Age | Commit message (Collapse) | Author |
|
Station MAC address-based authentication means:
* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list
New CLI commands:
* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
|
|
Provides a per-device control to enable/disable the threaded mode for all the
napi instances of the given network device, without the need for a device
up/down.
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
No need to have two distinct include blocks as one superseeds the other. Also
this makes the entire behavior of "description" CLI node simpler.
|
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
firewall node
* Refactor firewall and zone-policy rule creation and cleanup
* Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>`
* Remove `firewall-interface.py` conf script
|
|
Commit a6f82bb484 ("T1748: vbash: beautify tab completion output/line breaks")
added a method to split the help string and insert newlines and leading tabs
in a deterministic way.
This commit cleans up the legacy implementations where leading whitespaces got
counted and added by humans in a try/error method.
|
|
|
|
"set traffic-policy" now becomes "set qos policy"
"set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
|
|
|
|
|
|
|
|
|
|
Since introducing the XML <defaultValue> node it was common, but redundant,
practice to also add a help string indicating which value would be used as
default if the node is unset.
This makes no sense b/c it's duplicated code/value/characters and prone to
error. The node.def scripts should be extended to automatically render the
appropriate default value into the CLI help string.
For e.g. SSH the current PoC renders:
$ cat templates-cfg/service/ssh/port/node.def
multi:
type: txt
help: Port for SSH service (default: 22)
val_help: u32:1-65535; Numeric IP port
...
Not all subsystems are already migrated to get_config_dict() and make use of
the defaults() call - those subsystems need to be migrated, first before the new
default is added to the CLI help.
|
|
|
|
|
|
|
|
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
Provide more re-usable nodes for future implementations.
|
|
A pre-defined list of common format strings to be used inside the <format> node
of <valueHelp> is available from [1]. Adjust all currently in use <format> nodes
to re-use the predefined strings over writing them on their own by even
encapsulating the <> signs as < and >.
[1]: https://github.com/vyos/vyatta-cfg/blob/5aec1a0429f2f/etc/bash_completion.d/vyatta-cfg#L515-L566
|
|
This change makes it easier for first time users as they do not need to
configure that much options. Less hazzle, better user experience.
|
|
|
|
This reverts commit 806f35b5856c3f8dae634718a6a9e82cc90bb63a.
Unfortunately this did not work our in the attempt to bridge a station to a
bridge "brX" interface. Also adjusting the wireless interface during operation
cause several exceptions and the feature is removed again as it was never in any
production system.
|
|
This reduces duplicated #include statements as each interface type already
contained the individual includes.
|
|
definition
|
|
Now as we can dynamically create bridge interfaces we can also reset the interface
priority back to the value it used to be in VyOS 1.2 crux.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VyOS 1.2 confirmed it was a regular node - copy/paste error.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
|
|
|
|
|
|
|
|
Yet, VyOS knows these two encryption schemes for WiFi:
1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
2. TKIP = Temporal Key Integrity Protocol
These encryption schemes are new and especially the Galois counter mode
cipher suites are very desirable!
1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key
2. GCMP = Galois/counter mode protocol (GCMP-128)
3. GCMP-256 = Galois/counter mode protocol with 256-bit key
CCMP is supported by all WPA2 compatible NICs, so this remains the
default cipher for bidirectional and group packets while using WPA2.
Use 'iw list' to figure out which cipher suites your cards support
prior to configuring other cipher suites than CCMP. AP NICs and
STA NICs must both support at least one common cipher in a given
list in order to associate successfully.
|
|
|
|
VHT flags deal with many variables which depend on antenna count and
supported features. BF-ANTENNA-(2|3|4) and SOUNDING-DIMENSION-(2|3|4)
were not dealt with correctly.
IEEE 802.11ac (VHT) supports at least 1 antenna and up to 8 antennas
at most. The hsotapd VHT flags may support as many but most do not.
Therefore, we need to be picky here...
|
|
Commits to
"interfaces wireless wlanX capabilities vht link-adaptation (unsolicited|both)"
always failed.
|
|
|
|
Autoconfigure addresses using Prefix Information in Router Advertisements.
|
|
... to new XML and Python based frontend/backend.
|
|
|
|
|
|
|
|
Provide an XML/Python abstraction to
* ip disable-arp-filter
* ip enable-arp-accept
* ip enable-arp-announce
* ip enable-arp-ignore
The old implementation can co-exist until the last interfaces have been
migrated.
|