diff options
Diffstat (limited to 'op-mode-definitions')
23 files changed, 578 insertions, 92 deletions
diff --git a/op-mode-definitions/clear-log.xml.in b/op-mode-definitions/clear-log.xml.in new file mode 100644 index 000000000..1f4a1aacd --- /dev/null +++ b/op-mode-definitions/clear-log.xml.in @@ -0,0 +1,13 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="clear"> + <children> + <leafNode name="log"> + <properties> + <help>Clear contents of current master log file</help> + </properties> + <command>sudo journalctl --rotate --vacuum-time=1s</command> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/conntrack-sync.xml.in b/op-mode-definitions/conntrack-sync.xml.in new file mode 100644 index 000000000..41a71b04a --- /dev/null +++ b/op-mode-definitions/conntrack-sync.xml.in @@ -0,0 +1,94 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="reset"> + <children> + <node name="conntrack-sync"> + <properties> + <help>Reset connection syncing parameters</help> + </properties> + <children> + <leafNode name="external-cache"> + <properties> + <help>Reset external cache and request resync with other systems</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-external</command> + </leafNode> + <leafNode name="internal-cache"> + <properties> + <help>Reset internal cache and request resync with other systems</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-internal</command> + </leafNode> + </children> + </node> + </children> + </node> + <node name="restart"> + <children> + <leafNode name="conntrack-sync"> + <properties> + <help>Restart connection tracking synchronization service</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --restart</command> + </leafNode> + </children> + </node> + <node name="show"> + <children> + <node name="conntrack-sync"> + <properties> + <help>Show connection tracking synchronization information</help> + </properties> + <children> + <node name="cache"> + <properties> + <help>Show connection tracking cache entries</help> + </properties> + <children> + <node name="external"> + <properties> + <help>Show external connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external; ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> + <children> + <leafNode name="main"> + <properties> + <help>Show external main connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external</command> + </leafNode> + <leafNode name="expect"> + <properties> + <help>Show external expect connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> + </leafNode> + </children> + </node> + <node name="internal"> + <properties> + <help>Show internal connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal; ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> + <children> + <leafNode name="main"> + <properties> + <help>Show internal main connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal</command> + </leafNode> + <leafNode name="expect"> + <properties> + <help>Show internal expect connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/disks.xml.in b/op-mode-definitions/disks.xml.in index fb39c4f3c..2102a2e8e 100644 --- a/op-mode-definitions/disks.xml.in +++ b/op-mode-definitions/disks.xml.in @@ -26,7 +26,6 @@ </tagNode> </children> </node> - <node name="show"> <children> <tagNode name="disk"> diff --git a/op-mode-definitions/flow-accounting-op.xml.in b/op-mode-definitions/flow-accounting-op.xml.in index b847338f9..7aaae5974 100644 --- a/op-mode-definitions/flow-accounting-op.xml.in +++ b/op-mode-definitions/flow-accounting-op.xml.in @@ -57,7 +57,7 @@ <properties> <help>Restart (net)flow accounting process</help> </properties> - <command>${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command> + <command>sudo ${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/generate-ssh-server-key.xml.in b/op-mode-definitions/generate-ssh-server-key.xml.in index 86bb1b1bd..ecea3e5d1 100644 --- a/op-mode-definitions/generate-ssh-server-key.xml.in +++ b/op-mode-definitions/generate-ssh-server-key.xml.in @@ -14,7 +14,7 @@ <properties> <help>Re-generate SSH host keys and restart SSH server</help> </properties> - <command>${vyos_op_scripts_dir}/generate_ssh_server_key.py</command> + <command>sudo ${vyos_op_scripts_dir}/generate_ssh_server_key.py</command> </node> <tagNode name="client-key"> <properties> diff --git