Age | Commit message (Collapse) | Author |
|
new chains, priorities, and firewall groups
|
|
T5873: ipsec remote access VPN: support VTI interfaces.
|
|
T6617: T6618: vpn ipsec remote-access: fix profile generators
|
|
To start the service under VRF requires starting under User=root
otherwise it had issues with cgroups
|
|
|
|
T6362: Create conntrack logger daemon
|
|
|
|
|
|
system_option: T5552: Apply IPv4 and IPv6 options after reapplying sysctls by TuneD
|
|
by TuneD
|
|
|
|
T6594: Add missed pppd_compat module
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`
fix: incorrect bssid mapping
fix: use the correct jinja templating (I think)
fix: “remote blank space
fix: attempt to fix the formatting in j2
fix: attempt to fix the formatting in j2
feat: rename enterprise username and password + add checks in conf mode.
fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part
fix: fix indentation on `wpa_supplicant.conf.j2`
|
|
T6539: add logging options to load-balancer reverse-proxy
|
|
|
|
|
|
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option
|
|
If a firewall is not configured there is no reason to get and
execute telegraf firewall custom scripts as there are no nft
chain in the firewall nftables configuration
|
|
* T6452: Add QoS Op Commands
Added the following commands:
show qos shaping
show qos shaping detail
show qos shaping interface <int name>
show qos shaping interface <int name> detail
show qos shaping interface <int name> class <class name>
show qos shaping interface <int name> class <class name> detail
show qos cake interface <int name>
|
|
T6477: Add telegraf loki output plugin
|
|
pppoe-server: T5710: Add option permit any-login
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
|
|
|
|
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
|
|
Now that there is a build time validation that Config() is not instantiated
twice in a config mode script, and also as there are no more direct calls on
the my_set and my_delete binary, we can auto generate the list of helpers run
by vyos-configd.
|
|
|
|
Add CLI commands
Add config
Add conf_mode
Add systemd config
Add stunnel smoketests
Add log level config
|
|
snmp: T6489: use new Python wrapper to interact with config filesystem
|
|
Do no longer use my_set and my_delete as this prevents scripts beeing run under
supervision of vyos-configd.
|
|
policy on OUTUT_raw
|
|
T5949: Add option to disable USB autosuspend
|
|
|
|
|
|
T6489: Add support for CLI config scripts that change the underlaying working configuration
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
|
|
my_set/my_delete
|
|
output
|
|
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
|
|
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
|
|
The SSTPC client was not reloaded/restarted with the new SSL certificate(s)
after a change in the PKI subsystem.
This was due to missing dependencies.
|
|
The haproxy reverse proxy was not reloaded/restarted with the new SSL
certificate(s) after a change in the PKI subsystem. This was due to missing
dependencies.
|