Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-29 | nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf | Viacheslav Hletenko | |
Move nftables nat configuration from /tmp to /run As we have for other services like firewall, conntrack Don't remove the config file '/run/nftables_nat.conf' after commit | |||
2022-08-29 | Merge pull request #1503 from sever-sever/T4654 | Christian Poessinger | |
rpki: T4654: Fix RPKI cache description | |||
2022-08-29 | rpki: T4654: Fix RPKI cache description | Viacheslav Hletenko | |
Fix wrong descriptions for the RPKI server It was mentioned about the NTP server | |||
2022-08-29 | smoketest: config: drop almost empty https service test | Christian Poessinger | |
2022-08-28 | smoketest: T4652: upgrade PowerDNS recursor to 4.7 series | Christian Poessinger | |
2022-08-28 | smoketest: T4643: bind sstp service to port 8443 | Christian Poessinger | |
2022-08-27 | Merge pull request #1493 from jestabro/gql-op-mode-error | Christian Poessinger | |
graphql: T4640: add schema defs and resolver support for op-mode errors | |||
2022-08-27 | Merge pull request #1500 from aapostoliuk/T1070-sagitta | Christian Poessinger | |
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub | |||
2022-08-27 | pppoe: T4648: do not install IPv6 default route from RA is no-default-route ↵ | Christian Poessinger | |
is set Adds a sysctl parameter to ignore the default router obtained from router advertisements when pppoe no-default-route is set. | |||
2022-08-27 | smoketest: T4643: create individual configs fot https service and sstp vpn | Christian Poessinger | |
2022-08-27 | Revert "smoketest: T4643: Change openconnect default port" | Christian Poessinger | |
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39. | |||
2022-08-27 | Revert "smoketest: T4643: Delete vpn sstp from config as we have HTTP" | Christian Poessinger | |
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459. | |||
2022-08-27 | telegraf: T3872: replace local get_interfaces() function with ↵ | Christian Poessinger | |
Section.interface() Commit cfde4b49 ("ifconfig: T2223: add vlan switch for Section.interfaces()") added the functionality of the local get_interfaces() function to the base class so all other parts in the system can query for interface names of a given type including or excluding their vlan sub-interfaces. | |||
2022-08-26 | Merge pull request #1482 from sever-sever/T4631 | Christian Poessinger | |
nat66: T4631: Add port and protocol to nat66 conf | |||
2022-08-26 | Merge pull request #1501 from sever-sever/T4650 | Christian Poessinger | |
nat: nat66: T4650: Rewrite op-mode nat translation | |||
2022-08-26 | Merge pull request #1499 from sever-sever/T4643-smoketest | Christian Poessinger | |
smoketest: T4643: Delete vpn sstp from config as we have HTTP | |||
2022-08-26 | nat: nat66: T4650: Rewrite op-mode nat translation | Viacheslav Hletenko | |
Rewrite op-moe "show nat|nat66 translation" to vyos.opmode format Ability to get machine-readable format "raw" | |||
2022-08-26 | opennhrp: T1070: Fixed creating IPSEC tunnel to Hub | aapostoliuk | |
Fixed creating IPSEC tunnel to Hub. Added continues of execution generator functions. | |||
2022-08-26 | smoketest: T4631: Extend smoketes fot nat66 protocol | Viacheslav Hletenko | |
2022-08-26 | smoketest: T4643: Delete vpn sstp from config as we have HTTP | Viacheslav Hletenko | |
HTTP and sstp cannot work together and in the test config 1.4-rolling-202106290839 we didnot have configurable port for such services So we shoud delete sstp from this smoketest config test In fact it is never working at all 'smoketest/configs/pki-misc' It commits without errors before but in the real life we get 3 services (https openconnect sstp) that bound the same port | |||
2022-08-25 | graphql: T4640: add schema defs and resolver support for op-mode errors | John Estabrook | |
2022-08-25 | Merge pull request #1458 from sever-sever/T4594 | Christian Poessinger | |
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format | |||
2022-08-25 | proxy: T4642: allow https proxy transports | Christian Poessinger | |
2022-08-25 | ifconfig: T2223: add vlan switch for Section.interfaces() | Christian Poessinger | |
Sometimes we are only interested in the parent interfaces without any VLAN subinterfaces. Extend the API with a vlan argument that defaults to True to keep the current behavior in place. | |||
2022-08-25 | ssh: T2185: use reload-or-restart on configuration changes | Christian Poessinger | |
