Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Feb 25 2018

syncer triaged T563: webproxy: migrate 'service webproxy' to get_config_dict() as Low priority.
Feb 25 2018, 7:42 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
syncer created T563: webproxy: migrate 'service webproxy' to get_config_dict().
Feb 25 2018, 7:42 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
syncer added a comment to V5: Should we keep web proxy functionality in base 1.2/1.3/2.0?.

We may want to consider other backend for web proxy functionality

Feb 25 2018, 7:37 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux
syncer changed the status of V5: Should we keep web proxy functionality in base 1.2/1.3/2.0? from Open to Closed.
Feb 25 2018, 7:36 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux
aldoleiva1 added a comment to V5: Should we keep web proxy functionality in base 1.2/1.3/2.0?.

Deprecate that function, and push resources to building on Core routing and Code stability

Feb 25 2018, 6:55 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux
syncer triaged T562: PDNS: Add support for authoritative dns server as Normal priority.
Feb 25 2018, 6:10 PM · VyOS 1.4 Sagitta
syncer triaged T561: Prepare vyos forwarder to pdns config mapping table as Normal priority.
Feb 25 2018, 6:03 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T560: Migrate dns forwarder from dnsmasq to powerdns-recursor.

That would be great!
In parallel the XML file for the config nodes can be created. I‘d keep the nodes as they are right now to kot break running setups.

Feb 25 2018, 1:52 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer added a comment to T560: Migrate dns forwarder from dnsmasq to powerdns-recursor.

Agree,
@c-po what will be best way to start with that,
i can collect vyos settings a map them to pdns config options, not that much there actually

Feb 25 2018, 1:24 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po closed T297: DNS Forwarding server does not allow IPv6 address in name-server as Resolved.
Feb 25 2018, 11:52 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T297: DNS Forwarding server does not allow IPv6 address in name-server.

See T546 ("service dns forwarding doman localdomain server" entry doesn't allow IPv6 address). This one is resolved.

Feb 25 2018, 11:51 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T560: Migrate dns forwarder from dnsmasq to powerdns-recursor.

Functionality should be implemented via the new style vyos-1x interface.

Feb 25 2018, 11:48 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer closed T557: Can't specify more than one server for domain in forwarder as Invalid.

Impossible to implement

Feb 25 2018, 10:46 AM · Invalid
syncer created T560: Migrate dns forwarder from dnsmasq to powerdns-recursor.
Feb 25 2018, 10:16 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer updated subscribers of T557: Can't specify more than one server for domain in forwarder.

@c-po that sucks as this is huge problem for me (but not only)
I will create separate request for powerdns-recursor implementation and we likely need to move that functionality there
@dmbaturin @UnicronNL for what we use dnsmasq apart from dns forwarding?

Feb 25 2018, 10:07 AM · Invalid

Feb 24 2018

c-po added a comment to T557: Can't specify more than one server for domain in forwarder.

Checking the manpage @ http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html gives us:

Feb 24 2018, 5:07 PM · Invalid
c-po closed T531: Update VyOS Linux Kernel from 4.4.95 -> 4.4.113 as Resolved.
Feb 24 2018, 4:59 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 23 2018

syncer closed Q131: SNMPv3 support as resolved.
Feb 23 2018, 1:25 PM · Restricted Project, VyOS 1.1.x (1.1.9), VyOS 1.2 Crux
mtudosoiu added a comment to T556: use debian:jessie docker container as build node for vyos1.2.x.

if we setup the volume as working dir inside the container the mknod function during the make iso process will fail if the docker host is MacOs or Windows.
The error is "mknod: Function not implemented " and is related to how docker engine is implemented to run on Mac and Windows systems

Feb 23 2018, 7:37 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 21 2018

mtudosoiu added a comment to T556: use debian:jessie docker container as build node for vyos1.2.x.

Perfect. I will update the Readme and push again the change.

Feb 21 2018, 1:36 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
unixninja92 added a comment to T556: use debian:jessie docker container as build node for vyos1.2.x.

And you don't need sudo because the container is running as root. Why do you want a text editor in a docker image?

Feb 21 2018, 1:36 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
unixninja92 added a comment to T556: use debian:jessie docker container as build node for vyos1.2.x.

The vyos-build repo makes sense. We might want to move our comments at the top of the Dockerfile to a readme since they are runtime related and not build related. It might also make sense to add your comments on why to include each package in the Dockerfile as well.

Feb 21 2018, 1:34 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mtudosoiu added a comment to T556: use debian:jessie docker container as build node for vyos1.2.x.

