| Age | Commit message (Collapse) | Author |
|---|
|
This bug was present since the old Vyatta days as the use-web statement
was only put into action when also "use-web skip" was defined.
The service https://ipinfo.io/ip does not place any crap in front of the
IP address so the skip statement was not used and made no sense.
(cherry picked from commit 718d9a123c2ba72b87d7f6e48a5e6d83fa86d494)
|
|
In other words, remove top level tag nodes from radius-server and
introduce a regular
"radius" node, thus we can add additional features, too. A migration
script is provided
in vyos-1x which takes care of this config migration.
Change VyOS CLI from:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius-server 172.16.100.10 {
key barbarbar
}
radius-server 172.16.100.20 {
key foofoofoo
}
radius-source-address 172.16.254.100
}
To:
vyos@vyos# show vpn l2tp
remote-access {
authentication {
mode radius
radius {
server 172.16.100.10 {
key barbarbar
}
server 172.16.100.20 {
key foofoofoo
}
source-address 172.16.254.100
}
}
(cherry picked from commit 979ad1a92af9ee2150ecfe5309a9d1b43fdad59d)
|
|
This requires adding a query-local-address6 setting to enable outbound
IPv6 queries in general, and also formatting upstream nameserver IPv6
addresses in such a way that Recursor can parse them.
(cherry picked from commit 5d2e36da657fd2e15f9dc8d5588b06478bd3d55c)
|
|
(cherry picked from commit 15065070b7c22709e259a6ae0cc4a27fd7b59d6b)
|
|
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable
by everyone.
This only covered the IPv4 address space and any IPv6 related query was
not handled by the server.
(cherry picked from commit 1682d7167461ab9ef72471b31b199094b335276d)
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
(cherry picked from commit 698c5a40b2ece2f3eb41ad932660f7ceb1f80092)
|
|
- pubkey updates now work
- removing peers or interfaces work, was related tothe fact that tag nodes are called multiple times
|
|
|
|
|
|
|
|
safely passed to iproute2.
|
|
safely passed to iproute2.
|
|
|
|
supress duplicate error messages.
|
|
supress duplicate error messages.
|
|
|
|
|
|
(cherry picked from commit c4c183a16fe2ddc612ed947fc5513c87f30c7c27)
|
|
|
|
|
|
|
|
|
|
Binding isc-dhcp-relay to its default port (67 e.g. for IPv4) will
result in an error when starting up the service:
bad:
----
$ dhcrelay -q -4 -p 67 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
binding to user-specified port 67
good:
-----
$ dhcrelay -q -4 -c 10 -A 576 -m discard -i eth0.21 -i eth0 10.253.253.1
Setting removed from the IPv6 implementation, too!
|
|
- adding vmac_xmit_base to keepalived.conf when use_vmac is being used
otherwise both nodes will become master
|
|
- adding vmac_xmit_base to keepalived.conf when use_vmac is being used
otherwise both nodes will become master
|
|
|
|
(cherry picked from commit 9cf0514668b1461d3b74076b99c9edabafa10418)
|
|
|
|
|
|
* dhcp-relay:
dhcpv6-relay: added missing verify() step for listen and upstream interfaces
T913: DHCP relay service XML/Python rewrite for IPv6
T913: DHCP relay service XML/Python rewrite for IPv4
vyos-1x now depends on isc-dhcp-relay
dns-forwarding: fix XML interface indenting
|
|
|
|
Add option to specify multiple listening ports
Clean up template generation layout
|
|
|
|
|
|
- adding removal of the at job and /var/run/confirm.job
- fixed indents
|
|
JINJA2 templated missed the 'server=' statement when generating custom dynamic
DNS entries in the resulting ddclient.conf.
|
|
|
|
JINJA2 templated missed the 'server=' statement when generating custom dynamic
DNS entries in the resulting ddclient.conf.
(cherry picked from commit 95d95c52cb447b3ddb1bce6737583e4fd1c945d0)
|
|
I don't really do python, please check/test.
|
|
T870: Commit-confirm restarts the server even after commit
|
|
- adding removal of the at job and /var/run/confirm.job
- indent fixed
|
|
|
|
|
|
|
|
|
|
|
|
case GIDs change.
|
|
VyOS 1.1.8 support SNMPv3 without a group beeing assigned to a user. This
was yet not supported in VyOS 1.2.0.
Use for testing:
================
set service snmp v3 user testsnmpv3 auth plain 'authkey12345'
set service snmp v3 user testsnmpv3 auth type sha
set service snmp v3 user testsnmpv3 mode ro
set service snmp v3 user testsnmpv3 privacy plain 'privkey12345'
set service snmp v3 user testsnmpv3 privacy type aes
|
|
Bring VRRP configuration in line with keepalived config documentation.
|
|
|
