Age | Commit message (Collapse) | Author |
|
Should the openvpn status file not be present, present a blank
interface.
|
|
a new option was added to the Interface class "create".
By default the value is set to True, and when an instance of the
class is created and the underlying interface does not exists, the
class will create it.
If the option "create" is set to False, the interface will not be
created and instead the class will raise an error when it is
instantiated.
|
|
Disabled VRRP instances will be listed in a `show vrrp` command at the end of the list with the DISABLED status
|
|
ifconfig: T2057: Move code from interface.py to wireguard.py
|
|
Some left over wireguard code was left in the interface.py
file. The code was moved into the wireguard.py file and
the now empty interface.py file removed as no longer holdin
any code.
|
|
OpenVPN, WIFI, SSTP all had the same boiler plate copied about checking if a
process associated with a pidfile is running or not. This has been migrated to
the common library function vyos.util.process_running().
|
|
|
|
Commit cd2147cfa2 ("openvpn: T2065: move daemon parameter to start-stop-daemon
commandline") only added the cfg-mode part but missed out op-mode.
|
|
VRF name state mac address flags interfaces
-------- ----- ----------- ----- ----------
blue up de:c4:83:d8:74:24 noarp,master,up,lower_up dum200,eth0.302
red up be:36:ce:02:df:aa noarp,master,up,lower_up dum100,eth0.300,bond0.100,peth0
|
|
vyos.vrf.list_vrfs() was only used in one function thus building a library is
no longer needed. If it is needed in the future it should be placed into a
library again.
|
|
- remove the additional depth for querying discrete VRF names
- retrieve available VRF names from via <path> from CLI rather then invoking
an external script
|
|
|
|
|
|
transaction-script 'stop'
|
|
|
|
This change addressed to fix bug with empty configuration after FRR restarting in some cases and protect from some other potential problems.
* added warning and request for confirmation before doing any actions
* added a couple of safety checks (already running restart, active watchfrr.sh or vtysh session)
* now Python script running via sudo to give us the ability to get processes information and work with all directories and vtysh
* moved configuration restoring functionality from frrcommon.sh to Python script, as frrcommon.sh implementation in some cases not load configuration in time, which leads to empty config after
* the `/etc/frr/frr.conf` is not used anymore. Instead, we are saving active configuration to the temporary directory
|
|
Added saving and restoring current frr.conf to avoid reapplying of configuration from it during reboot.
|
|
It can be restarted the whole FRRouting (all running) daemons or only selected ones.
The configuration is saving during the restart process, so after it, the active config should be the same as before.
There are no checks for safety, so responsibility for the results of running command is fully on the operator.
|
|
* fixed improper `process.returncode` invokes
* added check for if an in-memory table is active before using IMT for flows show
* replaced `--nflog-range` to `--nflog-size` in iptables rules, as `--nflog-range` had never works. **WARNING: this change break compatibility with Debian 8!**
|
|
|
|
|
|
This patch keep compatibility with old configuration and software, but now it is much easier to add a lot of other useful things
Completely replaces vyatta-netflow package (except some outdated and not available via CLI parts)
|
|
|
|
|
|
|
|
|
|
|
|
* 't1627-wireless' of github.com:c-po/vyos-1x:
wireless: T1627: support station mode
wireless: T1627: support DHCP(v6) addresses
wireless: T1627: add support for RADIUS source-address
wireless: T1627: RADIUS servers must have a key specified
wireless: T1627: change RADIUS CLI syntax
l2tp: harmonize RADIUS wording
wireless: T1627: re-order WPA key in hostapd config
wireless: T1627: change priority from 318 to 400
wireless: T1627: fix generated ht_capab and vht_capab
wireless: T1627: fix regex for 'ht channel-set-width'
wireless: T1627: config migrator does not support camel casing
wireless: T1627: initial rewrite of show-wireless.pl in Python
wireless: T1627: add op-mode commands
wireless: T1627: initial rewrite in XML/Python style
|
|
|
|
|
|
|
|
|
|
|
|
T1755: Python KeyError exceptions raised with 'show vpn ipsec sa' command under use of certain IPSEC cipher suites.
|
|
(encr-keysize) will result in KeyError - such as for CHACHA20_POLY1305
|
|
(integ-alg) will result in KeyError - such as with GCM based options
|
|
|
|
|
|
|
|
|
|
naming.
|
|
|
|
- param key location added in op-mode script
- param delkey and listkey implemented in op-mode script
- param delkey implemented in op-mode script
- generate and store named keys
- interface implementation tu use cli option
'private-key'
|
|
|
|
|
|
vyos@vyos:~$ show openvpn site-to-site
OpenVPN status on vtun1
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
None (PSK) N/A 172.18.201.10:1195 3.3 KiB 3.3 KiB N/A
vyos@vyos:~$ show openvpn server
OpenVPN status on vtun10
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
client1 172.18.202.10:58644 172.18.201.10:1194 63.6 KiB 63.4 KiB Mon Aug 26 11:47:56 2019
client3 172.18.204.10:52641 172.18.201.10:1194 63.1 KiB 62.7 KiB Mon Aug 26 11:47:58 2019
OpenVPN status on vtun11
Client CN Remote Host Local Host TX bytes RX bytes Connected Since
--------- ----------- ---------- -------- -------- ---------------
client2 172.18.203.10:39472 172.18.201.10:1200 61.2 KiB 61.5 KiB Mon Aug 26 11:50:30 2019
|
|
python/xml syntax
|
|
|
|
|
|
- node.def deletion for show remote-access
- IPSec interface checking for L2TP
- IPSec x509 for l2tp
- verification of outside-address to warning since it was optional in the previous config
|