Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-11-21 | T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925) | Yuxiang Zhu | |
Clients supporting this DHCP option (DHCP option 108, RFC 8925) will disable its IPv4 network stack for configured number of seconds and operate in IPv6-only mode. This option is known to work on iOS 15+ and macOS 12.0.1+. Example command: ```sh set service dhcp-server shared-network-name LAN6 subnet 192.168.64.0/24 ipv6-only-preferred 0 ``` | |||
2022-11-18 | T4826: Fix login pubkey key type ed25519-sk ecdsa-sk | Viacheslav Hletenko | |
Requires full key type name like sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com | |||
2022-11-17 | Merge pull request #1654 from sarthurdev/pbr_refactor | Christian Poessinger | |
policy: T2199: T4605: Migrate policy route interface node | |||
2022-11-13 | T4813: add l3vpn over gre option from route-map | fett0 | |
2022-11-13 | l3VPN : T4182: add l3vpn over gre option from route-map | fett0 | |
2022-11-11 | policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵ | sarthurdev | |
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle | |||
2022-11-10 | dns: T738: add CLI option for PowerDNS local-port | Zen3515 | |
2022-11-05 | container: T4802: support per container shared-memory size configuration | Christian Poessinger | |
Size of /dev/shm within a container can be defined via --shm-size when invoking the container. Add corresponding CLI node. | |||
2022-11-03 | Merge pull request #1633 from sarthurdev/fqdn | Christian Poessinger | |
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT | |||
2022-11-03 | nat: T1877: T970: Add firewall groups to NAT | sarthurdev | |
2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
`fqdn` node | |||
2022-11-03 | validators: T4795: migrate mac-address python validator to validate-value | Christian Poessinger | |
Instead of spawning the Python interpreter for every mac-address to validate, rather use the base validate-value OCaml implementation which is much faster. This removes redundant code and also makes the CLI more responsive. Validator is moved out to a dedicated file instead of using XML inlined <regex> for the reason of re-usability. So if that regex needs to be touched again - it can all happen in one single file. | |||
2022-11-03 | xml: T4795: superseed allowed-vlan validator by numeric range validator | Christian Poessinger | |
Reduce CPU time when spawning the python interpreter. Same can be done by the numeric validator. | |||
2022-11-03 | xml: T4795: provide common and re-usable XML definitions for policy | Christian Poessinger | |
Remove duplicated code and move to single-source of truth. | |||
2022-11-01 | login: T4750: add ecdsa-sk and ed25519-sk as supported public key type | Christian Poessinger | |
2022-10-31 | ipsec: T4787: add support for road-warrior/remote-access RADIUS timeout | Christian Poessinger | |
This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor. | |||
2022-10-30 | snmp: T4785: allow @, * and # in SNMP community name | Christian Poessinger | |
2022-10-29 | snmp: T4785: allow ! in community name | Christian Poessinger | |
2022-10-29 | static: T4784: add description node for static route/route6 tagNodes | Christian Poessinger | |
2022-10-25 | graphql: T4574: add interface definitions for authentication settings | John Estabrook | |
2022-10-21 | graphql: T4768: change name of api child node from 'gql' to 'graphql' | John Estabrook | |
2022-10-17 | ssh: T4720: Ability to configure SSH-server HostKeyAlgorithms | Viacheslav Hletenko | |
Ability to configure SSH-server HostKeyAlgorithms. Specifies the host key signature algorithms that the server offers. Can accept multiple values. | |||
2022-10-14 | login: 2fa: T874: fix Google authenticator issues | Christian Poessinger | |
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos' | |||
2022-10-13 | T4739: OSPF segment routing being refactored | Cheeze_It | |
2022-10-13 | T4739: ISIS segment routing being refactored | Cheeze_It | |
2022-10-13 | monitoring: T4312: Ability to set IP address in the URL | Viacheslav Hletenko | |
