Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-12-19 | T4886: Firewall and route policy: Add connection-mark feature to vyos. | Nicolas Fort | |
2022-12-17 | Merge pull request #1669 from vfreex/dhcp-v6-only-option-1.4 | Christian Poessinger | |
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925) | |||
2022-12-17 | Merge pull request #1626 from nicolas-fort/fwall_group_interface | Christian Poessinger | |
T4780: Firewall: add firewall groups in firewall. Extend matching cri… | |||
2022-12-02 | T4854: route reflector allows to apply route-maps | fett0 | |
2022-11-30 | pki: T4847: add test of eapol to ensure interface update | John Estabrook | |
2022-11-28 | conf-mode: T4845: add smoketest to detect cycles | John Estabrook | |
2022-11-26 | ospf: T4739: Adding missing OSPF FRR template | Cheeze-It | |
Adding the smoketest. | |||
2022-11-24 | Merge pull request #1641 from Rain/T4612-arbitrary-netmasks | Christian Poessinger | |
firewall: T4612: Support arbitrary netmasks | |||
2022-11-24 | T4825: Add basic smoketest for veth interfaces | Viacheslav Hletenko | |
2022-11-21 | T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925) | Yuxiang Zhu | |
Clients supporting this DHCP option (DHCP option 108, RFC 8925) will disable its IPv4 network stack for configured number of seconds and operate in IPv6-only mode. This option is known to work on iOS 15+ and macOS 12.0.1+. Example command: ```sh set service dhcp-server shared-network-name LAN6 subnet 192.168.64.0/24 ipv6-only-preferred 0 ``` | |||
2022-11-19 | T4830: nat66: fix how nat66 rules are written in nftables, so translation ↵ | Nicolas Fort | |
works as expected | |||
2022-11-19 | T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵ | Nicolas Fort | |
so this new group can be used in inbound and outbound matcher | |||
2022-11-17 | Merge pull request #1654 from sarthurdev/pbr_refactor | Christian Poessinger | |
policy: T2199: T4605: Migrate policy route interface node | |||
2022-11-16 | Revert "smoketest: T4652: adjust PowerDNS process name for 4.8 version" | Christian Poessinger | |
This reverts commit 726cdf8bfd27d751737383102fa205f3c082710c. | |||
2022-11-13 | l3VPN : T4182: add l3vpn over gre option from route-map | fett0 | |
2022-11-11 | policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵ | sarthurdev | |
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle | |||
2022-11-11 | smoketest: dns: T738: add test for default value of port | Christian Poessinger | |
2022-11-10 | dns: T738: add CLI option for PowerDNS local-port | Zen3515 | |
2022-11-09 | smoketest: T4652: adjust PowerDNS process name for 4.8 version | Christian Poessinger | |
This reverts commit f3420a967ad5597c57093b5279a844dca4c516c0. | |||
2022-11-07 | containers: T2216: Skip test if image not available | sarthurdev | |
2022-11-03 | nat: T1877: T970: Add firewall groups to NAT | sarthurdev | |
2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
`fqdn` node | |||
2022-10-29 | Merge pull request #1621 from sarthurdev/T4774 | Christian Poessinger | |
wireguard: T4774: Prevent duplicate peer public keys | |||
2022-10-29 | Merge pull request #1628 from sarthurdev/T3903 | Christian Poessinger | |
containers: T3903: Use systemd to handle containers | |||
2022-10-29 | containers: T2216: Re-enable container smoketest using busybox image | sarthurdev | |
2022-10-28 | T4291: consolidate component version string read/write functions | John Estabrook | |
2022-10-28 | wireguard: T4774: Prevent duplicate peer public keys | sarthurdev | |
2022-10-26 | Merge pull request #1618 from sarthurdev/T4764 | Christian Poessinger | |
nat: T4764: Remove NAT tables on node deletion | |||
2022-10-25 | nat: T4764: Remove tables on NAT deletion | sarthurdev | |
2022-10-25 | graphql: T4574: extend smoketest for token authentication | John Estabrook | |
2022-10-21 | graphql: T4768: change name of api child node from 'gql' to 'graphql' | John Estabrook | |
2022-10-18 | T2408: dhcp-relay: Add listen-interface and upstream-interface feature | Nicolas Fort | |
2022-10-17 | T4720: Add smoketest for SSH NDcPP | Viacheslav Hletenko | |
