summaryrefslogtreecommitdiff
path: root/data/templates
AgeCommit message (Collapse)Author
2024-07-25Merge pull request #3843 from vyos/mergify/bp/sagitta/pr-3841Christian Breunig
T6599: ipsec: support disabling rekey of CHILD_SA, converge and fix defaults (backport #3841)
2024-07-23SSTP-server: add missed pppd_compat modulemergify/bp/sagitta/pr-3832Viacheslav Hletenko
(cherry picked from commit 8c8054ad5410e8aedf6ab7a0702b317872d4fd41)
2024-07-23PPTP-server: add missed pppd_compat moduleViacheslav Hletenko
(cherry picked from commit 440a3e6b89748bfd861f580fc8c4f41b58c6cec2)
2024-07-23L2TP-server: add missed pppd_compat moduleViacheslav Hletenko
(cherry picked from commit ef50cd9954a2d6eb2a041c26a0bb8ea0758b1f17)
2024-07-23IPoE-server: add missed pppd_compat moduleViacheslav Hletenko
(cherry picked from commit b92bc209cc1d6ed54a5fa052e0c27c54488ae955)
2024-07-23wireless: T6320: add 802.11ax at 6GHzmergify/bp/sagitta/pr-3524Alain Lamar
Authored-By: Alain Lamar <alain_lamar@yahoo.de> (cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
2024-07-23wireless: T6425: Fixing VHT beamforming for 802.11ac (backport #3576) (#3849)mergify[bot]
* wireless: T6425: Fix broken VHT beamforming (cherry picked from commit f75f0f9c94472f46e056808c3ac6aba809c090f0) * wireless: T6425: Add smoketests for VHT beamforming (cherry picked from commit 578fbe0eb436697132e5a738fec5a4ac61ced8da) * wireless: T6425: adjust to latest country-code changes Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide configuration") removed the per wifi interface setting for a country-code. This commit adjust the smoketests to the new design. (cherry picked from commit 312273c9569d973c510d871adb941709804d8868) --------- Co-authored-by: Alain Lamar <alain_lamar@yahoo.de> Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-07-22T6599: ipsec: support disabling rekey of CHILD_SA.Lucas Christian
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. (cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
2024-07-18T6523: Telegraf use nft scripts only if the firewall configuredmergify/bp/sagitta/pr-3748Viacheslav Hletenko
If a firewall is not configured there is no reason to get and execute telegraf firewall custom scripts as there are no nft chain in the firewall nftables configuration (cherry picked from commit ebff0c481907ac0c2c0be9981c3c3d87caf3003b)
2024-07-04Merge pull request #3759 from vyos/mergify/bp/sagitta/pr-3721Christian Breunig
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option (backport #3721)
2024-07-03syslog: T5366: remove reference to deprecated sysvinit rsyslog scriptJohn Estabrook
(cherry picked from commit 977d2fbf7a62a97d98b38cf28e62f08fc9e8d3a2)
2024-07-03ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms optionkhramshinr
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
2024-06-28T6477: Add telegraf loki output pluginViacheslav Hletenko
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx (cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
2024-06-22T5949: Add option to disable USB autosuspendkhramshinr
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
2024-06-10op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. (cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
2024-06-09reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
(cherry picked from commit 60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c)
2024-06-05isis: T6429: fix isis metric-style configuration missingfett0
(cherry picked from commit 39004c453fb8f71171ba3433ee559b5ff745bebe)
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574) (#3577)mergify[bot]
(cherry picked from commit 3e5cc0b7fb8ae4a0f8b7c9270d9db0a0f252c448) Co-authored-by: Alex W <embezzle.dev@proton.me>
2024-05-30T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve (cherry picked from commit 4d84f786f64d2b80046100ead5d0e8c1eef7418c)
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. (cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
2024-05-30reverse-proxy: T5231: better mark v4v6 listen any addressChristian Breunig
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way. (cherry picked from commit a2f0b25452c67528077f343d75de09d038e97fee)
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
(cherry picked from commit 03fd368ed263ca28c9b1b5e29f486217784d15ef)
2024-05-23reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
