Hi,
I was playing around with VyOS and thought i'd build myself an iso and hit this issue. Not sure if its the correct way to solve it, but this is what I did:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Today
Today
syncer reassigned T5752: Check compatibility of new image tools with XCP-NG images from jestabro to Viacheslav.
jestabro claimed T5986: Container: Error on commit when environment variable value contains \n line break.
This will be resolved after backport of T5996.
jestabro moved T6245: Show openvpn server fails sometime from Need Triage to Finished on the VyOS 1.5 Circinus board.
Output seems to be for VyOS 1.3, rather than 1.5
Can you show VyOS version @PeppyH ?
Viacheslav placed T2279: Router resolves as 127.0.1.1 when using Router's Recursive DNS up for grabs.
Viacheslav edited projects for T4732: need an option for VRF name when you specify location for commit-archive, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Wontfix.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed as Wontfix.
Test addresses have to be different
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs reporter action.
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed from Open to Needs reporter action.
Viacheslav added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
Provide the set of the commands to reproduce
Viacheslav removed a project from T5153: OpenConnect route restriction via iptables is ignored: VyOS 1.4 Sagitta.
rusnino updated the task description for T6249: ISO builder fails because of changed buster-backport repository.
rusnino updated the task description for T6249: ISO builder fails because of changed buster-backport repository.
Viacheslav changed the status of T6221: Enabling VRF breaks connectivity from Open to Needs testing.
dmbaturin added a project to T6245: Show openvpn server fails sometime: VyOS 1.4 Sagitta (1.4.0-epa3).
dmbaturin edited projects for T5986: Container: Error on commit when environment variable value contains \n line break, added: VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.
Viacheslav added a project to T5471: Conntrack logging doesnt seem to be working: VyOS 1.5 Circinus.
Without subtasks, it is going to be dead.
@Apachez It is not clear what you want to fix exactly. Fix all and do all working well could be related to any task.
Viacheslav edited projects for T5673: Enable `CONFIG_DEBUG_INFO_DWARF5` and `CONFIG_DEBUG_INFO_BTF` in the Linux kernel, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav edited projects for T5737: Eigrp #11301 - Configuration failed error type: validation, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T5755: Running set pki ca NAME certificate with a name with spaces breaks the config as Resolved N/A.
Not reproduced on VyOS 1.5-rolling-202404141045
vyos@r-left# set pki ca "my test ca name" certificate 'MIIDnTCCAoWgAwIBAgIUFvyB2rY0V1V6AaIpPWHCftGRwN8wDQYJKoZIhvcNAQELBQAwVzELMAkGA0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yNDA0MTgxMTM3MzZaFw0yOTA0MzZaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggEiMA0GCQEBAQUAA4IBDwAwggEKAoIBAQCKEVxs7gdzmnN4iMinvXN1vdGaT+v3TOnHSXbBkWHnt9YdWmo8UoqFpVqyVM3E8xmoT+3HOXJeWkKArEpMkGo93kWaGo0f25KGEFWbS2ttgNA9cqH9PGa42XTKyTY+5ZoIWaQQzNNiUSaIoslRrMSV4V2yQs90ECxR37ezlV2RAIHEhZ6mizUkMkuSmdjqRolh2tpF1MoisyhspFPXBC6lJ8d0jFZEi1tP3tlQjqVEWPjTvtddy34iOLFeUjBF5cOwfmpVLzWBVLbIxJr5ZHamGeQIabn36Jg1u0+/6p7hb8avqBW4dT0K8UykWVqgjQ4W4rM7AgMBAAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUxEx+IVaoLb7M/SW9AkCVRaXCNTUwDQYJKoZIhvcNAQELBQADggEBAGjV6WiH4Z+hfdANG8oWgY0xsHmUZg8dCjwqO5GMwjBVIuu8GuoZu0JobtLa097behWcgCkwjvKBffuwCu542WbFkxdXzBLZjSAc+K3itegZIuy4jqRO5z6Q0IbPSaFUhR4HhfwejwlyXgjNCFzEMzwoDL2/3PXjWyilkqthYyFcx092tgwiXtnfO9z9Xm/YQHQmRG2VWzLEwucOhV698xnqFgRJk3uKqcDN9KjF+5v32OQ0eis7GHn1aJim5aUee1nnCRFdQO0llNJRwF6fIaICzKLwa7zzMjF7HhRehh5kpwY8omcQX7xYz7GJag4='
Viacheslav edited projects for T5756: L2TP RADIUS backup and weight settings, added: Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav removed projects from T5761: Allow PPPoE interface to be assigned IPv6 address via DHCPv6: VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta.
@dotAndy Is it still relevant?
Can you create a PR?
Viacheslav edited projects for T5810: Add support for RPKI source ip, added: VyOS 1.5 Circinus, Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav placed T2003: BGP FQDN capability has improper hostname after new image install up for grabs.
Viacheslav changed the status of T1790: OSPF Exchanged Routes marked as invalid when run through a GRE PTMP/PTP OSPF between peers from Open to Needs reporter action.
@SquirePug re-check please with the latest rolling image.
Viacheslav reopened T2003: BGP FQDN capability has improper hostname after new image install as "Needs reporter action".
Viacheslav closed T2003: BGP FQDN capability has improper hostname after new image install as Resolved.
@jmaslak can you check the latest rolling image?
Viacheslav changed the status of T2616: BFD Configuration causes flapping from Needs testing to Needs reporter action.
@kroy can you re-test this case?
Viacheslav added a project to T3393: IPoE does not assign IPv6 PD or WAN address: VyOS 1.5 Circinus.
tjh added a comment to T6248: <device> ip source-validation 'strict' - doesn't set /proc/sys/net/ipv4/conf/<device>/rp_filter.
Closed invalid - this is done with nftables now.
Apachez added a comment to T5572: Add capability for sending Gratuitous ARP (GARP) and the equal for IPv6.
It would be handy if the GARP announcement wouldnt be a separate list but rather picked up from any DNAT or SNAT rules.
Viacheslav lowered the priority of T5169: Add CGNAT Carrier-Grade NAT based on nftables from High to Normal.
Apachez added a comment to T6248: <device> ip source-validation 'strict' - doesn't set /proc/sys/net/ipv4/conf/<device>/rp_filter.
Probably related:
In T6247#184232, @jmoore wrote:. We need the feature regardless of the state of the repository.
Yesterday
Yesterday
It very may well have been. That's not really relevant to this request. The repository is an example. We need the feature regardless of the state of the repository.
I saw such repository more than once, but it seems that it has been abandoned. Last commit is dated two years ago.
Another example on nftables: https://github.com/fullcone-nat-nftables/nftables-1.0.5-with-fullcone
Viacheslav removed a project from T6247: Add CGN "full cone" EIF support per RFC6888 REQ-7: VyOS 1.4 Sagitta.
We do not use iptables and their modules for new features.
Feel free to add PR for nftables or if you know which commands should be for nftables
vyos@test1:~$ sudo cat /run/openvpn/vtun20.status OpenVPN CLIENT LIST Updated,2024-04-17 16:40:05 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END
From initial PR these two feedback points are now implemented. PR has been amended see https://github.com/vyos/vyos-1x/pull/3307
I think I might've found the cause of this issue: the vni is unset from all VRFs when making changes. I posted a message about this on Slack (and about another, fairly similar, issue) on Slack about this.
dex added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
Just checked with the current rolling release 1.5-rolling-202404141045. After committing set high-availability disable, keepalived is successfully stopped and the logs show that the transition script seems to be executed:
thank you very much for your analysis. I am still wondering, why it breaks with adding the vrf and why it works before.
Also, why it starts to work again, after rebooting when removing the vrf again (but not before rebooting)
Viacheslav changed the status of T6246: Enable basic haproxy http-check configuration options from Open to In progress.
Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.
It is not related to VRF at all and is related to the policy routing logic:
Reproduced even on 1.3.2
set interfaces ethernet eth1 address '192.168.122.14/24'
n.fort changed the status of T5535: disable-directed-broadcast should be moved to firewall global-options from Confirmed to Needs testing.
n.fort changed the status of T6191: Policy Route TCP-MSS Behavior Different from 1.3.x from Confirmed to Needs testing.
Viacheslav triaged T6237: IPSec remote access VPN: ability to set EAP ID of clients as Wishlist priority.
indrajitr closed T5612: Miscellaneous improvements and fixes for dynamic DNS configuration as Resolved.
indrajitr closed T5723: mdns repeater: Always reload systemd daemon before applying changes as Resolved.
indrajitr closed T5966: Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments as Resolved.
Updates have been applied on 1.4 and 1.5.
This can probably be closed.
jestabro closed T6154: Installer should ask for password twice, a subtask of T4516: Rewrite system image manipulation tools in Python, as Resolved.
jestabro moved T6154: Installer should ask for password twice from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Tue, Apr 16
Tue, Apr 16
I decided to dig into this a little more and try to trace this out:
@dmbaturin, @sever
Would love your input regarding the lack of headers when using the -c option. I've created a PoC around "chronyc -c activity" as it was the most straight forward command to start with.
Viacheslav changed the status of T6242: Loadbalancer reverse-proxy: SSL backend skip CA certificate verification from Open to Needs testing.