Age | Commit message (Collapse) | Author |
|
[OpenVPN] T1675: Added setting for minimum tls version
|
|
|
|
[OpenVPN] T1670: Added setting for tls-auth. Added check for if tls_cert and tls_key w…
|
|
An interface can only be added in disabled state to a bond (ensured via
ifconfig.py). Also interfaces can be disabled during runtime in a bond which
is supported by the Linux Kernel - so why should be add a restriction
here? makes no sense.
|
|
- due to the named keys feature keys reside in named directories
- adding a check if the variable VYOS_TAGNODE_VALUE has content
|
|
|
|
|
|
|
|
|
|
client
|
|
|
|
|
|
Some bond modes do not support arp monitor interval and thus internally eset it
to 0 which means disabled. If you then write to the sysfs file in question an
OS exception (permission denied) is triggered.
arp_mon_intvl is initialized as 0 which means disabled so we only write it
when it is really requested by the user. There is a validator ensuring that
it can only be set in the bond modes which support it.
|
|
support arp_interval"
This reverts commit fb1689e20ab9967a4c1e24279f5d4d736b256e83.
|
|
arp_interval
|
|
|
|
naming.
|
|
|
|
|
|
- param key location added in op-mode script
- param delkey and listkey implemented in op-mode script
- param delkey implemented in op-mode script
- generate and store named keys
- interface implementation tu use cli option
'private-key'
|
|
- removed sudo as is already runs as root
- set privte key as variable in preparation to support multiple
pk's
|
|
Forgot to exclude our current bond interface in the search for duplicate
interface enslavement.
|
|
|
|
- sudo added to wg call
- debug print removed when pubkey changes
|
|
Previous implementations sent a SIGUSR1 to OpenVPN to initialte a restart after
the configuration changed - as this was the same as the client keepalive
mechanism did.
Unfortunately on SIGUSR1 OpenVPN does not re-read the configuration file. Thus
changed options were never taken into account.
|
|
|
|
|
|
Tested using:
Site 1 (VyOS 1.2.2)
-------------------
set interfaces vxlan vxlan100 address '10.10.10.2/24'
set interfaces vxlan vxlan100 remote '172.18.201.10'
set interfaces vxlan vxlan100 vni '100'
Site 2 (rewrite)
----------------
set interfaces vxlan vxlan100 address '10.10.10.1/24'
set interfaces vxlan vxlan100 description 'VyOS VXLAN'
set interfaces vxlan vxlan100 remote '172.18.202.10'
set interfaces vxlan vxlan100 vni '100'
|
|
|
|
|
|
|
|
|
|
Instead of manually starting DHCP/DHCPv6 for every interface and have an
identical if/elif/else statement checking for dhcp/dhcpv6 rather move this
repeating stement into add_addr()/del_addr().
Single source is always preferred.
|
|
|
|
A generic function which can parse the VLAN (vif, vif-s, cif-c) nodes in a
config session. A dictionary describing the VLAN is returned.
A good example will be the interface-bonding.py script used to generate bond
interfaces in the system. It is used as follows:
if conf.exists('vif'):
for vif in conf.list_nodes('vif'):
# set config level to vif interface
conf.set_level(cfg_base + ' vif ' + vif)
bond['vif'].append(vlan_to_dict(conf))
|
|
A list containing only unique elements not part of the other list is
returned. This is usefull to check e.g. which IP addresses need to be
removed from the OS.
|
|
vyos.ifconfig class
|
|
The following CLI command can be used to add a raw option to OpenVPN
which requires quotes:
> set interfaces openvpn vtun10 openvpn-option 'push "keepalive 1 10"'
The resulting config file will then have the following set:
> push "keepalive 1 10"
|
|
|
|
|
|
T1614 bonding
|
|
a bond
|
|
As in the past during the priority race of the bash script invalid configuration
could appear in the CLI and are de-synced from the kernle state, e.g. some
bonding modes do not support arp_interval.
This is no longer allowed and added to the migration script so that the config
again represents the truth.
|
|
|
|
Tested using:
=============
set interfaces bonding bond0 address 192.0.2.1/24
set interfaces bonding bond0 description "VyOS bonding"
set interfaces bonding bond0 disable-link-detect
set interfaces bonding bond0 hash-policy layer2+3
set interfaces bonding bond0 ip arp-cache-timeout 86400
set interfaces bonding bond0 mac 00:91:00:00:00:01
set interfaces bonding bond0 mode active-backup
set interfaces bonding bond0 mtu 9000
set interfaces bonding bond0 member interface eth1
set interfaces bonding bond0 member interface eth2
set interfaces bonding bond0 vif-s 100 address 192.168.10.1/24
set interfaces bonding bond0 vif-s 100 description "802.1ad service VLAN 100"
set interfaces bonding bond0 vif-s 100 mtu 1500
set interfaces bonding bond0 vif-s 100 mac 00:91:00:00:00:02
set interfaces bonding bond0 vif-s 100 vif-c 110 address "192.168.110.1/24"
set interfaces bonding bond0 vif-s 100 vif-c 110 description "client VLAN 110"
set interfaces bonding bond0 vif-s 100 vif-c 120 address "192.168.120.1/24"
set interfaces bonding bond0 vif-s 100 vif-c 120 description "client VLAN 120"
set interfaces bonding bond0 vif-s 100 vif-c 130 address "192.168.130.1/24"
set interfaces bonding bond0 vif-s 100 vif-c 130 description "client VLAN 130"
set interfaces bonding bond0 vif 400 address 192.168.40.1/24
set interfaces bonding bond0 vif 400 description "802.1q VLAN 400"
set interfaces bonding bond0 vif 400 mtu 1500
set interfaces bonding bond0 vif 400 mac 00:91:00:00:00:03
|
|
|
|
Support for vif-c interfaces is still missing
|
|
|
|
|
|
The node 'interfaces ethernet eth0 bond-group' has been changed and
de-nested. Bond members are now configured in the bond interface itself.
set interfaces bonding bond0 member interface eth0
|