Age | Commit message (Collapse) | Author |
|
|
|
in case when no active SAs are found.
|
|
|
|
The name-server option under "service dns-forwarding" was never mandatory so
users never needed to specify an upstream server. With the recent switch to
PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when
there is no upstream DNS server configured.
|
|
T1077: Update show_ipsec_sa.py
|
|
|
|
|
|
|
|
subnet-parameters were not added to the resulting configuration.
|
|
|
|
|
|
Removed duplicates from "connections" list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit 51f61991092a163f680e4ec8f122e73f4074ddf9.
It's not how it's done, those templates are generated by a script in
vyatta-cfg-firewall.
If we are planning a firewall overhaul in 1.3.x, there's no reason to
transplant the old approach to new code.
|
|
|
|
Commit 9d35610c173 ("T1060: add missing version file for webproxy")
assumed that there is a webproxy config version of 0 but we already have 1.
This lead to duplicate files detected by apt.
|
|
T1060: Add webproxy migration script (proxy-bypass -> whitelist).
|
|
|
|
|
|
|
|
|
|
|
|
This script is usually called with the output of "cli-shell-api showCfg", which does not escape backslashes. "ConfigTree()" expects escaped backslashes when parsing a config string (and also prints them itself). Therefore this script would fail.
Manually escape backslashes here to handle backslashes in any configuration strings properly. The alternative would be to modify the output of "cli-shell-api showCfg", but that may be break other things who rely on that specific output.
This fixes https://phabricator.vyos.net/T1001
|
|
- verify if an auth mode is set and if its local checking that
a user and password for chap-secrets exists.
|
|
|
|
change to 'mode local|radius'
|
|
|
|
|
|
|
|
|
|
Increase NTP config version from 0 to 1. For more information see [1].
ntpd: Warning: the "dynamic" keyword has been obsoleted and will
be removed in the next release
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976
|
|
|
|
Current implementation referred to a no longer existing Perl script to
restart the IPv4 and IPv6 instance of dhcrelay.
> restart dhcp relay-agent
> restart dhcpv6 relay-agent
|
|
|
|
|
|
- ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs
- snmp subagent and master mode
- connlimits configurable
- more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.)
- radius extended options (for HA etc.)
|
|
|
|
In other words, remove top level tag nodes from radius-server and introduce
a regular "radius" node, thus we can add additional features, too. A migration
script is provided in vyos-1x which takes care of this config migration.
Change VyOS CLI from:
vyos@vyos# show vpn pptp
remote-access {
authentication {
mode radius
radius-server 172.16.100.10 {
key barbarbar
}
radius-server 172.16.100.20 {
key foofoofoo
}
}
To:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius {
server 172.16.100.10 {
key barbarbar
}
server 172.16.100.20 {
key foofoofoo
}
}
}
|
|
This bug was present since the old Vyatta days as the use-web statement
was only put into action when also "use-web skip" was defined.
The service https://ipinfo.io/ip does not place any crap in front of the
IP address so the skip statement was not used and made no sense.
|
|
In other words, remove top level tag nodes from radius-server and
introduce a regular
"radius" node, thus we can add additional features, too. A migration
script is provided
in vyos-1x which takes care of this config migration.
Change VyOS CLI from:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius-server 172.16.100.10 {
key barbarbar
}
radius-server 172.16.100.20 {
key foofoofoo
}
radius-source-address 172.16.254.100
}
To:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius {
server 172.16.100.10 {
key barbarbar
}
server 172.16.100.20 {
key foofoofoo
}
source-address 172.16.254.100
}
}
|
|
|
|
This requires adding a query-local-address6 setting to enable outbound
IPv6 queries in general, and also formatting upstream nameserver IPv6
addresses in such a way that Recursor can parse them.
|
|
Move the on commit in a generated dhcpd.conf into the shared-network
to fix hostfile-update not working.
|
|
|
|
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable
by everyone.
This only covered the IPv4 address space and any IPv6 related query was
not handled by the server.
|