summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2020-10-07Merge pull request #563 from lucasec/dns-source-addressChristian Poessinger
pdns_recursor: T2964: Expose query-local-address to dns config.
2020-10-06pdns_recursor: T2964: Expose query-local-address to dns config.Lucas Christian
In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family.
2020-10-06conf-mode: T2782: Restart rsyslog after changing timezonesever-sever
2020-10-05wireless: T2963: remove default wpa mode key if passphares or RADIUS is unsetChristian Poessinger
Required to not trigger the "Misssing WPA key or RADIUS server" exception due to the new default value added in commit 2a0428bf ("wireless: T2963: set default 'both' on 'security wpa mode'").
2020-10-05Merge pull request #562 from lucasec/dhcpv6-statelessChristian Poessinger
dhcpv6: T2961: support stateless dhcpv6 clients
2020-10-04dhcpv6: T2961: support stateless dhcpv6 clientsLucas Christian
This commit adds support for configuring the DHCPv6 server to serve "stateless" DHCPv6 clients (those that send an information-request message and do not request an address). The change introduces a `common-options` node at the `shared-network-name` level, which allows specifying options applicable to clients regardless of subnet assigned (or in the case of stateless clients, when no subnet is assigned). Parameters specified at the subnet level take precedence over those set at the shared-network level. Presently, only parameters that are meaningful to stateless clients have been exposed under `common-options`, as there is no precedent of exposing parameters at multiple levels under the current DHCPv4 or DHCPv6 configuration syntax. If desired, additional parameters could certainly be added with relative ease.
2020-10-04sstp: T2960: migrate to get_config_dict() and reusable templatesChristian Poessinger
2020-10-04pppoe-server: T2953: prepare common chap-secrets fileChristian Poessinger
2020-10-04pppoe-server: T2953: rename CLI local-ip to gateway-addressChristian Poessinger
Required to get a common CLI for all services provided by Accel-PPP. Once the CLI for each service is consitent - Jinja2 templates can be reused together with get_config_dict().
2020-10-04sstp: T2953: migrate gateway-address, client-ip-settings to common levelChristian Poessinger
* move "network-settings gateway-address" to "gateway-address" * move "network-settings client-ip-settings" to "client-ip-pool"
2020-10-03sstp: T2953: migrate mtu to common levelChristian Poessinger
Preparation before using get_config_dict() and common Jinja2 templates.
2020-10-03vpn: sstp: T2008: set DA/CoA default port 1700Christian Poessinger
2020-10-03sstp: T2953: migrate name-server settions to common levelChristian Poessinger
In order to reuse as much as possible before migrationg to get_config_dict() and re-use Jinja2 snippets the name-server node must be moved one level up to 'set vpn sstp name-server'.
2020-10-03pppoe-server: T2936: three IPv6 name-servers are supportedChristian Poessinger
2020-10-03pppoe-server: T2936: move v4/v6 nameserver lists out of for loopChristian Poessinger
2020-10-03pppoe-server: T2956: make use of defaultValue list featureChristian Poessinger
2020-10-03accel-ppp: T2953: fix missing defaultValue on mppeChristian Poessinger
Commit ba050937 ("accel-ppp: T2953: drop redundant CLI definitions ") dropped the defaultValue of 'prefer' for MPPE making the smoketests fail. This has been corrected.
2020-10-02sstp: T2953: migrate ppp-settings to ppp-options nodeChristian Poessinger
2020-10-01wireless: T2653: mangle RADIUS default valuesChristian Poessinger
With commit 38ae3032 ("pppoe-server: T2936: move to get_config_dict()") there are now RADIUS default values present in the XML definitions - those must be proberly mangled for the WiFi interface.
2020-10-01nat: T2948: fix validation of IP address rangeChristian Poessinger
2020-10-01macsec: T2023: use proper config path for source-interface on removalChristian Poessinger
The config path is altered in get_interface_dict() to the base of the interface in question, e.g. 'interfaces macsec macsec1' - this must be reflected when calling othe methods of Config().
2020-10-01pppoe-server: T2936: move to get_config_dict()Christian Poessinger
For easier configuration read in (CLI) validation and also template rendering it makes sense to drop the old, single implementation and move to the new, generic get_config_dict() approach. Recurring configuration parts like ip-pool, ipv6-pool and nameservers have also been split our into individual templates which will be included through Jinja2 - leading to a single-source of the template sections, too.
