summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-09-21vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks featureChristian Poessinger
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file.
2021-09-19ipsec: T1441: Clean up vti-up-down script for XFRM interfacesLucas Christian
2021-09-19dhcp-server: T3672: migrate failover name optionChristian Poessinger
Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option) unfortunately did not add the name option to the migration script.
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides.
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
2021-09-19op-mode: nat: T3648: Fix NAT script errorsjack9603301
2021-09-18container: T2216: add IPv6 support to container networksChristian Poessinger
2021-09-18dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6.
2021-09-18dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } }
2021-09-18validator: T2417: bugfix on Python3 f'ormat stringsChristian Poessinger
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword.
2021-09-17Merge pull request #1007 from erkin/currentChristian Poessinger
T3823: Stop strip-private regexp from swallowing quotes
2021-09-17T3823: Stop strip-private regexp from swallowing quoteserkin
2021-09-15ipsec: T3830: "authentication id|use-x509-id" are mutually exclusiveChristian Poessinger
Manually set peer id and use-x509-id are mutually exclusive!
2021-09-14dhcpv6-pd: T421: disable wide dhcpv6 client debug messagesChristian Poessinger
2021-09-11Fix inconsistent capitalization in the show version outputDaniil Baturin
2021-09-10wireguard: T3642: directly import keys to CLI when run in config modeChristian Poessinger
vyos@vyos# run generate pki wireguard key-pair install interface wg10 "generate" CLI command executed from config session. Generated private-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 Corresponding public-key to use on peer system is: 'hGaWcoG7f+5sPAUY/MNQH1JFhsYdsGTecYA9S2J8xGs=' vyos@vyos# run generate pki wireguard preshared-key install interface wg10 peer vyos "generate" CLI command executed from config session. Generated preshared-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 vyos@vyos# show interfaces wireguard wg10 +peer vyos { + preshared-key OwTALZy8w6VIBMxUwbOv6Ys7QMyhrtY4aw+0cUjmmCw= +} +private-key 0Pu95CejvCUCCwrTW39TCYnitESWAdIIFTVJb7UgxVU= [edit]
2021-09-10frr: T1514: refactor restart script and drop duplicated codeChristian Poessinger
2021-09-10Merge pull request #1000 from sever-sever/T3810Christian Poessinger
squid: squidguard: T3810: Fix template for sourcre-group and rule
2021-09-10squidguard: T3810: Set DB directory rigths 755Viacheslav
2021-09-10ethernet: T3802: use only one implementation for get_driver_name()Christian Poessinger
Move the two implementations to get the driver name of a NIC from ethernet.py and ethtool.py to only ethtool.py. (cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7)
2021-09-09wireguard: T3642: improve "set" commands for generated key-pairsChristian Poessinger
2021-09-09pki: T3642: use f'ormated strings in print()Christian Poessinger
2021-09-09policy: T3812: FRR bgpd also knows about route-maps because of rpkiChristian Poessinger
In order to alter rpki configuration we must also process the route-map nodes with/for bgpd.
2021-09-09pki: wireguard: T3815: do not bail out early so keys can be written to fileChristian Poessinger
2021-09-08openvpn: T3805: fix bool logic in verify_pki() for client modeChristian Poessinger
Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.write_file() to store certificatesChristian Poessinger
2021-09-06pki: eapol: T3642: only add "pki" key to interface dict if pki is configuredChristian Poessinger
2021-09-06pki: eapol: T3642: use write_file() to store certificatesChristian Poessinger
2021-09-06ifconfig: T3806: "ipv6 address no_default_link_local" required for MTU < 1280Christian Poessinger
This commit also extends the smoketest to verify that the exception for this error is raised.
