summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-10-05Merge pull request #562 from lucasec/dhcpv6-statelessChristian Poessinger
dhcpv6: T2961: support stateless dhcpv6 clients
2020-10-05nat: T2951: use proper comments for source/destination loggingChristian Poessinger
For both source and destination NAT always the LOG name contained DST - which is definately false. This has been corrected to use SRC and DST on the appropriate rules.
2020-10-04dhcpv6: T2961: support stateless dhcpv6 clientsLucas Christian
This commit adds support for configuring the DHCPv6 server to serve "stateless" DHCPv6 clients (those that send an information-request message and do not request an address). The change introduces a `common-options` node at the `shared-network-name` level, which allows specifying options applicable to clients regardless of subnet assigned (or in the case of stateless clients, when no subnet is assigned). Parameters specified at the subnet level take precedence over those set at the shared-network level. Presently, only parameters that are meaningful to stateless clients have been exposed under `common-options`, as there is no precedent of exposing parameters at multiple levels under the current DHCPv4 or DHCPv6 configuration syntax. If desired, additional parameters could certainly be added with relative ease.
2020-10-04smoketest: ntp: T2944: fix "allowed-networks statement" testChristian Poessinger
Remove duplicate localhost listen IP addresses. Commit ca61add5e7 ("ntp: T2944: By default do not listen port 123 on any address") explicitly added listen statements for localhost.
2020-10-04sstp: T2960: migrate to get_config_dict() and reusable templatesChristian Poessinger
2020-10-04pppoe-server: T2953: prepare common chap-secrets fileChristian Poessinger
2020-10-04pppoe-server: T2829: shift config migrators by oneChristian Poessinger
As VyOS vrux (1.2.7) requires a mirgator (1-to-2) for the MPPE node change (T2829) we need to shift all other migrators in 1.3 by one. As migrators probe the existance of nodes no negative side-effects are expected.
2020-10-04pppoe-server: migrators: fix python styleChristian Poessinger
2020-10-04pppoe-server: T2829: fix broken migration script (exit called)Christian Poessinger
A test statement was still present in the production code introduced in commit efeac80f8 ("pppoe-server: T2829: migrate 'ppp-options mppe' to leafNode"). This has been fixed.
2020-10-04l2tp: pptp: pppoe-server: T2953: use common Accel-PPP MTU include fileChristian Poessinger
2020-10-04l2tp: pptp: sstp: pppoe-server: T2953: use common include for client-ip-poolChristian Poessinger
2020-10-04pppoe-server: T2953: rename CLI local-ip to gateway-addressChristian Poessinger
Required to get a common CLI for all services provided by Accel-PPP. Once the CLI for each service is consitent - Jinja2 templates can be reused together with get_config_dict().
2020-10-04xml: include: add comment about source filename to every include snippetChristian Poessinger
2020-10-04sstp: T2953: migrate gateway-address, client-ip-settings to common levelChristian Poessinger
* move "network-settings gateway-address" to "gateway-address" * move "network-settings client-ip-settings" to "client-ip-pool"
2020-10-03sstp: T2953: migrate mtu to common levelChristian Poessinger
Preparation before using get_config_dict() and common Jinja2 templates.
2020-10-03smoketest: sstp: pppoe: use common RADIUS testsChristian Poessinger
2020-10-03vpn: sstp: T2008: set DA/CoA default port 1700Christian Poessinger
2020-10-03smoketest: sstp: add basic testsChristian Poessinger
2020-10-03sstp: T2953: migrate name-server settions to common levelChristian Poessinger
In order to reuse as much as possible before migrationg to get_config_dict() and re-use Jinja2 snippets the name-server node must be moved one level up to 'set vpn sstp name-server'.
