From 74a8c4b42b5ad31cdf34ddea07f83f7bff86be87 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 4 Oct 2021 22:25:19 +0200 Subject: bgp: T3741: "parameter default no-ipv4-unicast" is now a default option --- smoketest/configs/bgp-small-ipv4-unicast | 77 +++++++++++++++++++++++++++++ smoketest/scripts/cli/test_protocols_bgp.py | 3 -- 2 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 smoketest/configs/bgp-small-ipv4-unicast (limited to 'smoketest') diff --git a/smoketest/configs/bgp-small-ipv4-unicast b/smoketest/configs/bgp-small-ipv4-unicast new file mode 100644 index 000000000..a4dcd6218 --- /dev/null +++ b/smoketest/configs/bgp-small-ipv4-unicast @@ -0,0 +1,77 @@ +interfaces { + ethernet eth0 { + address 192.0.2.1 + address 2001:db8::1/64 + } + loopback lo { + } +} +protocols { + bgp 65001 { + address-family { + ipv4-unicast { + network 10.0.150.0/23 { + } + } + ipv6-unicast { + network 2001:db8:200::/40 { + } + } + } + neighbor 192.0.2.10 { + remote-as 65010 + } + neighbor 192.0.2.11 { + remote-as 65011 + } + neighbor 2001:db8::10 { + remote-as 65010 + } + neighbor 2001:db8::11 { + remote-as 65011 + } + parameters { + log-neighbor-changes + } + } +} +service { + ssh { + disable-host-validation + port 22 + } +} +system { + config-management { + commit-revisions 200 + } + console { + device ttyS0 { + speed 115200 + } + } + domain-name vyos.net + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0 + plaintext-password "" + } + } + } + syslog { + global { + facility all { + level notice + } + facility protocols { + level debug + } + } + } +} + +/* Warning: Do not remove the following line. */ +/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ +/* Release version: 1.2.5 */ diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index 29b5aa9d1..16284ed01 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -221,8 +221,6 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): # Default local preference (higher = more preferred, default value is 100) self.cli_set(base_path + ['parameters', 'default', 'local-pref', local_pref]) - # Deactivate IPv4 unicast for a peer by default - self.cli_set(base_path + ['parameters', 'default', 'no-ipv4-unicast']) self.cli_set(base_path + ['parameters', 'graceful-restart', 'stalepath-time', stalepath_time]) self.cli_set(base_path + ['parameters', 'graceful-shutdown']) self.cli_set(base_path + ['parameters', 'ebgp-requires-policy']) @@ -246,7 +244,6 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f' bgp router-id {router_id}', frrconfig) self.assertIn(f' bgp log-neighbor-changes', frrconfig) self.assertIn(f' bgp default local-preference {local_pref}', frrconfig) - self.assertIn(f' no bgp default ipv4-unicast', frrconfig) self.assertIn(f' bgp graceful-restart stalepath-time {stalepath_time}', frrconfig) self.assertIn(f' bgp graceful-shutdown', frrconfig) self.assertIn(f' bgp bestpath as-path multipath-relax', frrconfig) -- cgit v1.2.3 From a2920ce9e2289c3e4035b69bd2ac8574cd85b076 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 5 Oct 2021 19:43:31 +0200 Subject: smoketest: bgp: T3741: bugfix invalid IP address (missing prefix size) --- smoketest/configs/bgp-small-ipv4-unicast | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'smoketest') diff --git a/smoketest/configs/bgp-small-ipv4-unicast b/smoketest/configs/bgp-small-ipv4-unicast index a4dcd6218..83f1effd2 100644 --- a/smoketest/configs/bgp-small-ipv4-unicast +++ b/smoketest/configs/bgp-small-ipv4-unicast @@ -1,6 +1,6 @@ interfaces { ethernet eth0 { - address 192.0.2.1 + address 192.0.2.1/24 address 2001:db8::1/64 } loopback lo { -- cgit v1.2.3 From 