summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-09-02T6681: Add option for SLAAC to support suppress Interval Advertisement in RAsHikari Kongou
(cherry picked from commit eec95109981140f1b4323bcf4526c10c6364d9ae)
2024-08-23wireless: T6318: move country-code to a system wide configurationmergify/bp/circinus/pr-3656Christian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code" (cherry picked from commit 9e22ab6b2aee48029d3455f65880e45c558cf1da)
2024-08-17Merge pull request #3991 from vyos/mergify/bp/circinus/pr-3988Christian Breunig
T5794: firewall: change firewall priority in oder to be loaded after all interfaces (backport #3988)
2024-08-16T6649: Accel-ppp separate vlan-mon from listen interfacesmergify/bp/circinus/pr-3987Nataliia Solomko
(cherry picked from commit 663e468de2b431f771534b4e3a2d00a5924b98fe)
2024-08-16T5794: change firewall priority in oder to be loaded after all interfaces.mergify/bp/circinus/pr-3988nicolas
(cherry picked from commit b3ae35987a860a5d2cf64dfbc156a7ee7cc799a2)
2024-08-05OPENVPN: T6555: fix name to bridgefett0
(cherry picked from commit d5ae708581d453e2205ad4cf8576503f42e262b6)
2024-08-05OPENVPN: T6555: add server-bridge options in mode serverfett0
(cherry picked from commit 4acad3eb8d9be173b76fecafc32b0c70eae9b192)
2024-07-26vxlan: T6505: Support VXLAN VLAN-VNI range mapping in CLI (#3756)mergify/bp/circinus/pr-3756Nataliia S
(cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3)
2024-07-22wireless: T6320: add 802.11ax at 6GHzAlain Lamar
Authored-By: Alain Lamar <alain_lamar@yahoo.de> (cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
2024-07-22T6599: ipsec: support disabling rekey of CHILD_SA.Lucas Christian
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. (cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
2024-07-18openvpn: T6591: deprecate OpenVPN server net30 topology (#3825)mergify/bp/circinus/pr-3825Daniil Baturin
(cherry picked from commit e2b05343b30d2f989968532106e792cbaf75ecf6)
2024-07-03ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms optionkhramshinr
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
2024-07-03T6538: Add the ability to set GENEVE interfaces to VRFViacheslav Hletenko
(cherry picked from commit 5748db4ebb4f4023f8e33d45121ff24267941cc7)
2024-06-28T6477: Add telegraf loki output pluginViacheslav Hletenko
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx (cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
2024-06-26Merge pull request #3723 from sever-sever/T751Daniil Baturin
T751: Remove ids suricata
2024-06-24T3202: Enable wireguard debug messagesNataliia Solomko
(cherry picked from commit d818788932e3c57d020cca9236df7275da452fce)
2024-06-22T5949: Add option to disable USB autosuspendkhramshinr
(cherry picked from commit c0b2693cebc3429e1974a9cec5946fa88ffc0205)
2024-06-20openconnect: T6500: add support for multiple ca-certificates (#3691)mergify[bot]
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates (cherry picked from commit 973f06c00b902c43dfea34bdf01bdec7c599c452) Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-06-11bgp: T6473: missing completion helper for peer-groups inside a VRFChristian Breunig
Using BGP peer-groups inside a VRF instance will make use if the global VRFs peer-group list during tab-completion and not the peer-groups defined within the BGP instance of the given VRF.
2024-06-11openvpn: T5487: Remove eprecated option --cipher for server and client modeNataliia Solomko
2024-06-10Merge pull request #3621 from sever-sever/T6442Christian Breunig
T6442: CGNAT add log for address allocation
2024-06-10T6442: CGNAT add log for address allocationViacheslav Hletenko
Add the configuration command to log current CGNAT allocation set nat cgnat log-allocation
2024-06-10T6219: align with system sysctl and limit parameters to supportedNicolas Vollmar
2024-06-10T751: Remove ids suricataViacheslav Hletenko
2024-06-10container: T6219: Add support for container sysctl / kernel parametersBen Pilgrim
2024-06-07reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
2024-06-06Merge pull request #3589 from natali-rs1985/T6423-currentJohn Estabrook
xml: T6423: enforce priority on nodes having an owner
2024-06-06xml: T6423: enforce priority on nodes having an ownerNataliia Solomko
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-05-31Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-recordsChristian Breunig
dns: T6422: allow multiple redundant NS records
2024-05-31T5307: QoS - traffic-class-map services (#3492)Roman Khramshin
added new syntax to work with class match filters in QoS policy
2024-05-30conntrack: T6396: correction to helper message for custom timeout ruleGiggum
2024-05-30Merge pull request #3531 from Embezzle/T6409Christian Breunig
reverse-proxy: T6409: Remove unused backend parameters
2024-05-30Merge pull request #3510 from HollyGurza/T4576Daniil Baturin
T4576: Accel-ppp logging level configuration
2024-05-30dns: T6422: allow multiple redundant NS recordsHaim Gelfenbeyn
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported.
2024-05-30hostname: T6421: enforce explicit CLI priority for host-name and domain-nameChristian Breunig
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities!
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
2024-05-27reverse-proxy: T6409: Remove unused backend parametersAlex W
2024-05-27T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve
2024-05-24load-balancing haproxy: T6391: fix typo in timeout help (#3513)Gregor Michels
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-23suricata: T751: remove implicit default dictionaryChristian Breunig
2024-05-23suricata: T751: move CLI from "service ids suricata" -> "service suricata"Christian Breunig
2024-05-23Merge pull request #3487 from Embezzle/T6370Christian Breunig
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
2024-05-22nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454