VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=sever-sever 2024-08-15T16:12:37+00:00 2024-08-15T16:12:37+00:00 Nataliia Solomko natalirs1985@gmail.com 2024-08-15T10:20:31+00:00 urn:sha1:663e468de2b431f771534b4e3a2d00a5924b98fe 2024-08-12T20:23:52+00:00 Lucas Christian lucas@lucasec.com 2024-08-11T22:18:38+00:00 urn:sha1:a2b6098e6f9c1915a61a9aebc8f9852bd897387c 2024-07-29T16:10:30+00:00 Daniil Baturin daniil@vyos.io 2024-07-29T16:10:30+00:00 urn:sha1:9149c657dfdb4d8297aba3ef1ed1346e670b071b OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers 2024-07-28T11:47:07+00:00 talmakion andrewt@telekinetica.net 2024-07-28T11:47:07+00:00 urn:sha1:e2bf8812f73a75356f56274968be8859a2186d73 * Change ipsec match-ipsec/none to match-ipsec-in and match-none-in for fw rules * Add ipsec match-ipsec-out and match-none-out * Change all the points where the match-ipsec.xml.i include was used before, making sure the new includes (match-ipsec-in/out.xml.i) are used appropriately. There were a handful of spots where match-ipsec.xml.i had snuck back in for output hooked chains already (the common-rule-* includes) * Add the -out generators to rendered templates * Heavy modification to firewall config validators: * I needed to check for ipsec-in matches no matter how deeply nested under an output-hook chain(via jump-target) - this always generates an error. * Ended up retrofitting the jump-targets validator from root chains and for named custom chains. It checks for recursive loops and improper IPsec matches. * Added "test_ipsec_metadata_match" and "test_cyclic_jump_validation" smoketests 2024-07-25T10:07:02+00:00 srividya0208 a.srividya@vyos.io 2024-07-15T10:30:00+00:00 urn:sha1:b62b2f5f8a9c4f0a7dc26bce1f15843651119256 2024-07-18T18:33:24+00:00 Daniil Baturin daniil@vyos.io 2024-07-18T18:33:24+00:00 urn:sha1:e2b05343b30d2f989968532106e792cbaf75ecf6 2024-06-16T07:22:28+00:00 Christian Breunig christian@breunig.cc 2024-06-15T19:40:04+00:00 urn:sha1:9e22ab6b2aee48029d3455f65880e45c558cf1da Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code" 2024-06-11T15:04:18+00:00 Nataliia Solomko natalirs1985@gmail.com 2024-06-11T15:04:18+00:00 urn:sha1:0f669a22615a18c3cd8da2f65f3ed79686992320 2024-06-06T15:19:01+00:00 Daniil Baturin daniil@vyos.io 2024-06-06T15:19:01+00:00 urn:sha1:85da43aa26470e0657ba68437a297ed11045d132 T3900: Add support for raw tables in firewall 2024-06-04T13:22:24+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-05-24T16:44:41+00:00 urn:sha1:770edf016838523c248e3c8a36c5f327a0b98415