I've created this pull request for Dockerfile to vyos-build repository
https://github.com/vyos/vyos-build/pull/15/commits/428c73d96ff745ba61ba834d9d2a42d5dc8ed5cd

Feb 21 2018, 1:29 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer moved T558: Configurable Negative TTL caching in forwarder from Need Triage to Backlog on the VyOS 1.2 Crux board.
Feb 21 2018, 10:52 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc4)
syncer created T558: Configurable Negative TTL caching in forwarder.
Feb 21 2018, 10:51 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc4)
syncer assigned T557: Can't specify more than one server for domain in forwarder to c-po.
Feb 21 2018, 10:49 AM · Invalid
syncer created T557: Can't specify more than one server for domain in forwarder.
Feb 21 2018, 10:48 AM · Invalid
c-po moved T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address from In Progress to Finished on the VyOS 1.2 Crux board.
Feb 21 2018, 10:37 AM
c-po triaged T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address as Normal priority.
Feb 21 2018, 10:37 AM
c-po added a comment to T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address.

@dsummers build triggered, please verify.

Feb 21 2018, 10:37 AM
c-po added a comment to T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address.
cpo@CR2# set service dns forwarding domain foo.com server
Possible completions:
   <x.x.x.x>    Domain Name Server (DNS) address
   <h:h:h:h:h:h:h:h>
                Domain Name Server (DNS) address
Feb 21 2018, 10:33 AM
mtudosoiu added a comment to T556: use debian:jessie docker container as build node for vyos1.2.x.

thank you for this.
I would suggest to install more dependencies using this docker file. The complete list of what I think we should use is:

squashfs-tools  # Required for squashfs file system
git                      # Required, for cloning the source
autoconf                 # Required, for generating build scripts
dpkg-dev                 # Required, used in build scripts
live-helper              # Required, for ISO build
syslinux                 # Required, for ISO build
genisoimage              # Required, for ISO build
make                     # Required, for ISO build
lsb-release              # Required, used by configure script
ssh                      # Optional, for cloning over SSH
sudo                     # Optional, ISO build requires root privileges
fakechroot               # Required, for ISO build
devscripts               # Optional, for building submodules (kernel etc)
kernel-package           # Optional, for building the kernel
libtool                  # Optional, for building certain packages (eg vyatta-op-vpn)
libglib2.0-dev           # Optional, for building vyatta-cfg 
libboost-filesystem-dev  # Optional, for building vyatta-cfg
libapt-pkg-dev           # Optional, for building vyatta-cfg
flex                     # Optional, for building vyatta-cfg
bison                    # Optional, for building vyatta-cfg
libperl-dev              # Optional, for building vyatta-cfg
libnfnetlink-dev         # Optional, for building vyatta-cfg-vpn
vim                      # Optional, vim, vi, nano or other text editor
Feb 21 2018, 7:42 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
unixninja92 added a comment to T542: IKE DPD timer value .

Pull request: https://github.com/vyos/vyatta-cfg-vpn/pull/18

Feb 21 2018, 2:07 AM
unixninja92 added a comment to T556: use debian:jessie docker container as build node for vyos1.2.x.

I've attached a docker file. It must be run with the --privileged flag for chroot to work.

Dockerfile256 BDownload

Feb 21 2018, 2:00 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 20 2018

syncer reassigned T555: add tools/submod-mk to vyos-build repository from mtudosoiu to dmbaturin.

Can you look into that

Feb 20 2018, 8:59 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer changed the visibility for T556: use debian:jessie docker container as build node for vyos1.2.x.
Feb 20 2018, 8:57 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer triaged T556: use debian:jessie docker container as build node for vyos1.2.x as Normal priority.
Feb 20 2018, 8:57 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mtudosoiu claimed T555: add tools/submod-mk to vyos-build repository.

I've created pull request https://github.com/vyos/vyos-build/pull/15 to solve this issue

Feb 20 2018, 8:37 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mtudosoiu created T555: add tools/submod-mk to vyos-build repository.
Feb 20 2018, 8:32 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dmbaturin closed T7: Repository layout revamp as Resolved.

Done for all practical purposes. Everything else will deserve its own task.

Feb 20 2018, 5:23 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dmbaturin closed T272: Add op mode command for generating remote side VPN configs as Resolved.

It's done for OpenVPN. We can later add IPsec as a sub-task.

