Age | Commit message (Collapse) | Author |
|
This change addressed to fix bug with empty configuration after FRR restarting in some cases and protect from some other potential problems.
* added warning and request for confirmation before doing any actions
* added a couple of safety checks (already running restart, active watchfrr.sh or vtysh session)
* now Python script running via sudo to give us the ability to get processes information and work with all directories and vtysh
* moved configuration restoring functionality from frrcommon.sh to Python script, as frrcommon.sh implementation in some cases not load configuration in time, which leads to empty config after
* the `/etc/frr/frr.conf` is not used anymore. Instead, we are saving active configuration to the temporary directory
|
|
Added saving and restoring current frr.conf to avoid reapplying of configuration from it during reboot.
|
|
It can be restarted the whole FRRouting (all running) daemons or only selected ones.
The configuration is saving during the restart process, so after it, the active config should be the same as before.
There are no checks for safety, so responsibility for the results of running command is fully on the operator.
|
|
* fixed improper `process.returncode` invokes
* added check for if an in-memory table is active before using IMT for flows show
* replaced `--nflog-range` to `--nflog-size` in iptables rules, as `--nflog-range` had never works. **WARNING: this change break compatibility with Debian 8!**
|
|
|
|
|
|
This patch keep compatibility with old configuration and software, but now it is much easier to add a lot of other useful things
Completely replaces vyatta-netflow package (except some outdated and not available via CLI parts)
|
|
|
|
|
|
|
|
|
|
|
|
* 't1627-wireless' of github.com:c-po/vyos-1x:
wireless: T1627: support station mode
wireless: T1627: support DHCP(v6) addresses
wireless: T1627: add support for RADIUS source-address
wireless: T1627: RADIUS servers must have a key specified
wireless: T1627: change RADIUS CLI syntax
l2tp: harmonize RADIUS wording
wireless: T1627: re-order WPA key in hostapd config
wireless: T1627: change priority from 318 to 400
wireless: T1627: fix generated ht_capab and vht_capab
wireless: T1627: fix regex for 'ht channel-set-width'
wireless: T1627: config migrator does not support camel casing
wireless: T1627: initial rewrite of show-wireless.pl in Python
wireless: T1627: add op-mode commands
wireless: T1627: initial rewrite in XML/Python style
|
|
|
|
|
|
|
|
|
|
|
|
T1755: Python KeyError exceptions raised with 'show vpn ipsec sa' command under use of certain IPSEC cipher suites.
|
|
(encr-keysize) will result in KeyError - such as for CHACHA20_POLY1305
|
|
(integ-alg) will result in KeyError - such as with GCM based options
|
|
|
|
|
|
|
|
|
|
naming.
|
|
|
|
- param key location added in op-mode script
- param delkey and listkey implemented in op-mode script
- param delkey implemented in op-mode script
- generate and store named keys
- interface implementation tu use cli option
'private-key'
|
|
|
|
|
|
vyos@vyos:~$ show openvpn site-to-site
OpenVPN status on vtun1
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
None (PSK) N/A 172.18.201.10:1195 3.3 KiB 3.3 KiB N/A
vyos@vyos:~$ show openvpn server
OpenVPN status on vtun10
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
client1 172.18.202.10:58644 172.18.201.10:1194 63.6 KiB 63.4 KiB Mon Aug 26 11:47:56 2019
client3 172.18.204.10:52641 172.18.201.10:1194 63.1 KiB 62.7 KiB Mon Aug 26 11:47:58 2019
OpenVPN status on vtun11
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
client2 172.18.203.10:39472 172.18.201.10:1200 61.2 KiB 61.5 KiB Mon Aug 26 11:50:30 2019
|
|
python/xml syntax
|
|
|
|
|
|
- node.def deletion for show remote-access
- IPSec interface checking for L2TP
- IPSec x509 for l2tp
- verification of outside-address to warning since it was optional in the previous config
|
|
|
|
- change DUID to IAID_DUID
- format IAID_DUID as colon-separated hex list
- implement functions: pool, sort, state
- add op-mode definitions for pool, sort, state
- add columns: State, Type, Last communication, Pool
- implement json output
- implement completionHelp function
|
|
|
|
The Git commit ID will be crucial for the future when the full VyOS
build can be reproduced by the one Git commit ID, thus start recording it in
the version file.
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcp server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 123, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 60, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpd.leases'
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcpv6 server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 77, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 46, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpdv6.leases'
|
|
|
|
Not sure it's a normal case scenario, the one highlighted in T1256.
To managed it I changed the "if" logic.
|
|
- keypair can now be generated and used from the running iso to create wg tunnels on the fly
|
|
in case when no active SAs are found.
|
|
|
|
T1077: Update show_ipsec_sa.py
|
|
|
|
Removed duplicates from "connections" list.
|
|
|