2024-05-16T5756: L2TP RADIUS backup and weight settingskhramshinr
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
2024-05-14T3420: Remove service upnpViacheslav Hletenko
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. (cherry picked from commit 7c438caa2c21101cbefc2eec21935ab55af19c46)
2024-05-10Merge pull request #3440 from vyos/mergify/bp/sagitta/pr-3430Christian Breunig
bridge: T6317: add dependency call for wireless interfaces (backport #3430)
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
2024-05-10bridge: T6317: add dependency call for wireless interfacesChristian Breunig
(cherry picked from commit 431443ab3f663a6617008536d2d6d96407aebfcb)
2024-05-09sstp: T4393: Add support to configure host-name (SNI)Nataliia Solomko
(cherry picked from commit 92b468b9a0d5eee8484601568227f7c56e71b119)
2024-05-02Merge pull request #3393 from vyos/mergify/bp/sagitta/pr-3392Daniil Baturin
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF (backport #3392)
2024-05-01vrf: T6189: render FRR L3VNI configuration when creating VRF instanceChristian Breunig
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place. (cherry picked from commit e7bb65894f86372dc0f6e8fd39b1628e0a224c68)
2024-05-01pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
(cherry picked from commit 107ee099e82397b31fca8cf1ac3860cbf76f0596)
2024-05-01haproxy: T6179: fix rule generationNicolas Vollmar
(cherry picked from commit 0be0cdb932ca2d7399c026f1f601b56e179cc9c3)
2024-04-30openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
(cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5)
2024-04-23T6255: static-routing: don't render whitespace from static table descriptionsAlex W
(cherry picked from commit 8602c84e1b7c0da4c4c57fc2d034ec18497303fd)
2024-04-23T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵Windom WU
config (cherry picked from commit 984c386d11ead8371b7ac381e6c0921473e557ed)
2024-04-22T6237: IPSec remote access VPN: ability to set EAP ID of clientsAlex W
(cherry picked from commit 78ea623df20b44309cc6ac9848ed18e97fc4ed03)
2024-04-21T6246: improve haproxy http check configurationNicolas Vollmar
(cherry picked from commit 050f24770aec7a74c1a07ba64cf2cb83afb72f1a)
2024-04-19T6246: adds basic haproxy http-check configurationNicolas Vollmar
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
2024-04-16T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates (cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
2024-04-12Merge pull request #3299 from vyos/mergify/bp/sagitta/pr-3296Christian Breunig
pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions fails (backport #3296)
2024-04-12pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions ↵Nataliia Solomko
fails (#3296) (cherry picked from commit 6d8336f5ad2d9c4e0f12b54681db2924d6998d2d)
2024-04-12T5871: ipsec remote access VPN: specify "cacerts" for client auth.Lucas Christian
(cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478)
2024-04-06conntrack-sync: T1244: add CLI support for StartupResyncNataliia Solomko
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
2024-04-03T6068: T6171: change <fail-over> node from dhcp-server to ↵Nicolas Fort
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
2024-04-03Merge pull request #3235 from vyos/mergify/bp/sagitta/pr-3229Daniil Baturin
T6192: allow binding SSH to multiple VRF instances (backport #3229)
2024-04-02ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. (cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
2024-04-02T6196: Fixed applying parameters for aggregation in BGPaapostoliuk
Fixed using 'route-map', 'as-set' and 'summary-only' together in aggregation in BGP (cherry picked from commit d8df8339d665db58afbf20cecaeb49ac9d1b617d)
2024-04-01bgp: T6010: Allow configuration of disable-ebgp-connected-route-checkfett0
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
2024-04-01dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domainsChristian Breunig
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which was present to update /etc/resolv.conf with the DHCP specified nameservers and also the search domain list was no longer present. This commit adds a per interface rendered script to inform vyos-hostsd about the received IPv6 nameservers and search domains. (cherry picked from commit ece425f0191762638b7c967097accd8739e9103d)