Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-08-20 | powerdns: T1595: remove 'listen-on' CLI option | Christian Poessinger | |
2019-08-20 | powerdns: T1595: add config migrator to remove 'listen-on' | Christian Poessinger | |
2019-08-20 | vyos.interfaces: T1595: add method to query for interface type | Christian Poessinger | |
As of now we only could list the available interfaces for a given interface type. There was no reverse mapping available which told us that interface eth0.201 is an ethernet interface or vtun0 is openvpn. | |||
2019-08-20 | powerdns: T1524: support setting allow-from network | Christian Poessinger | |
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } } | |||
2019-08-20 | vyos.configtree: add help for set method | Christian Poessinger | |
2019-08-19 | Merge pull request #109 from c-po/t1580-dummy | Christian Poessinger | |
T1580 dummy | |||
2019-08-19 | Python: configinterface: remove debug print() statements | Christian Poessinger | |
2019-08-19 | dummy: T1580: rewrite in new style XML/Python | Christian Poessinger | |
2019-08-19 | dummy: T1580: Python: support {add,remove}_interface in vyos.configinterface | Christian Poessinger | |
2019-08-19 | openvpn: T1548: remove authy 2fa provider | Christian Poessinger | |
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device. | |||
2019-08-18 | Merge pull request #106 from alkersan/current | Daniil Baturin | |
[op-mode] T1590 xml-style rewrite of 'show system' operations | |||
2019-08-18 | openvpn: T1548: support creating L2 bridges | Christian Poessinger | |
2019-08-18 | [bridge] T1156: increase bridge priority - bridge interfaces after all ↵ | Christian Poessinger | |
member interfaces are configured | |||
2019-08-17 | openvpn: T1548: add 'show interfaces openvpn' op-mode command | Christian Poessinger | |
2019-08-17 | openvpn: T1548: fix generated topology statement for 'server point-to-point' | Christian Poessinger | |
2019-08-17 | openvpn: T1548: don't generate config if instance is disabled | Christian Poessinger | |
2019-08-17 | openvpn: T1548: fix generated client subnet mask for topology 'server' | Christian Poessinger | |
2019-08-17 | openvpn: T1548: widen generated folder permission to 755 | Christian Poessinger | |
2019-08-17 | openvpn: T1548: add description to generated config file | Christian Poessinger | |
2019-08-17 | openvpn: T1548: fix enable/disable of entire interface | Christian Poessinger | |
2019-08-17 | openvpn: T1548: 'disabled' leafNode must be valueless | Christian Poessinger | |
2019-08-17 | Merge pull request #107 from c-po/t1548-openvpn | Christian Poessinger | |
T1548 openvpn | |||
2019-08-17 | openvpn: T1548: remove debug output | Christian Poessinger | |
2019-08-17 | Merge pull request #102 from zdc/T1531 | Christian Poessinger | |
[hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way) | |||
2019-08-17 | Merge pull request #105 from zdc/T1183 | Christian Poessinger | |
[bfd] T1183: Added validations and fixing bugs in BFD | |||
2019-08-17 | openvpn: T1548: add op-mode command for resetting | Christian Poessinger | |
vyos@vyos:~$ reset openvpn interface vtun10 | |||
2019-08-17 | openvpn: T1548: add op-mode command for resetting client | Christian Poessinger | |
vyos@vyos:~$ run reset openvpn client client1 | |||
2019-08-17 | openvpn: T1548: fix file ownership of client configuration file | Christian Poessinger | |
2019-08-17 | openvpn: T1548: add op-mode command for key generation | Christian Poessinger | |
2019-08-16 | openvpn: T1548: initial rewrite with XML and Python | Christian Poessinger | |
2019-08-16 | [op-mode] T1590 xml-style rewrite of 'show system' operations | Dmytro Aleksandrov | |
2019-08-14 | [bfd] T1183: Added validations and fixing bugs in BFD: | zsdc | |
* added validations for "source address IP" and "bfd peer IP" * added check for configuring multihop together with an interface name * fixed "show protocols bfd peer X" for peers with custom options | |||
2019-08-15 | Merge pull request #103 from jestabro/service-https | Daniil Baturin | |
[service https] T1443: add self-signed TLS certificate | |||
2019-08-14 | [service https] T1443: add self-signed TLS certificate | John Estabrook | |
2019-08-14 | [service https] T1443: move https and api default data to vyos.defaults | John Estabrook | |
2019-08-14 | Merge pull request #104 from DmitriyEshenko/bfd | Daniil Baturin | |
[bfd] T1183 Adding support show bfd counters | |||
2019-08-13 | [bfd] T1183 Adding support show bfd counters | DmitriyEshenko | |
2019-08-13 | [hostname] T1531: Added hostname alias to 127.0.1.1 (Debian way) | zsdc | |
This change makes "dnsdomainname" and "hostname -f" operable | |||
2019-08-12 | Merge pull request #99 from zdc/feature-bfd | Christian Poessinger | |
[bfd] T1183: Added some new functionality and fixed bugs in BFD | |||
2019-08-11 | Merge pull request #100 from DmitriyEshenko/snmp | Daniil Baturin | |
[snmp] T1575 Adding additional check for lspci | |||
2019-08-10 | [snmp] T1575 Adding additional check for lspci | DmitriyEshenko | |
2019-08-09 | [config] - T1557: setting object properties for the class | hagbard | |
2019-08-09 | [bfd] T1183: Added some new functionality and fixed bugs in BFD: | zsdc | |
* added option "echo-mode" and "echo-interval" for BFD peers * added configuration check for usage "multihop" and "echo-mode" * added configuration check for denying deletion BFD peers, which are used in BGP configuration * fixed deleting/changing BFD peers with custom parameters (for example multihop, local-address, etc.) * deleted wrong skipping of configuration check for "shutdown" BFD peers | |||
2019-08-08 | [config] - T1557: Create generic abstraction for configuring interfaces e.g. ↵ | hagbard | |
IP address | |||
2019-08-07 | Merge pull request #98 from DmitriyEshenko/l2tp_ipv6 | hagbard-01 | |
[l2tp] T1566 ipv6 implementation | |||
2019-08-07 | [l2tp] T1566 ipv6 implementation | DmitriyEshenko | |
2019-08-07 | [service https] T1443: reset defaults on 'delete service https api' | John Estabrook | |
2019-08-07 | Validator: add file-exists as replacement to Vyatta check_file_in_config_dir | Christian Poessinger | |
Verify if a file exists or not on the system. Can be called by: <constraint> <validator name="file-exists" argument="--directory /config/auth"/> </constraint> The --directory option is used to ensure a given file path lies under this (mandatory) directory. A directory can be mandatory when the optional argument -e, --error is used. This will return '1' instead of '0'. | |||
2019-08-07 | XML: WireGuard: run interfacedefinition through XML lint | Christian Poessinger | |
2019-08-07 | Validator: rename cidr -> ip-cidr to match existing patterns | Christian Poessinger | |