Age | Commit message (Collapse) | Author |
|
1. Changed reset IPSEC, IKE SAs to use vici library.
2. Created package vyos.ipsec to communicate with vici library.
|
|
|
|
Fixed 'reset vpn ipsec-peer {peer}' command.
The op-mode script uses value 'None' in the 'tunnel' parameter
to clear all CHILD SAs.
|
|
1. Formatted output of 'show nhrp' commands to table view
2. Rewritten nhrp op-mode in new style
|
|
Commit a0fc8b80 ("T4940: new interfaces debugging command") introduced a new
tree under the op-mode "generate" function. The new "interface" node had no
help string available making the build fail:
> There are empty node.def files! Check your interface definitions.
|
|
igmp-proxy: T4912: Rewrite show IGMP proxy commands in the new op-mode format
|
|
T4940: new interfaces debugging command
|
|
|
|
There are currently two ways to generate the interface name completion helper
list (we use openvpn in this example)
- <script> ${vyos_completion_dir}/list_interfaces.py --type openvpn</script>
- <path>interfaces openvpn</path>
The first one using <script> tends to be rather slow as there is a Python
interpreter startup involved (expensive). The latter simply calls a C program
which is executed rather fast and gives the same result.
We can simply replace the first call with the second one to make the CLI
feel faster.
|
|
|
|
|
|
The script completion helper will only show SSTP client interfaces already
created and beeing active in the Kernel. The path completion helper shows the
real CLI deal.
|
|
The script completion helper will only show MACsec interfaces already created
and beeing active in the Kernel. The path completion helper shows the real
CLI deal.
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
|
|
|
|
The new command will allow you to get full detailed information on the system interfaces.
|
|
"show MFC" command
|
|
|
|
firewall: T4864: Fixed show zone-policy command output
|
|
|
|
|
|
1. Fixed "show zone-policy" command output
2. Rewritten zone-policy op-mode to new style
|
|
opmode: T4837: add family and table arguments for ShowRoute
|
|
* Move CLI from "system ntp" -> "service ntp"
* Drop NTP server option preempt as not supported by chrony
|
|
|
|
T4911: op-mode: rewrite LLDP in standardised op-mode format
|
|
|
|
|
|
T4918: op_mode interfaces: Fix show interfaces
|
|
Encapsulating the add/delete image commands in the op-mode script allows
automatic generation of corresponding API schema definitions.
|
|
This reverts commit 6857447bf6acba3537d5e5372cd320aef078b81e.
|
|
`show interfaces ethernet eth0` and `show interface bonding eth0`
produces the same output. While this is not a big problem it does
make usage a bit odd sometimes.
This commit adds the --intf_type option to all instances of
interfaces.py to make output consistent.
|
|
|
|
|
|
script
Sorting DHCP pools and filtering for state can now be done using the new op-mode
mode scripts in DHCP. This allows us to drop the old helpers show_dhcp.py and
show_dhcpv6.py.
|
|
script
Remaining functionality to filter NAT translations for a given address
got implemented to nat.py - with this cahnge we can drop the old files
show_nat*.py
|
|
T4866: rewrite show_interfaces.py show* functions to standardized op-mode
|
|
|
|
- show log router-advert
- monitor log router-advert
|
|
|
|
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
|
|
login: T4751: 2FA OTP key generator in VyOS CLI
|
|
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
|
|
|
|
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}
|
|
In case if we want generate own container image from a Dockerfile
and if it requires update or install packages in container we get
error. As it tries to use default network 'podman' and do own NAT
translations via 'iptables'. If fact we don't use iptables in 1.4
As result it cannot build such image.
Use '--net host' to fix it.
|
|
It's easier and more obvious if the script is called with sudo itself and not
spawning a sudo sessionf or each individual command.
|
|
T4767: Rewrite generate ipsec archive to python
|
|
|
|
Add op-mode CLI "show vpn ipsec connections"
Add the ability to show all configured connections/tunnels and
their states.
Ability to get --raw data
|