2020-10-03openvpn: T2957: fix path to openvpn status fileChristian Poessinger
2020-10-03openvpn: T2957: Marcus Hoff
Status file directory for show command was wrong, resulting in no output. Now points to '/var/run/openvpn/{}.status'
2020-10-03smoketest: accel-ppp: prepare common base for multiple accel instance testsChristian Poessinger
2020-10-03pppoe-server: T2936: three IPv6 name-servers are supportedChristian Poessinger
2020-10-03pppoe-server: T2936: move v4/v6 nameserver lists out of for loopChristian Poessinger
2020-10-03Merge remote-tracking branch 'upstream/current' into currentMarcus Hoff
2020-10-03pppoe-server: T2956: make use of defaultValue list featureChristian Poessinger
2020-10-03vyos.xml: T2956: add support for list of defaultValuesChristian Poessinger
Sometimes (PPPoE server is one of them) a simple defaultValue in the XML is not enough - several values should be set. In order to support a list of defaultValues you can now simply list them as a whitespace separated string. Example: <defaultValue>pap chap mschap mschap-v2</defaultValue> will generate a Python list ['pap', 'chap', 'mschap', 'mschap-v2'] when retrieved by vyos.xml.defaults()
2020-10-03accel-ppp: T2953: fix missing defaultValue on mppeChristian Poessinger
Commit ba050937 ("accel-ppp: T2953: drop redundant CLI definitions ") dropped the defaultValue of 'prefer' for MPPE making the smoketests fail. This has been corrected.
2020-10-02configd: T2952: synchronize received messages in case of client timeoutJohn Estabrook
2020-10-02configd: T2582: catch config initialization errorsJohn Estabrook
2020-10-02configd: T2582: remove unused variablesJohn Estabrook
2020-10-02Merge pull request #559 from sever-sever/T2944Christian Poessinger
ntp: T2944: By default do not listen port 123 on any address
2020-10-02sstp: T2953: migrate ppp-settings to ppp-options nodeChristian Poessinger
2020-10-02acces-ppp: T2953: drop redundant CLI definitionsChristian Poessinger
2020-10-01wireless: T2653: mangle RADIUS default valuesChristian Poessinger
With commit 38ae3032 ("pppoe-server: T2936: move to get_config_dict()") there are now RADIUS default values present in the XML definitions - those must be proberly mangled for the WiFi interface.
2020-10-01vlan: configdict: T2945: determine if vlan is part of bridgeChristian Poessinger
Every interface knows if it is part of a bridge or not - except a VLAN (VIF) interface. Also VLANs should be aware of its master bridge. Add a testcase to ensure when VIFs on an interface change the bridge does not loos one of it's members.
2020-10-01nat: T2948: fix validation of IP address rangeChristian Poessinger
2020-10-01configdict: T2372: use config.exists() when probing for interface removalChristian Poessinger
We must use exists() as get_config_dict() will always return {} - even when an empty interface node like +macsec macsec1 { +} exists.
2020-10-01macsec: T2023: use proper config path for source-interface on removalChristian Poessinger
The config path is altered in get_interface_dict() to the base of the interface in question, e.g. 'interfaces macsec macsec1' - this must be reflected when calling othe methods of Config().
2020-10-01pppoe-server: T2936: move to get_config_dict()Christian Poessinger
For easier configuration read in (CLI) validation and also template rendering it makes sense to drop the old, single implementation and move to the new, generic get_config_dict() approach. Recurring configuration parts like ip-pool, ipv6-pool and nameservers have also been split our into individual templates which will be included through Jinja2 - leading to a single-source of the template sections, too.
2020-10-01ntp: T2944: By default do not listen port 123 on any addresssever-sever
2020-09-30wireguard: T2939: bugfix when removing individual peersChristian Poessinger
When individual peers that have been removed got determined they have been added to the config dict as list instead of string - which broke the system plumbing commands as they can not handle a Python list.
2020-09-30macsec: T2023: only remove interface when it existsChristian Poessinger
If for whatever reason the macsec interface dropped out of the Kernel - only call .remove() when it still exists to avoid any exceptions at all.
2020-09-29Merge pull request #557 from sever-sever/T2933Christian Poessinger
vrrp: T2933: Add option virtual-address-excluded
2020-09-29vrrp: T2933: Add option virtual-address-excludedsever-sever
2020-09-28Merge pull request #555 from DmitriyEshenko/cur-1x-pppoe-csid-formatChristian Poessinger
pppoe-server: T2919: Add possibility change Called-Station-Id format
2020-09-28pppoe-server: T2919: Add possibility change Called-Station-Id formatDmitriyEshenko
2020-09-27vxlan: geneve: T2930: add CLI node to set MAC addressChristian Poessinger
2020-09-26Merge pull request #554 from sever-sever/T2918Christian Poessinger
accel-ppp: T2918: Add accounting interim jitter option
2020-09-26macsec: T2023: shift priority to run on vxlan/geneve source-interfaceChristian Poessinger