Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-03-31 | Merge branch 'vyos:current' into ocserv_local_otp | goodNETnick | |
2022-03-28 | Revert "openvpn: T4230: globally enable ip_nonlocal_bind" | Daniil Baturin | |
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c. | |||
2022-03-27 | graphql: T3993: add unsettable gql option; this is not exposed by CLI | John Estabrook | |
2022-03-26 | bgp: T4321: check neighbor IP addresses against VRF context | Christian Poessinger | |
2022-03-25 | mpls: T915: use vyos.util.sysctl_write() helper function | Christian Poessinger | |
2022-03-25 | vyos.util: T4319: rename sysctl() -> sysctl_write() | Christian Poessinger | |
2022-03-25 | system: T4319: align ipv6 settings with ipv4 by using get_config_dict() | Christian Poessinger | |
2022-03-24 | ipsec: T4288: drop leading empty line to detect runtime environment | Christian Poessinger | |
2022-03-24 | Merge pull request #1251 from srividya0208/T4288a | Christian Poessinger | |
ike-group: T4288 : close-action is missing in swanctl.conf | |||
2022-03-24 | Merge pull request #1248 from sever-sever/T4290 | Christian Poessinger | |
bgp: T4290: Add verify source-interface for none ip neighbor | |||
2022-03-24 | openvpn: T4294: force service restart on openvpn-option node change | Christian Poessinger | |
2022-03-24 | ike-group: T4288 : close-action is missing in swanctl.conf | srividya0208 | |
close-action parameter is missing in the swanctl.conf file | |||
2022-03-23 | bgp: T4314: add missing check to migration script | John Estabrook | |
2022-03-22 | Merge pull request #1252 from dmbaturin/T4313 | Christian Poessinger | |
T4313: handle exceptions in the "generate public-key-command" script | |||
2022-03-22 | T4313: handle exceptions in the "generate public-key-command" script | Daniil Baturin | |
2022-03-21 | qos: T4284: initial XML interface definitions for rewrite | Christian Poessinger | |
2022-03-21 | mirror: T3089: add verify_mirror() also for bond and bridge interfaces | Christian Poessinger | |
2022-03-18 | OSPF : T4304: add check access-list is defined | fett0 | |
2022-03-16 | ocserv: T4231: Added OTP support for Openconnect 2FA | goodNETnick | |
2022-03-15 | bonding: T4301: Fixed arp-monitor option | zsdc | |
In verify function for arp-monitor option was used by mistake an extra conversion for incoming data before comparing items. This commit removed these unnecessary conversions and makes the option operable. | |||
2022-03-14 | Merge pull request #1247 from nicolas-fort/T4286 | Christian Poessinger | |
Firewall: T4286: Correct ipv6-range validator | |||
2022-03-13 | bgp: T4290: Add verify source-interface for none ip neighbor | Viacheslav Hletenko | |
When we use neighbor as interface we must not use option 'source-interface' for example: neighbor eth0 source-interface eth0 Such option can be used for IP/IPv6 neighbors | |||
2022-03-12 | Firewall: T4286: Correct ipv6-range validator | Nicolas Fort | |
2022-03-10 | Revert "component_version: T4291: consolidate read/write functions" | John Estabrook | |
This reverts commit 534f677d36285863decb2cdff179687b4fd690cb. Revert while investigating failure in vyos-configtest. | |||
2022-03-10 | Revert "save-config: T4292: rewrite vyatta-save-config.pl to Python" | John Estabrook | |
This reverts commit c4d389488970c8510200cac96a67182e9333b891. Revert while investigating failure in vyos-configtest. | |||
2022-03-10 | Revert "load-config: T4295: use config_tree instead of legacy loadFile" | John Estabrook | |
This reverts commit 2a4b45ba7fa4dabf7e592f499cfb06a7ae38cdea. Revert while investigating failure in vyos-configtest. | |||
2022-03-09 | load-config: T4295: use config_tree instead of legacy loadFile | John Estabrook | |
2022-03-08 | save-config: T4292: rewrite vyatta-save-config.pl to Python | John Estabrook | |
2022-03-08 | component_version: T4291: consolidate read/write functions | John Estabrook | |
2022-03-07 | logrotate: T4250: Fixed logrotate config generation | zsdc | |
* Removed `/var/log/auth.log` and `/var/log/messages` from `/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled items what leads to service error. * Removed generation config file for `/var/log/messages` from `system-syslog.py` - this should be done from `syslom logs` now. * Generate each logfile from `system syslog file` to a dedicated logrotate config file. * Fixed logrotate config file names in `/etc/rsyslog.d/vyos-rsyslog.conf`. * Added default logrotate settins for `/var/log/messages` | |||
2022-03-05 | conntrackd: T4259: fix daemon configuration path | Christian Poessinger | |
2022-03-05 | conntrackd: T4259: prevent startup of multiple daemon instances | Christian Poessinger | |
2022-03-04 | op-mode: lldp: T3999: bugfix cap' referenced before assignment | Christian Poessinger | |
2022-03-03 | static: T4283: support "reject" routes - emit an ICMP unreachable when matched | Christian Poessinger | |
2022-03-01 | flow-accounting: T4277: support sending flow-data via VRF interface | Christian Poessinger | |
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name> | |||
2022-02-28 | ssh: T4273: bugfix cipher and key-exchange multi nodes | Christian Poessinger | |
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility | |||
2022-02-26 | lldp: T4272: migrate to get_config_dict() | Christian Poessinger | |
2022-02-25 | zone-policy: T2199: bugfix defaultValue usage | Christian Poessinger | |
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands. | |||
2022-02-23 | tunnel: T4267: "parameters ip key" on GRE not required for different remotes | Christian Poessinger | |
2022-02-22 | vxlan: T4264: interface is destroyed and rebuild on description change | Christian Poessinger | |
When changing "general" parameters like: - interface IP address - MTU - description the interface is destroyed and recreated ... this should not happen! | |||
2022-02-21 | Merge pull request #1233 from dmbaturin/structured-op-mode | John Estabrook | |
T2719: initial batch of standardized structure op mode scripts | |||
2022-02-21 | Merge pull request #1232 from srividya0208/T4115 | John Estabrook | |
T4115:Reboot:Options "in" and "at" are not working as expected | |||
2022-02-21 | vxlan: T4120: code cleanup for multiple remotes | Christian Poessinger | |
2022-02-21 | T2719: initial batch of standardized structure op mode scripts | Daniil Baturin | |
2022-02-20 | bridge: remove unreferenced import -> leaf_node_changed | Christian Poessinger | |
2022-02-20 | vxlan: T4120: add ability to set multiple remotes (PR #1127) | Andreas | |
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command. | |||
2022-02-20 | T4115:Reboot:Options "in" and "at" are not working | srividya0208 | |
When reboot is executed with "in" option it only accepts minutes till 99 value and does not accept greater values and "at" is also working same like in option where as it should work with exact timings. | |||
2022-02-19 | containers: T4249: Allow to connect host device to the container | Viacheslav Hletenko | |
Ability to attach host devices to the container It can be disk, USB device or any device from the directory /dev set container name alp01 device disk source '/dev/vdb1' set container name alp01 device disk destination '/dev/mydisk' | |||
2022-02-17 | pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵ | Andrew Gunnerson | |
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com> | |||
2022-02-17 | openvpn: T4230: globally enable ip_nonlocal_bind | Christian Poessinger | |