Use common "url.xml" which allow URL as domain name or IP entrie | |||
2022-10-12 | Merge pull request #1555 from goodNETnick/ssh_otp | Christian Poessinger | |
system login: T874: add 2FA support for local and ssh authentication | |||
2022-10-11 | system login: T874: add 2FA support for local and ssh authentication | goodNETnick | |
2022-10-11 | xml: ospf: isis: T4739: merge include files for MPLS segment-routing | Christian Poessinger | |
2022-10-11 | Merge pull request #1574 from Cheeze-It/current | Christian Poessinger | |
isis: T4739: ISIS segment routing being refactored | |||
2022-10-11 | Merge pull request #1547 from initramfs/current-limiter-actions | Christian Poessinger | |
qos: T4688: add xml template for limiter actions | |||
2022-10-11 | isis: T4739: ISIS segment routing being refactored | Cheeze_It | |
This is to refactor ISIS segment routing to match up with OSPF segment routing. | |||
2022-10-10 | Merge pull request #1577 from sarthurdev/T4741 | Christian Poessinger | |
firewall: policy: T4741: T4742: Verify zone `from` is defined, autocomplete policy route tables | |||
2022-10-10 | Merge pull request #1563 from sever-sever/T4716 | Christian Poessinger | |
ssh: T4716: Ability to configure RekeyLimit data and time | |||
2022-10-10 | policy: T4742: Add policy route table auto-complete | sarthurdev | |
2022-10-10 | ssh: T4716: Ablity to configure RekeyLimit data and time | Viacheslav Hletenko | |
Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60 | |||
2022-10-09 | firewall: T3907: Fix firewall state-policy logging | sarthurdev | |
When log-level was introduced node `state-policy x log` was removed without migrator. This commit adds it back and improves log handling. | |||
2022-10-07 | Merge pull request #1572 from Cheeze-It/current | Christian Poessinger | |
ospf: T4707: Add OSPF segment routing for FRR | |||
2022-10-07 | Merge branch 'current' into radius-rate-limit-comp | Christian Poessinger | |
2022-10-06 | ospf: T4707: Add OSPF segment routing for FRR | Cheeze_It | |
In this commit we add OSPF segment routing, smoke tests, handlers, FRR template changes, and CLI commands. | |||
2022-10-06 | xml: T4722: radius: remove superfluous "default" help string | Christian Poessinger | |
vyos-1x automatically adds a "(default: ...)" hint to the CLI help if the <defaultValue> XML tag is used. No need to specify this manually. | |||
2022-10-06 | Merge pull request #1567 from aapostoliuk/T4660-sagitta | Christian Poessinger | |
policy: T4660: Changed CLI syntax in route-map set community | |||
2022-10-06 | T4727: add support for RADIUS rate limiting to PPTP (#1570) | Daniil Baturin | |
2022-10-03 | T4726: add completion help and validation for accel-ppp vendor option | Daniil Baturin | |
2022-10-03 | policy: T4660: Changed CLI syntax in route-map set community | aapostoliuk | |
Changed CLI syntax in route-map set community, set large-community, set extcommunity Allows to add multiple communities, large-communities and extcommunities in clear view. Added new well-known communities. Added non-transitive feature in extcommunities. Fixed community's validators. | |||
2022-10-01 | T4722: consistently use the "RADIUS" spelling for the RADIUS protocol | Daniil Baturin | |
2022-09-30 | bgp: evpn: T1315: add route-target CLI node <multi/> property | Christian Poessinger | |
FRR supports multiple route-targets to be used for import/export: address-family l2vpn evpn route-target import 20:10 route-target import 20:11 route-target import 20:12 route-target import 40:40 route-target export 1:2 route-target export 1:3 route-target export 40:40 exit-address-family Thus the <multi/> property is added to the relevant CLI nodes. | |||
2022-09-28 | Merge pull request #1561 from sever-sever/T4715 | Christian Poessinger | |
login: T4715: Auto logout user after inactivity | |||
2022-09-28 | ids: T4557: Update xml-component-version | Viacheslav Hletenko | |
2022-09-28 | login: T4715: Auto logout user after inactivity | Viacheslav Hletenko | |
Ability to terminate interactive sessions (TTY/PTS) after a period of inactivity. set system login timeout '300' |