2022-08-25 | ntp: T2185: use reload-or-restart on configuration changes | Christian Poessinger | |
2022-08-25 | telegraf: T3872: re-use existing XML building blocks | Christian Poessinger | |
2022-08-25 | telegraf: T4617: add VRF support | Christian Poessinger | |
2022-08-25 | Merge pull request #1497 from sever-sever/T4645 | Christian Poessinger | |
op-mode: T4645: Show nat source statistics missing argument --family | |||
2022-08-25 | Merge pull request #1495 from sever-sever/T4643 | Christian Poessinger | |
smoketest: T4643: Change openconnect default port | |||
2022-08-25 | Merge pull request #1496 from sever-sever/T4644 | Christian Poessinger | |
sstp: T4644: Check SSTP bind port before commit | |||
2022-08-25 | op-mode: T4645: Show nat source stat missing argument --family | Viacheslav Hletenko | |
As we use in commit 8d4205a9 argument '--family' for the function '_get_raw_data_rules(direction, family)' we must use it and for 'nat.py show_statistics' as it get raw data from the same function | |||
2022-08-25 | sstp: T4644: Check SSTP bind port before commit | Viacheslav Hletenko | |
By default SSTP bind port '443' and this port can be used by another service like 'service https' or 'vpn openconnect' Check if port bound to another service | |||
2022-08-25 | smoketest: T4643: Change openconnect default port | Viacheslav Hletenko | |
Change openconnect port as both ocserv and sstp bind by default the same port 443 | |||
2022-08-25 | Merge pull request #1478 from sever-sever/T4622 | Christian Poessinger | |
firewall: T4622: Add TCP MSS option | |||
2022-08-24 | T4630: can not use same source-interface for macsec and pseudo-ethernet | Christian Poessinger | |
A macsec interface requires a dedicated source interface, it can not be shared with another macsec or a pseudo-ethernet interface. set interfaces macsec macsec10 address '192.168.2.1/30' set interfaces macsec macsec10 security cipher 'gcm-aes-256' set interfaces macsec macsec10 security encrypt set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4' set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6' set interfaces macsec macsec10 source-interface 'eth1' commit set interfaces pseudo-ethernet peth0 source-interface eth1 commit Reuslts in FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private returned: exit code: 2 noteworthy: cmd 'ip link add peth0 link eth1 type macvlan mode private' returned (out): returned (err): RTNETLINK answers: Device or resource busy [[interfaces pseudo-ethernet peth0]] failed Commit failed | |||
2022-08-24 | Merge pull request #1491 from sever-sever/T4626 | Christian Poessinger | |
nat66: T4626: Rewrite op-mode show nat66 rules | |||
2022-08-24 | Merge pull request #1490 from aapostoliuk/T1070-sagitta | Christian Poessinger | |
opennhrp: T1070: Fixed removal all SAs in script | |||
2022-08-24 | smoketest: bgp: T4634: validate "disable-connected-check" option | Christian Poessinger | |
2022-08-24 | proxy: T4642: bugfix regex, add hyphen to allow list | Christian Poessinger | |
2022-08-24 | op-mode: T4390: migrate "show log vpn" to journalctl | Christian Poessinger | |
2022-08-24 | op-mode: extend "monitor log vpn" option | Christian Poessinger | |
support monitoring * all * l2tp * sstp * pptp | |||
2022-08-24 | ipsec: T2185: use systemd to start/stop service | Christian Poessinger | |
2022-08-24 | Merge pull request #1483 from roedie/T4634 | Christian Poessinger | |
BGP: T4634: Allow configuration of disable-connected-check | |||
2022-08-24 | Merge pull request #1486 from roedie/T4526-2 | Christian Poessinger | |
keepalived: T4526: keepalived-fifo.py unable to load config | |||
2022-08-24 | Merge pull request #1488 from sever-sever/T4597 | Christian Poessinger | |
https: T4597: Verify bind port before apply HTTPS API service | |||
2022-08-24 | Merge pull request #1489 from sever-sever/T4623 | Christian Poessinger | |
conntrack: T4623: Add conntrack statistics for op-mode | |||
2022-08-24 | Merge pull request #1492 from nicolas-fort/T4641 | Christian Poessinger | |
Policy: T4641: allow only ipv4 prefixes on prefix-list | |||
2022-08-24 | Policy: T4641: allow only ipv4 prefixes on prefix-list | Nicolas Fort | |
2022-08-24 | nat66: T4626: Rewrite op-mode show nat66 rules | Viacheslav Hletenko | |
Rewrite op-mode "show nat66 source|destination rules" to the new format use "show_rules --direction <direction> --family <inet|inet6>" Delete old script show_nat66_rules.py |