Age | Commit message (Collapse) | Author |
|
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn
charon.install_virtual_ip_on
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
set vpn ipsec options flexvpn
set vpn ipsec options virtual-ip
set vpn ipsec options interface tunX
set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
|
|
dhcp: T3600: Fix DHCP static table dhcp-interface route
|
|
Input filter for firewall allows to get bytes/counters from
nftables in format, required for InfluxDB2
|
|
Static table dhcp-interface route required table in template
Without table this route will be placed to table 'main' by default
|
|
monitoring: T3872: Fix template input plugin for running services
|
|
|
|
Add required capability for input scripts which collect
statistics of running services
|
|
|
|
upnpd: T3420: Support UPNP protocol
|
|
Telegraf inputs iptables plugin incompatible with nftables
As it tries to get statistics from "iptables -L -n -v"
which doesnt display required data in 1.4 as we don't use
iptables anymore
|
|
Disable distribution-specified extra version suffix is included
during initial protocol handshake
SSH-2.0-OpenSSH_8.4p1 Debian-5 => SSH-2.0-OpenSSH_8.4p1
|
|
DHCP: T4196: fix client-prefix-length parameter
|
|
|
|
Example syslog: [FWNAME-default-D] ...
* Also clean-up firewall default-action
|
|
firewall: T3560: Add support for MAC address groups
|
|
|
|
|
|
This chain was missing from the XML/Python rewrite thus all traffic fell through to the `notrack` rule.
|
|
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
|
|
|
|
NTP-server with option "allow-clients address x.x.x.x" should
accept requests only from clients addresses which declared in
configuration if this option exists
Add "restrict default ignore" to fix it, in another case it
responce to any address
|
|
Telegraf ethtool input filter expected ethX interfaces and not
other interfaces like vlans/tunnels/dummy
Add "interface_include" option to telegraf template.
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
file for group definitions.
|
|
In order to have a consistent looking CLI we should rename this CLI node.
There is:
* access-list and access-list6 (policy)
* prefix-list and prefix-list6 (policy)
* route and route6 (static routes)
|
|
|
|
|
|
|
|
vrrp: T1972: Ability to set IP address on not vrrp interface
|
|
keepalived: T4150: Fix template option conntrack_sync_group
|
|
Add missed 'holding-time' option for shortcut-target address
|
|
Ability to set virtual_address on not vrrp-listen interface
Add ability don't track primary vrrp interface "exclude-vrrp-interface"
Add ability to set tracking (state UP/Down) on desired interfaces
For example eth0 is used for vrrp and we want to track another eth1
interface that not belong to any vrrp-group
|
|
conntrack_sync_group option not under 'vrrp' section but part of
high-avalability dictionary
|
|
|
|
|
|
firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and zone-policy
|
|
zone-policy
|
|
keepalived: T4109: Add high-availability virtual-server
|
|
Add new feature, high-availability virtual-server
Change XML, python and templates
Move vrrp to root node 'high-availability' as all logic are
handler by root node 'high-availability'
|
|
firewall: T4130: Fix firewall state-policy errors
|
|
Also fixes:
* Issue with multiple state-policy rules being created on firewall updates
* Prevents interface rules being inserted before state-policy
|
|
monitoring: T3872: Add a new feature service monitoring
|
|
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
Add priority for policy based IPSec VPN tunnels
If 2 tunnels have the same pair of local and remote traffic
selectors (prefixes) it allows to set more preforable install
policy from required peer
The lowest priority is more preforable
|
|
|
|
IPv6 addresses on webproxy/SQUID where not added correctly.
They need to be added in brackets.
Modified squid.conf.tmpl to bracketize the address
|
|
Peer name must not contain dots and colons, otherwise
swanct can't generate correct configuration for swanctl.conf
This is used in connection names and child SA names
Add filter 'dot_colon_to_dash' which replace dots and colons
|
|
syslog: T4039: Add protocol23format logging for UDP
|