Age | Commit message (Collapse) | Author |
|
(cherry-picked 439d86aa55c7eed9619391ecec04bc1fbd5f9323)
|
|
(cherry picked from commit 2375e0876abeff26ba875419b62f974d0ff6122a)
|
|
In other words, remove top level tag nodes from radius-server and introduce
a regular "radius" node, thus we can add additional features, too. A migration
script is provided in vyos-1x which takes care of this config migration.
Change VyOS CLI from:
vyos@vyos# show vpn pptp
remote-access {
authentication {
mode radius
radius-server 172.16.100.10 {
key barbarbar
}
radius-server 172.16.100.20 {
key foofoofoo
}
}
To:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius {
server 172.16.100.10 {
key barbarbar
}
server 172.16.100.20 {
key foofoofoo
}
}
}
(cherry picked from commit 2b8af944d60de2fca8370a108e422ccc6b3d006d)
|
|
|
|
This bug was present since the old Vyatta days as the use-web statement
was only put into action when also "use-web skip" was defined.
The service https://ipinfo.io/ip does not place any crap in front of the
IP address so the skip statement was not used and made no sense.
|
|
In other words, remove top level tag nodes from radius-server and
introduce a regular
"radius" node, thus we can add additional features, too. A migration
script is provided
in vyos-1x which takes care of this config migration.
Change VyOS CLI from:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius-server 172.16.100.10 {
key barbarbar
}
radius-server 172.16.100.20 {
key foofoofoo
}
radius-source-address 172.16.254.100
}
To:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius {
server 172.16.100.10 {
key barbarbar
}
server 172.16.100.20 {
key foofoofoo
}
source-address 172.16.254.100
}
}
|
|
|
|
This requires adding a query-local-address6 setting to enable outbound
IPv6 queries in general, and also formatting upstream nameserver IPv6
addresses in such a way that Recursor can parse them.
|
|
Move the on commit in a generated dhcpd.conf into the shared-network
to fix hostfile-update not working.
|
|
|
|
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable
by everyone.
This only covered the IPv4 address space and any IPv6 related query was
not handled by the server.
|
|
* igmproxy:
T959: XML/Python rewrite of "protocol igmp-proxy" and op-mode commands
show-raid.xml: fixup indention
Add missing VyOS copyright notices
|
|
- pubkey updates now work
- removing peers or interfaces work, was related tothe fact that tag nodes are called multiple times
|
|
|
|
|
|
|
|
|
|
safely passed to iproute2.
|
|
safely passed to iproute2.
|
|
|
|
supress duplicate error messages.
|
|
supress duplicate error messages.
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
|
|
|
|
|
|
|
|
(cherry picked from commit c4c183a16fe2ddc612ed947fc5513c87f30c7c27)
|
|
|
|
|
|
|
|
|
|
Binding isc-dhcp-relay to its default port (67 e.g. for IPv4) will
result in an error when starting up the service:
bad:
----
$ dhcrelay -q -4 -p 67 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
binding to user-specified port 67
good:
-----
$ dhcrelay -q -4 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
Setting removed from the IPv6 implementation, too!
|
|
- adding vmac_xmit_base to keepalived.conf when use_vmac is being used
otherwise both nodes will become master
|
|
- adding vmac_xmit_base to keepalived.conf when use_vmac is being used
otherwise both nodes will become master
|
|
|
|
(cherry picked from commit 9cf0514668b1461d3b74076b99c9edabafa10418)
|
|
|
|
|
|
* dhcp-relay:
dhcpv6-relay: added missing verify() step for listen and upstream interfaces
T913: DHCP relay service XML/Python rewrite for IPv6
T913: DHCP relay service XML/Python rewrite for IPv4
vyos-1x now depends on isc-dhcp-relay
dns-forwarding: fix XML interface indenting
|
|
|
|
Add option to specify multiple listening ports
Clean up template generation layout
|
|
|
|
|
|
- adding removal of the at job and /var/run/confirm.job
- fixed indents
|
|
JINJA2 templated missed the 'server=' statement when generating custom dynamic
DNS entries in the resulting ddclient.conf.
|
|
|
|
JINJA2 templated missed the 'server=' statement when generating custom dynamic
DNS entries in the resulting ddclient.conf.
(cherry picked from commit 95d95c52cb447b3ddb1bce6737583e4fd1c945d0)
|
|
I don't really do python, please check/test.
|
|
T870: Commit-confirm restarts the server even after commit
|
|
- adding removal of the at job and /var/run/confirm.job
- indent fixed
|