summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-09-15conntrack: T4691: lower "tcp max-retrans" upper limitChristian Poessinger
Kernel 5.15.y and newer only support an upper boundary of 255. vyos@vyos:~$ sudo sysctl -w net.netfilter.nf_conntrack_tcp_max_retrans=255 net.netfilter.nf_conntrack_tcp_max_retrans = 255 vyos@vyos:~$ sudo sysctl -w net.netfilter.nf_conntrack_tcp_max_retrans=256 sysctl: setting key "net.netfilter.nf_conntrack_tcp_max_retrans": Invalid argument
2022-09-15smoketest: conntrack: T4691: lower test value for nf_conntrack_tcp_max_retransChristian Poessinger
The old value of 1024 is no longer supported by the most recent Kernel
2022-09-15system login: T874: add libpam-google-authenticator package to provide 2FA ↵goodNETnick
support
2022-09-14Merge pull request #1540 from sever-sever/T4695Christian Poessinger
keymap: T4695: Add Spain 'es' and Japan 'jp106' keymaps
2022-09-14keymap: T4695: Add Spain 'es' and Japan 'jp106' keymapsViacheslav Hletenko
Add Spain (es) and Japan (jp106) keymaps set system option keyboard-layout es|jp106
2022-09-14Merge pull request #1530 from sever-sever/T4679Christian Poessinger
openvpn: T4679: Fix incorrect verify local and remote address
2022-09-14Merge pull request #1538 from sarthurdev/nftables1_testsChristian Poessinger
firewall: nat66: policy: T2199: Fix smoketests for nftables updated output
2022-09-14openvpn: T4679: Fix incorrect verify local and remote addressViacheslav Hletenko
In the OpenVPN site-to-site config we can use IPv6 peers without IPv4 configurations but "verify()" checks also local and remote IPv4 addresses that in this case will be empty lists For example: set interfaces openvpn vtun2 local-address 2001:db8::1 set interfaces openvpn vtun2 remote-address 2001:db8::2 Check in the commit (v4loAddr == v4remAddr) <= both empty lists commit DEBUG: [] == [] or ['2001:db8::2'] == [] So we should also check v4loAddr, v4remAddr, v6loAddr, v6remAddr are not empty
2022-09-14firewall: nat66: policy: T2199: Fix smoketests for nftables updated outputsarthurdev
2022-09-14Merge pull request #1537 from sarthurdev/nhrp_nftablesChristian Poessinger
nhrp: T2199: Use separate table in nftables for NHRP rules
2022-09-14nhrp: T2199: Use separate table in nftables for NHRP rulessarthurdev
2022-09-14Merge pull request #1534 from sarthurdev/firewall_interfacesChristian Poessinger
firewall: zone-policy: T2199: T4605: Refactor firewall, migrate zone-policy
2022-09-14Merge pull request #1536 from Cheeze-It/currentChristian Poessinger
isis: T4693: Fix ISIS segment routing configurations
2022-09-13isis: T4693: Fix ISIS segment routing configurationsCheeze_It
This change is to fix a bug in which ISIS segment routing was broken due to a refactor. This change also is going to introduce a smoketest to make sure this is caught in the future.
2022-09-13zone-policy: T2199: Migrate zone-policy to firewall nodesarthurdev
2022-09-13policy: T2199: Typo in policy route smoketest teardownsarthurdev
2022-09-13firewall: T4605: Rename filter tables to vyos_filtersarthurdev
2022-09-13firewall: T2199: Move initial firewall tables to datasarthurdev
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-09-12Revert "rfs: T4689: Support RFS(Receive Flow Steering)"Christian Poessinger
This reverts commit 53355271a2864d844daca89a064c21e514e10adb.
2022-09-12graphql: T4690: update resolver for 'SystemStatus' after 'uptime' updateJohn Estabrook
2022-09-12telegraf: T4617: add Restart=always to systemd unitChristian Poessinger
2022-09-12Merge pull request #1526 from roedie/T4665-2Christian Poessinger
T4665: Keepalived: Fix interface names
2022-09-12Merge pull request #1533 from jack9603301/T4689Christian Poessinger
rfs: T4689: Support RFS(Receive Flow Steering)
2022-09-11T4665: Keepalived: Fix interface namesSander Klein
When applying the same VRID for IPv4 and IPv6 with RFC3768 compatibility enabled, the IPv6 interfaces came back with the wrong name. For example: Name Interface VRID State Priority Last Transition ------ ----------- ------ ------- ---------- ----------------- v4-10 eth1v10 10 MASTER 100 21s v6-10 vrrpv10 10 MASTER 100 21s Because of this, the IPv6 interface didn't show up in `show int`. This change suffixes the interface with the IP version so `show int` works again. Name Interface VRID State Priority Last Transition ------ ----------- ------ ------- ---------- ----------------- v4-10 eth1v10v4 10 MASTER 100 21s v6-10 eth1v10v6 10 MASTER 100 21s vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- [....] eth1v10v4 192.168.10.60/24 u/u eth1v10v6 2001:ffff::1/64 u/u [....]
