Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-11-11 | [OpenVPN]: T1704: Changed the description of ncp-ciphers in config | vindenesen | |
2019-11-11 | [OpenVPN]: T1704: Added function for ncp-ciphers, and ability to disable it. | vindenesen | |
[OpenVPN]: T1704: Changed config structure for OpenVPN encryption to support ncp-ciphers. [OpenVPN]: T1704: Added migration scripts for interface 2-to-3 | |||
2019-11-08 | QAT: T1788: Intel QAT implementation | DmitriyEshenko | |
2019-11-02 | bonding: T1777: change priority to be after ethernet interfaces | Christian Poessinger | |
On system reboots (mainly) the bond has been created and configured a MAC address on the physical ports. Later ethernet interfaces have been configured overwriting the bond MAC address. | |||
2019-10-28 | Merge pull request #154 from zdc/T1772 | Christian Poessinger | |
[XML templates] T1772: Add escaping of `\` symbol in `<regex>` | |||
2019-10-28 | [XML templates] T1772: Changed old hacks to proper regex, according to the fix | zsdc | |
2019-10-27 | snmp: T1769: remove TSM (Transport Security Mode) support | Christian Poessinger | |
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script. | |||
2019-10-27 | snmp: T818: T1738: remove per user/trap engine id | Christian Poessinger | |
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID. | |||
2019-10-18 | system-proxy: T1741 - Add system wide proxy setting CLI implementation | hagbard | |
2019-10-17 | snmp: T1737: add missing completion helpers | Christian Poessinger | |
2019-10-13 | Sync XML interface description source file pattern and conf script name | Christian Poessinger | |
renamed: interface-bonding.py -> interfaces-bonding.py renamed: interface-bridge.py -> interfaces-bridge.py renamed: interface-dummy.py -> interfaces-dummy.py renamed: interface-ethernet.py -> interfaces-ethernet.py renamed: interface-loopback.py -> interfaces-loopback.py renamed: interface-openvpn.py -> interfaces-openvpn.py renamed: interface-vxlan.py -> interfaces-vxlan.py renamed: interface-wireguard.py -> interfaces-wireguard.py | |||
2019-10-09 | T1430: add dhcp vendor-class-id client option | Christian Poessinger | |
2019-10-06 | ipoe-server: XML: run through XMLlint | Christian Poessinger | |
2019-10-06 | ipoe-server: optimize port completion helper to match all others | Christian Poessinger | |
2019-10-01 | Revert "wireguard: T1700 - Wireguard FQDN endpoint doesn't work after reboot" | hagbard | |
This reverts commit daf2e29e3693a7eb2d8b6fc378d984b9a17d2aa3. It had unknown side effects, undiscovered during testing | |||
2019-09-30 | wireguard: T1700 - Wireguard FQDN endpoint doesn't work after reboot | hagbard | |
2019-09-30 | [OpenVPN]: T1688: Added aes-gcm encryptions | vindenesen | |
2019-09-25 | T1685 Adding ethernet valueHelp for vif,vif-s,vif-c | DmitriyEshenko | |
2019-09-21 | Merge pull request #134 from c-po/t1637-ethernet | Christian Poessinger | |
T1637 - Rewrite ethernet interface in new style XML syntax | |||
2019-09-20 | ethernet: T1637: add support for 25G, 40G, 50G and 100G link speeds | Christian Poessinger | |
2019-09-20 | Revert "ethernet: T1637: only list supported link speeds for completion helper" | Christian Poessinger | |
This reverts commit d6a6daaf1d7ed0f1ff2e53490972e0cf11fff000. | |||
2019-09-20 | ethernet: T1637: only list supported link speeds for completion helper | Christian Poessinger | |
2019-09-20 | ethernet: T1637: initial rewrite in XML/Python style | Christian Poessinger | |
2019-09-20 | Merge pull request #133 from vindenesen/openvpn-minimum-tls-version | Daniil Baturin | |
[OpenVPN] T1675: Added setting for minimum tls version | |||
