summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2024-06-21Merge pull request #3694 from c-po/T6489-snmpdChristian Breunig
snmp: T6489: use new Python wrapper to interact with config filesystem
2024-06-20snmp: T6489: use new Python wrapper to interact with config filesystemChristian Breunig
Do no longer use my_set and my_delete as this prevents scripts beeing run under supervision of vyos-configd.
2024-06-20T3900: firewall: fix for initial implementation - remove jump to state ↵Nicolas Fort
policy on OUTUT_raw
2024-06-20Merge pull request #3677 from HollyGurza/T5949Christian Breunig
T5949: Add option to disable USB autosuspend
2024-06-19T5949: Add option to disable USB autosuspendkhramshinr
2024-06-18wireless: T6425: Fix broken VHT beamformingAlain Lamar
2024-06-17Merge pull request #3652 from c-po/T6489-unionfsChristian Breunig
T6489: Add support for CLI config scripts that change the underlaying working configuration
2024-06-16wireless: T6318: move country-code to a system wide configurationChristian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code"
2024-06-15login: T6489: add smarter way to interact with the working config instead of ↵Christian Breunig
my_set/my_delete
2024-06-12op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate ↵Nataliia Solomko
output
2024-06-10Merge pull request #3610 from c-po/ipsec-profile-T6424Christian Breunig
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
2024-06-10Merge pull request #3612 from c-po/haproxy-pki-T6463Christian Breunig
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-09pki: T6464: sstpc interface not reloaded when updating SSL certificate(s)Christian Breunig
The SSTPC client was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-09pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)Christian Breunig
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-07reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-05migration: T6006: update config.boot.default and move to vyos-1xJohn Estabrook
2024-06-05Merge pull request #3584 from dmbaturin/T6446-display-support-urlDaniil Baturin
show version: T6446: display the support URL for LTS builds
2024-06-05Merge pull request #3571 from fett0/T6429Daniil Baturin
isis: T6429: fix isis metric-style configuration missing
2024-06-05show version: T6446: display the support URL for LTS buildsDaniil Baturin
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-05-31isis: T6429: fix isis metric-style configuration missingfett0
2024-05-30Merge pull request #3510 from HollyGurza/T4576Daniil Baturin
T4576: Accel-ppp logging level configuration
2024-05-30Merge pull request #3552 from c-po/ipsec-profileChristian Breunig
op-mode: ipsec: T6407: fix profile generation
2024-05-30Merge pull request #3546 from c-po/haproxyChristian Breunig
reverse-proxy: T6419: build full CA chain when verifying backend server
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile.
2024-05-29reverse-proxy: T5231: better mark v4v6 listen any addressChristian Breunig
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way.
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-27T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-23suricata: T751: use key_mangling in get_config_dict()Christian Breunig
2024-05-21reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
2024-05-17Merge pull request #3466 from sever-sever/T6350Daniil Baturin
T6350: CGNAT add op-mode to show allocation
2024-05-16T6350: CGNAT add op-mode to show allocationViacheslav Hletenko
Add op-mode command `show nat cgnat allocation` to get CGNAT allocations (internal address, external address, port-range)
2024-05-16Merge pull request #3458 from l0crian1/T6335-add-evpn-opChristian Breunig
T6335: Add/Update EVPN op commands
2024-05-16Merge pull request #3450 from HollyGurza/T5756Christian Breunig
T5756: L2TP RADIUS backup and weight settings
2024-05-15T6335: Add/Update EVPN op commandsl0crian1
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac
2024-05-15T3900: add support for raw table in firewall.Nicolas Fort
2024-05-15T5756: L2TP RADIUS backup and weight settingskhramshinr
2024-05-14T3420: Remove service upnpViacheslav Hletenko
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation.
2024-05-12suricata: T751: Initial support for suricataMaxime THIEBAUT
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
2024-05-10Merge pull request #3430 from c-po/bridge-T6317Christian Breunig
bridge: T6317: add dependency call for wireless interfaces
2024-05-09sstp: T4393: Add support to configure host-name (SNI)Nataliia Solomko
2024-05-08bridge: T6317: add dependency call for wireless interfacesChristian Breunig
2024-05-04T6291: Add bonding.py to op-mode-standardized.jsonl0crian1
2024-05-01Merge pull request #3392 from c-po/bgp-evpn-T6189Christian Breunig
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF
2024-05-01vrf: T6189: render FRR L3VNI configuration when creating VRF instanceChristian Breunig
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place.