2022-09-12rfs: T4689: Support RFS(Receive Flow Steering)jack9603301
2022-09-10Merge pull request #1532 from initramfs/current-local-policy-priorityChristian Poessinger
policy: T4685: fix non-existent inbound-interface in local-policy(6)
2022-09-10policy: T4685: fix non-existent inbound-interface on commitinitramfs
The local-policy and local-policy6 nodes were missing their priority property causing an ordering issue between the creation of dynamic interfaces (like VLAN/Bonding) and referencing said interface in PBR rules. Add a priority value to order local-policy(6) to be after all interface definitions.
2022-09-09Merge pull request #1531 from sever-sever/T4684John Estabrook
route: T4684: Set execution flag to op-mode route.py
2022-09-09route: T4684: Set execution flag to op-mode route.pyViacheslav Hletenko
Set execution flag to route.py op-mode
2022-09-09Merge pull request #1529 from jestabro/standardize-show-system-storageChristian Poessinger
system: T4682: standardize op-mode 'show system storage'
2022-09-09Merge branch 'current' into standardize-show-system-storageChristian Poessinger
2022-09-09Merge pull request #1528 from jestabro/standardize-show-uptimeChristian Poessinger
system: T4681: convert 'show_uptime.py' script to standardized format
2022-09-08system: T4682: standardize op-mode 'show system storage'John Estabrook
2022-09-08system: T4681: convert 'show_uptime.py' script to standardized formatJohn Estabrook
2022-09-08Merge pull request #1525 from nicolas-fort/T1024Christian Poessinger
T1024: Firewall and Policy route: add option to match dscp value
2022-09-07update-check: T3476: Allow update-check for VyOS imagesViacheslav Hletenko
Ability to autocheck available new images Parse remote URL JSON image-version.json file and compare version VyOS with a local current version, if find diff sent wall message that the new image is available Also, add op-mode command to check images "show system image" With option "auto-check" check will be once per 12 hours set system update-check auto-check set system update-check url 'http://example.com/image-version.json' If new version is available shows it per login (MOTD)
2022-09-07T1024: Firewall and Policy route: add option to match dscp value, both on ↵Nicolas Fort
firewall and in policy route
2022-09-07Merge pull request #1522 from nicolas-fort/T4670zdc
T4670: policy route: extend matching criteria for policy route and route6
2022-09-07GitHub: assign discrete reviewers - GitHub team did not work properlyChristian Poessinger
2022-09-07Merge pull request #1523 from bmhughes/fix-radius-disableChristian Poessinger
radius: T4672: Fix RADIUS server disable template logic
2022-09-06graphql: T4674: print included op-mode error message, if it existsJohn Estabrook
2022-09-06Merge pull request #1524 from jestabro/bridge-op-modeJohn Estabrook
bridge: T4673: raise UnconfiguredSubsystem on non-existent bridge intf
2022-09-06bridge: T4673: raise UnconfiguredSubsystem on non-existent bridge intfJohn Estabrook
2022-09-06radius: T4672: Fix RADIUS server disable template logicBenjamin M. Hughes
2022-09-06T4670: policy route: extend matching criteria for policy route and route6. ↵Nicolas Fort
Matching criteria added: ttl/hoplimit and packet-length
2022-09-04GitHub: change all reviewers to the @vyos/maintainers teamChristian Poessinger
2022-09-03Merge branch 'firewall' into currentChristian Poessinger
* firewall: firewall: T4651: re-implement packet-length CLI option to use <multi/> firewall: T3568: improve default-action help string firewall: T3568: add XML include block for eq,gt,lt options smoketest: firewall: add re-usable variables when running testcases Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules.
2022-09-03firewall: T4651: re-implement packet-length CLI option to use <multi/>Christian Poessinger
2022-09-03firewall: T3568: improve default-action help stringChristian Poessinger
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 16:34:44 +0000