https://github.com/vyos/vyos-1x/pull/1019
https://github.com/vyos/vyatta-cfg/pull/41
https://github.com/vyos/vyatta-cfg-system/pull/171
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Sep 30 2021
Sep 29 2021
Sep 28 2021
The issue solved in the https://github.com/vyos/vyos-1x/pull/1017
However, the question if netplug script is necessary at all is still opened.
It works now! Thanks!
Sep 27 2021
In testing:
https://github.com/vyos/vyos-1x/compare/current...jestabro:interface-names
https://github.com/vyos/vyatta-cfg/compare/current...jestabro:interface-names
The following removes legacy code: vyatta_net_name, vyatta_interface_rescan, XorpConfigParser
https://github.com/vyos/vyatta-cfg-system/compare/current...jestabro:interface-names
Backported to crux branch
@danielpo Will be fixed in the next rolling release.
PR https://github.com/vyos/vyos-1x/pull/1016
Change priority for nat66
Not all clients support the gateway option (get issues in mac and windows):
Mac
tun_prop_route_error: route destinations other than vpn_gateway or net_gateway are not supported
set interfaces openvpn vtun20 openvpn-option '--push dhcp-option DNS 203.0.113.1'
generated config:
--push dhcp-option DNS 203.0.113.1
expected configuration:
push dhcp-option "DNS 203.0.113.1"
By the way, the SNMPD service of the router will not restart automatically. After the SNMP service is attacked, the SNMP service cannot be restored even if the device is restarted, which may be an inappropriate implementation.
I have a question. If you confirm the existence of the vulnerability, can you report to the NET-SNMP vendor and apply for a CVE number?
I have sent the POC of the vulnerability to [email protected].
By the way, The password of the compressed package is HGkasjgJFYL261.
Hello, I have found three vulnerabilities in V1.2.7, one of which can also be reproduced in V1.3, please continue to check the other versions, I will send all three POCs to your email, thank you for your work.
Adding a few notes here:
- The ideal behavior probably depends on which PKI elements are changed and what services depend on them.
- E.g. OpenVPN does not require a server restart for a CRL change (see https://openvpn.net/community-resources/controlling-a-running-openvpn-process/), but changing the CA or server cert/key would require a restart.
- It seems like there are some swanctrl commands that can conditionally reload parts of the config too without taking all tunnels down
- The former might be useful if you need to renew server certs or something like that and want to do so with the minimal impact