VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=1.4.0-rc2 2024-01-08T20:11:13+00:00 2024-01-08T20:11:13+00:00 Christian Breunig christian@breunig.cc 2024-01-05T21:35:59+00:00 urn:sha1:1b85e7a9442aa71e2137df44747bd184c4a8b6de (cherry picked from commit 9ab6665c80c30bf446d94620fc9d85b052d48072) 2024-01-01T22:25:06+00:00 aapostoliuk a.apostoliuk@vyos.io 2023-12-19T08:55:04+00:00 urn:sha1:b48982530efcd17a21910d1116272af4482a30ce Rewritten L2TP to get_config_dict Rewritten L2TP xml to accel-ppp patterns Migrated 'idle' to 'ppp-options.lcp-echo-timeout' Migrated 'authentication.mppe' to 'ppp-options.mppe' Migrated 'authentication.radius.dae-server' to 'authentication.radius.dynamic-author' Migrated 'authentication.require' to 'authentication.protocol' Added 'authentication.radius.acct-interim-jitter' Added 'authentication.radius.preallocate-vif' Added 'authentication.radius.server.<IP>.acct-port' Added 'ppp-options.ipv4' Added smoke-tests Fixed 'preallocate-vif' in SSTP (cherry picked from commit 09e0a2ca035ee39a68a510b28cc74560669d0420) 2023-12-30T19:32:02+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-12-18T08:57:01+00:00 urn:sha1:201501ace13020e187dfbba4b125eb3f8664046d (cherry picked from commit 7c40b70af9def9242b30d1fc949288d9da2bd027) 2023-12-30T09:44:15+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-12-29T21:06:27+00:00 urn:sha1:0fb8c4142d7910e14fff71f6365c64865b4d0d0b Shorten and simplify `system domain-search` config path from: ``` set system domain-search domain <domain1> ``` to: ``` set system domain-search <domain1> ``` This will shorten the path and also make consistent with `domain-search` config in other places (like `dhcp-server`). (cherry picked from commit f77bf573c608b6c09182e1bad4312c4dd1e5195e) 2023-12-28T15:28:02+00:00 aapostoliuk a.apostoliuk@vyos.io 2023-11-13T09:17:23+00:00 urn:sha1:d5062cb045fae8b0b5d68b3b1198c3b86de4d558 Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different. (cherry picked from commit 422eb463d413da812eabc28706e507a9910d7b53) 2023-12-25T10:01:42+00:00 Christian Breunig christian@breunig.cc 2023-12-25T07:58:56+00:00 urn:sha1:1902f252c4c270cf7981fecd486e293ec2182fd9 (cherry picked from commit a9201e77110ce0695e2ba879304aef41b7ac9a0c) 2023-12-21T15:34:52+00:00 Christian Breunig christian@breunig.cc 2023-12-19T06:49:03+00:00 urn:sha1:eac5251c4c804c580fe9f3c3d6c6f6e355fca6d1 VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } } (cherry picked from commit 4d721a58020971d00ab854c37b68e88359999f9c) 2023-12-06T01:50:56+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-12-01T01:16:53+00:00 urn:sha1:06bf126a767c2775bc90021f0435b86f2bad9a5b 2023-12-01T03:42:23+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-11-03T01:44:57+00:00 urn:sha1:78a7f0182a3ae504f8a29502cc064f56769df75a Time interval in seconds to wait between DNS updates would be a bit more intuitive as `interval` than `timeout`. 2023-11-20T18:22:08+00:00 Christian Breunig christian@breunig.cc 2023-11-20T09:13:21+00:00 urn:sha1:3280a153713decf28eb5c564573028df19a4e1b1 Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy. (cherry picked from commit f5e43b1361fb59a9c260739bdb28729d5119507c)