Feb 20 2018, 5:22 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dmbaturin closed T392: Add support for missing tags to the interface definitions converter as Resolved.
Feb 20 2018, 5:21 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dmbaturin closed T394: Add vyos_*dir copies of vyatta_*dir environment variables as Resolved.
Feb 20 2018, 5:21 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 19 2018

dmbaturin closed T552: journald logs do not appear in the "show log" output as Resolved by committing Restricted Diffusion Commit.
Feb 19 2018, 3:29 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dmbaturin created T552: journald logs do not appear in the "show log" output.
Feb 19 2018, 1:53 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dmbaturin created T551: IPsec logs do not appear in the system log.
Feb 19 2018, 1:29 PM
mtudosoiu added a comment to T171: Unable to delete a firewall fule.

The use case this patch solve is the following:
-we have a firewall with multiple rules set
-the firewall is mapped to an interface
-we want to remove one/or multiple rules from the rule chain (this is not possible using current VyOs version as long as the filter is mapped to an interface)

Feb 19 2018, 12:49 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
mtudosoiu added a comment to T171: Unable to delete a firewall fule.

I created this patch for this issue https://github.com/vyos/vyatta-cfg-firewall/pull/6

Feb 19 2018, 11:31 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)

Feb 18 2018

sebastianm added a comment to T234: Add ability to deactivate the IPv4 address-family for BGP peers..
Feb 18 2018, 10:42 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc4)
c-po added a comment to T550: vyatta-wireless: Increase version number.

the file used for the package "version" is the changelog file.

Feb 18 2018, 11:28 AM · Rejected
alainlamar updated the task description for T550: vyatta-wireless: Increase version number.
Feb 18 2018, 11:10 AM · Rejected
alainlamar updated the task description for T549: CI: Clearfog build host cannot connect to dev.packages.vyos.net.
Feb 18 2018, 11:04 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
alainlamar added a comment to T550: vyatta-wireless: Increase version number.

I seem to be wrong with my initial statement where to set the version. The file debian/vyatta-wireless/DEBIAN/control is not even in version control and I can't seem to find a hint on where this version string 0.3.41+vyos2+current1 really comes from.

Feb 18 2018, 11:01 AM · Rejected
syncer updated subscribers of T550: vyatta-wireless: Increase version number.

@dmbaturin @UnicronNL can you comment on this

Feb 18 2018, 10:38 AM · Rejected
alainlamar changed the status of T550: vyatta-wireless: Increase version number from Open to In progress.
Feb 18 2018, 10:33 AM · Rejected
alainlamar created T549: CI: Clearfog build host cannot connect to dev.packages.vyos.net.
Feb 18 2018, 10:14 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 16 2018

c-po moved T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address from Need Triage to In Progress on the VyOS 1.2 Crux board.
Feb 16 2018, 12:42 PM
c-po claimed T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address.
Feb 16 2018, 12:36 PM
c-po added a comment to T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address.

