summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2019-09-15Merge branch 'current' of github.com:vyos/vyos-1x into equuleusChristian Poessinger
* 'current' of github.com:vyos/vyos-1x: bonding: T1614: do not overwrite interface description with interface name [openvpn] T1661 Adding additional check for tls_dh if it not need for ovpn client [openvpn] T1662 Defined default remote port if it not set in cli [openvpn] T1661 Fixing returned value on check function bonding: T1614: use proper (previously missing) miimon property Python/ifconfig: T1557: bonding: add miimon property Python/ifconfig: T1557: bonding: fix class name in comments bonding: T1660: bugfix for triggered OS permission denied exception Revert "[bonding] T1660 Adding additional check. Some bonding mode don't support arp_interval" [bonding] T1660 Adding additional check. Some bonding mode don't support arp_interval [l2tp] T834 Implementation advanced ppp-options/lcp. openvpn: T1548: fix missing sys import [l2tp] T834 fix cli reset commands for l2tp and pptp. Adding l2tp%d tunnel naming.
2019-09-15bonding: T1614: do not overwrite interface description with interface nameChristian Poessinger
2019-09-14[openvpn] T1661 Adding additional check for tls_dh if it not need for ovpn ↵DmitriyEshenko
client
2019-09-14[openvpn] T1662 Defined default remote port if it not set in cliDmitriyEshenko
2019-09-14[openvpn] T1661 Fixing returned value on check functionDmitriyEshenko
2019-09-13bonding: T1614: use proper (previously missing) miimon propertyChristian Poessinger
2019-09-13bonding: T1660: bugfix for triggered OS permission denied exceptionChristian Poessinger
Some bond modes do not support arp monitor interval and thus internally eset it to 0 which means disabled. If you then write to the sysfs file in question an OS exception (permission denied) is triggered. arp_mon_intvl is initialized as 0 which means disabled so we only write it when it is really requested by the user. There is a validator ensuring that it can only be set in the bond modes which support it.
2019-09-13Revert "[bonding] T1660 Adding additional check. Some bonding mode don't ↵hagbard
support arp_interval" This reverts commit fb1689e20ab9967a4c1e24279f5d4d736b256e83.
2019-09-13[bonding] T1660 Adding additional check. Some bonding mode don't support ↵Eshenko Dmitriy
arp_interval
2019-09-12Merge pull request #127 from DmitriyEshenko/l2tp-op_modehagbard-01
[l2tp] T834 Implementation advanced ppp-options/lcp.
2019-09-12[l2tp] T834 Implementation advanced ppp-options/lcp.DmitriyEshenko
2019-09-12openvpn: T1548: fix missing sys importChristian Poessinger
2019-09-12[l2tp] T834 fix cli reset commands for l2tp and pptp. Adding l2tp%d tunnel ↵DmitriyEshenko
naming.
2019-09-11Merge branch 'current' into equuleusDaniil Baturin
2019-09-11T1598: annotate the vyos-hostsd unit file.Daniil Baturin
2019-09-10[syslog] - T1597: 'del system system' stops now rsysloghagbard
2019-09-10[wireguard]: T1650 - cli option to delete default wg keyhagbard
2019-09-10[wireguard]: T1572 - Wireguard keyPair per interfacehagbard
- param key location added in op-mode script - param delkey and listkey implemented in op-mode script - param delkey implemented in op-mode script - generate and store named keys - interface implementation tu use cli option 'private-key'
2019-09-09[wireguard] - T1639: wireguard pubkey change errorhagbard
- removed sudo as is already runs as root - set privte key as variable in preparation to support multiple pk's
2019-09-07bonding: T1614: bugfix in validate - enslave failedChristian Poessinger
Forgot to exclude our current bond interface in the search for duplicate interface enslavement.
2019-09-07bridge: bonding: minor comment cleanupChristian Poessinger
2019-09-06[wireguard] - T1639: wireguard pubkey change errorhagbard
- sudo added to wg call - debug print removed when pubkey changes
2019-09-06openvpn: T1548: always restart OpenVPNChristian Poessinger
Previous implementations sent a SIGUSR1 to OpenVPN to initialte a restart after the configuration changed - as this was the same as the client keepalive mechanism did. Unfortunately on SIGUSR1 OpenVPN does not re-read the configuration file. Thus changed options were never taken into account.
2019-09-06openvpn: T1548: cleanup import statementsChristian Poessinger
2019-09-06openvpn: T1630: support adding routes as unpriviledged userChristian Poessinger
2019-09-06vxlan: T1636: initial rewrite with XML and PythonChristian Poessinger
Tested using: Site 1 (VyOS 1.2.2) ------------------- set interfaces vxlan vxlan100 address '10.10.10.2/24' set interfaces vxlan vxlan100 remote '172.18.201.10' set interfaces vxlan vxlan100 vni '100' Site 2 (rewrite) ---------------- set interfaces vxlan vxlan100 address '10.10.10.1/24' set interfaces vxlan vxlan100 description 'VyOS VXLAN' set interfaces vxlan vxlan100 remote '172.18.202.10' set interfaces vxlan vxlan100 vni '100'
2019-09-06dummy: loopback: T1580: T1601: synchronize commentsChristian Poessinger
2019-09-06bonding: T1614: members are not allowed to be underlaying vxlan devicesChristian Poessinger
2019-09-06bonding: T1614: reword verify() error messagesChristian Poessinger
2019-09-06bonding: T1614: enslaved interfaces can be added to only one bond at a timeChristian Poessinger
2019-09-06Python/ifconfig: T1557: {add,del}_addr() now supports dhcp/dhcpv6Christian Poessinger
Instead of manually starting DHCP/DHCPv6 for every interface and have an identical if/elif/else statement checking for dhcp/dhcpv6 rather move this repeating stement into add_addr()/del_addr(). Single source is always preferred.
