Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-04-09 | Merge pull request #1242 from goodNETnick/ocserv_local_otp | Christian Poessinger | |
ocserv: T4231: Added OTP support for Openconnect 2FA | |||
2022-04-09 | ocserv: T4231: Added OTP support for Openconnect 2FA | goodNETnick | |
2022-04-08 | Merge branch 'current' into dhcpd | Georg | |
2022-04-07 | ipv6: T4346: delete (migrate) CLI command to disable IPv6 address family | Christian Poessinger | |
2022-04-07 | qos: T4284: rename "traffic-policy" node to "qos policy" | Christian Poessinger | |
"set traffic-policy" now becomes "set qos policy" "set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0" | |||
2022-04-07 | qos: T4284: support mirror and redirect on vlan subinterfaces | Christian Poessinger | |
2022-04-07 | qos: T4284: support mirror and redirect on all interface types | Christian Poessinger | |
2022-04-06 | dns: forwarding: T4343: add CLI option for PowerDNS network-timeout | Bracken | |
Makes the powerdns `network-timeout` setting configurable via: `service dns forwarding timeout`. The powerdns default is 1500ms, VyOS now explicitly sets the same default value or the configured value so that the setting can have a readily apparent default in the help, rather than the user having to know it's powerdns. | |||
2022-04-06 | firewall: T4345: Fix incorrect rule limit rate syntax | sarthurdev | |
2022-04-04 | wifi: T4339: tab-completion results in "No such file or directory" | Christian Poessinger | |
2022-04-04 | wwan: T4339: tab-completion results in "No such file or directory" | Christian Poessinger | |
2022-04-04 | Merge pull request #1267 from sever-sever/T2580 | Christian Poessinger | |
ipoe: T2580: Add pools and gateway options | |||
2022-04-04 | ipoe: T2580: Add pools and gateway options | Viacheslav Hletenko | |
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24' | |||
2022-04-03 | isis: T3156: add segment routing local-block for ISIS | Christian Poessinger | |
2022-04-03 | xml: isis: T3236: create common high-low label value include block | Christian Poessinger | |
2022-04-03 | isis: T4336: add support for MD5 authentication password on a circuit | Christian Poessinger | |
2022-04-01 | policy: T4329: Fix regex for extcommunity rt | Viacheslav Hletenko | |
Fix regex to allow to set several marks for extcommunity rt set extcommunity rt '65:24 65:23 192.168.2.1:11 192.168.0.2:222' | |||
2022-03-31 | bgp: T4326: Add bgp parameter no-suppress-duplicates | Viacheslav Hletenko | |
Add new bgp parameter 'no-suppress-duplicates' set protocols bgp parameters no-suppress-duplicates | |||
2022-03-31 | Merge branch 'vyos:current' into ocserv_local_otp | goodNETnick | |
2022-03-25 | xml: T4319: use common building block for table-size CLI option | Christian Poessinger | |
2022-03-25 | T4319: "system ip(v6)" must run before any interface operation | Christian Poessinger | |
2022-03-24 | ipsec: T4288: bump config version 8 -> 9 | Christian Poessinger | |
2022-03-24 | Merge pull request #1251 from srividya0208/T4288a | Christian Poessinger | |
ike-group: T4288 : close-action is missing in swanctl.conf | |||
2022-03-24 | ike-group: T4288 : close-action is missing in swanctl.conf | srividya0208 | |
close-action parameter is missing in the swanctl.conf file | |||
2022-03-23 | l2tpv3: T1923: remove duplicate mtu include | Christian Poessinger | |
2022-03-21 | qos: T4284: initial XML interface definitions for rewrite | Christian Poessinger | |
2022-03-17 | OSPF : T4304: Set import/export filter inter-area prefix | fett0 | |
2022-03-16 | ocserv: T4231: Added OTP support for Openconnect 2FA | goodNETnick | |
2022-03-09 | policy: T2493 ip-next-hop unchanged & peer-address | Paul Lettington | |
Also add ipv6-next-hop peer-address | |||
2022-03-07 | ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpn | srividya0208 | |
It accepts network as the input value but the completion help is showing ip address, continuation of previous commit | |||
2022-03-03 | static: T4283: support "reject" routes - emit an ICMP unreachable when matched | Christian Poessinger | |
2022-03-03 | static: T4283: create re-usable XML interface definitions for blackhole | Christian Poessinger | |
2022-03-03 | static: T4283: fix help string for route/route6 | Christian Poessinger | |
2022-03-01 | flow-accounting: T4277: support sending flow-data via VRF interface | Christian Poessinger | |
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name> | |||
2022-02-28 | ipsec prefix: T4275: Incorrect val_help for local/remote prefix | srividya0208 | |
It accepts network as the input value but the completion help is showing ip address | |||
2022-02-28 | open-connect: T4274: extend RADIUS authentication timeout | RageLtMan | |
RADIUS authentication can be handled by a variety of mechanisms, including proxy for 2FA systems requiring user interaction with a separate device, token acquisition, or other time-consuming action. Given the delays required for certain 2FA implementations, a thirty second timeout can range from onerous to untenable. Accomodate the 2FA time requirements by extending the hard-coded RADIUS time limit from 30 seconds to 240. Co-authored-by: RageLtMan <rageltman [at] sempervictus> | |||
2022-02-28 | ssh: T4273: bugfix cipher and key-exchange multi nodes | Christian Poessinger | |
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility | |||
2022-02-26 | lldp: T4272: migrate to get_config_dict() | Christian Poessinger | |
2022-02-25 | nat: T1083: use defaultValue from XML when handling translations | Christian Poessinger | |
2022-02-25 | zone-policy: T2199: bugfix defaultValue usage | Christian Poessinger | |
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands. | |||
2022-02-25 | vpn: ipsec: T3093: add missing defaultValue entries | Christian Poessinger | |
2022-02-25 | monitoring: T3872: re-use "port" building block from port-number.xml.i | Christian Poessinger | |
2022-02-25 | xml: webproxy: add comment about explicitly not set defaultValue | Christian Poessinger | |
2022-02-25 | wireless: ifconfig: T2653: add missing defaultValue for mgmt-frame-protection | Christian Poessinger | |
2022-02-25 | dhcp-relay: T3095: add missing max-size default value | Christian Poessinger | |
2022-02-24 | scripts: T4269: node.def generator should automatically add default values | Christian Poessinger | |
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help. | |||
2022-02-22 | Merge pull request #1230 from sever-sever/T1856 | Christian Poessinger | |
ipsec: T1856: Ability to set SA life bytes and packets | |||
2022-02-21 | Merge pull request #1231 from sever-sever/T3948 | Christian Poessinger | |
ipsec: T3948: Add CLI site-to-site peer connection-type none | |||
2022-02-21 | Merge pull request #1234 from srividya0208/T3656 | Christian Poessinger | |
vpn_ipsec: T3656: modified completion help for key-exchange | |||
2022-02-21 | vpn_ipsec: T3656: modified completion help for key-exchange | srividya0208 | |
In latest releases, default IKE version is removed, which allows the connection to be IKEv1 or IKEv2. The completion help shows IKEv1 as default so removed it. |