Age | Commit message (Collapse) | Author |
|
|
|
T5050: Firewall: Add log options
|
|
|
|
T5055: NAT: extend packet-type to NAT
|
|
in firewall, to NAT
|
|
Exclude interfaces with 'veth' driver from duplex and speed check
|
|
T5055: Firewall: add packet-type matcher in firewall and route policy
|
|
Values of the list for the 'range_to_regex' could be not only range
values as ['10-20', '22-30'] but also and not range values like
['10-20', '30', '80']
Fix if we args is list and non range values are exists in ths list
% range_to_regex(['10-20', '80'])
'(1\\d|20|80)'
|
|
graphql: T5068: generate client operations for code generation tools
|
|
Fixed decoding of certificate value returned by vici
to UTF-8 string.
|
|
|
|
|
|
op-mode: T5051: use Literal types to provide op-mode CLI choices and API enums
|
|
|
|
Extend template filter 'range_to_regex'
Allow list of ranges as argument
% range_to_regex(['11-12', '14-15'])
'(1[1-2]|1[4-5])'
|
|
Not all interfaces have valid entries in the speed file. PPPoE interfaces have
the appropriate speed file, but you can not read it:
cat: /sys/class/net/pppoe7/speed: Invalid argument
|
|
|
|
graphql: T5040: generate schema on installation, rather than dynamically
|
|
|
|
|
|
For type introspection of op-mode scripts, scripts are loaded as
modules. For generation of schema from type introspection, it is useful
to load scripts during package installation, hence to fail gracefully if
not on live system.
|
|
|
|
T5037: Firewall: Add queue action and options to firewall
|
|
|
|
T4977: Add Babel routing protocol support
|
|
Tunnel interface multicast settings can be "enabled or disabled". As we prefer
valueless nodes, and the linux kernel default is "disabled" we should add a
set interfaces tunnel tunXX enable-multicast
command
|
|
|
|
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
|
|
1. Changed reset IPSEC, IKE SAs to use vici library.
2. Created package vyos.ipsec to communicate with vici library.
|
|
T5013: Extend accelppp op-mode script to get statistic
|
|
Multicast has not been implemented for the tunnel interfaces.
We have only configuration CLI commands that do anything.
Fix it.
ip link set dev <tag> multicast on
ip link set dev <tag> multicast off
|
|
Some interface drivers don't support/provide min_mtu and max_mtu values
For example VyOS in docker container with 'veth' driver on some
platforms
As a workarund add default values for min/max MTU for calculations
and pass function "verify_mtu(config)"
|
|
Change op-mode raw statistics for accel_ppp.py
dict key 'cpu' to 'cpu_load_percentage' and value to integer
|
|
config_mgmt: T4991: use configtree.show_diff instead of Python difflib
|
|
If 'client_ip_pool' not exists in config we cannot search it
in the dictionary
dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name'])
Add check
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
|
|
sstp-client
|
|
Inform user about the interface where the warning occured.
|
|
T4971: PPPoE server add named ip pool and attr Framed-Pool
|
|
|
|
This PR adds basic Babel routing protocol support using the implementation in
FRR.
Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
|
|
Add a new feature to allow to use named pools
Also it can be used with RADIUS attribute 'Framed-Pool'
set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
|
|
The previous solution did not work for drivers that were no modules.
e.g compiled with a kernel config set to CONFIG_VIRTIO_NET=y
|
|
|
|
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
T4956: fix 'show hardware cpu' issue on arm64
|