summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-09-11Merge branch 'current' into equuleusDaniil Baturin
2019-09-11T1598: annotate the vyos-hostsd unit file.Daniil Baturin
2019-09-10[syslog] - T1597: 'del system system' stops now rsysloghagbard
2019-09-10[wireguard] - clean up duplicated op optionshagbard
2019-09-10Revert "[wireguard] - remove 'show wireguard keypair'"hagbard
This reverts commit e85c90bf3188c24c6a88c6a96a0d7fc30c221905.
2019-09-10[wireguard] - remove 'show wireguard keypair'hagbard
in favor for 'show wireguard keypairs...'
2019-09-10[wireguard]: T1650 - cli option to delete default wg keyhagbard
2019-09-10[wireguard]: T1572 - Wireguard keyPair per interfacehagbard
- param key location added in op-mode script - param delkey and listkey implemented in op-mode script - param delkey implemented in op-mode script - generate and store named keys - interface implementation tu use cli option 'private-key'
2019-09-09[wireguard] - T1639: wireguard pubkey change errorhagbard
- removed sudo as is already runs as root - set privte key as variable in preparation to support multiple pk's
2019-09-07bonding: T1614: bugfix in validate - enslave failedChristian Poessinger
Forgot to exclude our current bond interface in the search for duplicate interface enslavement.
2019-09-07bridge: bonding: minor comment cleanupChristian Poessinger
2019-09-06[wireguard] - T1639: wireguard pubkey change errorhagbard
- sudo added to wg call - debug print removed when pubkey changes
2019-09-06openvpn: T1548: always restart OpenVPNChristian Poessinger
Previous implementations sent a SIGUSR1 to OpenVPN to initialte a restart after the configuration changed - as this was the same as the client keepalive mechanism did. Unfortunately on SIGUSR1 OpenVPN does not re-read the configuration file. Thus changed options were never taken into account.
2019-09-06openvpn: T1548: cleanup import statementsChristian Poessinger
2019-09-06openvpn: T1630: support adding routes as unpriviledged userChristian Poessinger
2019-09-06Merge pull request #125 from c-po/t1636-vxlanChristian Poessinger
vxlan: T1636: initial rewrite with XML and Python
2019-09-06vxlan: T1636: initial rewrite with XML and PythonChristian Poessinger
Tested using: Site 1 (VyOS 1.2.2) ------------------- set interfaces vxlan vxlan100 address '10.10.10.2/24' set interfaces vxlan vxlan100 remote '172.18.201.10' set interfaces vxlan vxlan100 vni '100' Site 2 (rewrite) ---------------- set interfaces vxlan vxlan100 address '10.10.10.1/24' set interfaces vxlan vxlan100 description 'VyOS VXLAN' set interfaces vxlan vxlan100 remote '172.18.202.10' set interfaces vxlan vxlan100 vni '100'
2019-09-06Python/ifconfig: T1557: vxlan: initial support via VXLANIfChristian Poessinger
2019-09-06dummy: loopback: T1580: T1601: synchronize commentsChristian Poessinger
2019-09-06bonding: T1614: members are not allowed to be underlaying vxlan devicesChristian Poessinger
2019-09-06bonding: T1614: reword verify() error messagesChristian Poessinger
2019-09-06bonding: T1614: enslaved interfaces can be added to only one bond at a timeChristian Poessinger
2019-09-06wireguard: T427: use long syntax on list_interfaces.py '--type' instead of '-t'Christian Poessinger
2019-09-06openvpn: T1548: use long syntax on list_interfaces.py '--type' instead of '-t'Christian Poessinger
2019-09-06bridge: T1556: make ARP cache constraint error message more genericChristian Poessinger
2019-09-06bonding: T1614: make ARP cache constraint error message more genericChristian Poessinger
2019-09-06gitignore: add patterns used by SlickEditChristian Poessinger
2019-09-06Python/ifconfig: T1557: fix remove_peer commend in WireGuardIfChristian Poessinger
2019-09-06Python/ifconfig: T1557: {add,del}_addr() now supports dhcp/dhcpv6Christian Poessinger
Instead of manually starting DHCP/DHCPv6 for every interface and have an identical if/elif/else statement checking for dhcp/dhcpv6 rather move this repeating stement into add_addr()/del_addr(). Single source is always preferred.
