summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2019-08-31[l2tp ipsec] T1605: Changed ipsec marking only for inbound policy, all ↵DmitriyEshenko
functionality must saved
2019-08-30Python/ifconfig: rename interfaceconfig.py -> ifconfig.pyChristian Poessinger
2019-08-28bridge: T1615: add missing support for DHCP/DHCPv6 interface addressChristian Poessinger
This feature is not well supported by pyroute2 and thus uses the proof-of-concept vyos.interfaceconfig library. Maybe it's a better idea to write our own library from scratch.
2019-08-27openvpn: T1617: bugfix for server push-routeChristian Poessinger
2019-08-27Merge branch 't1614-bonding' into currentChristian Poessinger
* t1614-bonding: Python/VyOS validate: add is_ip() to check for IPv4 or IPv4 address bridge: T1556: remove unused function freeze() list-interfaces: T1614: support listing interfaces which can be bonded
2019-08-27[service https] T1443: Correct the use of listen/server_name directivesJohn Estabrook
2019-08-27bridge: T1556: remove unused function freeze()Christian Poessinger
2019-08-27dummy: T1580: migrate implementation to pyroute2Christian Poessinger
2019-08-26Merge pull request #118 from c-po/pyroute2Christian Poessinger
loopback: T1601: migrate to pyroute2
2019-08-26loopback: T1601: migrate to pyroute2Christian Poessinger
2019-08-26bridge: T1556: fix commentChristian Poessinger
2019-08-26Merge pull request #117 from c-po/pyroute2Christian Poessinger
bridge: T1556: migrate to pyroute2
2019-08-26bridge: T1556: migrate interface configuration to pyroute2Christian Poessinger
Tested with: set interfaces bridge br0 address '192.0.2.1/24' set interfaces bridge br0 aging '500' set interfaces bridge br0 disable-link-detect set interfaces bridge br0 forwarding-delay '11' set interfaces bridge br0 hello-time '5' set interfaces bridge br0 igmp querier set interfaces bridge br0 max-age '11' set interfaces bridge br0 member interface eth1 cost '1000' set interfaces bridge br0 member interface eth1 priority '4' set interfaces bridge br0 member interface eth2 cost '1001' set interfaces bridge br0 member interface eth2 priority '56'
2019-08-26T1598: make dns_forwarding.py retrieve name servers from vyos-hostsd.Daniil Baturin
2019-08-26bridge: T1608: deny adding non existing interfaces to bridge configChristian Poessinger
2019-08-26bridge: T1556: reword exception error when beeing member of multiple bridgesChristian Poessinger
2019-08-23[dummy] T1609 migrate to vyos.interfaceconfig, adding check ip-cidr, adding ↵DmitriyEshenko
vyos.interfaceconfig common ipv4/ipv6 functions
2019-08-23[dummy] T1609 Fixing dummy interface stateDmitriyEshenko
2019-08-21dummy: T1580: remove superfluous if statementsChristian Poessinger
2019-08-21bridge: T1556: remove superfluous if statementsChristian Poessinger
2019-08-21loopback: T1601: rewrite using XML/Python definitionsChristian Poessinger
2019-08-21T1598: redo host_name.py to use vyos-hostsd.Daniil Baturin
2019-08-20powerdns: T1595: remove 'listen-on' CLI optionChristian Poessinger
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-08-19dummy: T1580: rewrite in new style XML/PythonChristian Poessinger
2019-08-19openvpn: T1548: remove authy 2fa providerChristian Poessinger
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device.
2019-08-18openvpn: T1548: support creating L2 bridgesChristian Poessinger
2019-08-17openvpn: T1548: fix generated topology statement for 'server point-to-point'Christian Poessinger
2019-08-17openvpn: T1548: don't generate config if instance is disabledChristian Poessinger
2019-08-17openvpn: T1548: fix generated client subnet mask for topology 'server'Christian Poessinger
2019-08-17openvpn: T1548: widen generated folder permission to 755Christian Poessinger
2019-08-17openvpn: T1548: add description to generated config fileChristian Poessinger
2019-08-17openvpn: T1548: fix enable/disable of entire interfaceChristian Poessinger
2019-08-17Merge pull request #107 from c-po/t1548-openvpnChristian Poessinger
T1548 openvpn
2019-08-17openvpn: T1548: remove debug outputChristian Poessinger
2019-08-17Merge pull request #102 from zdc/T1531Christian Poessinger
[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way)
2019-08-17openvpn: T1548: fix file ownership of client configuration fileChristian Poessinger
2019-08-16openvpn: T1548: initial rewrite with XML and PythonChristian Poessinger
2019-08-14[bfd] T1183: Added validations and fixing bugs in BFD:zsdc
* added validations for "source address IP" and "bfd peer IP" * added check for configuring multihop together with an interface name * fixed "show protocols bfd peer X" for peers with custom options
2019-08-14[service https] T1443: add self-signed TLS certificateJohn Estabrook
2019-08-14[service https] T1443: move https and api default data to vyos.defaultsJohn Estabrook
2019-08-13[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way)zsdc
This change makes "dnsdomainname" and "hostname -f" operable
2019-08-09[bfd] T1183: Added some new functionality and fixed bugs in BFD:zsdc
* added option "echo-mode" and "echo-interval" for BFD peers * added configuration check for usage "multihop" and "echo-mode" * added configuration check for denying deletion BFD peers, which are used in BGP configuration * fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.) * deleted wrong skipping of configuration check for "shutdown" BFD peers
2019-08-07[l2tp] T1566 ipv6 implementationDmitriyEshenko
2019-08-07[service https] T1443: reset defaults on 'delete service https api'John Estabrook
2019-08-07[bridge] T1156: rename 'br_name' to 'intf' for indexing python dictionary ↵Christian Poessinger
interface name
2019-08-05[bridge] T1156: support adding interface addressesChristian Poessinger
2019-08-04[bridge] T1156: remove helper script bridge_has_members.pyChristian Poessinger
Bridge member interface is now handled completely inside the bridge node and no longer spread accross different interface definitions.
2019-08-04[bridge] T1156: rename igmp-snooping node to igmpChristian Poessinger
2019-08-03[bridge] T1156: interfaces can be assigned to any one bridge onlyChristian Poessinger