summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-09-03Merge pull request #49 from hagbard-01/currenthagbard-01
T793: wireguard: implement fwmark, pre-shared key
2018-09-02Merge remote-tracking branch 'upstream/current' into T793hagbard
2018-09-02T793: wireguard preshared-key implementationhagbard
- the psk is only read from a file, due to sudo it's redirection doesn't work file is created in /tmp (it's tmpfs), wg comand executed and the psk file is deleted again, to avoid leakage of the psk. It's create umaks(077) and root:root
2018-09-02regex for endpoint removedhagbard
2018-09-02T825: add system 8-to-9 migration scriptChristian Poessinger
2018-09-02Merge branch 'current' of github.com:vyos/vyos-1x into currentDaniil Baturin
2018-09-02T824: add Python bindings for the rename_node function to vyos.configtreeDaniil Baturin
2018-09-02mdns_repeater: add 'disable' optionChristian Poessinger
2018-09-02mdns_repeater: cleanup python implementationChristian Poessinger
2018-09-02T823: add a new DHCP op mode script, only capable of showing leases now.Daniil Baturin
2018-09-02T823: add dependency on python3-sixDaniil Baturin
This is needed because this dependency is missing in the python3--isc-dhcp-leases package from stretch. When that issue is resolved, the dependency can be safely removed.
2018-09-02T822: add sudo to tcpdump commandsDaniil Baturin
to make them use correct PATH now, and to enable getting rid of capabilities later.
2018-09-01snmp.py: improve daemon startupChristian Poessinger
The previous implementation used a hardcoded 2 seconds sleep until the daemon configuration was rendered by snmpd (user/password stuff). Waiting 2 seconds is error prone and was replaced by reading the configuration file until it shows a marker indicating that the file was properly processed by snmpd.
2018-09-01T427,T793 wireguard supporthagbard
- regex added to check endpoint as pattern IP:port - T793: preparation for the use preshared key
2018-09-01T427: wireguard supporthagbard
* renamed opmode script wireguard_key.py to wireguard.py
2018-09-01Merge remote-tracking branch 'upstream/current' into T793hagbard
2018-09-01snmp.py: beautify generated snmp.conf #2Christian Poessinger
2018-09-01snmp.py: bugfix - CLI client community node was not processedChristian Poessinger
2018-09-01snmp.py: bugfix writing rocommunity string in configChristian Poessinger
2018-09-01snmp.py: beautify generated snmp.confChristian Poessinger
2018-09-01T771: snmp.px: reduce syslog noiseChristian Poessinger
2018-08-31Merge branch 'dhcpv6-server-rewrite' into currentChristian Poessinger
* dhcpv6-server-rewrite: T811: dhcpv6_server.py: add missing validators when comitting config changes dhcp_server.py: cleanup bcast_relay.py: remove obsolete import statement vyos: package: bugfix in validate.py for is_subnet_connected() T778: dhcpv6-server: XML and Python rewrite
2018-08-31T811: dhcpv6_server.py: add missing validators when comitting config changesChristian Poessinger
2018-08-31dhcp_server.py: cleanupChristian Poessinger
2018-08-31bcast_relay.py: remove obsolete import statementChristian Poessinger
2018-08-31vyos: package: bugfix in validate.py for is_subnet_connected()Christian Poessinger
2018-08-31Merge remote-tracking branch 'upstream/current' into T793hagbard
2018-08-31T793: preshared key op-mode partshagbard
2018-08-30T778: dhcpv6-server: XML and Python rewriteChristian Poessinger
2018-08-30dhcp_server.py: rework verify() error messages/error checkingChristian Poessinger
Commit 067a6b1524 ("vyos: package: extend validator by is_subnet_connected()") added a mechanism to probe if a given IPv4/IPv6 address is connected to any interface on the subnet - or is part of this subnet. We now use this call instead of producing more and more biler-plate code!