I'll look into this

Feb 16 2018, 12:36 PM
aibanez added a comment to T171: Unable to delete a firewall fule.
$ sudo iptables-save
# Generated by iptables-save v1.4.21 on Fri Feb 16 12:02:44 2018
*nat
:PREROUTING ACCEPT [455:68437]
:INPUT ACCEPT [453:68365]
:OUTPUT ACCEPT [28690:1721678]
:POSTROUTING ACCEPT [28690:1721678]
:VYATTA_PRE_DNAT_HOOK - [0:0]
:VYATTA_PRE_SNAT_HOOK - [0:0]
-A PREROUTING -j VYATTA_PRE_DNAT_HOOK
-A PREROUTING -s X.X.128.0/19 -d X.X.169.254/32 -i eth3 -p tcp -m tcp --dport 80 -m comment --comment DST-NAT-5 -j DNAT --to-destination X.X.128.183
-A POSTROUTING -j VYATTA_PRE_SNAT_HOOK
-A POSTROUTING -s X.X.128.0/19 ! -d X.X.128.0/19 -o eth1 -m comment --comment SRC-NAT-50 -j MASQUERADE
-A VYATTA_PRE_DNAT_HOOK -j RETURN
-A VYATTA_PRE_SNAT_HOOK -j RETURN
COMMIT
# Completed on Fri Feb 16 12:02:44 2018
# Generated by iptables-save v1.4.21 on Fri Feb 16 12:02:44 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LAN-INBOUND - [0:0]
:LOCAL - [0:0]
:LOCAL-SYNC - [0:0]
:LOCAL_NAS - [0:0]
:NAS - [0:0]
:VYATTA_FW_IN_HOOK - [0:0]
:VYATTA_FW_LOCAL_HOOK - [0:0]
:VYATTA_FW_OUT_HOOK - [0:0]
:VYATTA_POST_FW_FWD_HOOK - [0:0]
:VYATTA_POST_FW_IN_HOOK - [0:0]
:VYATTA_POST_FW_OUT_HOOK - [0:0]
:VYATTA_PRE_FW_FWD_HOOK - [0:0]
:VYATTA_PRE_FW_IN_HOOK - [0:0]
:VYATTA_PRE_FW_OUT_HOOK - [0:0]
:VYATTA_STATE_POLICY_FWD_HOOK - [0:0]
:VYATTA_STATE_POLICY_IN_HOOK - [0:0]
:VYATTA_STATE_POLICY_OUT_HOOK - [0:0]
:WAN-INBOUND - [0:0]
-A INPUT -j VYATTA_PRE_FW_IN_HOOK
-A INPUT -j VYATTA_FW_LOCAL_HOOK
-A INPUT -j VYATTA_POST_FW_IN_HOOK
-A FORWARD -j VYATTA_PRE_FW_FWD_HOOK
-A FORWARD -j VYATTA_FW_IN_HOOK
-A FORWARD -j VYATTA_FW_OUT_HOOK
-A FORWARD -j VYATTA_POST_FW_FWD_HOOK
-A OUTPUT -j VYATTA_PRE_FW_OUT_HOOK
-A OUTPUT -j VYATTA_POST_FW_OUT_HOOK
-A LAN-INBOUND -m comment --comment LAN-INBOUND-1 -m set ! --match-set PUBLIC src -j DROP
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-1015 -m set --match-set PUBLIC src -m tcp --dport 67 -m set --match-set DHCP-SERVERS dst -j RETURN
-A LAN-INBOUND -p udp -m comment --comment LAN-INBOUND-1015 -m set --match-set PUBLIC src -m udp --dport 67 -m set --match-set DHCP-SERVERS dst -j RETURN
-A LAN-INBOUND -d X.X.136.198/32 -p tcp -m comment --comment LAN-INBOUND-1020 -m set --match-set NAGIOS_PROBES src -m tcp --dport 5667 -j RETURN
-A LAN-INBOUND -m comment --comment LAN-INBOUND-1030 -m set --match-set F5-NLB src -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-1200 -m set --match-set PUBLIC src -m iprange --dst-range X.X.131.16-X.X.131.17 -m tcp --dport 88 -j RETURN
-A LAN-INBOUND -p udp -m comment --comment LAN-INBOUND-1200 -m set --match-set PUBLIC src -m iprange --dst-range X.X.131.16-X.X.131.17 -m udp --dport 88 -j RETURN
-A LAN-INBOUND -m comment --comment LAN-INBOUND-1201 -m set --match-set PUBLIC src -m iprange --dst-range X.X.131.253-X.X.131.254 -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-1220 -m set --match-set DT_SMTP_BLOCKED src -m tcp --dport 25 -j DROP
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2000 -m tcp --dport 22 -m set --match-set G-22-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2001 -m tcp --dport 3389 -m set --match-set G-3389-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2002 -m tcp --dport 80 -m set --match-set G-80-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2003 -m tcp --dport 443 -m set --match-set G-443-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2004 -m tcp --dport 53 -m set --match-set G-53-TCP dst -j RETURN
-A LAN-INBOUND -p udp -m comment --comment LAN-INBOUND-2005 -m udp --dport 53 -m set --match-set G-53-UDP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2006 -m tcp --dport 25 -m set --match-set G-25-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2007 -m tcp --dport 143 -m set --match-set G-143-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2008 -m tcp --dport 110 -m set --match-set G-110-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2009 -m tcp --dport 1433 -m set --match-set G-1433-TCP dst -j RETURN
-A LAN-INBOUND -p udp -m comment --comment LAN-INBOUND-2010 -m udp --dport 1433 -m set --match-set G-1433-UDP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2011 -m tcp --dport 3306 -m set --match-set G-3306-TCP dst -j RETURN
