summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-10-10Merge pull request #1577 from sarthurdev/T4741Christian Poessinger
firewall: policy: T4741: T4742: Verify zone `from` is defined, autocomplete policy route tables
2022-10-10Merge pull request #1563 from sever-sever/T4716Christian Poessinger
ssh: T4716: Ability to configure RekeyLimit data and time
2022-10-10Merge pull request #1576 from sever-sever/T4730Christian Poessinger
conntrack-sync: T4730: Fix listen-address jinja2 template
2022-10-10policy: T4742: Add policy route table auto-completesarthurdev
2022-10-10firewall: T4741: Verify zone `from` is defined before usesarthurdev
2022-10-10conntrack-sync: T4730: Fix listen-address jinja2 templateViacheslav Hletenko
Listen address has option 'multi' As resulte we have incorrect template value for listen address - conntrack-sync listen-address '192.0.2.11' in template It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf but the correct string expected without brackets Fix it
2022-10-10ssh: T4716: Ablity to configure RekeyLimit data and timeViacheslav Hletenko
Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60
2022-10-10Merge pull request #1575 from sarthurdev/firewall_state_logChristian Poessinger
firewall: T3907: Fix firewall state-policy logging
2022-10-09firewall: T3907: Fix firewall state-policy loggingsarthurdev
When log-level was introduced node `state-policy x log` was removed without migrator. This commit adds it back and improves log handling.
2022-10-09Merge pull request #1573 from jestabro/gql-simplifyJohn Estabrook
T4738: generate schema definitions for configsession functions and use single directive/resolver
2022-10-07graphql: T4738: remove templated requests pending rewriteJohn Estabrook
2022-10-07graphql: T4738: generate schema defs for configsession methodsJohn Estabrook
2022-10-07graphql: T4736: fix import error to correct JSON outputJohn Estabrook
2022-10-07smoketest: ospf: remove old debug code no longer used/requiredChristian Poessinger
2022-10-07ospf: T4707: enable segment-routing on last in FRR configurationChristian Poessinger
2022-10-07Merge pull request #1572 from Cheeze-It/currentChristian Poessinger
ospf: T4707: Add OSPF segment routing for FRR
2022-10-07Merge pull request #1569 from dmbaturin/radius-rate-limit-compChristian Poessinger
T4726: add completion help and validation for accel-ppp vendor option
2022-10-07Merge branch 'current' into radius-rate-limit-compChristian Poessinger
2022-10-06ospf: T4707: Add OSPF segment routing for FRRCheeze_It
In this commit we add OSPF segment routing, smoke tests, handlers, FRR template changes, and CLI commands.
2022-10-06xml: T4722: radius: remove superfluous "default" help stringChristian Poessinger
vyos-1x automatically adds a "(default: ...)" hint to the CLI help if the <defaultValue> XML tag is used. No need to specify this manually.
2022-10-06smoketest: ethernet: use ifconfig API for VLAN detection on test initialisationChristian Poessinger
Section.interfaces() now as an option if it should return also VLAN interfaces or not. No need to keep a custom logic for it.
2022-10-06Merge pull request #1567 from aapostoliuk/T4660-sagittaChristian Poessinger
policy: T4660: Changed CLI syntax in route-map set community
2022-10-06T4727: add support for RADIUS rate limiting to PPTP (#1570)Daniil Baturin
2022-10-03wwan: T4728: fix crontab file missing newlineBen Hughes
2022-10-03T4726: add completion help and validation for accel-ppp vendor optionDaniil Baturin
2022-10-03policy: T4660: Changed CLI syntax in route-map set communityaapostoliuk
Changed CLI syntax in route-map set community, set large-community, set extcommunity Allows to add multiple communities, large-communities and extcommunities in clear view. Added new well-known communities. Added non-transitive feature in extcommunities. Fixed community's validators.
2022-10-01Merge pull request #1568 from dmbaturin/abbr-consistencyChristian Poessinger
T4722: consistent use of the official spelling for RADIUS and IPsec
2022-10-01T4722: consistently use the "RADIUS" spelling for the RADIUS protocolDaniil Baturin
2022-10-01T4722: consistently use the "IPsec" spelling for IPsecDaniil Baturin
2022-09-30bgp: evpn: T1315: add route-target CLI node <multi/> propertyChristian Poessinger
FRR supports multiple route-targets to be used for import/export: address-family l2vpn evpn route-target import 20:10 route-target import 20:11 route-target import 20:12 route-target import 40:40 route-target export 1:2 route-target export 1:3 route-target export 40:40 exit-address-family Thus the <multi/> property is added to the relevant CLI nodes.
