Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-08-20 | powerdns: T1595: remove 'listen-on' CLI option | Christian Poessinger | |
2019-08-20 | powerdns: T1524: support setting allow-from network | Christian Poessinger | |
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } } | |||
2019-08-19 | dummy: T1580: rewrite in new style XML/Python | Christian Poessinger | |
2019-08-19 | openvpn: T1548: remove authy 2fa provider | Christian Poessinger | |
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device. | |||
2019-08-18 | openvpn: T1548: support creating L2 bridges | Christian Poessinger | |
2019-08-17 | openvpn: T1548: fix generated topology statement for 'server point-to-point' | Christian Poessinger | |
2019-08-17 | openvpn: T1548: don't generate config if instance is disabled | Christian Poessinger | |
2019-08-17 | openvpn: T1548: fix generated client subnet mask for topology 'server' | Christian Poessinger | |
2019-08-17 | openvpn: T1548: widen generated folder permission to 755 | Christian Poessinger | |
2019-08-17 | openvpn: T1548: add description to generated config file | Christian Poessinger | |
2019-08-17 | openvpn: T1548: fix enable/disable of entire interface | Christian Poessinger | |
2019-08-17 | Merge pull request #107 from c-po/t1548-openvpn | Christian Poessinger | |
T1548 openvpn | |||
2019-08-17 | openvpn: T1548: remove debug output | Christian Poessinger | |
2019-08-17 | Merge pull request #102 from zdc/T1531 | Christian Poessinger | |
[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way) | |||
2019-08-17 | openvpn: T1548: fix file ownership of client configuration file | Christian Poessinger | |
2019-08-16 | openvpn: T1548: initial rewrite with XML and Python | Christian Poessinger | |
2019-08-14 | [bfd] T1183: Added validations and fixing bugs in BFD: | zsdc | |
* added validations for "source address IP" and "bfd peer IP" * added check for configuring multihop together with an interface name * fixed "show protocols bfd peer X" for peers with custom options | |||
2019-08-14 | [service https] T1443: add self-signed TLS certificate | John Estabrook | |
2019-08-14 | [service https] T1443: move https and api default data to vyos.defaults | John Estabrook | |
2019-08-13 | [hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way) | zsdc | |
This change makes "dnsdomainname" and "hostname -f" operable | |||
2019-08-09 | [bfd] T1183: Added some new functionality and fixed bugs in BFD: | zsdc | |
* added option "echo-mode" and "echo-interval" for BFD peers * added configuration check for usage "multihop" and "echo-mode" * added configuration check for denying deletion BFD peers, which are used in BGP configuration * fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.) * deleted wrong skipping of configuration check for "shutdown" BFD peers | |||
2019-08-07 | [l2tp] T1566 ipv6 implementation | DmitriyEshenko | |
2019-08-07 | [service https] T1443: reset defaults on 'delete service https api' | John Estabrook | |
2019-08-07 | [bridge] T1156: rename 'br_name' to 'intf' for indexing python dictionary ↵ | Christian Poessinger | |
interface name | |||
2019-08-05 | [bridge] T1156: support adding interface addresses | Christian Poessinger | |
2019-08-04 | [bridge] T1156: remove helper script bridge_has_members.py | Christian Poessinger | |
Bridge member interface is now handled completely inside the bridge node and no longer spread accross different interface definitions. | |||
2019-08-04 | [bridge] T1156: rename igmp-snooping node to igmp | Christian Poessinger | |
2019-08-03 | [bridge] T1156: interfaces can be assigned to any one bridge only | Christian Poessinger | |
2019-08-03 | [bridge] T1156: support adding and removing bridge member interfaces | Christian Poessinger | |
This is the new syntax bridge br0 { member { interface eth0 { cost 10 } interface eth1 { cost 11 } } } | |||
2019-08-02 | [bridge] T1156: first working implementation using Python and XML | Christian Poessinger | |
2019-08-02 | WireGuard: rename wireguard.py -> interface-wireguard.py | Christian Poessinger | |
2019-07-31 | T1555 Implementation shared-secret for LNS. Implementation command disabling ↵ | DmitriyEshenko | |
ccp. | |||
2019-07-30 | Merge pull request #94 from hagbard-01/sstp | hagbard-01 | |
[SSTP] - T853: accel-ppp: SSTP implementation | |||
2019-07-30 | [SSTP] - T853: accel-ppp: SSTP implementation | hagbard | |
2019-07-26 | T1546 fix syntax l2tp radius source-address and migrate other radius options | DmitriyEshenko | |
2019-07-25 | T1541 Fix: adding additional check | Eshenko Dmitriy | |
2019-07-25 | [accel-l2tp] - T834: l2tp implementation | hagbard | |
- node.def deletion for show remote-access - IPSec interface checking for L2TP - IPSec x509 for l2tp - verification of outside-address to warning since it was optional in the previous config | |||
2019-07-19 | [VRRP] T1362: quote VRRP password strings to avoid config parse errors. | Daniil Baturin | |
2019-07-19 | [DHCPv6 server] T1440: add subnet uniqueness check to DHCPv6. | Daniil Baturin | |
2019-07-18 | T1440: in IPv4 DHCP, print the subnet rather than a dict dump | Daniil Baturin | |
when a non-unique subnet is found. | |||
2019-07-16 | T1531: do not include the domain name in system hostname. | Daniil Baturin | |
2019-07-16 | [syslog] T1530 - "set system syslog global archive file" doesn't work | hagbard | |
2019-07-15 | [T1299] - SNMP extension with custom scripts | hagbard | |
2019-07-15 | Fix typo pppoe-server to pptp-server | Eshenko Dmitriy | |
2019-07-14 | [dns-forwarding] T1333: handle domain forward and general recursion in one ↵ | Christian Poessinger | |
configuration line In the past we used the PowerDNS cofniguration option forward-zones and forward-zones-recurse, but only the latter one sets the recursion bit in the DNS query. Thus all recursions have been moved to this config statement. | |||
2019-07-14 | Fix bind param if outside-address not present | Eshenko Dmitriy | |
If in config exist `bind=` without value, accel-ppp listen wrong ip address 255.255.255.255:1723. If need default behavior with listening on 0.0.0.0:1723 we don't set empty bind option. | |||
2019-07-12 | Do not try to verify the hostname config if the script is run by cloud-init. | Daniil Baturin | |
2019-07-09 | [wireguard] - T1516: changing committed config causes error | hagbard | |
2019-07-09 | T1497: remove duplicate name servers and search domains obtained from DHCP. | Daniil Baturin | |
2019-07-08 | [IPoE] - T1510: vlan-mon option implementation | hagbard | |