-A LAN-INBOUND -p udp -m comment --comment LAN-INBOUND-2012 -m udp --dport 3306 -m set --match-set G-3306-UDP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2013 -m tcp --dport 20 -m set --match-set G-20-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2014 -m tcp --dport 21 -m set --match-set G-21-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2015 -m tcp --dport 465 -m set --match-set G-465-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2016 -m tcp --dport 587 -m set --match-set G-587-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2017 -m tcp --dport 993 -m set --match-set G-993-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2018 -m tcp --dport 995 -m set --match-set G-995-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2019 -m tcp --dport 8080 -m set --match-set G-8080-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2020 -m tcp --dport 8443 -m set --match-set G-8443-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2021 -m tcp --dport 10000 -m set --match-set G-10000-TCP dst -j RETURN
-A LAN-INBOUND -p tcp -m comment --comment LAN-INBOUND-2022 -m tcp --dport 8447 -m set --match-set G-8447-TCP dst -j RETURN
-A LAN-INBOUND -m comment --comment LAN-INBOUND-2040 -m set --match-set G-ALL_OPEN dst -j RETURN
-A LAN-INBOUND -p icmp -m comment --comment LAN-INBOUND-2050 -m set --match-set G-ICMP dst -j RETURN
-A LAN-INBOUND -m comment --comment LAN-INBOUND-2060 -m set --match-set DT_BLOCKED src -j DROP
-A LAN-INBOUND -m comment --comment LAN-INBOUND-8000 -m set --match-set PUBLIC src -m set ! --match-set PUBLIC dst -j RETURN
-A LAN-INBOUND -m comment --comment "LAN-INBOUND-10000 default-action drop" -j DROP
-A LOCAL -d X.X.254.1/32 -p icmp -m comment --comment LOCAL-2 -m set --match-set PUBLIC src -j RETURN
-A LOCAL -d X.X.254.1/32 -p tcp -m comment --comment LOCAL-3 -m set --match-set PUBLIC src -m tcp --dport 53 -j RETURN
-A LOCAL -d X.X.254.1/32 -p udp -m comment --comment LOCAL-3 -m set --match-set PUBLIC src -m udp --dport 53 -j RETURN
-A LOCAL -s X.X.137.28/30 -d X.X.137.28/30 -m comment --comment LOCAL-4 -j RETURN
-A LOCAL -m comment --comment LOCAL-10 -m set --match-set LAN_ADDRESSES src -m set --match-set LAN_ADDRESSES dst -j RETURN
-A LOCAL -m comment --comment LOCAL-12 -m set --match-set F5-NLB src -j RETURN
-A LOCAL -m comment --comment "LOCAL-10000 default-action drop" -j DROP
-A LOCAL-SYNC -s X.X.137.28/30 -d X.X.137.28/30 -m comment --comment LOCAL-SYNC-10 -j RETURN
-A LOCAL-SYNC -m comment --comment "LOCAL-SYNC-10000 default-action drop" -j DROP
-A LOCAL_NAS -m comment --comment "LOCAL_NAS-10000 default-action drop" -j DROP
-A NAS -m comment --comment "NAS-10000 default-action drop" -j DROP
-A VYATTA_FW_IN_HOOK -i eth1 -j WAN-INBOUND
-A VYATTA_FW_IN_HOOK -i eth3 -j LAN-INBOUND
-A VYATTA_FW_LOCAL_HOOK -i eth2 -j LOCAL-SYNC
-A VYATTA_FW_LOCAL_HOOK -i eth3 -j LOCAL
-A VYATTA_POST_FW_FWD_HOOK -j ACCEPT
-A VYATTA_POST_FW_IN_HOOK -j ACCEPT
-A VYATTA_POST_FW_OUT_HOOK -j ACCEPT
-A VYATTA_PRE_FW_FWD_HOOK -j VYATTA_STATE_POLICY_FWD_HOOK
-A VYATTA_PRE_FW_FWD_HOOK -j RETURN
-A VYATTA_PRE_FW_IN_HOOK -j VYATTA_STATE_POLICY_IN_HOOK
-A VYATTA_PRE_FW_IN_HOOK -j RETURN
-A VYATTA_PRE_FW_OUT_HOOK -j VYATTA_STATE_POLICY_OUT_HOOK
-A VYATTA_PRE_FW_OUT_HOOK -j RETURN
-A VYATTA_STATE_POLICY_FWD_HOOK -m state --state INVALID -j DROP
-A VYATTA_STATE_POLICY_FWD_HOOK -m state --state ESTABLISHED -j VYATTA_POST_FW_FWD_HOOK
-A VYATTA_STATE_POLICY_FWD_HOOK -m state --state RELATED -j VYATTA_POST_FW_FWD_HOOK
-A VYATTA_STATE_POLICY_FWD_HOOK -j RETURN
-A VYATTA_STATE_POLICY_IN_HOOK -m state --state INVALID -j DROP
-A VYATTA_STATE_POLICY_IN_HOOK -m state --state ESTABLISHED -j VYATTA_POST_FW_IN_HOOK
-A VYATTA_STATE_POLICY_IN_HOOK -m state --state RELATED -j VYATTA_POST_FW_IN_HOOK
-A VYATTA_STATE_POLICY_IN_HOOK -j RETURN
-A VYATTA_STATE_POLICY_OUT_HOOK -m state --state INVALID -j DROP
-A VYATTA_STATE_POLICY_OUT_HOOK -m state --state ESTABLISHED -j VYATTA_POST_FW_OUT_HOOK
-A VYATTA_STATE_POLICY_OUT_HOOK -m state --state RELATED -j VYATTA_POST_FW_OUT_HOOK
-A VYATTA_STATE_POLICY_OUT_HOOK -j RETURN
-A WAN-INBOUND -m comment --comment WAN-INBOUND-1 -m set --match-set REDES_PUESTOS src -m set --match-set PUBLIC dst -j RETURN
-A WAN-INBOUND -m comment --comment WAN-INBOUND-5 -m set --match-set PROBES src -m set --match-set PUBLIC dst -j RETURN
-A WAN-INBOUND -s X.X.0.1/32 -d X.X.10.100/32 -p tcp -m comment --comment WAN-INBOUND-25 -m tcp --dport 443 -j RETURN
