summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2024-07-22T6599: ipsec: support disabling rekey of CHILD_SA.Lucas Christian
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections.
2024-07-19SSTP-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19PPTP-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19L2TP-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19IPoE-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19T6362: Create conntrack logger daemonkhramshinr
2024-07-05wireless: T6496: use mac-address validator on BSSID and move it up one CLI levelChristian Breunig
2024-07-05wireless: T6496: support for EAP-MSCHAPv2 client over wifiChristopher
fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: incorrect bssid mapping fix: use the correct jinja templating (I think) fix: “remote blank space fix: attempt to fix the formatting in j2 fix: attempt to fix the formatting in j2 feat: rename enterprise username and password + add checks in conf mode. fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part fix: fix indentation on `wpa_supplicant.conf.j2`
2024-07-04Merge pull request #3753 from jvoss/haproxy_loggingChristian Breunig
T6539: add logging options to load-balancer reverse-proxy
2024-07-03T6539: add logging options to load-balancer reverse-proxyJonathan Voss
2024-07-03syslog: T5366: remove reference to deprecated sysvinit rsyslog scriptJohn Estabrook
2024-07-02Merge pull request #3721 from HollyGurza/T5878Daniil Baturin
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option
2024-07-02T6523: Telegraf use nft scripts only if the firewall configuredViacheslav Hletenko
If a firewall is not configured there is no reason to get and execute telegraf firewall custom scripts as there are no nft chain in the firewall nftables configuration
2024-06-28Merge pull request #3720 from sever-sever/T6477Christian Breunig
T6477: Add telegraf loki output plugin
2024-06-28Merge pull request #3730 from natali-rs1985/T5710-currentChristian Breunig
pppoe-server: T5710: Add option permit any-login
2024-06-28T6477: Add telegraf loki output pluginViacheslav Hletenko
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx
2024-06-28pppoe-server: T5710: Add option permit any-loginNataliia Solomko
2024-06-28ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms optionkhramshinr
2024-06-27wireless: T6320: add 802.11ax at 6GHzAlain Lamar
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
2024-06-25T3900: extend latest fix for firewall raw implementation to ipv6.Nicolas Fort
2024-06-24T5735: Stunnel CLI and configurationkhramshinr
Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config
2024-06-20T3900: firewall: fix for initial implementation - remove jump to state ↵Nicolas Fort
policy on OUTUT_raw
2024-06-20Merge pull request #3677 from HollyGurza/T5949Christian Breunig
T5949: Add option to disable USB autosuspend
2024-06-19T5949: Add option to disable USB autosuspendkhramshinr
2024-06-18wireless: T6425: Fix broken VHT beamformingAlain Lamar
2024-06-12op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate ↵Nataliia Solomko
output
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-07reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-05Merge pull request #3584 from dmbaturin/T6446-display-support-urlDaniil Baturin
show version: T6446: display the support URL for LTS builds
2024-06-05Merge pull request #3571 from fett0/T6429Daniil Baturin
isis: T6429: fix isis metric-style configuration missing
2024-06-05show version: T6446: display the support URL for LTS buildsDaniil Baturin
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-05-31isis: T6429: fix isis metric-style configuration missingfett0
2024-05-30Merge pull request #3510 from HollyGurza/T4576Daniil Baturin
T4576: Accel-ppp logging level configuration
2024-05-30Merge pull request #3552 from c-po/ipsec-profileChristian Breunig
op-mode: ipsec: T6407: fix profile generation
2024-05-30Merge pull request #3546 from c-po/haproxyChristian Breunig
reverse-proxy: T6419: build full CA chain when verifying backend server
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile.
2024-05-29reverse-proxy: T5231: better mark v4v6 listen any addressChristian Breunig
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way.
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-27T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-23suricata: T751: use key_mangling in get_config_dict()Christian Breunig
2024-05-21reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
2024-05-16Merge pull request #3450 from HollyGurza/T5756Christian Breunig
T5756: L2TP RADIUS backup and weight settings
2024-05-15T3900: add support for raw table in firewall.Nicolas Fort
2024-05-15T5756: L2TP RADIUS backup and weight settingskhramshinr
2024-05-14T3420: Remove service upnpViacheslav Hletenko
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation.
2024-05-12suricata: T751: Initial support for suricataMaxime THIEBAUT