Age | Commit message (Collapse) | Author |
|
vyos.interfaceconfig common ipv4/ipv6 functions
|
|
|
|
|
|
|
|
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default
allows access only from RFC 1918 private IP addresses. Due to the aggressive
nature of the internet these days, it is highly recommended to not open up the
recursor for the entire internet. Questions from IP addresses not listed here
are ignored and do not get an answer.
https://docs.powerdns.com/recursor/settings.html#allow-from
Imagine an ISP network with non RFC1918 IP adresses - they can't make
use of PowerDNS recursor.
As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open
resolver. If there is no allow-from statement a config-migrator will add
the appropriate nodes to the configuration, resulting in:
service {
dns {
forwarding {
allow-from 0.0.0.0/0
allow-from ::/0
cache-size 0
ignore-hosts-file
listen-address 192.0.2.1
}
}
}
|
|
|
|
According to https://github.com/twilio/authy-openvpn commit 3e5dc73:
> This plugin is no longer actively maintained. If you're interested in
becoming a maintainer, we welcome forks of this project.
In addition this plugin was always missing in the current branch ov VyOS and
did not make it into VyOS 1.2 (crux)
If 2FA for OpenVPN is required we should probably opt for Google Authenticator
or if possible a U2F device.
|
|
member interfaces are configured
|
|
|
|
T1548 openvpn
|
|
|
|
* added validations for "source address IP" and "bfd peer IP"
* added check for configuring multihop together with an interface name
* fixed "show protocols bfd peer X" for peers with custom options
|
|
|
|
* added option "echo-mode" and "echo-interval" for BFD peers
* added configuration check for usage "multihop" and "echo-mode"
* added configuration check for denying deletion BFD peers, which are used in BGP configuration
* fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.)
* deleted wrong skipping of configuration check for "shutdown" BFD peers
|
|
|
|
|
|
|
|
dhcpv6)
|
|
|
|
|
|
|
|
This is the new syntax
bridge br0 {
member {
interface eth0 {
cost 10
}
interface eth1 {
cost 11
}
}
}
|
|
|
|
|
|
|
|
ccp.
|
|
[SSTP] - T853: accel-ppp: SSTP implementation
|
|
|
|
|
|
- node.def deletion for show remote-access
- IPSec interface checking for L2TP
- IPSec x509 for l2tp
- verification of outside-address to warning since it was optional in the previous config
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- T1435: dhcp-server: make ip-address optional in static-mapping
- remove [REQUIRED] from dhcpv6-server static-mapping identifier and ipv6-address
- verify if static-mapping ipv6-address is in subnet
- make help and error messages in conf-mode more descriptive
- remove regex ^$ anchors (implied in re.fullmatch)
|
|
|
|
|
|
|
|
* fixed minor issues
* fixed lower function for mac addresses if user capitalized it (local mode only)
* added some checks to verify()
* cli ip-address checks on input
|
|
* chap-secrets file generation
* noauth in accel config as option
* local auth with csid implemented
* radius implementation
* shaper per user implemented
* op comands for stats
|
|
|
|
vyos@vyos# show protocols
bfd {
peer 1.1.1.1 {
interval {
receive 400
transmit 300
}
}
}
|
|
Configures the detection multiplier to determine packet loss. The remote
transmission interval will be multiplied by this value to determine the
connection loss detection timer. The default value is 3.
Example: when the local system has detect-multiplier 3 and the remote
system has transmission interval 300, the local system will detect
failures only after 900 milliseconds without receiving packets.
|
|
Place address/interface under new source node.
vyis@vyos# show protocols bfd
peer 1.1.1.1 {
source {
address 1.2.3.4
interface eth0.201
}
}
|
|
multihop tells the BFD daemon that we should expect packets with TTL less than
254 (because it will take more than one hop) and to listen on the multihop port
(4784). When using multi-hop mode echo-mode will not work (see RFC 5883 section 3).
|
|
vyos@vyos# show protocols bfd
peer 172.18.202.10 {
local-address 172.18.201.10
local-interface eth0.201
shutdown
}
peer 172.18.202.12 {
shutdown
}
|
|
- added a validator for checking if the address is any cidr noted address
|
|
|