-A WAN-INBOUND -s X.X.136.198/32 -p icmp -m comment --comment WAN-INBOUND-100 -m set --match-set NAGIOS_PROBES dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2000 -m tcp --dport 22 -m set --match-set G-22-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2001 -m tcp --dport 3389 -m set --match-set G-3389-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2002 -m tcp --dport 80 -m set --match-set G-80-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2003 -m tcp --dport 443 -m set --match-set G-443-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2004 -m tcp --dport 53 -m set --match-set G-53-TCP dst -j RETURN
-A WAN-INBOUND -p udp -m comment --comment WAN-INBOUND-2005 -m udp --dport 53 -m set --match-set G-53-UDP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2006 -m tcp --dport 25 -m set --match-set G-25-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2007 -m tcp --dport 143 -m set --match-set G-143-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2008 -m tcp --dport 110 -m set --match-set G-110-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2009 -m tcp --dport 1433 -m set --match-set G-1433-TCP dst -j RETURN
-A WAN-INBOUND -p udp -m comment --comment WAN-INBOUND-2010 -m udp --dport 1433 -m set --match-set G-1433-UDP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2011 -m tcp --dport 3306 -m set --match-set G-3306-TCP dst -j RETURN
-A WAN-INBOUND -p udp -m comment --comment WAN-INBOUND-2012 -m udp --dport 3306 -m set --match-set G-3306-UDP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2013 -m tcp --dport 20 -m set --match-set G-20-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2014 -m tcp --dport 21 -m set --match-set G-21-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2015 -m tcp --dport 465 -m set --match-set G-465-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2016 -m tcp --dport 587 -m set --match-set G-587-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2017 -m tcp --dport 993 -m set --match-set G-993-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2018 -m tcp --dport 995 -m set --match-set G-995-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2019 -m tcp --dport 8080 -m set --match-set G-8080-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2020 -m tcp --dport 8443 -m set --match-set G-8443-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2021 -m tcp --dport 10000 -m set --match-set G-10000-TCP dst -j RETURN
-A WAN-INBOUND -p tcp -m comment --comment WAN-INBOUND-2022 -m tcp --dport 8447 -m set --match-set G-8447-TCP dst -j RETURN
-A WAN-INBOUND -m comment --comment WAN-INBOUND-2040 -m set --match-set G-ALL_OPEN dst -j RETURN
-A WAN-INBOUND -p icmp -m comment --comment WAN-INBOUND-2050 -m set --match-set G-ICMP dst -j RETURN
-A WAN-INBOUND -m comment --comment "WAN-INBOUND-10000 default-action drop" -j DROP
COMMIT
# Completed on Fri Feb 16 12:02:44 2018
# Generated by iptables-save v1.4.21 on Fri Feb 16 12:02:44 2018
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FW_CONNTRACK - [0:0]
:FW_STATE_POLICY_CONNTRACK - [0:0]
:NAT_CONNTRACK - [0:0]
:VYATTA_CT_HELPER - [0:0]
:VYATTA_CT_IGNORE - [0:0]
:VYATTA_CT_OUTPUT_HOOK - [0:0]
:VYATTA_CT_PREROUTING_HOOK - [0:0]
:VYATTA_CT_TIMEOUT - [0:0]
-A PREROUTING -j VYATTA_CT_IGNORE
-A PREROUTING -j VYATTA_CT_HELPER
-A PREROUTING -j VYATTA_CT_TIMEOUT
-A PREROUTING -j VYATTA_CT_PREROUTING_HOOK
-A PREROUTING -j NAT_CONNTRACK
-A PREROUTING -j FW_CONNTRACK
-A PREROUTING -j FW_STATE_POLICY_CONNTRACK
-A PREROUTING -j NOTRACK
-A OUTPUT -j VYATTA_CT_IGNORE
-A OUTPUT -j VYATTA_CT_HELPER
-A OUTPUT -j VYATTA_CT_TIMEOUT
-A OUTPUT -j VYATTA_CT_OUTPUT_HOOK
-A OUTPUT -j NAT_CONNTRACK
-A OUTPUT -j FW_CONNTRACK
-A OUTPUT -j FW_STATE_POLICY_CONNTRACK
-A OUTPUT -j NOTRACK
-A FW_CONNTRACK -j RETURN
-A FW_STATE_POLICY_CONNTRACK -j ACCEPT
-A NAT_CONNTRACK -j ACCEPT
-A VYATTA_CT_HELPER -p tcp -m tcp --dport 1536 -j CT --helper tns
-A VYATTA_CT_HELPER -p tcp -m tcp --dport 1525 -j CT --helper tns
-A VYATTA_CT_HELPER -p tcp -m tcp --dport 1521 -j CT --helper tns
-A VYATTA_CT_HELPER -p udp -m udp --dport 111 -j CT --helper rpc
-A VYATTA_CT_HELPER -p tcp -m tcp --dport 111 -j CT --helper rpc
-A VYATTA_CT_HELPER -j RETURN
-A VYATTA_CT_IGNORE -j RETURN
-A VYATTA_CT_OUTPUT_HOOK -j RETURN
-A VYATTA_CT_PREROUTING_HOOK -j RETURN
-A VYATTA_CT_TIMEOUT -j RETURN
COMMIT
# Completed on Fri Feb 16 12:02:44 2018
Feb 16 2018, 11:23 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
mickvav added a comment to T171: Unable to delete a firewall fule.

