diff options
Diffstat (limited to 'op-mode-definitions')
39 files changed, 1444 insertions, 402 deletions
diff --git a/op-mode-definitions/clear-log.xml.in b/op-mode-definitions/clear-log.xml.in new file mode 100644 index 000000000..1f4a1aacd --- /dev/null +++ b/op-mode-definitions/clear-log.xml.in @@ -0,0 +1,13 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="clear"> + <children> + <leafNode name="log"> + <properties> + <help>Clear contents of current master log file</help> + </properties> + <command>sudo journalctl --rotate --vacuum-time=1s</command> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/connect.xml.in b/op-mode-definitions/connect.xml.in index 1ec62949a..8f19eac70 100644 --- a/op-mode-definitions/connect.xml.in +++ b/op-mode-definitions/connect.xml.in @@ -19,7 +19,7 @@ <help>Bring up a connection-oriented network interface</help> <completionHelp> <path>interfaces pppoe</path> - <path>interfaces wirelessmodem</path> + <path>interfaces wwan</path> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect "$3"</command> diff --git a/op-mode-definitions/conntrack-sync.xml.in b/op-mode-definitions/conntrack-sync.xml.in index d1d3bf744..41a71b04a 100644 --- a/op-mode-definitions/conntrack-sync.xml.in +++ b/op-mode-definitions/conntrack-sync.xml.in @@ -11,13 +11,13 @@ <properties> <help>Reset external cache and request resync with other systems</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-external</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-external</command> </leafNode> <leafNode name="internal-cache"> <properties> <help>Reset internal cache and request resync with other systems</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-internal</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-internal</command> </leafNode> </children> </node> @@ -29,7 +29,7 @@ <properties> <help>Restart connection tracking synchronization service</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --restart</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --restart</command> </leafNode> </children> </node> @@ -49,19 +49,19 @@ <properties> <help>Show external connection tracking cache entries</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external; ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external; ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> <children> <leafNode name="main"> <properties> <help>Show external main connection tracking cache entries</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external</command> </leafNode> <leafNode name="expect"> <properties> <help>Show external expect connection tracking cache entries</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> </leafNode> </children> </node> @@ -69,19 +69,19 @@ <properties> <help>Show internal connection tracking cache entries</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal; ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal; ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> <children> <leafNode name="main"> <properties> <help>Show internal main connection tracking cache entries</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal</command> </leafNode> <leafNode name="expect"> <properties> <help>Show internal expect connection tracking cache entries</help> </properties> - <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/disconnect.xml.in b/op-mode-definitions/disconnect.xml.in index bf2c37b89..4415c0ed2 100644 --- a/op-mode-definitions/disconnect.xml.in +++ b/op-mode-definitions/disconnect.xml.in @@ -10,7 +10,7 @@ <help>Take down a connection-oriented network interface</help> <completionHelp> <path>interfaces pppoe</path> - <path>interfaces wirelessmodem</path> + <path>interfaces wwan</path> </completionHelp> </properties> <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --disconnect "$3"</command> diff --git a/op-mode-definitions/disks.xml.in b/op-mode-definitions/disks.xml.in index fb39c4f3c..2102a2e8e 100644 --- a/op-mode-definitions/disks.xml.in +++ b/op-mode-definitions/disks.xml.in @@ -26,7 +26,6 @@ </tagNode> </children> </node> - <node name="show"> <children> <tagNode name="disk"> diff --git a/op-mode-definitions/flow-accounting-op.xml.in b/op-mode-definitions/flow-accounting-op.xml.in index b847338f9..7aaae5974 100644 --- a/op-mode-definitions/flow-accounting-op.xml.in +++ b/op-mode-definitions/flow-accounting-op.xml.in @@ -57,7 +57,7 @@ <properties> <help>Restart (net)flow accounting process</help> </properties> - <command>${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command> + <command>sudo ${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/generate-ipsec-profile.xml.in b/op-mode-definitions/generate-ipsec-profile.xml.in new file mode 100644 index 000000000..be9227971 --- /dev/null +++ b/op-mode-definitions/generate-ipsec-profile.xml.in @@ -0,0 +1,145 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="generate"> + <children> + <node name="ipsec"> + <properties> + <help>Generate IPsec related configurations</help> + </properties> + <children> + <node name="profile"> + <properties> + <help>Generate IKEv2 IPSec remote-access VPN profiles</help> + </properties> + <children> + <tagNode name="ios-remote-access"> + <properties> + <help>Generate iOS profile for specified remote-access connection name</help> + <completionHelp> + <path>vpn ipsec remote-access connection</path> + </completionHelp> + </properties> + <children> + <tagNode name="remote"> + <properties> + <help>Remote address where the client will connect to</help> + <completionHelp> + <list><fqdn></list> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7"</command> + <children> + <tagNode name="name"> + <properties> + <help>Connection name as seen in the VPN application</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --name "$9"</command> + <children> + <tagNode name="profile"> + <properties> + <help>Profile name as seen under system profiles</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --name "$9" --profile "${11}"</command> + </tagNode> + </children> + </tagNode> + <tagNode name="profile"> + <properties> + <help>Profile name as seen under system profiles</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --profile "$9"</command> + <children> + <tagNode name="name"> + <properties> + <help>Connection name as seen in the VPN application</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os ios --connection "$5" --remote "$7" --profile "$9" --name "${11}"</command> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + <tagNode name="windows-remote-access"> + <properties> + <help>Generate iOS profile for specified remote-access connection name</help> + <completionHelp> + <path>vpn ipsec remote-access connection</path> + </completionHelp> + </properties> + <children> + <tagNode name="remote"> + <properties> + <help>Remote address where the client will connect to</help> + <completionHelp> + <list><fqdn></list> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os windows --connection "$5" --remote "$7"</command> + <children> + <tagNode name="name"> + <properties> + <help>Connection name as seen in the VPN application</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os windows --connection "$5" --remote "$7" --name "$9"</command> + <children> + <tagNode name="profile"> + <properties> + <help>Profile name as seen under system profiles</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os windows --connection "$5" --remote "$7" --name "$9" --profile "${11}"</command> + </tagNode> + </children> + </tagNode> + <tagNode name="profile"> + <properties> + <help>Profile name as seen under system profiles</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os windows --connection "$5" --remote "$7" --profile "$9"</command> + <children> + <tagNode name="name"> + <properties> + <help>Connection name as seen in the VPN application</help> + <completionHelp> + <list><name></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/ikev2_profile_generator.py --os windows --connection "$5" --remote "$7" --profile "$9" --name "${11}"</command> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/generate-public-key-command.xml.in b/op-mode-definitions/generate-public-key-command.xml.in new file mode 100644 index 000000000..21f0f56f0 --- /dev/null +++ b/op-mode-definitions/generate-public-key-command.xml.in @@ -0,0 +1,33 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="generate"> + <children> + <node name="public-key-command"> + <properties> + <help>Generate configuration mode command to add OpenSSH public key from file</help> + </properties> + <children> + <tagNode name="user"> + <properties> + <help>Username of public key owner</help> + <completionHelp> + <list><username></list> + </completionHelp> + </properties> + <children> + <tagNode name="path"> + <properties> + <help>Local path or remote URL of OpenSSH public key</help> + <completionHelp> + <list><![CDATA[<http[s]://[<username>:<password>@]<hostname>/<path-to-file>> <ftp://[<username>[:<password>]@]<hostname>/<path-to-file>> <tftp://<hostname>/<path-to-file>> <sftp://[<username>[:<password>]@]<hostname>/<path-to-file>> <scp://[<username>[:<password>]@]<hostname>/<path-to-file>> <[file://]/<path-to-file>>]]></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/generate_public_key_command.py "$4" "$6"</command> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/generate-ssh-server-key.xml.in b/op-mode-definitions/generate-ssh-server-key.xml.in index 86bb1b1bd..ecea3e5d1 100644 --- a/op-mode-definitions/generate-ssh-server-key.xml.in +++ b/op-mode-definitions/generate-ssh-server-key.xml.in @@ -14,7 +14,7 @@ <properties> <help>Re-generate SSH host keys and restart SSH server</help> </properties> - <command>${vyos_op_scripts_dir}/generate_ssh_server_key.py</command> + <command>sudo ${vyos_op_scripts_dir}/generate_ssh_server_key.py</command> </node> <tagNode name="client-key"> <properties> diff --git a/op-mode-definitions/generate-wireguard.xml.in b/op-mode-definitions/generate-wireguard.xml.in new file mode 100644 index 000000000..6557b463b --- /dev/null +++ b/op-mode-definitions/generate-wireguard.xml.in @@ -0,0 +1,72 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="generate"> + <children> + <node name="wireguard"> + <properties> + <help>Generate Wireguard keys</help> + </properties> + <children> + <tagNode name="client-config"> + <properties> + <help>Generate Client config QR code</help> + <completionHelp> + <list><client-name></list> + </completionHelp> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Local interface used for connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script> + </completionHelp> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>IP address/FQDN used for client connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + <list><hostname></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8"</command> + <children> + <tagNode name="address"> + <properties> + <help>IPv4/IPv6 address used by client</help> + <completionHelp> + <list><x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}"</command> + <children> + <tagNode name="address"> + <properties> + <help>IPv4/IPv6 address used by client</help> + <completionHelp> + <list><x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}" --address "${12}"</command> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + <leafNode name="key-pair"> + <properties> + <help>Generate Wireguard key pair for use with server or peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key "noname"</command> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/include/bgp/afi-common.xml.i b/op-mode-definitions/include/bgp/afi-common.xml.i index e48482282..7fc59f3b0 100644 --- a/op-mode-definitions/include/bgp/afi-common.xml.i +++ b/op-mode-definitions/include/bgp/afi-common.xml.i @@ -31,10 +31,25 @@ </properties> <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> </leafNode> -<leafNode name="summary"> +<node name="summary"> <properties> <help>Summary of BGP neighbor status</help> </properties> <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> -</leafNode> + <children> + <leafNode name="established"> + <properties> + <help>Show only sessions in Established state</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + </leafNode> + <leafNode name="failed"> + <properties> + <help>Show only sessions not in Established state</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + </leafNode> + </children> +</node> +#include <include/vtysh-generic-wide.xml.i> <!-- included end --> diff --git a/op-mode-definitions/include/vtysh-generic-wide.xml.i b/op-mode-definitions/include/vtysh-generic-wide.xml.i new file mode 100644 index 000000000..acc68b4c0 --- /dev/null +++ b/op-mode-definitions/include/vtysh-generic-wide.xml.i @@ -0,0 +1,8 @@ +<!-- included start from vtysh-generic-wide.xml.i --> +<leafNode name="wide"> + <properties> + <help>Increase table width for longer prefixes</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> +</leafNode> +<!-- included end --> diff --git a/op-mode-definitions/ipv4-route.xml.in b/op-mode-definitions/ipv4-route.xml.in index 1bda3ac11..aab3df0f1 100644 --- a/op-mode-definitions/ipv4-route.xml.in +++ b/op-mode-definitions/ipv4-route.xml.in @@ -43,7 +43,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>sudo /sbin/ip neigh flush to "$5"</command> + <command>sudo ip neigh flush to "$5"</command> </tagNode> <tagNode name="interface"> <properties> @@ -52,7 +52,7 @@ <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> </properties> - <command>sudo /sbin/ip neigh flush dev "$5"</command> + <command>sudo ip neigh flush dev "$5"</command> </tagNode> </children> </node> @@ -66,7 +66,7 @@ <properties> <help>Flush the kernel route cache</help> </properties> - <command>sudo /sbin/ip route flush cache</command> + <command>sudo ip route flush cache</command> </leafNode> <tagNode name="cache"> @@ -76,7 +76,7 @@ <list><x.x.x.x> <x.x.x.x/x></list> </completionHelp> </properties> - <command>sudo /sbin/ip route flush cache "$5"</command> + <command>sudo ip route flush cache "$5"</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/monitor-bandwidth-test.xml.in b/op-mode-definitions/monitor-bandwidth-test.xml.in index 5b36b1da5..965591280 100644 --- a/op-mode-definitions/monitor-bandwidth-test.xml.in +++ b/op-mode-definitions/monitor-bandwidth-test.xml.in @@ -7,21 +7,51 @@ <help>Initiate or wait for bandwidth test</help> </properties> <children> - <leafNode name="accept"> + <node name="accept"> <properties> <help>Wait for bandwidth test connections (port TCP/5001)</help> </properties> <command>/usr/bin/iperf -V -s</command> - </leafNode> - <tagNode name="initiate"> + <children> + <leafNode name="tcp"> + <properties> + <help>Wait for bandwidth test connections (port TCP/5001)</help> + </properties> + <command>/usr/bin/iperf -V -s</command> + </leafNode> + <leafNode name="udp"> + <properties> + <help>Wait for bandwidth test connections (port