restart to containers.py | Viacheslav Hletenko | |
Add option restart to `containers.py` | |||
2022-08-02 | Merge pull request #1455 from sever-sever/T4544 | Christian Poessinger | |
graphql: T4544: Add overwritten scripts op-mode-standardized.json | |||
2022-08-02 | graphql: T4544: Add overwritten scripts op-mode-standardized.json | Viacheslav Hletenko | |
Add overwritten scripts to 'op-mode-standardized.json' | |||
2022-08-02 | Merge pull request #1454 from sever-sever/T4585 | Christian Poessinger | |
container: T4585: Rewrite show container | |||
2022-08-02 | container: T4585: Rewrite show container | Viacheslav Hletenko | |
Rewrite op-mode: - show container - show container network - show container image to the new vyos.opmode format | |||
2022-08-02 | macsec: T4537: add mussing macsec_csindex option to support GCM-AES-256 | Christian Poessinger | |
2022-08-02 | hostap: T4584: add Debian specific options to systemd unit files | Christian Poessinger | |
2022-08-01 | macsec: T4537: remove debug falg "-d" from systemd service file | Christian Poessinger | |
2022-08-01 | macsec: T4537: supply PID path via systemd service file to daemon | Christian Poessinger | |
2022-08-01 | macsec: T4391: bugfix config path | Christian Poessinger | |
After commit 85d6c8f7c62 ("vyos.configdict: T4391: enable get_interface_dict() to be used with ConfigTreeQuery()") we also need to use the full path when working with Config() as previous calls to get_interface_dict() no longer change the level of Config(). | |||
2022-08-01 | op-mode: macsec: T4537: add "show|monitor log macsec" CLI commands | Christian Poessinger | |
2022-08-01 | macsec: T4537: restart wpa_supplicant on error | Christian Poessinger | |
2022-08-01 | macsec: T3368: check key length for gcm-aes-128/gcm-aes-256 | Christian Poessinger | |
2022-08-01 | op-mode: macsec: T3368: generate 128/258bit connectivity association keys | Christian Poessinger | |
vyos@vyos:~$ generate macsec mka cak gcm-aes-128 6623f6ad9a0eae2db699b18f48af292b vyos@vyos:~$ generate macsec mka cak gcm-aes-256 0d84ac9d7cb7367c02ab22fc8b5f5f1113a62b765752bcf8d6da52554f04a826 | |||
2022-08-01 | bridge: T4565: bugfix error message when member interface contains an address | Christian Poessinger | |
We should not print the entire dictionary - we only need the bridge interface name: Bug: Cannot assign address to interface "eth1" as it is a member of bridge "{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"! Fixed: Cannot assign address to interface "eth1" as it is a member of bridge "br0"! | |||
2022-08-01 | Merge pull request #1452 from sever-sever/T4572 | Christian Poessinger | |
mtu: T4572: Add DHCP-option MTU to get values from DHCP-server | |||
2022-08-01 | mtu: T4572: Add DHCP-option MTU to get values from DHCP-server | Viacheslav Hletenko | |
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured | |||
2022-08-01 | Merge pull request #1451 from sever-sever/T4562 | Christian Poessinger | |
vrf: T4562: Check VRF if it has not been configured | |||
2022-08-01 | vrf: T4562: Check VRF if it has not been configured | Viacheslav Hletenko | |
Check list of VRF's, check key 'ifname' is configured If not configured, return message "VRF is not configured" | |||
2022-08-01 | Merge pull request #1446 from sever-sever/T4578 | Christian Poessinger | |
dns-forwarding: T4578: Rewrite show dns forwarding | |||
2022-08-01 | Merge pull request #1447 from initramfs/fix-t4582-current | Christian Poessinger | |
router-advert: T4582: fix preferred cannot equal valid lifetime | |||
2022-08-01 | Merge pull request #1449 from goodNETnick/sh_sys_cpu | Christian Poessinger | |
show: T4581: 'show system cpu' fix | |||
2022-07-31 | show: T4581: 'show system cpu' fix | goodNETnick | |
2022-08-01 | router-advert: T4582: fix preferred cannot equal valid lifetime | initramfs | |
Allows preferred lifetime for prefix advertisements to equal the configured valid lifetime as per RFC 4861. | |||
2022-07-31 | graphql: T4580: handle case of op-mode script name containing hyphens | John Estabrook | |
2022-07-31 | smoketest: bridge: T4565: changes to lower interfaces must not destroy VLAN ↵ | Christian Poessinger | |
aware bridge | |||
2022-07-30 | bgp: T4257: Changing BGP "local-as" to "system-as" | Cheeze_It | |
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. | |||
2022-07-30 | bridge: T4565: is_member() must return the dict of the member interface | Christian Poessinger | |
... otherwise functionality like bridge VLANs will loose configuration on membe rinterface update (e.g. description) | |||
2022-07-30 | bridge: T4579: cleanup interface dict (remove empty keys) | Christian Poessinger | |
2022-07-30 | bridge: T4579: remove duplicate code path already handled by base class | Christian Poessinger | |
Interface() base class already takes care about VLAN creation/removal of newly added or no longer required interfaces. No need to code this logic again. |