Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-11-01 | Merge pull request #1632 from dmbaturin/vrrp-commit-in-progress | Viacheslav Hletenko | |
T4526: use informative error messages for keepalived-fifo with commit in progress | |||
2022-10-31 | ipsec: T4787: add support for road-warrior/remote-access RADIUS timeout | Christian Poessinger | |
This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor. | |||
2022-10-31 | T4526: use informative error messages for keepalived-fifo with commit in ↵ | Daniil Baturin | |
progress | |||
2022-10-29 | Merge pull request #1621 from sarthurdev/T4774 | Christian Poessinger | |
wireguard: T4774: Prevent duplicate peer public keys | |||
2022-10-29 | Merge pull request #1628 from sarthurdev/T3903 | Christian Poessinger | |
containers: T3903: Use systemd to handle containers | |||
2022-10-29 | containers: T3903: Use systemd units for containers | sarthurdev | |
* ExecStop action with defined timeout allows for quicker reboot/shutdown with containers | |||
2022-10-28 | Merge pull request #1624 from dmbaturin/op-mode-bytes | Viacheslav Hletenko | |
T4779: output raw memory and storage values in bytes | |||
2022-10-28 | T4779: switch raw output of "show system storage" to bytes | Daniil Baturin | |
2022-10-28 | T4291: consolidate component version string read/write functions | John Estabrook | |
2022-10-28 | T4779: use bytes in the raw output of "show system memory" | Daniil Baturin | |
2022-10-28 | wireguard: T4774: Prevent duplicate peer public keys | sarthurdev | |
2022-10-27 | ipsec: T4778: raise UnconfiguredSubsystem if IPsec not initialized | John Estabrook | |
2022-10-27 | Merge pull request #1606 from sever-sever/T4762 | Daniil Baturin | |
T4762: Add check for show nat if nat config does not exist | |||
2022-10-26 | Merge pull request #1618 from sarthurdev/T4764 | Christian Poessinger | |
nat: T4764: Remove NAT tables on node deletion | |||
2022-10-25 | nat: T4706: Verify translation address or port exists | sarthurdev | |
2022-10-25 | nat: T4764: Remove tables on NAT deletion | sarthurdev | |
2022-10-25 | vyos.util: T4773: add camel_to_snake_case conversion | John Estabrook | |
2022-10-25 | graphql: T4574: set byte length of shared secret from CLI | John Estabrook | |
2022-10-25 | graphql: T4574: set token expiration time in claims | John Estabrook | |
2022-10-25 | graphql: T4574: add context to read token in queries/mutations | John Estabrook | |
2022-10-25 | graphql: T4574: read config and generate schema with/without key auth | John Estabrook | |
2022-10-25 | graphql: T4574: add mutation for requesting JWT token | John Estabrook | |
2022-10-25 | graphql: T4574: reorganize directory structure for clarity | John Estabrook | |
2022-10-25 | graphql: T4574: call all schema definition generation on init | John Estabrook | |
2022-10-24 | route: T4772: return list of dicts in 'raw' output | John Estabrook | |
2022-10-23 | T4762: Add check for show nat if nat config does not exist | Viacheslav Hletenko | |
Add check for 'show nat xxx' if nat configuration does not exist | |||
2022-10-21 | Merge pull request #1611 from dmbaturin/field-normalization-2 | John Estabrook | |
T4765: support list and primitives in op mode output normalization | |||
2022-10-21 | T4765: support list and primitives in op mode output normalization | create with ansible | |
2022-10-21 | graphql: T4768: change name of api child node from 'gql' to 'graphql' | John Estabrook | |
2022-10-20 | T4765: normalize dict fields in op mode ouputs | Daniil Baturin | |
2022-10-17 | Merge pull request #1600 from jestabro/gql-composite | John Estabrook | |
graphql: T4753: generalize system_status to composite_{query,mutation} | |||
2022-10-16 | graphql: T4753: generalize system_status to composite_{query,mutation} | John Estabrook | |
2022-10-16 | xdp: T4284: migrate to Debian libbpf | Christian Poessinger | |
In order to properly retrieve JSON information in the Smoketests for the new QoS implementation we need a recent (>6.0) version of iproute2. This requires the libbpf-dev package and this small source-code change. | |||
2022-10-14 | Merge pull request #1597 from jestabro/http-api-config-dict | John Estabrook | |
http-api: T4749: transition to config_dict for conf_mode http-api.py | |||
2022-10-14 | Merge pull request #1598 from sever-sever/T4533 | Christian Poessinger | |
T4533: Allow basic permissions to unprivileged RADIUS users | |||
2022-10-14 | login: 2fa: T874: remove unused code path for global 1fa settings | Christian Poessinger | |
2022-10-14 | login: 2fa: T874: fix Google authenticator issues | Christian Poessinger | |
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos' | |||
2022-10-14 | T4533: Allow basic permissions to unprivileged RADIUS users | Viacheslav Hletenko | |
Unprivileged RADIUS users cannot do simple diagnostics like ping or traceroute. Allow them such tools. Ability to execute op-mode commands for them. It is not new 'operator mode' feature but it allows RADIUS users execute op-mode commands | |||
2022-10-14 | http-api: T4749: transition to config_dict | John Estabrook | |
2022-10-14 | T4725: Fix Regex for correctly reset IPsec peers | Viacheslav Hletenko | |
As IPsec site-so-site was rewritten we do not need replace ':' => '-' as ':' can not be in the connection name So connection name can not use IP(v6) address as peer name And current peers/connections not required prefix 'peer_' Fix template that search correctly connection name of the peers that allow to reset them again (reset ipsec peer was broken) | |||
2022-10-13 | monitoring: T4746: Add exception if we do not have firewall rules | Viacheslav Hletenko | |
Telegraf checks the firewall table 'vyos_filter' but it we don't have any firewall in the system we don't have this table by default It cause commit error for "service monitoring" Add exception if the table "vyos_filter" is not found | |||
2022-10-12 | bgp: T4744: Directly connected neighbors and ebgp-multihop check | Viacheslav Hletenko | |
BGP directly connected neighbors (interface neighbors) do not compatible with ebgp-multihop option | |||
2022-10-12 | Merge pull request #1555 from goodNETnick/ssh_otp | Christian Poessinger | |
system login: T874: add 2FA support for local and ssh authentication | |||
2022-10-11 | system login: T874: add 2FA support for local and ssh authentication | goodNETnick | |
2022-10-11 | Merge pull request #1574 from Cheeze-It/current | Christian Poessinger | |
isis: T4739: ISIS segment routing being refactored | |||
2022-10-11 | isis: T4739: ISIS segment routing being refactored | Cheeze_It | |
This is to refactor ISIS segment routing to match up with OSPF segment routing. | |||
2022-10-11 | conntrack: T4740: Set correct error msg if enrties not found | Viacheslav Hletenko | |
Set correct error message if conntrack entries not found If we get XML raw data with len 0 it means there are no entries in the conntrack table | |||
2022-10-10 | Merge pull request #1563 from sever-sever/T4716 | Christian Poessinger | |
ssh: T4716: Ability to configure RekeyLimit data and time | |||
2022-10-10 | ssh: T4716: Ablity to configure RekeyLimit data and time | Viacheslav Hletenko | |
Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60 | |||
2022-10-07 | graphql: T4738: remove templated requests pending rewrite | John Estabrook | |