Age | Commit message (Collapse) | Author |
|
|
|
WHen building up the SNMP v2 community ro/rw access all hosts from
a INET version could access even when the community was locked to one
INET family.
Example #1:
set service snmp community bar network 172.16.0.0/12
Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from
IPv6 ::/0.
Example #2:
set service snmp community baz network 2001:db8::/64
Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0
|
|
|
|
This reverts commit 632893abf5c7bf935d866462a107ed1eef1747b3.
|
|
|
|
The name-server option under "service dns-forwarding" was never mandatory so
users never needed to specify an upstream server. With the recent switch to
PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when
there is no upstream DNS server configured.
|
|
|
|
|
|
subnet-parameters were not added to the resulting configuration.
|
|
|
|
|
|
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9.
It's not how it's done, those templates are generated by a script in
vyatta-cfg-firewall.
If we are planning a firewall overhaul in 1.3.x, there's no reason to
transplant the old approach to new code.
|
|
|
|
|
|
- verify if an auth mode is set and if its local checking that
a user and password for chap-secrets exists.
|
|
|
|
|
|
|
|
Increase NTP config version from 0 to 1. For more information see [1].
ntpd: Warning: the "dynamic" keyword has been obsoleted and will
be removed in the next release
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
|
|
|
|
|
|
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs
- snmp subagent and master mode
- connlimits configurable
- more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.)
- radius extended options (for HA etc.)
|
|
This bug was present since the old Vyatta days as the use-web statement
was only put into action when also "use-web skip" was defined.
The service https://ipinfo.io/ip does not place any crap in front of the
IP address so the skip statement was not used and made no sense.
|
|
|
|
This requires adding a query-local-address6 setting to enable outbound
IPv6 queries in general, and also formatting upstream nameserver IPv6
addresses in such a way that Recursor can parse them.
|
|
Move the on commit in a generated dhcpd.conf into the shared-network
to fix hostfile-update not working.
|
|
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable
by everyone.
This only covered the IPv4 address space and any IPv6 related query was
not handled by the server.
|
|
* igmproxy:
T959: XML/Python rewrite of "protocol igmp-proxy" and op-mode commands
show-raid.xml: fixup indention
Add missing VyOS copyright notices
|
|
- pubkey updates now work
- removing peers or interfaces work, was related tothe fact that tag nodes are called multiple times
|
|
|
|
|
|
supress duplicate error messages.
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
|
|
|
|
|
|
|
|
Binding isc-dhcp-relay to its default port (67 e.g. for IPv4) will
result in an error when starting up the service:
bad:
----
$ dhcrelay -q -4 -p 67 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
binding to user-specified port 67
good:
-----
$ dhcrelay -q -4 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
Setting removed from the IPv6 implementation, too!
|
|
- adding vmac_xmit_base to keepalived.conf when use_vmac is being used
otherwise both nodes will become master
|
|
|
|
|
|
|
|
* dhcp-relay:
dhcpv6-relay: added missing verify() step for listen and upstream interfaces
T913: DHCP relay service XML/Python rewrite for IPv6
T913: DHCP relay service XML/Python rewrite for IPv4
vyos-1x now depends on isc-dhcp-relay
dns-forwarding: fix XML interface indenting
|
|
|
|
Add option to specify multiple listening ports
Clean up template generation layout
|
|
|
|
|
|
JINJA2 templated missed the 'server=' statement when generating custom dynamic
DNS entries in the resulting ddclient.conf.
|
|
|
|
VyOS 1.1.8 support SNMPv3 without a group beeing assigned to a user. This
was yet not supported in VyOS 1.2.0.
Use for testing:
================
set service snmp v3 user testsnmpv3 auth plain 'authkey12345'
set service snmp v3 user testsnmpv3 auth type sha
set service snmp v3 user testsnmpv3 mode ro
set service snmp v3 user testsnmpv3 privacy plain 'privkey12345'
set service snmp v3 user testsnmpv3 privacy type aes
|
|
Bring VRRP configuration in line with keepalived config documentation.
|