Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-09-21 | vxlan: T1636: simplyfy code (don't delete intf addresses) | Christian Poessinger | |
We do not need to delete addresses manually as the VXLAN interface is always deleted which drops all assigned addresses from the Kernel. | |||
2019-09-20 | Merge pull request #133 from vindenesen/openvpn-minimum-tls-version | Daniil Baturin | |
[OpenVPN] T1675: Added setting for minimum tls version | |||
2019-09-20 | OpenVPN - changed tls-minimum-version to tls-version-min | vindenesen | |
2019-09-19 | T1638: generated hosts file fix for proper FQDN resolution | kroy | |
2019-09-19 | Merge pull request #131 from vindenesen/T1670 | hagbard-01 | |
[OpenVPN] T1670: Added setting for tls-auth. Added check for if tls_cert and tls_key w… | |||
2019-09-19 | bonding: T1614: allow adding disabled interfaces to bond | Christian Poessinger | |
An interface can only be added in disabled state to a bond (ensured via ifconfig.py). Also interfaces can be disabled during runtime in a bond which is supported by the Linux Kernel - so why should be add a restriction here? makes no sense. | |||
2019-09-19 | [wireguard] - T1672: Wireguard keys not automatically moved | hagbard | |
- due to the named keys feature keys reside in named directories - adding a check if the variable VYOS_TAGNODE_VALUE has content | |||
2019-09-19 | OpenVPN - Added setting for minimum tls version | vindenesen | |
2019-09-19 | Added setting for tls-auth. Added check for if tls_cert and tls_key was defined. | vindenesen | |
2019-09-19 | [boot-config-loader] T1622: (bugfix) set gid and write permissions | John Estabrook | |
Set gid and permissions so that vyatta-cfg group has access to the active config; fix typo in arg len check; reorganize; add log output. | |||
2019-09-16 | [IPoE] - T1664: Ipoe with bond per vlan don't work | hagbard | |
2019-09-15 | bonding: T1614: do not overwrite interface description with interface name | Christian Poessinger | |
2019-09-14 | [openvpn] T1661 Adding additional check for tls_dh if it not need for ovpn ↵ | DmitriyEshenko | |
client | |||
2019-09-14 | [openvpn] T1662 Defined default remote port if it not set in cli | DmitriyEshenko | |
2019-09-14 | [openvpn] T1661 Fixing returned value on check function | DmitriyEshenko | |
2019-09-13 | bonding: T1614: use proper (previously missing) miimon property | Christian Poessinger | |
2019-09-13 | bonding: T1660: bugfix for triggered OS permission denied exception | Christian Poessinger | |
Some bond modes do not support arp monitor interval and thus internally eset it to 0 which means disabled. If you then write to the sysfs file in question an OS exception (permission denied) is triggered. arp_mon_intvl is initialized as 0 which means disabled so we only write it when it is really requested by the user. There is a validator ensuring that it can only be set in the bond modes which support it. | |||
2019-09-13 | Revert "[bonding] T1660 Adding additional check. Some bonding mode don't ↵ | hagbard | |
support arp_interval" This reverts commit fb1689e20ab9967a4c1e24279f5d4d736b256e83. | |||
2019-09-13 | [bonding] T1660 Adding additional check. Some bonding mode don't support ↵ | Eshenko Dmitriy | |
arp_interval | |||
2019-09-12 | Merge pull request #127 from DmitriyEshenko/l2tp-op_mode | hagbard-01 | |
[l2tp] T834 Implementation advanced ppp-options/lcp. | |||
2019-09-12 | [l2tp] T834 Implementation advanced ppp-options/lcp. | DmitriyEshenko | |
2019-09-12 | openvpn: T1548: fix missing sys import | Christian Poessinger | |
2019-09-12 | [l2tp] T834 fix cli reset commands for l2tp and pptp. Adding l2tp%d tunnel ↵ | DmitriyEshenko | |
naming. | |||
2019-09-11 | T1598: annotate the vyos-hostsd unit file. | Daniil Baturin | |
2019-09-10 | [syslog] - T1597: 'del system system' stops now rsyslog | hagbard | |
2019-09-10 | [wireguard]: T1650 - cli option to delete default wg key | hagbard | |
2019-09-10 | [wireguard]: T1572 - Wireguard keyPair per interface | hagbard | |
- param key location added in op-mode script - param delkey and listkey implemented in op-mode script - param delkey implemented in op-mode script - generate and store named keys - interface implementation tu use cli option 'private-key' | |||
2019-09-09 | [wireguard] - T1639: wireguard pubkey change error | hagbard | |
- removed sudo as is already runs as root - set privte key as variable in preparation to support multiple pk's | |||
