Age | Commit message (Collapse) | Author |
|
The initial version always enabled Google authenticator (2FA/MFA) support by
hardcoding the PAM module for sshd and login.
This change only enables the PAM module on demand if any use has 2FA/MFA
configured. Enabling the module is done system wide via pam-auth-update by
using a predefined template.
Can be tested using:
set system login user vyos authentication plaintext-password vyos
set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O'
See https://docs.vyos.io/en/latest/configuration/system/login.html for additional
details.
|
|
|
|
vxlan: T5753: add support for VNI filtering
|
|
In a service provider network a service provider typically supports multiple
bridge domains with overlapping vlans. One bridge domain per customer. Vlans in
each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to
each customer.
Without the ability of VNI filtering, we can not provide VXLAN tunnels
with multiple tenants all requiring e.g. VLAN 10.
To Test:
set interfaces vxlan vxlan987 parameters external
set interfaces vxlan vxlan987 source-interface eth0
set interfaces vxlan vxlan987 parameters vni-filter
set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050
set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051
set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052
set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053
set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054
set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060
set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069
set interfaces bridge br0 member interface vxlan987
Add new op-mode command: show bridge vni
Interface VNI
----------- -----------
vxlan987 10050-10054
vxlan987 10060
vxlan987 10069
|
|
T5749: Swap show interfaces and show interfaces summary
|
|
By default show VRF, MAC, MTU for `show interfaces`
The original `show interfaces` moved to `show interfacces summary`
|
|
image: T4516: Added system image tools
|
|
|
|
T5747: op-mode add show interfaces summary
|
|
Add op-mode "show interfaces summary"
Add MAC, VRF and MTU options:
vyos@r4# run show interfaces summary
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u
eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN
eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1
eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2
eth3 - 52:54:00:09:a4:b4 default 1500 A/D
|
|
vyos@vyos:~$ show vrf vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
green 3000 None None Down None
red 1000 None None Down None
vyos@vyos:~$ show vrf blue vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
|
|
This commit adds the whole set of system image tools written from the scratch in
Python that allows performing all the operations on images:
* check information
* perform installation and deletion
* versions management
Also, it contains a new service that will update the GRUB menu and keep tracking
its version in the future.
WARNING: The commit contains non-reversible changes. Because of boot menu
changes, it will not be possible to manage images from older VyOS versions after
an update.
|
|
|
|
|
|
IGMP and PIM are two different but related things.
FRR has both combined in pimd. As we use get_config_dict() and FRR reload it
is better to have both centrally stored under the same CLI node (as FRR does,
too) to just "fire and forget" the commit to the daemon.
"set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp"
|
|
Migrate CLI configuration retrival to common get_config_dict(). In addition
add new functionality to VyOS that is PIM related and already available in FRR.
|
|
|
|
|
|
|
|
|
|
The following ones are available now:
- restart mdns repeater
- show log mdns repeater
- monitor log mdns repeater
|
|
show bgp l2vpn evpn es-vrf
show bgp l2vpn evpn next-hops
|
|
|
|
T5513: firewall: update op-mode command show firewall.
|
|
logfile
|
|
Try to have as few calls to sudo in the op-mode scripts as possible. The XML
definitions can deal with it.
|
|
This makes the code more easy to maintain in the future if everyone uses the
same structure when calling journalctl.
|
|
T5661: Add show show ssh dynamic-protection attacker and show log ssh…
|
|
default actions and extend references for firewall groups
|
|
dynamic-protection
|
|
|
|
|
|
'generate tech-support archive' moved to vyos-1x.
Output of 'show tech-support report' command is added to archive.
The default location of the archive is moved to '/tmp'.
The script is rewritten to Python.
|
|
T5530: isis: Adding loop free alternate feature
|
|
|
|
|
|
firewall: T5160: Remove zone policy op-mode
|
|
|
|
Add op-mode command `generate firewall rule-resequence`
Generates output with new sequences for firewall rules
set firewall ipv4 input filter rule 1 action 'accept'
set firewall ipv4 input filter rule 1 description 'Allow loopback'
$ generate firewall rule-resequence start 10 step 10
set firewall ipv4 input filter rule 10 action 'accept'
set firewall ipv4 input filter rule 10 description 'Allow loopback'
|
|
smoketest: T5607: support getting SCSI device by drive-id
|
|
|
|
|
|
|
|
T5579: show log firewall - Fix and extend command
|
|
structure; extend command options so it can be used on every layer ; use journalctl to get the logs
|
|
T4072: Firewall op-mode command: add bridge capabilities
|
|
op mode: T5582: Add 'force ntp synchronization'
|
|
|
|
|
|
|