| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-04-10 | T5148: Fix OpenVPN plugin dir variable | Viacheslav Hletenko | |
| Jinja2 template uses {{ plugin_dir }} that it gets from the interface-openvpn.py variable 'plugin_dir' but the correct var should be as part of 'openvpn' dictionary i.e. openvpn['plugin_dir'] | |||
| 2023-04-09 | Merge pull request #1944 from chenxiaolong/eapol_tls_1.0_regression | Christian Breunig | |
| eapol: T5151: Allow TLSv1.0/1.1 for EAP-TLS | |||
| 2023-04-09 | eapol: T5151: Allow TLSv1.0/1.1 for EAP-TLS | Andrew Gunnerson | |
| The Debian 12 upgrade in T5003 caused a regression for connecting to legacy networks that only support TLSv1.0/1.1 for EAP-TLS. Debian allows this by default in their wpa_supplicant package, but their `allow-tlsv1.patch` patch does not work properly with VyOS' newer wpa_supplicant package, which is based on the latest code in git. As a result, wpa_supplicant always respects the system-wide openssl crypto policy, disallowing TLSv1. The commit uses the documented way of allowing TLSv1, which takes precedence over the system crypto policy. Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com> | |||
| 2023-04-07 | openvpn: T5149: do not raise error in case of disabled interface | John Estabrook | |
| 2023-04-06 | container: T5147: ensure container network exists before VRF operation | Christian Breunig | |
| Networks are started only as soon as there is a consumer. If only a network is created in the first place, no need to assign it to a VRF as there's no consumer, yet. | |||
| 2023-04-04 | Merge pull request #1937 from aapostoliuk/T5135-sagitta | Christian Breunig | |
| opennhrp: T5135: Rewritten opennhrp script using vyos.ipsec | |||
| 2023-04-04 | Merge pull request #1938 from sever-sever/T5142 | Christian Breunig | |
| T5142: Add audit tool to monitor security-relevant events | |||
| 2023-04-04 | Merge pull request #1939 from sever-sever/T5145 | Christian Breunig | |
| T5145: Add maximum number of all logins on system | |||
| 2023-04-04 | T5145: Add maximum number of all logins on system | Viacheslav Hletenko | |
| maxsyslogins maximum number of all logins on system; user is not allowed to log-in if total number of all user logins is greater than specified number (this limit does not apply to user with uid=0) set system login max-login-session 2 | |||
| 2023-04-04 | T5142: Add audit tool to monitor security-relevant events | Viacheslav Hletenko | |
| 2023-04-04 | opennhrp: T5135: Rewritten opennhrp script using vyos.ipsec | aapostoliuk | |
| Rewritten opennhrp script using vyos.ipsec library | |||
| 2023-04-03 | Merge pull request #1932 from sever-sever/T5125 | Christian Breunig | |
| T5125: Sflow op-mode add event_samples_suppressed option | |||
| 2023-04-03 | Merge pull request #1934 from sever-sever/T5141 | Christian Breunig | |
| T5141: Add numbers for dhclient-exit-hooks.d to enforce order | |||
| 2023-04-03 | Merge pull request #1933 from sever-sever/T5139 | Christian Breunig | |
| T5139: IPSec add IKE lifetime 0 for no rekeying | |||
| 2023-04-03 | T5141: Add numbers for dhclient-exit-hooks.d to enforce order | Viacheslav Hletenko | |
| Add numbers for all dhclient-exit-hooks.d to enforce script order execution Also, move '99-run-user-hooks' to '98-run-user-hooks' due to vyatta-dhclient-hook bug and exit with 'exit 1' it is described in the https://vyos.dev/T4856, so we should move this hook to the end. Rename 'vyatta-dhclient-hook' to '99-vyatta-dhclient-hook' | |||
| 2023-04-03 | T5139: IPSec add IKE lifetime 0 for no rekeying | Viacheslav Hletenko | |
| IKE lifetime should starting from 0 for disabling rekeying | |||
| 2023-04-03 | T5125: Sflow op-mode add event_samples_suppressed option | Viacheslav Hletenko | |
| Add "Packet drops suppressed" option Rename "Samples drop events sent" to "Packet drops sent" | |||
| 2023-04-02 | container: T5134: support binding container network to specific VRF | Christian Breunig | |
| Container networks now can be bound to a specific VRF instance. set vrf name <foo> table <xxx> set container network <name> vrf <foo> | |||
| 2023-04-02 | xml: re-use generic-description.xml.i building block whenever possible | Christian Breunig | |
| Remove redundant XML CLI node definitions for the common description node by referencing the common building block. | |||
| 2023-04-01 | Merge pull request #1929 from sever-sever/T5125 | Christian Breunig | |
| T5125: Extend op-mode show sflow add new metric | |||
| 2023-04-01 | T5125: Extend op-mode show sflow add new metric | Viacheslav Hletenko | |