2019-09-07 | bonding: T1614: bugfix in validate - enslave failed | Christian Poessinger | |
Forgot to exclude our current bond interface in the search for duplicate interface enslavement. | |||
2019-09-07 | bridge: bonding: minor comment cleanup | Christian Poessinger | |
2019-09-06 | [wireguard] - T1639: wireguard pubkey change error | hagbard | |
- sudo added to wg call - debug print removed when pubkey changes | |||
2019-09-06 | openvpn: T1548: always restart OpenVPN | Christian Poessinger | |
Previous implementations sent a SIGUSR1 to OpenVPN to initialte a restart after the configuration changed - as this was the same as the client keepalive mechanism did. Unfortunately on SIGUSR1 OpenVPN does not re-read the configuration file. Thus changed options were never taken into account. | |||
2019-09-06 | openvpn: T1548: cleanup import statements | Christian Poessinger | |
2019-09-06 | openvpn: T1630: support adding routes as unpriviledged user | Christian Poessinger | |
2019-09-06 | vxlan: T1636: initial rewrite with XML and Python | Christian Poessinger | |
Tested using: Site 1 (VyOS 1.2.2) ------------------- set interfaces vxlan vxlan100 address '10.10.10.2/24' set interfaces vxlan vxlan100 remote '172.18.201.10' set interfaces vxlan vxlan100 vni '100' Site 2 (rewrite) ---------------- set interfaces vxlan vxlan100 address '10.10.10.1/24' set interfaces vxlan vxlan100 description 'VyOS VXLAN' set interfaces vxlan vxlan100 remote '172.18.202.10' set interfaces vxlan vxlan100 vni '100' | |||
2019-09-06 | dummy: loopback: T1580: T1601: synchronize comments | Christian Poessinger | |
2019-09-06 | bonding: T1614: members are not allowed to be underlaying vxlan devices | Christian Poessinger | |
2019-09-06 | bonding: T1614: reword verify() error messages | Christian Poessinger | |
2019-09-06 | bonding: T1614: enslaved interfaces can be added to only one bond at a time | Christian Poessinger | |
2019-09-06 | Python/ifconfig: T1557: {add,del}_addr() now supports dhcp/dhcpv6 | Christian Poessinger | |
Instead of manually starting DHCP/DHCPv6 for every interface and have an identical if/elif/else statement checking for dhcp/dhcpv6 rather move this repeating stement into add_addr()/del_addr(). Single source is always preferred. | |||
2019-09-04 | [wireguard] - T1628: renaming member functions, removing wg_ prefix | hagbard | |
2019-09-04 | Python/configdict: add function vlan_to_dict | Christian Poessinger | |
A generic function which can parse the VLAN (vif, vif-s, cif-c) nodes in a config session. A dictionary describing the VLAN is returned. A good example will be the interface-bonding.py script used to generate bond interfaces in the system. It is used as follows: if conf.exists('vif'): for vif in conf.list_nodes('vif'): # set config level to vif interface conf.set_level(cfg_base + ' vif ' + vif) bond['vif'].append(vlan_to_dict(conf)) | |||
2019-09-04 | Python/configdict: add list_diff function to compare two lists | Christian Poessinger | |
A list containing only unique elements not part of the other list is returned. This is usefull to check e.g. which IP addresses need to be removed from the OS. | |||
2019-09-04 | [wireguard] - T1628: Adopt WireGuard configuration script to new ↵ | hagbard | |
vyos.ifconfig class | |||
2019-09-04 | openvpn: T1617: T1632: support quotes in openvpn-option | Christian Poessinger | |
The following CLI command can be used to add a raw option to OpenVPN which requires quotes: > set interfaces openvpn vtun10 openvpn-option 'push "keepalive 1 10"' The resulting config file will then have the following set: > push "keepalive 1 10" | |||
2019-09-04 | [service https] T1443: rename "server-names" option to "server-name". | Daniil Baturin | |
2019-09-04 | [service https] T1443: correct the listen-address option in the script. | Daniil Baturin | |
2019-09-04 | Merge pull request #124 from c-po/t1614-bonding | Christian Poessinger | |
T1614 bonding | |||
2019-09-04 | bridge: T1615: can not add member interface to bridge if it is also part of ↵ | Christian Poessinger | |
a bond | |||
2019-09-04 | bonding: T1614: T532: new commit validators | Christian Poessinger | |
As in the past during the priority race of the bash script invalid configuration could appear in the CLI and are de-synced from the kernle state, e.g. some bonding modes do not support arp_interval. This is no longer allowed and added to the migration script so that the config again represents the truth. |