Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-04-20 | ocserv: T3896: refactor: change ocserv config-per-x node name | Jamie Austin | |
Changes the node name from config-per-x to identity-based-config, as a result the j2 templates and vpn_openeconnect.py has been refactored to update the node name when accessing it's child nodes. | |||
2023-02-02 | ocserv: T3896: CLI help and description rewording | Jamie Austin | |
2023-01-26 | ocserv: T3896: add CLI options to configure ocserv config-per-user/group | Jamie Austin | |
Adds CLI configurations under VPN - OpenConnect to facilitate per user/group vpn session configurations. Validation has been added to restrict config-per-group to be exclusive to OpenConnect RADIUS authentication as the config file is looked up based on a RADIUS response attribute - as well as sanity check that the necessary configs are configured when not disabled. | |||
2023-01-25 | T1297: VRRP: add garp options to vrrp | Nicolas Fort | |
2023-01-19 | Merge pull request #1697 from nicolas-fort/snmp_rework | Christian Breunig | |
T4857: SNMP: Implement FRR SNMP Recomendations | |||
2023-01-18 | ocserv: T4656: only one IP address is supported to listen on | Christian Breunig | |
2023-01-18 | T4857: change description in cli, and change word oid to uppercase OIDs in ↵ | Nicolas Fort | |
warning message | |||
2023-01-14 | ntp: T3008: migrate from ntpd to chrony | Christian Breunig | |
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony | |||
2023-01-07 | xml: T1579: merge generic-description.xml.i and interface/description.xml.i | Christian Poessinger | |
No need to have two distinct include blocks as one superseeds the other. Also this makes the entire behavior of "description" CLI node simpler. | |||
2023-01-06 | xml: T4883: allow whitespace in generic-description | Christian Poessinger | |
2023-01-05 | static: T4883: re-use description XML building block | Christian Poessinger | |
2023-01-04 | qos: T4284: add bandwidth percentage value | Christian Poessinger | |
2023-01-04 | Merge pull request #1735 from sever-sever/T4904 | Viacheslav Hletenko | |
T4904: keepalived virtual-server allow multiple ports with fwmark | |||
2023-01-02 | xml: qos: T4284: fix DSCP CLI values | Christian Poessinger | |
2023-01-02 | T4904: keepalived virtual-server allow multiple ports with fwmark | Viacheslav Hletenko | |
Allow multiple ports for high-availability virtual-server The current implementation allows balance only one "virtual" address and port between between several "real servers" Allow matching "fwmark" to set traffic which should be balanced Allow to set port 0 (all traffic) if we use "fwmark" Add health-check script set high-availability virtual-server 203.0.113.1 fwmark '111' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0' | |||
2023-01-02 | Merge pull request #1725 from sever-sever/T4893 | Christian Poessinger | |
T4893: Add ppp-options ipv6-interface-id for L2TP | |||
2023-01-01 | qos: T4284: first implementation introducing a new vyos.qos module | Christian Poessinger | |
2022-12-30 | T4893: Add ppp-options ipv6-interface-id for L2TP | Viacheslav Hletenko | |
Add ppp-options IPv6 interface id for vpn L2TP - fixed or random interface identifier for IPv6 - peer interface identifier for IPv6 - whether to accept peer’s interface identifier set vpn l2tp remote-access ppp-options ipv6-accept-peer-intf-id set vpn l2tp remote-access ppp-options ipv6-intf-id 'random' set vpn l2tp remote-access ppp-options ipv6-peer-intf-id 'calling-sid' | |||
2022-12-24 | T4893: Move ppp-opt ipv6-intf-id to include section accel-ppp | Viacheslav Hletenko | |
Move PPPoE-server ppp-options XML ipv6-intf-id to 'include' section accel-ppp It allows to use the same code for different accel-ppp services | |||
2022-12-23 | firewall: T2199: Fix typo in `rule-log-level.xml.i` header | sarthurdev | |
2022-12-23 | firewall: T2199: Add mac-address match to `destination` side | sarthurdev | |
2022-12-23 | container: T4870: bump package version 0 -> 1 for filesystem change | Christian Poessinger | |
