Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-02-21 | vxlan: T4120: code cleanup for multiple remotes | Christian Poessinger | |
2022-02-20 | bridge: remove unreferenced import -> leaf_node_changed | Christian Poessinger | |
2022-02-20 | vxlan: T4120: add ability to set multiple remotes (PR #1127) | Andreas | |
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command. | |||
2022-02-19 | containers: T4249: Allow to connect host device to the container | Viacheslav Hletenko | |
Ability to attach host devices to the container It can be disk, USB device or any device from the directory /dev set container name alp01 device disk source '/dev/vdb1' set container name alp01 device disk destination '/dev/mydisk' | |||
2022-02-17 | pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵ | Andrew Gunnerson | |
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com> | |||
2022-02-17 | openvpn: T4230: globally enable ip_nonlocal_bind | Christian Poessinger | |
2022-02-17 | Merge pull request #1211 from sever-sever/T4230-cur | Christian Poessinger | |
openvpn: T4230: Delete checks if local-host address assigned | |||
2022-02-16 | xml: T3474: get component version dictionary from xml cache, not legacy | John Estabrook | |
2022-02-15 | conntrack-sync: T4237: Fix checks for listen-address list to str | Viacheslav Hletenko | |
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list (cherry picked from commit c41c51e4ed7ceb293161014a73bdd350162c3300) | |||
2022-02-14 | pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert name | Andrew Gunnerson | |
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com> | |||
2022-02-14 | tunnel: T4154: import cleanup | Christian Poessinger | |
2022-02-14 | tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵ | Christian Poessinger | |
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface. | |||
2022-02-13 | vrf: T4191: bugfix for "ip rule" when VRFs are created | Christian Poessinger | |
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards. | |||
2022-02-12 | policy: T2199: bugfix verify_rule() on negated groups | Christian Poessinger | |
Related to #1215 | |||
2022-02-11 | Merge pull request #1214 from sever-sever/T3686 | Christian Poessinger | |
openvpn: T3686: Fix for check local-address in script and tmpl | |||
2022-02-10 | openvpn: T4236: Add generator for ovpn configurations in op-mode | Viacheslav Hletenko | |
This generator generates client .ovpn files with required initial configuration It gets information from interface vtun, pki ca and certificates | |||
2022-02-10 | Merge pull request #1133 from zdc/T1925-sagitta | Daniil Baturin | |
ipsec: T1925: Fixed `show vpn ipsec sa` output | |||
2022-02-09 | openvpn: T3686: Fix for check local-address in script and tmpl | Viacheslav Hletenko | |
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template | |||
2022-02-09 | openvpn: T4230: Delete checks if local-host address assigned | Viacheslav Hletenko | |
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address | |||
2022-02-08 | monitoring: T3872: Add input filter for firewall InfluxDB2 | Viacheslav Hletenko | |
Input filter for firewall allows to get bytes/counters from nftables in format, required for InfluxDB2 | |||
2022-02-05 | vrrp: T4226: transition-script does not work for groups containing a hypen (-) | Christian Poessinger | |
2022-02-05 | Merge pull request #1206 from sarthurdev/T4209 | Christian Poessinger | |
firewall: T4209: Fix support for rule `recent` matches | |||
2022-02-04 | policy: T4151: Delete unexpected print added in commit c501ae0f | Viacheslav Hletenko | |
2022-02-04 | firewall: T4209: Fix support for rule `recent` matches | sarthurdev | |
2022-02-01 | Revert "dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command" | Christian Poessinger | |
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1. | |||
2022-01-31 | upnpd: T3420: code cleanup | Christian Poessinger | |
2022-01-31 | Merge pull request #1196 from hensur/current-ipv6-local-route-iif | Christian Poessinger | |
policy: T4219: add local-route(6) inbound-interface support | |||
2022-01-31 | firewall: T2199: Fix errors when referencing an empty chain | sarthurdev | |
2022-01-30 | policy: T4219: add local-route(6) incoming-interface | Henning Surmeier | |
2022-01-30 | policy: T4213: Fix duplicate commands from multiple rules with single table | sarthurdev | |
2022-01-29 | firewall: T4216: Add support for negated firewall groups | sarthurdev | |
2022-01-29 | firewall: T4218: Adds a prefix to all user defined chains | sarthurdev | |
2022-01-29 | Merge pull request #1195 from hensur/current-ipv6-local-route | Christian Poessinger | |
policy: T4151: bugfix multiple commits and smoketest | |||
2022-01-30 | Merge pull request #789 from jack9603301/T3420 | Daniil Baturin | |
upnpd: T3420: Support UPNP protocol | |||
2022-01-28 | dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command | Christian Poessinger | |
2022-01-28 | firewall: T4217: install protocol tcp_udp if port group does not use a protocol | Christian Poessinger | |
2022-01-28 | policy: T4151: remove all previous rules on edit | Henning Surmeier | |
2022-01-27 | Merge pull request #1194 from sarthurdev/T4213 | Christian Poessinger | |
policy: T4213: Fix rule creation/deletion for IPv6 policy routes | |||
2022-01-27 | policy: T4213: Fix rule creation/deletion for IPv6 policy routes | sarthurdev | |
2022-01-25 | policy: T4194: Add prefix-list duplication checks | Viacheslav Hletenko | |
Prefix-list should not be duplicatied as FRR doesn't accept it One option when it can be duplicated when it uses "le" or "ge" | |||
2022-01-22 | bandwidth-test: T4153: Fixed bandwidth-test initiate, which was not working ↵ | Nicolas Fort | |
with ipv4 | |||
2022-01-22 | Merge pull request #1184 from sarthurdev/firewall_icmp | Christian Poessinger | |
firewall: T4130: T4186: ICMP/v6 updates, ipv6 state policy check fix | |||
2022-01-21 | firewall: T2199: Verify correct ICMP protocol for ipv4/ipv6 | sarthurdev | |
2022-01-21 | firewall: T4186: ICMP/v6 migrations | sarthurdev | |
2022-01-21 | firewall: T4130: Use correct table to check for state policy rule | sarthurdev | |
2022-01-21 | policy: T4151: Bugfix policy ipv6-local-route | Henning Surmeier | |
2022-01-20 | interface-names: T3871: use tempfile during virtual migration | John Estabrook | |
Use tempfile to avoid race conditions during virtual migration. | |||
2022-01-20 | Merge pull request #1144 from hensur/current-ipv6-local-route | Christian Poessinger | |
policy: T4151: Add policy ipv6-local-route | |||
2022-01-19 | Merge pull request #1177 from sarthurdev/mac_groups | Christian Poessinger | |
firewall: T3560: Add support for MAC address groups | |||
2022-01-18 | firewall: T2199: Raise ConfigError if deleted node is used in zone-policy | sarthurdev | |