UDP/5001)</help> + </properties> + <command>/usr/bin/iperf -V -s -u</command> + </leafNode> + </children> + </node> + <node name="initiate"> <properties> - <help>Initiate a bandwidth test to specified host (port TCP/5001)</help> - <completionHelp> - <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> + <help>Initiate a bandwidth test to specified host</help> </properties> - <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$4"</command> - </tagNode> + <children> + <tagNode name="tcp"> + <properties> + <help>Initiate a bandwidth test to specified host (port TCP/5001)</help> + <completionHelp> + <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$5"</command> + </tagNode> + <tagNode name="udp"> + <properties> + <help>Initiate a bandwidth test to specified host (port UDP/5001)</help> + <completionHelp> + <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$5" "-u"</command> + </tagNode> + </children> + </node> </children> </node> </children> diff --git a/op-mode-definitions/monitor-bridge.xml.in b/op-mode-definitions/monitor-bridge.xml.in new file mode 100644 index 000000000..712a924f1 --- /dev/null +++ b/op-mode-definitions/monitor-bridge.xml.in @@ -0,0 +1,33 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="monitor"> + <children> + <node name="bridge"> + <properties> + <help>Monitoring bridge database generated objects and address changes</help> + </properties> + <command>sudo bridge monitor all</command> + <children> + <node name="link"> + <command>sudo bridge monitor link</command> + <properties> + <help>Monitoring bridge database generated connection interface changes</help> + </properties> + </node> + <node name="fdb"> + <command>sudo bridge monitor fdb</command> + <properties> + <help>Monitor the forwarding database changes generated by the bridge database</help> + </properties> + </node> + <node name="mdb"> + <command>sudo bridge monitor mdb</command> + <properties> + <help>Monitor the multicast database changes generated by the bridge database</help> + </properties> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/nhrp.xml.in b/op-mode-definitions/nhrp.xml.in new file mode 100644 index 000000000..9e746cc35 --- /dev/null +++ b/op-mode-definitions/nhrp.xml.in @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="reset"> + <children> + <node name="nhrp"> + <properties> + <help>Clear/Purge NHRP entries</help> + </properties> + <children> + <node name="flush"> + <properties> + <help>Clear all non-permanent entries</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Clear all non-permanent entries</help> + </properties> + <command>sudo opennhrpctl flush dev $5 || echo OpenNHRP is not running.</command> + </tagNode> + </children> + <command>sudo opennhrpctl flush || echo OpenNHRP is not running.</command> + </node> + <node name="purge"> + <properties> + <help>Purge entries from NHRP cache</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Purge all entries from NHRP cache</help> + </properties> + <command>sudo opennhrpctl purge dev $5 || echo OpenNHRP is not running.</command> + </tagNode> + </children> + <command>sudo opennhrpctl purge || echo OpenNHRP is not running.</command> + </node> + </children> + </node> + </children> + </node> + <node name="show"> + <children> + <node name="nhrp"> + <properties> + <help>Show NHRP info</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Show NHRP interface connection information</help> + </properties> + <command>if [ -f /var/run/opennhrp.pid ]; then sudo opennhrpctl interface show; else echo OpenNHRP is not running.; fi</command> + </leafNode> + <leafNode name="tunnel"> + <properties> + <help>Show NHRP tunnel connection information</help> + </properties> + <command>if [ -f /var/run/opennhrp.pid ]; then sudo opennhrpctl show ; else echo OpenNHRP is not running.; fi</command> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/openconnect.xml.in b/op-mode-definitions/openconnect.xml.in index 36f23239e..6b0082b4c 100644 --- a/op-mode-definitions/openconnect.xml.in +++ b/op-mode-definitions/openconnect.xml.in @@ -17,4 +17,14 @@ </node> </children> </node> + <node name="restart"> + <children> + <leafNode name="openconnect-server"> + <properties> + <help>Restart openconnect server process</help> + </properties> + <command>${vyos_op_scripts_dir}/openconnect-control.py --action="restart"</command> + </leafNode> + </children> + </node> </interfaceDefinition> diff --git a/op-mode-definitions/openvpn.xml.in b/op-mode-definitions/openvpn.xml.in index e9420904a..781fbdc9d 100644 --- a/op-mode-definitions/openvpn.xml.in +++ b/op-mode-definitions/openvpn.xml.in @@ -1,49 +1,5 @@ <?xml version="1.0"?> <interfaceDefinition> - <node name="generate"> - <children> - <node name="openvpn"> - <properties> - <help>OpenVPN key generation tool</help> - </properties> - <children> - <tagNode name="key"> - <properties> - <help>Generate shared-secret key with specified file name</help> - <completionHelp> - <list><filename></list> - </completionHelp> - </properties> - <command> - result=1; - key_path=$4 - full_path= - - if echo $key_path | egrep -ve '^/.*' > /dev/null; then - full_path=/config/auth/$key_path - else - full_path=$key_path - fi - - key_dir=`dirname $full_path` - if [ ! -d $key_dir ]; then - echo "Directory $key_dir does not exist!" - exit 1 - fi - - echo "Generating OpenVPN key to $full_path" - sudo /usr/sbin/openvpn --genkey --secret "$full_path" - result=$? - if [ $result = 0 ]; then - echo "Your new local OpenVPN key has been generated" - fi - /usr/libexec/vyos/validators/file-exists --directory /config/auth "$full_path" - </command> - </tagNode> - </children> - </node> - </children> - </node> <node name="reset"> <properties> <help>Reset a service</help> diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in new file mode 100644 index 000000000..a11814c8a --- /dev/null +++ b/op-mode-definitions/pki.xml.in @@ -0,0 +1,409 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="generate"> + <children> + <node name="pki"> + <properties> + <help>Generate PKI certificates and keys</help> + </properties> + <children> + <node name="ca"> + <properties> + <help>Generate CA certificate</help> + </properties> + <children> + <tagNode name="sign"> + <properties> + <help>Sign generated CA certificate with another specified CA certificate</help> + <completionHelp> + <path>pki ca</path> + </completionHelp> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated CA certificate into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated CA certificate into running configuration</help> + <completionHelp> + <list><certificate name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname" --sign "$5"</command> + </tagNode> + <tagNode name="file"> + <properties> + <help>Write generated CA certificate into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated CA certificate into running configuration</help> + <completionHelp> + <list><CA name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname"</command> + </node> + <node name="certificate"> + <properties> + <help>Generate certificate request</help> + </properties> + <children> + <node name="self-signed"> + <properties> + <help>Generate self-signed certificate</help> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated self-signed certificate into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated self-signed certificate into running configuration</help> + <completionHelp> + <list><certificate name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --self-sign</command> + </node> + <tagNode