a/op-mode-definitions/ipv4-route.xml.in b/op-mode-definitions/ipv4-route.xml.in index 1bda3ac11..aab3df0f1 100644 --- a/op-mode-definitions/ipv4-route.xml.in +++ b/op-mode-definitions/ipv4-route.xml.in @@ -43,7 +43,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>sudo /sbin/ip neigh flush to "$5"</command> + <command>sudo ip neigh flush to "$5"</command> </tagNode> <tagNode name="interface"> <properties> @@ -52,7 +52,7 @@ <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> </properties> - <command>sudo /sbin/ip neigh flush dev "$5"</command> + <command>sudo ip neigh flush dev "$5"</command> </tagNode> </children> </node> @@ -66,7 +66,7 @@ <properties> <help>Flush the kernel route cache</help> </properties> - <command>sudo /sbin/ip route flush cache</command> + <command>sudo ip route flush cache</command> </leafNode> <tagNode name="cache"> @@ -76,7 +76,7 @@ <list><x.x.x.x> <x.x.x.x/x></list> </completionHelp> </properties> - <command>sudo /sbin/ip route flush cache "$5"</command> + <command>sudo ip route flush cache "$5"</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/monitor-bandwidth-test.xml.in b/op-mode-definitions/monitor-bandwidth-test.xml.in index 5b36b1da5..965591280 100644 --- a/op-mode-definitions/monitor-bandwidth-test.xml.in +++ b/op-mode-definitions/monitor-bandwidth-test.xml.in @@ -7,21 +7,51 @@ <help>Initiate or wait for bandwidth test</help> </properties> <children> - <leafNode name="accept"> + <node name="accept"> <properties> <help>Wait for bandwidth test connections (port TCP/5001)</help> </properties> <command>/usr/bin/iperf -V -s</command> - </leafNode> - <tagNode name="initiate"> + <children> + <leafNode name="tcp"> + <properties> + <help>Wait for bandwidth test connections (port TCP/5001)</help> + </properties> + <command>/usr/bin/iperf -V -s</command> + </leafNode> + <leafNode name="udp"> + <properties> + <help>Wait for bandwidth test connections (port UDP/5001)</help> + </properties> + <command>/usr/bin/iperf -V -s -u</command> + </leafNode> + </children> + </node> + <node name="initiate"> <properties> - <help>Initiate a bandwidth test to specified host (port TCP/5001)</help> - <completionHelp> - <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> + <help>Initiate a bandwidth test to specified host</help> </properties> - <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$4"</command> - </tagNode> + <children> + <tagNode name="tcp"> + <properties> + <help>Initiate a bandwidth test to specified host (port TCP/5001)</help> + <completionHelp> + <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$5"</command> + </tagNode> + <tagNode name="udp"> + <properties> + <help>Initiate a bandwidth test to specified host (port UDP/5001)</help> + <completionHelp> + <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$5" "-u"</command> + </tagNode> + </children> + </node> </children> </node> </children> diff --git a/op-mode-definitions/nhrp.xml.in b/op-mode-definitions/nhrp.xml.in new file mode 100644 index 000000000..9e746cc35 --- /dev/null +++ b/op-mode-definitions/nhrp.xml.in @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="reset"> + <children> + <node name="nhrp"> + <properties> + <help>Clear/Purge NHRP entries</help> + </properties> + <children> + <node name="flush"> + <properties> + <help>Clear all non-permanent entries</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Clear all non-permanent entries</help> + </properties> + <command>sudo opennhrpctl flush dev $5 || echo OpenNHRP is not running.</command> + </tagNode> + </children> + <command>sudo opennhrpctl flush || echo OpenNHRP is not running.</command> + </node> + <node name="purge"> + <properties> + <help>Purge entries from NHRP cache</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Purge all entries from NHRP cache</help> + </properties> + <command>sudo opennhrpctl purge dev $5 || echo OpenNHRP is not running.</command> + </tagNode> + </children> + <command>sudo opennhrpctl purge || echo OpenNHRP is not running.