| Add new metric, the number of packet-drop-events sent | |||
| 2023-04-01 | container: T4959: bugfix credential validation on registries | Christian Breunig | |
| Commit fe82d86d ("container: T4959: add registry authentication option") looked up the wrong config dict level when validating that both username and password need to be specified when registries are in use. | |||
| 2023-04-01 | container: T5082: switch to netavark network stack | Christian Breunig | |
| We now support assigning discrete IPv6 addresses to a container. | |||
| 2023-04-01 | container: T5047: bugfix TypeError: argument of type 'NoneType' is not iterable | Christian Breunig | |
| Commit 52e51ffb ("container: T5047: restart only containers that changed") started to iterate over a NoneType which is invalid. This happened when a network description was changed but no container was due for restart. | |||
| 2023-04-01 | xml: include building block file name should end with .i and not .in | Christian Breunig | |
| 2023-04-01 | isis: op-mode: T5132: bugfix VRF commands for route and neighbor | Christian Breunig | |
| show isis vrf <name> neighbor|route did not call the vtysh wrapper but instead always called the commands for the default routing table. | |||
| 2023-04-01 | Merge pull request #1926 from aapostoliuk/T5093-sagitta | Christian Breunig | |
| ipsec: T5093: Fixed 'reset vpn ipsec profile' command | |||
| 2023-04-01 | xml: T5128: streamline help string for interface CLI node building blocks | Christian Breunig | |
| 2023-04-01 | xml: allow-client: T5126: re-use new building block also for NTP service | Christian Breunig | |
| 2023-03-31 | Merge pull request #1920 from jestabro/https-allow-client | Viacheslav Hletenko | |
| http-api: T5126: allow restricting client IP address | |||
| 2023-03-31 | http-api: T5126: allow restricting client IP address | John Estabrook | |
| 2023-03-31 | Merge pull request #1922 from nicolas-fort/T5128 | Christian Breunig | |
| T5128: Policy Route: allow wildcard on interface | |||
| 2023-03-31 | Merge pull request #1927 from sever-sever/T5125 | Christian Breunig | |
| T5125: Add op-mode for sFlow based on hsflowd | |||
| 2023-03-31 | T5125: Add op-mode for sFlow based on hsflowd | Viacheslav Hletenko | |
| Add op-mode for sFlow based on hsflowd "show sflow" Add machine readable format '--raw' and formatted output | |||
| 2023-03-31 | T5128: Add contraint for firewall interface. Also update smoketest to ↵ | Nicolas Fort | |
| include at least one wildcarded interface | |||
| 2023-03-31 | T5128: Policy Route: allow wildcard on interface | Nicolas Fort | |
| 2023-03-31 | Merge pull request #1925 from sever-sever/T4173-smoketest | Viacheslav Hletenko | |
| T4173: Fix smoketest for load-balancing wan | |||
| 2023-03-31 | Merge pull request #1924 from fett0/T5131 | Christian Breunig | |
| T5131: fix op-mode show isis segment-routing prefix-sids | |||
| 2023-03-30 | T5131: fix op-mode show isis segment-routing prefix-sids | fett0 | |
| 2023-03-30 | Merge pull request #1923 from jestabro/fix-template | Christian Breunig | |
| interfaces: T5130: remove show_interfaces.py reference and script | |||
| 2023-03-30 | interfaces: T5130: remove obsoleted show_interfaces.py | John Estabrook | |
| 2023-03-30 | interfaces: T5130: show/interfaces/node.def defined in vyos-1x | John Estabrook | |
| 2023-03-30 | ipsec: T5093: Fixed 'reset vpn ipsec profile' command | aapostoliuk | |
| Fixed 'reset vpn ipsec profile' command using vici library and new op-mode style. Added ability to use 'reset vpn ipsec profile' command with 'remote-host' option. | |||
| 2023-03-30 | T4173: Fix smoketest for load-balancing wan | Viacheslav Hletenko | |
| Counter jump WANLOADBALANCE was deleted in the commit https://github.com/vyos/vyos-1x/commit/27ca5b9d6d699e201f88ffff41b0a651166b65eb I guess it was done to pass the smoketest even if it broke the load-balance wan feature Fix it | |||
| 2023-03-29 | Merge pull request #1900 from jestabro/diff-test | Christian Breunig | |
| configdiff: T5089: add unit test of config_diff | |||
| 2023-03-29 | ntp: T3008: start daemon with extended privileges but then drop to _chrony | Christian Breunig | |
| 2023-03-29 | configdiff: T5089: add unit test | John Estabrook | |
| 2023-03-29 | configdiff: T5089: add optional arg ordered_values for unit tests | John Estabrook | |
| 2023-03-29 | configdiff: T5089: add union of configtrees for unit test | John Estabrook | |
| 2023-03-29 | configtree: T5089: sorting of nodes is now implemented on parsing config | John Estabrook | |
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |