| Age | Commit message (Collapse) | Author |
|---|
|
* clamp MSS IPv4
set firewall options interface pppoe0 adjust-mss '1452'
* clamp MSS IPv6
set firewall options interface pppoe0 adjust-mss6 '1452'
* disable entire rule
set firewall options interface pppoe0 disable
Output
------
$ sudo iptables-save -t mangle
# Generated by iptables-save v1.4.21 on Sun Apr 21 12:56:25 2019
*mangle
:PREROUTING ACCEPT [1217:439885]
:INPUT ACCEPT [290:52459]
:FORWARD ACCEPT [920:375774]
:OUTPUT ACCEPT [301:100053]
:POSTROUTING ACCEPT [1221:475827]
:VYOS_FW_OPTIONS - [0:0]
-A FORWARD -j VYOS_FW_OPTIONS
-A VYOS_FW_OPTIONS -o pppoe0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
COMMIT
Completed on Sun Apr 21 12:56:25 2019
|
|
(cherry picked from commit f8b7e3b2b20d143643bfac72db68943dfc9046f1)
|
|
|
|
WPAD url could be configured by CLI but the generated config was not
understood by ISC dhcp - caused by infalid if {} statement resulting in
a missing option wpad-url block.
(cherry picked from commit bfa9d55e9f1c3a091cff2fc214f2587d9b049cdb)
|
|
Same cause as with commit c6988bb4110541478dad74d0b892fd4643ed530a
(cherry picked from commit 40c342f3a84a75acc9f41c83cb735e966da7c47e)
|
|
Add support for relaying a DHCPv6 packet to multiple servers on one upstream
interface.
(cherry picked from commit d5b113923aaa776f89749c820d6283b593e80c3a)
|
|
When generation the configuration for multiple upstream interfaces a whitespace
was missing in the generated configuration:
OPTIONS="-6 -l 2001:db8::ffff%eth1 -u 2001:db8:1:ffff%eth2-u 2001:db8:2:ffff%eth3"
^---
This caused an error when starting up the DHCPv6 relay service
(cherry picked from commit c6988bb4110541478dad74d0b892fd4643ed530a)
|
|
parameter in /etc/resolv.conf"
This reverts commit 1a384ed21f1777faaef653f9d1e3d9c05542fdc8.
|
|
/etc/resolv.conf
|
|
using fully-qualified domain name
|
|
(cherry picked from commit 0fefe3c3b9250ad2ba841287a94036119728c708)
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcp server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 123, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 60, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpd.leases'
(cherry picked from commit ed620ef7e8ba741e165698c558b110a31cc35dfd)
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcpv6 server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 77, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 46, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpdv6.leases'
(cherry picked from commit a6700c7d3b75854c3b213b65951a51464cd073be)
|
|
|
|
disable' to disable single peers
Conflicts:
debian/changelog
|
|
- keypair can now be generated and used from the running iso to create wg tunnels on the fly
Conflicts:
debian/changelog
|
|
|
|
in unicast mode (patch by Johan Fredin).
|
|
(cherry picked from commit f0084de554d71d0f011c7fd2c6009f1864bd9d77)
|
|
(cherry picked from commit 583975299c625d6049be6561d70e4cadc9976242)
|
|
(cherry picked from commit fbfe43b5ae7692e6ee6ce6d5517efdb2cdf8f022)
|
|
(cherry picked from commit 3a1e484c69c883af03f355f0349ef218212207e1)
|
|
tftp-hpa which is the TFTP daemon used by VyOS does not support
listening on multiple IP adresses. With this limitation we will start
one TFTP daemon instance per configured listen-address via systemd.
(cherry picked from commit 735a24d58ddf55294241ce8160471fe9be062498)
|
|
(cherry picked from commit 944a665cfc19cca1af9d46a70fb31ba1f4893d68)
|
|
Not sure it's a normal case scenario, the one highlighted in T1256.
To managed it I changed the "if" logic.
|
|
When deleting or changing "service dns dynamic" the cache file of ddclient
is not removed, leading to abandoned host names which might be already gone.
(cherry picked from commit ec604ef88e2845bcd75070f6dff325ccc50873aa)
|
|
(cherry picked from commit ad011db299196a2e5defa7d8030be149d71d53ee)
|
|
|
|
(cherry picked from commit cc3f6088783373bd56cd821599bdc12ba123125b)
|
|
WHen building up the SNMP v2 community ro/rw access all hosts from
a INET version could access even when the community was locked to one
INET family.
Example #1:
set service snmp community bar network 172.16.0.0/12
Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from
IPv6 ::/0.
Example #2:
set service snmp community baz network 2001:db8::/64
Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0
(cherry picked from commit cc07c4727bdffb4c220ce28ab9f697b01fe4afb7)
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit 632893abf5c7bf935d866462a107ed1eef1747b3.
|
|
This reverts commit 0d80b06ccd33fc2a0001b8641ce45070f0e8726d.
|
|
|
|
|
|
in case when no active SAs are found.
|
|
|
|
The name-server option under "service dns-forwarding" was never mandatory so
users never needed to specify an upstream server. With the recent switch to
PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when
there is no upstream DNS server configured.
(cherry picked from commit 3c563b3ae8397da33a03c0429c17b97eb9625c5f)
|
|
The name-server option under "service dns-forwarding" was never mandatory so
users never needed to specify an upstream server. With the recent switch to
PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when
there is no upstream DNS server configured.
|
|
T1077: Update show_ipsec_sa.py
|
|
|
|
|
|
* current:
T1129: replace quotes when dealing with 'subnet/global-parameters'
T1129: fix handling of raw DHCP 'subnet-parameters'
T1159: correct handling of SAs without PFS in "show vpn ipsec sa".
T1147: Fix SNMP config file generation on newly installed systems
Initial implementation of declarative config dict retrieval library.
T1119: 'show vpn ipsec sa' shows tunnel twice in 1.2.0-RC11
|
|
|
|
subnet-parameters were not added to the resulting configuration.
|
|
|
