Age | Commit message (Collapse) | Author |
|
(cherry picked from commit eec95109981140f1b4323bcf4526c10c6364d9ae)
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
(cherry picked from commit 9e22ab6b2aee48029d3455f65880e45c558cf1da)
|
|
T5794: firewall: change firewall priority in oder to be loaded after all interfaces (backport #3988)
|
|
(cherry picked from commit 663e468de2b431f771534b4e3a2d00a5924b98fe)
|
|
(cherry picked from commit b3ae35987a860a5d2cf64dfbc156a7ee7cc799a2)
|
|
(cherry picked from commit d5ae708581d453e2205ad4cf8576503f42e262b6)
|
|
(cherry picked from commit 4acad3eb8d9be173b76fecafc32b0c70eae9b192)
|
|
(cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3)
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
(cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
(cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
|
|
(cherry picked from commit e2b05343b30d2f989968532106e792cbaf75ecf6)
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
(cherry picked from commit 5748db4ebb4f4023f8e33d45121ff24267941cc7)
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
T751: Remove ids suricata
|
|
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce)
|
|
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
|
|
Add possibility to provide a full CA chain to the openconnect server.
* Support multiple CA certificates
* For every CA certificate specified, always determine the full certificate
chain in the background and add the necessary SSL certificates
(cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
Using BGP peer-groups inside a VRF instance will make use if the global VRFs
peer-group list during tab-completion and not the peer-groups defined within
the BGP instance of the given VRF.
|
|
|
|
T6442: CGNAT add log for address allocation
|
|
Add the configuration command to log current CGNAT allocation
set nat cgnat log-allocation
|
|
|
|
|
|
|
|
|
|
xml: T6423: enforce priority on nodes having an owner
|
|
|
|
T3900: Add support for raw tables in firewall
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
|
|
dns: T6422: allow multiple redundant NS records
|
|
added new syntax to work with class match filters in QoS policy
|
|
|
|
reverse-proxy: T6409: Remove unused backend parameters
|
|
T4576: Accel-ppp logging level configuration
|
|
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
|
|
To prevent any possible races in the future the host-name and domain-name nodes
should be set with explicit priorities!
|
|
|
|
|
|
|
|
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
|
|
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
|
|
suricata: T751: Initial support for suricata
|
|
|
|
|
|
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
|
|
>=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
|