summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-08-19ethernet: T4538: fix wrong systemd unit used for EAPoLChristian Poessinger
When MACsec was bound to an ethernet interface and the underlaying source-interface got changed (even description only) this terminated the MACsec session running on top of it. The root cause is when EAPoL was implemented in commit d59354e52a8a7f we re-used the same systemd unit which is responsible for MACsec. That indeed lead to the fact that wpa_supplicant was always stopped when anything happened on the underlaying source-interface that was not related to EAPoL.
2022-08-19UPnP: T4611: Rule must be as prefix instead of an addressViacheslav Hletenko
From the doc miniupnpd IP/mask format must be nnn.nnn.nnn.nnn/nn Comment out invalid option "anchor"
2022-08-18firewall: T4622: Add TCP MSS optionViacheslav Hletenko
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460'
2022-08-17nat: T538: Add static NAT one-to-oneViacheslav Hletenko
Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number
2022-08-16Merge pull request #1475 from sever-sever/T4613Christian Poessinger
upnp: T4613: Verify listen key in dictionary
2022-08-16Merge pull request #1474 from DaniilHarun/currentChristian Poessinger
T4619: Replacing instead of adding a static arp entry
2022-08-16UPnP: T4620: Fix Jinja2 template rulesViacheslav Hletenko
2022-08-16upnp: T4613: Verify listen key in dictionaryViacheslav Hletenko
There is no check if 'listen' is exist in the dictionary, fix it Fix odd ValueHelp format
2022-08-16T4619: Replacing instead of adding a static arp entryDaniilHarun
2022-08-16Merge pull request #1462 from sever-sever/T4596Christian Poessinger
ocserv: T4596: Rewrite show openconnect sessions op-mode
2022-08-16Debian: T4584: remove version number from hostap package requirementChristian Poessinger
2022-08-16Merge pull request #1471 from mkorobeinikov/currentChristian Poessinger
dhcp-relay: T4601: restart dhcp relay-agent
2022-08-16dhcp-relay: T4601: restart dhcp relay-agentmkorobeinikov
The command "restart dhcp relay-agent" doesn't restart "isc-dhcp-relay" service.
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain>
2022-08-15smoketest: ocserv: implement config file validationChristian Poessinger
2022-08-15ocserv: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2022-08-15Merge pull request #1468 from sever-sever/T4609Christian Poessinger
container: T4609: Fix restart container
2022-08-15container: T4609: Fix restart containerViacheslav Hletenko
Add 2 dashes for arg "name"
2022-08-15Merge pull request #1465 from sever-sever/T4595Christian Poessinger
dmvpn: T4595: Fix dpd profile options
2022-08-11Merge pull request #1464 from sever-sever/T4603Christian Poessinger
l2tp: T4603: Add RADIUS nas-ip-address option
2022-08-10dmvpn: T4595: Fix dpd profile optionsViacheslav Hletenko
Fix template for configuration DMVPN IKE profile dead-peer-detection delay and dead-peer-detecion timeout options
2022-08-10l2tp: T4603: Add RADIUS nas-ip-address optionViacheslav Hletenko
Add l2tp authentication radius nas-ip-address option which will be sent in NAS-IP-Address Radius attribute
2022-08-08Merge pull request #1461 from nicolas-fort/nat66-excludeChristian Poessinger
nat66: T4598: Add exclude options in nat66
2022-08-08nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵Nicolas Fort
and nat-rule.xml.i
2022-08-06ocserv: T4596: Rewrite show openconnect sessions op-modeViacheslav Hletenko
Rewrite "show openconnect-server sessions" to vyos.opmode format Ability to get raw and formatted output Ability to get data via API
2022-08-05Merge pull request #1460 from sever-sever/T4597Christian Poessinger
ocserv: T4597: Check bind port before openconnect commit
2022-08-05nat66: T4598: Add exclude options in nat66Nicolas Fort
2022-08-05ocserv: T4597: Check bind port before openconnect commitViacheslav Hletenko
Check if openconnect listen port is available and not used by another service
2022-08-05Merge pull request #1459 from dmbaturin/genop-exnViacheslav Hletenko
T2719: add an exception hierarchy for op mode errors
2022-08-05bgp: T4257: bugfixes after renaming "local-as" to "system-as"Christian Poessinger
2022-08-04Merge https://github.com/Cheeze-It/vyos-1x into currentChristian Poessinger
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as"
2022-08-04macsec: T4537: macsec_csindex can be set even without encryptionChristian Poessinger
2022-08-04smoketest: macsec: T4537: validate macsec_csindex for both AES-GCM-128 and ↵Christian Poessinger
AES-GCM-256
2022-08-04T2719: add an exception hierarchy for op mode errorsDaniil Baturin
2022-08-04Merge pull request #1457 from sever-sever/T4586Christian Poessinger
nat66: T4586: Add SNAT destination prefix and DNAT address
2022-08-04ipsec: T4594: Rewrite op-mode show vpn ipsec saViacheslav Hletenko
Rewrite op-mode "show vpn ipsec sa" to new format Use vyos.opmode format Ability to get raw and formatted output
2022-08-04graphql: T4544: Add ipsec.py to op-mode-standardized.jsonViacheslav Hletenko
Add overwritten script 'ipsec.py' to 'op-mode-standardized.json'
2022-08-04utils: T4594: Add convert_data utilViacheslav Hletenko
Convert multiple types of data to types usable in CLI For example 'vici' returns values in bytestring/bytes and we can decode them all at once
2022-08-04macsec: T4592: can not create two interfaces using the same source-interfaceChristian Poessinger
2022-08-04vyos.config.configdict: T4592: only print interface name, not interface dict ↵Christian Poessinger
on error
2022-08-04smoketest: macsec: T4537: verify macsec_csindexChristian Poessinger
2022-08-03Merge pull request #1369 from nicolas-fort/T4480Daniil Baturin
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config
2022-08-03nat66: T4586: Add SNAT destination prefix and DNAT addressViacheslav Hletenko
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66
2022-08-03validators: T4586: Add IPv6 exclude validators for address/prefixViacheslav Hletenko
Add IPV6 exclude validators: - ipv6-address-exclude - ipv6-prefix-exclude Will use in nat66 source/destination
2022-08-02Merge pull request #1456 from sever-sever/T4585Christian Poessinger
containers: T4585: Add option restart to containers.py
2022-08-02containers: T4585: Add option restart to containers.pyViacheslav Hletenko
Add option restart to `containers.py`
2022-08-02Merge pull request #1455 from sever-sever/T4544Christian Poessinger
graphql: T4544: Add overwritten scripts op-mode-standardized.json
2022-08-02graphql: T4544: Add overwritten scripts op-mode-standardized.jsonViacheslav Hletenko
Add overwritten scripts to 'op-mode-standardized.json'
2022-08-02Merge pull request #1454 from sever-sever/T4585Christian Poessinger
container: T4585: Rewrite show container
2022-08-02container: T4585: Rewrite show containerViacheslav Hletenko
Rewrite op-mode: - show container - show container network - show container image to the new vyos.opmode format