2021-09-06pki: T3642: verify() that we can not delete certificates still referenced in CLIChristian Poessinger
2021-09-06vyos.util: add function to search a key recursively in a dictionaryChristian Poessinger
data = { 'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}}, 'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'], 'description': 'Test123', 'duplex': 'auto', 'hw_id': '00:00:00:00:00:01', 'speed': 'auto'}, 'eth1': {'address': ['192.0.2.9/29'], 'description': 'Test456', 'duplex': 'auto', 'hw_id': '00:00:00:00:00:02', 'speed': 'auto'}}} } dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and '00:00:00:00:00:02' as generator object.
2021-09-06wwan: T3620: op-mode: not all commands supported by all modems - add info ↵Christian Poessinger
message
2021-09-05name-server: T3804: merge "system name-servers-dhcp" into "system name-server"Christian Poessinger
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP address we wan't to use. We also have "set system name-servers-dhcp <interface>" which does the same, but the name-server in question is retrieved via DHCP. Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>" to keep things as they are in real life - we need a name-server. (cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7)
2021-09-05system: T3804: rename migration script 20-to-21 -> 21-to-22Christian Poessinger
VyOS 1.3 equuleus now uses version 21 so we have to bump this by one.
2021-09-05T3803: add source-address option to the op mode ping CLI.Daniil Baturin
2021-09-04op-mode: T3619: bugfix "show interfaces X detail"Christian Poessinger
Commit 27e53fbc ("op-mode: T3619: bugfix "show interfaces" for VLANs") fixed the op-mode command for the "show interfaces" operation, but if a user was interested in all the ethernet or bridge interfaces, the command "show interfaces <type> detail" did not yield any output. The filtered_interfaces() function was further generalized to only operate on base components and call itself recusively if required.
2021-09-04op-mode: T3619: bugfix "show interfaces" for VLANsChristian Poessinger
Commit 31169fa8a7 ("vyos.ifconfig: T3619: only set offloading options if supported by NIC") always instantiated an object of the Ethtool class for an ethernet object - this is right as a real ethernet interface is managed by Ethtool. Unfortunately the script used for "show interface" determindes the "base class" for an interface by its name, so eth0 -> Ethernet, eth0.10 -> Ethernet. This assumption is incorrect as a VLAN interface can not have the physical parameters changed of its underlaying interface. This can only be done for eth0. There is no need for the op-mode script to determine the implementation class for an interface at this level, as we are only interested in the state of the interface and it's IP addresses - which is a common operation valid for every interface on VyOS.
2021-09-04op-mode: import cleanup in "show interfaces" scriptChristian Poessinger
2021-09-04bgp: T3798: "replace-as" option can only be used when "no-prepend" is definedChristian Poessinger
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend".
2021-09-03login: T971 allow quoting in public-keys optionsPaul Lettington
This patch allows the use of `&quot;` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from.
2021-09-03bgp: T3798: add support for neighbor local-as <n> replace-asChristian Poessinger
2021-09-02tunnel: T3788: Add check keys for ipip and sitViacheslav
Keys are not allowed with ipip and sit tunnels
2021-09-02login: T3792: bugfix for usernames containing a hyphenChristian Poessinger
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future.
2021-09-02login: radius: T3192: drop workaround required by get_config_dict()Christian Poessinger
The workaround is no longer required, as the issue was resolved in get_config_dict() so if it is a <multi/> node, a list is always returned.
2021-09-02op-mode: T1376: speed up tab-completion for DHCP pool listingChristian Poessinger
Commit 9f20bee81c ("T1376: improve show_dhcp and show_dhcpv6") added the tab completion helper to list the availbale IP pools to query. This was done by calling a python script which then called cli-shell-api which resulted in a penalty by the Python interpreter startup. This can be solved by directly using the cli-shell-api wrapper available as <path> in op-mode - as also seen for DHCPv6.
2021-09-01Merge pull request #986 from sever-sever/T2920Christian Poessinger
tunnel: T2920: Add checks tun with same source addr and keys
2021-09-01tunnel: T2920: Add checks tun with same source addr and keysViacheslav
2 tunnels with the same local-address should has different keys Check existing tunnels (source-address key) with new tunnel.