Age | Commit message (Collapse) | Author |
|
Limiting the amount of requests passed to a server seems to be the wrong
way to tackle a problem.
|
|
- migrate RADIUS configuration to a more uniform syntax accross the system
- authentication radius-server x.x.x.x to authentication radius server x.x.x.x
- authentication radius-settings to authentication radius
|
|
|
|
|
|
|
|
Instead of letting the user choose between auto and none where auto is default,
it makes more sesne to just offer an option to disable the default behavior.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
vyos@vyos# show interfaces pppoe
pppoe pppoe0 {
default-route force
link eth2.7
mtu 400
name-server auto
password 12345678
user-id vyos@vyos.io
}
|
|
|
|
|
|
|
|
|
|
|
|
Civic based location information was not working for quiet some time and
as an unused feature we should drop it to keep the codebase more simple
and maintainable.
|
|
|
|
|
|
|
|
If - for whatever reason - a timezone specified is invalid ... migrate it to
UTC, just in case!
|
|
The current node.def based implementtion should be migrated from
vyatta-cfg-system to vyos-1x. During the migration also provide a migration
script which transforms some ole timezones like "Los_Angeles" into a proper
IANA assigned timezone which should be "America/Los_Angeles".
|
|
- migrates 'system syslog host <ip_address:port>' to
system syslog host <ip_address> port <port>
|
|
This reverts commit a93a1dbd7d18ff82246b4f7fb9a3757c14e6a9c7.
|
|
- renamed interface xml
- renamed syslog.py to system-syslog.py
- moved protocol out of the facility node (bug)
- node port created
- migration script included
|
|
|
|
VLAN interfaces assigned to a bridge as member have not been migrated so far.
This was the case for vif, vif-s and vif-c interfaces. The migration code has
been generalized in migrate_bridge() so it is re-usable for regular interfaces,
vif, vif-s and vif-c interfaces - all now use the same code.
|
|
* 't1627-wireless' of github.com:c-po/vyos-1x:
wireless: T1627: support station mode
wireless: T1627: support DHCP(v6) addresses
wireless: T1627: add support for RADIUS source-address
wireless: T1627: RADIUS servers must have a key specified
wireless: T1627: change RADIUS CLI syntax
l2tp: harmonize RADIUS wording
wireless: T1627: re-order WPA key in hostapd config
wireless: T1627: change priority from 318 to 400
wireless: T1627: fix generated ht_capab and vht_capab
wireless: T1627: fix regex for 'ht channel-set-width'
wireless: T1627: config migrator does not support camel casing
wireless: T1627: initial rewrite of show-wireless.pl in Python
wireless: T1627: add op-mode commands
wireless: T1627: initial rewrite in XML/Python style
|
|
Adopt RADIUS configuration and harmonize it with the rest of VyOS. Move the
following configuration block:
security {
wpa {
cipher CCMP
mode wpa2
radius-server 172.16.100.10 {
port 1812
secret secretkey
}
radius-server 172.16.100.11 {
port 1812
secret secretkey
}
}
}
to the harmonized version of:
security {
wpa {
cipher CCMP
mode wpa2
radius {
server 172.16.100.10 {
port 1812
secret secretkey
}
server 172.16.100.11 {
port 1812
secret secretkey
}
}
}
}
And add the new "set interfaces wireless wlan0 security wpa radius
source-address" CLI command to specify the origin of any RADIUS query on
systems having multiple IP addresses.
|
|
convert all nodes to lowercase
|
|
Working:
- Wireless modes b, g, n, ac
- WPA/WPA2 psk and RADIUS (tested using Microsoft NPS)
|
|
|
|
[OpenVPN]: T1704: Changed config structure for OpenVPN encryption to support ncp-ciphers.
[OpenVPN]: T1704: Added migration scripts for interface 2-to-3
|
|
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested
and I know no way how it could be tested. Instead of carrying on dead and
unused code we should favour a drop of it using a proper config migration
script.
|
|
As of the SNMP specification an SNMP engine ID should be unique per device.
To not make it more complicated for users - only use the global SNMP engine ID.
|
|
|
|
|
|
As in the past during the priority race of the bash script invalid configuration
could appear in the CLI and are de-synced from the kernle state, e.g. some
bonding modes do not support arp_interval.
This is no longer allowed and added to the migration script so that the config
again represents the truth.
|
|
The node 'interfaces ethernet eth0 bond-group' has been changed and
de-nested. Bond members are now configured in the bond interface itself.
set interfaces bonding bond0 member interface eth0
|
|
|
|
|
|
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default
allows access only from RFC 1918 private IP addresses. Due to the aggressive
nature of the internet these days, it is highly recommended to not open up the
recursor for the entire internet. Questions from IP addresses not listed here
are ignored and do not get an answer.
https://docs.powerdns.com/recursor/settings.html#allow-from
Imagine an ISP network with non RFC1918 IP adresses - they can't make
use of PowerDNS recursor.
As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open
resolver. If there is no allow-from statement a config-migrator will add
the appropriate nodes to the configuration, resulting in:
service {
dns {
forwarding {
allow-from 0.0.0.0/0
allow-from ::/0
cache-size 0
ignore-hosts-file
listen-address 192.0.2.1
}
}
}
|
|
Fixes:
Traceback (most recent call last):
File "/opt/vyatta/etc/config-migrate/migrate/interfaces/0-to-1", line 27, in <module>
for br in config.list_nodes(base):
File "/usr/lib/python3/dist-packages/vyos/configtree.py", line 255, in list_nodes
raise ConfigTreeError("Path [{}] doesn't exist".format(path_str))
vyos.configtree.ConfigTreeError: Path [b'interfaces bridge'] doesn't exist
|
|
|
|
This is the new syntax
bridge br0 {
member {
interface eth0 {
cost 10
}
interface eth1 {
cost 11
}
}
}
|
|
|
|
|
|
This reverts commit 685b1e0d050c7883303733d710327161fe046b60.
|