Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-06-19 | macsec: T5447: fix error message syntax - there is no tx and rx key, only key | Christian Breunig | |
2024-06-18 | wireless: T6425: adjust to latest country-code changes | Christian Breunig | |
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide configuration") removed the per wifi interface setting for a country-code. This commit adjust the smoketests to the new design. | |||
2024-06-18 | wireless: T6425: Add smoketests for VHT beamforming | Alain Lamar | |
2024-06-17 | wireless: T6318: add quotes for console speed in config-tests | Christian Breunig | |
2024-06-17 | Merge pull request #3656 from c-po/wireless-regdomain | Daniil Baturin | |
wireless: T6318: move country-code to a system wide configuration | |||
2024-06-16 | openvpn: T5487: Fix migration smoketests commands | Nataliia Solomko | |
2024-06-16 | wireless: T6318: move country-code to a system wide configuration | Christian Breunig | |
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code" | |||
2024-06-13 | Merge pull request #3639 from natali-rs1985/T5487-current | Daniil Baturin | |
openvpn: T5487: Remove deprecated option --cipher for server and client mode | |||
2024-06-11 | openvpn: T5487: Remove eprecated option --cipher for server and client mode | Nataliia Solomko | |
2024-06-11 | firewall: T3900: fix migration and smoketests | Christian Breunig | |
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall") changed the position in the CLI for conntrack timeout. This lead to failing smoketests because of a regression in the migrator. | |||
2024-06-10 | Merge pull request #3606 from c-po/utils-cpu-T5195 | Christian Breunig | |
vyos.utils: T5195: import vyos.cpu to this package | |||
2024-06-10 | T6219: align with system sysctl and limit parameters to supported | Nicolas Vollmar | |
2024-06-10 | container: T6219: Add support for container sysctl / kernel parameters | Ben Pilgrim | |
2024-06-10 | vyos.utils: T5195: import vyos.cpu to this package | Christian Breunig | |
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu | |||
2024-06-06 | Merge pull request #3578 from nicolas-fort/raw-hook | Daniil Baturin | |
T3900: Add support for raw tables in firewall | |||
2024-06-05 | Merge pull request #3571 from fett0/T6429 | Daniil Baturin | |
isis: T6429: fix isis metric-style configuration missing | |||
2024-06-04 | ISIS: T6332: add smoketest option | fett0 | |
2024-06-04 | T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵ | Nicolas Fort | |
timeout parameters defined in conntrack to firewall global-opton section. | |||
2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
2024-05-31 | Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-records | Christian Breunig | |
dns: T6422: allow multiple redundant NS records | |||
2024-05-31 | T5307: QoS - traffic-class-map services (#3492) | Roman Khramshin | |
added new syntax to work with class match filters in QoS policy | |||
2024-05-30 | T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵ | Haim Gelfenbeyn | |
style fixes | |||
2024-05-30 | Merge pull request #3510 from HollyGurza/T4576 | Daniil Baturin | |
T4576: Accel-ppp logging level configuration | |||
2024-05-30 | Merge pull request #3546 from c-po/haproxy | Christian Breunig | |
reverse-proxy: T6419: build full CA chain when verifying backend server | |||
2024-05-29 | reverse-proxy: T5231: better mark v4v6 listen any address | Christian Breunig | |
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way. | |||
2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
T6411: CGNAT fix sequences for external address ranges | |||
2024-05-29 | Merge pull request #3537 from fett0/T6332 | Christian Breunig | |
ISIS: T6332: Fix isis not working only ipv6 | |||
2024-05-29 | ISIS: T6332: Fix isis not working only ipv6 | fett0 | |
2024-05-28 | Merge pull request #3529 from HollyGurza/T5786 | Christian Breunig | |
T5786: Add set/show system image to /image endpoint | |||
2024-05-28 | T6411: CGNAT fix sequences for external address ranges | Viacheslav Hletenko | |
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set) | |||
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | T6406: check for required kernel config | Nicolas Vollmar | |
2024-05-27 | T5786: Add set/show system image to /image endpoint | khramshinr | |
2024-05-27 | T4576: Accel-ppp logging level configuration | khramshinr | |
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve | |||
2024-05-26 | smoketest: T6395: check for VFIO options to be present | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-22 | nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵ | Christian Breunig | |
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 | |||
2024-05-21 | reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | Alex W | |
2024-05-21 | T6373: QoS Policy Limiter - classes for marked traffic do not work | khramshinr | |
2024-05-18 | Merge pull request #3479 from sever-sever/T5169 | Daniil Baturin | |
T5169: Add smoketest for CGNAT | |||
2024-05-17 | T5169: Add smoketest for CGNAT | Viacheslav Hletenko | |
2024-05-17 | T6358: Add config option for host process namespace | Nicolas Vollmar | |
2024-05-16 | Merge pull request #3450 from HollyGurza/T5756 | Christian Breunig | |
T5756: L2TP RADIUS backup and weight settings | |||
2024-05-15 | T3900: add support for raw table in firewall. | Nicolas Fort | |
2024-05-15 | T5756: L2TP RADIUS backup and weight settings | khramshinr | |
2024-05-14 | smoketest: ospf: T4739: add timeout in ldp test | Christian Breunig | |
2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. | |||
2024-05-12 | Merge pull request #3447 from c-po/evpn-uplink-t6306 | Daniil Baturin | |
ethernet: T6306: add support for EVPN MH uplink/core tracking | |||
2024-05-11 | ethernet: T6306: add support for EVPN MH uplink/core tracking | Christian Breunig | |
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink |