summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2024-02-28Merge pull request #3055 from sarthurdev/T6073Christian Breunig
vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is required
2024-02-27vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is ↵sarthurdev
required
2024-02-27vyos-hostsd: T4270: do not resolve local router FQDN to 127.0.1.1Christian Breunig
Clients using VyOS as their DNS server and trying to resolve the FQDN of the router will receive 127.0.1.1 as answer. set service dns forwarding allow-from '172.16.0.0/12' set service dns forwarding listen-address '172.31.0.254' set service dns forwarding negative-ttl '60' set system domain-name 'vyos.net' set system host-name 'R1' Will return: $ host R1.vyos.net 172.31.0.254 Using domain server: Name: 172.31.0.254 Address: 172.31.0.254#53 Aliases: R1.vyos.net has address 127.0.1.1 When it should rather return the real IP address assigned via DNS.
2024-02-23T6054: WLB: fix rules parsing when using multiple ports in one ruleNicolas Fort
2024-02-21conntrack: T5376: Fix priority for CT helperssarthurdev
Ref: https://www.spinics.net/lists/netfilter/msg59549.html
2024-02-16Merge pull request #3016 from c-po/nhtChristian Breunig
T6001: add option to disable next-hop-tracking resolve-via-default
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-default in VRF ↵Christian Breunig
context * set vrf name <name> ip nht no-resolve-via-default * set vrf name <name> ipv6 nht no-resolve-via-default
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-defaultChristian Breunig
* set system ip nht no-resolve-via-default * set system ipv6 nht no-resolve-via-default
2024-02-15Merge pull request #3004 from aapostoliuk/T6029-circinusDaniil Baturin
T6029: Rewritten Accel-PPP services to an identical feature set
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code.
2024-02-14eigrp: T2472: improve code for later testsChristian Breunig
2024-02-13Merge pull request #2987 from c-po/evpn-macvrf-sooChristian Breunig
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
2024-02-12pki: T6034: add dependencies to trigger rpki re-run on openssh key updateChristian Breunig
2024-02-11Merge pull request #2980 from c-po/srv6-T5849Daniil Baturin
srv6: T5849: add segment support to "protocols static route6"
2024-02-11bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
2024-02-10bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
2024-02-08Merge pull request #2955 from c-po/rpki-T6023Christian Breunig
rpki: T6023: add support for CLI knobs expire-interval and retry-interval
2024-02-08Merge pull request #2950 from aapostoliuk/T5960-circinusDaniil Baturin
T5960: Rewritten authentication node in PPTP to a single view
2024-02-07Merge pull request #2957 from c-po/bgp-T6024Christian Breunig
bgp: T6024: add additional missing FRR features
2024-02-07bgp: T6024: add additional missing FRR featuresChristian Breunig
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset"
2024-02-07rpki: T6023: add support for CLI knobs expire-interval and retry-intervalChristian Breunig
2024-02-07T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication.
2024-02-06vpn: T3843: l2tp configuration not cleared after deletekhramshinr
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl
2024-02-06Merge pull request #2936 from c-po/rpki-T6011Daniil Baturin
rpki: T6011: known-hosts-file is no longer supported by FRR
2024-02-03rpki: T6011: known-hosts-file is no longer supported by FRRChristian Breunig
2024-02-03ipsec: T5998: add replay-windows settingChristian Breunig
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040>
2024-02-02Merge pull request #2889 from sarthurdev/kea-hooksChristian Breunig
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
2024-02-02Merge pull request #2891 from aapostoliuk/T5971-circinusViacheslav Hletenko
T5971: Rewritten ppp options in accel-ppp services
2024-02-01upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLsChris Buechler
2024-02-01Merge pull request #2756 from nicolas-fort/T4839Christian Breunig
T4839: firewall: Add dynamic address group in firewall configuration
2024-02-01Merge pull request #2860 from indrajitr/ddclient-update-20240119Christian Breunig
ddclient: T5966: Adjust dynamic dns config address subpath
2024-02-01Merge pull request #2903 from HollyGurza/T5687Christian Breunig
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor
2024-01-30Merge pull request #2877 from c-po/vrf-5973Christian Breunig
vrf: T5973: multiple bugfixes and improvements
2024-01-30dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
2024-01-29T5971: Rewritten ppp options in accel-ppp servicesaapostoliuk
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP.
2024-01-25T4839: firewall: Add dynamic address group in firewall configuration, and ↵Nicolas Fort
appropiate commands to populate such groups using source and destination address of the packet.
2024-01-24dhcpv6: T3771: Allow installation of routes for delegated prefixessarthurdev
2024-01-23image-tools: T5980: add support for configurable kernel boot optionsJohn Estabrook
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254>
2024-01-22vrf: T5973: move initial conntrack firewall table to startupChristian Breunig
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code.
2024-01-22Merge pull request #2871 from c-po/multicast-T5969Christian Breunig
op-mode: T5969: list multicast group membership
2024-01-22op-mode: T5969: list multicast group membershipChristian Breunig
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201 Interface Family Address ----------- -------- --------- eth0.201 inet 224.0.0.6 eth0.201 inet 224.0.0.5 eth0.201 inet 224.0.0.1 cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0 Interface Family Address ----------- -------- ----------------- eth0 inet6 ff02::1:ff00:0 eth0 inet6 ff02::1:ffbf:c56d eth0 inet6 ff05::2 eth0 inet6 ff01::2 eth0 inet6 ff02::2 eth0 inet6 ff02::1 eth0 inet6 ff01::1
2024-01-22Merge pull request #2869 from c-po/sflow-t5968Viacheslav Hletenko
sflow: T5968: add VRF support
2024-01-22sflow: T5968: add VRF supportChristian Breunig
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service
2024-01-21ddclient: T5966: Adjust dynamic dns config address subpathIndrajit Raychaudhuri
Modify the dynamic dns configuration 'address' subpath for better clarity on how the address is obtained. Additionally, remove `web-options` and fold those options under the path `address web`.
2024-01-21dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine)
2024-01-21ntp: T5692: add support to configure leap second behaviorChristian Breunig
* set service ntp leap-second [ignore|smear|system|timezone] Where timezone is the new and old default resulting in adding "leapsectz right/UTC" to chrony.conf. The most prominent new option is "smear" which will add leapsecmode slew maxslewrate 1000 smoothtime 400 0.001 leaponly to chrony. See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for additional information
2024-01-17T5953: Changed values of 'close-action' to Strongswan valuesaapostoliuk
Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group.