summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-09-20vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC"Christian Poessinger
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method") provided a common helper to generate MAC addresses used by EUI64 addresses for interfaces not having a layer2 interface (WireGuard or ip tunnel). The problem is that every call to the helper always yielded a new MAC address. This becomes problematic when IPv6 link-local addresses are generated and modified on the interface as multiple link-local (fe80::/64) addresses can easily be added to the interface leaving ... a mess. This commit changes the way how the "synthetic" MAC is generated, we generate a UUID which is stable as it is based on the interface name. We take out the last 48 bits of the UUID and form the "MAC" address.
2021-09-20vyos.ifconfig: T2738: can only read from a file when it existsChristian Poessinger
When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for this interface vanish. We need to check if the file exists before we read it.
2021-09-20Merge pull request #1012 from lucasec/vti-enhancementsChristian Poessinger
ipsec: T1441: Clean up vti-up-down script for XFRM interfaces
2021-09-19ipsec: T1441: Clean up vti-up-down script for XFRM interfacesLucas Christian
2021-09-19vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interfaceChristian Poessinger
When using VRRP on any given interface and performing an action against that interface - be it even only changing the alias - will trigger a removal of the VRRP IP address. The issue is caused by: # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): When the script calls into the library - we will drop all IP addresses set on the adapter but not available in the config dict. We should only remove the IP addresses marked by the CLI to be deleted!
2021-09-19vyos.configdict: bugfix: leaf_node_changed() must return empty dict when ↵Christian Poessinger
node is added Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict when node is added") returned [''] as "empty" dict - but this is not empty. >>> if ['']: ... print('foo') ... foo It should rather be: []
2021-09-19vyos.ifconfig: T2738: add delta check when changing interface parametersChristian Poessinger
There is no need to alter interface parameters if they have not changed at all.
2021-09-19dhcp-server: T3672: migrate failover name optionChristian Poessinger
Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option) unfortunately did not add the name option to the migration script.
2021-09-19smoketest: dhcp: T3841: validate ping-check optionChristian Poessinger
2021-09-19smoketest: dhcp: T3672: adjust to new CLI syntaxChristian Poessinger
2021-09-19dhcp-server: T3672: bugfix Jinja2 templateChristian Poessinger
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases.
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides.
2021-09-19xml: dhcp-server: move building blocks to dhcp subdirectoryChristian Poessinger
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
2021-09-19dhcpv6: op-mode: xml: error out if DHCPv6 service not configuredChristian Poessinger
Restarting DHCPv6 server should not be possible when service is not configured on the CLI.
2021-09-19dhcpv6: op-mode: xml: fix duplicate help stringsChristian Poessinger
2021-09-19dhcp: op-mode: xml: error out if DHCP service not configuredChristian Poessinger
2021-09-19dhcp: op-mode: xml: fix duplicate help stringChristian Poessinger
2021-09-19Merge pull request #1011 from jack9603301/T3648Christian Poessinger
op-mode: nat: T3648: Fix NAT script errors
2021-09-19Merge pull request #1010 from lucasec/dns-fw-cache-sizeChristian Poessinger
pdns_recursor: T3840: Allow larger DNS forwarding cache sizes
2021-09-19op-mode: nat: T3648: Fix NAT script errorsjack9603301
2021-09-18T3840: Allow larger DNS forwarding cache sizesLucas Christian
2021-09-18container: T2216: add IPv6 support to container networksChristian Poessinger
2021-09-18dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1'
2021-09-18dhcp-server: xml: use description building blockChristian Poessinger
2021-09-18dhcpv6-server: xml: add description CLI nodeChristian Poessinger
2021-09-18dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6.
2021-09-18dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } }
2021-09-18smoketest: ipsec: only delete nhrp path where it is usedChristian Poessinger
2021-09-18ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by oneChristian Poessinger
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface.
2021-09-18validator: T2417: bugfix on Python3 f'ormat stringsChristian Poessinger
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword.
2021-09-17Merge pull request #1007 from erkin/currentChristian Poessinger
T3823: Stop strip-private regexp from swallowing quotes
2021-09-17T3823: Stop strip-private regexp from swallowing quoteserkin
2021-09-15ipsec: T3830: "authentication id|use-x509-id" are mutually exclusiveChristian Poessinger
Manually set peer id and use-x509-id are mutually exclusive!
2021-09-15ipsec: T3830: set connections.<conn>.remote<suffix>.id to "peer" if undefinedChristian Poessinger
Restore "default" behavior from ipsec.conf
2021-09-15xml: remove unnecessary "i" from help in source-address-ipv4 building block Christian Poessinger
2021-09-15typo: remove unnecessary 'i' from helpJavinator9889
2021-09-14dhcpv6-pd: T421: disable wide dhcpv6 client debug messagesChristian Poessinger
2021-09-14Merge pull request #1005 from sarthurdev/T3828Christian Poessinger
ipsec: T3828: Update interface definitions for new behaviour
2021-09-14ipsec: T3828: Update interface definitions for new behavioursarthurdev
2021-09-13Merge pull request #1004 from sarthurdev/T3828Christian Poessinger
ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable`
2021-09-13ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable`sarthurdev
2021-09-12pki: T3642: listing all CRLs show be doen using a leafNodeChristian Poessinger
2021-09-12pki: T3642: show only requested certificate in op-modeChristian Poessinger
2021-09-12pki: T3642: show only requested certificate in op-modeChristian Poessinger
2021-09-12pki: T3642: show only requested CA in op-modeChristian Poessinger
2021-09-11Fix inconsistent capitalization in the show version outputDaniil Baturin
2021-09-10wireguard: T3642: directly import keys to CLI when run in config modeChristian Poessinger
vyos@vyos# run generate pki wireguard key-pair install interface wg10 "generate" CLI command executed from config session. Generated private-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 Corresponding public-key to use on peer system is: 'hGaWcoG7f+5sPAUY/MNQH1JFhsYdsGTecYA9S2J8xGs=' vyos@vyos# run generate pki wireguard preshared-key install interface wg10 peer vyos "generate" CLI command executed from config session. Generated preshared-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 vyos@vyos# show interfaces wireguard wg10 +peer vyos { + preshared-key OwTALZy8w6VIBMxUwbOv6Ys7QMyhrtY4aw+0cUjmmCw= +} +private-key 0Pu95CejvCUCCwrTW39TCYnitESWAdIIFTVJb7UgxVU= [edit]
2021-09-10frr: T1514: refactor restart script and drop duplicated codeChristian Poessinger