Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation. | |||
2024-05-12 | Merge pull request #3447 from c-po/evpn-uplink-t6306 | Daniil Baturin | |
ethernet: T6306: add support for EVPN MH uplink/core tracking | |||
2024-05-11 | ethernet: T6306: add support for EVPN MH uplink/core tracking | Christian Breunig | |
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink | |||
2024-05-10 | Merge pull request #3410 from fett0/T6303 | Christian Breunig | |
Bond: T6303: add system mac address on interfaces bond | |||
2024-05-10 | bond: T6303: must reset system-mac to 00:00:00:00:00:00 on deletion | Christian Breunig | |
2024-05-10 | bond: T6303: add system mac address on bond | fett0 | |
2024-05-10 | Merge pull request #3430 from c-po/bridge-T6317 | Christian Breunig | |
bridge: T6317: add dependency call for wireless interfaces | |||
2024-05-09 | sstp: T4393: Add support to configure host-name (SNI) | Nataliia Solomko | |
2024-05-08 | bridge: T6317: add dependency call for wireless interfaces | Christian Breunig | |
2024-05-07 | bgp: T6082: Allow the same local-as and remote-as in one peer group | khramshinr | |
2024-05-04 | smoketest: T6283: T6250: add testcases | Christian Breunig | |
2024-05-02 | qos: T6225: Fix qos random-detect policy | khramshinr | |
Fix default values for random-detect Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel | |||
2024-05-01 | Merge pull request #3392 from c-po/bgp-evpn-T6189 | Christian Breunig | |
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF | |||
2024-05-01 | vrf: T6189: render FRR L3VNI configuration when creating VRF instance | Christian Breunig | |
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place. | |||
2024-05-01 | Merge pull request #3364 from natali-rs1985/T6234-current | Daniil Baturin | |
pppoe-server: T6234: PPPoE-server pado-delay refactoring | |||
2024-04-30 | haproxy: T6179: fix rule generation | Nicolas Vollmar | |
2024-04-29 | openconnect: T4982: Support defining minimum TLS version in openconnect VPN | Alex W | |
2024-04-25 | Merge pull request #3316 from HollyGurza/T4248 | Daniil Baturin | |
qos: T4248: Allow to remove the only rule from the qos class | |||
2024-04-25 | pppoe-server: T6234: PPPoE-server pado-delay refactoring | Nataliia Solomko | |
2024-04-23 | T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵ | Windom WU | |
config | |||
2024-04-22 | Merge pull request #3337 from Embezzle/T6237 | Christian Breunig | |
T6237: IPSec remote access VPN: ability to set EAP ID of clients | |||
2024-04-21 | T6237: IPSec remote access VPN: ability to set EAP ID of clients | Alex W | |
2024-04-21 | smoketest: support dynamic enable of smoketest debugging | Christian Breunig | |
$ touch /tmp/vyos.smoketest.debug will enable dynamic debugging of the smoketests - showing the appropriate CLI commands on stdout | |||
2024-04-21 | T6246: improve haproxy http check configuration | Nicolas Vollmar | |
2024-04-17 | T6246: adds basic haproxy http-check configuration | Nicolas Vollmar | |
2024-04-16 | qos: T4248: Allow to remove the only rule from the qos class | khramshinr | |
2024-04-15 | T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵ | Alex W | |
server certificates | |||
2024-04-15 | T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵ | Nicolas Fort | |
to firewall global-optinos | |||
2024-04-13 | Merge pull request #3297 from HollyGurza/T6035 | Daniil Baturin | |
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt | |||
2024-04-12 | qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt | khramshinr | |
Added params for configuration red on the shaper policy | |||
2024-04-12 | pppoe-server: T6141: T5364: PPPoE-server add pado-delay without sessions ↵ | Nataliia Solomko | |
fails (#3296) | |||
2024-04-11 | T5871: ipsec remote access VPN: specify "cacerts" for client auth. | Lucas Christian | |
2024-04-07 | Merge pull request #3265 from c-po/ethernet-mtu-T5862 | Daniil Baturin | |
ethernet: T5862: default MTU is not acceptable in some environments | |||
2024-04-06 | T6199: start validating smoketests against real CLI defaultValues | Christian Breunig | |
Use vyos.xml_ref.default_value to query XML default values and take them into account when validating properly applied defaults in individual smoketests instead of using hardcoded values like 443 for https port. | |||
2024-04-06 | ethernet: T5862: default MTU is not acceptable in some environments | Christian Breunig | |
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower. | |||
2024-04-04 | Merge pull request #3238 from HollyGurza/T5943 | Daniil Baturin | |
bgp: T5943: BGP Peer-group members must be all internal or all external | |||
2024-04-04 | Merge pull request #3214 from nicolas-fort/T6068-kea | Daniil Baturin | |
T6068: dhcp-server: add command <set service dhcp-server high-availability mode> | |||
2024-04-04 | bgp: T5943: BGP Peer-group members must be all internal or all external | khramshinr | |
2024-04-03 | T6068: dhcp-server: add command <set service dhcp-server high-availability ↵ | Nicolas Fort | |
mode> so user can define what type of ha use: active-active or active-passive | |||
2024-04-03 | T6199: drop unused Python imports | Christian Breunig | |
found using "git ls-files *.py | xargs pylint | grep W0611" | |||
2024-04-02 | Merge pull request #3236 from c-po/pki-verify | Christian Breunig | |
configverify: T6198: add common helper for PKI certificate validation | |||
2024-04-02 | configverify: T6198: add common helper for PKI certificate validation | Christian Breunig | |
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS. | |||
2024-04-02 | Merge pull request #3229 from c-po/multi-vrf | Christian Breunig | |
T6192: allow binding SSH to multiple VRF instances | |||
2024-04-02 | T6196: Fixed applying parameters for aggregation in BGP | aapostoliuk | |
Fixed using 'route-map', 'as-set' and 'summary-only' together in aggregation in BGP | |||
2024-04-01 | Merge pull request #3212 from fett0/T6151 | fett0 | |
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check | |||
2024-04-01 | ssh: T6192: allow binding to multiple VRF instances | Christian Breunig | |
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. | |||
2024-04-01 | Merge pull request #3222 from HollyGurza/T6178 | Christian Breunig | |
T6178: Check that certificate exists during reverse-proxy commit | |||
2024-04-01 | T6178: Check that certificate exists during reverse-proxy commit | khramshinr | |
2024-03-30 | Merge pull request #3195 from HollyGurza/T4718-current | Christian Breunig | |
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf | |||
2024-03-30 | accel-ppp: T6187: use correct CPU counts adjusted for SMT | Daniil Baturin | |