</command> + </node> + </children> + </node> + </children> + </node> + <node name="show"> + <children> + <node name="nhrp"> + <properties> + <help>Show NHRP info</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Show NHRP interface connection information</help> + </properties> + <command>if [ -f /var/run/opennhrp.pid ]; then sudo opennhrpctl interface show; else echo OpenNHRP is not running.; fi</command> + </leafNode> + <leafNode name="tunnel"> + <properties> + <help>Show NHRP tunnel connection information</help> + </properties> + <command>if [ -f /var/run/opennhrp.pid ]; then sudo opennhrpctl show ; else echo OpenNHRP is not running.; fi</command> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/openconnect.xml.in b/op-mode-definitions/openconnect.xml.in index 36f23239e..6b0082b4c 100644 --- a/op-mode-definitions/openconnect.xml.in +++ b/op-mode-definitions/openconnect.xml.in @@ -17,4 +17,14 @@ </node> </children> </node> + <node name="restart"> + <children> + <leafNode name="openconnect-server"> + <properties> + <help>Restart openconnect server process</help> + </properties> + <command>${vyos_op_scripts_dir}/openconnect-control.py --action="restart"</command> + </leafNode> + </children> + </node> </interfaceDefinition> diff --git a/op-mode-definitions/show-arp.xml.in b/op-mode-definitions/show-arp.xml.in new file mode 100644 index 000000000..12e7d3aa2 --- /dev/null +++ b/op-mode-definitions/show-arp.xml.in @@ -0,0 +1,24 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="arp"> + <properties> + <help>Show Address Resolution Protocol (ARP) information</help> + </properties> + <command>/usr/sbin/arp -e -n</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -b</script> + </completionHelp> + </properties> + <command>/usr/sbin/arp -e -n -i "$4"</command> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-console-server.xml.in b/op-mode-definitions/show-console-server.xml.in index 77a7f3376..253d15498 100644 --- a/op-mode-definitions/show-console-server.xml.in +++ b/op-mode-definitions/show-console-server.xml.in @@ -8,7 +8,7 @@ <properties> <help>Show log for serial console server</help> </properties> - <command>/usr/bin/journalctl -u conserver-server.service</command> + <command>/usr/bin/journalctl --unit conserver-server.service</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/show-hardware.xml.in b/op-mode-definitions/show-hardware.xml.in index 0df2e4404..20fdd753d 100644 --- a/op-mode-definitions/show-hardware.xml.in +++ b/op-mode-definitions/show-hardware.xml.in @@ -53,18 +53,40 @@ </node> </children> </node> - <node name="scsi"> + <node name="storage"> <properties> - <help>Show SCSI device information</help> + <help>Show system storage information</help> </properties> - <command>lsscsi</command> <children> - <node name="detail"> + <leafNode name="nvme"> + <properties> + <help>Show NVMe device information</help> + </properties> + <command>sudo nvme list</command> + </leafNode> + <node name="scsi"> <properties> - <help>Show detailed SCSI device information</help> + <help>Show SCSI device information</help> </properties> - <command>lsscsi -vvv</command> + <command>lsscsi</command> + <children> + <node name="detail"> + <properties> + <help>Show detailed SCSI device information</help> + </properties> + <command>lsscsi -vvv</command> + </node> + </children> </node> + <tagNode name="smart"> + <properties> + <help>Show S.M.A.R.T. device information</help> + <completionHelp> + <script>ls /dev | egrep '([hsv]d[a-z]|nvme[0-9]+n[0-9])$'</script> + </completionHelp> + </properties> + <command>sudo smartctl -a "/dev/$5" | sed 1,3d</command> + </tagNode> </children> </node> <node name="usb"> diff --git a/op-mode-definitions/show-interfaces-macsec.xml.in b/op-mode-definitions/show-interfaces-macsec.xml.in index 6aeab66af..a264ff22e 100644 --- a/op-mode-definitions/show-interfaces-macsec.xml.in +++ b/op-mode-definitions/show-interfaces-macsec.xml.in @@ -11,7 +11,7 @@ <path>interfaces macsec</path> </completionHelp> </properties> - <command>/usr/sbin/ip macsec show</command> + <command>ip macsec show</command> </node> <tagNode name="macsec"> <properties> @@ -20,7 +20,7 @@ <path>interfaces macsec</path> </completionHelp> </properties> - <command>/usr/sbin/ip macsec show $4</command> + <command>ip macsec show $4</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/show-interfaces-pppoe.xml.in b/op-mode-definitions/show-interfaces-pppoe.xml.in index 393ca912f..18697a275 100644 --- a/op-mode-definitions/show-interfaces-pppoe.xml.in +++ b/op-mode-definitions/show-interfaces-pppoe.xml.in @@ -17,7 +17,7 @@ <properties> <help>Show specified PPPoE interface