name="sign"> + <properties> + <help>Sign generated certificate with specified CA certificate</help> + <completionHelp> + <path>pki ca</path> + </completionHelp> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated signed certificate into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated signed certificate into running configuration</help> + <completionHelp> + <list><certificate name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --sign "$5"</command> + </tagNode> + <tagNode name="file"> + <properties> + <help>Write generated certificate request and key into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated certificate private key into running configuration</help> + <completionHelp> + <list><certificate name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname"</command> + </node> + <tagNode name="crl"> + <properties> + <help>Generate CRL for specified CA certificate</help> + <completionHelp> + <path>pki ca</path> + </completionHelp> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated CRL into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --file</command> + </tagNode> + <leafNode name="install"> + <properties> + <help>Commands for installing generated CRL into running configuration</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --install</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4"</command> + </tagNode> + <node name="dh"> + <properties> + <help>Generate DH parameters</help> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated DH parameters into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated DH parameters into running configuration</help> + <completionHelp> + <list><DH name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "noname"</command> + </node> + <node name="key-pair"> + <properties> + <help>Generate a key pair</help> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated key pair into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated key pair into running configuration</help> + <completionHelp> + <list><key name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "noname"</command> + </node> + <node name="openvpn"> + <properties> + <help>Generate OpenVPN keys</help> + </properties> + <children> + <node name="shared-secret"> + <properties> + <help>Generate OpenVPN shared secret key</help> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated OpenVPN shared secret key into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated OpenVPN shared secret key into running configuration</help> + <completionHelp> + <list><key name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "noname"</command> + </node> + </children> + </node> + <node name="ssh-key"> + <properties> + <help>Generate SSH key</help> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated SSH keys into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated SSH key into running configuration</help> + <completionHelp> + <list><key name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "noname"</command> + </node> + <node name="wireguard"> + <properties> + <help>Generate Wireguard keys</help> + </properties> + <children> + <node name="key-pair"> + <properties> + <help>Generate Wireguard key pair for use with server or peer</help> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated Wireguard keys into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key "$6" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated Wireguard key into running configuration</help> + <completionHelp> + <list><interface> <peer></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key "$6" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key "noname"</command> + </node> + <node name="pre-shared-key"> + <properties> + <help>Generate pre-shared key for use with a Wireguard peer</help> + </properties> + <children> + <tagNode name="file"> + <properties> + <help>Write generated Wireguard PSK into the specified filename</help> + <completionHelp> + <list><filename></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk "$6" --file</command> + </tagNode> + <tagNode name="install"> + <properties> + <help>Commands for installing generated Wireguard PSK on specified peer into running configuration</help> + <completionHelp> + <list><peer></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk "$6" --install</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk "noname"</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="show"> + <children> + <node name="pki"> + <properties> + <help>Show PKI certificates</help> + </properties> + <children> + <node name="ca"> + <properties> + <help>Show CA certificates</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Show CA certificate by name</help> + <completionHelp> + <path>pki ca</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$5"</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "all"</command> + </node> + <node name="certificate"> + <properties> + <help>Show certificates</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Show certificate by name</help> + <completionHelp> + <path>pki certificate</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$5"</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "all"</command> + </node> + <node name="crl"> + <properties> + <help>Show certificate revocation lists</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Show certificate revocation lists from specified CA</help> + <completionHelp> + <path>pki ca</path> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$5"</command> + </leafNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "all"</command> + </node> + </children> + <command>sudo ${vyos_op_scripts_dir}/pki.py --action show</command> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-arp.xml.in b/op-mode-definitions/show-arp.xml.in new file mode 100644 index 000000000..12e7d3aa2 --- /dev/null +++ b/op-mode-definitions/show-arp.xml.in @@ -0,0 +1,24 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="arp"> + <properties> + <help>Show Address Resolution Protocol (ARP) information</help> + </properties> + <command>/usr/sbin/arp -e -n</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -b</script> + </completionHelp> + </properties> + <command>/usr/sbin/arp -e -n -i "$4"</command> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-bgp.xml.in b/op-mode-definitions/show-bgp.xml.in index 36e7062df..c33a9dacf 100644 --- a/op-mode-definitions/show-bgp.xml.in +++ b/op-mode-definitions/show-bgp.xml.in @@ -8,7 +8,81 @@ </properties> <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> <children> + <node name="cidr-only"> + <properties> + <help>Display only routes with non-natural netmasks</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + <children> + #include <include/vtysh-generic-wide.xml.i> + </children> + </node> #include <include/bgp/show-bgp-common.xml.i> + <node name="mac"> + <properties> + <help>MAC address</help> + </properties> + <children> + <leafNode name="hash"> + <properties> + <help>MAC address database</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + </leafNode> + </children> + </node> + <node name="martian"> + <properties> + <help>martian next-hops</help> + </properties> + <children> + <leafNode name="next-hop"> + <properties> + <help>martian next-hop database</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + </leafNode> + </children> + </node> + <leafNode name="memory"> + <properties> + <help>Global BGP memory