Age | Commit message (Collapse) | Author |
|
(cherry picked from commit dd5908eac390294ea178953fc0e6821d803d62f6)
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
(cherry picked from commit 9e22ab6b2aee48029d3455f65880e45c558cf1da)
|
|
(cherry picked from commit 663e468de2b431f771534b4e3a2d00a5924b98fe)
|
|
(cherry picked from commit e2b05343b30d2f989968532106e792cbaf75ecf6)
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
Using BGP peer-groups inside a VRF instance will make use if the global VRFs
peer-group list during tab-completion and not the peer-groups defined within
the BGP instance of the given VRF.
|
|
|
|
|
|
T3900: Add support for raw tables in firewall
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
added new syntax to work with class match filters in QoS policy
|
|
reverse-proxy: T6409: Remove unused backend parameters
|
|
T4576: Accel-ppp logging level configuration
|
|
|
|
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
|
|
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
|
|
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
|
|
>=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
|
|
|
|
|
|
|
|
When all the underlay links go down the PE no longer has access to the VxLAN
+overlay.
To prevent blackholing of traffic the server/ES links are protodowned on the PE.
A link can be setup for uplink tracking via the following configuration:
set interfaces ethernet eth0 evpn uplink
|
|
|
|
pppoe-server: T6234: PPPoE-server pado-delay refactoring
|
|
T6273: Allowed the use of "-" and "_" in PPPoE access-concentrator name
|
|
Allowed the use of "-" and "_" in PPPoE access-concentrator name
|
|
|
|
|
|
Add abiilty to change `base_reachable_time_ms` option
/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
|
|
T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config
|
|
config
|
|
|
|
to firewall global-optinos
|
|
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt
|
|
Added params for configuration red on the shaper policy
|
|
in order to not allow string starting with dot character; use such constraint in firewall group definitions.
|
|
ethernet: T5862: default MTU is not acceptable in some environments
|
|
Containers have the ability to add Linux system capabilities to them, this is
done using the "set container name <name> cap-add" command.
The CLI node sounds off and rather should be "set container name <name>
capability" instead as we use and pass a capability to a container and not
add/invent new ones.
|
|
In order to lower the Ethernet default MTU we need to drop the common
defaultValue from the XML mtu-68-16000.xml.i building block. Per interface
default MTU is later overloaded by XML.
|
|
T6192: allow binding SSH to multiple VRF instances
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
|
|
|
|
|
|
|
|
|
|
|
|
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates.
Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
|
|
dhcp-server high-availability>.
|
|
|