Age | Commit message (Collapse) | Author |
|
ipsec: T5093: Fixed 'reset vpn ipsec profile' command
|
|
|
|
|
|
http-api: T5126: allow restricting client IP address
|
|
|
|
T5128: Policy Route: allow wildcard on interface
|
|
T5125: Add op-mode for sFlow based on hsflowd
|
|
Add op-mode for sFlow based on hsflowd "show sflow"
Add machine readable format '--raw' and formatted output
|
|
include at least one wildcarded interface
|
|
|
|
T4173: Fix smoketest for load-balancing wan
|
|
T5131: fix op-mode show isis segment-routing prefix-sids
|
|
|
|
interfaces: T5130: remove show_interfaces.py reference and script
|
|
|
|
|
|
Fixed 'reset vpn ipsec profile' command
using vici library and new op-mode style.
Added ability to use 'reset vpn ipsec profile' command
with 'remote-host' option.
|
|
Counter jump WANLOADBALANCE was deleted in the commit
https://github.com/vyos/vyos-1x/commit/27ca5b9d6d699e201f88ffff41b0a651166b65eb
I guess it was done to pass the smoketest even if it broke
the load-balance wan feature
Fix it
|
|
configdiff: T5089: add unit test of config_diff
|
|
|
|
|
|
|
|
|
|
|
|
T5110: Fix op-mode FRR vtysh_pam account validation
|
|
With FRR 8.5 there is exists file /etc/pam.d/frr
With this file by default we have cosmtetic error for any op-mode
command
$ show ip bgp
vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist
Fix it
|
|
|
|
dns: T5115: Support custom port for name servers for forwarding zones
|
|
interfaces: T4885: add 'clear interfaces counters' to op-mode
|
|
ntp: T5118: Remove vestigial ntp completion script
|
|
Commit cb872efb ("frr: T5045: lift LimitNOFILE 1024 -> 4096") added both
LimitNOFILE and LimitNOFILESoft parameters for FRR, as "systemctl cat frr.service"
showed both versions.
During daemon startup systemd complains:
Unknown key name 'LimitNOFILESoft' in section 'Service', ignoring.
So the key got removed again.
|
|
This isn't used anymore after migration from ntpd to chrony as part of
T3008.
|
|
By default VyOS used to restart all containers it managed. This makes no sense
as it will be service disrupting. Instead only restart the containers that had
changes on the CLI beeing made.
|
|
As podman is going to use netavark as new default we must explicitly select
the old driver until we have migrated to netavark.
|
|
|
|
|
|
|
|
This would allow using custom ports in name server operating on non-
default port for forwarding zones.
This is a follow-up to T5113 for sake of completeness and having
consistent treatment of all name servers configured in PowerDNS recursor.
Additionally, migrate `service dns forwarding domain example.com server`
to `service dns forwarding domain foo3.com name-server` for consistency
and reusability.
|
|
|
|
|
|
|
|
|
|
graphql: T5106: extend generation of API client requests to configsession and composite requests
|
|
dns: T5113: Support custom port for name-server forwarders
|
|
op-mode: T5097: show interfaces should reflect cleared counters
|
|
Smoketest update for T5113 with optional port for name-server forwarders.
|
|
Support custom port for name-server forwarders that would allow using
custom ports in name server forwarders to enable forwarding to
alternative name servers (unbound, stubby, dnscrypt-proxy etc.)
operating on non-default port.
This would also allow using DNS Over TLS in PowerDNS Recursor 4.6 onwards
(pdns doesn't support certificate check for validity yet) by enabling
'dot-to-port-853'. This is set by default if compiled in with DoT support.
See: https://doc.powerdns.com/recursor/settings.html#dot-to-port-853
This also partially implements T921, T2195 (DoT without certificate check).
Implementation details:
- In 'dns/forwarding' configuration, 'name-server' now allows optional
'port' (defaults to 53).
- Instead of modifying 'name-server-ipv4-ipv6.xml.i' to add optional
'port', a new file 'name-server-ipv4-ipv6-port.xml.i' has been used
to avoid impacting other places where it is reused because not all of
them honor ports (mostly VPN related).
- The `host:port` entries to be used by PowerDNS recursor config are
normalized eagerly at the point of loading VyOS `Config` instead of
doing them lazily while rendering the Jinja2 template to keep the
implementation less intrusive. The alternative would entail making
quite a bit of change in how 'vyos-hostsd' processes 'static'
'name_servers' entries or persists their runtime states.
|
|
ntp: T5112: Enable support for NTS (Network Time Security) in chrony
|
|
This is basic configuration to enable NTS support in chrony.
|
|
regex
|