Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
This reverts commit e85c90bf3188c24c6a88c6a96a0d7fc30c221905.
|
|
in favor for 'show wireguard keypairs...'
|
|
|
|
- param key location added in op-mode script
- param delkey and listkey implemented in op-mode script
- param delkey implemented in op-mode script
- generate and store named keys
- interface implementation tu use cli option
'private-key'
|
|
- removed sudo as is already runs as root
- set privte key as variable in preparation to support multiple
pk's
|
|
Forgot to exclude our current bond interface in the search for duplicate
interface enslavement.
|
|
|
|
- sudo added to wg call
- debug print removed when pubkey changes
|
|
Previous implementations sent a SIGUSR1 to OpenVPN to initialte a restart after
the configuration changed - as this was the same as the client keepalive
mechanism did.
Unfortunately on SIGUSR1 OpenVPN does not re-read the configuration file. Thus
changed options were never taken into account.
|
|
|
|
|
|
vxlan: T1636: initial rewrite with XML and Python
|
|
Tested using:
Site 1 (VyOS 1.2.2)
-------------------
set interfaces vxlan vxlan100 address '10.10.10.2/24'
set interfaces vxlan vxlan100 remote '172.18.201.10'
set interfaces vxlan vxlan100 vni '100'
Site 2 (rewrite)
----------------
set interfaces vxlan vxlan100 address '10.10.10.1/24'
set interfaces vxlan vxlan100 description 'VyOS VXLAN'
set interfaces vxlan vxlan100 remote '172.18.202.10'
set interfaces vxlan vxlan100 vni '100'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Instead of manually starting DHCP/DHCPv6 for every interface and have an
identical if/elif/else statement checking for dhcp/dhcpv6 rather move this
repeating stement into add_addr()/del_addr().
Single source is always preferred.
|
|
|
|
|
|
|
|
|
|
|
|
A generic function which can parse the VLAN (vif, vif-s, cif-c) nodes in a
config session. A dictionary describing the VLAN is returned.
A good example will be the interface-bonding.py script used to generate bond
interfaces in the system. It is used as follows:
if conf.exists('vif'):
for vif in conf.list_nodes('vif'):
# set config level to vif interface
conf.set_level(cfg_base + ' vif ' + vif)
bond['vif'].append(vlan_to_dict(conf))
|
|
A list containing only unique elements not part of the other list is
returned. This is usefull to check e.g. which IP addresses need to be
removed from the OS.
|
|
vyos.ifconfig class
|
|
The following CLI command can be used to add a raw option to OpenVPN
which requires quotes:
> set interfaces openvpn vtun10 openvpn-option 'push "keepalive 1 10"'
The resulting config file will then have the following set:
> push "keepalive 1 10"
|
|
|
|
|
|
to follow the established convention.
|
|
T1614 bonding
|
|
a bond
|
|
As in the past during the priority race of the bash script invalid configuration
could appear in the CLI and are de-synced from the kernle state, e.g. some
bonding modes do not support arp_interval.
This is no longer allowed and added to the migration script so that the config
again represents the truth.
|
|
|
|
|
|
|
|
(cherry picked from commit e4f1bbb270f0afea295646764516675bbcfe0be5)
|
|
According to https://github.com/twilio/authy-openvpn commit 3e5dc73:
> This plugin is no longer actively maintained. If you're interested in
becoming a maintainer, we welcome forks of this project.
In addition this plugin was always missing in the current branch ov VyOS and
did not make it into VyOS 1.2 (crux)
If 2FA for OpenVPN is required we should probably opt for Google Authenticator
or if possible a U2F device.
(cherry picked from commit 5d858f0e6ad05b032c88c88a08c15d0876c44e8b)
|
|
Tested using:
=============
set interfaces bonding bond0 address 192.0.2.1/24
set interfaces bonding bond0 description "VyOS bonding"
set interfaces bonding bond0 disable-link-detect
set interfaces bonding bond0 hash-policy layer2+3
set interfaces bonding bond0 ip arp-cache-timeout 86400
set interfaces bonding bond0 mac 00:91:00:00:00:01
set interfaces bonding bond0 mode active-backup
set interfaces bonding bond0 mtu 9000
set interfaces bonding bond0 member interface eth1
set interfaces bonding bond0 member interface eth2
set interfaces bonding bond0 vif-s 100 address 192.168.10.1/24
set interfaces bonding bond0 vif-s 100 description "802.1ad service VLAN 100"
set interfaces bonding bond0 vif-s 100 mtu 1500
set interfaces bonding bond0 vif-s 100 mac 00:91:00:00:00:02
set interfaces bonding bond0 vif-s 100 vif-c 110 address "192.168.110.1/24"
set interfaces bonding bond0 vif-s 100 vif-c 110 description "client VLAN 110"
set interfaces bonding bond0 vif-s 100 vif-c 120 address "192.168.120.1/24"
set interfaces bonding bond0 vif-s 100 vif-c 120 description "client VLAN 120"
set interfaces bonding bond0 vif-s 100 vif-c 130 address "192.168.130.1/24"
set interfaces bonding bond0 vif-s 100 vif-c 130 description "client VLAN 130"
set interfaces bonding bond0 vif 400 address 192.168.40.1/24
set interfaces bonding bond0 vif 400 description "802.1q VLAN 400"
set interfaces bonding bond0 vif 400 mtu 1500
set interfaces bonding bond0 vif 400 mac 00:91:00:00:00:03
|