statistics</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + </leafNode> + <node name="nexthop"> + <properties> + <help>Show BGP nexthop table</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + <children> + #include <include/vtysh-generic-detail.xml.i> + </children> + </node> + <tagNode name="nexthop"> + <properties> + <help>IPv4/IPv6 nexthop address</help> + <completionHelp> + <list><x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + <children> + #include <include/vtysh-generic-detail.xml.i> + </children> + </tagNode> + <leafNode name="statistics"> + <properties> + <help>BGP RIB advertisement statistics</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + </leafNode> + <leafNode name="statistics-all"> + <properties> + <help>Display number of prefixes for all afi/safi</help> + </properties> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> + </leafNode> <leafNode name="vrf"> <properties> <help>Show BGP VRF information</help> @@ -28,6 +102,7 @@ #include <include/bgp/show-bgp-common.xml.i> </children> </tagNode> + #include <include/vtysh-generic-wide.xml.i> </children> </node> </children> diff --git a/op-mode-definitions/show-bridge.xml.in b/op-mode-definitions/show-bridge.xml.in index 78c350e44..0f8d3064d 100644 --- a/op-mode-definitions/show-bridge.xml.in +++ b/op-mode-definitions/show-bridge.xml.in @@ -2,11 +2,24 @@ <interfaceDefinition> <node name="show"> <children> + <node name="bridge"> + <properties> + <help>Show bridging information</help> + </properties> + <children> + <leafNode name="vlan"> + <properties> + <help>View the VLAN filter settings of the bridge</help> + </properties> + <command>bridge -c vlan show</command> + </leafNode> + </children> + </node> <leafNode name="bridge"> <properties> <help>Show bridging information</help> </properties> - <command>/sbin/brctl show</command> + <command>bridge -c link show</command> </leafNode> <tagNode name="bridge"> <properties> @@ -15,25 +28,19 @@ <script>${vyos_completion_dir}/list_interfaces.py --type bridge</script> </completionHelp> </properties> - <command>/sbin/brctl show $3</command> + <command>bridge -c link show | grep "master $3"</command> <children> - <leafNode name="macs"> - <properties> - <help>Show bridge Media Access Control (MAC) address table</help> - </properties> - <command>/sbin/brctl showmacs $3</command> - </leafNode> - <leafNode name="spanning-tree"> + <leafNode name="mdb"> <properties> - <help>Show bridge spanning tree information</help> + <help>Displays the multicast group database for the bridge</help> </properties> - <command>/sbin/brctl showstp $3</command> + <command>bridge -c mdb show dev $3</command> </leafNode> <leafNode name="fdb"> <properties> <help>Show the forwarding database of the bridge</help> </properties> - <command>/usr/sbin/bridge -c fdb show br $3</command> + <command>bridge -c fdb show br $3</command> </leafNode> </children> </tagNode> diff --git a/op-mode-definitions/show-console-server.xml.in b/op-mode-definitions/show-console-server.xml.in index 77a7f3376..253d15498 100644 --- a/op-mode-definitions/show-console-server.xml.in +++ b/op-mode-definitions/show-console-server.xml.in @@ -8,7 +8,7 @@ <properties> <help>Show log for serial console server</help> </properties> - <command>/usr/bin/journalctl -u conserver-server.service</command> + <command>/usr/bin/journalctl --unit conserver-server.service</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/show-hardware.xml.in b/op-mode-definitions/show-hardware.xml.in index 0df2e4404..20fdd753d 100644 --- a/op-mode-definitions/show-hardware.xml.in +++ b/op-mode-definitions/show-hardware.xml.in @@ -53,18 +53,40 @@ </node> </children> </node> - <node name="scsi"> + <node name="storage"> <properties> - <help>Show SCSI device information</help> + <help>Show system storage information</help> </properties> - <command>lsscsi</command> <children> - <node name="detail"> + <leafNode name="nvme"> + <properties> + <help>Show NVMe device information</help> + </properties> + <command>sudo nvme list</command> + </leafNode> + <node name="scsi"> <properties> - <help>Show detailed SCSI device information</help> + <help>Show SCSI device information</help> </properties> - <command>lsscsi -vvv</command> + <command>lsscsi</command> + <children> + <node name="detail"> + <properties> + <help>Show detailed SCSI device information</help> + </properties> + <command>lsscsi -vvv</command> + </node> + </children> </node> + <tagNode name="smart"> + <properties> + <help>Show S.M.A.R.T. device information</help> + <completionHelp> + <script>ls /dev | egrep '([hsv]d[a-z]|nvme[0-9]+n[0-9])$'</script> + </completionHelp> + </properties> + <command>sudo smartctl -a "/dev/$5" | sed 1,3d</command> + </tagNode> </children> </node> <node name="usb"> diff --git a/op-mode-definitions/show-interfaces-bonding.xml.in b/op-mode-definitions/show-interfaces-bonding.xml.in index f6d9b3508..08ce78296 100644 --- a/op-mode-definitions/show-interfaces-bonding.xml.in +++ b/op-mode-definitions/show-interfaces-bonding.xml.in @@ -25,6 +25,12 @@ </properties> <command>if [ -f "/proc/net/bonding/$4" ]; then cat "/proc/net/bonding/$4"; else echo "Interface $4 does not exist!"; fi</command> </leafNode> + <leafNode name="slaves"> + <properties> + <help>Show specified bonding interface information</help> + </properties> + <command>${vyos_op_scripts_dir}/show-bond.py --interface "$4"</command> + </leafNode> <tagNode name="vif"> <properties> <help>Show specified virtual network interface (vif) information</help> @@ -62,6 +68,12 @@ </properties> <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=bonding --action=show</command> </leafNode> + <leafNode name="slaves"> + <properties> + <help>Show specified bonding interface information</help> + </properties> + <command>${vyos_op_scripts_dir}/show-bond.py --slaves</command> + </leafNode> </children> </node> </children> diff --git a/op-mode-definitions/show-interfaces-bridge.xml.in b/op-mode-definitions/show-interfaces-bridge.xml.in index cc4b248b6..85fde95b5 100644 --- a/op-mode-definitions/show-interfaces-bridge.xml.in +++ b/op-mode-definitions/show-interfaces-bridge.xml.in @@ -33,12 +33,6 @@ </properties> <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=bridge --action=show</command> </leafNode> - <leafNode name="vlan"> - <properties> - <help>View the VLAN filter settings of the bridge</help> - </properties> - <command>/usr/sbin/bridge -c vlan show</command> - </leafNode> </children> </node> </children> diff --git a/op-mode-definitions/show-interfaces-macsec.xml.in b/op-mode-definitions/show-interfaces-macsec.xml.in index 6aeab66af..a264ff22e 100644 --- a/op-mode-definitions/show-interfaces-macsec.xml.in +++ b/op-mode-definitions/show-interfaces-macsec.xml.in @@ -11,7 +11,7 @@ <path>interfaces macsec</path> </completionHelp> </properties> - <command>/usr/sbin/ip macsec show</command> + <command>ip macsec show</command> </node> <tagNode name="macsec"> <properties> @@ -20,7 +20,7 @@ <path>interfaces macsec</path> </completionHelp> </properties> - <command>/usr/sbin/ip macsec show $4</command> + <command>ip macsec show $4</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/show-interfaces-pppoe.xml.in b/op-mode-definitions/show-interfaces-pppoe.xml.in index 393ca912f..18697a275 100644 --- a/op-mode-definitions/show-interfaces-pppoe.xml.in +++ b/op-mode-definitions/show-interfaces-pppoe.xml.in @@ -17,7 +17,7 @@ <properties> <help>Show specified PPPoE interface