summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2019-08-20powerdns: T1595: remove 'listen-on' CLI optionChristian Poessinger
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-08-19dummy: T1580: rewrite in new style XML/PythonChristian Poessinger
2019-08-19openvpn: T1548: remove authy 2fa providerChristian Poessinger
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device.
2019-08-18openvpn: T1548: support creating L2 bridgesChristian Poessinger
2019-08-17openvpn: T1548: fix generated topology statement for 'server point-to-point'Christian Poessinger
2019-08-17openvpn: T1548: don't generate config if instance is disabledChristian Poessinger
2019-08-17openvpn: T1548: fix generated client subnet mask for topology 'server'Christian Poessinger
2019-08-17openvpn: T1548: widen generated folder permission to 755Christian Poessinger
2019-08-17openvpn: T1548: add description to generated config fileChristian Poessinger
2019-08-17openvpn: T1548: fix enable/disable of entire interfaceChristian Poessinger
2019-08-17Merge pull request #107 from c-po/t1548-openvpnChristian Poessinger
T1548 openvpn
2019-08-17openvpn: T1548: remove debug outputChristian Poessinger
2019-08-17Merge pull request #102 from zdc/T1531Christian Poessinger
[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way)
2019-08-17openvpn: T1548: fix file ownership of client configuration fileChristian Poessinger
2019-08-16openvpn: T1548: initial rewrite with XML and PythonChristian Poessinger
2019-08-14[bfd] T1183: Added validations and fixing bugs in BFD:zsdc
* added validations for "source address IP" and "bfd peer IP" * added check for configuring multihop together with an interface name * fixed "show protocols bfd peer X" for peers with custom options
2019-08-14[service https] T1443: add self-signed TLS certificateJohn Estabrook
2019-08-14[service https] T1443: move https and api default data to vyos.defaultsJohn Estabrook
2019-08-13[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way)zsdc
This change makes "dnsdomainname" and "hostname -f" operable
2019-08-09[bfd] T1183: Added some new functionality and fixed bugs in BFD:zsdc
* added option "echo-mode" and "echo-interval" for BFD peers * added configuration check for usage "multihop" and "echo-mode" * added configuration check for denying deletion BFD peers, which are used in BGP configuration * fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.) * deleted wrong skipping of configuration check for "shutdown" BFD peers
2019-08-07[l2tp] T1566 ipv6 implementationDmitriyEshenko
2019-08-07[service https] T1443: reset defaults on 'delete service https api'John Estabrook
2019-08-07[bridge] T1156: rename 'br_name' to 'intf' for indexing python dictionary ↵Christian Poessinger
interface name
2019-08-05[bridge] T1156: support adding interface addressesChristian Poessinger
2019-08-04[bridge] T1156: remove helper script bridge_has_members.pyChristian Poessinger
Bridge member interface is now handled completely inside the bridge node and no longer spread accross different interface definitions.
2019-08-04[bridge] T1156: rename igmp-snooping node to igmpChristian Poessinger
2019-08-03[bridge] T1156: interfaces can be assigned to any one bridge onlyChristian Poessinger
2019-08-03[bridge] T1156: support adding and removing bridge member interfacesChristian Poessinger
This is the new syntax bridge br0 { member { interface eth0 { cost 10 } interface eth1 { cost 11 } } }
2019-08-02[bridge] T1156: first working implementation using Python and XMLChristian Poessinger
2019-08-02WireGuard: rename wireguard.py -> interface-wireguard.pyChristian Poessinger
2019-07-31T1555 Implementation shared-secret for LNS. Implementation command disabling ↵DmitriyEshenko
ccp.
2019-07-30Merge pull request #94 from hagbard-01/sstphagbard-01
[SSTP] - T853: accel-ppp: SSTP implementation
2019-07-30[SSTP] - T853: accel-ppp: SSTP implementationhagbard
2019-07-26T1546 fix syntax l2tp radius source-address and migrate other radius optionsDmitriyEshenko
2019-07-25T1541 Fix: adding additional checkEshenko Dmitriy
2019-07-25[accel-l2tp] - T834: l2tp implementationhagbard
- node.def deletion for show remote-access - IPSec interface checking for L2TP - IPSec x509 for l2tp - verification of outside-address to warning since it was optional in the previous config
2019-07-19[VRRP] T1362: quote VRRP password strings to avoid config parse errors.Daniil Baturin
2019-07-19[DHCPv6 server] T1440: add subnet uniqueness check to DHCPv6.Daniil Baturin
2019-07-18T1440: in IPv4 DHCP, print the subnet rather than a dict dumpDaniil Baturin
when a non-unique subnet is found.
2019-07-16T1531: do not include the domain name in system hostname.Daniil Baturin
2019-07-16[syslog] T1530 - "set system syslog global archive file" doesn't workhagbard
2019-07-15[T1299] - SNMP extension with custom scriptshagbard
2019-07-15Fix typo pppoe-server to pptp-serverEshenko Dmitriy
2019-07-14[dns-forwarding] T1333: handle domain forward and general recursion in one ↵Christian Poessinger
configuration line In the past we used the PowerDNS cofniguration option forward-zones and forward-zones-recurse, but only the latter one sets the recursion bit in the DNS query. Thus all recursions have been moved to this config statement.
2019-07-14Fix bind param if outside-address not presentEshenko Dmitriy
If in config exist `bind=` without value, accel-ppp listen wrong ip address 255.255.255.255:1723. If need default behavior with listening on 0.0.0.0:1723 we don't set empty bind option.
2019-07-12Do not try to verify the hostname config if the script is run by cloud-init.Daniil Baturin
2019-07-09[wireguard] - T1516: changing committed config causes errorhagbard
2019-07-09T1497: remove duplicate name servers and search domains obtained from DHCP.Daniil Baturin
2019-07-08[IPoE] - T1510: vlan-mon option implementationhagbard