2019-09-04[wireguard] - T1628: renaming member functions, removing wg_ prefixhagbard
2019-09-04Python/configdict: add function vlan_to_dictChristian Poessinger
A generic function which can parse the VLAN (vif, vif-s, cif-c) nodes in a config session. A dictionary describing the VLAN is returned. A good example will be the interface-bonding.py script used to generate bond interfaces in the system. It is used as follows: if conf.exists('vif'): for vif in conf.list_nodes('vif'): # set config level to vif interface conf.set_level(cfg_base + ' vif ' + vif) bond['vif'].append(vlan_to_dict(conf))
2019-09-04Python/configdict: add list_diff function to compare two listsChristian Poessinger
A list containing only unique elements not part of the other list is returned. This is usefull to check e.g. which IP addresses need to be removed from the OS.
2019-09-04[wireguard] - T1628: Adopt WireGuard configuration script to new ↵hagbard
vyos.ifconfig class
2019-09-04openvpn: T1617: T1632: support quotes in openvpn-optionChristian Poessinger
The following CLI command can be used to add a raw option to OpenVPN which requires quotes: > set interfaces openvpn vtun10 openvpn-option 'push "keepalive 1 10"' The resulting config file will then have the following set: > push "keepalive 1 10"
2019-09-04[service https] T1443: rename "server-names" option to "server-name".Daniil Baturin
2019-09-04[service https] T1443: correct the listen-address option in the script.Daniil Baturin
2019-09-04Merge pull request #124 from c-po/t1614-bondingChristian Poessinger
T1614 bonding
2019-09-04bridge: T1615: can not add member interface to bridge if it is also part of ↵Christian Poessinger
a bond
2019-09-04bonding: T1614: T532: new commit validatorsChristian Poessinger
As in the past during the priority race of the bash script invalid configuration could appear in the CLI and are de-synced from the kernle state, e.g. some bonding modes do not support arp_interval. This is no longer allowed and added to the migration script so that the config again represents the truth.
2019-09-04[service https] T1443: create /etc/vyos if it doesn't exist.Daniil Baturin
2019-09-04openvpn: T1617: bugfix for server push-routeChristian Poessinger
(cherry picked from commit e4f1bbb270f0afea295646764516675bbcfe0be5)
2019-09-04openvpn: T1548: remove authy 2fa providerChristian Poessinger
According to https://github.com/twilio/authy-openvpn commit 3e5dc73: > This plugin is no longer actively maintained. If you're interested in becoming a maintainer, we welcome forks of this project. In addition this plugin was always missing in the current branch ov VyOS and did not make it into VyOS 1.2 (crux) If 2FA for OpenVPN is required we should probably opt for Google Authenticator or if possible a U2F device. (cherry picked from commit 5d858f0e6ad05b032c88c88a08c15d0876c44e8b)
2019-09-04bonding: T1614: add vif-c VLAN interface supportChristian Poessinger
Tested using: ============= set interfaces bonding bond0 address 192.0.2.1/24 set interfaces bonding bond0 description "VyOS bonding" set interfaces bonding bond0 disable-link-detect set interfaces bonding bond0 hash-policy layer2+3 set interfaces bonding bond0 ip arp-cache-timeout 86400 set interfaces bonding bond0 mac 00:91:00:00:00:01 set interfaces bonding bond0 mode active-backup set interfaces bonding bond0 mtu 9000 set interfaces bonding bond0 member interface eth1 set interfaces bonding bond0 member interface eth2 set interfaces bonding bond0 vif-s 100 address 192.168.10.1/24 set interfaces bonding bond0 vif-s 100 description "802.1ad service VLAN 100" set interfaces bonding bond0 vif-s 100 mtu 1500 set interfaces bonding bond0 vif-s 100 mac 00:91:00:00:00:02 set interfaces bonding bond0 vif-s 100 vif-c 110 address "192.168.110.1/24" set interfaces bonding bond0 vif-s 100 vif-c 110 description "client VLAN 110" set interfaces bonding bond0 vif-s 100 vif-c 120 address "192.168.120.1/24" set interfaces bonding bond0 vif-s 100 vif-c 120 description "client VLAN 120" set interfaces bonding bond0 vif-s 100 vif-c 130 address "192.168.130.1/24" set interfaces bonding bond0 vif-s 100 vif-c 130 description "client VLAN 130" set interfaces bonding bond0 vif 400 address 192.168.40.1/24 set interfaces bonding bond0 vif 400 description "802.1q VLAN 400" set interfaces bonding bond0 vif 400 mtu 1500 set interfaces bonding bond0 vif 400 mac 00:91:00:00:00:03
2019-09-04bonding: T1614: identical ID on vif and vif-s is not allowedChristian Poessinger
2019-09-04bonding: T1614: T1557: add vif/vif-s VLAN interface supportChristian Poessinger
Support for vif-c interfaces is still missing
2019-09-04bonding: T1614: remove obsolete 'member_remove' dict-keyChristian Poessinger
2019-09-04bonding: T1614: can not set primary interface when it's not part of the bondChristian Poessinger
2019-09-04bonding: T1614: Initial version in new style XML/Python interfaceChristian Poessinger
The node 'interfaces ethernet eth0 bond-group' has been changed and de-nested. Bond members are now configured in the bond interface itself. set interfaces bonding bond0 member interface eth0
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-27 04:00:14 +0000