Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-05-29 | openvpn: T6374: only check TLS role for s2s if TLS is configured | Daniil Baturin | |
2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
T6411: CGNAT fix sequences for external address ranges | |||
2024-05-28 | Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validation | Christian Breunig | |
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | |||
2024-05-28 | Merge pull request #3533 from natali-rs1985/T6389-current | John Estabrook | |
op_mode: T6389: Check architecture and flavor compatibility on upgrade attempts | |||
2024-05-28 | Merge pull request #3529 from HollyGurza/T5786 | Christian Breunig | |
T5786: Add set/show system image to /image endpoint | |||
2024-05-28 | T6411: CGNAT fix sequences for external address ranges | Viacheslav Hletenko | |
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set) | |||
2024-05-28 | op mode: T6389: Check architecture and flavor compatibility on upgrade attempts | Nataliia Solomko | |
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | reverse-proxy: T6409: Remove unused backend parameters | Alex W | |
2024-05-27 | T5786: Add set/show system image to /image endpoint | khramshinr | |
2024-05-27 | openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | Daniil Baturin | |
2024-05-26 | reverse-proxy: T6402: Fix invalid checks in validation script | Alex W | |
2024-05-25 | op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates | Christian Breunig | |
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 | |||
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: use key_mangling in get_config_dict() | Christian Breunig | |
2024-05-23 | suricata: T751: remove implicit default dictionary | Christian Breunig | |
2024-05-23 | suricata: T751: move CLI from "service ids suricata" -> "service suricata" | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-23 | Merge pull request #3507 from c-po/nat-T6345 | Daniil Baturin | |
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 | |||
2024-05-23 | Merge pull request #3505 from c-po/nat66-T6365 | Daniil Baturin | |
nat66: T6365: remove warnings for negated interface selections by name | |||
2024-05-23 | dhcpv6-server: T6381: fix typos in select ConfigError messages in VyOS ↵ | Ginko | |
current (#3508) | |||
2024-05-22 | nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵ | Christian Breunig | |
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 | |||
2024-05-22 | nat66: T6365: remove warnings for negated interface selections by name | Christian Breunig | |
2024-05-22 | Merge pull request #3482 from alryaz/patch-1 | Christian Breunig | |
nat: T6365: remove warnings for negated interface selections by name | |||
2024-05-22 | nat: T6365: use interface_exists() over netifaces.interfaces() | Christian Breunig | |
2024-05-22 | nat: T6365: use string startswith() over [0] index access | Christian Breunig | |
2024-05-22 | nat: T6365: remove warnings for negated interface selections by name | Ryazanov Alexander Mihailovich | |
2024-05-21 | reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | Alex W | |
2024-05-21 | T6366: CGNAT add ability to get external and internal allocations | Viacheslav Hletenko | |
Add the ability to show port allocation per external or internal address With huge entries, it is necessary to filter it by specific external/internal IP address | |||
2024-05-19 | Merge pull request #3483 from sever-sever/T6364 | Daniil Baturin | |
T6364: CGNAT drop hard limit that allows only one translation rule | |||
2024-05-18 | T6349: updated pr-labels workflow permission (#3485) | Vijayakumar A | |
2024-05-18 | T5169: Allow to set CGNAT multiple internal pools | Viacheslav Hletenko | |
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ``` | |||
2024-05-18 | T6364: CGNAT drop hard limit that allows only one translation rule | Viacheslav Hletenko | |
As PoC for CGNAT had a hard limit of using only one translation rule for one internal pool. Drop this limit and extend the usage number of the rules. ``` set nat cgnat rule 100 source pool 'int-01' set nat cgnat rule 100 translation pool 'ext-01' set nat cgnat rule 120 source pool 'vyos-int-02' set nat cgnat rule 120 translation pool 'vyos-ext-02' ``` | |||
2024-05-17 | Merge pull request #3471 from natali-rs1985/T6348-current | Christian Breunig | |
op mode: T6348: SNAT op-mode fails with flowtable offload entries | |||
2024-05-17 | Merge pull request #3472 from nvollmar/T6358 | Christian Breunig | |
T6358: Container config option to enable host pid | |||
2024-05-17 | T6358: Add config option for host process namespace | Nicolas Vollmar | |
2024-05-17 | T6358: Remove duplicate host name handling | Nicolas Vollmar | |
2024-05-17 | Merge pull request #3466 from sever-sever/T6350 | Daniil Baturin | |
T6350: CGNAT add op-mode to show allocation | |||
2024-05-17 | Merge pull request #3464 from sever-sever/T6351 | Daniil Baturin | |
T6351: CGNAT add verification if the pool exists | |||
2024-05-17 | op mode: T6348: SNAT op-mode fails with flowtable offload entries | Nataliia Solomko | |
2024-05-17 | Merge pull request #3463 from sever-sever/T6347 | Christian Breunig | |
T6347: CGNAT fix error if pool contain dashes in the name | |||
2024-05-16 | T6350: CGNAT add op-mode to show allocation | Viacheslav Hletenko | |
Add op-mode command `show nat cgnat allocation` to get CGNAT allocations (internal address, external address, port-range) | |||
2024-05-16 | Merge pull request #3458 from l0crian1/T6335-add-evpn-op | Christian Breunig | |
T6335: Add/Update EVPN op commands | |||
2024-05-16 | T6351: CGNAT add verification if the pool exists | Viacheslav Hletenko | |
Add verification if the external/internal pools are exists before we can use them in the source and translation rules | |||
2024-05-16 | T6347: CGNAT fix error if pool contain dashes in the name | Viacheslav Hletenko | |
2024-05-16 | T6335: Add/Update EVPN op commands | l0crian1 | |
Converted completion helpers from python to bash for performance Previous commit: Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac | |||
2024-05-15 | T6335: Add/Update EVPN op commands | l0crian1 | |
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac | |||
2024-05-15 | T3900: add support for raw table in firewall. | Nicolas Fort | |
2024-05-15 | op mode: T6339: display build flavor and comment in "show version" | Daniil Baturin | |