| Age | Commit message (Collapse) | Author |
|---|
|
T2486: DNS, vyos-hostsd fixes
|
|
When deleting a peth interface the interface name was not added to the
configuration dict, which lead to referencing non existent keys.
|
|
|
|
|
|
A user can define a port under the SSH node per device. WHen connecting to that
port and authenticating using regular credentials we will immediately drop to
the serial console. This is the same as executing "connect serial-proxy <name>".
|
|
|
|
For more examples on the new get_config_dict() approach migrate this
implementation as it is not yet in production use. Also this serves as proof of
concept code for further migrations.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
radvd[31898]: AdvValidLifeTime must be greater than AdvPreferredLifetime in
radvd.conf, line 19
This happens with the following configuration:
vyos@vyos# show service router-advert
interface eth0.20 {
name-server 2001:4860:4860::8888
prefix ::/64 {
valid-lifetime 7200
}
}
A validator is added to solve this issue and radvd will run again.
|
|
|
|
|
|
l2tp: T2602: Delete excess characters
|
|
For an unknown reason snmpd not always starts after reboot.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Only IP prefixes are allowed to be added by the CLI thus we can drop the
same check inside the Python script to validate the prefix.
|
|
|
|
Commit 5deb12c509be ("ssh: T2321: add VRF support") restructured the Port
assignment (cleanup from the early days) but it accesses a string with methods
used for a list, resulting in the funny default port 2.
|
|
It shouldn't be required, if necessary it should be added to
vyos-hostsd apply command.
|
|
Removes and adds all required settings.
|
|
The getter methods will return empty values if config nodes don't exist,
so there's no point in checking if they exist before.
|
|
Init Config once in main() and pass it to both get_config() and verify().
|
|
The previous implementation only supported disabling DHCP nameservers for all
interfaces, and was implemented improperly so it didn't work anyway.
It's safe to remove it completely.
This adds support for a new config node name-servers-dhcp <interface>, which
allows us to enable just the interfaces we want to use for system DNS,
identical in syntax to 'service dns forwarding dhcp <interface>'.
The new option works by adding tags to vyos-hostsd that we want to use to add
nameservers to resolv.conf, same as adding tags for dns forwarding but for a
different destination file.
A config migrator will be added in a separate commit.
|
|
Debian Buster doesn't have the length and character limitations of
/etc/resolv.conf 'search' any more, it is unlimited.
https://sourceware.org/bugzilla/show_bug.cgi?id=19569
(glibc >2.26)
|
|
Change internal representation to the one required by vyos-hostsd.
|
|
Removes and adds all required settings.
|
|
- generate recursor.conf, recursor.conf.lua
- if recursor.vyos-hostsd.conf.lua and recursor.forward-zones.conf don't exist,
create empty ones (they are/will be generated by vyos-hostsd)
|
|
Add warning that forwarding will operate as a recursor in case there are no
nameservers configured.
|
|
Remove the old solution that retrieved dhcp tagged nameservers from hostsd
and added it to nameservers, as it didn't work anyway (only once during
configuration but it didn't update them later). This is now handled by
vyos-hostsd, just retrieve the configured interfaces and send it the list
of tags to use.
|
|
Remove manual retrieval of 'system name-server' from config and adding it to
the name servers list, as this is now handled by simply adding a 'system' tag
in vyos-hostsd.
|
|
|
|
Change internal representation to the new one expected by vyos-hostsd.
|
|
As Config is required in both get_config and verify, init it once
and pass it to both functions.
|
|
The functionality was moved to vyos-hostsd.
|
|
|
|
As part of T1595 listen-on was removed and migrated to listen-address,
but some references to it stayed in the variable names and validator
error message.
|
|
tested using:
set nat destination rule 399 description 'Redirect DNS iot VLAN'
set nat destination rule 399 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 399 destination port '53'
set nat destination rule 399 inbound-interface bond10.204
set nat destination rule 399 log
set nat destination rule 399 protocol 'tcp_udp'
set nat destination rule 399 translation address '192.168.67.243'
set nat destination rule 399 translation port '53'
set nat destination rule 400 description 'Redirect DNS lan VLAN'
set nat destination rule 400 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 400 destination port '53'
set nat destination rule 400 inbound-interface bond10.204
set nat destination rule 400 log
set nat destination rule 400 protocol 'tcp_udp'
set nat destination rule 400 translation address '192.168.67.243'
set nat destination rule 400 translation port '53'
set nat destination rule 401 description 'Redirect DNS guest VLAN'
set nat destination rule 401 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 401 destination port '53'
set nat destination rule 401 inbound-interface bond10.204
set nat destination rule 401 log
set nat destination rule 401 protocol 'tcp_udp'
set nat destination rule 401 translation address '192.168.67.243'
set nat destination rule 401 translation port '53'
|
|
|
|
|
|
|
|
|
