| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-03-04 | vrf: T31: reorder routing table lookups | Christian Poessinger | |
| Linux routing uses rules to find tables - routing targets are then looked up in those tables. If the lookup got a matching route, the process ends. TL;DR; first table with a matching entry wins! You can see your routing table lookup rules using "ip rule", sadly the local lookup is hit before any VRF lookup. Pinging an addresses from the VRF will usually find a hit in the local table, and never reach the VRF routing table - this is usually not what you want. Thus we will re-arrange the tables and move the local lookup furhter down once VRFs are enabled. | |||
| 2020-03-04 | vrf: T31: adding unreachable routes to the routing tables | Christian Poessinger | |
| 2020-03-04 | vrf: T31: prior to the v4.8 kernel iif and oif rules are needed | Christian Poessinger | |
| .. we run on 4.19 thus this is no longer needed. | |||
| 2020-03-04 | vrf: T31: create iproute2 table to name mapping reference | Christian Poessinger | |
| 2020-03-04 | vrf: T31: rename 'vrf disable-bind-to-all ipv4' to 'vrf bind-to-all' | Christian Poessinger | |
| By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to an l3mdev and processes may bind to the same port if they bind to an l3mdev. TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling the 'vrf bind-to-all' option. | |||
| 2020-03-04 | vrf: T31: support add/remove of interfaces from vrf | Christian Poessinger | |
| 2020-03-04 | vrf: T31: remove superfluous vyos.vrf library functions | Christian Poessinger | |
| vyos.vrf.list_vrfs() was only used in one function thus building a library is no longer needed. If it is needed in the future it should be placed into a library again. | |||
| 2020-03-04 | vrf: T31: reduce script complexity | Christian Poessinger | |
| Keep it simple and stupid :) | |||
| 2020-03-04 | vrf: T31: no need to use sudo calls in vrf.py | Christian Poessinger | |
| All configuration mode scripts are already run with sudo. | |||
| 2020-03-04 | vrf: T31: initial support for a VRF backend in XML/Python | Thomas Mangin | |
| This is a work in progress to complete T31 whoever thought it was less than 1 hour of work was ..... optimistic. Only VRF vreation and show is supported right now. No interface can be bound to any one VRF. | |||
| 2020-03-03 | interfaces: T1579: fix c/p error when evaluating ↵ | Christian Poessinger | |
| os.environ['VYOS_TAGNODE_VALUE'] This has been only a theoretical problem but then the error condition was triggered - only an error has been printed instead of raising an Exception. | |||
| 2020-03-03 | dhcp-server: T2092: add default route to rfc3442-static-route option | Andras Elso | |
| 2020-03-03 | dhcp-server: T2062: Fix static route bytes | Andras Elso | |
| 2020-03-01 | pppoe: T2087: enable unlimited connection attempts | Christian Poessinger | |
| 2020-02-27 | Merge pull request #227 from thomas-mangin/T2057 | Christian Poessinger | |
| ifconfig: T2057: generalised Interface configuration | |||
| 2020-02-27 | openvpn: T2075: add support for OpenVPN tls-crypt file option | Christian Poessinger | |
| Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy) | |||
| 2020-02-27 | login: T2050: retrieve home directory for SSH keys from OS and not guess it | Christian Poessinger | |
| We should not rely on the home dir value stored in user['home_dir'] as if a crazy user will choose username root or any other system user this will fail. Should be deny using root at all? | |||
| 2020-02-25 | [service https] T1443: set default HTTPS listen port | John Estabrook | |
| 2020-02-25 | login: T1948: migrade local and radius configurations | Christian Poessinger | |
| Splitting was not a good idea. By combining both we can create a RADIUS server XML include file which can be reused by multiple implementations to get a uniformed CLI for the users. | |||
| 2020-02-25 | login: radius: T2071: support disabling individual server | Christian Poessinger | |
| 2020-02-25 | pppoe: T2055: verify logfile really exists | Christian Poessinger | |
| 2020-02-25 | Merge branch 'pppoe-t2070' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
| * 'pppoe-t2070' of github.com:c-po/vyos-1x: pppoe: T2070: rewrite (dis-)connect op-mode commands in XML and Python gitignore: fix ignore pattern of all debhelper files pppoe: T2055: make logfile owned by root/vyattacfg pppoe: T1318: validate existing source-interface | |||
