| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option
|
|
If a firewall is not configured there is no reason to get and
execute telegraf firewall custom scripts as there are no nft
chain in the firewall nftables configuration
|
|
* T6452: Add QoS Op Commands
Added the following commands:
show qos shaping
show qos shaping detail
show qos shaping interface <int name>
show qos shaping interface <int name> detail
show qos shaping interface <int name> class <class name>
show qos shaping interface <int name> class <class name> detail
show qos cake interface <int name>
|
|
T6477: Add telegraf loki output plugin
|
|
pppoe-server: T5710: Add option permit any-login
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
|
|
|
|
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
|
|
Now that there is a build time validation that Config() is not instantiated
twice in a config mode script, and also as there are no more direct calls on
the my_set and my_delete binary, we can auto generate the list of helpers run
by vyos-configd.
|
|
|
|
Add CLI commands
Add config
Add conf_mode
Add systemd config
Add stunnel smoketests
Add log level config
|
|
snmp: T6489: use new Python wrapper to interact with config filesystem
|
|
Do no longer use my_set and my_delete as this prevents scripts beeing run under
supervision of vyos-configd.
|
|
policy on OUTUT_raw
|
|
T5949: Add option to disable USB autosuspend
|
|
|
|
|
|
T6489: Add support for CLI config scripts that change the underlaying working configuration
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
|
|
my_set/my_delete
|
|
output
|
|
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
|
|
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
|
|
The SSTPC client was not reloaded/restarted with the new SSL certificate(s)
after a change in the PKI subsystem.
This was due to missing dependencies.
|
|
The haproxy reverse proxy was not reloaded/restarted with the new SSL
certificate(s) after a change in the PKI subsystem. This was due to missing
dependencies.
|
|
|
|
T3900: Add support for raw tables in firewall
|
|
|
|
show version: T6446: display the support URL for LTS builds
|
|
isis: T6429: fix isis metric-style configuration missing
|
|
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
|
|
|
|
T4576: Accel-ppp logging level configuration
|
|
op-mode: ipsec: T6407: fix profile generation
|
|
reverse-proxy: T6419: build full CA chain when verifying backend server
|
|
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
|
|
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement,
where the later one is more humand readable. Both act in the same way.
|
|
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
|
|
suricata: T751: Initial support for suricata
|
|
|
|
|
|
T6350: CGNAT add op-mode to show allocation
|
|
Add op-mode command `show nat cgnat allocation` to get CGNAT
allocations (internal address, external address, port-range)
|
|
T6335: Add/Update EVPN op commands
|
