Age | Commit message (Collapse) | Author |
|
T4727: Add RADIUS rate-limit attribute for vpn pptp
|
|
Add rate-limit attribute, multiplier, vendor specific attribute
for the [shaper] section
|
|
|
|
Container registry CLI node changed from leafNode to tagNode with the same
defaults. In addition we can now configure an authentication option per
registry.
(cherry picked from commit fe82d86d3e87cb8d92ebc9d0652c08e3dd79a12c)
|
|
Event-handler allows executing a custom script when detects
some configured "pattern regex"
set service event-handler event first filter pattern '.*ssh2.*'
set service event-handler event first script arguments '192.0.2.5'
set service event-handler event first script environment interface value 'eth0'
set service event-handler event first script path '/config/scripts/hello.sh'
It is the backport from 1.4
|
|
(cherry picked from commit d14a6814acb173cdc6df13212620f7da330434ed)
|
|
Ability setting container hostname
This host name is used as /etc/hostname
set container name <tag> host-name 'mybox'
(cherry picked from commit c68d73e6720a7df2b48df17ac7b9b4c906e0294c)
|
|
options for containers
(cherry picked from commit 53aebddb4ca54b0cc4a296d6cc4c4d960c5f1d73)
|
|
Based on wpa_supplicant documentation.
mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit)
hex-string (2..64 hex-digits)
Changed allowable length of CKN from strong 64 hex-digits
to the range (2..64 hex-digits)
|
|
T4971: PPPoE server add named ip pool and attr Framed-Pool
|
|
T1993: PPPoE-server add section shaper and fwmark option
|
|
Add a new feature to allow to use named pools
Also it can be used with RADIUS attribute 'Framed-Pool'
set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
Add accel-ppp include client-ip-pool-name.xml.i
Can be used in other accep-ppp CLI as "include"
|
|
Extended PPPoE-server rate-limiter to avoid shaping marked resources
Often this feature needs for ISP, which provides access to some IX
or its resources.
set service pppoe-server shaper fwmark '223'
|
|
Minimum acceptable MTU. If client will try to negotiate less then
specified MTU then it will be NAKed or disconnected if rejects
greater MTU.
Change 'min-mtu' from 1492 to 1280 for 1.3.3
|
|
T4947: container: fix existing issues in equuleus after backport from 1.4
|
|
VyOS 1.3 does not support automatic generation of the (default: <>) string
from XML defaultValue nodes. Specify help string manually.
|
|
pppoe: T4948: add CLI option to allow definition of host-uniq flag (equuleus backport)
|
|
container: T4947: support mounting container volumes as ro or rw (equuleus backport)
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
(cherry-picked from commit 38bab79324087df5a9057c23b85a0a784c09540a)
|
|
(cherry-picked from commit 046bb9ccd56ac5e97c638bb4a9ca856d3d36026a)
|
|
(cherry picked from commit f0bc6c62016d285f0645c4b3ba8b1451c40c637f)
|
|
Whenever a container is used and a folder is mounted, this happenes as
read-write which is the default in Docker/Podman - so is the default in VyOS.
A new option is added "set container name foo volume mode <ro|rw>" to specify
explicitly if rw (default) or ro should be used for this mounted folder.
(cherry picked from commit 275ea7303cfdb79c042da1b710622aee17a488a8)
|
|
[1.3] T4832: dhcp: Add dhcp option to signal IPv6-only support (RFC 8925)
|
|
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
|
|
container: T578: backport podman from 1.4 development branch (equuleus)
|
|
|
|
(cherry picked from commit e5a5684eb4004772439b2dc33ec21b7546db3fe1)
|
|
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to
force VXLAN send underlay UDP traffic through the VRF where the dummy interface
resides.
However dummy interface has no mtu option so it always gets an MTU of 1500.
This will cause an error when the mtu of dummy is not large enough for the
VXLAN traffic.
Adding this option in the config template will solve this.
(cherry picked from commit 1440ef93e13d15e2247cbfc2cb4ea2afb266fc9e)
|
|
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
|
|
T3810: Fixed all issues in T3810
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
5. Fixed generation dest local sections in squidGuard.conf
6. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
7. Backported all changes from 1.4 to 1.3 which were made in T3810
8. Fixed webproxy smoketest
|
|
This add the AdvRASrcAddress configuration option to configure
a source address for the router advertisements. The source
address still must be configured on the system. This is useful
for VRRP setups where you want fe80::1 on the VRRP interface
for cleaner VRRP failovers.
|
|
backport: T4515: T4219: policy local-route6 and inbound-interface support
|
|
firewall: T4709: fix firewall MSS clamping issues
|
|
Clients supporting this DHCP option (DHCP option 108, per RFC 8925) will
disable its IPv4 network stack for configured number of seconds
and operate in IPv6-only mode.
Example clients supporting this option including iOS 15+ and macOS 12.0.1+.
|
|
(cherry picked from commit 3f91033927d80748b70e1ef58b2941643d1aca33)
|
|
(cherry picked from commit dda62226353ebc198b4dbbd319412bb5d1d1ece2)
|
|
ddclient: T4743: Add option for IPv6 Dynamic DNS
|
|
Use common "url.xml" which allow URL as domain name or IP entrie
|
|
Allow to set IPv6 address for Dynamic DNS
set service dns dynamic interface eth2 ipv6-enable
|
|
This commit fixes MSS clamping ranges as well as reintroduces the
clamp-mss-to-pmtu option value to clamp to PMTU instead.
|
|
Co-authored-by: initramfs <initramfs@initramfs.io>
|
|
|
|
Fix wrong descriptions for the RPKI server
It was mentioned about the NTP server
|
|
(cherry picked from commit 73be77ec42d06a369974bfb1255839164f73c276)
|
|
(cherry picked from commit bfa13e367d0b77105ba350a34da8212859f07f59)
|
|
set vpn openconnect network-settings split-dns <domain>
(cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
|
|
(cherry picked from commit 393355f7feaa921eba46b83d4f15ad4a5c37adab)
|
|
Ability to get MTU from DHCP-server and don't touch it per
any interface change if interface 'dhcp-options mtu' is
configured
(cherry picked from commit 29b0ee30bf2622a40ca3d17e3f6b9e94e5b62072)
|