summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2019-09-21vxlan: T1636: simplyfy code (don't delete intf addresses)Christian Poessinger
We do not need to delete addresses manually as the VXLAN interface is always deleted which drops all assigned addresses from the Kernel.
2019-09-20Merge pull request #133 from vindenesen/openvpn-minimum-tls-versionDaniil Baturin
[OpenVPN] T1675: Added setting for minimum tls version
2019-09-20OpenVPN - changed tls-minimum-version to tls-version-minvindenesen
2019-09-19T1638: generated hosts file fix for proper FQDN resolutionkroy
2019-09-19Merge pull request #131 from vindenesen/T1670hagbard-01
[OpenVPN] T1670: Added setting for tls-auth. Added check for if tls_cert and tls_key w…
2019-09-19bonding: T1614: allow adding disabled interfaces to bondChristian Poessinger
An interface can only be added in disabled state to a bond (ensured via ifconfig.py). Also interfaces can be disabled during runtime in a bond which is supported by the Linux Kernel - so why should be add a restriction here? makes no sense.
2019-09-19[wireguard] - T1672: Wireguard keys not automatically movedhagbard
- due to the named keys feature keys reside in named directories - adding a check if the variable VYOS_TAGNODE_VALUE has content
2019-09-19OpenVPN - Added setting for minimum tls versionvindenesen
2019-09-19Added setting for tls-auth. Added check for if tls_cert and tls_key was defined.vindenesen
2019-09-19[boot-config-loader] T1622: (bugfix) set gid and write permissionsJohn Estabrook
Set gid and permissions so that vyatta-cfg group has access to the active config; fix typo in arg len check; reorganize; add log output.
2019-09-16[IPoE] - T1664: Ipoe with bond per vlan don't workhagbard
2019-09-15bonding: T1614: do not overwrite interface description with interface nameChristian Poessinger
2019-09-14[openvpn] T1661 Adding additional check for tls_dh if it not need for ovpn ↵DmitriyEshenko
client
2019-09-14[openvpn] T1662 Defined default remote port if it not set in cliDmitriyEshenko
2019-09-14[openvpn] T1661 Fixing returned value on check functionDmitriyEshenko
2019-09-13bonding: T1614: use proper (previously missing) miimon propertyChristian Poessinger
2019-09-13bonding: T1660: bugfix for triggered OS permission denied exceptionChristian Poessinger
Some bond modes do not support arp monitor interval and thus internally eset it to 0 which means disabled. If you then write to the sysfs file in question an OS exception (permission denied) is triggered. arp_mon_intvl is initialized as 0 which means disabled so we only write it when it is really requested by the user. There is a validator ensuring that it can only be set in the bond modes which support it.
2019-09-13Revert "[bonding] T1660 Adding additional check. Some bonding mode don't ↵hagbard
support arp_interval" This reverts commit fb1689e20ab9967a4c1e24279f5d4d736b256e83.
2019-09-13[bonding] T1660 Adding additional check. Some bonding mode don't support ↵Eshenko Dmitriy
arp_interval
2019-09-12Merge pull request #127 from DmitriyEshenko/l2tp-op_modehagbard-01
[l2tp] T834 Implementation advanced ppp-options/lcp.
2019-09-12[l2tp] T834 Implementation advanced ppp-options/lcp.DmitriyEshenko
2019-09-12openvpn: T1548: fix missing sys importChristian Poessinger
2019-09-12[l2tp] T834 fix cli reset commands for l2tp and pptp. Adding l2tp%d tunnel ↵DmitriyEshenko
naming.
2019-09-11T1598: annotate the vyos-hostsd unit file.Daniil Baturin
2019-09-10[syslog] - T1597: 'del system system' stops now rsysloghagbard
2019-09-10[wireguard]: T1650 - cli option to delete default wg keyhagbard
2019-09-10[wireguard]: T1572 - Wireguard keyPair per interfacehagbard
- param key location added in op-mode script - param delkey and listkey implemented in op-mode script - param delkey implemented in op-mode script - generate and store named keys - interface implementation tu use cli option 'private-key'
2019-09-09[wireguard] - T1639: wireguard pubkey change errorhagbard
- removed sudo as is already runs as root - set privte key as variable in preparation to support multiple pk's
2019-09-07bonding: T1614: bugfix in validate - enslave failedChristian Poessinger
Forgot to exclude our current bond interface in the search for duplicate interface enslavement.
