Age | Commit message (Collapse) | Author |
|
|
|
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
|
|
|
|
|
|
|
|
|
|
util: T2467: automatically add sudo to known commands
|
|
|
|
|
|
|
|
Add support for prefix delegation when receiving the prefix via ethernet,
bridge, bond, wireless.
|
|
|
|
Dictionary is used to remove the amount of duplicated code by e.g. ethernet
or bridge interface.
|
|
|
|
|
|
|
|
The following configuration will assign a /64 prefix out of a /56 delegation
to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64.
If you do not know the prefix size delegated to you, start with sla-len 0.
pppoe pppoe0 {
authentication {
password vyos
user vyos
}
description sadfas
dhcpv6-options {
delegate eth0 {
interface-id 65535
sla-id 0
sla-len 8
}
}
ipv6 {
address {
autoconf
}
enable
}
source-interface eth1
}
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 2001:db8:8003:400::ffff/64 u/u
|
|
ISC does not support running the client on PPP(oE) interfaces which makes it
unusable for DHCPv6 Prefix Delegation tasks.
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Unsupported device type 512 for "pppoe0"
|
|
Currently accept_ra was set to 0 if 'address dhcpv6' was set on an
interface. This is wrong, as without RA, the system will get no routes
to the DHCPv6-obtained prefix.
Since the logic for accept_ra was moved to the interface scripts,
it can be removed from the dhclient code.
|
|
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
|
|
validator: T2417: try to make the code clearer
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Previously all vlan configs, which are dicts, were appended to a simple
list, with the distinguishing 'id' stored inside the dicts themselves.
This worked, but wasn't ideal.
This commit converts them to dicts, where the key is the VLAN ID and
value the config dict of that VLAN. This makes it posible to access
single VLANs by their ID (key) and we can for-loop and get both the ID
and config with: 'for vif_id, vif in conf["vif"].items():'
|
|
Commit 3fdf0093a introduced code that removed all addresses from an
interface when that interface is disabled. This is wrong, as other
configured services may be listening on these addresses and may fail to
start if their configured address isn't present.
It also caused a commit error when applying dhcp-server configuration:
DHCP server configuration error!
None of configured DHCP subnets does not have appropriate
primary IP address on any broadcast interface.
This commit reverts it to prior behavior, which was to just put the
interface admin down and leave all addresses configured, other than the
IPv6 'fe80::EUI-64/64' link-local, which it deletes, as the interface
may not have a MAC if it's put down.
|
|
Since lists in python are assigned by reference, taking the return value
from these functions and modifying it will modify all other return values
of functions that called the function before and did not explicitly copy
it.
To be safe, always make a copy of lists before returning them.
|
|
Add a function that converts an interface name to its config path.
For example: 'eth0.1.2' -> 'ethernet eth0 vif-s 1 vif-c 2'
|
|
Previously the function returned the correct basename only for vif interfaces
as it stopped at the 2nd dot. If we had a vif-s vif-c interface 'eth0.1.2' it
would return 'eth0.'. It is now fixed to strip both vif-s and vif-c if
'vlan=True' (default).
|
|
|
|
Bridge members should not have addresses assigned.
|
|
Bridge members should not have addresses assigned.
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
- always re-add the interface back to any bridge it is part of in
case it is deleted and recreated (e.g. changing egress/ingress-qos)
|
|
Will be called by all interface scripts to re-add themselves to a bridge
after deleting and recreating themselves.
|
|
Function that parses the config of a bridge member into a dict that is
needed to apply all port config when adding a port to a bridge.
Needed because other interfaces will be adding themselves to the bridge
outside of the bridge conf_mode script and they need a common place to
get their config.
Can't be put as method of BridgeIf as we can't invoke it without it
creating the bridge (create=False raises an exception), we need to
get the configuration before we create the interface.
|
|
|
|
|
|
- rewrite the function to support both bridge and bonding interface types,
if the type is passed it searches only that type, otherwise it searches
both
- move is_member check out of the deleted condition
- move is_member check to intf_from_dict for interfaces that use it
|
|
This is needed as later functions depend on it
|
|
|
|
Remove one unnecessary call to conf.get_level()
|
|
- detriplicate list appending
- detriplicate returns
- use if-elif-else
- move check if address is already added to beginning
- move caching in variable to after address assignment so a failed
assignment won't cache the address
|
|
|