Age | Commit message (Collapse) | Author |
|
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
|
|
(cherry picked from commit dd5908eac390294ea178953fc0e6821d803d62f6)
|
|
* ethernet: T6709: move EAPoL support to common framework
Instead of having EAPoL (Extensible Authentication Protocol over Local Area
Network) support only available for ethernet interfaces, move this to common
ground at vyos.ifconfig.interface making it available for all sorts of
interfaces by simply including the XML portion
#include <include/interface/eapol.xml.i>
(cherry picked from commit 0ee8d5e35044e7480dac6a23e92d43744b8c5d36)
* bond: T6709: add EAPoL support
(cherry picked from commit 8eeb1bdcdfc104ffa77531f270a38cda2aee7f82)
---------
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
(cherry picked from commit 9fcf711e669f00df8313887a801130f4bb3826df)
|
|
(cherry picked from commit 333672bee041f0f2b8e1b698a8eb2108694ad812)
|
|
Add ability to set the container network with a disable-dns setting to disable
the DNS plugin that is on be default.
set container network <network> no-name-server
(cherry picked from commit 1d5625d572cc25a9d53247b7c41177f17845b052)
|
|
(cherry picked from commit 194a14e958ad336d590ba8f076e163f6908dcddc)
Co-authored-by: Alain Lamar <alain_lamar@yahoo.de>
|
|
(cherry picked from commit eec95109981140f1b4323bcf4526c10c6364d9ae)
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
(cherry picked from commit 9e22ab6b2aee48029d3455f65880e45c558cf1da)
|
|
T5794: firewall: change firewall priority in oder to be loaded after all interfaces (backport #3988)
|
|
(cherry picked from commit 663e468de2b431f771534b4e3a2d00a5924b98fe)
|
|
(cherry picked from commit b3ae35987a860a5d2cf64dfbc156a7ee7cc799a2)
|
|
(cherry picked from commit d5ae708581d453e2205ad4cf8576503f42e262b6)
|
|
(cherry picked from commit 4acad3eb8d9be173b76fecafc32b0c70eae9b192)
|
|
(cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3)
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
(cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
(cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
|
|
(cherry picked from commit e2b05343b30d2f989968532106e792cbaf75ecf6)
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
(cherry picked from commit 5748db4ebb4f4023f8e33d45121ff24267941cc7)
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
T751: Remove ids suricata
|
|
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce)
|
|
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
|
|
Add possibility to provide a full CA chain to the openconnect server.
* Support multiple CA certificates
* For every CA certificate specified, always determine the full certificate
chain in the background and add the necessary SSL certificates
(cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
Using BGP peer-groups inside a VRF instance will make use if the global VRFs
peer-group list during tab-completion and not the peer-groups defined within
the BGP instance of the given VRF.
|
|
|
|
T6442: CGNAT add log for address allocation
|
|
Add the configuration command to log current CGNAT allocation
set nat cgnat log-allocation
|
|
|
|
|
|
|
|
|
|
xml: T6423: enforce priority on nodes having an owner
|
|
|
|
T3900: Add support for raw tables in firewall
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
|
|
dns: T6422: allow multiple redundant NS records
|
|
added new syntax to work with class match filters in QoS policy
|
|
|
|
reverse-proxy: T6409: Remove unused backend parameters
|
|
T4576: Accel-ppp logging level configuration
|
|
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
|
|
To prevent any possible races in the future the host-name and domain-name nodes
should be set with explicit priorities!
|
|
|
|
|
|
|
|
|