Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
T1755: Python KeyError exceptions raised with 'show vpn ipsec sa' command under use of certain IPSEC cipher suites.
|
|
(encr-keysize) will result in KeyError - such as for CHACHA20_POLY1305
|
|
(integ-alg) will result in KeyError - such as with GCM based options
|
|
|
|
|
|
|
|
|
|
naming.
|
|
|
|
- param key location added in op-mode script
- param delkey and listkey implemented in op-mode script
- param delkey implemented in op-mode script
- generate and store named keys
- interface implementation tu use cli option
'private-key'
|
|
|
|
|
|
vyos@vyos:~$ show openvpn site-to-site
OpenVPN status on vtun1
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
None (PSK) N/A 172.18.201.10:1195 3.3 KiB 3.3 KiB N/A
vyos@vyos:~$ show openvpn server
OpenVPN status on vtun10
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
client1 172.18.202.10:58644 172.18.201.10:1194 63.6 KiB 63.4 KiB Mon Aug 26 11:47:56 2019
client3 172.18.204.10:52641 172.18.201.10:1194 63.1 KiB 62.7 KiB Mon Aug 26 11:47:58 2019
OpenVPN status on vtun11
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
client2 172.18.203.10:39472 172.18.201.10:1200 61.2 KiB 61.5 KiB Mon Aug 26 11:50:30 2019
|
|
python/xml syntax
|
|
|
|
|
|
- node.def deletion for show remote-access
- IPSec interface checking for L2TP
- IPSec x509 for l2tp
- verification of outside-address to warning since it was optional in the previous config
|
|
|
|
- change DUID to IAID_DUID
- format IAID_DUID as colon-separated hex list
- implement functions: pool, sort, state
- add op-mode definitions for pool, sort, state
- add columns: State, Type, Last communication, Pool
- implement json output
- implement completionHelp function
|
|
|
|
The Git commit ID will be crucial for the future when the full VyOS
build can be reproduced by the one Git commit ID, thus start recording it in
the version file.
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcp server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 123, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcp.py", line 60, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpd.leases'
|
|
The script did not check if the service was actually configured or not.
This caused a FileNotFoundError for unconfigured services.
vyos@vyos:~$ show dhcpv6 server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 77, in <module>
leases = get_leases(lease_file, state='active')
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 46, in get_leases
leases = IscDhcpLeases(lease_file).get()
File "/usr/lib/python3/dist-packages/isc_dhcp_leases/iscdhcpleases.py", line 110, in get
with open(self.filename) as lease_file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/dhcpdv6.leases'
|
|
|
|
Not sure it's a normal case scenario, the one highlighted in T1256.
To managed it I changed the "if" logic.
|
|
- keypair can now be generated and used from the running iso to create wg tunnels on the fly
|
|
in case when no active SAs are found.
|
|
|
|
T1077: Update show_ipsec_sa.py
|
|
|
|
Removed duplicates from "connections" list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Current implementation referred to a no longer existing Perl script to
restart the IPv4 and IPv6 instance of dhcrelay.
> restart dhcp relay-agent
> restart dhcpv6 relay-agent
|
|
Examples:
=========
CFG commands:
vyos@vyos# set protocols igmp-proxy disable-quickleave
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.16.35.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 alt-subnet '172.31.0.0/24'
vyos@vyos# set protocols igmp-proxy interface eth0 role 'upstream'
vyos@vyos# set protocols igmp-proxy interface eth1 role 'downstream'
vyos@vyos# show protocols
igmp-proxy {
disable-quickleave
interface eth0 {
alt-subnet 172.16.35.0/24
alt-subnet 172.31.0.0/24
role upstream
}
interface eth1 {
role downstream
}
}
OP mode commands:
-----------------
vyos@vyos:~$ show ip multicast interface
Interface BytesIn PktsIn BytesOut PktsOut Local
eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65
eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201
vyos@vyos:~$ show ip multicast mfc
Group Origin Pkts Bytes Wrong In Out
xxx.x.xx.1 xxx.xx.0.1 10 9.81KB 0 eth0 eth1
xxx.x.xx.2 xxx.xx.0.1 --
|
|
|
|
|
|
I don't really do python, please check/test.
|
|
T870: Commit-confirm restarts the server even after commit
|
|
- adding removal of the at job and /var/run/confirm.job
- indent fixed
|