Age | Commit message (Collapse) | Author |
|
|
|
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no
further need to also call sudo inside the script again.
|
|
|
|
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
|
|
login: T4751: 2FA OTP key generator in VyOS CLI
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
4. Fixed generation dest local sections in squidGuard.conf
5. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
|
|
|
|
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
|
|
|
|
|
|
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}
|
|
|
|
It's easier and more obvious if the script is called with sudo itself and not
spawning a sudo sessionf or each individual command.
|
|
T4767: Rewrite generate ipsec archive to python
|
|
Squidguard:
Set DB directory rigths 755 in the update blacklist
webproxy script
|
|
|
|
|
|
|
|
T4812: Add op-mode Show vpn ipsec connections
|
|
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added
the implementation for the new standardized op-mode definitions/implementation.
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be
generated.
|
|
|
|
|
|
policy: T2199: T4605: Migrate policy route interface node
|
|
show firewall name <name> will output an error as explained in
https://phabricator.vyos.net/T4794
|
|
|
|
Add op-mode CLI "show vpn ipsec connections"
Add the ability to show all configured connections/tunnels and
their states.
Ability to get --raw data
|
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
T4496: Refactoring vrf_list function in ping command
|
|
T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoE
|
|
Ability to get 'raw' data sessions and statistics for accel-ppp
protocols IPoE/PPPoE/L2TP/PPTP/SSTP server
|
|
Changed the function code of vrf_list to using the function from
vyos.util
|
|
Changes in traceroute command:
Added list of possible VRFs in the help.
Added list of possible interfaces in the help.
Changed, if an option was selected before,
it does not appear in possible completion.
Added error message when an unexpected option was selected
|
|
Made the following changes: 1) made changes to the "XML" file to replace the script from "sh" to "py" 2) changed the extension of the main script from "sh" to "py" 3) changed the script to "py"
|
|
current
* 'T4496-sagitta' of https://github.com/aapostoliuk/vyos-1x:
T4496: Added lists of values in the help of op-mode ping command
|
|
Added list of possible VRFs in the help of the ping command
Added list of possible interfaces in the help of the ping command
Changed, if an option was selected before in the ping command,
it does not appear in possible completion.
Added error message when an unexpected option was selected.
|
|
|
|
Rewrite op-mode DHCP and DHCPv6 leases to vyos.opmode format
Abbility to show 'raw' format
show dhcp server leases
show dhcpv6 server leases
|
|
T4771: Ability to get raw format for op-mode BGP commands
|
|
|
|
Ability to get logs in JSON format
Possible filter by unit. Options for count lines,
UTC time, facility or logs since boot
|
|
|
|
|
|
|
|
|
|
T4762: Add check for show nat if nat config does not exist
|
|
|
|
Add check for 'show nat xxx' if nat configuration does not exist
|
|
As IPsec site-so-site was rewritten we do not need replace
':' => '-' as ':' can not be in the connection name
So connection name can not use IP(v6) address as peer name
And current peers/connections not required prefix 'peer_'
Fix template that search correctly connection name of the peers
that allow to reset them again (reset ipsec peer was broken)
|
|
Set correct error message if conntrack entries not found
If we get XML raw data with len 0 it means there are no entries
in the conntrack table
|
|
|