Age | Commit message (Collapse) | Author |
|
|
|
Extended PPPoE-server rate-limiter to avoid shaping marked resources
Often this feature needs for ISP, which provides access to some IX
or its resources.
set service pppoe-server shaper fwmark '223'
|
|
T2603: PPPoE-server change default min-mtu value 1280
|
|
Minimum acceptable MTU. If client will try to negotiate less then
specified MTU then it will be NAKed or disconnected if rejects
greater MTU.
Change 'min-mtu' from 1492 to 1280
|
|
ntp: T4980: change chrony deny all logic
|
|
|
|
|
|
The old interface-name validator was replaced by a faster implementation in
OCaml. Interface validator can be selected by including the appropriate
code snippet.
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
When shaper is bound to a dialup (e.g. PPPoE) interface it is possible, that
it is yet not availbale when to QoS code runs. Skip the configuration and
inform the user.
|
|
|
|
|
|
|
|
|
|
Extend commit 8a75e92d ("T4817 added support for RFC 9234") to also support
peer-groups.
|
|
|
|
This improves commit d2885ad0 ("T4969: fix class match mark number").
|
|
T4969: fix class match mark number
|
|
bgp: T4817: add support for RFC9234
|
|
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8.
A general solution is implemented in Commit 29a44a73 ("T4975: always sync()
filesystem after commit").
|
|
|
|
|
|
|
|
login: T4975: Fixed broken CLI commands
|
|
User profile files are not saved to disk after configuration is fully applied.
Because of this, after a fast system reset, profile files can be empty, and CLI
is broken.
This fix adds a `sync()` call after the user's configuration, which should
protect from data loss and fix the problem with profiles.
|
|
|
|
T4964: Fix template bgpd.frr.j2 for l2vpn vni route-targets
|
|
Route-target export/import for l2vpn-evpn vni xxx works as
leafNode with multiple values
We have to use "for" for such values
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
Some older VyOS 1.3 installations seem to use zero-length description fields.
Do not break them!
|
|
|
|
T4958: ocserv: openconnect: Add RADIUS accounting support
|
|
configtree: T4961: improve error reporting of function copy
|
|
Removes port key from accounting server merged config dictionary.
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
|
|
openconnect: T4955: Removed wrong authserver in radiusclient.conf
|
|
sysctl: T4928: remove outdated conntrack_helper
|
|
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel.
See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
|
|
vyos.ethtool: T4963: improve driver name detection
|
|
The previous solution did not work for drivers that were no modules.
e.g compiled with a kernel config set to CONFIG_VIRTIO_NET=y
|
|
|
|
|
|
config.copy does not recursively create nodes of the path. On install
image, the path ['service'] is not present in config.boot.default, so
must be created before config.copy['service', 'ntp'].
|
|
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
T4956: fix 'show hardware cpu' issue on arm64
|
|
|