2022-10-14 | login: 2fa: T874: fix Google authenticator issues | Christian Poessinger | |
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos' | |||
2022-10-13 | T4739: OSPF segment routing being refactored | Cheeze_It | |
2022-10-13 | T4739: ISIS segment routing being refactored | Cheeze_It | |
2022-10-12 | Merge pull request #1555 from goodNETnick/ssh_otp | Christian Poessinger | |
system login: T874: add 2FA support for local and ssh authentication | |||
2022-10-11 | system login: T874: add 2FA support for local and ssh authentication | goodNETnick | |
2022-10-11 | monitoring: T4747: Fix template check influxdb config | Viacheslav Hletenko | |
Due to monitoring telegraf was rewritten - fix template for inputs.exec plugin We do not use 'influxdb_configured' in the dictionary anymore and use just 'influxdb' | |||
2022-10-11 | Merge pull request #1574 from Cheeze-It/current | Christian Poessinger | |
isis: T4739: ISIS segment routing being refactored | |||
2022-10-11 | isis: T4739: ISIS segment routing being refactored | Cheeze_It | |
This is to refactor ISIS segment routing to match up with OSPF segment routing. | |||
2022-10-11 | smoketest: ospf: skip segment-routing test as of FRR issue | Christian Poessinger | |
See https://github.com/FRRouting/frr/issues/12007 | |||
2022-10-08 | firewall: T4612: Support arbitrary netmasks | Rain | |
Add support for arbitrary netmasks on source/destination addresses in firewall rules. This is particularly useful with DHCPv6-PD when the delegated prefix changes periodically. | |||
2022-10-07 | smoketest: ospf: remove old debug code no longer used/required | Christian Poessinger | |
2022-10-06 | ospf: T4707: Add OSPF segment routing for FRR | Cheeze_It | |
In this commit we add OSPF segment routing, smoke tests, handlers, FRR template changes, and CLI commands. | |||
2022-10-06 | smoketest: ethernet: use ifconfig API for VLAN detection on test initialisation | Christian Poessinger | |
Section.interfaces() now as an option if it should return also VLAN interfaces or not. No need to keep a custom logic for it. | |||
2022-10-03 | policy: T4660: Changed CLI syntax in route-map set community | aapostoliuk | |
Changed CLI syntax in route-map set community, set large-community, set extcommunity Allows to add multiple communities, large-communities and extcommunities in clear view. Added new well-known communities. Added non-transitive feature in extcommunities. Fixed community's validators. | |||
2022-09-27 | Merge pull request #1560 from nicolas-fort/T4700 | Christian Poessinger | |
T4700: Firewall: add interface matching criteria | |||
2022-09-26 | ethernet: T4689: support asymetric RFS configuration on multiple interfaces | Christian Poessinger | |
The initial implementation from commit ac4e07f9 ("rfs: T4689: Support RFS (Receive Flow Steering)") always adjusted the global rps_sock_flow_entries configuration. So if RFS was enabled for one NIC but not the other - it did not work. According to the documentation: RFS is only available if the kconfig symbol CONFIG_RPS is enabled (on by default for SMP). The functionality remains disabled until explicitly configured. The number of entries in the global flow table is set through: /proc/sys/net/core/rps_sock_flow_entries The number of entries in the per-queue flow table are set through: /sys/class/net/<dev>/queues/rx-<n>/rps_flow_cnt Both of these need to be set before RFS is enabled for a receive queue. Values for both are rounded up to the nearest power of two. The suggested flow count depends on the expected number of active connections at any given time, which may be significantly less than the number of open connections. We have found that a value of 32768 for rps_sock_flow_entries works fairly well on a moderately loaded server. This commit sets rps_sock_flow_entries via sysctl on bootup leafing the RFS configuration to the interface level. | |||
2022-09-26 | Merge pull request #1545 from sever-sever/T4557 | Christian Poessinger | |
ids: T4557: Migrate threshold and add new threshold types |