2020-09-30wireguard: T2939: bugfix when removing individual peersChristian Poessinger
When individual peers that have been removed got determined they have been added to the config dict as list instead of string - which broke the system plumbing commands as they can not handle a Python list.
2020-09-30macsec: T2023: only remove interface when it existsChristian Poessinger
If for whatever reason the macsec interface dropped out of the Kernel - only call .remove() when it still exists to avoid any exceptions at all.
2020-09-29vrrp: T2933: Add option virtual-address-excludedsever-sever
2020-09-28pppoe-server: T2919: Add possibility change Called-Station-Id formatDmitriyEshenko
2020-09-26Merge pull request #554 from sever-sever/T2918Christian Poessinger
accel-ppp: T2918: Add accounting interim jitter option
2020-09-26accel-ppp: T2918: Add accounting interim jitter optionsever-sever
2020-09-26macsec: vxlan: T2653: bugfix in verify() on lower interface MTU sizeChristian Poessinger
Introduced in commit 818a75c024e ("ifconfig: T2653: get_mtu() should return int() for easier comparison") where the variable used in the formatted string has not been adjusted.
2020-09-26accel-ppp: T2917: Add Preallocate NAS-port-idsever-sever
2020-09-26ifconfig: mtu: T2928: remove bridge mtu check as our bridge interface has no mtuChristian Poessinger
2020-09-26ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interfaceChristian Poessinger
Using an MTU less then the required 1280 bytes (as per RFC) on an interface where IPv6 is not explicitly disabled by: - set interfaces ethernet eth1 ipv6 address no-default-link-local - not having any other IPv6 address configured Will now trigger a commit error via verify() instead of raising FileNotFoundError!
2020-09-25T2926: Missing importkroy
2020-09-25ethernet: T2912: verify() that hardware supports specified MTU valueChristian Poessinger
Check the hardware if MTU value is supported at all.
2020-09-25ifconfig: T2653: get_mtu() should return int() for easier comparisonChristian Poessinger
2020-09-25dns: forwarding: T2921: migrate to get_config_dict()Christian Poessinger
2020-09-24wireless: T2241: add "wds" CLI optionChristian Poessinger
2020-09-24dns: forwarding: T2921: template cleanupChristian Poessinger
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-09-22ifconfig: T2653: bond: bridge: ensure member interface is not a source-interfaceChristian Poessinger
As we already check that a bond/bridge member interface is not a member of any other bridge or bond, the check must be extended. We also need to ensure that the bond member interface is not used as a source-interface to pppoe, macsec, tunnel, pseudo-ethernet, vxlan interfaces.
2020-09-22ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdictChristian Poessinger
2020-09-21macsec: T2788: source-interface must not be member of a bridgeChristian Poessinger
Add verify() step to ensure the macsec source-interface is not already part of a bridge interface. This should probably also be checked for bond interfaces.
2020-09-20macsec: T2023: add missing mtu CLI optionChristian Poessinger
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come.
2020-09-20ifconfig: T2653: remove duplicates of get_config()Christian Poessinger
A lot of derived classes from Interface implemented their own get_config() method which more or less was the same everywhere. We also hat different qualifiers like @staticmethod or @classmethod. This is now changed to only have the @classmethod in Interface base class which will return the necessary dictionary keys for the required interfaces. This change is a mid reduction in lines of code which is always a very nice thing!
2020-09-19dns: forwarding: T2900: restore proper Config() level in verify()Christian Poessinger
Despite the fact that running verify on Config() is "bad" and "not as intended" the level of the configuration must match the keys that are checked by exits(). Re-set proper Config() level before querying the system nodes.
2020-09-16wireless: T2887: Jinja2 can not work on keys starting with a numberChristian Poessinger
... an error would be presented: jinja2.exceptions.TemplateSyntaxError: expected token 'end of statement block', got 'mhz_incapable', thus we simply rename the key before rendering the template.
2020-09-15bonding: T2515: preserve interface admin state when removing from bondChristian Poessinger
Removing a member from a bond/LACP will turn the physical interface always in admin-down state. This is invalid, the interface should be placed into the state configured on the VyOS CLI. Smoketest on bond interfaces is extended to check this behavior.
2020-09-15vyos.configdict: T2515: leaf_node_changed() should return list or NoneChristian Poessinger
2020-09-13ddclient: T2858: migrate to get_config_dict()Christian Poessinger
2020-09-13qat: T2857: cleanup configuration scriptChristian Poessinger