Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-07 | ipsec: T2816: adjust Jinja2 template to common style pattern | Christian Poessinger | |
2021-06-07 | vti: T3588: remove interfaces not bound to IPSec tunnel | Christian Poessinger | |
A VTI interface also requires an IPSec configuration - VyOS 1.2 supported having a VTI interface in the CLI but no IPSec configuration - drop VTI configuration if this is the case for VyOS 1.4. | |||
2021-06-07 | ipsec: T3588: remove site-to-site tunnel CLI options only valid in Openswan | Christian Poessinger | |
2021-06-07 | Merge pull request #868 from sarthurdev/current | Christian Poessinger | |
nhrp: T3599: Update config path to new /run directory | |||
2021-06-07 | nhrp: T3599: Update config path to new /run directory | sarthurdev | |
2021-06-06 | ipsec: T3588: remove CLI options deprecated by strongSwan | Christian Poessinger | |
- set vpn ipsec nat-traversal - set vpn ipsec nat-networks allowed-network | |||
2021-06-06 | T1168: ipsec: add copyright header to migration script | Christian Poessinger | |
2021-06-06 | Merge pull request #846 from erkin/current | Christian Poessinger | |
T3508, T3356: remote: Friendly download procedure for user-facing scripts | |||
2021-06-06 | Debian: add missing dependency on vyatta-cfg | Christian Poessinger | |
2021-06-06 | nhrp: T3599: replace vyos-opennhrp with opennhrp package | Christian Poessinger | |
2021-06-06 | Merge pull request #865 from sarthurdev/current | Christian Poessinger | |
nhrp: T3599: Migrate NHRP to XML/Python | |||
2021-06-06 | nhrp: T3599: Remove vpn_ipsec.py from configd until bug is resolved | sarthurdev | |
2021-06-06 | nhrp: T3599: Migrate NHRP to XML/Python | sarthurdev | |
2021-06-05 | ipsec: T3093: drop superfluous top level priority | Christian Poessinger | |
2021-06-05 | Merge pull request #866 from sarthurdev/fix-ipsec | Christian Poessinger | |
ipsec: T2816: Fix typo from refactor | |||
2021-06-04 | ipsec: T2816: Fix typo from refactor | sarthurdev | |
2021-06-04 | vti: T3595: error out when adding VTI interface withouth IPSec | Christian Poessinger | |
2021-06-04 | flow-accounting: T3132: fix egress iptables chain | Jan-Philipp Benecke | |
(cherry picked from commit 95cc2e4b4c11414cc71749af12abb575e96e5bd4) | |||
2021-06-04 | Merge pull request #861 from sever-sever/T3592 | Christian Poessinger | |
tunnels: T3592: Set default TTL to 64 | |||
2021-06-03 | pppoe-server: T3593: Change called-sid position in template | Eshenko Dmitriy | |
2021-06-02 | tunnels: T3592: Set default TTL to 64 | sever-sever | |
Set default TTL value for tunnels from 0 to 64 There are a lot of situation when default value 0 (inherit) not work properly when you have routing configuration for OSPF or BGP over the tunnels. To fix it you need explicit set TTL value other then 0. Or hardcode another value as default. | |||
2021-06-01 | op-mode: T3384: fix default help string for bandwidth test | Christian Poessinger | |
2021-06-01 | op-mode: T3384: support UDP bandwidth testing | JACK | |
2021-06-01 | pppoe-server: T3593: Add extended-scripts feature | Eshenko Dmitriy | |
2021-06-01 | ipsec: T2816: XML in op-mode should not contain ' in the help string | Christian Poessinger | |
2021-05-31 | conntrack: T3579: add module disable options | Christian Poessinger | |
Some application layer gateway (ALG) modules can be disabled during runtime if requireq. | |||
2021-05-31 | ipsec: T2816: Continued refactor, added proper ipsec-interfaces handling | Simon | |
2021-05-30 | bgp: T3590: limiting maximum number of prefixes to be sent to a peer | Christian Poessinger | |
2021-05-30 | ipsec: T2816: Refactor to remove global variable and tidy up | Simon | |