Can you attach output of

Feb 16 2018, 9:27 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
dsummers added a comment to T160: Support NAT64.

The last nine months or so I've been running Tayga on VyOS Beta 1.2 (latest versions) in my production network.

Feb 16 2018, 6:17 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
dsummers added a comment to T234: Add ability to deactivate the IPv4 address-family for BGP peers..

I'm attempting to go all IPv6 internally so this would be nice to have if it doesn't currently work.

Feb 16 2018, 5:52 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc4)
dsummers added a comment to T51: Add support for an included dns recursor.

"unbound" is also another good recursor.

Feb 16 2018, 5:45 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dsummers created T546: "service dns forwarding doman localdomain server" entry doesn't allow IPv6 address.
Feb 16 2018, 5:13 AM

Feb 15 2018

aibanez added a comment to T171: Unable to delete a firewall fule.

Hi, on 999.201801111542 can still be reproduced:

Feb 15 2018, 1:34 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)

Feb 12 2018

sergei added a comment to T542: IKE DPD timer value .

vyos_vpn_conf3 KBDownload
File added.

Feb 12 2018, 9:18 PM
sirket added a comment to T533: Support for PPPoE MTU greater than 1492.

I stand corrected. I was not aware 2516 had been updated let alone that the update was ratified.

Feb 12 2018, 8:22 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
simon added a comment to T533: Support for PPPoE MTU greater than 1492.

I actually just found this https://tools.ietf.org/html/rfc4638
RFC4638 "Accommodating a Maximum Transit Unit/Maximum Receive Unit (MTU/MRU) Greater Than 1492 in the Point-to-Point Protocol over Ethernet (PPPoE)"

Feb 12 2018, 7:40 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
simon added a comment to T533: Support for PPPoE MTU greater than 1492.

I have to apologize. I did not read this RFC until now. I thought that since many Routers/Firewalls support this it would be a good idea to have it in VyOS too.
It is very unfortunate that this RFC was never updated.

Feb 12 2018, 7:22 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
sirket added a comment to T533: Support for PPPoE MTU greater than 1492.

Sorry but that does not seem a good reason to deny a feature like this.

Feb 12 2018, 7:10 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
simon added a comment to T533: Support for PPPoE MTU greater than 1492.