log</help> </properties> - <command>/usr/bin/journalctl -u "ppp@$4".service</command> + <command>/usr/bin/journalctl --unit "ppp@$4".service</command> </leafNode> <leafNode name="statistics"> <properties> diff --git a/op-mode-definitions/show-interfaces-wireguard.xml.in b/op-mode-definitions/show-interfaces-wireguard.xml.in new file mode 100644 index 000000000..863357ef7 --- /dev/null +++ b/op-mode-definitions/show-interfaces-wireguard.xml.in @@ -0,0 +1,66 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="interfaces"> + <children> + <tagNode name="wireguard"> + <properties> + <help>Show Wireguard interface information</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/show_interfaces.py --intf="$4"</command> + <children> + <leafNode name="allowed-ips"> + <properties> + <help>Show all IP addresses allowed for the specified interface</help> + </properties> + <command>sudo wg show "$4" allowed-ips</command> + </leafNode> + <leafNode name="endpoints"> + <properties> + <help>Show all endpoints for the specified interface</help> + </properties> + <command>sudo wg show "$4" endpoints</command> + </leafNode> + <leafNode name="peers"> + <properties> + <help>Show all peer IDs for the specified interface</help> + </properties> + <command>sudo wg show "$4" peers</command> + </leafNode> + <leafNode name="public-key"> + <properties> + <help>Show interface public-key</help> + </properties> + <command>sudo wg show "$4" public-key</command> + </leafNode> + <leafNode name="summary"> + <properties> + <help>Shows current configuration and device information</help> + </properties> + <command>sudo wg show "$4"</command> + </leafNode> + </children> + </tagNode> + <node name="wireguard"> + <properties> + <help>Show Wireguard interface information</help> + </properties> + <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wireguard --action=show-brief</command> + <children> + <leafNode name="detail"> + <properties> + <help>Show detailed Wireguard interface information</help> + </properties> + <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wireguard --action=show</command> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-interfaces-wirelessmodem.xml.in b/op-mode-definitions/show-interfaces-wirelessmodem.xml.in deleted file mode 100644 index c0ab9c66f..000000000 --- a/op-mode-definitions/show-interfaces-wirelessmodem.xml.in +++ /dev/null @@ -1,51 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="show"> - <children> - <node name="interfaces"> - <children> - <tagNode name="wirelessmodem"> - <properties> - <help>Show Wireless Modem (WWAN) interface information</help> - <completionHelp> - <path>interfaces wirelessmodem</path> - </completionHelp> - </properties> - <command>${vyos_op_scripts_dir}/show_interfaces.py --intf="$4"</command> - <children> - <leafNode name="log"> - <properties> - <help>Show specified WWAN interface log</help> - </properties> - <command>/usr/bin/journalctl -u "ppp@$4".service</command> - </leafNode> - <leafNode name="statistics"> - <properties> - <help>Show specified WWAN interface statistics</help> - <completionHelp> - <path>interfaces wirelessmodem</path> - </completionHelp> - </properties> - <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command> - </leafNode> - </children> - </tagNode> - <node name="wirelessmodem"> - <properties> - <help>Show Wireless Modem (WWAN) interface information</help> - </properties> - <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wirelessmodem --action=show-brief</command> - <children> - <leafNode name="detail"> - <properties> - <help>Show detailed Wireless Modem (WWAN( interface information</help> - </properties> - <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wirelessmodem --action=show</command> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/op-mode-definitions/show-interfaces-wwan.xml.in b/op-mode-definitions/show-interfaces-wwan.xml.in new file mode 100644 index 000000000..d57e17a13 --- /dev/null +++ b/op-mode-definitions/show-interfaces-wwan.xml.in @@ -0,0 +1,103 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="interfaces"> + <children> + <tagNode name="wwan"> + <properties> + <help>Show Wireless Wire Area Network (WWAN) interface information</help> + <completionHelp> + <path>interfaces wwan</path> + <script>cd /sys/class/net; ls -d wwan*</script> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/show_interfaces.py --intf="$4"</command> + <children> + <leafNode name="capabilities"> + <properties> + <help>Show WWAN module capabilities</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --capabilities</command> + </leafNode> + <leafNode name="firmware"> + <properties> + <help>Show WWAN module firmware</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --firmware</command> + </leafNode> + <leafNode name="imei"> + <properties> + <help>Show WWAN module IMEI/ESN/MEID</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --imei</command> + </leafNode> + <leafNode name="imsi"> + <properties> + <help>Show WWAN module IMSI</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --imsi</command> + </leafNode> + <leafNode name="model"> + <properties> + <help>Show WWAN module manufacturer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --model</command> + </leafNode> + <leafNode name="msisdn"> + <properties> + <help>Show WWAN module MSISDN</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --msisdn</command> + </leafNode> + <leafNode name="revision"> + <properties> + <help>Show WWAN module revision</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --revision</command> + </leafNode> + <leafNode name="signal"> + <properties> + <help>Show WWAN module RF signal info</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --signal</command> + </leafNode> + <leafNode name="sim"> + <properties> + <help>Show WWAN module connected SIM card information</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/show_wwan.py --interface=$4 --sim</command> + </leafNode> + <leafNode name="summary"> + <properties> + <help>Show WWAN module information summary</help> + </properties> + <command>mmcli --modem ${4#wwan}</command> + </leafNode> + <leafNode name="log"> + <properties> + <help>Show interface log for specified interface</help> + </properties> + <command>echo not implemented</command> + </leafNode> + </children> + </tagNode> + <node name="wwan"> + <properties> + <help>Show Wireless Modem (WWAN) interface information</help> + </properties> + <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wirelessmodem --action=show-brief</command> + <children> + <leafNode name="detail"> + <properties> + <help>Show detailed Wireless Modem (WWAN( interface information</help> + </properties> + <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wirelessmodem --action=show</command> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index 58216bfd1..92c1cf016 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -18,7 +18,7 @@ <properties> <help>Show listing of authorization attempts</help> </properties> - <command>/bin/journalctl -q SYSLOG_FACILITY=10 SYSLOG_FACILITY=4</command> + <command>/bin/journalctl --quiet SYSLOG_FACILITY=10 SYSLOG_FACILITY=4</command> </leafNode> <leafNode name="cluster"> <properties> @@ -123,6 +123,12 @@ </tagNode> </children> </tagNode> + <leafNode name="kernel"> + <properties> + <help>Show messages in kernel ring buffer</help> + </properties> + <command>sudo dmesg</command> + </leafNode> <leafNode name="lldp"> <properties> <help>Show log for LLDP</help> diff --git