Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-06-12 | op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate ↵ | Nataliia Solomko | |
output | |||
2024-06-09 | op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵ | Christian Breunig | |
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. | |||
2024-06-07 | reverse-proxy: T6454: Set default value of http for haproxy mode | Alex W | |
2024-06-06 | Merge pull request #3578 from nicolas-fort/raw-hook | Daniil Baturin | |
T3900: Add support for raw tables in firewall | |||
2024-06-05 | Merge pull request #3584 from dmbaturin/T6446-display-support-url | Daniil Baturin | |
show version: T6446: display the support URL for LTS builds | |||
2024-06-05 | Merge pull request #3571 from fett0/T6429 | Daniil Baturin | |
isis: T6429: fix isis metric-style configuration missing | |||
2024-06-05 | show version: T6446: display the support URL for LTS builds | Daniil Baturin | |
2024-06-04 | T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵ | Nicolas Fort | |
timeout parameters defined in conntrack to firewall global-opton section. | |||
2024-06-03 | reverse-proxy: T6434: Support additional healthcheck options (#3574) | Alex W | |
2024-05-31 | isis: T6429: fix isis metric-style configuration missing | fett0 | |
2024-05-30 | Merge pull request #3510 from HollyGurza/T4576 | Daniil Baturin | |
T4576: Accel-ppp logging level configuration | |||
2024-05-30 | Merge pull request #3552 from c-po/ipsec-profile | Christian Breunig | |
op-mode: ipsec: T6407: fix profile generation | |||
2024-05-30 | Merge pull request #3546 from c-po/haproxy | Christian Breunig | |
reverse-proxy: T6419: build full CA chain when verifying backend server | |||
2024-05-30 | op-mode: ipsec: T6407: fix profile generation | Christian Breunig | |
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. | |||
2024-05-29 | reverse-proxy: T5231: better mark v4v6 listen any address | Christian Breunig | |
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way. | |||
2024-05-29 | ISIS: T6332: Fix isis not working only ipv6 | fett0 | |
2024-05-27 | T4576: Accel-ppp logging level configuration | khramshinr | |
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve | |||
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: use key_mangling in get_config_dict() | Christian Breunig | |
2024-05-21 | reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | Alex W | |
2024-05-16 | Merge pull request #3450 from HollyGurza/T5756 | Christian Breunig | |
T5756: L2TP RADIUS backup and weight settings | |||
2024-05-15 | T3900: add support for raw table in firewall. | Nicolas Fort | |
2024-05-15 | T5756: L2TP RADIUS backup and weight settings | khramshinr | |
2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. | |||
2024-05-12 | suricata: T751: Initial support for suricata | Maxime THIEBAUT | |
2024-05-10 | image-tools: T6327: drop boot console type ttyUSB | John Estabrook | |
2024-05-10 | Merge pull request #3430 from c-po/bridge-T6317 | Christian Breunig | |
bridge: T6317: add dependency call for wireless interfaces | |||
2024-05-09 | sstp: T4393: Add support to configure host-name (SNI) | Nataliia Solomko | |
2024-05-08 | bridge: T6317: add dependency call for wireless interfaces | Christian Breunig | |
2024-05-01 | Merge pull request #3392 from c-po/bgp-evpn-T6189 | Christian Breunig | |
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF | |||
2024-05-01 | vrf: T6189: render FRR L3VNI configuration when creating VRF instance | Christian Breunig | |
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place. | |||
2024-05-01 | Merge pull request #3364 from natali-rs1985/T6234-current | Daniil Baturin | |
pppoe-server: T6234: PPPoE-server pado-delay refactoring | |||
2024-04-30 | haproxy: T6179: fix rule generation | Nicolas Vollmar | |
2024-04-29 | openconnect: T4982: Support defining minimum TLS version in openconnect VPN | Alex W | |
2024-04-25 | pppoe-server: T6234: PPPoE-server pado-delay refactoring | Nataliia Solomko | |
2024-04-23 | Merge pull request #3340 from Embezzle/T6255 | Daniil Baturin | |
T6255: static-routing: don't render whitespace from static table descriptions | |||
2024-04-23 | T6255: static-routing: don't render whitespace from static table descriptions | Alex W | |
2024-04-23 | T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵ | Windom WU | |
config | |||
2024-04-22 | Merge pull request #3337 from Embezzle/T6237 | Christian Breunig | |
T6237: IPSec remote access VPN: ability to set EAP ID of clients | |||
2024-04-21 | T6237: IPSec remote access VPN: ability to set EAP ID of clients | Alex W | |
2024-04-21 | T6246: improve haproxy http check configuration | Nicolas Vollmar | |
2024-04-17 | T6246: adds basic haproxy http-check configuration | Nicolas Vollmar | |
2024-04-15 | T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵ | Alex W | |
server certificates | |||
2024-04-12 | pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions ↵ | Nataliia Solomko | |
fails (#3296) | |||
2024-04-11 | T5871: ipsec remote access VPN: specify "cacerts" for client auth. | Lucas Christian | |
2024-04-09 | T5169: Add PoC for generating CGNAT rules rfc6888 | Viacheslav Hletenko | |
Add PoC for generating CGNAT rules https://datatracker.ietf.org/doc/html/rfc6888 Not all requirements are implemented, but some of them. Implemented: REQ-2 ``` A CGN MUST have a default "IP address pooling" behavior of "Paired" CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols. ``` REQ-3 ``` The CGN function SHOULD NOT have any limitations on the size or the contiguity of the external address pool ``` REQ-4 ``` A CGN MUST support limiting the number of external ports (or, equivalently, "identifiers" for ICMP) that are assigned per subscriber ``` CLI: ``` set nat cgnat pool external ext1 external-port-range '1024-65535' set nat cgnat pool external ext1 per-user-limit port '1000' set nat cgnat pool external ext1 range 192.0.2.222/32 set nat cgnat pool internal int1 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int1' set nat cgnat rule 10 translation pool 'ext1' ``` | |||
2024-04-06 | conntrack-sync: T1244: add CLI support for StartupResync | Nataliia Solomko | |
2024-04-02 | Merge pull request #3229 from c-po/multi-vrf | Christian Breunig | |
T6192: allow binding SSH to multiple VRF instances | |||
2024-04-02 | T6196: Fixed applying parameters for aggregation in BGP | aapostoliuk | |
Fixed using 'route-map', 'as-set' and 'summary-only' together in aggregation in BGP | |||
2024-04-01 | Merge pull request #3212 from fett0/T6151 | fett0 | |
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check |