summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-10T751: Remove ids suricataViacheslav Hletenko
2024-06-10Merge pull request #3610 from c-po/ipsec-profile-T6424Christian Breunig
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
2024-06-10Merge pull request #3612 from c-po/haproxy-pki-T6463Christian Breunig
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
2024-06-10Merge pull request #3613 from c-po/sstpc-T6464Christian Breunig
pki: T6464: sstpc interface not reloaded when updating SSL certificate(s)
2024-06-10Merge pull request #3607 from c-po/firewall-unused-importChristian Breunig
firewall: T3900: T6394: remove unused import
2024-06-09op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profileChristian Breunig
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-09pki: T6464: sstpc interface not reloaded when updating SSL certificate(s)Christian Breunig
The SSTPC client was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-09pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)Christian Breunig
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-09T6449: added pr update trigger (#3596)Vijayakumar A
2024-06-09firewall: T3900: T6394: remove unused importChristian Breunig
With commit 770edf016838 ("T3900: T6394: extend functionalities in firewall; move netfilter sysctl timeout parameters defined in conntrack to firewall global-opton section.") the import of the glob module is no longer required. Found my running: make unused-imports
2024-06-09Merge pull request #3598 from Embezzle/T6454Christian Breunig
reverse-proxy: T6454: Set default value of http for haproxy mode
2024-06-07Merge pull request #3592 from zdc/T6453-circinusDaniil Baturin
grub: T6453: Fixed GRUB variables parsing
2024-06-07reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
2024-06-06grub: T6453: Fixed GRUB variables parsingzsdc
To parse variables with `=` a variable name should be limited by alphanumerical characters only.
2024-06-06Merge pull request #3589 from natali-rs1985/T6423-currentJohn Estabrook
xml: T6423: enforce priority on nodes having an owner
2024-06-06xml: T6423: enforce priority on nodes having an ownerNataliia Solomko
2024-06-06T6412: CGNAT fix allocation calcluation for verify (#3585)Viacheslav Hletenko
Fix external address/port allocation for CGN. It fixes some cases where external address/ports can be allocated again to another user.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-06Merge pull request #3573 from talmakion/bugfix/T6401-2Daniil Baturin
vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need it
2024-06-06Merge pull request #3587 from jestabro/config-default-system-versionDaniil Baturin
migration: T6006: add system component version to config.boot.default by separating activation from migration
2024-06-05migration: T6006: add activation script dir and helper functionJohn Estabrook
2024-06-05migration: T6447: add module compose_configJohn Estabrook
2024-06-05migration: T6006: update config.boot.default and move to vyos-1xJohn Estabrook
2024-06-05Merge pull request #3584 from dmbaturin/T6446-display-support-urlDaniil Baturin
show version: T6446: display the support URL for LTS builds
2024-06-05Merge pull request #3571 from fett0/T6429Daniil Baturin
isis: T6429: fix isis metric-style configuration missing
2024-06-05Merge pull request #3560 from c-po/action-testChristian Breunig
GitHub: add action to build package on PR
2024-06-05show version: T6446: display the support URL for LTS buildsDaniil Baturin
2024-06-04Merge pull request #3582 from talmakion/bugfix/T6431Daniil Baturin
T6431: op-mode command "monitor traceroute" missing recursive symlink
2024-06-04ISIS: T6332: add smoketest optionfett0
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-04T6431: op-mode command monitor traceroute missing recursive symlinkAndrew Topp
Likely this was copied from mtr in the past but the symlink wasn't added to the Makefile. I've also swapped the completion help text around to match the commands.
2024-06-03Merge pull request #3572 from talmakion/bugfix/T6403Daniil Baturin
nat64: T6403: validate source prefix for RFC compliance
2024-06-03Merge pull request #3579 from h5t4/currentDaniil Baturin
bfd: T6440: BFD peer length typo
2024-06-03bfd: T6440: BFD peer length typoHannes Tamme
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-06-01vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need itAndrew Topp
`bridge vni show dev vxlanX` will exit with an error if no VNI filters are installed, but the getter is used even when we haven't installed any. This fix avoids fetching a list of VNI filters unless we know we've created some.
2024-06-01nat64: T6403: validate source prefix for RFC complianceAndrew Topp
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed.
2024-05-31isis: T6429: fix isis metric-style configuration missingfett0
2024-05-31Merge pull request #3570 from talmakion/bugfix/T6157Daniil Baturin
tunnel: T6157: fixing GRE tunnel uniqueness checks
2024-05-31Merge pull request #3569 from vyos/feature/T6415-repo-sync-pull_request_targetDaniil Baturin
T6415: repo sync using pull_request_target
2024-05-31tunnel: T6157: fixing GRE tunnel uniqueness checksAndrew Topp
Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately.
2024-05-31T6415: repo sync using pull_request_targetVijayakumar A
2024-05-31Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-recordsChristian Breunig
dns: T6422: allow multiple redundant NS records
2024-05-31T5307: QoS - traffic-class-map services (#3492)Roman Khramshin
added new syntax to work with class match filters in QoS policy
2024-05-31Merge pull request #3564 from c-po/snmpv3-op-modeChristian Breunig
op-mode: T683: remove superfluous debug print in snmpv3 display code
2024-05-31Merge pull request #3563 from Giggum/vyos_t6396Christian Breunig
conntrack: T6396: correction to helper message for ipv4/ipv6 custom timeout rule
2024-05-31GitHub: add action to build package on PRChristian Breunig
2024-05-31op-mode: T683: remove superfluous debug print in snmpv3 display codeChristian Breunig
This was a leftover from the early days.
2024-05-30conntrack: T6396: correction to helper message for custom timeout ruleGiggum