Age | Commit message (Collapse) | Author |
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
|
|
Commit 452068ce7 ("interfaces: T6592: moving an interface between VRF instances
failed") introduced a new helper to retrieve the VRF table ID from the Kernel.
This commit migrates the old code path where the individual fields got queried
to the new helper vyos.utils.network.get_vrf_tableid().
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
|
|
|
|
|
|
Commit dd5908eac ("T6539: add logging options to load-balancer reverse-proxy")
added CLI commands to add custom log entries for frontend and backend servers
as well as a global log directive.
Remove explicit test code for no longer always present "global log" directive.
|
|
|
|
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option
|
|
T6477: Add telegraf loki output plugin
|
|
pppoe-server: T5710: Add option permit any-login
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
|
|
|
|
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
|
|
Rather then waiting for a fully assembled ISO image to validate if there is no
incompatibility with vyos-configd - like more then one instance of Config(),
make this a build time test case for "make test"
|
|
Validate if the migrators performed correctly by comparing it to a known good
result file containing all the required `set` commands
|
|
T5735: Stunnel CLI and configuration
|
|
Add CLI commands
Add config
Add conf_mode
Add systemd config
Add stunnel smoketests
Add log level config
|
|
|
|
|
|
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide
configuration") removed the per wifi interface setting for a country-code. This
commit adjust the smoketests to the new design.
|
|
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
|
|
vyos.utils: T5195: import vyos.cpu to this package
|
|
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
|
T3900: Add support for raw tables in firewall
|
|
isis: T6429: fix isis metric-style configuration missing
|
|
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
|
|
dns: T6422: allow multiple redundant NS records
|
|
added new syntax to work with class match filters in QoS policy
|
|
style fixes
|
|
T4576: Accel-ppp logging level configuration
|
|
reverse-proxy: T6419: build full CA chain when verifying backend server
|
|
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement,
where the later one is more humand readable. Both act in the same way.
|
|
T6411: CGNAT fix sequences for external address ranges
|
|
ISIS: T6332: Fix isis not working only ipv6
|
|
|
|
T5786: Add set/show system image to /image endpoint
|
|
Fix the bug where address external alocation was not rely on sequences
of the external IP addresses (if set)
|
|
|
|
|
|
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
|
|
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
|
|
|