Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
WHen building up the SNMP v2 community ro/rw access all hosts from
a INET version could access even when the community was locked to one
INET family.
Example #1:
set service snmp community bar network 172.16.0.0/12
Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from
IPv6 ::/0.
Example #2:
set service snmp community baz network 2001:db8::/64
Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0
|
|
|
|
This reverts commit 632893abf5c7bf935d866462a107ed1eef1747b3.
|
|
|
|
The name-server option under "service dns-forwarding" was never mandatory so
users never needed to specify an upstream server. With the recent switch to
PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when
there is no upstream DNS server configured.
|
|
|
|
|
|
subnet-parameters were not added to the resulting configuration.
|
|
|
|
|
|
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9.
It's not how it's done, those templates are generated by a script in
vyatta-cfg-firewall.
If we are planning a firewall overhaul in 1.3.x, there's no reason to
transplant the old approach to new code.
|
|
|
|
|
|
- verify if an auth mode is set and if its local checking that
a user and password for chap-secrets exists.
|
|
|
|
|
|
|
|
Increase NTP config version from 0 to 1. For more information see [1].
ntpd: Warning: the "dynamic" keyword has been obsoleted and will
be removed in the next release
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
|
|
|
|
|
|
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs
- snmp subagent and master mode
- connlimits configurable
- more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.)
- radius extended options (for HA etc.)
|
|
This bug was present since the old Vyatta days as the use-web statement
was only put into action when also "use-web skip" was defined.
The service https://ipinfo.io/ip does not place any crap in front of the
IP address so the skip statement was not used and made no sense.
|
|
|
|
This requires adding a query-local-address6 setting to enable outbound
IPv6 queries in general, and also formatting upstream nameserver IPv6
addresses in such a way that Recursor can parse them.
|
|
Move the on commit in a generated dhcpd.conf into the shared-network
to fix hostfile-update not working.
|
|
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable
by everyone.
This only covered the IPv4 address space and any IPv6 related query was
not handled by the server.
|
|
* igmproxy:
T959: XML/Python rewrite of "protocol igmp-proxy" and op-mode commands
show-raid.xml: fixup indention
Add missing VyOS copyright notices
|
|
- pubkey updates now work
- removing peers or interfaces work, was related tothe fact that tag nodes are called multiple times
|
|
|
|
|
|
supress duplicate error messages.
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
|
|
|
|
|
|
|
|
Binding isc-dhcp-relay to its default port (67 e.g. for IPv4) will
result in an error when starting up the service:
bad:
----
$ dhcrelay -q -4 -p 67 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
binding to user-specified port 67
good:
-----
$ dhcrelay -q -4 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
Setting removed from the IPv6 implementation, too!
|
|
- adding vmac_xmit_base to keepalived.conf when use_vmac is being used
otherwise both nodes will become master
|
|
|
|
|
|
|
|
* dhcp-relay:
dhcpv6-relay: added missing verify() step for listen and upstream interfaces
T913: DHCP relay service XML/Python rewrite for IPv6
T913: DHCP relay service XML/Python rewrite for IPv4
vyos-1x now depends on isc-dhcp-relay
dns-forwarding: fix XML interface indenting
|
|
|
|
Add option to specify multiple listening ports
Clean up template generation layout
|
|
|
|
|
|
JINJA2 templated missed the 'server=' statement when generating custom dynamic
DNS entries in the resulting ddclient.conf.
|