Age | Commit message (Collapse) | Author |
|
T6599: ipsec: support disabling rekey of CHILD_SA, converge and fix defaults (backport #3841)
|
|
(cherry picked from commit 8c8054ad5410e8aedf6ab7a0702b317872d4fd41)
|
|
(cherry picked from commit 440a3e6b89748bfd861f580fc8c4f41b58c6cec2)
|
|
(cherry picked from commit ef50cd9954a2d6eb2a041c26a0bb8ea0758b1f17)
|
|
(cherry picked from commit b92bc209cc1d6ed54a5fa052e0c27c54488ae955)
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
(cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
|
|
* wireless: T6425: Fix broken VHT beamforming
(cherry picked from commit f75f0f9c94472f46e056808c3ac6aba809c090f0)
* wireless: T6425: Add smoketests for VHT beamforming
(cherry picked from commit 578fbe0eb436697132e5a738fec5a4ac61ced8da)
* wireless: T6425: adjust to latest country-code changes
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide
configuration") removed the per wifi interface setting for a country-code. This
commit adjust the smoketests to the new design.
(cherry picked from commit 312273c9569d973c510d871adb941709804d8868)
---------
Co-authored-by: Alain Lamar <alain_lamar@yahoo.de>
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
(cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
|
|
If a firewall is not configured there is no reason to get and
execute telegraf firewall custom scripts as there are no nft
chain in the firewall nftables configuration
(cherry picked from commit ebff0c481907ac0c2c0be9981c3c3d87caf3003b)
|
|
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option (backport #3721)
|
|
(cherry picked from commit 977d2fbf7a62a97d98b38cf28e62f08fc9e8d3a2)
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
(cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
|
|
(cherry picked from commit 60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c)
|
|
(cherry picked from commit 39004c453fb8f71171ba3433ee559b5ff745bebe)
|
|
(cherry picked from commit 3e5cc0b7fb8ae4a0f8b7c9270d9db0a0f252c448)
Co-authored-by: Alex W <embezzle.dev@proton.me>
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
(cherry picked from commit 4d84f786f64d2b80046100ead5d0e8c1eef7418c)
|
|
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
(cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
|
|
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement,
where the later one is more humand readable. Both act in the same way.
(cherry picked from commit a2f0b25452c67528077f343d75de09d038e97fee)
|
|
(cherry picked from commit 03fd368ed263ca28c9b1b5e29f486217784d15ef)
|
|
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
|
|
(cherry picked from commit 75d553932504c55e710265776e4865a238223e1f)
|
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
(cherry picked from commit 7c438caa2c21101cbefc2eec21935ab55af19c46)
|
|
bridge: T6317: add dependency call for wireless interfaces (backport #3430)
|
|
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
|
|
(cherry picked from commit 431443ab3f663a6617008536d2d6d96407aebfcb)
|
|
(cherry picked from commit 92b468b9a0d5eee8484601568227f7c56e71b119)
|
|
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF (backport #3392)
|
|
When adding and removing VRF instances on the fly it was noticed that the vni
statement under the VRF instance in FRR vanishes. This was caused by a race
condition which was previously designed to fix another bug.
The wierd design of a Python helper below the VRF tree to only generate the
VNI configuration nodes is now gone and all is rendered in the proper place.
(cherry picked from commit e7bb65894f86372dc0f6e8fd39b1628e0a224c68)
|
|
(cherry picked from commit 107ee099e82397b31fca8cf1ac3860cbf76f0596)
|
|
(cherry picked from commit 0be0cdb932ca2d7399c026f1f601b56e179cc9c3)
|
|
(cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5)
|
|
(cherry picked from commit 8602c84e1b7c0da4c4c57fc2d034ec18497303fd)
|
|
config
(cherry picked from commit 984c386d11ead8371b7ac381e6c0921473e557ed)
|
|
(cherry picked from commit 78ea623df20b44309cc6ac9848ed18e97fc4ed03)
|
|
(cherry picked from commit 050f24770aec7a74c1a07ba64cf2cb83afb72f1a)
|
|
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
|
|
server certificates
(cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
|
|
pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions fails (backport #3296)
|
|
fails (#3296)
(cherry picked from commit 6d8336f5ad2d9c4e0f12b54681db2924d6998d2d)
|
|
(cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478)
|
|
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
|
|
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
|
|
T6192: allow binding SSH to multiple VRF instances (backport #3229)
|
|
Currently VyOS only supports binding a service to one individual VRF. It might
become handy to have the services (initially it will be VRF, NTP and SNMP) be
bound to multiple VRFs.
Changed VRF from leafNode to multi leafNode with defaultValue: default - which
is the name of the default VRF.
(cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
|
|
Fixed using 'route-map', 'as-set' and 'summary-only' together in
aggregation in BGP
(cherry picked from commit d8df8339d665db58afbf20cecaeb49ac9d1b617d)
|
|
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
|
|
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which
was present to update /etc/resolv.conf with the DHCP specified nameservers and
also the search domain list was no longer present.
This commit adds a per interface rendered script to inform vyos-hostsd about
the received IPv6 nameservers and search domains.
(cherry picked from commit ece425f0191762638b7c967097accd8739e9103d)
|