Age | Commit message (Collapse) | Author |
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
(cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
|
|
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide
configuration") removed the per wifi interface setting for a country-code. This
commit adjust the smoketests to the new design.
(cherry picked from commit 312273c9569d973c510d871adb941709804d8868)
|
|
(cherry picked from commit 578fbe0eb436697132e5a738fec5a4ac61ced8da)
|
|
(cherry picked from commit 23a3419d512139650cfe3dc76759b370b0c0c3d6)
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
(cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
|
|
Commit 452068ce7 ("interfaces: T6592: moving an interface between VRF instances
failed") introduced a new helper to retrieve the VRF table ID from the Kernel.
This commit migrates the old code path where the individual fields got queried
to the new helper vyos.utils.network.get_vrf_tableid().
(cherry picked from commit 36f3791e0c15267483d59a3bb74465811d08df88)
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
(cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
|
|
(cherry picked from commit ad43aa885a8ef689da212088d6ebb37c32d72883)
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
(cherry picked from commit 4c7719efa27d9d2966b70b924c90aa2c90022388)
|
|
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
|
|
vyos.utils: T5195: import vyos.cpu to this package
|
|
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
|
T3900: Add support for raw tables in firewall
|
|
isis: T6429: fix isis metric-style configuration missing
|
|
|
|
timeout parameters defined in conntrack to firewall global-opton section.
|
|
|
|
dns: T6422: allow multiple redundant NS records
|
|
added new syntax to work with class match filters in QoS policy
|
|
style fixes
|
|
T4576: Accel-ppp logging level configuration
|
|
reverse-proxy: T6419: build full CA chain when verifying backend server
|
|
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement,
where the later one is more humand readable. Both act in the same way.
|
|
T6411: CGNAT fix sequences for external address ranges
|
|
ISIS: T6332: Fix isis not working only ipv6
|
|
|
|
T5786: Add set/show system image to /image endpoint
|
|
Fix the bug where address external alocation was not rely on sequences
of the external IP addresses (if set)
|
|
|
|
|
|
|
|
|
|
add ability to change logging level config for:
* VPN L2TP
* VPN PPTP
* VPN SSTP
* IPoE Server
* PPPoE Serve
|
|
|
|
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
|
|
|
|
|
|
|
|
T5756: L2TP RADIUS backup and weight settings
|
|
|
|
|
|
|
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
|
|
ethernet: T6306: add support for EVPN MH uplink/core tracking
|
|
When all the underlay links go down the PE no longer has access to the VxLAN
+overlay.
To prevent blackholing of traffic the server/ES links are protodowned on the PE.
A link can be setup for uplink tracking via the following configuration:
set interfaces ethernet eth0 evpn uplink
|