| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-06-11 | firewall: T3900: fix migration and smoketests | Christian Breunig | |
| Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall") changed the position in the CLI for conntrack timeout. This lead to failing smoketests because of a regression in the migrator. | |||
| 2024-06-10 | Merge pull request #3606 from c-po/utils-cpu-T5195 | Christian Breunig | |
| vyos.utils: T5195: import vyos.cpu to this package | |||
| 2024-06-10 | T6219: align with system sysctl and limit parameters to supported | Nicolas Vollmar | |
| 2024-06-10 | container: T6219: Add support for container sysctl / kernel parameters | Ben Pilgrim | |
| 2024-06-10 | vyos.utils: T5195: import vyos.cpu to this package | Christian Breunig | |
| The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu | |||
| 2024-06-10 | Merge pull request #3610 from c-po/ipsec-profile-T6424 | Christian Breunig | |
| op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation | |||
| 2024-06-10 | Merge pull request #3612 from c-po/haproxy-pki-T6463 | Christian Breunig | |
| pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s) | |||
| 2024-06-10 | Merge pull request #3607 from c-po/firewall-unused-import | Christian Breunig | |
| firewall: T3900: T6394: remove unused import | |||
| 2024-06-09 | op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profile | Christian Breunig | |
| 2024-06-09 | op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵ | Christian Breunig | |
| generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. | |||
| 2024-06-09 | pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s) | Christian Breunig | |
| The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies. | |||
| 2024-06-09 | firewall: T3900: T6394: remove unused import | Christian Breunig | |
| With commit 770edf016838 ("T3900: T6394: extend functionalities in firewall; move netfilter sysctl timeout parameters defined in conntrack to firewall global-opton section.") the import of the glob module is no longer required. Found my running: make unused-imports | |||
| 2024-06-07 | reverse-proxy: T6454: Set default value of http for haproxy mode | Alex W | |
| 2024-06-06 | T6412: CGNAT fix allocation calcluation for verify (#3585) | Viacheslav Hletenko | |
| Fix external address/port allocation for CGN. It fixes some cases where external address/ports can be allocated again to another user. | |||
| 2024-06-06 | Merge pull request #3578 from nicolas-fort/raw-hook | Daniil Baturin | |
| T3900: Add support for raw tables in firewall | |||
| 2024-06-05 | migration: T6006: add activation script dir and helper function | John Estabrook | |
| 2024-06-05 | migration: T6006: update config.boot.default and move to vyos-1x | John Estabrook | |
| 2024-06-04 | T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵ | Nicolas Fort | |
| timeout parameters defined in conntrack to firewall global-opton section. | |||
| 2024-06-03 | Merge pull request #3572 from talmakion/bugfix/T6403 | Daniil Baturin | |
| nat64: T6403: validate source prefix for RFC compliance | |||
| 2024-06-03 | bfd: T6440: BFD peer length typo | Hannes Tamme | |
| 2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
| 2024-06-01 | nat64: T6403: validate source prefix for RFC compliance | Andrew Topp | |
| Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed. | |||
| 2024-05-31 | tunnel: T6157: fixing GRE tunnel uniqueness checks | Andrew Topp | |
| Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately. | |||
| 2024-05-31 | Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-records | Christian Breunig | |
| dns: T6422: allow multiple redundant NS records | |||
| 2024-05-31 | T5307: QoS - traffic-class-map services (#3492) | Roman Khramshin | |
| added new syntax to work with class match filters in QoS policy | |||
| 2024-05-31 | op-mode: T683: remove superfluous debug print in snmpv3 display code | Christian Breunig | |
| This was a leftover from the early days. | |||
| 2024-05-30 | T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵ | Haim Gelfenbeyn | |
| style fixes | |||
| 2024-05-30 | Merge pull request #3531 from Embezzle/T6409 | Christian Breunig | |
| reverse-proxy: T6409: Remove unused backend parameters | |||
| 2024-05-30 | reverse-proxy: T6409: unindent migration script code path | Christian Breunig | |
| 2024-05-30 | Merge pull request #3552 from c-po/ipsec-profile | Christian Breunig | |
| op-mode: ipsec: T6407: fix profile generation | |||
| 2024-05-30 | dns: T6422: allow multiple redundant NS records | Haim Gelfenbeyn | |
| NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. | |||
| 2024-05-30 | Merge pull request #3546 from c-po/haproxy | Christian Breunig | |
| reverse-proxy: T6419: build full CA chain when verifying backend server | |||
| 2024-05-30 | op-mode: ipsec: T6407: fix profile generation | Christian Breunig | |
| Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. | |||
| 2024-05-29 | container: T6406: fix NameError: name 'vyos' is not defined | Christian Breunig | |
| Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module. | |||
| 2024-05-29 | reverse-proxy: T6419: build full CA chain for frontend SSL certificate | Christian Breunig | |
| 2024-05-29 | reverse-proxy: T6419: build full CA chain when verifying backend server | Christian Breunig | |
| 2024-05-29 | reverse-proxy: T5231: remove frontend ca-certificate code path | Christian Breunig | |
| The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service. | |||
| 2024-05-29 | nat: T6371: fix op mode display of configured ports when comma separated ↵ | Ginko | |
| list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. | |||
| 2024-05-29 | openvpn: T6374: only check TLS role for s2s if TLS is configured | Daniil Baturin | |
| 2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
| T6411: CGNAT fix sequences for external address ranges | |||
| 2024-05-28 | Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validation | Christian Breunig | |
| openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | |||
| 2024-05-28 | Merge pull request #3533 from natali-rs1985/T6389-current | John Estabrook | |
| op_mode: T6389: Check architecture and flavor compatibility on upgrade attempts | |||
| 2024-05-28 | Merge pull request #3529 from HollyGurza/T5786 | Christian Breunig | |
| T5786: Add set/show system image to /image endpoint | |||
| 2024-05-28 | T6411: CGNAT fix sequences for external address ranges | Viacheslav Hletenko | |
| Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set) | |||
| 2024-05-28 | op mode: T6389: Check architecture and flavor compatibility on upgrade attempts | Nataliia Solomko | |
| 2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
| 2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
| 2024-05-27 | reverse-proxy: T6409: Remove unused backend parameters | Alex W | |
| 2024-05-27 | T5786: Add set/show system image to /image endpoint | khramshinr | |
| 2024-05-27 | openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | Daniil Baturin | |
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) |
| summaryrefslogtreecommitdiff |