| Age | Commit message (Collapse) | Author |
|---|
|
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers
were replaced with `data-ciphers`
fix template for "generate openvpn client-config"
|
|
T6617: T6618: vpn ipsec remote-access: fix profile generators
|
|
Removed unused pprint module
|
|
T6486: T6379: Rewrite generate openvpn client-config
|
|
system: op-mode: T3334: allow delayed getty restart when configuring serial ports
|
|
ports
* Created op-mode command "restart serial console"
* Relocated service control to vyos.utils.serial helpers, used by conf- and
op-mode serial console handling
* Checking for logged-in serial sessions that may be affected by getty reconfig
* Warning the user when changes are committed and serial sessions are active,
otherwise restart services as normal. No prompts issued during commit,
all config gen/commit steps still occur except for the service restarts
(everything remains consistent)
* To apply committed changes, user will need to run "restart serial console"
to complete the process or reboot the whole router
* Added additional flags and target filtering for generic use of helpers.
|
|
|
|
Strongswan does not initiate session after termination via vici.
Added an CHILD SAs initialization on the initiator side
of the tunnel.
|
|
|
|
|
|
interfaces that don't exist
|
|
|
|
T6578: Fix unhandled exception in "show openconnect-server sessions"
|
|
op-mode: T6586: add a distinct exception for unconfigured objects (as opposed to entire subsystems)
|
|
|
|
as opposed to entire subsystems
|
|
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that
all do the same (more or less):
* Check if service is configured on CLI
* Restart if configured
* Error out if unconfigured
This is not available via the op-mode API. Create a new restart.py op-mode
helper that takes the service name and possible VRF as argument so it's also
exposed via API.
|
|
Commit dc60fe99350 ("op-mode: T6537: include hostname in the reboot/shutdown
warning message") added a more local import of vyos.utils.process.cmd() that
made the fglobal import obsolete and trigger a linter warning.
$ make unused-imports
--------------------------------------------------------------------
Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00)
|
|
|
|
|
|
dmbaturin/T6498-machine-readable-tech-support-report
op-mode: T6498: add machine-readable tech support report script
|
|
|
|
This command helps to generate users `.ovpn` files
Rewrite `generate openvpn client-config` to use Config()
It needs to get the default values as `ConfigTreeQuery` is
not supporting default values.
Fixed "ignores configured protocol type" if TCP is used
Fixed lzo, was used even if lzo not configured
Fixed encryption is not parse the dict
|
|
T6527: add legacy Vyatta interpreter files still in use
|
|
|
|
op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode format
|
|
* T6452: Add QoS Op Commands
Added the following commands:
show qos shaping
show qos shaping detail
show qos shaping interface <int name>
show qos shaping interface <int name> detail
show qos shaping interface <int name> class <class name>
show qos shaping interface <int name> class <class name> detail
show qos cake interface <int name>
|
|
new cli syntax (#3731)
|
|
(#3681)
* T6488: firewall: extend op-mode command to show global state-policy counters.
|
|
|
|
T6313: Add "NAT" to "generate" command for rule resequence
|
|
|
|
to handle live CD systems correctly
and allow reusing the functions from other scripts
|
|
op mode: T6501: add "run show kernel modules"
|
|
op mode: T6498: move uptime helpers to vyos.utils.system
|
|
to be able to call them from the new tech-support script
|
|
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
|
|
T6456: Convert "monitor traffic" to modern op-mode wrapper
|
|
T6045: Recreate show lldp detail views & improve remote port selection
|
|
output
|
|
The old "monitor traffic" definition had misaligned arguments under the verbose node
and manually offered the same parameter keyword in multiple positions to emulate
flexible parameters.
I've wrapped tcpdump for op-mode and replicated the "varargs" style from mtr.py/mtr.xml.in
to present a few more parameters in a more flexible manner.
Changes to the Makefile were required for recursive varargs lookup.
|
|
If the remote device has explicitly sent the interface name as the portID,
we should use that first as the interface name, before working through
the previous priority order.
I've brought back LLDP detail views directly calling lldpcli. This can be
extended to render a template from op_mode/lldp.py, but lldpcli isn't bad
at rendering readable info. Raw mode (including detailed raw) is still
accessible for programmatic access.
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
|
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
|
|
This was a leftover from the early days.
|
