Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-09-16 | ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer | Viacheslav Hletenko | |
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script | |||
2022-08-05 | nat66: T4598: Add exclude options in nat66 | Nicolas Fort | |
2022-08-05 | bgp: T4257: bugfixes after renaming "local-as" to "system-as" | Christian Poessinger | |
2022-08-04 | Merge https://github.com/Cheeze-It/vyos-1x into current | Christian Poessinger | |
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as" | |||
2022-08-04 | smoketest: macsec: T4537: validate macsec_csindex for both AES-GCM-128 and ↵ | Christian Poessinger | |
AES-GCM-256 | |||
2022-08-04 | smoketest: macsec: T4537: verify macsec_csindex | Christian Poessinger | |
2022-08-03 | Merge pull request #1369 from nicolas-fort/T4480 | Daniil Baturin | |
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config | |||
2022-07-31 | smoketest: bridge: T4565: changes to lower interfaces must not destroy VLAN ↵ | Christian Poessinger | |
aware bridge | |||
2022-07-30 | bgp: T4257: Changing BGP "local-as" to "system-as" | Cheeze_It | |
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. | |||
2022-07-25 | bgp: T4560: neighbor/peer-group local-as option is only allowed for eBGP | Christian Poessinger | |
2022-07-25 | fastnetmon: T4556: Allow configure white_list_path and populate with ↵ | Adrian Almenar | |
hosts/networks that should be ignored. | |||
2022-07-24 | graphql: T3993: add smoketest for GraphQL key authorization | John Estabrook | |
2022-07-22 | smoketest: router-advert: T4550: test deprecate-prefix & decrement-lifetime ↵ | Christian Poessinger | |
CLI option | |||
2022-07-22 | smoketest: router-advert: use setUpClass() | Christian Poessinger | |
2022-07-21 | smoketest: fastnetmon: T4555: add IPv6 support | Christian Poessinger | |
2022-07-21 | fastnetmon: T2659: move configuration files to /run | Christian Poessinger | |
2022-07-21 | fastnetmon: T4555: add IPv6 support | Christian Poessinger | |
2022-07-20 | T4480:webproxy: Add safe-ports and ssl-safe-ports for acel squid config -- ↵ | Nicolas Fort | |
Fix conflicts | |||
2022-07-19 | smoketest: telegraf: use generic service availability check | Christian Poessinger | |
2022-07-15 | smoketest: component_version: print details on failure | John Estabrook | |
2022-07-15 | smoketest: T4532: Update smoketest flow-accounting | Viacheslav Hletenko | |
2022-07-11 | smoketest: bridge: also test QinQ bridge member interfaces | Christian Poessinger | |
2022-07-10 | bond: T4522: add ability to specify mii monitor interval via CLI | Christian Poessinger | |
Linux Kernel supports to specify the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 100. set interfaces bonding bond0 mii-mon-interval <n> | |||
2022-07-10 | smoketest: bond: remove second instance of layer2+3 hash-policy test | Christian Poessinger | |
2022-07-10 | smoketest: bond: add testcase for conflicting bridge member | Christian Poessinger | |
A bond member can not also be used as a member of a bridge interface. | |||
2022-07-10 | smoketest: bond: add testcase for source-interface re-use | Christian Poessinger | |
A bond member is not allowed to also be used as a source interface for e.g. PPPoE or MACsec. | |||
2022-07-09 | ip: T4517: drop forwarding from CLI "system ip ↵ | Christian Poessinger | |
disable-directed-broadcast-forwarding" | |||
2022-07-09 | ip: T4517: add option to enable directed broadcast forwarding | Yuxiang Zhu | |
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1. | |||
2022-07-07 | smoketest: T4411: Add influxdb node | Viacheslav Hletenko | |
2022-07-07 | smoketest: dns: T4509: use dedicated 6to4 testcase | Christian Poessinger | |
2022-07-07 | smoketest: dns: forwarding: use setUpClass() | Christian Poessinger | |
2022-07-07 | syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotate | sarthurdev | |
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override | |||
2022-07-05 | firewall: T2199: Fix migration when `icmpv6 type` is an integer | sarthurdev | |
2022-07-05 | Merge pull request #1389 from sever-sever/T4509 | Christian Poessinger | |
dns: T4509: Add dns64-prefix option | |||
2022-07-05 | dns: T4509: Add dns64-prefix option | Viacheslav Hletenko | |
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96 | |||
2022-07-04 | Merge pull request #1386 from sarthurdev/geoip_negate | Christian Poessinger | |
firewall: T4299: Add ability to inverse match country-codes | |||
2022-07-04 | firewall: T4299: Add ability to inverse match country codes | sarthurdev | |
2022-07-04 | ntp: T4456: support listening on specified interface | Christian Poessinger | |
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name> | |||
2022-07-04 | smoketest: bridge: T4498: add IGMP testcase | Christian Poessinger | |
2022-07-04 | Merge pull request #1385 from sarthurdev/ovpn-test-pki | Christian Poessinger | |
smoketest: T4485: Add CRL for configtest, add script for configtest PKI objects | |||
2022-07-01 | smoketest: T4485: Move smoketest PKI generation to vyos-1x | sarthurdev | |
Allows easy creation of test PKI objects using `vyos.pki` module Generates objects for PKI migration tests | |||
2022-07-01 | smoketest: T2455: add interface smoketests | Christian Poessinger | |
2022-07-01 | openvpn: T4485: Add CRL to OpenVPN config test | sarthurdev | |
2022-07-01 | Merge pull request #1380 from sarthurdev/ovpn-multi-ca | Christian Poessinger | |
openvpn: T4485: Accept multiple tls ca-certificate values | |||
2022-06-29 | router-advert: T4477: support RDNSS lifetime option | Christian Poessinger | |
set service router-advert interface eth0 name-server-lifetime <value> | |||
2022-06-29 | openvpn: T4485: Update PKI migrator to handle full CA chain migration | sarthurdev | |
* Also determines and maps to correct CA for migrated CRL | |||
2022-06-22 | Policy: T4475: add support for matching ipv6 addresses on peer option in ↵ | Nicolas Fort | |
route-map | |||
2022-06-16 | smoketest: policy: T4467: validate relative route-map metric | Christian Poessinger | |
2022-06-14 | firewall: T970: Use set prefix to domain groups | sarthurdev | |
2022-06-14 | firewall: T4147: Use named sets for firewall groups | sarthurdev | |
* Refactor nftables clean-up code * Adds policy route test for using firewall groups |