summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2021-07-06ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.pysarthurdev
Also adds check for the charon socket instead of an arbitrary sleep()
2021-07-05pki: ipsec: T3642: Fix issue with '.' being present in tag nodes, adds new ↵sarthurdev
vyos.util method `dict_search_args` to allow for dot characters in keys.
2021-07-05pki: T3642: Support for adding SANs on certificate requestssarthurdev
2021-07-04Merge pull request #910 from sarthurdev/pki_extChristian Poessinger
pki: T3642: Add standard extensions to generated certificates
2021-07-04pki: T3642: Add standard extensions to generated certificatessarthurdev
2021-07-04vyos.util: T3663: move inotify-based imports to function levelChristian Poessinger
Keep the vyos.util function clean and not pull in the rest of the world when importing it.
2021-07-04T3663: prerequisites for inotify-based watching implementations.Daniil Baturin
2021-07-03ipsec: T2816: add Jinja2 converter for ESP/IKE groups to stringChristian Poessinger
2021-07-02ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. ↵sarthurdev
Remove python3-crypto dependency.
2021-07-01vyos.util: remove no longer needed copy_file helper methodChristian Poessinger
The IPSec ceritifcate handling is now done by storing the CA key inside the running configuration.
2021-07-01Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cliChristian Poessinger
* 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management
2021-07-01vyos.util: fix IsADirectoryError and SameFileError for copy_fileChristian Poessinger
Commit 5303ec39 ("vyos.util: add new helper copy_file()") added a new helper function to copy a file from A -> B and create the destination directory if required. It did also throw an excpetion if the destination file already existed and consisted of the same file - this is now ignored and we always copy the source to the destination.
2021-06-29pki: T3642: New PKI config and managementsarthurdev
2021-06-28ipsec: T1441: switch from vti to xfrm interfacesChristian Poessinger
XFRM interfaces are similar to VTI devices in their basic functionality but offer several advantages: * No tunnel endpoint addresses have to be configured on the interfaces. Compared to VTIs, which are layer 3 tunnel devices with mandatory endpoints, this resolves issues with wildcard addresses (only one VTI with wildcard endpoints is supported), avoids a 1:1 mapping between SAs and interfaces, and easily allows SAs with multiple peers to share the same interface. * Because there are no endpoint addresses, IPv4 and IPv6 SAs are supported on the same interface (VTI devices only support one address family). * IPsec modes other than tunnel are supported (VTI devices only support tunnel mode). * No awkward configuration via GRE keys and XFRM marks. Instead, a new identifier (XFRM interface ID) links policies and SAs with XFRM interfaces.
2021-06-27op-mode: bond: T2546: implement "show interface bond * slaves" commandChristian Poessinger
Add implementation with XML and Python.
2021-06-26vyos.util: add new helper copy_file()Christian Poessinger
Copy a file from A -> B but also support adjusting Bs file permissions and creation of Bs base directory if required.
2021-06-23T3574: do not add constraintGroup property to xml cacheJohn Estabrook
2021-06-22vyos.ethtool: T3645: fix compatibility with latest ethtool versionChristian Poessinger
Ethtool version used on Debian Bullseye changed the output format from 0 -> n/a. As we are only interested in the tx/rx keys we do not care about RX Mini/Jumbo.
2021-06-21vyos.certbot: T3641: adjust to new python3-certbot-nginx APIChristian Poessinger
2021-06-21Python: T3641: adjust to changes in latest vesion of netifaces libraryChristian Poessinger
2021-06-20Merge pull request #893 from erkin/T3628Christian Poessinger
T3268: remote: Determine source address from given network interface
2021-06-20T3268: remote: Determine source address from given network interfaceerkin
2021-06-20Merge pull request #892 from erkin/T3563Christian Poessinger
T3563: remote: Allow `paramiko.transport.Transport().close()` to automatically close the socket
2021-06-20T3563: remote: Allow `paramiko.transport.Transport().close()` to ↵erkin
automatically close the socket
2021-06-18Merge pull request #883 from sever-sever/T3633Christian Poessinger
ethernet: T3633: Add LRO offload
2021-06-18Merge pull request #882 from erkin/currentChristian Poessinger
T3356: remote: Use the local filename if the destination is a directory in SFTP transfers
2021-06-17ethernet: T3633: Add LRO offloadViacheslav
2021-06-17T3356: remote: Use the local filename if the destination is a directory in ↵erkin
SFTP transfers.
2021-06-13pppoe: T3621: validate that both username and password are setChristian Poessinger
A validator is missing checking that if authentication is used on a PPPoE interface, both username and password are set. (cherry picked from commit 0361c3ac449f183476f7aee31439417d9f7f8012)
2021-06-13Merge pull request #879 from erkin/currentChristian Poessinger
T3563: Call `socket.shutdown()` with appropriate argument
2021-06-13T3563: Call `socket.shutdown()` with appropriate argumenterkin
2021-06-13wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface treeChristian Poessinger
2021-06-09remote, util: Move general helper routines from `remote.py` to `util.py`erkin
2021-06-08remote: import is_ipv6 from vyos.templateChristian Poessinger
2021-06-08Merge pull request #867 from erkin/currentChristian Poessinger
T3563: Add support for IPv6 source addresses in SSH connections
2021-06-08remote: Use `is_ipv6()` instead of ad hoc IPv6 checkerkin
2021-06-06T3563: Add support for IPv6 source addresses in SSH connectionserkin
2021-06-06Merge pull request #846 from erkin/currentChristian Poessinger
T3508, T3356: remote: Friendly download procedure for user-facing scripts
2021-05-30T3356: Add progressbars to SFTP and HTTP transferserkin
2021-05-29T3356: Add progressbars to FTP transferserkin
Allow ports to be specified in URL strings
2021-05-28vti: ipsec: T2816: interfaces must be created using the vyos.ifconfig libraryChristian Poessinger
2021-05-28ipsec: T2816: IPSec python rework, includes DMVPN and VTI supportSimon
2021-05-24tunnel: T3555: add "ignore-df" support for GRE tunnelsChristian Poessinger
2021-05-24pseudo-ethernet: T3575: verify parent interface MTUChristian Poessinger
2021-05-23vyos.configverify: T3570: sub interface MTU must be less or equal to parent MTUSimon
2021-05-21vlan: T3551: support runtime changing of ingress and egress QoS settingsJACK
2021-05-18revert: "util: T2467: add autosudo as an option to command"Christian Poessinger
Implementing a wrapper which will - based on the command - add a sudo prefix to the execution string seemed to be a nice idea but unfortunately it did not only not get momentum but also the codebase somethis added an implicit "sudo" call a second time. This resulted in a call: "sudo sudo systemctl" The entire functionality was removed again and if an op-mode script requires root priviledges it must be explicitly called with them - no black magic.
2021-05-18T3356: remote: Read username and password from environment variableserkin
2021-05-18T3356: remote: Add friendly download procedure for user-facing scriptserkin
2021-05-15vyos.ifconfig: T3532: re-create Q-in-Q interface on protocol changeChristian Poessinger
It is not possible to change the VLAN encapsulation protocol "on-the-fly". For this "quirk" we need to actively delete and re-create the VIF-S interface.