2019-09-20 | OpenVPN - changed tls-minimum-version to tls-version-min | vindenesen | |
2019-09-20 | openvpn: T1548: add validator for TLS cert files | Christian Poessinger | |
2019-09-19 | OpenVPN - Added setting for minimum tls version | vindenesen | |
2019-09-19 | Added setting for tls-auth. Added check for if tls_cert and tls_key was defined. | vindenesen | |
2019-09-16 | [IPoE] - T1664: Ipoe with bond per vlan don't work | hagbard | |
2019-09-12 | [l2tp] T834 Implementation advanced ppp-options/lcp. | DmitriyEshenko | |
2019-09-10 | [wireguard]: T1572 - Wireguard keyPair per interface | hagbard | |
- param key location added in op-mode script - param delkey and listkey implemented in op-mode script - param delkey implemented in op-mode script - generate and store named keys - interface implementation tu use cli option 'private-key' | |||
2019-09-06 | vxlan: T1636: initial rewrite with XML and Python | Christian Poessinger | |
Tested using: Site 1 (VyOS 1.2.2) ------------------- set interfaces vxlan vxlan100 address '10.10.10.2/24' set interfaces vxlan vxlan100 remote '172.18.201.10' set interfaces vxlan vxlan100 vni '100' Site 2 (rewrite) ---------------- set interfaces vxlan vxlan100 address '10.10.10.1/24' set interfaces vxlan vxlan100 description 'VyOS VXLAN' set interfaces vxlan vxlan100 remote '172.18.202.10' set interfaces vxlan vxlan100 vni '100' | |||
2019-09-06 | Python/ifconfig: T1557: vxlan: initial support via VXLANIf | Christian Poessinger | |
2019-09-06 | openvpn: T1548: use long syntax on list_interfaces.py '--type' instead of '-t' | Christian Poessinger | |
2019-09-06 | bridge: T1556: make ARP cache constraint error message more generic | Christian Poessinger | |
2019-09-06 | bonding: T1614: make ARP cache constraint error message more generic | Christian Poessinger | |
2019-09-04 | [service https] T1443: rename "server-names" option to "server-name". | Daniil Baturin | |
2019-09-04 | [service https] T1443: use "listen-address" option instead of "listen-addresses" | Daniil Baturin | |
to follow the established convention. | |||
2019-09-04 | bonding: T1614: Initial version in new style XML/Python interface | Christian Poessinger | |
The node 'interfaces ethernet eth0 bond-group' has been changed and de-nested. Bond members are now configured in the bond interface itself. set interfaces bonding bond0 member interface eth0 | |||
2019-09-01 | Revert "bridge: T1556: increase max-age range to 1200 (30 minutes)" | Christian Poessinger | |
This reverts commit 3b119c91ca70c51aab24d4ef8b3913f47281321a. | |||
2019-09-01 | bridge: T1556: change 'aging' help text | Christian Poessinger | |
2019-08-31 | bridge: T1556: increase max-age range to 1200 (30 minutes) | Christian Poessinger | |
2019-08-27 | [service https] T1443: Correct the use of listen/server_name directives | John Estabrook | |
2019-08-26 | bridge: T1556: bugfix: aging range validator | Christian Poessinger | |
2019-08-26 | bridge: T1556: bugfix: disable node must be valueless | Christian Poessinger | |
2019-08-23 | [dummy] T1609 migrate to vyos.interfaceconfig, adding check ip-cidr, adding ↵ | DmitriyEshenko | |
vyos.interfaceconfig common ipv4/ipv6 functions | |||
2019-08-23 | [dummy] T1609 Fixing dummy interface state | DmitriyEshenko | |
2019-08-21 | loopback: T1601: rewrite using XML/Python definitions | Christian Poessinger | |
2019-08-20 | powerdns: T1595: remove 'listen-on' CLI option | Christian Poessinger | |
2019-08-20 | powerdns: T1524: support setting allow-from network | Christian Poessinger | |
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } } |