Age | Commit message (Collapse) | Author |
|
|
|
Tunnel interface multicast settings can be "enabled or disabled". As we prefer
valueless nodes, and the linux kernel default is "disabled" we should add a
set interfaces tunnel tunXX enable-multicast
command
|
|
|
|
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
|
|
1. Changed reset IPSEC, IKE SAs to use vici library.
2. Created package vyos.ipsec to communicate with vici library.
|
|
T5013: Extend accelppp op-mode script to get statistic
|
|
Multicast has not been implemented for the tunnel interfaces.
We have only configuration CLI commands that do anything.
Fix it.
ip link set dev <tag> multicast on
ip link set dev <tag> multicast off
|
|
Some interface drivers don't support/provide min_mtu and max_mtu values
For example VyOS in docker container with 'veth' driver on some
platforms
As a workarund add default values for min/max MTU for calculations
and pass function "verify_mtu(config)"
|
|
Change op-mode raw statistics for accel_ppp.py
dict key 'cpu' to 'cpu_load_percentage' and value to integer
|
|
config_mgmt: T4991: use configtree.show_diff instead of Python difflib
|
|
If 'client_ip_pool' not exists in config we cannot search it
in the dictionary
dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name'])
Add check
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
|
|
sstp-client
|
|
Inform user about the interface where the warning occured.
|
|
T4971: PPPoE server add named ip pool and attr Framed-Pool
|
|
|
|
Add a new feature to allow to use named pools
Also it can be used with RADIUS attribute 'Framed-Pool'
set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
|
|
The previous solution did not work for drivers that were no modules.
e.g compiled with a kernel config set to CONFIG_VIRTIO_NET=y
|
|
|
|
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
T4956: fix 'show hardware cpu' issue on arm64
|
|
|
|
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/cpu.py", line 76, in <module>
res = vyos.opmode.run(sys.modules[__name__])
File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 200, in run
res = func(**args)
File "/usr/libexec/vyos/op_mode/cpu.py", line 58, in show
cpu_data = _get_raw_data()
File "/usr/libexec/vyos/op_mode/cpu.py", line 40, in _get_raw_data
return vyos.cpu.get_cpus()
File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 83, in get_cpus
cpus_dict = _find_physical_cpus()
File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 76, in _find_physical_cpus
phys_cpus[num] = cpu[num]
NameError: name 'cpu' is not defined
Co-authored By: MartB <contact@martb.dev>
|
|
opmode: T4950: add set to the list of op mode functions
|
|
op mode: T4951: add InsufficientResources error
|
|
|
|
T4944: disallow bare literals in raw op mode outputs
|
|
|
|
config-mgmt: T4942: rewrite vyatta-config-mgmt to Python/XML
|
|
|
|
|
|
ipsec: T4925: Added PRF into IKE group
|
|
|
|
Added the possibility to configure Pseudo-Random Functions (PRF)
in IKE group
set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF>
|
|
|
|
Fix ValueError: Unknown format code 'x' for object of type 'str' added in
commit c0ffb8ba4e663 ("ethernet: rps: T4928: adjust to Kernel ABI changes").
|
|
In the past we could simply set all bits for all CPUs even if they did not
exist. With 6.1.y Kernel series this is no longer possible and the input data
is validated against the available number of CPUs.
|
|
vyos.util: T4933: informative error for bad colon-separated lines in vyos.util.colon_separated_to_dict
|
|
in vyos.util.colon_separated_to_dict
|
|
opmode: T4564: add generate to the list of op mode functions
|
|
|
|
|
|
|
|
|
|
|
|
This makes transitions/updates faster and less error prone
|