Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-09-26 | T4700: Firewall: add interface matching criteria | Nicolas Fort | |
2022-09-22 | ipoe: T4703: fix migration of vlan node for loca authenticated users | Christian Poessinger | |
2022-09-22 | Merge pull request #1552 from sarthurdev/nat_refactor | Christian Poessinger | |
nat: nat66: T4605: T4706: Refactor NAT/NAT66 and use new table name | |||
2022-09-21 | nat: T4605: Refactor static NAT to use python module for parsing rules | sarthurdev | |
* Rename table to vyos_nat * Add static NAT smoketest | |||
2022-09-21 | nat66: T4605: Refactor NAT66 to use python module for parsing rules | sarthurdev | |
* Rename table to vyos_nat * Refactor tests to use `verify_nftables` format | |||
2022-09-21 | nat: T4605: Refactor NAT to use python module for parsing rules | sarthurdev | |
* Rename table to vyos_nat * Refactor tests to use `verify_nftables` format | |||
2022-09-21 | Merge pull request #1553 from nicolas-fort/return-action | Christian Poessinger | |
T4699: Firewall: Add return action | |||
2022-09-21 | T4699: Firewall: Add return action, since jump action was added recently | Nicolas Fort | |
2022-09-21 | ipoe: T4678: T4703: rewrite to get_config_dict() | Christian Poessinger | |
In addition to the rewrite to make use of get_config_dict() the CLI is slightly adjusted as specified in T4703. * Rename vlan-id and vlan-range to simply vlan * Rename network-mode to simply mode * Re-use existing common Jinja2 template for Accel-PPP which are shared with PPPoE and SSTP server. * Retrieve default values via defaultValue XML node | |||
2022-09-19 | smoketest: T4118: Fix smoketest for NHRP | Viacheslav Hletenko | |
As we change syntax for IPSec 'esp <tag> compression disable' to delete 'compression' if it not used, so delete it from nhtp test | |||
2022-09-17 | Merge pull request #1546 from nicolas-fort/fwall-jump | Christian Poessinger | |
T4699: Firewall: Add jump action in firewall ruleset | |||
2022-09-17 | smoketest: accel-ppp: revise base class to reduce amout of redundant code | Christian Poessinger | |
2022-09-17 | pppoe-server: T4703: combine vlan-id and vlan-range into single CLI node | Christian Poessinger | |
The initial Accel-PPP PPPoE implementation used: set service pppoe-server interface <name> vlan-id <id> set service pppoe-server interface <name> vlan-range <start-stop> This is actually a duplicated CLI node. | |||
2022-09-16 | Merge pull request #1463 from sever-sever/T4118 | Daniil Baturin | |
ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer | |||
2022-09-16 | T4699: Firewall: Add jump action in firewall rulest | Nicolas Fort | |
2022-09-16 | ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer | Viacheslav Hletenko | |
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script | |||
2022-09-15 | bgp: T4696: add support for "bestpath peer-type multipath-relax" | Christian Poessinger | |
Add new VyOS CLI command: set protocols bgp parameters bestpath peer-type multipath-relax This command specifies that BGP decision process should consider paths from all peers for multipath computation. If this option is enabled, paths learned from any of eBGP, iBGP, or confederation neighbors will be multipath if they are otherwise considered equal cost. [1] [1]: http://docs.frrouting.org/en/stable-8.3/bgp.html#clicmd-bgp-bestpath-peer-type-multipath-relax | |||
2022-09-15 | smoketest: ethernet: rfs: T4689: also test default "0" case | Christian Poessinger | |
In addition to verify the queue lengths when CLI option is set, we also need to verify that all values are resetted back to "0" which is the Kernel default. | |||
2022-09-15 | Merge branch 'T4689' of https://github.com/jack9603301/vyos-1x into current | Christian Poessinger | |
* 'T4689' of https://github.com/jack9603301/vyos-1x: rfs: T4689: Support RFS(Receive Flow Steering) | |||
2022-09-15 | smoketest: nhrp: T2199: fix nftables rule/chain names | Christian Poessinger | |
2022-09-15 | rfs: T4689: Support RFS(Receive Flow Steering) | jack9603301 | |
