summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2020-09-24dns: forwarding: T2921: template cleanupChristian Poessinger
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-09-22ifconfig: T2653: bond: bridge: ensure member interface is not a source-interfaceChristian Poessinger
As we already check that a bond/bridge member interface is not a member of any other bridge or bond, the check must be extended. We also need to ensure that the bond member interface is not used as a source-interface to pppoe, macsec, tunnel, pseudo-ethernet, vxlan interfaces.
2020-09-22ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdictChristian Poessinger
2020-09-21macsec: T2788: source-interface must not be member of a bridgeChristian Poessinger
Add verify() step to ensure the macsec source-interface is not already part of a bridge interface. This should probably also be checked for bond interfaces.
2020-09-20macsec: T2023: add missing mtu CLI optionChristian Poessinger
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come.
2020-09-20ifconfig: T2653: remove duplicates of get_config()Christian Poessinger
A lot of derived classes from Interface implemented their own get_config() method which more or less was the same everywhere. We also hat different qualifiers like @staticmethod or @classmethod. This is now changed to only have the @classmethod in Interface base class which will return the necessary dictionary keys for the required interfaces. This change is a mid reduction in lines of code which is always a very nice thing!
2020-09-20wwan: ifconfig: T2905: sync CLI nodes in dialup interfacesChristian Poessinger
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use different CLI nodes for the same functionality. PPPoE has "connect-on-demand" to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose. Rename WWAN "ondemand" node to "connect-on-demand".
2020-09-20vif-s: ifconfig: T2903: use explicit VLAN protocol over raw numbersChristian Poessinger
In the past we had to provide the ethertype value used for the VLAN protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q). This should be changed to a more user friendly CLI node (protocol over ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in presenting RAW information from the ethernet header to the user. Also iproute2 calls it protocol which makes way more sense over the "raw" value.
2020-09-19dns: forwarding: T2900: restore proper Config() level in verify()Christian Poessinger
Despite the fact that running verify on Config() is "bad" and "not as intended" the level of the configuration must match the keys that are checked by exits(). Re-set proper Config() level before querying the system nodes.
2020-09-16wireless: T2887: Jinja2 can not work on keys starting with a numberChristian Poessinger
... an error would be presented: jinja2.exceptions.TemplateSyntaxError: expected token 'end of statement block', got 'mhz_incapable', thus we simply rename the key before rendering the template.
2020-09-16configd: T2885: fix output of error string to config sessionJohn Estabrook
2020-09-15completion: T2238: add licenseChristian Poessinger
2020-09-15bonding: T2515: preserve interface admin state when removing from bondChristian Poessinger
Removing a member from a bond/LACP will turn the physical interface always in admin-down state. This is invalid, the interface should be placed into the state configured on the VyOS CLI. Smoketest on bond interfaces is extended to check this behavior.
2020-09-15vyos.configdict: T2515: leaf_node_changed() should return list or NoneChristian Poessinger
2020-09-15configd: T2885: print commit errors to config session terminalJohn Estabrook
2020-09-14op-mode: T2874: Add new utill for mtu-checksever-sever
2020-09-13op-mode: T2841: support IPv6 for "monitor bandwidth-test initiate"Christian Poessinger
2020-09-13ddclient: T2858: migrate to get_config_dict()Christian Poessinger
2020-09-13qat: T2857: cleanup configuration scriptChristian Poessinger
2020-09-13configd: T2582: add .gitignoreChristian Poessinger
2020-09-10op-mode: T2856: Fix broken pipe in show version allsever-sever
2020-09-09openconnect: T2036: Move CLI commands under vpn openconnectDmitriyEshenko
2020-09-01frr-template: T2850: Add BGP template for FRRsever-sever
2020-08-31T2636: remove workarounds for get_config_dict()Christian Poessinger
Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on multi node by default") is implemented the workarounds can be removed.
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-08-31configd: T2582: add shim as config daemon clientJohn Estabrook
2020-08-31configd: T2582: add mkjson for use by shimJohn Estabrook
(https://github.com/Jacajack/mkjson.git)
2020-08-31configd: T2582: add config daemon and supporting filesJohn Estabrook
2020-08-30nat: T2814: nftables module for NAT has been renamedChristian Poessinger
Depending on the underlaying Kernel version load the corresponding Kernel module.
2020-08-30Merge pull request #534 from sever-sever/T2833Christian Poessinger
rip: T2833: Fix distribute-list filter
2020-08-28nat: T2813: translation address is mandatory if rule is not excludedChristian Poessinger
2020-08-28T2836: show system integrity brokenhagbard
2020-08-27rip: T2833: Fix distribute-list filtersever-sever
2020-08-26pppoe-server: T2829: migrate 'ppp-options mppe' to leafNodeChristian Poessinger
2020-08-26https: T2830: update to use get_config_dictJohn Estabrook
2020-08-23hostapd: T2564: bugfix on daemon startupChristian Poessinger
Commit b082a6fb21 ("lcd: T2564: flatten CLI interface") by accident replaced the template for hostapd which an LCD configuration during implementation of T2564. This has been corrected by restoring the content of the service configuration from commit 8efb8ba1e (one commit earlier).
2020-08-22dhcpv6-pd: T2677: optimize CLI interface for PD configurationChristian Poessinger
The current CLI did not support multiple prefix-delegations per interface. Some ISPs only send one /64 to a client per prefix-delegation request, but they allow the customer to request multiple prefixes. The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0). In the past the user needed to know what prefix will be assigned and required to calculate the sla-len by himself. The 'sla-len' node was dropped and is now calculated in the background from the 'dhcpv6-options pd 0 length' node. It is no longer mandatory to supply the 'sla-id' node, if sla-id is not specified it is 'guessed' by counting upwards. Example configuration: ---------------------- ethernet eth1 { address dhcpv6 dhcpv6-options { pd 0 { length 56 interface eth2 { address 1 } } } } This will request a /56 assignment from the ISP and will delegate a /64 network to interface eth2. VyOS will use the interface address ::1 on the delegate interface (eth2) as its local address.
2020-08-19https: T2815: adjust for change in certbot config directoryJohn Estabrook
2020-08-19certbot: T2815: change config dir to /config/auth/letsencryptJohn Estabrook
2020-08-20Merge pull request #530 from DmitriyEshenko/1x-anyconnect-fix01Christian Poessinger
anyconnect: T2811: Return None if anyconnect not configured
2020-08-20Merge pull request #531 from sever-sever/T915-timersChristian Poessinger
mpls-ldp: T915: Add discovery hello timers
2020-08-19mpls-ldp: T915: Add discovery hello timerssever-sever
2020-08-19lldp: op-mode: convert data processing from XML to JSONChristian Poessinger
2020-08-19anyconnect: T2811: Return None if anyconnect not configuredDmitriyEshenko
2020-08-18anyconnect: T2036: add anyconnect VPN supportEshenko Dmitriy
2020-08-18lcd: T2564: add support for Lanner, Watchguard, Symantec boxesChristian Poessinger
2020-08-16dhclient: T2277: remove VRF route when DHCP client exitsChristian Poessinger
2020-08-16ping: op-mode: T2762: always run in default VRF unless defined otherwiseChristian Poessinger
When connected to VyOS by SSH through any VRF, every command is executed in the VRF context thus e.g. ping will run in VRF context but no VRF was defined on the CLI. ping should always run in the default VRF no matter where it is executed, unless a VRF instance is explicitly defined by CLI.
2020-08-15dhclient: T2277: retrieve VRF inform from sysfs rather then iproute2Christian Poessinger