Age | Commit message (Collapse) | Author |
|
Add new feature to allow to use named pools
Can be used also with Radius attribute 'Framed-Pool'
set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
Add new bgp parameter 'no-suppress-duplicates'
set protocols bgp parameters no-suppress-duplicates
|
|
ike-group: T4288 : close-action is missing in swanctl.conf
|
|
close-action parameter is missing in the swanctl.conf file
|
|
|
|
According to a wrong bug [1] there is no longer a vrf suffix available for
interfaces. This got changed in [2] which no longer print vrf name for
interface config when using vrf-lite.
1: https://github.com/FRRouting/frr/issues/10805
2: https://github.com/FRRouting/frr/pull/10411
|
|
|
|
into current
* 'T2493-nexthop-unchanged' of https://github.com/plett/vyos-1x:
policy: T2493 ip-next-hop unchanged & peer-address
|
|
Also add ipv6-next-hop peer-address
|
|
* Removed `/var/log/auth.log` and `/var/log/messages` from
`/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled
items what leads to service error.
* Removed generation config file for `/var/log/messages` from
`system-syslog.py` - this should be done from `syslom logs` now.
* Generate each logfile from `system syslog file` to a dedicated
logrotate config file.
* Fixed logrotate config file names in
`/etc/rsyslog.d/vyos-rsyslog.conf`.
* Added default logrotate settins for `/var/log/messages`
|
|
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
|
|
|
|
Instead of hardcoding the default behavior inside the Jinaj2 template, all
defaults are required to be specified inside teh XML definition. This is
required to automatically render the appropriate CLI tab completion commands.
|
|
ipsec: T1856: Ability to set SA life bytes and packets
|
|
set vpn ipsec site-to-site peer 192.0.2.14 connection-type none
|
|
set vpn ipsec esp-group grp-ESP life-bytes '100000'
set vpn ipsec esp-group grp-ESP life-packets '2000000'
|
|
* t4203-dhcp:
smoketest: dhcp: T4203: move testcase to base class
static: T4203: obey interface dhcp default route distance
interface: T4203: prevent DHCP client restart if not necessary
|
|
vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on options
|
|
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes")
added a bug whenever a static route is modified - the DHCP interface will
always end up with metric 210 - if there was a default route over a DHCP
interface.
|
|
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn
charon.install_virtual_ip_on
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
set vpn ipsec options flexvpn
set vpn ipsec options virtual-ip
set vpn ipsec options interface tunX
set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x
|
|
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
|
|
dhcp: T3600: Fix DHCP static table dhcp-interface route
|
|
Input filter for firewall allows to get bytes/counters from
nftables in format, required for InfluxDB2
|
|
Static table dhcp-interface route required table in template
Without table this route will be placed to table 'main' by default
|
|
monitoring: T3872: Fix template input plugin for running services
|
|
|
|
Add required capability for input scripts which collect
statistics of running services
|
|
|
|
upnpd: T3420: Support UPNP protocol
|
|
Telegraf inputs iptables plugin incompatible with nftables
As it tries to get statistics from "iptables -L -n -v"
which doesnt display required data in 1.4 as we don't use
iptables anymore
|
|
Disable distribution-specified extra version suffix is included
during initial protocol handshake
SSH-2.0-OpenSSH_8.4p1 Debian-5 => SSH-2.0-OpenSSH_8.4p1
|
|
DHCP: T4196: fix client-prefix-length parameter
|
|
|
|
Example syslog: [FWNAME-default-D] ...
* Also clean-up firewall default-action
|
|
firewall: T3560: Add support for MAC address groups
|
|
|
|
|
|
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.
|
|
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
|
|
|
|
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
|
|
Telegraf ethtool input filter expected ethX interfaces and not
other interfaces like vlans/tunnels/dummy
Add "interface_include" option to telegraf template.
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
file for group definitions.
|
|
In order to have a consistent looking CLI we should rename this CLI node.
There is:
* access-list and access-list6 (policy)
* prefix-list and prefix-list6 (policy)
* route and route6 (static routes)
|
|
|
|
|