35aeea69c62a1755595d34b856d03f58cdd2da4c Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Mon, 11 Oct 2021 06:32:07 +0000 Subject: ddclient: T3897: Add option for IPv6 Dynamic DNS --- data/templates/dynamic-dns/ddclient.conf.tmpl | 2 +- interface-definitions/dns-dynamic.xml.in | 6 ++++ smoketest/scripts/cli/test_service_dns_dynamic.py | 38 +++++++++++++++++++++++ src/conf_mode/dynamic_dns.py | 2 +- 4 files changed, 46 insertions(+), 2 deletions(-) (limited to 'smoketest') diff --git a/data/templates/dynamic-dns/ddclient.conf.tmpl b/data/templates/dynamic-dns/ddclient.conf.tmpl index 9d379de00..517e4bad4 100644 --- a/data/templates/dynamic-dns/ddclient.conf.tmpl +++ b/data/templates/dynamic-dns/ddclient.conf.tmpl @@ -9,7 +9,7 @@ ssl=yes {% set web_skip = ", web-skip='" + interface[iface].use_web.skip + "'" if interface[iface].use_web.skip is defined else '' %} use=web, web='{{ interface[iface].use_web.url }}'{{ web_skip }} {% else %} -use=if, if={{ iface }} +{{ 'usev6=if' if interface[iface].ipv6_enable is defined else 'use=if' }}, if={{ iface }} {% endif %} {% if interface[iface].rfc2136 is defined and interface[iface].rfc2136 is not none %} diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in index 250642691..64826516e 100644 --- a/interface-definitions/dns-dynamic.xml.in +++ b/interface-definitions/dns-dynamic.xml.in @@ -274,6 +274,12 @@ + + + Allow explicit IPv6 addresses for Dynamic DNS for this interface + + + diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py index d8a87ffd4..03fccf2c7 100755 --- a/smoketest/scripts/cli/test_service_dns_dynamic.py +++ b/smoketest/scripts/cli/test_service_dns_dynamic.py @@ -24,6 +24,7 @@ from vyos.configsession import ConfigSession from vyos.configsession import ConfigSessionError from vyos.util import cmd from vyos.util import process_named_running +from vyos.util import read_file PROCESS_NAME = 'ddclient' DDCLIENT_CONF = '/run/ddclient/ddclient.conf' @@ -122,5 +123,42 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) + def test_dyndns_ipv6(self): + ddns = ['interface', 'eth0', 'service', 'dynv6'] + hostname = 'test.ddns.vyos.io' + proto = 'dyndns2' + user = 'none' + password = 'paSS_4ord' + servr = 'ddns.vyos.io' + + self.cli_set(base_path + ['interface', 'eth0', 'ipv6-enable']) + self.cli_set(base_path + ddns + ['host-name', hostname]) + self.cli_set(base_path + ddns + ['login', user]) + self.cli_set(base_path + ddns + ['password', password]) + self.cli_set(base_path + ddns + ['protocol', proto]) + self.cli_set(base_path + ddns + ['server', servr]) + + # commit changes + self.cli_commit() + + # Check for running process + self.assertTrue(process_named_running(PROCESS_NAME)) + + config = read_file(DDCLIENT_CONF) + + protocol = get_config_value('protocol') + login = get_config_value('login') + pwd = get_config_value('password') + server = get_config_value('server') + + # Check some generating config parameters + self.assertTrue(protocol == proto) + self.assertTrue(login == user) + self.assertTrue(pwd == "'" + password + "'") + self.assertTrue(server == servr) + + self.assertIn('usev6=if', config) + self.assertIn(hostname, config) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index c979feca7..646de6324 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -132,7 +132,7 @@ def generate(dyndns): return None render(config_file, 'dynamic-dns/ddclient.conf.tmpl', dyndns, - permission=0o600) + permission=0o644) return None -- cgit v1.2.3 From 16ae2933ff976737e52113105228a5f7f75686a3 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Sat, 16 Oct 2021 20:54:34 +0200 Subject: mdns: T3917: Change to avahi-daemon for IPv4 + IPv6 mDNS repeater --- data/templates/mdns-repeater/avahi-daemon.tmpl | 18 ++++++++++++++++++ data/templates/mdns-repeater/mdns-repeater.tmpl | 2 -- debian/control | 2 +- smoketest/scripts/cli/test_service_mdns-repeater.py | 2 +- src/conf_mode/service_mdns-repeater.py | 10 +++++----- 5 files changed, 25 insertions(+), 9 deletions(-) create mode 100644 data/templates/mdns-repeater/avahi-daemon.tmpl delete mode 100644 data/templates/mdns-repeater/mdns-repeater.tmpl (limited to 'smoketest') diff --git a/data/templates/mdns-repeater/avahi-daemon.tmpl b/data/templates/mdns-repeater/avahi-daemon.tmpl new file mode 100644 index 000000000..65bb5a306 --- /dev/null +++ b/data/templates/mdns-repeater/avahi-daemon.tmpl @@ -0,0 +1,18 @@ +[server] +use-ipv4=yes +use-ipv6=yes +allow-interfaces={{ interface | join(', ') }} +disallow-other-stacks=no + +[wide-area] +enable-wide-area=yes + +[publish] +disable-publishing=yes +disable-user-service-publishing=yes +publish-addresses=no +publish-hinfo=no +publish-workstation=no + +[reflector] +enable-reflector=yes diff --git a/data/templates/mdns-repeater/mdns-repeater.tmpl b/data/templates/mdns-repeater/mdns-repeater.tmpl deleted file mode 100644 index 80f4ab047..000000000 --- a/data/templates/mdns-repeater/mdns-repeater.tmpl +++ /dev/null @@ -1,2 +0,0 @@ -### Autogenerated by mdns_repeater.py ### -DAEMON_ARGS="{{ interface | join(' ') }}" diff --git a/debian/control b/debian/control index 6c0f2f886..0843b9025 100644 --- a/debian/control +++ b/debian/control @@ -33,6 +33,7 @@ Architecture: amd64 arm64 Depends: ${python3:Depends}, accel-ppp, + avahi-daemon, beep, bmon, bsdmainutils, @@ -87,7 +88,6 @@ Depends: lldpd, lm-sensors, lsscsi, - mdns-repeater, minisign, modemmanager, mtr-tiny, diff --git a/smoketest/scripts/cli/test_service_mdns-repeater.py b/smoketest/scripts/cli/test_service_mdns-repeater.py index b1092c3e5..8941f065c 100755 --- a/smoketest/scripts/cli/test_service_mdns-repeater.py +++ b/smoketest/scripts/cli/test_service_mdns-repeater.py @@ -42,7 +42,7 @@ class TestServiceMDNSrepeater(VyOSUnitTestSHIM.TestCase): self.cli_commit() # Check for running process - self.assertTrue(process_named_running('mdns-repeater')) + self.assertTrue(process_named_running('avahi-daemon')) if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns-repeater.py index c920920ed..55b568e48 100755 --- a/src/conf_mode/service_mdns-repeater.py +++ b/src/conf_mode/service_mdns-repeater.py @@ -28,7 +28,7 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -config_file = r'/etc/default/mdns-repeater' +config_file = '/etc/avahi/avahi-daemon.conf' vrrp_running_file = '/run/mdns_vrrp_active' def get_config(config=None): @@ -92,12 +92,12 @@ def generate(mdns): if len(mdns['interface']) < 2: return None - render(config_file, 'mdns-repeater/mdns-repeater.tmpl', mdns) + render(config_file, 'mdns-repeater/avahi-daemon.tmpl', mdns) return None def apply(mdns): if not mdns or 'disable' in mdns: - call('systemctl stop mdns-repeater.service') + call('systemctl stop avahi-daemon.service') if os.path.exists(config_file): os.unlink(config_file) @@ -112,10 +112,10 @@ def apply(mdns): os.mknod(vrrp_running_file) # vrrp script looks for this file to update mdns repeater if len(mdns['interface']) < 2: - call('systemctl stop mdns-repeater.service') + call('systemctl stop avahi-daemon.service') return None - call('systemctl restart mdns-repeater.service') + call('systemctl restart avahi-daemon.service') return None -- cgit v1.2.3 From 103fca9f77c28e392146f791e0241e119feeadc9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 21 Oct 2021 19:38:38 +0200 Subject: tunnel: T3925: dhcp-interface was of no use - use source-interface instead (cherry