log</help> </properties> - <command>/usr/bin/journalctl -u "ppp@$4".service</command> + <command>/usr/bin/journalctl --unit "ppp@$4".service</command> </leafNode> <leafNode name="statistics"> <properties> diff --git a/op-mode-definitions/show-interfaces-wirelessmodem.xml.in b/op-mode-definitions/show-interfaces-wirelessmodem.xml.in index c0ab9c66f..18b1e55c7 100644 --- a/op-mode-definitions/show-interfaces-wirelessmodem.xml.in +++ b/op-mode-definitions/show-interfaces-wirelessmodem.xml.in @@ -17,7 +17,7 @@ <properties> <help>Show specified WWAN interface log</help> </properties> - <command>/usr/bin/journalctl -u "ppp@$4".service</command> + <command>/usr/bin/journalctl --unit "ppp@$4".service</command> </leafNode> <leafNode name="statistics"> <properties> diff --git a/op-mode-definitions/show-ip-route.xml.in b/op-mode-definitions/show-ip-route.xml.in index 729572b4a..0a24bc45a 100644 --- a/op-mode-definitions/show-ip-route.xml.in +++ b/op-mode-definitions/show-ip-route.xml.in @@ -153,9 +153,9 @@ <children> <leafNode name="longer-prefixes"> <properties> - <help>Show longer prefixes of routes for specified IP address or prefix</help> + <help>Show longer prefixes of routes for specified prefix</help> </properties> - <command>vtysh -c "show ip route $4 longer-prefixes"</command> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> </leafNode> </children> </tagNode> diff --git a/op-mode-definitions/show-ipv6-route.xml.in b/op-mode-definitions/show-ipv6-route.xml.in index 065ea6f1f..8624574ac 100644 --- a/op-mode-definitions/show-ipv6-route.xml.in +++ b/op-mode-definitions/show-ipv6-route.xml.in @@ -133,9 +133,9 @@ <children> <node name="longer-prefixes"> <properties> - <help>Show longer prefixes of routes for given address or prefix</help> + <help>Show longer prefixes of routes for given prefix</help> </properties> - <command>vtysh -c "show ipv6 route $4 longer-prefixes"</command> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> </node> </children> <command>vtysh -c "show ipv6 route $4"</command> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index 58216bfd1..bb2de1580 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -18,7 +18,7 @@ <properties> <help>Show listing of authorization attempts</help> </properties> - <command>/bin/journalctl -q SYSLOG_FACILITY=10 SYSLOG_FACILITY=4</command> + <command>/bin/journalctl --quiet SYSLOG_FACILITY=10 SYSLOG_FACILITY=4</command> </leafNode> <leafNode name="cluster"> <properties> diff --git a/op-mode-definitions/show-protocols-static.xml.in b/op-mode-definitions/show-protocols-static.xml.in deleted file mode 100644 index aaf875072..000000000 --- a/op-mode-definitions/show-protocols-static.xml.in +++ /dev/null @@ -1,49 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="show"> - <children> - <node name="arp"> - <properties> - <help>Show Address Resolution Protocol (ARP) information</help> - </properties> - <command>/usr/sbin/arp -e -n</command> - <children> - <tagNode name="interface"> - <properties> - <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py -b</script> - </completionHelp> - </properties> - <command>/usr/sbin/arp -e -n -i "$4"</command> - </tagNode> - </children> - </node> - <node name="protocols"> - <children> - <node name="static"> - <children> - <node name="arp"> - <properties> - <help>Show Address Resolution Protocol (ARP) information</help> - </properties> - <command>/usr/sbin/arp -e -n</command> - <children> - <tagNode name="interface"> - <properties> - <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py -b</script> - </completionHelp> - </properties> - <command>/usr/sbin/arp -e -n -i "$6"</command> - </tagNode> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/op-mode-definitions/show-protocols-bfd.xml.in b/op-mode-definitions/show-protocols.xml.in index 886b01e51..d595e2c3c 100644 --- a/op-mode-definitions/show-protocols-bfd.xml.in +++ b/op-mode-definitions/show-protocols.xml.in @@ -8,6 +8,9 @@ </properties> <children> <node name="bfd"> + <properties> + <help>Show Bidirectional Forwarding Detection (BFD)</help> + </properties> <children> <node name="peer"> <properties> @@ -48,6 +51,30 @@ </leafNode> </children> </node> + <node name="static"> + <properties> + <help>Show static protocol parameters</help> + </properties> + <children> + <node