Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-05-21 | T6373: QoS Policy Limiter - classes for marked traffic do not work | khramshinr | |
2024-05-18 | Merge pull request #3479 from sever-sever/T5169 | Daniil Baturin | |
T5169: Add smoketest for CGNAT | |||
2024-05-17 | T5169: Add smoketest for CGNAT | Viacheslav Hletenko | |
2024-05-17 | T6358: Add config option for host process namespace | Nicolas Vollmar | |
2024-05-16 | Merge pull request #3450 from HollyGurza/T5756 | Christian Breunig | |
T5756: L2TP RADIUS backup and weight settings | |||
2024-05-15 | T3900: add support for raw table in firewall. | Nicolas Fort | |
2024-05-15 | T5756: L2TP RADIUS backup and weight settings | khramshinr | |
2024-05-14 | smoketest: ospf: T4739: add timeout in ldp test | Christian Breunig | |
2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. | |||
2024-05-12 | Merge pull request #3447 from c-po/evpn-uplink-t6306 | Daniil Baturin | |
ethernet: T6306: add support for EVPN MH uplink/core tracking | |||
2024-05-11 | ethernet: T6306: add support for EVPN MH uplink/core tracking | Christian Breunig | |
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink | |||
2024-05-10 | Merge pull request #3410 from fett0/T6303 | Christian Breunig | |
Bond: T6303: add system mac address on interfaces bond | |||
2024-05-10 | bond: T6303: must reset system-mac to 00:00:00:00:00:00 on deletion | Christian Breunig | |
2024-05-10 | bond: T6303: add system mac address on bond | fett0 | |
2024-05-10 | Merge pull request #3430 from c-po/bridge-T6317 | Christian Breunig | |
bridge: T6317: add dependency call for wireless interfaces | |||
2024-05-09 | sstp: T4393: Add support to configure host-name (SNI) | Nataliia Solomko | |
2024-05-08 | bridge: T6317: add dependency call for wireless interfaces | Christian Breunig | |
2024-05-07 | bgp: T6082: Allow the same local-as and remote-as in one peer group | khramshinr | |
2024-05-04 | smoketest: T6283: T6250: add testcases | Christian Breunig | |
2024-05-02 | qos: T6225: Fix qos random-detect policy | khramshinr | |
Fix default values for random-detect Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel | |||
2024-05-01 | Merge pull request #3392 from c-po/bgp-evpn-T6189 | Christian Breunig | |
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF | |||
2024-05-01 | Merge pull request #3390 from c-po/kernel-smoketest | Christian Breunig | |
smoketest: T6199: remove redundant code when unpacking Kernel GZ config | |||
2024-05-01 | smoketest: T6199: remove redundant code when unpacking Kernel GZ config | Christian Breunig | |
2024-05-01 | vrf: T6189: render FRR L3VNI configuration when creating VRF instance | Christian Breunig | |
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place. | |||
2024-05-01 | Merge pull request #3364 from natali-rs1985/T6234-current | Daniil Baturin | |
pppoe-server: T6234: PPPoE-server pado-delay refactoring | |||
2024-04-30 | haproxy: T6179: fix rule generation | Nicolas Vollmar | |
2024-04-29 | openconnect: T4982: Support defining minimum TLS version in openconnect VPN | Alex W | |
2024-04-25 | Merge pull request #3316 from HollyGurza/T4248 | Daniil Baturin | |
qos: T4248: Allow to remove the only rule from the qos class | |||
2024-04-25 | pppoe-server: T6234: PPPoE-server pado-delay refactoring | Nataliia Solomko | |
2024-04-23 | T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵ | Windom WU | |
config | |||
2024-04-22 | Merge pull request #3337 from Embezzle/T6237 | Christian Breunig | |
T6237: IPSec remote access VPN: ability to set EAP ID of clients | |||
2024-04-21 | T6237: IPSec remote access VPN: ability to set EAP ID of clients | Alex W | |
2024-04-21 | smoketest: support dynamic enable of smoketest debugging | Christian Breunig | |
$ touch /tmp/vyos.smoketest.debug will enable dynamic debugging of the smoketests - showing the appropriate CLI commands on stdout | |||
2024-04-21 | T6246: improve haproxy http check configuration | Nicolas Vollmar | |
2024-04-17 | T6246: adds basic haproxy http-check configuration | Nicolas Vollmar | |
2024-04-16 | qos: T4248: Allow to remove the only rule from the qos class | khramshinr | |
2024-04-15 | T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵ | Alex W | |
server certificates | |||
2024-04-15 | T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵ | Nicolas Fort | |
to firewall global-optinos | |||
2024-04-13 | Merge pull request #3297 from HollyGurza/T6035 | Daniil Baturin | |
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt | |||
2024-04-12 | qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt | khramshinr | |
Added params for configuration red on the shaper policy | |||
2024-04-12 | pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions ↵ | Nataliia Solomko | |
fails (#3296) | |||
2024-04-11 | T5871: ipsec remote access VPN: specify "cacerts" for client auth. | Lucas Christian | |
2024-04-07 | Merge pull request #3265 from c-po/ethernet-mtu-T5862 | Daniil Baturin | |
ethernet: T5862: default MTU is not acceptable in some environments | |||
2024-04-06 | container: T6208: rename "cap-add" CLI node to "capability" | Christian Breunig | |
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones. | |||
2024-04-06 | Merge pull request #3263 from c-po/T6205-ipoe | Daniil Baturin | |
ipoe: T6205: error in migration script logic while renaming mac-address to mac node | |||
2024-04-06 | ipoe: T6205: error in migration script logic while renaming mac-address to ↵ | Christian Breunig | |
mac node The problem was introduced in [1] but the config migrator part unfortunately was added to the wrong version [2]. As IPoE config version 0 was only active during the 1.3 development cycle and VyOS 1.3.0 was already released with config version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to properly support upgrades from VyOS 1.3 -> 1.4 or newer. 1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168 2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46 | |||
2024-04-06 | T6199: start validating smoketests against real CLI defaultValues | Christian Breunig | |
Use vyos.xml_ref.default_value to query XML default values and take them into account when validating properly applied defaults in individual smoketests instead of using hardcoded values like 443 for https port. | |||
2024-04-06 | ethernet: T5862: default MTU is not acceptable in some environments | Christian Breunig | |
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower. | |||
2024-04-04 | ospf: T6089: fix invalid "ospf passive-interface default" | Christian Breunig | |
The option "passive-interface default" was set even if it was not present in the previous version we are migrating from. Fix migration script to handle this with a conditional path. | |||
2024-04-04 | Merge pull request #3238 from HollyGurza/T5943 | Daniil Baturin | |
bgp: T5943: BGP Peer-group members must be all internal or all external |