summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2024-08-01T4072: firewall: extend firewall bridge capabilities, in order to include ↵Nicolas Fort
new chains, priorities, and firewall groups
2024-08-01Merge pull request #3221 from lucasec/t5873Christian Breunig
T5873: ipsec remote access VPN: support VTI interfaces.
2024-08-01Merge pull request #3903 from lucasec/ipsec-remote-access-profileChristian Breunig
T6617: T6618: vpn ipsec remote-access: fix profile generators
2024-07-31T5657: Add VRF support for zabbix-agentViacheslav Hletenko
To start the service under VRF requires starting under User=root otherwise it had issues with cgroups
2024-07-30T6617: T6618: vpn ipsec remote-access: fix profile generatorsLucas Christian
2024-07-29Merge pull request #3804 from HollyGurza/T6362Daniil Baturin
T6362: Create conntrack logger daemon
2024-07-26T5873: vpn ipsec remote-access: improve child ESP session namingLucas Christian
2024-07-25OpenVPN CLI-option: T6571: rename ncp-ciphers with data-cipherssrividya0208
2024-07-24Merge pull request #3853 from natali-rs1985/T5552-currentChristian Breunig
system_option: T5552: Apply IPv4 and IPv6 options after reapplying sysctls by TuneD
2024-07-23system_option: T5552: Apply IPv4 and IPv6 options after reapplying sysctls ↵Nataliia Solomko
by TuneD
2024-07-22T5873: vpn ipsec remote-access: support VTI interfacesLucas Christian
2024-07-22Merge pull request #3832 from sever-sever/T6594Christian Breunig
T6594: Add missed pppd_compat module
2024-07-22T6599: ipsec: support disabling rekey of CHILD_SA.Lucas Christian
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections.
2024-07-19SSTP-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19PPTP-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19L2TP-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19IPoE-server: add missed pppd_compat moduleViacheslav Hletenko
2024-07-19T6362: Create conntrack logger daemonkhramshinr
2024-07-05wireless: T6496: use mac-address validator on BSSID and move it up one CLI levelChristian Breunig
2024-07-05wireless: T6496: support for EAP-MSCHAPv2 client over wifiChristopher
fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: incorrect bssid mapping fix: use the correct jinja templating (I think) fix: “remote blank space fix: attempt to fix the formatting in j2 fix: attempt to fix the formatting in j2 feat: rename enterprise username and password + add checks in conf mode. fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part fix: fix indentation on `wpa_supplicant.conf.j2`
2024-07-04Merge pull request #3753 from jvoss/haproxy_loggingChristian Breunig
T6539: add logging options to load-balancer reverse-proxy
2024-07-03T6539: add logging options to load-balancer reverse-proxyJonathan Voss
2024-07-03syslog: T5366: remove reference to deprecated sysvinit rsyslog scriptJohn Estabrook
2024-07-02Merge pull request #3721 from HollyGurza/T5878Daniil Baturin
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option
2024-07-02T6523: Telegraf use nft scripts only if the firewall configuredViacheslav Hletenko
If a firewall is not configured there is no reason to get and execute telegraf firewall custom scripts as there are no nft chain in the firewall nftables configuration
2024-06-28T6452: Add QoS Op Commands (#3591)l0crian1
* T6452: Add QoS Op Commands Added the following commands: show qos shaping show qos shaping detail show qos shaping interface <int name> show qos shaping interface <int name> detail show qos shaping interface <int name> class <class name> show qos shaping interface <int name> class <class name> detail show qos cake interface <int name>
2024-06-28Merge pull request #3720 from sever-sever/T6477Christian Breunig
T6477: Add telegraf loki output plugin
2024-06-28Merge pull request #3730 from natali-rs1985/T5710-currentChristian Breunig
pppoe-server: T5710: Add option permit any-login
2024-06-28T6477: Add telegraf loki output pluginViacheslav Hletenko
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx
2024-06-28pppoe-server: T5710: Add option permit any-loginNataliia Solomko
2024-06-28ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms optionkhramshinr
2024-06-27wireless: T6320: add 802.11ax at 6GHzAlain Lamar
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
2024-06-26vyos-configd: T6510: autogenerate configd-include.jsonChristian Breunig
Now that there is a build time validation that Config() is not instantiated twice in a config mode script, and also as there are no more direct calls on the my_set and my_delete binary, we can auto generate the list of helpers run by vyos-configd.
2024-06-25T3900: extend latest fix for firewall raw implementation to ipv6.Nicolas Fort
2024-06-24T5735: Stunnel CLI and configurationkhramshinr
Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config
2024-06-21Merge pull request #3694 from c-po/T6489-snmpdChristian Breunig
snmp: T6489: use new Python wrapper to interact with config filesystem
2024-06-20snmp: T6489: use new Python wrapper to interact with config filesystemChristian Breunig
Do no longer use my_set and my_delete as this prevents scripts beeing run under supervision of vyos-configd.
2024-06-20T3900: firewall: fix for initial implementation - remove jump to state ↵Nicolas Fort
policy on OUTUT_raw
2024-06-20Merge pull request #3677 from HollyGurza/T5949Christian Breunig
T5949: Add option to disable USB autosuspend
2024-06-19T5949: Add option to disable USB autosuspendkhramshinr
2024-06-18wireless: T6425: Fix broken VHT beamformingAlain Lamar
2024-06-17Merge pull request #3652 from c-po/T6489-unionfsChristian Breunig
T6489: Add support for CLI config scripts that change the underlaying working configuration
2024-06-16wireless: T6318: move country-code to a system wide configurationChristian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code"
2024-06-15login: T6489: add smarter way to interact with the working config instead of ↵Christian Breunig
my_set/my_delete
2024-06-12op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate ↵Nataliia Solomko
output
2024-06-10Merge pull request #3610 from c-po/ipsec-profile-T6424Christian Breunig
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
2024-06-10Merge pull request #3612 from c-po/haproxy-pki-T6463Christian Breunig
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-09pki: T6464: sstpc interface not reloaded when updating SSL certificate(s)Christian Breunig
The SSTPC client was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-09pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)Christian Breunig
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.