summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2023-02-24T5029: Fix Regex for nginx to find a better matchViacheslav Hletenko
2023-02-23T5027: Enable legacy provider to support current ciphersViacheslav Hletenko
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
2023-02-17T5005: PPPoE server allow any login with option noauthViacheslav Hletenko
Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth'
2023-02-15Merge pull request #1817 from sarthurdev/bookwormChristian Breunig
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-13debian: T5003: Fix chronyd start errorsarthurdev
Fixes "chronyd: Fatal error : Not superuser" Fixes "ip[6394]: Failed to open mounts file: No such file or directory" when in VRF
2023-02-13debian: T5003: Fixes dynamic DNS for Bookwormsarthurdev
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev
2023-02-10Merge pull request #1805 from nicolas-fort/T4857-frr-fixChristian Breunig
T4857: snmp: Fix error when not defining client|network under community
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-02-10Merge pull request #1808 from sever-sever/T1993Christian Breunig
T1993: PPPoE-server add section shaper and fwmark option
2023-02-09Merge pull request #1793 from aapostoliuk/T4905-sagittaDaniil Baturin
nhrp: T4905: Rewritten nhrp op-mode in new style
2023-02-09Revert "container: T4959: Add container registry authentication config for ↵Christian Breunig
containers" This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
2023-02-09Merge pull request #1790 from Zen3515/current-add-container-loginChristian Breunig
container: T4959: Add container registry authentication config for containers
2023-02-09Merge pull request #1803 from sever-sever/T4971Christian Breunig
T4971: PPPoE server add named ip pool and attr Framed-Pool
2023-02-08T1993: PPPoE-server add section shaper and fwmark optionViacheslav Hletenko
Extended PPPoE-server rate-limiter to avoid shaping marked resources Often this feature needs for ISP, which provides access to some IX or its resources. set service pppoe-server shaper fwmark '223'
2023-02-08T4857: Fix error when not defining client|network under communityNicolas Fort
2023-02-08T2603: PPPoE-server change default min-mtu value 1280Viacheslav Hletenko
Minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Change 'min-mtu' from 1492 to 1280
2023-02-07T4971: PPPoE server add named ip pool and attr Framed-PoolViacheslav Hletenko
Add a new feature to allow to use named pools Also it can be used with RADIUS attribute 'Framed-Pool' set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2023-02-06ntp: T4980: change chrony deny all logicKyle Mitchell
2023-02-04Merge pull request #1603 from nicolas-fort/T2408Christian Breunig
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
2023-02-04T4817, Corrected formatting.Kyle McClammy
2023-02-04T4817 added support for RFC 9234Kyle McClammy
2023-02-01nhrp: T4905: Rewritten nhrp op-mode in new styleaapostoliuk
1. Formatted output of 'show nhrp' commands to table view 2. Rewritten nhrp op-mode in new style
2023-01-30T4964: Fix template bgpd.frr.j2 for l2vpn vni route-targetsViacheslav Hletenko
Route-target export/import for l2vpn-evpn vni xxx works as leafNode with multiple values We have to use "for" for such values
2023-01-30container: T4959: Add container registry authentication config for containersZen3515
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-28vrrp: T1297: improve gratuitous ARP default value handling and help stringsChristian Breunig
2023-01-28T4958: ocserv: openconnect: refactor RADIUS accounting supportJamie Austin
2023-01-28T4958: ocserv: openconnect: adds support for configuring RADIUS accountingJamie Austin
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-25Merge pull request #1777 from nicolas-fort/T1297-garpChristian Breunig
T1297: VRRP: add garp options to vrrp
2023-01-25T1297: VRRP: add garp options to vrrpNicolas Fort
2023-01-23op-mode: T4942: add op-mode config_mgmt.py to standardized listJohn Estabrook
2023-01-22pppoe: T4948: add CLI option to allow definition of host-uniq flagChristian Breunig
Some ISPs seem to use the host-uniq flag to authenticate client equipment. Add CLI option in VyOS to allow specification of the host-uniq flag. set interfaces pppoe pppoeN host-uniq <value>
2023-01-20 T4939: VRRP startup delay edit correctionfett0
2023-01-19 T4939: VRRP startup delay for bonding fixfett0
2023-01-19 T4939: VRRP startup delay for bonding fixfett0
2023-01-19 T4939: VRRP startup delay for bonding fixfett0
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18T4857: Cleaning prNicolas Fort
2023-01-17Merge pull request #1739 from aapostoliuk/T4864-sagittaChristian Breunig
firewall: T4864: Fixed show zone-policy command output
2023-01-17snmp: T4902: exclude container storage from monitoringChristian Breunig
Excluded to not spam the log as there is an access restriction to that folder which SNMP user can not access.
2023-01-16firewall: T4864: Fixed show zone-policy command outputaapostoliuk
1. Fixed "show zone-policy" command output 2. Rewritten zone-policy op-mode to new style
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-12Merge pull request #1756 from c-po/t4911-lldp-op-modeChristian Breunig
T4911: op-mode: rewrite LLDP in standardised op-mode format
2023-01-12Merge pull request #1752 from sever-sever/T4118Christian Breunig
T4118: Add default value any for connection remote-id
2023-01-12T4911: op-mode: rewrite LLDP in standardised op-mode formatChristian Breunig
2023-01-12T4118: Add default value any for connection remote-idViacheslav Hletenko
If IPsec "peer <tag> authentication remote-id" is not set it should be "%any" by default https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote Set XML default value in use it in the python vpn_ipsec.py script