| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given
pool. In order to use the same CLI syntax this should be renamed to name-server,
which is already the case for DHCPv6.
|
|
vyos@vyos# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 192.168.10.0/24 {
next-hop 10.0.0.2
}
static-route 192.168.20.0/24 {
router 10.0.0.2
}
}
}
|
|
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer")
introduced Python3 f'ormatted strings but missed the "f" keyword.
|
|
T3823: Stop strip-private regexp from swallowing quotes
|
|
|
|
Manually set peer id and use-x509-id are mutually exclusive!
|
|
|
|
|
|
vyos@vyos# run generate pki wireguard key-pair install interface wg10
"generate" CLI command executed from config session.
Generated private-key was imported to CLI!
Use the following command to verify: show interfaces wireguard wg10
Corresponding public-key to use on peer system is: 'hGaWcoG7f+5sPAUY/MNQH1JFhsYdsGTecYA9S2J8xGs='
vyos@vyos# run generate pki wireguard preshared-key install interface wg10 peer vyos
"generate" CLI command executed from config session.
Generated preshared-key was imported to CLI!
Use the following command to verify: show interfaces wireguard wg10
vyos@vyos# show interfaces wireguard wg10
+peer vyos {
+ preshared-key OwTALZy8w6VIBMxUwbOv6Ys7QMyhrtY4aw+0cUjmmCw=
+}
+private-key 0Pu95CejvCUCCwrTW39TCYnitESWAdIIFTVJb7UgxVU=
[edit]
|
|
|
|
squid: squidguard: T3810: Fix template for sourcre-group and rule
|
|
|
|
Move the two implementations to get the driver name of a NIC from ethernet.py
and ethtool.py to only ethtool.py.
(cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7)
|
|
|
|
|
|
In order to alter rpki configuration we must also process the route-map nodes
with/for bgpd.
|
|
|
|
Add support for OpenVPN client mode with only the CA certificate of the server
installed.
|
|
|
|
|
|
|
|
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
|
|
|
|
data = {
'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}},
'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'],
'description': 'Test123',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:01',
'speed': 'auto'},
'eth1': {'address': ['192.0.2.9/29'],
'description': 'Test456',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:02',
'speed': 'auto'}}}
}
dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and
'00:00:00:00:00:02' as generator object.
|
|
message
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
(cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7)
|
|
VyOS 1.3 equuleus now uses version 21 so we have to bump this by one.
|
|
|
|
Commit 27e53fbc ("op-mode: T3619: bugfix "show interfaces" for VLANs") fixed
the op-mode command for the "show interfaces" operation, but if a user was
interested in all the ethernet or bridge interfaces, the command "show
interfaces <type> detail" did not yield any output.
The filtered_interfaces() function was further generalized to only operate on
base components and call itself recusively if required.
|
|
Commit 31169fa8a7 ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") always instantiated an object of the Ethtool class for an
ethernet object - this is right as a real ethernet interface is managed by
Ethtool.
Unfortunately the script used for "show interface" determindes the "base class"
for an interface by its name, so eth0 -> Ethernet, eth0.10 -> Ethernet. This
assumption is incorrect as a VLAN interface can not have the physical parameters
changed of its underlaying interface. This can only be done for eth0.
There is no need for the op-mode script to determine the implementation class
for an interface at this level, as we are only interested in the state of the
interface and it's IP addresses - which is a common operation valid for every
interface on VyOS.
|
|
|
|
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as")
added support for a new CLI option when the local-as is changed for a specified
neighbor or peer-group.
There was an error in the CLI / design as the "replace-as" option can only be
used when "no-prepend" is defined. Thus "no-prepend" became a <node> and
the new "replace-as" leafNode is now a child of "no-prepend".
|
|
This patch allows the use of `"` in ssh public-key options which
unlocks the ability to set the `from` option in a way that sshd will
accept to limit what hosts a user can connect from.
|
|
|
|
Keys are not allowed with ipip and sit tunnels
|
|
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius:
T3192: migrate to get_config_dict()") the user-name was not excluded
from mangling (no_tag_node_value_mangle=True).
This resulted in a username "vyos-user" from CLI to be actually created as
"vyos_user" on the system.
This commit also adds respective Smoketests to prevent this in the future.
|
|
The workaround is no longer required, as the issue was resolved in
get_config_dict() so if it is a <multi/> node, a list is always returned.
|
|
Commit 9f20bee81c ("T1376: improve show_dhcp and show_dhcpv6") added the tab
completion helper to list the availbale IP pools to query. This was done by
calling a python script which then called cli-shell-api which resulted in a
penalty by the Python interpreter startup.
This can be solved by directly using the cli-shell-api wrapper available
as <path> in op-mode - as also seen for DHCPv6.
|
|
tunnel: T2920: Add checks tun with same source addr and keys
|
|
2 tunnels with the same local-address should has different keys
Check existing tunnels (source-address key) with new tunnel.
|
|
It makes no sense to have a parser for the ethtool values in ethtool.py
and ethernet.py - one instance ios more then enough!
|
|
Only update the RX/TX ring-buffer settings if they are different from the ones
currently programmed to the hardware. There is no need to write the same value
to the hardware again - this could cause traffic disruption on some NICs.
|
|
Not all interface drivers have the ability to change the speed and duplex
settings. Known drivers with this limitation are vmxnet3, virtio_net and
xen_netfront. If this driver is detected, an error will be presented to the
user.
|
|
SSH keys used for remote login are supplied as base64 encoded data on the CLI.
The key is not validated, thus an invalid copy/pasted key will render the login
useless. This commit adds a custom and re-usable validator which check if the
data is properly base64 encoded.
|
|
Ethernet adapters have a discrete set of available speed and duplex settings.
Instead of passing every value down to ethtool and let it decide, we can do
this early in the VyOS verify() function for ethernet interfaces.
|
|
tunnel: T3786: Add checks for source any and not key
|
