| Age | Commit message (Collapse) | Author |
|---|
|
This requires adding a query-local-address6 setting to enable outbound
IPv6 queries in general, and also formatting upstream nameserver IPv6
addresses in such a way that Recursor can parse them.
(cherry picked from commit 5d2e36da657fd2e15f9dc8d5588b06478bd3d55c)
|
|
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable
by everyone.
This only covered the IPv4 address space and any IPv6 related query was
not handled by the server.
(cherry picked from commit 1682d7167461ab9ef72471b31b199094b335276d)
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
(cherry picked from commit 698c5a40b2ece2f3eb41ad932660f7ceb1f80092)
|
|
- pubkey updates now work
- removing peers or interfaces work, was related tothe fact that tag nodes are called multiple times
|
|
|
|
supress duplicate error messages.
|
|
|
|
(cherry picked from commit c4c183a16fe2ddc612ed947fc5513c87f30c7c27)
|
|
|
|
Binding isc-dhcp-relay to its default port (67 e.g. for IPv4) will
result in an error when starting up the service:
bad:
----
$ dhcrelay -q -4 -p 67 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
binding to user-specified port 67
good:
-----
$ dhcrelay -q -4 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
Setting removed from the IPv6 implementation, too!
|
|
- adding vmac_xmit_base to keepalived.conf when use_vmac is being used
otherwise both nodes will become master
|
|
|
|
|
|
|
|
* dhcp-relay:
dhcpv6-relay: added missing verify() step for listen and upstream interfaces
T913: DHCP relay service XML/Python rewrite for IPv6
T913: DHCP relay service XML/Python rewrite for IPv4
vyos-1x now depends on isc-dhcp-relay
dns-forwarding: fix XML interface indenting
|
|
|
|
Add option to specify multiple listening ports
Clean up template generation layout
|
|
|
|
|
|
JINJA2 templated missed the 'server=' statement when generating custom dynamic
DNS entries in the resulting ddclient.conf.
|
|
|
|
VyOS 1.1.8 support SNMPv3 without a group beeing assigned to a user. This
was yet not supported in VyOS 1.2.0.
Use for testing:
================
set service snmp v3 user testsnmpv3 auth plain 'authkey12345'
set service snmp v3 user testsnmpv3 auth type sha
set service snmp v3 user testsnmpv3 mode ro
set service snmp v3 user testsnmpv3 privacy plain 'privkey12345'
set service snmp v3 user testsnmpv3 privacy type aes
|
|
Bring VRRP configuration in line with keepalived config documentation.
|
|
|
|
|
|
|
|
|
|
|
|
- logs now only to /var/log/messages per default
- enforces the global template from /usr/share/vyos/rsyslog/rsyslog.conf
|
|
|
|
Commit 91c3b8bdd9 ("dhcp_server.py: cleanup") did not only cleanup parts
of the code but in addition added support for DHCP failover. That support
could lead to an empty pool {} statement if the subnet declaration only had
static address assignments but no range at all.
---<snip>---
dhcpd: /etc/dhcp/dhcpd.conf line 70: Pool declaration with no address
range.
dhcpd: }
dhcpd: ^
dhcpd: Pool declarations must always contain at least
dhcpd: one range statement.
---</snip>---
|
|
|
|
- the psk is only read from a file, due to sudo it's redirection doesn't work
file is created in /tmp (it's tmpfs), wg comand executed and the psk file
is deleted again, to avoid leakage of the psk. It's create umaks(077) and root:root
|
|
|
|
The previous implementation used a hardcoded 2 seconds sleep until the
daemon configuration was rendered by snmpd (user/password stuff).
Waiting 2 seconds is error prone and was replaced by reading the
configuration file until it shows a marker indicating that the file was
properly processed by snmpd.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit 067a6b1524 ("vyos: package: extend validator by is_subnet_connected()")
added a mechanism to probe if a given IPv4/IPv6 address is connected to any
interface on the subnet - or is part of this subnet.
We now use this call instead of producing more and more biler-plate code!
|
|
Watcher7).
|
|
|
|
Commit a30dac7c2 ("vyos package: add IP address validators") added system
wide Python validators for IP addresses. Remove duplicated code and switch
to single source.
|
|
Commit a30dac7c2 ("vyos package: add IP address validators") added system
wide Python validators for IP addresses. Remove duplicated code and
switch to a single source.
|