2019-09-07bridge: bonding: minor comment cleanupChristian Poessinger
2019-09-06[wireguard] - T1639: wireguard pubkey change errorhagbard
- sudo added to wg call - debug print removed when pubkey changes
2019-09-06openvpn: T1548: always restart OpenVPNChristian Poessinger
Previous implementations sent a SIGUSR1 to OpenVPN to initialte a restart after the configuration changed - as this was the same as the client keepalive mechanism did. Unfortunately on SIGUSR1 OpenVPN does not re-read the configuration file. Thus changed options were never taken into account.
2019-09-06openvpn: T1548: cleanup import statementsChristian Poessinger
2019-09-06openvpn: T1630: support adding routes as unpriviledged userChristian Poessinger
2019-09-06vxlan: T1636: initial rewrite with XML and PythonChristian Poessinger
Tested using: Site 1 (VyOS 1.2.2) ------------------- set interfaces vxlan vxlan100 address '10.10.10.2/24' set interfaces vxlan vxlan100 remote '172.18.201.10' set interfaces vxlan vxlan100 vni '100' Site 2 (rewrite) ---------------- set interfaces vxlan vxlan100 address '10.10.10.1/24' set interfaces vxlan vxlan100 description 'VyOS VXLAN' set interfaces vxlan vxlan100 remote '172.18.202.10' set interfaces vxlan vxlan100 vni '100'
2019-09-06dummy: loopback: T1580: T1601: synchronize commentsChristian Poessinger
2019-09-06bonding: T1614: members are not allowed to be underlaying vxlan devicesChristian Poessinger
2019-09-06bonding: T1614: reword verify() error messagesChristian Poessinger
2019-09-06bonding: T1614: enslaved interfaces can be added to only one bond at a timeChristian Poessinger
2019-09-06Python/ifconfig: T1557: {add,del}_addr() now supports dhcp/dhcpv6Christian Poessinger
Instead of manually starting DHCP/DHCPv6 for every interface and have an identical if/elif/else statement checking for dhcp/dhcpv6 rather move this repeating stement into add_addr()/del_addr(). Single source is always preferred.
2019-09-04[wireguard] - T1628: renaming member functions, removing wg_ prefixhagbard
2019-09-04Python/configdict: add function vlan_to_dictChristian Poessinger
A generic function which can parse the VLAN (vif, vif-s, cif-c) nodes in a config session. A dictionary describing the VLAN is returned. A good example will be the interface-bonding.py script used to generate bond interfaces in the system. It is used as follows: if conf.exists('vif'): for vif in conf.list_nodes('vif'): # set config level to vif interface conf.set_level(cfg_base + ' vif ' + vif) bond['vif'].append(vlan_to_dict(conf))
2019-09-04Python/configdict: add list_diff function to compare two listsChristian Poessinger
A list containing only unique elements not part of the other list is returned. This is usefull to check e.g. which IP addresses need to be removed from the OS.
2019-09-04[wireguard] - T1628: Adopt WireGuard configuration script to new ↵hagbard
vyos.ifconfig class
2019-09-04openvpn: T1617: T1632: support quotes in openvpn-optionChristian Poessinger
The following CLI command can be used to add a raw option to OpenVPN which requires quotes: > set interfaces openvpn vtun10 openvpn-option 'push "keepalive 1 10"' The resulting config file will then have the following set: > push "keepalive 1 10"
2019-09-04[service https] T1443: rename "server-names" option to "server-name".Daniil Baturin
2019-09-04[service https] T1443: correct the listen-address option in the script.Daniil Baturin
2019-09-04Merge pull request #124 from c-po/t1614-bondingChristian Poessinger
T1614 bonding
2019-09-04bridge: T1615: can not add member interface to bridge if it is also part of ↵Christian Poessinger
a bond
2019-09-04bonding: T1614: T532: new commit validatorsChristian Poessinger
As in the past during the priority race of the bash script invalid configuration could appear in the CLI and are de-synced from the kernle state, e.g. some bonding modes do not support arp_interval. This is no longer allowed and added to the migration script so that the config again represents the truth.