Age | Commit message (Collapse) | Author |
|
(cherry picked from commit f75f0f9c94472f46e056808c3ac6aba809c090f0)
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
(cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
|
|
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option (backport #3721)
|
|
(cherry picked from commit 977d2fbf7a62a97d98b38cf28e62f08fc9e8d3a2)
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
If a firewall is not configured there is no reason to get and
execute telegraf firewall custom scripts as there are no nft
chain in the firewall nftables configuration
(cherry picked from commit ebff0c481907ac0c2c0be9981c3c3d87caf3003b)
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
T751: Remove ids suricata
|
|
snmp: T6489: use new Python wrapper to interact with config filesystem (backport #3694)
|
|
my_set/my_delete
(cherry picked from commit da29c9b3ab7b0cc23d64c8b033fc5a79c1b09174)
|
|
Do no longer use my_set and my_delete as this prevents scripts beeing run under
supervision of vyos-configd.
(cherry picked from commit 7e0e8101998a6c8de6cb93c42bfbf1278c13f226)
|
|
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
|
|
output
|
|
|
|
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
|
|
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
|
|
The SSTPC client was not reloaded/restarted with the new SSL certificate(s)
after a change in the PKI subsystem.
This was due to missing dependencies.
|
|
The haproxy reverse proxy was not reloaded/restarted with the new SSL
certificate(s) after a change in the PKI subsystem. This was due to missing
dependencies.
|
|
|
|
T3900: Add support for raw tables in firewall
|
|
|
|
show version: T6446: display the support URL for LTS builds
|
|
isis: T6429: fix isis metric-style configuration missing
|
|
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
|
|
|
|
T4576: Accel-ppp logging level configuration
|
|
op-mode: ipsec: T6407: fix profile generation
|
|
reverse-proxy: T6419: build full CA chain when verifying backend server
|
|
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
|
|
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement,
where the later one is more humand readable. Both act in the same way.
|
|
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
|
|
suricata: T751: Initial support for suricata
|
|
|
|
|
|
T6350: CGNAT add op-mode to show allocation
|
|
Add op-mode command `show nat cgnat allocation` to get CGNAT
allocations (internal address, external address, port-range)
|
|
T6335: Add/Update EVPN op commands
|
|
T5756: L2TP RADIUS backup and weight settings
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
|
|
|
|
|
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
|
|
|
|
|
|
bridge: T6317: add dependency call for wireless interfaces
|
|
|