a/op-mode-definitions/show-protocols-static.xml.in b/op-mode-definitions/show-protocols-static.xml.in deleted file mode 100644 index aaf875072..000000000 --- a/op-mode-definitions/show-protocols-static.xml.in +++ /dev/null @@ -1,49 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="show"> - <children> - <node name="arp"> - <properties> - <help>Show Address Resolution Protocol (ARP) information</help> - </properties> - <command>/usr/sbin/arp -e -n</command> - <children> - <tagNode name="interface"> - <properties> - <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py -b</script> - </completionHelp> - </properties> - <command>/usr/sbin/arp -e -n -i "$4"</command> - </tagNode> - </children> - </node> - <node name="protocols"> - <children> - <node name="static"> - <children> - <node name="arp"> - <properties> - <help>Show Address Resolution Protocol (ARP) information</help> - </properties> - <command>/usr/sbin/arp -e -n</command> - <children> - <tagNode name="interface"> - <properties> - <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py -b</script> - </completionHelp> - </properties> - <command>/usr/sbin/arp -e -n -i "$6"</command> - </tagNode> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/op-mode-definitions/show-protocols-bfd.xml.in b/op-mode-definitions/show-protocols.xml.in index 886b01e51..d595e2c3c 100644 --- a/op-mode-definitions/show-protocols-bfd.xml.in +++ b/op-mode-definitions/show-protocols.xml.in @@ -8,6 +8,9 @@ </properties> <children> <node name="bfd"> + <properties> + <help>Show Bidirectional Forwarding Detection (BFD)</help> + </properties> <children> <node name="peer"> <properties> @@ -48,6 +51,30 @@ </leafNode> </children> </node> + <node name="static"> + <properties> + <help>Show static protocol parameters</help> + </properties> + <children> + <node name="arp"> + <properties> + <help>Show Address Resolution Protocol (ARP) information</help> + </properties> + <command>/usr/sbin/arp -e -n</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -b</script> + </completionHelp> + </properties> + <command>/usr/sbin/arp -e -n -i "$6"</command> + </tagNode> + </children> + </node> + </children> + </node> </children> </node> </children> diff --git a/op-mode-definitions/show-version.xml.in b/op-mode-definitions/show-version.xml.in index 6bc49b8cf..8b7cc7e58 100644 --- a/op-mode-definitions/show-version.xml.in +++ b/op-mode-definitions/show-version.xml.in @@ -26,6 +26,12 @@ </properties> <command>vtysh -c "show version"</command> </leafNode> + <leafNode name="kernel"> + <properties> + <help>Show Linux Kernel version information</help> + </properties> + <command>uname -r</command> + </leafNode> </children> </node> </children> diff --git a/op-mode-definitions/show-vrf.xml.in b/op-mode-definitions/show-vrf.xml.in index 438e7c334..9c38c30fe 100644 --- a/op-mode-definitions/show-vrf.xml.in +++ b/op-mode-definitions/show-vrf.xml.in @@ -21,7 +21,7 @@ <properties> <help>Shows all process ids associated with VRF</help> </properties> - <command>/usr/sbin/ip vrf pids "$3"</command> + <command>ip vrf pids "$3"</command> </leafNode> </children> </tagNode> diff --git a/op-mode-definitions/traceroute.xml.in b/op-mode-definitions/traceroute.xml.in index 1b619ed43..e3217235c 100644 --- a/op-mode-definitions/traceroute.xml.in +++ b/op-mode-definitions/traceroute.xml.in @@ -90,7 +90,7 @@ <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute "$4"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute "$4"</command> </tagNode> <tagNode name="ipv4"> <properties> @@ -99,13 +99,13 @@ <list><hostname> <x.x.x.x></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command> <children> <node name="tcp"> <properties> <help>Route tracing and port detection using TCP</help> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command> <children> <tagNode name="port"> <properties> @@ -114,7 +114,7 @@ <list>0-65535</list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command> </tagNode> </children> </node> @@ -127,13 +127,13 @@ <list><hostname> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command> <children> <node name="tcp"> <properties> <help>Use TCP/IPv6 packets to perform a traceroute</help> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command> <children> <tagNode name="port"> <properties> @@ -142,7 +142,7 @@ <list>0-65535</list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command> </tagNode> </children> </node> @@ -198,7 +198,7 @@ <list><fqdn></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command> </tagNode> <tagNode name="ipv6"> <properties> @@ -207,7 +207,7 @@ <list><fqdn></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command> </tagNode> <tagNode name=""> <properties> @@ -216,7 +216,7 @@ <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr "$5"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr "$5"</command> </tagNode> </children> </tagNode> diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in new file mode 100644 index 000000000..20f275e9b --- /dev/null +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -0,0 +1,201 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="reset"> + <children> + <node name="vpn"> + <properties> + <help>Reset Virtual Private Network (VPN) information</help> + </properties> + <children> + <tagNode name="ipsec-peer"> + <properties> + <help>Reset all tunnels for given peer</help> + <completionHelp> + <path>vpn ipsec site-to-site peer</path> + </completionHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Reset a specific tunnel for given peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="$6"</command> + </tagNode> + <node name="vti"> + <properties> + <help>Reset the VTI tunnel for given peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="vti"</command> + </node> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="all"</command> + </tagNode> + <tagNode name="ipsec-profile"> + <properties> + <help>Reset all tunnels for given DMVPN profile</help> + <completionHelp> + <path>vpn ipsec profile</path> + </completionHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Reset a specific tunnel for given DMVPN profile</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"</command> + </tagNode> + </children> + </node> + </children> + </node> + <node name="restart"> + <children> + <node name="vpn"> + <properties> + <help>Restart IPSec VPN</help> + </properties> + <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + </node> + <node name="show"> + <children> + <node name="vpn"> + <properties> + <help>Show Virtual Private Network (VPN) information</help> + </properties> + <children> + <node name="debug"> + <properties> + <help>Show VPN debugging information</help> + </properties> + <children> + <tagNode name="peer"> + <properties> + <help>Show debugging information for a peer</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Show debug information for peer tunnel</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all"</command> + </node> + <node name="ike"> + <properties> + <help>Show Internet Key Exchange (IKE) information</help> + </properties> + <children> + <node name="sa"> + <properties> + <help>Show all currently active IKE Security Associations (SA)</help> + </properties> + <children> + <node name="nat-traversal"> + <properties> + <help>Show all currently active IKE Security Associations (SA) that are using NAT Traversal</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes"</command> + </node> + <tagNode name="peer"> + <properties> + <help>Show all currently active IKE Security Associations (SA) for a peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py</command> + </node> + <node name="secrets"> + <properties> + <help>Show all the pre-shared key secrets</help> + </properties> + <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command> + </node> + <node name="status"> + <properties> + <help>Show summary of IKE process information</help> + </properties> + <command>if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi</command> + </node> + </children> + </node> + <node name="ipsec"> + <properties> + <help>Show Internet Protocol Security (IPSec) information</help> + </properties> + <children> + <node name="policy"> + <properties> + <help>Show the in-kernel crypto policies</help> + </properties> + <command>sudo ip xfrm policy list</command> + </node> + <node name="sa"> + <properties> + <help>Show all active IPSec Security Associations (SA)</help> + </properties> + <children> + <!