| Age | Commit message (Collapse) | Author |
|---|
|
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation (backport #3610)
|
|
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s) (backport #3612)
|
|
(cherry picked from commit 4e51569013b3f78abea9c18e5a6ecb9ff5ae4687)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
(cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
|
|
The haproxy reverse proxy was not reloaded/restarted with the new SSL
certificate(s) after a change in the PKI subsystem. This was due to missing
dependencies.
(cherry picked from commit 6ce8efdc8dafef67541bed89fc7dc7cd83335bf4)
|
|
T6449: added pr update trigger (backport #3596)
|
|
reverse-proxy: T6454: Set default value of http for haproxy mode (backport #3598)
|
|
grub: T6453: Fixed GRUB variables parsing (backport #3592)
|
|
xml: T6423: enforce priority on nodes having an owner (backport #3589)
|
|
vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need it (backport #3573)
|
|
(cherry picked from commit 395bd4eb850ff5763a82f29b1ff398c41e200f09)
|
|
T6460: fix DHCPv6 duid formatting
|
|
(cherry picked from commit 60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c)
|
|
(cherry picked from commit 61f8250184e927de9ab6bddc207b917bef7da42b)
|
|
To parse variables with `=` a variable name should be limited by alphanumerical
characters only.
(cherry picked from commit d3acecdf129cd940f8b2d1b229a6e2a343cab74b)
|
|
`bridge vni show dev vxlanX` will exit with an error if no VNI filters
are installed, but the getter is used even when we haven't installed any.
This fix avoids fetching a list of VNI filters unless we know we've
created some.
(cherry picked from commit ac7ee2b36df23c3a4dd2be393132631556b6ef40)
|
|
|
|
isis: T6429: fix isis metric-style configuration missing (backport #3571)
|
|
(cherry picked from commit 3d14676bf9b6dcef77ec5587447015b3d58e194a)
|
|
(cherry picked from commit 39004c453fb8f71171ba3433ee559b5ff745bebe)
|
|
GitHub: add action to build package on PR
|
|
T6431: op-mode command "monitor traceroute" missing recursive symlink (backport #3582)
|
|
Likely this was copied from mtr in the past but the symlink wasn't added
to the Makefile.
I've also swapped the completion help text around to match the commands.
(cherry picked from commit de1479b06cb9b292fe4919c5949f3d3599ea11c7)
|
|
bfd: T6440: BFD peer length typo (backport #3579)
|
|
(cherry picked from commit 5490c76f9b9f53751fc527f455090f0a3820e8fe)
|
|
(cherry picked from commit 3e5cc0b7fb8ae4a0f8b7c9270d9db0a0f252c448)
Co-authored-by: Alex W <embezzle.dev@proton.me>
|
|
dns: T6422: allow multiple redundant NS records (backport #3557)
|
|
style fixes
(cherry picked from commit f2d0701f50061374b5a4f55d33201629b3293248)
|
|
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
(cherry picked from commit 19d8415512dcf87dc3a87feabf128652ffc74594)
|
|
op-mode: T683: remove superfluous debug print in snmpv3 display code (backport #3564)
|
|
conntrack: T6396: correction to helper message for ipv4/ipv6 custom timeout rule (backport #3563)
|
|
This was a leftover from the early days.
(cherry picked from commit d5271e084cca8af54f425816916a821b0eab1a5a)
|
|
(cherry picked from commit 0c75e2470f8db900ffcac4e3c84669b6aa4580dd)
|
|
|
|
reverse-proxy: T6409: Remove unused backend parameters (backport #3531)
|
|
T4576: Accel-ppp logging level configuration (backport #3510)
|
|
(cherry picked from commit dd2516904527c74e01e0ced5166afe72a479ee00)
|
|
(cherry picked from commit fb6602f431f5595b97ea3726467ec782fa50ceb8)
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
(cherry picked from commit 4d84f786f64d2b80046100ead5d0e8c1eef7418c)
|
|
op-mode: ipsec: T6407: fix profile generation (backport #3552)
|
|
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
(cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
|
|
reverse-proxy: T6419: build full CA chain when verifying backend server (backport #3546)
|
|
container: T6406: fix NameError: name 'vyos' is not defined (backport #3547)
|
|
hostname: T6421: enforce explicit CLI priority for host-name and domain-name (backport #3551)
|
|
(cherry picked from commit 4b189a76c0a9a28504aab6715658840b929fc243)
|
|
(cherry picked from commit d83a6e5c5dc7e97e773f08bec7ba377530baafc9)
|
|
The code path to handle the ca certificate used for the frontend service
is removed, as there is no way on the XLI to define the CA certificate used
for the frontend service.
(cherry picked from commit 6000c47f068503522b0ccfe57c51f34ad9892e87)
|
|
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement,
where the later one is more humand readable. Both act in the same way.
(cherry picked from commit a2f0b25452c67528077f343d75de09d038e97fee)
|
|
(cherry picked from commit 2980eb0ad527f0ef0f1527c0ea97842ca2a8ede5)
|
|
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function
from the Python module.
(cherry picked from commit 8439f8a43e93c0560f1abfc2aa60990f521b4d4d)
|
