| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
vyos@vyos# run generate pki wireguard key-pair install interface wg10
"generate" CLI command executed from config session.
Generated private-key was imported to CLI!
Use the following command to verify: show interfaces wireguard wg10
Corresponding public-key to use on peer system is: 'hGaWcoG7f+5sPAUY/MNQH1JFhsYdsGTecYA9S2J8xGs='
vyos@vyos# run generate pki wireguard preshared-key install interface wg10 peer vyos
"generate" CLI command executed from config session.
Generated preshared-key was imported to CLI!
Use the following command to verify: show interfaces wireguard wg10
vyos@vyos# show interfaces wireguard wg10
+peer vyos {
+ preshared-key OwTALZy8w6VIBMxUwbOv6Ys7QMyhrtY4aw+0cUjmmCw=
+}
+private-key 0Pu95CejvCUCCwrTW39TCYnitESWAdIIFTVJb7UgxVU=
[edit]
|
|
|
|
squid: squidguard: T3810: Fix template for sourcre-group and rule
|
|
Modify template for squid
Replace old directives to actual
|
|
|
|
|
|
|
|
(cherry picked from commit 3037661951d0e5d1f6264f886781b7ddc019329e)
|
|
states
Turns out an AX88179 USB 3.0 NIC does not support reading back the speed and
duplex settings in every operating state. While the NIC is beeing
initialized, reading the speed setting will return:
$ cat /sys/class/net/eth6/speed
cat: /sys/class/net/eth6/speed: Invalid argument
Thus if this happens, we simply tell the system that the current NIC speed
matches the requested speed and nothing is changed at this point in time.
(cherry picked from commit e2b7e1766cc22c5cd718a5001be6336bdca92eec)
|
|
Move the two implementations to get the driver name of a NIC from ethernet.py
and ethtool.py to only ethtool.py.
(cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7)
|
|
(cherry picked from commit 1572edd2cef355710d1129907d3e49451a6c31d4)
|
|
|
|
|
|
|
|
In order to alter rpki configuration we must also process the route-map nodes
with/for bgpd.
|
|
|
|
This change is required and currently only impacts WireGuards peer configuration,
so that the peers name is not mangled.
|
|
Add support for OpenVPN client mode with only the CA certificate of the server
installed.
|
|
|
|
|
|
|
|
process_node() processes the XML tree in a fixed order, "node" before "tagNode"
before "leafNode". If the generator created a "node.def" file, it can no longer
be overwritten - else we would have some stale "node.def" files with an empty
help string (T2555). Without the fixed order this would resulted in a case
where we get a node and a tagNode with the same name, e.g. "show interfaces
ethernet" and "show interfaces ethernet eth0" that the node implementation
was not callable from the CLI, rendering this command useless (T3807).
This can be fixed by forcing the "node", "tagNode", "leafNode" order by sorting
the input XML file automatically (sorting from https://stackoverflow.com/a/46128043)
thus adding no additional overhead to the user.
|
|
|
|
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
|
|
https: T2230: only support TLS1.2 and TLS1.3
|
|
|
|
data = {
'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}},
'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'],
'description': 'Test123',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:01',
'speed': 'auto'},
'eth1': {'address': ['192.0.2.9/29'],
'description': 'Test456',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:02',
'speed': 'auto'}}}
}
dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and
'00:00:00:00:00:02' as generator object.
|
|
implementations
|
|
|
|
|
|
message
|
|
T3804 changed how DHCP servers from DHCP interfaces are read in and passed to
the system. The config migrator is tested with this addition.
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
(cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7)
|
|
VyOS 1.3 equuleus now uses version 21 so we have to bump this by one.
|
|
T3803: add source-address option to the op mode ping CLI.
|
|
|
|
Commit 27e53fbc ("op-mode: T3619: bugfix "show interfaces" for VLANs") fixed
the op-mode command for the "show interfaces" operation, but if a user was
interested in all the ethernet or bridge interfaces, the command "show
interfaces <type> detail" did not yield any output.
The filtered_interfaces() function was further generalized to only operate on
base components and call itself recusively if required.
|
|
Commit 31169fa8a7 ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") always instantiated an object of the Ethtool class for an
ethernet object - this is right as a real ethernet interface is managed by
Ethtool.
Unfortunately the script used for "show interface" determindes the "base class"
for an interface by its name, so eth0 -> Ethernet, eth0.10 -> Ethernet. This
assumption is incorrect as a VLAN interface can not have the physical parameters
changed of its underlaying interface. This can only be done for eth0.
There is no need for the op-mode script to determine the implementation class
for an interface at this level, as we are only interested in the state of the
interface and it's IP addresses - which is a common operation valid for every
interface on VyOS.
|
|
|
|
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as")
added support for a new CLI option when the local-as is changed for a specified
neighbor or peer-group.
There was an error in the CLI / design as the "replace-as" option can only be
used when "no-prepend" is defined. Thus "no-prepend" became a <node> and
the new "replace-as" leafNode is now a child of "no-prepend".
|
|
login: T971 allow quoting in public-keys options
|
|
This patch allows the use of `"` in ssh public-key options which
unlocks the ability to set the `from` option in a way that sshd will
accept to limit what hosts a user can connect from.
|
|
|
|
tunnel: T3788: Add check keys for ipip and sit
|
|
Keys are not allowed with ipip and sit tunnels
|
|
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius:
T3192: migrate to get_config_dict()") the user-name was not excluded
from mangling (no_tag_node_value_mangle=True).
This resulted in a username "vyos-user" from CLI to be actually created as
"vyos_user" on the system.
This commit also adds respective Smoketests to prevent this in the future.
|