2019-09-06Python/ifconfig: T1557: recursively delete VLAN interfaces on remove()Christian Poessinger
2019-09-04[wireguard] - T1628: line break in coment addedhagbard
2019-09-04[wireguard] - T1628: renaming member functions, removing wg_ prefixhagbard
2019-09-04Merge branch 'current' of https://github.com/vyos/vyos-1x into currenthagbard
2019-09-04[wireguard] - T1628: fixing comment indenthagbard
2019-09-04Python/configdict: add function vlan_to_dictChristian Poessinger
A generic function which can parse the VLAN (vif, vif-s, cif-c) nodes in a config session. A dictionary describing the VLAN is returned. A good example will be the interface-bonding.py script used to generate bond interfaces in the system. It is used as follows: if conf.exists('vif'): for vif in conf.list_nodes('vif'): # set config level to vif interface conf.set_level(cfg_base + ' vif ' + vif) bond['vif'].append(vlan_to_dict(conf))
2019-09-04Python/configdict: add list_diff function to compare two listsChristian Poessinger
A list containing only unique elements not part of the other list is returned. This is usefull to check e.g. which IP addresses need to be removed from the OS.
2019-09-04[wireguard] - T1628: Adopt WireGuard configuration script to new ↵hagbard
vyos.ifconfig class
2019-09-04openvpn: T1617: T1632: support quotes in openvpn-optionChristian Poessinger
The following CLI command can be used to add a raw option to OpenVPN which requires quotes: > set interfaces openvpn vtun10 openvpn-option 'push "keepalive 1 10"' The resulting config file will then have the following set: > push "keepalive 1 10"
2019-09-04[service https] T1443: rename "server-names" option to "server-name".Daniil Baturin
2019-09-04[service https] T1443: correct the listen-address option in the script.Daniil Baturin
2019-09-04[service https] T1443: use "listen-address" option instead of "listen-addresses"Daniil Baturin
to follow the established convention.
2019-09-04Merge pull request #124 from c-po/t1614-bondingChristian Poessinger
T1614 bonding
2019-09-04bridge: T1615: can not add member interface to bridge if it is also part of ↵Christian Poessinger
a bond
2019-09-04bonding: T1614: T532: new commit validatorsChristian Poessinger
As in the past during the priority race of the bash script invalid configuration could appear in the CLI and are de-synced from the kernle state, e.g. some bonding modes do not support arp_interval. This is no longer allowed and added to the migration script so that the config again represents the truth.
2019-09-04Merge branch 'current' of https://github.com/vyos/vyos-1x into currentDaniil Baturin
2019-09-04[service https] T1443: create /etc/vyos if it doesn't exist.Daniil Baturin
2019-09-04T1443: add dependencies on nginx-light and ssl-cert.Daniil Baturin
2019-09-04openvpn: T1617: bugfix for server push-routeChristian Poessinger
(cherry picked from commit e4f1bbb270f0afea295646764516675bbcfe0be5)
2019-09-04openvpn: T1548: remove authy 2fa providerChristian Poessinger
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device. (cherry picked from commit 5d858f0e6ad05b032c88c88a08c15d0876c44e8b)
2019-09-04bonding: T1614: add vif-c VLAN interface supportChristian Poessinger
Tested using: ============= set interfaces bonding bond0 address 192.0.2.1/24 set interfaces bonding bond0 description "VyOS bonding" set interfaces bonding bond0 disable-link-detect set interfaces bonding bond0 hash-policy layer2+3 set interfaces bonding bond0 ip arp-cache-timeout 86400 set interfaces bonding bond0 mac 00:91:00:00:00:01 set interfaces bonding bond0 mode active-backup set interfaces bonding bond0 mtu 9000 set interfaces bonding bond0 member interface eth1 set interfaces bonding bond0 member interface eth2 set interfaces bonding bond0 vif-s 100 address 192.168.10.1/24 set interfaces bonding bond0 vif-s 100 description "802.1ad service VLAN 100" set interfaces bonding bond0 vif-s 100 mtu 1500 set interfaces bonding bond0 vif-s 100 mac 00:91:00:00:00:02 set interfaces bonding bond0 vif-s 100 vif-c 110 address "192.168.110.1/24" set interfaces bonding bond0 vif-s 100 vif-c 110 description "client VLAN 110" set interfaces bonding bond0 vif-s 100 vif-c 120 address "192.168.120.1/24" set interfaces bonding bond0 vif-s 100 vif-c 120 description "client VLAN 120" set interfaces bonding bond0 vif-s 100 vif-c 130 address "192.168.130.1/24" set interfaces bonding bond0 vif-s 100 vif-c 130 description "client VLAN 130" set interfaces bonding bond0 vif 400 address 192.168.40.1/24 set interfaces bonding bond0 vif 400 description "802.1q VLAN 400" set interfaces bonding bond0 vif 400 mtu 1500 set interfaces bonding bond0 vif 400 mac 00:91:00:00:00:03