move from vfs to overlay driver The following pre iage upgrade script must be executed to have containers after the reboot: for pod in $(cli-shell-api listActiveNodes container name); do systemctl stop vyos-container-${pod//\'}.service done sed -i 's/vfs/overlay/g' /etc/containers/storage.conf /usr/share/vyos/templates/container/storage.conf.j2 rm -rf /usr/lib/live/mount/persistence/container/storage/libpod for pod in $(cli-shell-api listActiveNodes container name); do image=$(cli-shell-api returnActiveValue container name ${pod//\'} image) podman image pull $image systemctl start vyos-container-${pod//\'}.service done for dir in vfs vfs-containers vfs-images vfs-layers; do rm -rf /usr/lib/live/mount/persistence/container/storage/$dir done | |||
2022-12-19 | T4886: Firewall and route policy: Add connection-mark feature to vyos. | Nicolas Fort | |
2022-12-17 | Merge pull request #1626 from nicolas-fort/fwall_group_interface | Christian Poessinger | |
T4780: Firewall: add firewall groups in firewall. Extend matching cri… | |||
2022-12-15 | firewall: T4882: add missing ICMPv6 type names | initramfs | |
2022-12-14 | Merge pull request #1706 from jestabro/validator-file-exists | John Estabrook | |
validators: T4798: replace python file-exists validator with file-path | |||
2022-12-14 | validators: T4875: use file-path to replace validator 'interface-name' | John Estabrook | |
2022-12-13 | validators: T4798: replace python file-exists validator with file-path | John Estabrook | |
2022-12-11 | pppoe: xml: T4792: split "no-peer-dns" CLI node into building block | Christian Poessinger | |
2022-12-11 | xml: ddns: T4792: split "server" CLI node into building block | Christian Poessinger | |
2022-12-02 | T4854: route reflector allows to apply route-maps | fett0 | |
2022-12-02 | T4858: Fix l3vpn Route Distinguisher validator | fett0 | |
2022-11-29 | xml: telegraf: T4680: add missing comment in listen-address-single.xml.i | Christian Poessinger | |
2022-11-24 | Merge pull request #1641 from Rain/T4612-arbitrary-netmasks | Christian Poessinger | |
firewall: T4612: Support arbitrary netmasks | |||
2022-11-19 | T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵ | Nicolas Fort | |
so this new group can be used in inbound and outbound matcher | |||
2022-11-11 | policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵ | sarthurdev | |
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle | |||
2022-11-03 | Merge pull request #1633 from sarthurdev/fqdn | Christian Poessinger | |
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT | |||
2022-11-03 | nat: T1877: T970: Add firewall groups to NAT | sarthurdev | |
2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
`fqdn` node | |||
2022-11-03 | validators: T4795: migrate mac-address python validator to validate-value | Christian Poessinger | |
Instead of spawning the Python interpreter for every mac-address to validate, rather use the base validate-value OCaml implementation which is much faster. This removes redundant code and also makes the CLI more responsive. Validator is moved out to a dedicated file instead of using XML inlined <regex> for the reason of re-usability. So if that regex needs to be touched again - it can all happen in one single file. | |||
2022-11-03 | xml: T4795: provide common and re-usable XML definitions for policy | Christian Poessinger | |
Remove duplicated code and move to single-source of truth. | |||
2022-10-31 | ipsec: T4787: add support for road-warrior/remote-access RADIUS timeout | Christian Poessinger | |
This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor. | |||
2022-10-29 | static: T4784: add description node for static route/route6 tagNodes | Christian Poessinger | |
2022-10-21 | graphql: T4768: change name of api child node from 'gql' to 'graphql' | John Estabrook | |
2022-10-13 | T4739: OSPF segment routing being refactored | Cheeze_It | |
2022-10-13 | T4739: ISIS segment routing being refactored | Cheeze_It | |
2022-10-13 | monitoring: T4312: Ability to set IP address in the URL | Viacheslav Hletenko | |
Use common "url.xml" which allow URL as domain name or IP entrie | |||
2022-10-11 | xml: ospf: isis: T4739: merge include files for MPLS segment-routing | Christian Poessinger | |
2022-10-11 | Merge pull request #1574 from Cheeze-It/current | Christian Poessinger | |
isis: T4739: ISIS segment routing being refactored | |||
2022-10-11 | Merge pull request #1547 from initramfs/current-limiter-actions | Christian Poessinger | |
qos: T4688: add xml template for limiter actions |