Age | Commit message (Collapse) | Author |
|
Removed unused pprint module
(cherry picked from commit cb1834742f4ed01d99d6396af8339dd59788ef65)
|
|
(#3909)
Strongswan does not initiate session after termination via vici.
Added an CHILD SAs initialization on the initiator side
of the tunnel.
(cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2)
Co-authored-by: aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>
|
|
We don't use ipsec.secrets anymore
Fix op-mode for "show vpn ike secrets".
Ability to get "RAW" format
(cherry picked from commit 97326920e2907bdb545853887dc54c6a02b76f28)
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
Connection ID Username Protocol State Uptime Tunnel IP
--------------- ---------- ---------- ------- -------- -----------------
27 cpo IKEv2 UP 11s ['172.16.222.17']
"Tunnel IP" should be a string over list.
|
|
Now 'show vpn ipsec remote-access' shows only IKEv2 Remote access
VPN IPSec connections.
Added option 'summary' that shows a summary table for
these connections.
Added option 'detail' that shows only RA SAs output of 'swanctl -l'
Added options 'username' and 'connection-id' that filters output.
Fixed output 'show vpn ipsec sa detail', the previous was
'show vpn ipsec sa verbose'.
|
|
Fixed 'reset vpn ipsec profile' command
using vici library and new op-mode style.
Added ability to use 'reset vpn ipsec profile' command
with 'remote-host' option.
|
|
1. Rewritten CLI of 'reset vpn' commands.
2. Created 'reset vpn ipsec remote-access' commands to reset
RA IKEv2 session.
3. Created 'reset vpn ipsec site-to-site all' command to reset all
configured IPSec site-to-site peers sessions.
4. Rewritten 'reset vpn l2t|pptp|sstp' commands to
new opmode style.
|
|
1. Changed reset IPSEC, IKE SAs to use vici library.
2. Created package vyos.ipsec to communicate with vici library.
|
|
Fixed 'reset vpn ipsec-peer {peer}' command.
The op-mode script uses value 'None' in the 'tunnel' parameter
to clear all CHILD SAs.
|
|
We get incorrect data when shows connections
As we get list of all connections we should compare the connection
name with entries in list and set correct data if they match
|
|
|
|
|
|
T4812: Add op-mode Show vpn ipsec connections
|
|
|
|
Add op-mode CLI "show vpn ipsec connections"
Add the ability to show all configured connections/tunnels and
their states.
Ability to get --raw data
|
|
|
|
As IPsec site-so-site was rewritten we do not need replace
':' => '-' as ':' can not be in the connection name
So connection name can not use IP(v6) address as peer name
And current peers/connections not required prefix 'peer_'
Fix template that search correctly connection name of the peers
that allow to reset them again (reset ipsec peer was broken)
|
|
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format
|
|
|
|
Rewrite op-mode "show vpn ipsec sa" to new format
Use vyos.opmode format
Ability to get raw and formatted output
|
|
When we use IPv6 peer we need to make a replacement ":" => "-"
for correct resetting as it doesn't match get_peer_connections()
regex
Use new format "vyos.opmode"
|