name="arp"> + <properties> + <help>Show Address Resolution Protocol (ARP) information</help> + </properties> + <command>/usr/sbin/arp -e -n</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -b</script> + </completionHelp> + </properties> + <command>/usr/sbin/arp -e -n -i "$6"</command> + </tagNode> + </children> + </node> + </children> + </node> </children> </node> </children> diff --git a/op-mode-definitions/show-vrf.xml.in b/op-mode-definitions/show-vrf.xml.in index 438e7c334..9c38c30fe 100644 --- a/op-mode-definitions/show-vrf.xml.in +++ b/op-mode-definitions/show-vrf.xml.in @@ -21,7 +21,7 @@ <properties> <help>Shows all process ids associated with VRF</help> </properties> - <command>/usr/sbin/ip vrf pids "$3"</command> + <command>ip vrf pids "$3"</command> </leafNode> </children> </tagNode> diff --git a/op-mode-definitions/traceroute.xml.in b/op-mode-definitions/traceroute.xml.in index 1b619ed43..e3217235c 100644 --- a/op-mode-definitions/traceroute.xml.in +++ b/op-mode-definitions/traceroute.xml.in @@ -90,7 +90,7 @@ <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute "$4"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute "$4"</command> </tagNode> <tagNode name="ipv4"> <properties> @@ -99,13 +99,13 @@ <list><hostname> <x.x.x.x></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command> <children> <node name="tcp"> <properties> <help>Route tracing and port detection using TCP</help> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command> <children> <tagNode name="port"> <properties> @@ -114,7 +114,7 @@ <list>0-65535</list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command> </tagNode> </children> </node> @@ -127,13 +127,13 @@ <list><hostname> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command> <children> <node name="tcp"> <properties> <help>Use TCP/IPv6 packets to perform a traceroute</help> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command> <children> <tagNode name="port"> <properties> @@ -142,7 +142,7 @@ <list>0-65535</list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command> </tagNode> </children> </node> @@ -198,7 +198,7 @@ <list><fqdn></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command> </tagNode> <tagNode name="ipv6"> <properties> @@ -207,7 +207,7 @@ <list><fqdn></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command> </tagNode> <tagNode name=""> <properties> @@ -216,7 +216,7 @@ <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr "$5"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr "$5"</command> </tagNode> </children> </tagNode> diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in new file mode 100644 index 000000000..76f4893c1 --- /dev/null +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -0,0 +1,251 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="generate"> + <children> + <node name="vpn"> + <properties> + <help>VPN key generation utility</help> + </properties> + <children> + <node name="rsa-key"> + <properties> + <help>Generate local RSA key (default: bits=2192)</help> + </properties> + <children> + <tagNode name="bits"> + <properties> + <help>Generate local RSA key with specified number of bits</help> + <completionHelp> + <list><16-4096></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key" --bits="$5"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key" --bits="2192"</command> + </node> + <node name="x509"> + <properties> + <help>x509 key-pair generation tool</help> + </properties> + <children> + <tagNode name="key-pair"> + <properties> + <help>Generate x509 key-pair</help> + <completionHelp> + <list><common-name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="x509" --name="$5"</command> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="reset"> + <children> + <node name="vpn"> + <properties> + <help>Reset Virtual Private Network (VPN) information</help> + </properties> + <children> + <tagNode name="ipsec-peer"> + <properties> + <help>Reset all tunnels for given peer</help> + <completionHelp> + <path>vpn ipsec site-to-site peer</path> + </completionHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Reset a specific tunnel for given peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="$6"</command> + </tagNode> + <node name="vti"> + <properties> + <help>Reset the VTI tunnel for given peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="vti"</command> + </node> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="all"</command> + </tagNode> + <tagNode name="ipsec-profile"> + <properties> + <help>Reset all tunnels for given DMVPN profile</help> + <completionHelp> + <path>vpn ipsec profile</path> + </completionHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Reset a specific tunnel for given DMVPN profile</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"</command> + </tagNode> + </children> + </node> + </children> + </node> + <node name="restart"> + <children> + <node name="vpn"> + <properties> + <help>Restart IPSec VPN</help> + </properties> + <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec restart ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + </node> + <node name="show"> + <children> + <node name="vpn"> + <properties> + <help>Show Virtual Private Network (VPN) information</help> + </properties> + <children> + <node name="debug"> + <properties> + <help>Show VPN debugging information</help> + </properties> + <children> + <tagNode name="peer"> + <properties> + <help>Show debugging information for a peer</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Show debug information for peer tunnel</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all"</command> + </node> + <node name="ike"> + <properties> + <help>Show Internet Key Exchange (IKE) information</help> + </properties> + <children> + <node name="rsa-keys"> + <properties> + <help>Show VPN RSA keys</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key-show"</command> + </node> + <node name="sa"> + <properties> + <help>Show all currently active IKE Security Associations (SA)</help> + </properties> + <children> + <node name="nat-traversal"> + <properties> + <help>Show all currently active IKE Security Associations (SA) that are using NAT Traversal</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes"</command> + </node> + <tagNode name="peer"> + <properties> + <help>Show all currently active IKE Security Associations (SA) for a peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py</command> + </node> + <node name="secrets"> + <properties> + <help>Show all the pre-shared key secrets</help> + </properties> + <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command> + </node> + <node name="status"> + <properties> + <help>Show summary of IKE process information</help> + </properties> + <command>if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi</command> + </node> + </children> + </node> + <node name="ipsec"> + <properties> + <help>Show Internet Protocol Security (IPSec) information</help> + </properties> + <children> + <node name="policy"> + <properties> + <help>Show the in-kernel crypto policies</help> + </properties> + <command>sudo ip xfrm policy list</command> + </node> + <node name="sa"> + <properties> + <help>Show all active IPSec Security Associations (SA)</help> + </properties> + <children> + <!-- + <node name="detail"> + <properties> + <help>Show Detail on all active IPSec Security Associations (SA)</help> + </properties> + <command></command> + </node> + <tagNode name="stats"> + <properties> + <help>Show statistics for all currently active IPSec Security Associations (SA)</help> + <valueHelp> + <format>txt</format> + <description>Show Statistics for SAs associated with a specific peer</description> + </valueHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Show Statistics for SAs associated with a specific peer</help> + </properties> + <command></command> + </tagNode> + </children> + <command></command> + </tagNode> + --> + <node name="verbose"> + <properties> + <help>Show Verbose Detail on all active IPSec Security Associations (SA)</help> + </properties> + <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + <command>if pgrep charon >/dev/null ; then sudo /usr/libexec/vyos/op_mode/show_ipsec_sa.py ; else echo "IPSec process not running" ; fi</command> + </node> + <node name="state"> + <properties> + <help>Show the in-kernel crypto state</help> + </properties> + <command>sudo ip xfrm state list</command> + </node> + <node name="status"> + <properties> + <help>Show status of IPSec process</help> + </properties> + <command>if pgrep charon >/dev/null ; then echo -e "IPSec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |