Age | Commit message (Collapse) | Author |
|
Add CLI option to include the systems timezone in the syslog message sent to
a collector. This can be enabled using:
set system syslog host <hostname> format include-timezone
(cherry picked from commit 042be39ccabb43a766e04a447207610ff017bd7d)
|
|
(cherry picked from commit 194a14e958ad336d590ba8f076e163f6908dcddc)
|
|
(cherry picked from commit d5ae708581d453e2205ad4cf8576503f42e262b6)
|
|
(cherry picked from commit 4acad3eb8d9be173b76fecafc32b0c70eae9b192)
|
|
(cherry picked from commit eec95109981140f1b4323bcf4526c10c6364d9ae)
|
|
(cherry picked from commit 8500e8658ff10f52739143fd7814cf60c9195f16)
|
|
(cherry picked from commit f2256ad338fc3fbaa9a5de2c0615603cd23e0f94)
|
|
(cherry picked from commit e97d86e619e134f4dfda06efb7df4a3296d17b95)
|
|
(cherry picked from commit dd5908eac390294ea178953fc0e6821d803d62f6)
|
|
system_option: T5552: Apply IPv4 and IPv6 options after reapplying sysctls by TuneD (backport #3853)
|
|
T6599: ipsec: support disabling rekey of CHILD_SA, converge and fix defaults (backport #3841)
|
|
by TuneD
(cherry picked from commit 7b82e4005724683c6311fab22358746f2cca4c1b)
|
|
(cherry picked from commit 8c8054ad5410e8aedf6ab7a0702b317872d4fd41)
|
|
(cherry picked from commit 440a3e6b89748bfd861f580fc8c4f41b58c6cec2)
|
|
(cherry picked from commit ef50cd9954a2d6eb2a041c26a0bb8ea0758b1f17)
|
|
(cherry picked from commit b92bc209cc1d6ed54a5fa052e0c27c54488ae955)
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
(cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
|
|
* wireless: T6425: Fix broken VHT beamforming
(cherry picked from commit f75f0f9c94472f46e056808c3ac6aba809c090f0)
* wireless: T6425: Add smoketests for VHT beamforming
(cherry picked from commit 578fbe0eb436697132e5a738fec5a4ac61ced8da)
* wireless: T6425: adjust to latest country-code changes
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide
configuration") removed the per wifi interface setting for a country-code. This
commit adjust the smoketests to the new design.
(cherry picked from commit 312273c9569d973c510d871adb941709804d8868)
---------
Co-authored-by: Alain Lamar <alain_lamar@yahoo.de>
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
(cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
|
|
If a firewall is not configured there is no reason to get and
execute telegraf firewall custom scripts as there are no nft
chain in the firewall nftables configuration
(cherry picked from commit ebff0c481907ac0c2c0be9981c3c3d87caf3003b)
|
|
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option (backport #3721)
|
|
(cherry picked from commit 977d2fbf7a62a97d98b38cf28e62f08fc9e8d3a2)
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
|
|
pki: T6464: sstpc interface not reloaded when updating SSL certificate(s) (backport #3613)
|
|
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation (backport #3610)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
(cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
|
|
The SSTPC client was not reloaded/restarted with the new SSL certificate(s)
after a change in the PKI subsystem.
This was due to missing dependencies.
(cherry picked from commit 42294ccd904773fa19a6af0f37cf9526321d87e4)
|
|
The haproxy reverse proxy was not reloaded/restarted with the new SSL
certificate(s) after a change in the PKI subsystem. This was due to missing
dependencies.
(cherry picked from commit 6ce8efdc8dafef67541bed89fc7dc7cd83335bf4)
|
|
(cherry picked from commit 60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c)
|
|
(cherry picked from commit 39004c453fb8f71171ba3433ee559b5ff745bebe)
|
|
(cherry picked from commit 3e5cc0b7fb8ae4a0f8b7c9270d9db0a0f252c448)
Co-authored-by: Alex W <embezzle.dev@proton.me>
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
(cherry picked from commit 4d84f786f64d2b80046100ead5d0e8c1eef7418c)
|
|
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
(cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
|
|
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement,
where the later one is more humand readable. Both act in the same way.
(cherry picked from commit a2f0b25452c67528077f343d75de09d038e97fee)
|
|
(cherry picked from commit 03fd368ed263ca28c9b1b5e29f486217784d15ef)
|
|
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
(cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
|
|
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
|
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
(cherry picked from commit 7c438caa2c21101cbefc2eec21935ab55af19c46)
|
|
bridge: T6317: add dependency call for wireless interfaces (backport #3430)
|
|
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
|
|
(cherry picked from commit 431443ab3f663a6617008536d2d6d96407aebfcb)
|
|
(cherry picked from commit 92b468b9a0d5eee8484601568227f7c56e71b119)
|
|
(cherry picked from commit 963daf62d417a3fcccf33ed93904eddd21aa6a02)
|
|
The netns support currently available on the VyOS CLI is only a
proof-of-technology, we have no real support for any service behind it.
In order to not confuse anyone on the LTS branch we decided to remove the
netns option for interfaces until there is a proper usecase and implementation
available.
|
|
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF (backport #3392)
|
|
When adding and removing VRF instances on the fly it was noticed that the vni
statement under the VRF instance in FRR vanishes. This was caused by a race
condition which was previously designed to fix another bug.
The wierd design of a Python helper below the VRF tree to only generate the
VNI configuration nodes is now gone and all is rendered in the proper place.
(cherry picked from commit e7bb65894f86372dc0f6e8fd39b1628e0a224c68)
|
|
(cherry picked from commit 107ee099e82397b31fca8cf1ac3860cbf76f0596)
|