| 2020-02-25 | pppoe: T2055: make logfile owned by root/vyattacfg | Christian Poessinger | |
| 2020-02-25 | pppoe: T1318: validate existing source-interface | Christian Poessinger | |
| It is not only sufficient to check if there is a source-interface configured, but rather it must also be checked if the source-interface exists at all in the system. If the interface does not exist pppd will complain with: pppd[2778]: /usr/sbin/pppd: In file /etc/ppp/peers/pppoe1: unrecognized option 'eth0.202' | |||
| 2020-02-24 | ifconfig: T2057: generalised Interface configuration | Thomas Mangin | |
| Provides a way to pass options to interface consistent between subclasses of Interface | |||
| 2020-02-24 | pppoe-client: T2069: Use rp_pppoe_service for send correct service-name | DmitriyEshenko | |
| 2020-02-23 | service-pppoe: T2067: Allow setting multiple service-names | hagbard | |
| 2020-02-23 | openvpn: T2065: move daemon parameter to start-stop-daemon command-line | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: set interface description | Christian Poessinger | |
| 2020-02-23 | pppoe: T2055: do not try to start a deleted dialer interface | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: declutter name-server CLI nodes | Christian Poessinger | |
| Instead of letting the user choose between auto and none where auto is default, it makes more sesne to just offer an option to disable the default behavior. | |||
| 2020-02-23 | pppoe: T1318: migrate user-id and password nodes under an authentication node | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: rename link to source-interface | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: use lists rather then strings on Config() | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: support interface description | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: remove obsolete ipv6-up.d script | Christian Poessinger | |
| The generated script was not called at all. Verified in vyOS 1.2.3 and rolling. Looks like a leftover from the past. If this functionality is required - it should be re-implemented the proper way! | |||
| 2020-02-23 | pppoe: T1318: use systemd to manage connection | Christian Poessinger | |
| This reduces the amount of self written code to start-stop-daemon and also kill the process if it has no connection yet (there won't be a PID file in this case) and getting the proper PID for multiple processes would require me to walk the /proc/<pid>/cmdline for every binary involved. | |||
| 2020-02-23 | pppoe: T1318: remove process startup debug output | Christian Poessinger | |
| We no longer need to see the command which is used to spawn up PPPd and dial the connection. | |||
| 2020-02-23 | pppoe: T1318: move process startup to apply() | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: "link" option is mandatory | Christian Poessinger | |
| 2020-02-23 | pppoe: T1318: add first version of new XML/Python implementation | Christian Poessinger | |
| vyos@vyos# show interfaces pppoe pppoe pppoe0 { default-route force link eth2.7 mtu 400 name-server auto password 12345678 user-id vyos@vyos.io } | |||
| 2020-02-21 | [service https] T1443: bug: set HTTPS listen port for listen-address '*' | John Estabrook | |
| 2020-02-19 | snmp: T1769: fix indentation error and add try clause | John Estabrook | |
| 2020-02-18 | snmp: T1769: cleanup leftove code path for certificate migration | Christian Poessinger | |
| 2020-02-18 | snmp: T2042: remove superfluous sudo calls | Christian Poessinger | |
| 2020-02-18 | snmp: T2042: import statement cleanup | Christian Poessinger | |
| 2020-02-17 | wireless: T2048: fix wrong verify() logic when type is monitor | Christian Poessinger | |
| 2020-02-16 | ddclient: proper use conf.set_level() to reduce boiler plate code | Christian Poessinger | |
| 2020-02-16 | ddclient: change file permission on generated config | Christian Poessinger | |
| ddclient complains when the file permission is not user = rw. | |||
| 2020-02-16 | bond: T2030: fix incorrect delta calculation on member interfaces | Christian Poessinger | |
| THe delta check/calculation always returned False on system startup leading to a non functioning bond interface after a reboot as no physical interface actually enslaved. This was fixed by not calculating the current enslaved interfaces from the existing config but rather retrieving the interfaces from sysfs. | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) |
| summaryrefslogtreecommitdiff |