Age | Commit message (Collapse) | Author |
|
Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
|
|
dictconfig: T2637: identify sub-interfaces (vif) to delete
|
|
|
|
Commit 9390988709 ("vxlan: T2629: fix multiple configuration issues") called
append() on a list and passed two arguments which is invalid.
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 300, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 245, in apply
v = VXLANIf(vxlan['intf'], **conf)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 221, in __init__
self._create()
File "/usr/lib/python3/dist-packages/vyos/ifconfig/vxlan.py", line 84, in _create
cmdline.append('group', 'src_interface')
TypeError: append() takes exactly one argument (2 given)
|
|
validation: T2630: bound to interface mtu if available
|
|
|
|
vxlan: T2629: fix multiple configuration issues
|
|
It was not possible to configure two WG peers with both utilized a pre-shared
key. This has been corrected.
WG psk can only be read from a file when starting the interface. The code for
creating this temporary file has been moved into the ifconfig.WireGuardIf()
class.
Tested with:
============
set interfaces wireguard wg0 address '192.0.2.0/31'
set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA='
set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw='
set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='
|
|
|
|
|
|
|
|
default-doct
* 'T2588' of https://github.com/thomas-mangin/vyos-1x:
xml: T2588: code to extract defaults values from xml
|
|
|
|
|
|
T2486: DNS, vyos-hostsd fixes
|
|
|
|
|
|
Merge two dictionaries. Only keys which are not present in destination will
be copied from source, anything else will be kept untouched. Function will
return a new dict which has the merged key/value pairs.
Before:
{'device': {'usb0b2.4p1.0': {'speed': '9600'},
'usb0b2.4p1.1': {'data-bits': '8',
'parity': 'none',
'speed': '115200',
'stop-bits': '2'}}}
After:
{'device': {'usb0b2.4p1.0': {'data-bits': '8',
'parity': 'none',
'speed': '9600',
'stop-bits': '1'},
'usb0b2.4p1.1': {'data-bits': '8',
'parity': 'none',
'speed': '115200',
'stop-bits': '2'}}}
|
|
|
|
|
|
|
|
|
|
|
|
Instead of using "show version" as catch-all command for information rather
add "show system cpu" op-mode command which is analogous to "show system memory"
which deals with RAM.
|
|
|
|
Commit 728b1feaf744 ("dhcpv6-pd: T2551: fix prefix length not set in config")
reworked the way the configuration path is accesses on the individual
interfaces, but it was missed out to apply it correctly when reading in
sla-len and sla-id values.
|
|
Retrieving the CLI nodes from current config was missed out and only
implemented for PPPoE.
|
|
A typo caused vif-s interfaces to not commit.
|
|
|
|
|
|
airbag :T2088: make airbag explicit
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
After commit d5b58517f883 ("dhcpv6-pd: pppoe: T2506: restructure CLI") the
CLI syntax has been adjusted for a better definition of DHCPv6-PD prefix length
option. Verifying a properly rendered template indeed did not happen which
cause the function to vanish for non PPPoE interfaces.
|
|
|
|
Some ISPs (e.g. Comcast) only delegate a /64 by default. You have to explicitly
"ask" for a bigger (e.g. /60) prefix. This commit adds a CLI node to request
a specific prefix length in the range 32 - 64.
dhcpv6-options {
prefix-delegation {
length 60
}
}
|
|
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate
<interface>" to "dhcpv6-options prefix-delegation interface <interface>".
The change is required to add the possibility to request for specific prefix
sized via the CLI. That option was not possible with the old configuration
tree.
|
|
|
|
|
|
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
|
|
|
|
|
|
|
|
|
|
util: T2467: automatically add sudo to known commands
|
|
|
|
|
|
|
|
Add support for prefix delegation when receiving the prefix via ethernet,
bridge, bond, wireless.
|
|
|
|
Dictionary is used to remove the amount of duplicated code by e.g. ethernet
or bridge interface.
|