summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-12-31T1108: warn the user and exit if there are no established IPsec SAs.Daniil Baturin
2018-12-17Merge pull request #62 from daniel-pro/T1104Daniil Baturin
T1104 : "show vpn ipsec sa" crashes
2018-12-16Update show_ipsec_sa.pydaniel-pro
2018-12-16Revert "T1087: Firewall on Wireguard Interface implementation"Daniil Baturin
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9. It's not how it's done, those templates are generated by a script in vyatta-cfg-firewall. If we are planning a firewall overhaul in 1.3.x, there's no reason to transplant the old approach to new code.
2018-12-11T1087: Firewall on Wireguard Interface implementationhagbard
2018-12-09T1091: extend DNS forwarding/DNSSEC completion help textChristian Poessinger
2018-12-09T1091: add DNS forwarding completion helpers for DNSSECChristian Poessinger
2018-12-07T1060: build fix for wrong config-version numberChristian Poessinger
Commit 9d35610c173 ("T1060: add missing version file for webproxy") assumed that there is a webproxy config version of 0 but we already have 1. This lead to duplicate files detected by apt.
2018-12-07Merge pull request #61 from dsteinkopf/currentChristian Poessinger
T1060: Add webproxy migration script (proxy-bypass -> whitelist).
2018-12-03T956: display SA traffic counters in human-redable units.Daniil Baturin
2018-12-03T956: correct IKE proposal string parsing for SAs with non-zero counters.Daniil Baturin
2018-12-02T1060: Add webproxy migration script (proxy-bypass -> whitelist).Dirk Steinkopf
2018-11-30Fixes: T1061: Wireguard: Missing option to administrativly shutdown interfacehagbard
2018-11-29T1001: escape backslashes in the input in the commands pipe as well.Daniil Baturin
2018-11-29Merge pull request #60 from arnehaak/currentDaniil Baturin
T1001: Bugfix: Handle backslashes in values with "show configuration commands"
2018-11-29T1001: Bugfix: Handle backslashes in values with "show configuration commands"arnehaak
This script is usually called with the output of "cli-shell-api showCfg", which does not escape backslashes. "ConfigTree()" expects escaped backslashes when parsing a config string (and also prints them itself). Therefore this script would fail. Manually escape backslashes here to handle backslashes in any configuration strings properly. The alternative would be to modify the output of "cli-shell-api showCfg", but that may be break other things who rely on that specific output. This fixes https://phabricator.vyos.net/T1001
2018-11-26T835: improve help text for PPPoE CLI.Daniil Baturin
2018-11-23T835: adding description to ppp-optionshagbard
2018-11-23New verse for "run show version funny".Daniil Baturin
2018-11-22T989: IPoE implementationhagbard
- adding vyos-accel-ppp-ipoe-kmod to dependencies
2018-11-22T835: accel-ppp: pppoe implementationhagbard
- verify if an auth mode is set and if its local checking that a user and password for chap-secrets exists.
2018-11-21T835: syslog debug message removed (to verbose)hagbard
2018-11-19T835: migration script for radius' secret vs. key, rolled back thehagbard
change to 'mode local|radius'
2018-11-19T835: add missing call to write_chap_secrets() to generate()Daniil Baturin
2018-11-19Move packages that vyos-1x depends on to vyos-1x from vyos-world.Daniil Baturin
2018-11-18Merge branch 'current' of https://github.com/vyos/vyos-1x into currentDaniil Baturin
2018-11-18T956: add a new script for displaying IPsec SAs.Daniil Baturin
2018-11-18T835: adding default pado delay and mode autocompletehagbard
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
2018-11-17Rename show-igmpproxy.py -> show_igmpproxy.pyChristian Poessinger
2018-11-17T1016: fix IPv4/IPv6 dhcp relay restart commandChristian Poessinger
Current implementation referred to a no longer existing Perl script to restart the IPv4 and IPv6 instance of dhcrelay. > restart dhcp relay-agent > restart dhcpv6 relay-agent
2018-11-17Lint fixup of opmode XML indentionChristian Poessinger
2018-11-14Bugfix: T835 - verify radius server settingshagbard
2018-11-14Fixes: T940 adding immark to syslog optionshagbard
2018-11-14T835: accel-ppp pppoe implemetaionhagbard
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs - snmp subagent and master mode - connlimits configurable - more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.) - radius extended options (for HA etc.)
2018-11-12migration/l2tp: fix file commentChristian Poessinger
2018-11-12T987: Unclutter PPTP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn pptp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } } }
2018-11-11T998: "service dns dynamic" does now honor the "use-web" statementChristian Poessinger
This bug was present since the old Vyatta days as the use-web statement was only put into action when also "use-web skip" was defined. The service https://ipinfo.io/ip does not place any crap in front of the IP address so the skip statement was not used and made no sense.
2018-11-11T987: Unclutter L2TP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } radius-source-address 172.16.254.100 } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } source-address 172.16.254.100 } }
2018-11-09T835: pppoe-server adding radius server back inhagbard
2018-11-09T835: accel-ppp pppoe implementationhagbard
2018-11-09Merge pull request #58 from gsadams/currentChristian Poessinger
T978: Support PowerDNS Recursor outbound queries over IPv6.
2018-11-08T978: Support PowerDNS Recursor outbound queries over IPv6.Geoff Adams
This requires adding a query-local-address6 setting to enable outbound IPv6 queries in general, and also formatting upstream nameserver IPv6 addresses in such a way that Recursor can parse them.
2018-11-08Merge pull request #57 from thinkl33t/T976-fix-update-hostfilehagbard-01
Fixes T976: dhcp - move commit hook into shared-network
2018-11-08dhcp - move commit hook into shared-networkBob
Move the on commit in a generated dhcpd.conf into the shared-network to fix hostfile-update not working.
2018-11-08Merge pull request #56 from bswinnerton/fix-regex-for-wg-interface-descriptionshagbard-01
Fixes T979: Allow spaces in wireguard interface description
2018-11-08cleanup: move files from vyos-build repo to vyos-1x where they are requiredChristian Poessinger
2018-11-08T974: bugfix dns forwarder not listening on IPv6 addressesChristian Poessinger
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable by everyone. This only covered the IPv4 address space and any IPv6 related query was not handled by the server.
2018-11-07Add back trailing whitespace for smaller diffBrooks Swinnerton
2018-11-07T979: Allow spaces in wireguard interface descrsBrooks Swinnerton
Previous to this commit, setting a Wireguard interface description would result in a validation error similar to the following: ``` brooks@border# set interfaces wireguard wg0 description "Tunnel" [edit] brooks@border# set interfaces wireguard wg0 description "Tunnel tunnel tunnel" interface description is too long (limit 100 characters) Value validation failed Set failed [edit] ``` This commit makes the regex less restrictive up to 100 characters.