summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-08-20powerdns: T1595: remove 'listen-on' CLI optionChristian Poessinger
2019-08-20powerdns: T1595: add config migrator to remove 'listen-on'Christian Poessinger
2019-08-20vyos.interfaces: T1595: add method to query for interface typeChristian Poessinger
As of now we only could list the available interfaces for a given interface type. There was no reverse mapping available which told us that interface eth0.201 is an ethernet interface or vtun0 is openvpn.
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-08-20vyos.configtree: add help for set methodChristian Poessinger
2019-08-19Merge pull request #109 from c-po/t1580-dummyChristian Poessinger
T1580 dummy
2019-08-19Python: configinterface: remove debug print() statementsChristian Poessinger
2019-08-19dummy: T1580: rewrite in new style XML/PythonChristian Poessinger
2019-08-19dummy: T1580: Python: support {add,remove}_interface in vyos.configinterfaceChristian Poessinger
2019-08-19openvpn: T1548: remove authy 2fa providerChristian Poessinger
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device.
2019-08-18Merge pull request #106 from alkersan/currentDaniil Baturin
[op-mode] T1590 xml-style rewrite of 'show system' operations
2019-08-18openvpn: T1548: support creating L2 bridgesChristian Poessinger
2019-08-18[bridge] T1156: increase bridge priority - bridge interfaces after all ↵Christian Poessinger
member interfaces are configured
2019-08-17openvpn: T1548: add 'show interfaces openvpn' op-mode commandChristian Poessinger
2019-08-17openvpn: T1548: fix generated topology statement for 'server point-to-point'Christian Poessinger
2019-08-17openvpn: T1548: don't generate config if instance is disabledChristian Poessinger
2019-08-17openvpn: T1548: fix generated client subnet mask for topology 'server'Christian Poessinger
2019-08-17openvpn: T1548: widen generated folder permission to 755Christian Poessinger
2019-08-17openvpn: T1548: add description to generated config fileChristian Poessinger
2019-08-17openvpn: T1548: fix enable/disable of entire interfaceChristian Poessinger
2019-08-17openvpn: T1548: 'disabled' leafNode must be valuelessChristian Poessinger
2019-08-17Merge pull request #107 from c-po/t1548-openvpnChristian Poessinger
T1548 openvpn
2019-08-17openvpn: T1548: remove debug outputChristian Poessinger
2019-08-17Merge pull request #102 from zdc/T1531Christian Poessinger
[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way)
2019-08-17Merge pull request #105 from zdc/T1183Christian Poessinger
[bfd] T1183: Added validations and fixing bugs in BFD
2019-08-17openvpn: T1548: add op-mode command for resettingChristian Poessinger
vyos@vyos:~$ reset openvpn interface vtun10
2019-08-17openvpn: T1548: add op-mode command for resetting clientChristian Poessinger
vyos@vyos:~$ run reset openvpn client client1
2019-08-17openvpn: T1548: fix file ownership of client configuration fileChristian Poessinger
2019-08-17openvpn: T1548: add op-mode command for key generationChristian Poessinger
2019-08-16openvpn: T1548: initial rewrite with XML and PythonChristian Poessinger
2019-08-16[op-mode] T1590 xml-style rewrite of 'show system' operationsDmytro Aleksandrov
2019-08-14[bfd] T1183: Added validations and fixing bugs in BFD:zsdc
* added validations for "source address IP" and "bfd peer IP" * added check for configuring multihop together with an interface name * fixed "show protocols bfd peer X" for peers with custom options
2019-08-15Merge pull request #103 from jestabro/service-httpsDaniil Baturin
[service https] T1443: add self-signed TLS certificate
2019-08-14[service https] T1443: add self-signed TLS certificateJohn Estabrook
2019-08-14[service https] T1443: move https and api default data to vyos.defaultsJohn Estabrook
2019-08-14Merge pull request #104 from DmitriyEshenko/bfdDaniil Baturin
[bfd] T1183 Adding support show bfd counters
2019-08-13[bfd] T1183 Adding support show bfd countersDmitriyEshenko
2019-08-13[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way)zsdc
This change makes "dnsdomainname" and "hostname -f" operable
2019-08-12Merge pull request #99 from zdc/feature-bfdChristian Poessinger
[bfd] T1183: Added some new functionality and fixed bugs in BFD
2019-08-11Merge pull request #100 from DmitriyEshenko/snmpDaniil Baturin
[snmp] T1575 Adding additional check for lspci
2019-08-10[snmp] T1575 Adding additional check for lspciDmitriyEshenko
2019-08-09[config] - T1557: setting object properties for the classhagbard
2019-08-09[bfd] T1183: Added some new functionality and fixed bugs in BFD:zsdc
* added option "echo-mode" and "echo-interval" for BFD peers * added configuration check for usage "multihop" and "echo-mode" * added configuration check for denying deletion BFD peers, which are used in BGP configuration * fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.) * deleted wrong skipping of configuration check for "shutdown" BFD peers
2019-08-08[config] - T1557: Create generic abstraction for configuring interfaces e.g. ↵hagbard
IP address
2019-08-07Merge pull request #98 from DmitriyEshenko/l2tp_ipv6hagbard-01
[l2tp] T1566 ipv6 implementation
2019-08-07[l2tp] T1566 ipv6 implementationDmitriyEshenko
2019-08-07[service https] T1443: reset defaults on 'delete service https api'John Estabrook
2019-08-07Validator: add file-exists as replacement to Vyatta check_file_in_config_dirChristian Poessinger
Verify if a file exists or not on the system. Can be called by: <constraint> <validator name="file-exists" argument="--directory /config/auth"/> </constraint> The --directory option is used to ensure a given file path lies under this (mandatory) directory. A directory can be mandatory when the optional argument -e, --error is used. This will return '1' instead of '0'.
2019-08-07XML: WireGuard: run interfacedefinition through XML lintChristian Poessinger
2019-08-07Validator: rename cidr -> ip-cidr to match existing patternsChristian Poessinger