Age | Commit message (Collapse) | Author |
|
The Git commit ID will be crucial for the future when the full VyOS
build can be reproduced by the one Git commit ID, thus start recording it in
the version file.
(cherry picked from commit a8b5fae5581c03c5037c5fdc840be3e5bf984484)
|
|
|
|
(cherry picked from commit d46523b92a2e5959da66973343092c819fea6285)
|
|
(cherry picked from commit 31ad6b67e3bc22bc340ba5b4f95cf3dd548e31b9)
|
|
* clamp MSS IPv4
set firewall options interface pppoe0 adjust-mss '1452'
* clamp MSS IPv6
set firewall options interface pppoe0 adjust-mss6 '1452'
* disable entire rule
set firewall options interface pppoe0 disable
Output
------
$ sudo iptables-save -t mangle
# Generated by iptables-save v1.4.21 on Sun Apr 21 12:56:25 2019
*mangle
:PREROUTING ACCEPT [1217:439885]
:INPUT ACCEPT [290:52459]
:FORWARD ACCEPT [920:375774]
:OUTPUT ACCEPT [301:100053]
:POSTROUTING ACCEPT [1221:475827]
:VYOS_FW_OPTIONS - [0:0]
-A FORWARD -j VYOS_FW_OPTIONS
-A VYOS_FW_OPTIONS -o pppoe0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
COMMIT
Completed on Sun Apr 21 12:56:25 2019
|
|
(cherry picked from commit f8b7e3b2b20d143643bfac72db68943dfc9046f1)
|
|
|
|
Required for the "run show vpn ipsec sa" script.
|
|
WPAD url could be configured by CLI but the generated config was not
understood by ISC dhcp - caused by infalid if {} statement resulting in
a missing option wpad-url block.
(cherry picked from commit bfa9d55e9f1c3a091cff2fc214f2587d9b049cdb)
|
|
Same cause as with commit c6988bb4110541478dad74d0b892fd4643ed530a
(cherry picked from commit 40c342f3a84a75acc9f41c83cb735e966da7c47e)
|
|
Add support for relaying a DHCPv6 packet to multiple servers on one upstream
interface.
(cherry picked from commit d5b113923aaa776f89749c820d6283b593e80c3a)
|
|
When generation the configuration for multiple upstream interfaces a whitespace
was missing in the generated configuration:
OPTIONS="-6 -l 2001:db8::ffff%eth1 -u 2001:db8:1:ffff%eth2-u 2001:db8:2:ffff%eth3"
^---
This caused an error when starting up the DHCPv6 relay service
(cherry picked from commit c6988bb4110541478dad74d0b892fd4643ed530a)
|
|
parameter in /etc/resolv.conf"
This reverts commit 1a384ed21f1777faaef653f9d1e3d9c05542fdc8.
|
|
This reverts commit 361a4419e0042369fae7eddf67f06a658372db93.
|
|
/etc/resolv.conf
|
|
- native debian packages
|
|
using fully-qualified domain name
|
|
|
|
(cherry picked from commit 0fefe3c3b9250ad2ba841287a94036119728c708)
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcp server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 123, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 60, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpd.leases'
(cherry picked from commit ed620ef7e8ba741e165698c558b110a31cc35dfd)
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcpv6 server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 77, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 46, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpdv6.leases'
(cherry picked from commit a6700c7d3b75854c3b213b65951a51464cd073be)
|
|
|
|
disable' to disable single peers
Conflicts:
debian/changelog
|
|
|
|
Conflicts:
debian/changelog
|
|
- keypair can now be generated and used from the running iso to create wg tunnels on the fly
Conflicts:
debian/changelog
|
|
|
|
in unicast mode (patch by Johan Fredin).
|
|
(cherry picked from commit f0084de554d71d0f011c7fd2c6009f1864bd9d77)
|
|
(cherry picked from commit 583975299c625d6049be6561d70e4cadc9976242)
|
|
(cherry picked from commit fbfe43b5ae7692e6ee6ce6d5517efdb2cdf8f022)
|
|
(cherry picked from commit 3a1e484c69c883af03f355f0349ef218212207e1)
|
|
tftp-hpa which is the TFTP daemon used by VyOS does not support
listening on multiple IP adresses. With this limitation we will start
one TFTP daemon instance per configured listen-address via systemd.
(cherry picked from commit 735a24d58ddf55294241ce8160471fe9be062498)
|
|
(cherry picked from commit 944a665cfc19cca1af9d46a70fb31ba1f4893d68)
|
|
Not sure it's a normal case scenario, the one highlighted in T1256.
To managed it I changed the "if" logic.
|
|
When deleting or changing "service dns dynamic" the cache file of ddclient
is not removed, leading to abandoned host names which might be already gone.
(cherry picked from commit ec604ef88e2845bcd75070f6dff325ccc50873aa)
|
|
(cherry picked from commit ad011db299196a2e5defa7d8030be149d71d53ee)
|
|
|
|
(cherry picked from commit 31b1b2cb8873f62f8054c87953cd8bd59b59add1)
|
|
(cherry picked from commit cc3f6088783373bd56cd821599bdc12ba123125b)
|
|
WHen building up the SNMP v2 community ro/rw access all hosts from
a INET version could access even when the community was locked to one
INET family.
Example #1:
set service snmp community bar network 172.16.0.0/12
Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from
IPv6 ::/0.
Example #2:
set service snmp community baz network 2001:db8::/64
Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0
(cherry picked from commit cc07c4727bdffb4c220ce28ab9f697b01fe4afb7)
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit 632893abf5c7bf935d866462a107ed1eef1747b3.
|
|
This reverts commit 0d80b06ccd33fc2a0001b8641ce45070f0e8726d.
|
|
|
|
|