summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2019-01-21Fix: T1178 - Scheduled script breaks ability to modify configurationhagbard
2019-01-12Correct the command suggestion in the "show vpn ipsec sa" scriptDaniil Baturin
in case when no active SAs are found.
2019-01-12T1175: add support for DMVPN connections to the "show vpn ipsec sa" script.Daniil Baturin
2019-01-12T1041: make upstream DNS server optionalChristian Poessinger
The name-server option under "service dns-forwarding" was never mandatory so users never needed to specify an upstream server. With the recent switch to PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when there is no upstream DNS server configured.
2019-01-08Merge pull request #63 from daniel-pro/T1077hagbard-01
T1077: Update show_ipsec_sa.py
2019-01-07Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 (command conversion)hagbard
2019-01-06Fix: T1162 - WireGuard: Unable to modify tunnels - KeyError: 'state'hagbard
2019-01-06T1129: replace quotes when dealing with 'subnet/global-parameters'Christian Poessinger
2019-01-06T1129: fix handling of raw DHCP 'subnet-parameters'Christian Poessinger
subnet-parameters were not added to the resulting configuration.
2019-01-06T1159: correct handling of SAs without PFS in "show vpn ipsec sa".Daniil Baturin
2019-01-03T1147: Fix SNMP config file generation on newly installed systemsChristian Poessinger
2019-01-01T1119: 'show vpn ipsec sa' shows tunnel twice in 1.2.0-RC11Daniel
Removed duplicates from "connections" list.
2018-12-31T1128: restart SNMP on hostname change.Daniil Baturin
2018-12-31T1112: migrate BGP redistribute metric and route-map options too.Daniil Baturin
2018-12-31T1112: migrate BGP redistribute options (patch by Merijn).Daniil Baturin
2018-12-31T1108: warn the user and exit if there are no established IPsec SAs.Daniil Baturin
2018-12-18Update show_ipsec_sa.pyDaniel
2018-12-16Update show_ipsec_sa.pydaniel-pro
2018-12-16Revert "T1087: Firewall on Wireguard Interface implementation"Daniil Baturin
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9. It's not how it's done, those templates are generated by a script in vyatta-cfg-firewall. If we are planning a firewall overhaul in 1.3.x, there's no reason to transplant the old approach to new code.
2018-12-11T1087: Firewall on Wireguard Interface implementationhagbard
2018-12-07T1060: build fix for wrong config-version numberChristian Poessinger
Commit 9d35610c173 ("T1060: add missing version file for webproxy") assumed that there is a webproxy config version of 0 but we already have 1. This lead to duplicate files detected by apt.
2018-12-07Merge pull request #61 from dsteinkopf/currentChristian Poessinger
T1060: Add webproxy migration script (proxy-bypass -> whitelist).
2018-12-03T956: display SA traffic counters in human-redable units.Daniil Baturin
2018-12-03T956: correct IKE proposal string parsing for SAs with non-zero counters.Daniil Baturin
2018-12-02T1060: Add webproxy migration script (proxy-bypass -> whitelist).Dirk Steinkopf
2018-11-30Fixes: T1061: Wireguard: Missing option to administrativly shutdown interfacehagbard
2018-11-29T1001: escape backslashes in the input in the commands pipe as well.Daniil Baturin
2018-11-29T1001: Bugfix: Handle backslashes in values with "show configuration commands"arnehaak
This script is usually called with the output of "cli-shell-api showCfg", which does not escape backslashes. "ConfigTree()" expects escaped backslashes when parsing a config string (and also prints them itself). Therefore this script would fail. Manually escape backslashes here to handle backslashes in any configuration strings properly. The alternative would be to modify the output of "cli-shell-api showCfg", but that may be break other things who rely on that specific output. This fixes https://phabricator.vyos.net/T1001
2018-11-22T835: accel-ppp: pppoe implementationhagbard
- verify if an auth mode is set and if its local checking that a user and password for chap-secrets exists.
2018-11-21T835: syslog debug message removed (to verbose)hagbard
2018-11-19T835: migration script for radius' secret vs. key, rolled back thehagbard
change to 'mode local|radius'
2018-11-19T835: add missing call to write_chap_secrets() to generate()Daniil Baturin
2018-11-18Merge branch 'current' of https://github.com/vyos/vyos-1x into currentDaniil Baturin
2018-11-18T956: add a new script for displaying IPsec SAs.Daniil Baturin
2018-11-18T835: adding default pado delay and mode autocompletehagbard
2018-11-17T1018: remove obsoleted 'dynamic' option from NTPChristian Poessinger
Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
2018-11-17Rename show-igmpproxy.py -> show_igmpproxy.pyChristian Poessinger
2018-11-17T1016: fix IPv4/IPv6 dhcp relay restart commandChristian Poessinger
Current implementation referred to a no longer existing Perl script to restart the IPv4 and IPv6 instance of dhcrelay. > restart dhcp relay-agent > restart dhcpv6 relay-agent
2018-11-14Bugfix: T835 - verify radius server settingshagbard
2018-11-14Fixes: T940 adding immark to syslog optionshagbard
2018-11-14T835: accel-ppp pppoe implemetaionhagbard
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs - snmp subagent and master mode - connlimits configurable - more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.) - radius extended options (for HA etc.)
2018-11-12migration/l2tp: fix file commentChristian Poessinger
2018-11-12T987: Unclutter PPTP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn pptp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } } }
2018-11-11T998: "service dns dynamic" does now honor the "use-web" statementChristian Poessinger
This bug was present since the old Vyatta days as the use-web statement was only put into action when also "use-web skip" was defined. The service https://ipinfo.io/ip does not place any crap in front of the IP address so the skip statement was not used and made no sense.
2018-11-11T987: Unclutter L2TP/IPSec RADIUS configuration nodesChristian Poessinger
In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } radius-source-address 172.16.254.100 } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } source-address 172.16.254.100 } }
2018-11-09T835: accel-ppp pppoe implementationhagbard
2018-11-08T978: Support PowerDNS Recursor outbound queries over IPv6.Geoff Adams
This requires adding a query-local-address6 setting to enable outbound IPv6 queries in general, and also formatting upstream nameserver IPv6 addresses in such a way that Recursor can parse them.
2018-11-08dhcp - move commit hook into shared-networkBob
Move the on commit in a generated dhcpd.conf into the shared-network to fix hostfile-update not working.
2018-11-08cleanup: move files from vyos-build repo to vyos-1x where they are requiredChristian Poessinger
2018-11-08T974: bugfix dns forwarder not listening on IPv6 addressesChristian Poessinger
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable by everyone. This only covered the IPv4 address space and any IPv6 related query was not handled by the server.