picked from commit c1015d8ce0013719eb898b60b14ffec192b8141c) --- interface-definitions/interfaces-tunnel.xml.in | 1 - python/vyos/configverify.py | 7 ++-- smoketest/configs/tunnel-broker | 2 +- smoketest/scripts/cli/test_interfaces_tunnel.py | 20 ----------- src/migration-scripts/interfaces/21-to-22 | 46 +++++++++++++++++++++++++ 5 files changed, 49 insertions(+), 27 deletions(-) create mode 100755 src/migration-scripts/interfaces/21-to-22 (limited to 'smoketest') diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index 7450ef2af..cca732f82 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -54,7 +54,6 @@ - #include Encapsulation of this tunnel interface diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 8aca76568..365a28feb 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -110,15 +110,12 @@ def verify_tunnel(config): raise ConfigError('Must configure the tunnel encapsulation for '\ '{ifname}!'.format(**config)) - if 'source_address' not in config and 'dhcp_interface' not in config: - raise ConfigError('source-address is mandatory for tunnel') + if 'source_address' not in config and 'source_interface' not in config: + raise ConfigError('source-address or source-interface required for tunnel!') if 'remote' not in config and config['encapsulation'] != 'gre': raise ConfigError('remote ip address is mandatory for tunnel') - if {'source_address', 'dhcp_interface'} <= set(config): - raise ConfigError('Can not use both source-address and dhcp-interface') - if config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre', 'ip6gretap', 'ip6erspan']: error_ipv6 = 'Encapsulation mode requires IPv6' if 'source_address' in config and not is_ipv6(config['source_address']): diff --git a/smoketest/configs/tunnel-broker b/smoketest/configs/tunnel-broker index d4a5c2dfc..03ac0db41 100644 --- a/smoketest/configs/tunnel-broker +++ b/smoketest/configs/tunnel-broker @@ -56,7 +56,7 @@ interfaces { tunnel tun100 { address 172.16.0.1/30 encapsulation gre-bridge - local-ip 192.0.2.0 + dhcp-interface eth0 remote-ip 192.0.2.100 } tunnel tun200 { diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index 841527d21..fc2e254d6 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -156,26 +156,6 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): self.cli_delete(self._base_path + [interface]) self.cli_commit() - def test_tunnel_verify_local_dhcp(self): - # We can not use source-address and dhcp-interface at the same time - - interface = f'tun1020' - local_if_addr = f'10.0.0.1/24' - - self.cli_set(self._base_path + [interface, 'address', local_if_addr]) - self.cli_set(self._base_path + [interface, 'encapsulation', 'gre']) - self.cli_set(self._base_path + [interface, 'source-address', self.local_v4]) - self.cli_set(self._base_path + [interface, 'remote', remote_ip4]) - self.cli_set(self._base_path + [interface, 'dhcp-interface', 'eth0']) - - # source-address and dhcp-interface can not be used at the same time - with self.assertRaises(ConfigSessionError): - self.cli_commit() - self.cli_delete(self._base_path + [interface, 'dhcp-interface']) - - # Check if commit is ok - self.cli_commit() - def test_tunnel_parameters_gre(self): interface = f'tun1030' gre_key = '10' diff --git a/src/migration-scripts/interfaces/21-to-22 b/src/migration-scripts/interfaces/21-to-22 new file mode 100755 index 000000000..098102102 --- /dev/null +++ b/src/migration-scripts/interfaces/21-to-22 @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from sys import argv +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) +base = ['interfaces', 'tunnel'] + +if not config.exists(base): + exit(0) + +for interface in config.list_nodes(base): + path = base + [interface, 'dhcp-interface'] + if config.exists(path): + tmp = config.return_value(path) + config.delete(path) + config.set(base + [interface, 'source-interface'], value=tmp) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) -- cgit v1.2.3 From 71e793d92faefcb589d3090b8af8d3e77e06b023 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 21 Oct 2021 20:31:28 +0200 Subject: ddclient: T3897: bugfix smoketest --- smoketest/scripts/cli/test_service_dns_dynamic.py | 34 +++++++++++------------ src/conf_mode/dynamic_dns.py | 4 +-- 2 files changed, 17 insertions(+), 21 deletions(-) (limited to 'smoketest') diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py index 03fccf2c7..134254186 100755 --- a/smoketest/scripts/cli/test_service_dns_dynamic.py +++ b/smoketest/scripts/cli/test_service_dns_dynamic.py @@ -28,7 +28,10 @@ from vyos.util import read_file PROCESS_NAME = 'ddclient' DDCLIENT_CONF = '/run/ddclient/ddclient.conf' + base_path = ['service', 'dns', 'dynamic'] +hostname = 'test.ddns.vyos.io' +interface = 'eth0' def get_config_value(key): tmp = cmd(f'sudo cat {DDCLIENT_CONF}') @@ -37,14 +40,13 @@ def get_config_value(key): return tmp class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): - def tearDown(self): # Delete DDNS configuration self.cli_delete(base_path) self.cli_commit() def test_dyndns_service(self): - ddns = ['interface', 'eth0', 'service'] + ddns = ['interface', interface, 'service'] services = ['cloudflare', 'afraid', 'dyndns', 'zoneedit'] for service in services: @@ -52,7 +54,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): password = 'vyos_pass' zone = 'vyos.io' self.cli_delete(base_path) - self.cli_set(base_path + ddns + [service, 'host-name', 'test.ddns.vyos.io']) + self.cli_set(base_path + ddns + [service, 'host-name', hostname]) self.cli_set(base_path + ddns + [service, 'login', user]) self.cli_set(base_path + ddns + [service, 'password', password]) self.cli_set(base_path + ddns + [service, 'zone', zone]) @@ -95,7 +97,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): def test_dyndns_rfc2136(self): # Check if DDNS service can be configured and runs - ddns = ['interface', 'eth0', 'rfc2136', 'vyos'] + ddns = ['interface', interface, 'rfc2136', 'vyos'] ddns_key_file = '/config/auth/my.key' self.cli_set(base_path + ddns + ['key', ddns_key_file]) @@ -124,19 +126,18 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertTrue(process_named_running(PROCESS_NAME)) def test_dyndns_ipv6(self): - ddns = ['interface', 'eth0', 'service', 'dynv6'] - hostname = 'test.ddns.vyos.io' + ddns = ['interface', interface, 'service', 'dynv6'] proto = 'dyndns2' user = 'none' password = 'paSS_4ord' - servr = 'ddns.vyos.io' + srv = 'ddns.vyos.io' - self.cli_set(base_path + ['interface', 'eth0', 'ipv6-enable']) + self.cli_set(base_path + ['interface', interface, 'ipv6-enable']) self.cli_set(base_path + ddns + ['host-name', hostname]) self.cli_set(base_path + ddns + ['login', user]) self.cli_set(base_path + ddns + ['password', password]) self.cli_set(base_path + ddns + ['protocol', proto]) - self.cli_set(base_path + ddns + ['server', servr]) + self.cli_set(base_path + ddns + ['server', srv]) # commit changes self.cli_commit() @@ -144,21 +145,18 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) - config = read_file(DDCLIENT_CONF) - protocol = get_config_value('protocol') login = get_config_value('login') pwd = get_config_value('password') server = get_config_value('server') + usev6 = get_config_value('usev6') # Check some generating config parameters - self.assertTrue(protocol == proto) - self.assertTrue(login == user) - self.assertTrue(pwd == "'" + password + "'") - self.assertTrue(server == servr) - - self.assertIn('usev6=if', config) - self.assertIn(hostname, config) + self.assertEqual(protocol, proto) + self.assertEqual(login, user) + self.assertEqual(pwd, f"'{password}'") + self.assertEqual(server, srv) + self.assertEqual(usev6, f"if, if={interface}") if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index 646de6324..a31e5ed75 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -131,9 +131,7 @@ def generate(dyndns): if not dyndns: return None - render(config_file, 'dynamic-dns/ddclient.conf.tmpl', dyndns, - permission=0o644) - + render(config_file, 'dynamic-dns/ddclient.conf.tmpl', dyndns) return None def apply(dyndns): -- cgit v1.2.3 From 594c57d9b16cac5810f796f15ad7458bd0877435 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 22 Oct 2021 08:34:35 +0200 Subject: tunnel: T3925: fix configtest - source-interface does not work with gretap --- smoketest/configs/tunnel-broker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smoketest') diff --git a/smoketest/configs/tunnel-broker b/smoketest/configs/tunnel-broker index 03ac0db41..9a1e79719 100644 --- a/smoketest/configs/tunnel-broker +++ b/smoketest/configs/tunnel-broker @@ -56,13 +56,13 @@ interfaces { tunnel tun100 { address 172.16.0.1/30 encapsulation gre-bridge - dhcp-interface eth0 + local-ip 192.0.2.1 remote-ip 192.0.2.100 } tunnel tun200 { address 172.16.0.5/30 encapsulation gre - local-ip 192.0.2.1 + dhcp-interface eth0 remote-ip 192.0.2.101 } tunnel tun300 { -- cgit v1.2.3 From 062422db04f5ec6fd0a769f0d71faf4efa2d377f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 31 Oct 2021 14:01:42 +0100 Subject: smoketest: config: add DMVPN hub and spoke examples --- smoketest/configs/bgp-dmvpn-hub | 174 +++++++++++++++++++++++++++++++++ smoketest/configs/bgp-dmvpn-spoke | 201 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 375 insertions(+) create mode 100644 smoketest/configs/bgp-dmvpn-hub create mode 100644 smoketest/configs/bgp-dmvpn-spoke (limited to 'smoketest') diff --git a/smoketest/configs/bgp-dmvpn-hub b/smoketest/configs/bgp-dmvpn-hub new file mode 100644 index 000000000..fc5aadd8f --- /dev/null +++ b/smoketest/configs/bgp-dmvpn-hub @@ -0,0 +1,174 @@ +interfaces { + ethernet eth0 { + address 100.64.10.1/31 + } + ethernet eth1 { + } + loopback lo { + } + tunnel tun0 { + address 192.168.254.62/26 + encapsulation gre + multicast enable + parameters { + ip { + key 1 + } + } + source-address 100.64.10.1 + } +} +protocols { + bgp 65000 { + address-family { + ipv4-unicast { + network 172.20.0.0/16 { + } + } + } + neighbor 192.168.254.1 { + peer-group DMVPN + remote-as 65001 + } + neighbor 192.168.254.2 { + peer-group DMVPN + remote-as 65002 + } + neighbor 192.168.254.3 { + peer-group DMVPN + remote-as 65003 + } + parameters { + default { + no-ipv4-unicast + } + log-neighbor-changes + } + peer-group DMVPN { + address-family { + ipv4-unicast { + } + } + } + timers { + holdtime 30 + keepalive 10 + } + } + nhrp { + tunnel tun0 { + cisco-authentication secret + holding-time 300 + multicast dynamic + redirect + shortcut + } + } + static { + route 0.0.0.0/0 { + next-hop 100.64.10.0 { + } + } + route 172.20.0.0/16 { + blackhole { + distance 200 + } + } + } +} +system { + config-management { + commit-revisions 100 + } + conntrack { + modules { + ftp + h323 + nfs + pptp + sip + sqlnet + tftp + } + } + console { + device ttyS0 { + speed 115200 + } + } + host-name cpe-4 + login { + user vyos { + authentication { + encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0 + plaintext-password "" + } + } + } + name-server 1.1.1.1 + name-server 8.8.8.8 + name-server 9.9.9.9 + ntp { + server time1.vyos.net { + } + server time2.vyos.net { + } + server time3.vyos.net { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } +} +vpn { + ipsec { + esp-group ESP-DMVPN { + compression disable + lifetime 1800 + mode transport + pfs dh-group2 + proposal 1 { + encryption aes256 + hash sha1 + } + } + ike-group IKE-DMVPN { + close-action none + ikev2-reauth no + key-exchange ikev1 + lifetime 3600 + proposal 1 { + dh-group 2 + encryption aes256 + hash sha1 + } + } + ipsec-interfaces { + interface eth0 + } + profile NHRPVPN { + authentication { + mode pre-shared-secret + pre-shared-secret VyOS-topsecret + } + bind { + tunnel tun0 + } + esp-group ESP-DMVPN + ike-group IKE-DMVPN + } + } +} + + +// Warning: Do not remove the following line. +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.3.0-epa3 + diff --git a/smoketest/configs/bgp-dmvpn-spoke b/smoketest/configs/bgp-dmvpn-spoke new file mode 100644 index 000000000..3d7503a9b --- /dev/null +++ b/smoketest/configs/bgp-dmvpn-spoke @@ -0,0 +1,201 @@ +interfaces { + ethernet eth0 { + vif 7 { + description PPPoE-UPLINK + } + } + ethernet eth1 { + address 172.17.1.1/24 + } + loopback lo { + } + pppoe pppoe1 { + authentication { + password cpe-1 + user cpe-1 + } + no-peer-dns + source-interface eth0.7 + } + tunnel tun0 { + address 192.168.254.1/26 + encapsulation gre + multicast enable + parameters { + ip { + key 1 + } + } + source-address 0.0.0.0 + } +} +nat { + source { + rule 10 { + log enable + outbound-interface pppoe1 + source { + address 172.17.0.0/16 + } + translation { + address masquerade + } + } + } +} +protocols { + bgp 65001 { + address-family { + ipv4-unicast { + network 172.17.0.0/16 { + } + } + } + neighbor 192.168.254.62 { + address-family { + ipv4-unicast { + } + } + remote-as 65000 + } + parameters { + default { + no-ipv4-unicast + } + log-neighbor-changes + } + timers { + holdtime 30 + keepalive 10 + } + } + nhrp { + tunnel tun0 { + cisco-authentication secret + holding-time 300 + map 192.168.254.62/26 { + nbma-address 100.64.10.1 + register + } + multicast nhs + redirect + shortcut + } + } + static { + route 172.17.0.0/16 { + blackhole { + distance 200 + } + } + } +} +service { + dhcp-server { + shared-network-name LAN-3 { + subnet 172.17.1.0/24 { + default-router 172.17.1.1 + name-server 172.17.1.1 + range 0 { + start 172.17.1.100 + stop 172.17.1.200 + } + } + } + } +} +system { + config-management { + commit-revisions 100 + } + conntrack { + modules { + ftp + h323 + nfs + pptp + sip + sqlnet + tftp + } + } + console { + device ttyS0 { + speed 115200 + } + } + host-name cpe-1 + login { + user vyos { + authentication { + encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0 + plaintext-password "" + } + } + } + name-server 1.1.1.1 + name-server 8.8.8.8 + name-server 9.9.9.9 + ntp { + server time1.vyos.net { + } + server time2.vyos.net { + } + server time3.vyos.net { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } +} +vpn { + ipsec { + esp-group ESP-DMVPN { + compression disable + lifetime 1800 + mode transport + pfs dh-group2 + proposal 1 { + encryption aes256 + hash sha1 + } + } + ike-group IKE-DMVPN { + close-action none + ikev2-reauth no + key-exchange ikev1 + lifetime 3600 + proposal 1 { + dh-group 2 + encryption aes256 + hash sha1 + } + } + ipsec-interfaces { + interface pppoe1 + } + profile NHRPVPN { + authentication { + mode pre-shared-secret + pre-shared-secret VyOS-topsecret + } + bind { + tunnel tun0 + } + esp-group ESP-DMVPN + ike-group IKE-DMVPN + } + } +} + + +// Warning: Do not remove the following line. +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.3.0-epa3 -- cgit v1.2.3