Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-03-14 | T5055: NAT: extend packet-type match option which was previously introduced ↵ | Nicolas Fort | |
in firewall, to NAT | |||
2023-03-10 | Merge pull request #1871 from nicolas-fort/T5055 | Christian Breunig | |
T5055: Firewall: add packet-type matcher in firewall and route policy | |||
2023-03-10 | container: T4959: add registry authentication option | Christian Breunig | |
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry. | |||
2023-03-09 | xml: T4952: improve interface completion helper CLI experience | Christian Breunig | |
2023-03-06 | T5055: Firewall: add packet-type matcher in firewall and route policy | Nicolas Fort | |
2023-03-01 | Merge pull request #1854 from Yuanandcircle/current | Christian Breunig | |
policy: T5035: Add more actions to policy route rule | |||
2023-02-28 | T4967: xml: provide re-usable constraint for CLI host-name definitions | Christian Breunig | |
2023-02-28 | Merge pull request #1857 from nicolas-fort/nft_queue | Christian Breunig | |
T5037: Firewall: Add queue action and options to firewall | |||
2023-02-28 | T5037: Firewall: Add queue action and options to firewall | Nicolas Fort | |
2023-02-28 | Merge branch 'vyos:current' into current | Youyuan | |
2023-02-28 | Merge pull request #1800 from vfreex/feature-babel | Christian Breunig | |
T4977: Add Babel routing protocol support | |||
2023-02-26 | policy: T5035: Add more actions to policy route rule | Youyuan | |
2023-02-25 | tunnel: T5034: migrate "multicast enable" CLI node to enable-multicast | Christian Breunig | |
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command | |||
2023-02-23 | T5017: Add interface ifbX to constraint interface-name | Viacheslav Hletenko | |
2023-02-18 | T4886: allow connection-mark 0 value, which is acceptable | Nicolas Fort | |
2023-02-17 | qos: classes: helptext: T5015: Escape % in printf | Silvan Raijer | |
2023-02-17 | T5005: PPPoE server allow any login with option noauth | Viacheslav Hletenko | |
Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth' | |||
2023-02-15 | ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes | sarthurdev | |
Not supported with swanctl | |||
2023-02-12 | pppoe: wwan: T4998: fix typo in constraintErrorMessage | Christian Breunig | |
2023-02-12 | pppoe: wwan: T4998: fix username not accepting dot (.) | Christian Breunig | |
This fixes a regressin introduced in commit e22e9c9210cb5 ("wwan: T3622: add constraint for username/password CLI nodes"). | |||
2023-02-10 | interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵ | Christian Breunig | |
sstp-client | |||
2023-02-10 | Merge pull request #1808 from sever-sever/T1993 | Christian Breunig | |
T1993: PPPoE-server add section shaper and fwmark option | |||
2023-02-09 | wwan: T3622: add constraint for username/password CLI nodes | Christian Breunig | |
- Username is up to 128 alphanumerical characters, -, _, #, and @ - Password is limited to ASCII characters only, with a total lenght of 128 | |||
2023-02-08 | T1993: PPPoE-server add section shaper and fwmark option | Viacheslav Hletenko | |
Extended PPPoE-server rate-limiter to avoid shaping marked resources Often this feature needs for ISP, which provides access to some IX or its resources. set service pppoe-server shaper fwmark '223' | |||
2023-02-08 | T4977: Add Babel routing protocol support | Yuxiang Zhu | |
This PR adds basic Babel routing protocol support using the implementation in FRR. Signed-off-by: Yuxiang Zhu <vfreex@gmail.com> | |||
2023-02-07 | T4971: PPPoE server add named ip pool and attr Framed-Pool | Viacheslav Hletenko | |
Add a new feature to allow to use named pools Also it can be used with RADIUS attribute 'Framed-Pool' set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24' | |||
2023-02-04 | qos: xml: T4284: bandwidh unit suffix is optional | Christian Breunig | |
2023-02-04 | bgp: T4817: improve help and constraint error messages | Christian Breunig | |
2023-02-04 | bgp: T4817: add local-role (RFC9234) support for peer-groups | Christian Breunig | |
Extend commit 8a75e92d ("T4817 added support for RFC 9234") to also support peer-groups. | |||
2023-02-04 | qos: T4969: update "match mark" value range | Christian Breunig | |
This improves commit d2885ad0 ("T4969: fix class match mark number"). | |||
2023-02-04 | Merge pull request #1792 from DaniilHarun/current | Christian Breunig | |
T4969: fix class match mark number | |||
2023-02-04 | T4817 added support for RFC 9234 | Kyle McClammy | |
2023-02-02 | ocserv: T3896: CLI help and description rewording | Jamie Austin | |
2023-01-31 | T4969: fix class match mark number | DaniilHarun | |
2023-01-30 | Merge pull request #1761 from sever-sever/T4916-curr | Viacheslav Hletenko | |
T4916: Rewrite IPsec peer authentication and psk migration | |||
2023-01-29 | xml: T1579: allow zero length for description | Christian Breunig | |
Some older VyOS 1.3 installations seem to use zero-length description fields. Do not break them! | |||
2023-01-28 | vrrp: T1297: improve gratuitous ARP default value handling and help strings | Christian Breunig | |
2023-01-28 | T4958: ocserv: openconnect: adds support for configuring RADIUS accounting | Jamie Austin | |
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode | |||
2023-01-26 | T4916: Rewrite IPsec peer authentication and psk migration | Viacheslav Hletenko | |
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4' | |||
2023-01-26 | ocserv: T3896: add CLI options to configure ocserv config-per-user/group | Jamie Austin | |
Adds CLI configurations under VPN - OpenConnect to facilitate per user/group vpn session configurations. Validation has been added to restrict config-per-group to be exclusive to OpenConnect RADIUS authentication as the config file is looked up based on a RADIUS response attribute - as well as sanity check that the necessary configs are configured when not disabled. | |||
2023-01-25 | T1297: VRRP: add garp options to vrrp | Nicolas Fort | |
2023-01-19 | Merge pull request #1697 from nicolas-fort/snmp_rework | Christian Breunig | |
T4857: SNMP: Implement FRR SNMP Recomendations | |||
2023-01-18 | ocserv: T4656: only one IP address is supported to listen on | Christian Breunig | |
2023-01-18 | T4857: change description in cli, and change word oid to uppercase OIDs in ↵ | Nicolas Fort | |
warning message | |||
2023-01-14 | ntp: T3008: migrate from ntpd to chrony | Christian Breunig | |
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony | |||
2023-01-07 | xml: T1579: merge generic-description.xml.i and interface/description.xml.i | Christian Poessinger | |
No need to have two distinct include blocks as one superseeds the other. Also this makes the entire behavior of "description" CLI node simpler. | |||
2023-01-06 | xml: T4883: allow whitespace in generic-description | Christian Poessinger | |
2023-01-05 | static: T4883: re-use description XML building block | Christian Poessinger | |
2023-01-04 | qos: T4284: add bandwidth percentage value | Christian Poessinger | |
2023-01-04 | Merge pull request #1735 from sever-sever/T4904 | Viacheslav Hletenko | |
T4904: keepalived virtual-server allow multiple ports with fwmark |