Age | Commit message (Collapse) | Author |
|
T6313: Add "NAT" to "generate" command for rule resequence (backport #3715)
|
|
(#3909)
Strongswan does not initiate session after termination via vici.
Added an CHILD SAs initialization on the initiator side
of the tunnel.
(cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2)
Co-authored-by: aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>
|
|
ports
* Created op-mode command "restart serial console"
* Relocated service control to vyos.utils.serial helpers, used by conf- and
op-mode serial console handling
* Checking for logged-in serial sessions that may be affected by getty reconfig
* Warning the user when changes are committed and serial sessions are active,
otherwise restart services as normal. No prompts issued during commit,
all config gen/commit steps still occur except for the service restarts
(everything remains consistent)
* To apply committed changes, user will need to run "restart serial console"
to complete the process or reboot the whole router
* Added additional flags and target filtering for generic use of helpers.
(cherry picked from commit bc9049ebd76576d727fa87b10b96d1616950237c)
|
|
(cherry picked from commit 142545b0535d0a994182389c99b7bcd6d7c37c24)
|
|
(cherry picked from commit e858d96a3fbc1ae4719a50ee67df02b2f256b40f)
|
|
Commit dc60fe99350 ("op-mode: T6537: include hostname in the reboot/shutdown
warning message") added a more local import of vyos.utils.process.cmd() that
made the fglobal import obsolete and trigger a linter warning.
$ make unused-imports
--------------------------------------------------------------------
Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00)
(cherry picked from commit 6b2e45c073eeef62bbb5905e1bff98e20199b6b0)
|
|
(cherry picked from commit dc60fe993505d1adca60f9b6e0f47f565c459331)
|
|
op-mode: T5633, T6465: fix error when op cmd interrupted, updates some system call syntax (backport #3731)
|
|
(cherry picked from commit 5ade35255b3d8438aa6082fe56ae459d50cdc0a5)
|
|
new cli syntax (#3731)
(cherry picked from commit a095a3c7b3dd4459dc8626f0e5adecda855580e0)
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
(cherry picked from commit d2cf8eeee9053d04f34c5e8a22373290d078ab37)
Co-authored-by: Andrew Topp <andrewt@telekinetica.net>
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required (backport #3646)
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
(cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
(cherry picked from commit 1bc67d498c4d71da78aa46d1d2f9fe9752f59860)
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
(cherry picked from commit e318eb33446de47835480d4b8f1646b39fb5c388)
|
|
(cherry picked from commit 4e51569013b3f78abea9c18e5a6ecb9ff5ae4687)
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
(cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
|
|
|
|
This was a leftover from the early days.
(cherry picked from commit d5271e084cca8af54f425816916a821b0eab1a5a)
|
|
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates")
added support for multiple CA certificates which broke the OP mode command
to generate the IPSec profiles as it did not expect a list and was rather
working on a string.
Now multiple CAs can be rendered into the Apple IOS profile.
(cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
|
|
list of ports/ranges exists
Before: Issuing the op mode command "show nat source rules" will throw an
exception if the user has configured NAT rules using a list of ports as a
comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was
no handling for the "!" rule and so '!53' would display as '53'.
With this PR: Introduced iteration to capture all configured ports and append
to the appropriate string for display to the user as well as handling of '!' if
present in user's configuration.
(cherry picked from commit b7595ee9d328778105c70e3d4399ac45f555b304)
|
|
This fixes (for and ACME generated certificate)
vyos@vyos:~$ show pki certificate vyos fingerprint sha512
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module>
show_certificate_fingerprint(args.certificate, args.fingerprint)
File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint
print(get_certificate_fingerprint(cert, hash))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint
fp = cert.fingerprint(hash_algorithm)
^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'fingerprint'
After the fix:
vyos@vyos# run show pki certificate vyos fingerprint sha256
10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2
(cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
|
|
(cherry picked from commit 1cba74f91a67348bc8e8ad3e2ef4325dc9f9d6e0)
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
(cherry picked from commit c6be441c86bc8fe2e938e2bd3c85f99071cbfb49)
|
|
op mode: T4519: Show DUID instead of IAID_DUID
|
|
|
|
(cherry picked from commit cc0573a78aac4d6ac4479fdf951d151a36b88cbc)
|
|
(cherry picked from commit b705adc40b761e338026b938d80398fdb281a197)
|
|
(cherry picked from commit 72c95ec1df8ad7be8a715b3338001349684cafa9)
|
|
(cherry picked from commit 0eb09b81f763a62684a7be905267f081f9d6aeb1)
|
|
(cherry picked from commit 428d03e47e7d01b08ccb8cf1acc0ab8a53275286)
|
|
(cherry picked from commit eb281199ba35de52a8a97146dfc063e557755648)
|
|
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
|
|
(cherry picked from commit 40b9085171ecf97f791b5f3b5cb32dd5f46d0f21)
|
|
show interfaces bonding lacp detail
show interfaces bonding <bondif> lacp detail
show interfaces bonding <bondif> lacp neighbors
Co-authored-by: l0crian1 <ryan.claridge13@gmail.com>
(cherry picked from commit 0c2bf3192382cffc5ed2dcead3889c332a48820f)
|
|
ntp: T4909: Rewrite NTP op mode in new format
Adapts ntp.xml.in to reference new ntp.py file
Add ntp.py
Adds a check to ntp.py to verify if the ntp service is configured
Adds raw mode to ntp.py
For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader.
Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity
Revises the names of raw dictionary keys variables to be lowercase
Corrects a comment typo and renames function name used for raw mode
(cherry picked from commit d2a82c30695c2f4265dc5ca2165d27d5aa3e2cef)
|
|
(cherry picked from commit 456419c7930405b80d322586736734f707affaed)
|
|
image-tools: T6260: remove persistence image directory if no space error (backport #3346)
|
|
(cherry picked from commit c2fc2dba32ba861684f5e34635f810c56d551d51)
|
|
Connect_disconnect: T6261: correction to typo in check_ppp_running function
Changes include:
1. Replaces "beeing" -> being in print statement for check_ppp_running
2. Replaces "can not" -> cannot in print statement on lines 61 and 93
(cherry picked from commit 19e0d3b74f66e082c3f131b9044e7ca2371b1d85)
|
|
(cherry picked from commit 31b21d26751b7db7ab784486da5b8690ddd4a058)
|
|
(cherry picked from commit a43f1c00bdc5047eb20840ebb274418362612526)
|
|
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
|
|
T6166: Tech support generation error for custom output location (backport #3242)
|
|
(cherry picked from commit 13ed4f9d489dd5b8ee80c5f2fdebf1b0565e9137)
|
|
(cherry picked from commit 619e2262e77621c6110164712fed0a42f16715e3)
|
|
T6203: remove obsoleted xml lib (backport #3255)
|
|
T6188: add description to show firewall (backport #3219)
|
|
For readability in console sessions, moved the description column to only be shown in the detail view.
Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions.
(cherry picked from commit 4dba82c7517f4a93b9727d22104e4a339bad127a)
|
|
- modified: src/op_mode/firewall.py
Changed behavior of "show firewall" for specific rule to only show rule and not also default-action
(cherry picked from commit a7c5205ab12e767c6c60887033694c597e01f21b)
|