Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-05-01 | smoketest: T6199: remove redundant code when unpacking Kernel GZ config | Christian Breunig | |
2024-05-01 | vrf: T6189: render FRR L3VNI configuration when creating VRF instance | Christian Breunig | |
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place. | |||
2024-05-01 | Merge pull request #3364 from natali-rs1985/T6234-current | Daniil Baturin | |
pppoe-server: T6234: PPPoE-server pado-delay refactoring | |||
2024-04-30 | haproxy: T6179: fix rule generation | Nicolas Vollmar | |
2024-04-29 | openconnect: T4982: Support defining minimum TLS version in openconnect VPN | Alex W | |
2024-04-25 | Merge pull request #3316 from HollyGurza/T4248 | Daniil Baturin | |
qos: T4248: Allow to remove the only rule from the qos class | |||
2024-04-25 | pppoe-server: T6234: PPPoE-server pado-delay refactoring | Nataliia Solomko | |
2024-04-23 | T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵ | Windom WU | |
config | |||
2024-04-22 | Merge pull request #3337 from Embezzle/T6237 | Christian Breunig | |
T6237: IPSec remote access VPN: ability to set EAP ID of clients | |||
2024-04-21 | T6237: IPSec remote access VPN: ability to set EAP ID of clients | Alex W | |
2024-04-21 | smoketest: support dynamic enable of smoketest debugging | Christian Breunig | |
$ touch /tmp/vyos.smoketest.debug will enable dynamic debugging of the smoketests - showing the appropriate CLI commands on stdout | |||
2024-04-21 | T6246: improve haproxy http check configuration | Nicolas Vollmar | |
2024-04-17 | T6246: adds basic haproxy http-check configuration | Nicolas Vollmar | |
2024-04-16 | qos: T4248: Allow to remove the only rule from the qos class | khramshinr | |
2024-04-15 | T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵ | Alex W | |
server certificates | |||
2024-04-15 | T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵ | Nicolas Fort | |
to firewall global-optinos | |||
2024-04-13 | Merge pull request #3297 from HollyGurza/T6035 | Daniil Baturin | |
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt | |||
2024-04-12 | qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt | khramshinr | |
Added params for configuration red on the shaper policy | |||
2024-04-12 | pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions ↵ | Nataliia Solomko | |
fails (#3296) | |||
2024-04-11 | T5871: ipsec remote access VPN: specify "cacerts" for client auth. | Lucas Christian | |
2024-04-07 | Merge pull request #3265 from c-po/ethernet-mtu-T5862 | Daniil Baturin | |
ethernet: T5862: default MTU is not acceptable in some environments | |||
2024-04-06 | T6199: start validating smoketests against real CLI defaultValues | Christian Breunig | |
Use vyos.xml_ref.default_value to query XML default values and take them into account when validating properly applied defaults in individual smoketests instead of using hardcoded values like 443 for https port. | |||
2024-04-06 | ethernet: T5862: default MTU is not acceptable in some environments | Christian Breunig | |
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower. | |||
2024-04-04 | Merge pull request #3238 from HollyGurza/T5943 | Daniil Baturin | |
bgp: T5943: BGP Peer-group members must be all internal or all external | |||
2024-04-04 | Merge pull request #3214 from nicolas-fort/T6068-kea | Daniil Baturin | |
T6068: dhcp-server: add command <set service dhcp-server high-availability mode> | |||
2024-04-04 | bgp: T5943: BGP Peer-group members must be all internal or all external | khramshinr | |
2024-04-03 | T6068: dhcp-server: add command <set service dhcp-server high-availability ↵ | Nicolas Fort | |
mode> so user can define what type of ha use: active-active or active-passive | |||
2024-04-03 | T6199: drop unused Python imports | Christian Breunig | |
found using "git ls-files *.py | xargs pylint | grep W0611" | |||
2024-04-02 | Merge pull request #3236 from c-po/pki-verify | Christian Breunig | |
configverify: T6198: add common helper for PKI certificate validation | |||
2024-04-02 | configverify: T6198: add common helper for PKI certificate validation | Christian Breunig | |
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS. | |||
2024-04-02 | Merge pull request #3229 from c-po/multi-vrf | Christian Breunig | |
T6192: allow binding SSH to multiple VRF instances | |||
2024-04-02 | T6196: Fixed applying parameters for aggregation in BGP | aapostoliuk | |
Fixed using 'route-map', 'as-set' and 'summary-only' together in aggregation in BGP | |||
2024-04-01 | Merge pull request #3212 from fett0/T6151 | fett0 | |
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check | |||
2024-04-01 | ssh: T6192: allow binding to multiple VRF instances | Christian Breunig | |
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. | |||
2024-04-01 | Merge pull request #3222 from HollyGurza/T6178 | Christian Breunig | |
T6178: Check that certificate exists during reverse-proxy commit | |||
2024-04-01 | T6178: Check that certificate exists during reverse-proxy commit | khramshinr | |
2024-03-30 | Merge pull request #3195 from HollyGurza/T4718-current | Christian Breunig | |
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf | |||
2024-03-30 | accel-ppp: T6187: use correct CPU counts adjusted for SMT | Daniil Baturin | |
2024-03-29 | bgp: T6106: Valid commit error for route-reflector-client option defined in ↵ | khramshinr | |
peer-group changed exception condition Improved route_reflector_client test | |||
2024-03-29 | bgp: T6010: Allow configuration of disable-ebgp-connected-route-check | fett0 | |
2024-03-28 | Merge pull request #3202 from sarthurdev/T5606_1 | Daniil Baturin | |
ipsec: T5606: T5871: Use multi node for CA certificates | |||
2024-03-28 | Merge pull request #2965 from lucasec/t5872 | Daniil Baturin | |
T5872: ipsec remote access VPN: support dhcp-interface. | |||
2024-03-28 | ipsec: T5606: T5871: Use multi node for CA certificates | sarthurdev | |
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended. | |||
2024-03-28 | dhcp-server: T4718: Listen-address is not commit if the ip address is on the ↵ | khramshinr | |
interface with vrf | |||
2024-03-26 | bgp: T6106: fix test and verify() | khramshinr | |
2024-03-25 | T6171: migrate <set service dhcp-server failover> to <set service ↵ | Nicolas Fort | |
dhcp-server high-availability>. | |||
2024-03-24 | ospf: T6066: can not define the same network in different areas | Christian Breunig | |
Users can not (FRR fails) commit the same network belonging to different OSPF areas. Add verify() check to prevent this. | |||
2024-03-23 | Merge pull request #3151 from HollyGurza/T6106 | Daniil Baturin | |
bgp: T6106: Valid commit error for route-reflector-client option defi… | |||
2024-03-22 | isis: T6160: NameError: name 'process' is not defined | Christian Breunig | |
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain" node identifying the IS-IS process name). Drop all references to "process" variable. Specifying: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6825.5255.00' set protocols isis redistribute ipv4 bgp Triggered an exception Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify f'"protocols isis {process} redistribute {afi} {proto}"!') ^^^^^^^ NameError: name 'process' is not defined | |||
2024-03-21 | Merge pull request #3157 from c-po/vti-T6085 | Daniil Baturin | |
vti: T6085: interface is always down and only enabled by IPSec daemon |