Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-08-23 | vrf: T5428: stop DHCP processes on VRf removal | Christian Breunig | |
This is a workaround for the priority inversion from T5492 ("CLI node priority is not inversed on node deletion"). As this is a corner case bug that's only triggered if an interface is removed from a VRF and also the VRF is removed in one commit, priorities are not honored. Thus we implement this workaround which stop the DHCP(v6) client processes on the VRF associated interfaces to get out the DHCP RELEASE message before interfaces are shut down. | |||
2023-08-23 | vrf: T5428: move helpers to common vyos.utils.network module | Christian Breunig | |
Helper functions can and will be re-use din different code places. | |||
2023-08-23 | T5472: nat redirect: allow redirection without defining redirected port | Nicolas Fort | |
2023-08-23 | T5463: Container allow publish listen-addresses | Viacheslav Hletenko | |
Ability to publish multiple IP/IPv6 addresses for container set container name c1 port web destination '80' set container name c1 port web listen-address '192.0.2.1' set container name c1 port web listen-address '2001:db8:1111::1' set container name c1 port web source '8080' --publish 192.0.2.1:8080:80/tcp --publish [2001:db8:1111::1]:8080:80/tcp | |||
2023-08-23 | Merge pull request #2156 from giga1699/T5447 | Christian Breunig | |
T5447: Initial support for MACsec static keys | |||
2023-08-22 | Merge pull request #2149 from nicolas-fort/T5478 | Viacheslav Hletenko | |
T5478: remove config-trap configuration parser in firewall | |||
2023-08-20 | T5447: Adjust to positive logic in generare() | Giga Murphy | |
2023-08-20 | T5447: Update copyright years | Giga Murphy | |
2023-08-20 | T5447: Implement maintainer feedback | Giga Murphy | |
2023-08-20 | wifi: T5491: import cleanup | Christian Breunig | |
2023-08-20 | wifi: T5491: allow white-/blacklisting station MAC addresses for security | Christian Breunig | |
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac> | |||
2023-08-19 | wifi: T5470: improve error message | Christian Breunig | |
2023-08-18 | T5447: Add verification of peer rx-key length | Giga Murphy | |
2023-08-18 | T5447: MACsec static tx-key validation | Giga Murphy | |
2023-08-18 | T5447: Initial support for MACsec static keys | Giga Murphy | |
2023-08-17 | Merge pull request #2130 from aapostoliuk/T5409-sagitta | Christian Breunig | |
wireguard: T5409: Added 'set interfaces wireguard wgX threaded' | |||
2023-08-17 | wireguard: T5409: rename threaded CLI not to per-client-thread | Christian Breunig | |
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured. | |||
2023-08-17 | system-ip: T5449: add TCP MSS probing options | Daniil Baturin | |
2023-08-16 | Merge pull request #2150 from ↵ | John Estabrook | |
dmbaturin/T5271-openvpn-peer-fingerprint-restrictions T5271: allow OpenVPN peer-fingerprint to be used instead of a CA in site-to-site mode | |||
2023-08-15 | T5483: clean up tmp config file | John Estabrook | |
2023-08-15 | T5271: allow the user to specify either CA or peer fingerprint | Daniil Baturin | |
in OpenVPN site-to-site mode | |||
2023-08-15 | T5478: remove config-trap configuration parser in firewall | Nicolas Fort | |
2023-08-12 | T5160: fix merge regression | John Estabrook | |
2023-08-12 | T5467: removing ospf(v3) or isis interface in VRF context did not clear FRR ↵ | Christian Breunig | |
config To reproduce: set vrf name red table 2000 set vrf name red protocols ospf interface eth1 area 0 set vrf name red protocols ospf parameters router-id 1.1.1.1 set interfaces ethernet eth1 vrf red commit FRR now has an interface config vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit Now delete the interface from the OSPF(v3) or ISIS process delete vrf name red protocols ospf interface commit It's still there vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit ! Issue was caused in the FRR vtysh representation of an interface. It used to have a "vrf <name>" marker in earlier versions but FRR 8.5 and later no longer have the marker. So "interface eth1 vrf red" became "interface eth1" in vtysh, but our regex expected the "vrf" identifier when modifying FRR config. | |||
2023-08-11 | Merge pull request #2016 from nicolas-fort/T5160 | Christian Breunig | |
T5160: Firewall refactor | |||
2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: new cli structure. Update jinja templates, python ↵ | Nicolas Fort | |
scripts and src firewall | |||
2023-08-11 | T5448: Move zabbix-agent to node monitoring | Viacheslav Hletenko | |
Move 'service zabbix-agent' => 'service monitoring zabbix-agent' | |||
2023-08-11 | Merge pull request #2146 from dmbaturin/T5270-openvpn-dh-optional | Christian Breunig | |
openvpn: T5270: do not require classic DH params in any mode | |||
2023-08-10 | Merge pull request #2140 from sever-sever/T5448 | Daniil Baturin | |
T5448: Add service zabbix-agent | |||
2023-08-10 | openvpn: T5270: do not require classic DH params in any more | Daniil Baturin | |
Generate 'dh none' instead and let OpenVPN use ECDH | |||
2023-08-10 | tunnel: T5223: clear GRE key id after deletion | srividya0208 | |
2023-08-09 | T5448: Add service zabbix-agent version 2 | Viacheslav Hletenko | |
Add service zabbix-agent set service zabbix-agent directory '/config/zabbix/' set service zabbix-agent limits buffer-flush-interval '8' set service zabbix-agent limits buffer-size '120' set service zabbix-agent log debug-level 'warning' set service zabbix-agent log size '1' set service zabbix-agent server '192.0.2.5' set service zabbix-agent server-active 192.0.2.5 port '10051' set service zabbix-agent server-active 2001:db8::123 | |||
2023-08-09 | Merge pull request #2136 from jestabro/with-defaults | Christian Breunig | |
T5319: remove workarounds for incorrect defaults in config-mode scripts | |||
2023-08-08 | Merge pull request #2119 from nicolas-fort/T5014-dnat | Christian Breunig | |
T5014: nat: add source and destination nat options for configuring lo… | |||
2023-08-07 | T5319: remove workarounds for defaults in vpp.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in vpn_openconnect.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in vpn_ipsec.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in tftp_server.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system-syslog.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system_sflow.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-option.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-logs.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system-login.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-ipv6.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-ip.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system_console.py | John Estabrook | |
2023-08-07 | T5434: use merge_defaults in ssh.py | John Estabrook | |