2021-05-30 | op-mode: T3589: add "clear log" command to vacuume journald | Christian Poessinger | |
2021-05-30 | op-mode: T3589: replace short journalctl options with long names | Christian Poessinger | |
... this is done for easier readability of the commands | |||
2021-05-30 | T3356: Add progressbars to SFTP and HTTP transfers | erkin | |
2021-05-29 | Debian: T1888: raise required strongSwan version to >= 5.8 for xfrm support | Christian Poessinger | |
2021-05-29 | vpn: ipsec: T3093: test for VTI interface availability the easy way | Christian Poessinger | |
We do not need to query the actual configuration if the VTI peer is configured or not. This can be done in a much more simples way by just checking if the desired interface exists on the running system. This is safe to do as the VTI priority is less then IPSec. | |||
2021-05-29 | ipsec: vti: T2816: Update to use correct VTI mark, code cleanup | Simon | |
2021-05-29 | vpn: ipsec: T3093: drop obsolete cleanup_vti_interfaces() function | Christian Poessinger | |
2021-05-29 | vti: T1579: only remove the interface when it exists | Christian Poessinger | |
2021-05-29 | vti: ipsec: T2816: Fix vti-up-down | sarthurdev | |
2021-05-29 | T3356: Add progressbars to FTP transfers | erkin | |
Allow ports to be specified in URL strings | |||
2021-05-29 | Revert "vti: T2173: add VRF support for virtual tunnel interfaces" | Christian Poessinger | |
This reverts commit ab398d1a063c5f897df8d63098a272cb34bcf603. | |||
2021-05-28 | ipsec: T2816: drop absolute path on calls to iproute2 | Christian Poessinger | |
2021-05-28 | vti: ipsec: T2816: interfaces must be created using the vyos.ifconfig library | Christian Poessinger | |
2021-05-28 | vti: T2173: add VRF support for virtual tunnel interfaces | Christian Poessinger | |
2021-05-28 | ipsec: T2816: fix executable permission on vti-up-down helper | Christian Poessinger | |
2021-05-28 | vti: T1579: implement Virtual Tunnel Interfaces using XML and Python | Christian Poessinger | |
2021-05-28 | dummy: T2241: minor code cleanup | Christian Poessinger | |
No need to call .keys() on a dict when searching for a key. Also drop the unused "import os" call. | |||
2021-05-28 | ipsec: T2816: IPSec python rework, includes DMVPN and VTI support | Simon | |
2021-05-27 | dhcp-server: T2669: do not allow overlapping ranges to be created | Christian Poessinger | |
set service dhcp-server shared-network-name NET01 authoritative set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 default-router '10.0.0.1' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 lease '86400' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 start '10.0.0.60' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 stop '10.0.0.70' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 start '10.0.0.55' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 stop '10.0.0.65' Will result in a dhcpd.conf: shared-network NET01 { authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.1; default-lease-time 86400; max-lease-time 86400; range 10.0.0.60 10.0.0.70; range 10.0.0.55 10.0.0.65; } on commit { set shared-networkname = "NET01"; } } This is not allowed by ISC DHCPd: dhcpd[3307]: /run/dhcp-server/dhcpd.conf line 25: lease 10.0.0.63 is declared twice! dhcpd[3307]: range 10.0.0.55 10.0.0.65; | |||
2021-05-27 | Merge branch 't3579-conntrack' into current | Christian Poessinger | |
* t3579-conntrack: conntrack: T3535: add conntrack-sync supported vyos-configd services conntrack: T3579: initial implementation with XML and Python | |||
2021-05-27 | conntrack: T3535: add conntrack-sync supported vyos-configd services | Christian Poessinger | |