2018-08-30vyos: package: extend validator by is_subnet_connected()Christian Poessinger
Verify given IPv4/IPv6 subnet is connected to any interface on this system. Required by e.g. DHCP server that we have for IPv4 and IPv6.
2018-08-30T813: fix the check for duplicate VRIDs on the same interface (patch by ↵Daniil Baturin
Watcher7).
2018-08-29snmp.py: only write 'oldEngineID' to config if v3 is enabledChristian Poessinger
2018-08-29T733: snmp.py: switch to new IP address validatorsChristian Poessinger
Commit a30dac7c2 ("vyos package: add IP address validators") added system wide Python validators for IP addresses. Remove duplicated code and switch to single source.
2018-08-29tftp_server.py: switch to new IP address validatorsChristian Poessinger
Commit a30dac7c2 ("vyos package: add IP address validators") added system wide Python validators for IP addresses. Remove duplicated code and switch to a single source.
2018-08-29vyos package: add IP address validatorsChristian Poessinger
* is_addr_assigned(addr) - Test if address is assigned to ANY interface on the system * is_ipv4(addr) - Test if it is an IPv4 address, both network and host * is_ipv6(addr) - Test if it is an IPv6 address, both network and host
2018-08-29dhcp_server.py: beautify error messages generated in verify()Christian Poessinger
2018-08-29dhcp_server.py: check if AF_INET address is configure before using it in ↵Christian Poessinger
verify()
2018-08-29dhcp_server.py: fix KeyError in verify()Christian Poessinger
2018-08-29dhcp_server.py: improve handling of 'dhcpd.leases' fileChristian Poessinger
If there was yet no lease file present, dhcpd refused to start. Lease file is created if required. Ususally this is handeled by the isc-dhcp-server init script but we use our own path (for persistance) of that file.
2018-08-28bcast-relay.xml: move priority from tagNode to base nodeChristian Poessinger
2018-08-28T778: harden dhcp_server.py for non existing filesChristian Poessinger
2018-08-28T810: bugfix broadcast-relay address validator, add 'disable' functionalityChristian Poessinger
Whole broadcast relay service can be temporary disabled via set service broadcast-relay disable Individual instances of the broadcast relay service can be disabled set service broadcast-relay id <n> disable
2018-08-28T793: changed op-mode script from wireguard_key.py to wireguard.pyhagbard
2018-08-28dhcp_server.py: issue warning and don't generate config if service is disabledChristian Poessinger
2018-08-28dhcp_server.py: rename dictionary key 'disable' to 'disabled'Christian Poessinger
2018-08-27Merge branch 'dhcp-server-rewrite' into currentChristian Poessinger
2018-08-27T778: T782: dhcp-server: XML and Python rewriteChristian Poessinger
This commit changes in addtion the DHCP server config syntax as defined in "T782: Cleanup dhcp-server configuration". Replace boolean parameter from the folowing nodes and make it valueless. This requires a migration script which is tracked with this task * set service dhcp-server shared-network-name <xyz> subnet 172.31.0.0/24 ip-forwarding enable (true|false) * set service dhcp-server shared-network-name <xyz> authoritative (true|false) * set service dhcp-server disabled (true|false) * set service dhcp-server dynamic-dns-update enable (true|fals) * set service dhcp-server hostfile-update (enable|disable) Replace the nested start/stop ip address from "subnet 172.31.0.0/24 start 172.31.0.101 stop 172.31.0.149" to "subnet 172.31.0.0/24 range <foo> start" and "subnet 172.31.0.0/24 range <foo> stop" where foo can be any character or number. In addition the vyatta-cfg-dhcp-server package used it's own init/config file for service startup. This has been migrated to the vanilla Debian files. Copy 'on-dhcp-event.sh' from vyatta-cfg-shcp-server package commit 4749e648bca6.
2018-08-27T793: wiregurard preshared-key op-mode script and interface implementationhagbard
2018-08-27T793: generate and show psk implemented in python scripthagbard