2022-09-15 | smoketest: conntrack: T4691: lower test value for nf_conntrack_tcp_max_retrans | Christian Poessinger | |
The old value of 1024 is no longer supported by the most recent Kernel | |||
2022-09-14 | firewall: nat66: policy: T2199: Fix smoketests for nftables updated output | sarthurdev | |
2022-09-14 | Merge pull request #1534 from sarthurdev/firewall_interfaces | Christian Poessinger | |
firewall: zone-policy: T2199: T4605: Refactor firewall, migrate zone-policy | |||
2022-09-13 | isis: T4693: Fix ISIS segment routing configurations | Cheeze_It | |
This change is to fix a bug in which ISIS segment routing was broken due to a refactor. This change also is going to introduce a smoketest to make sure this is caught in the future. | |||
2022-09-13 | zone-policy: T2199: Migrate zone-policy to firewall node | sarthurdev | |
2022-09-13 | policy: T2199: Typo in policy route smoketest teardown | sarthurdev | |
2022-09-13 | firewall: T4605: Rename filter tables to vyos_filter | sarthurdev | |
2022-09-13 | firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵ | sarthurdev | |
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script | |||
2022-09-12 | Revert "rfs: T4689: Support RFS(Receive Flow Steering)" | Christian Poessinger | |
This reverts commit 53355271a2864d844daca89a064c21e514e10adb. | |||
2022-09-12 | rfs: T4689: Support RFS(Receive Flow Steering) | jack9603301 | |
2022-09-07 | T1024: Firewall and Policy route: add option to match dscp value, both on ↵ | Nicolas Fort | |
firewall and in policy route | |||
2022-09-06 | T4670: policy route: extend matching criteria for policy route and route6. ↵ | Nicolas Fort | |
Matching criteria added: ttl/hoplimit and packet-length | |||
2022-09-03 | firewall: T4651: re-implement packet-length CLI option to use <multi/> | Christian Poessinger | |
2022-09-03 | smoketest: firewall: add re-usable variables when running testcases | Christian Poessinger | |
2022-09-02 | Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewall | Christian Poessinger | |
* 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules. | |||
2022-09-01 | Firewall: T4651: Change proposed cli from ip-length to packet-length | Nicolas Fort | |
2022-08-29 | smoketest: config: drop almost empty https service test | Christian Poessinger | |
2022-08-28 | smoketest: T4652: upgrade PowerDNS recursor to 4.7 series | Christian Poessinger | |
2022-08-28 | smoketest: T4643: bind sstp service to port 8443 | Christian Poessinger | |
2022-08-27 | Firewall: T4651: Add options to match packet size on firewall rules. | Nicolas Fort | |
2022-08-27 | smoketest: T4643: create individual configs fot https service and sstp vpn | Christian Poessinger | |
2022-08-27 | Revert "smoketest: T4643: Change openconnect default port" | Christian Poessinger | |
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39. | |||
2022-08-27 | Revert "smoketest: T4643: Delete vpn sstp from config as we have HTTP" | Christian Poessinger | |
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459. | |||
2022-08-26 | Merge pull request #1482 from sever-sever/T4631 | Christian Poessinger | |
nat66: T4631: Add port and protocol to nat66 conf | |||
2022-08-26 | smoketest: T4631: Extend smoketes fot nat66 protocol | Viacheslav Hletenko | |
2022-08-26 | smoketest: T4643: Delete vpn sstp from config as we have HTTP | Viacheslav Hletenko | |
HTTP and sstp cannot work together and in the test config 1.4-rolling-202106290839 we didnot have configurable port for such services So we shoud delete sstp from this smoketest config test In fact it is never working at all 'smoketest/configs/pki-misc' It commits without errors before but in the real life we get 3 services (https openconnect sstp) that bound the same port | |||
2022-08-25 | telegraf: T4617: add VRF support | Christian Poessinger | |
2022-08-25 | smoketest: T4643: Change openconnect default port | Viacheslav Hletenko | |
Change openconnect port as both ocserv and sstp bind by default the same port 443 | |||
2022-08-25 | Merge pull request #1478 from sever-sever/T4622 | Christian Poessinger | |
firewall: T4622: Add TCP MSS option |