2022-09-29Merge pull request #1566 from sarthurdev/firewall_opChristian Poessinger
firewall: T2199: Fix op-mode script for interface migration and vyos_filter table name
2022-09-29firewall: T2199: Fix op-mode script for interface migration and vyos_filter ↵sarthurdev
table name
2022-09-28Merge pull request #1561 from sever-sever/T4715Christian Poessinger
login: T4715: Auto logout user after inactivity
2022-09-28op-mode: ipsec: T4719: bugfix IKEv2 road-warrior profile generatorChristian Poessinger
Commit bd4588827b ("ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer") changed the CLI syntax of ipsec. This resulted in a node not renamed in the op-mode generator when generating IKEv2 IPSec iOS configuration profiles.
2022-09-28Merge pull request #1565 from sever-sever/T4557Christian Poessinger
ids: T4557: Update xml-component-version
2022-09-28Merge pull request #1564 from sarthurdev/T4713Christian Poessinger
nat: T4713: Fix op-mode nat translation output
2022-09-28ids: T4557: Update xml-component-versionViacheslav Hletenko
2022-09-28login: T4715: Auto logout user after inactivityViacheslav Hletenko
Ability to terminate interactive sessions (TTY/PTS) after a period of inactivity. set system login timeout '300'
2022-09-28nat: T4713: Fix op-mode nat translation outputsarthurdev
2022-09-28op-mode: T3589: streamline console-server journalctl cmdlineChristian Poessinger
2022-09-28op-mode: T3589: streamline pppoe interface journalctl cmdlineChristian Poessinger
2022-09-28Merge pull request #1559 from insertjokehere/console-server-namesChristian Poessinger
conserver: T4717: Support for setting a name for console-server devices
2022-09-28conserver: T4717: Support for setting a name for console-server devicesWilliam Hughes
This adds a new 'alias' property to the console-server device definition to allow users to connect to a console using a human-readable name rather than just the device name. For a configuration like: service { console-server { device ttyUSB0 { speed 115200 alias my-server } } } Users can connect either by doing `connect console ttyUSB0`, or `connect console my-server`. Names: * Must be unique * Are limited to 128 characters * Are optional - if not specified, only the `connect console ttyX` form can be used
2022-09-27Merge pull request #1562 from sever-sever/T4711Christian Poessinger
login: T4711: Terminate user TTY and PTS sessions
2022-09-27Merge pull request #1560 from nicolas-fort/T4700Christian Poessinger
T4700: Firewall: add interface matching criteria
2022-09-27login: T4711: Terminate user TTY and PTS sessionsViacheslav Hletenko
Ability to terminate user TTY and PTS sessions clear session pts/1
2022-09-26ethernet: T4689: support asymetric RFS configuration on multiple interfacesChristian Poessinger
The initial implementation from commit ac4e07f9 ("rfs: T4689: Support RFS (Receive Flow Steering)") always adjusted the global rps_sock_flow_entries configuration. So if RFS was enabled for one NIC but not the other - it did not work. According to the documentation: RFS is only available if the kconfig symbol CONFIG_RPS is enabled (on by default for SMP). The functionality remains disabled until explicitly configured. The number of entries in the global flow table is set through: /proc/sys/net/core/rps_sock_flow_entries The number of entries in the per-queue flow table are set through: /sys/class/net/<dev>/queues/rx-<n>/rps_flow_cnt Both of these need to be set before RFS is enabled for a receive queue. Values for both are rounded up to the nearest power of two. The suggested flow count depends on the expected number of active connections at any given time, which may be significantly less than the number of open connections. We have found that a value of 32768 for rps_sock_flow_entries works fairly well on a moderately loaded server. This commit sets rps_sock_flow_entries via sysctl on bootup leafing the RFS configuration to the interface level.
2022-09-26Merge pull request #1545 from sever-sever/T4557Christian Poessinger
ids: T4557: Migrate threshold and add new threshold types
2022-09-26ids: T4557: Migrate threshold and add new threshold typesViacheslav Hletenko
Migrate "service ids ddos-protection threshold xxx" to "service ids ddos-protection general threshold xxx" Add new threshold types: set service ids ddos-protection threshold tcp xxx set service ids ddos-protection threshold udp xxx set service ids ddos-protection threshold icmp xxx
2022-09-26T4700: Firewall: add interface matching criteriaNicolas Fort