-- + <node name="detail"> + <properties> + <help>Show Detail on all active IPSec Security Associations (SA)</help> + </properties> + <command></command> + </node> + <tagNode name="stats"> + <properties> + <help>Show statistics for all currently active IPSec Security Associations (SA)</help> + <valueHelp> + <format>txt</format> + <description>Show Statistics for SAs associated with a specific peer</description> + </valueHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Show Statistics for SAs associated with a specific peer</help> + </properties> + <command></command> + </tagNode> + </children> + <command></command> + </tagNode> + --> + <node name="verbose"> + <properties> + <help>Show Verbose Detail on all active IPSec Security Associations (SA)</help> + </properties> + <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + <command>if pgrep charon >/dev/null ; then sudo /usr/libexec/vyos/op_mode/show_ipsec_sa.py ; else echo "IPSec process not running" ; fi</command> + </node> + <node name="state"> + <properties> + <help>Show the in-kernel crypto state</help> + </properties> + <command>sudo ip xfrm state list</command> + </node> + <node name="status"> + <properties> + <help>Show status of IPSec process</help> + </properties> + <command>if pgrep charon >/dev/null ; then echo -e "IPSec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/wireguard.xml.in b/op-mode-definitions/wireguard.xml.in deleted file mode 100644 index 0df838b50..000000000 --- a/op-mode-definitions/wireguard.xml.in +++ /dev/null @@ -1,189 +0,0 @@ -<?xml version="1.0"?> -<!-- Wireguard key management --> -<interfaceDefinition> - <node name="generate"> - <children> - <node name="wireguard"> - <properties> - <help>Generate Wireguard keys</help> - </properties> - <children> - <leafNode name="default-keypair"> - <properties> - <help>Generate the default Wireguard keypair</help> - </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard.py --genkey</command> - </leafNode> - <leafNode name="preshared-key"> - <properties> - <help>Generate a Wireguard preshared key</help> - </properties> - <command>${vyos_op_scripts_dir}/wireguard.py --genpsk</command> - </leafNode> - <tagNode name="named-keypairs"> - <properties> - <help>Generate specified Wireguard keypairs</help> - </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard.py --genkey --location "$4"</command> - </tagNode> - <tagNode name="client-config"> - <properties> - <help>Generate Client config QR code</help> - <completionHelp> - <list><client-name></list> - </completionHelp> - </properties> - <children> - <tagNode name="interface"> - <properties> - <help>Local interface used for connection</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script> - </completionHelp> - </properties> - <children> - <tagNode name="server"> - <properties> - <help>IP address/FQDN used for client connection</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - <list><hostname></list> - </completionHelp> - </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8"</command> - <children> - <tagNode name="address"> - <properties> - <help>IPv4/IPv6 address used by client</help> - <completionHelp> - <list><x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}"</command> - <children> - <tagNode name="address"> - <properties> - <help>IPv4/IPv6 address used by client</help> - <completionHelp> - <list><x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> - </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}" --address "${12}"</command> - </tagNode> - </children> - </tagNode> - </children> - </tagNode> - </children> - </tagNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> - <node name="show"> - <children> - <node name="wireguard"> - <properties> - <help>Show Wireguard properties</help> - </properties> - <children> - <node name="keypairs"> - <properties> - <help>Show Wireguard keys</help> - </properties> - <children> - <tagNode name="pubkey"> - <properties> - <help>Show specified Wireguard public key</help> - <completionHelp> - <script>${vyos_op_scripts_dir}/wireguard.py --listkdir</script> - </completionHelp> - </properties> - <command>${vyos_op_scripts_dir}/wireguard.py --showpub --location "$5"</command> - </tagNode> - <tagNode name="privkey"> - <properties> - <help>Show specified Wireguard private key</help> - <completionHelp> - <script>${vyos_op_scripts_dir}/wireguard.py --listkdir</script> - </completionHelp> - </properties> - <command>${vyos_op_scripts_dir}/wireguard.py --showpriv --location "$5"</command> - </tagNode> - </children> - </node> - </children> - </node> - <node name="interfaces"> - <children> - <tagNode name="wireguard"> - <properties> - <help>Show Wireguard interface information</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script> - </completionHelp> - </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard.py --showinterface "$4"</command> - <children> - <leafNode name="allowed-ips"> - <properties> - <help>Show all IP addresses allowed for the specified interface</help> - </properties> - <command>sudo wg show "$4" allowed-ips</command> - </leafNode> - <leafNode name="endpoints"> - <properties> - <help>Show all endpoints for the specified interface</help> - </properties> - <command>sudo wg show "$4" endpoints</command> - </leafNode> - <leafNode name="peers"> - <properties> - <help>Show all peer IDs for the specified interface</help> - </properties> - <command>sudo wg show "$4" peers</command> - </leafNode> - <!-- more commands upon request --> - </children> - </tagNode> - <node name="wireguard"> - <properties> - <help>Show Wireguard interface information</help> - </properties> - <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wireguard --action=show-brief</command> - <children> - <leafNode name="detail"> - <properties> - <help>Show detailed Wireguard interface information</help> - </properties> - <command>${vyos_op_scripts_dir}/show_interfaces.py --intf-type=wireguard --action=show</command> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> - <node name="delete"> - <children> - <node name="wireguard"> - <properties> - <help>Delete Wireguard properties</help> - </properties> - <children> - <tagNode name="keypair"> - <properties> - <help>Delete a Wireguard keypair</help> - <completionHelp> - <script>${vyos_op_scripts_dir}/wireguard.py --listkdir</script> - </completionHelp> - </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard.py --delkdir --location "$4"</command> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> |