Actually every chipset of every device i had in my hand supports packets a little bit bigger than 1500. Usually somewhere between 1600 and 2xxx bytes. So no problem there.

Feb 12 2018, 6:01 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
sirket added a comment to T533: Support for PPPoE MTU greater than 1492.

There really isn't a good reason to do this. The performance difference is minuscule even if you were sending maximum size packets all the time which you won't be. Plus- if it doesn't work- it will likely manifest as an intermittent problem that will be very difficult to track down.

Feb 12 2018, 5:47 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
simon added a comment to T533: Support for PPPoE MTU greater than 1492.

OK this is my starting config for the interface:

Feb 12 2018, 5:14 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
c-po added a comment to T533: Support for PPPoE MTU greater than 1492.

What's the reported error when you increaste the MTU?

Feb 12 2018, 8:08 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
c-po added a comment to T521: Network services may fail if vyatta-router.service startup takes longer than a few seconds.

@alainlamar that sounds familiar, have you verified that you use the proper priority: tags inside your node.def files?

Feb 12 2018, 8:08 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
c-po closed T544: Package vyatta-wireless misses config scripts as Resolved.
Feb 12 2018, 7:39 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 11 2018

alainlamar added a comment to T544: Package vyatta-wireless misses config scripts.

Pull request sent. Please consider for merge.

Feb 11 2018, 10:57 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
alainlamar created T544: Package vyatta-wireless misses config scripts.
Feb 11 2018, 10:49 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
sebastianm added a comment to T424: Advertisement of Multiple Paths in BGP (capability 69).

Works fine on the latest nightly.

Feb 11 2018, 10:25 PM · VyOS 1.1.x
c-po moved T543: Add support for PPPoE sessions on bonded interfaces from Need Triage to Finished on the VyOS 1.2 Crux board.
Feb 11 2018, 6:33 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po reopened T543: Add support for PPPoE sessions on bonded interfaces as "In progress".
Feb 11 2018, 6:26 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po closed T543: Add support for PPPoE sessions on bonded interfaces as Resolved.
Feb 11 2018, 6:26 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T543: Add support for PPPoE sessions on bonded interfaces.

Merged and Build triggered.

Feb 11 2018, 6:22 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T452: WiFi: Enable support for 5GHz AccesPoints with DFS.

@alainlamar clearfog is the ARM build for https://www.solid-run.com/marvell-armada-family/clearfog/

Feb 11 2018, 5:48 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
alainlamar added a comment to T452: WiFi: Enable support for 5GHz AccesPoints with DFS.

Cheers @c-po! Unfortunately, the build failed with reference to "clearfog". Do you know what this is or if I could fix this somehow in vyatta-wireless?
Right now, I have no idea...

Feb 11 2018, 5:09 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T543: Add support for PPPoE sessions on bonded interfaces.

@syncer I could try to test it with a fake configuration to check if it works in theory.

Feb 11 2018, 3:43 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T452: WiFi: Enable support for 5GHz AccesPoints with DFS.

... done

Feb 11 2018, 3:42 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer added a project to T543: Add support for PPPoE sessions on bonded interfaces: VyOS 1.2 Crux.

Thanks @woodypl !
@dmbaturin @c-po can you take a look please

Feb 11 2018, 3:02 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
alainlamar added a comment to T452: WiFi: Enable support for 5GHz AccesPoints with DFS.
In T452#11673, @dmbaturin wrote:

Merged.

It will have to be refactored for the new vyos-1x approach, but then the entire package will, so we'll better have the .ac support now, and refactor later.

Feb 11 2018, 12:58 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
alainlamar closed T529: Create op command to set regulatory domain as Resolved.
Feb 11 2018, 12:55 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
alainlamar closed T529: Create op command to set regulatory domain, a subtask of T452: WiFi: Enable support for 5GHz AccesPoints with DFS, as Resolved.
Feb 11 2018, 12:55 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
alainlamar closed T452: WiFi: Enable support for 5GHz AccesPoints with DFS as Resolved.
Feb 11 2018, 12:55 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
syncer added a comment to T542: IKE DPD timer value .

@sergei yes, please put it here for records

Feb 11 2018, 12:45 PM
sergei added a comment to T542: IKE DPD timer value .

I found VPN tunnel with esp lifetime of 43200 sec (12 hrs) is stable. Can share my config if necessary.

Feb 11 2018, 12:44 PM
c-po added a comment to T297: DNS Forwarding server does not allow IPv6 address in name-server.

This is a new bug, please file it and I‘ll try to look into it. Thanks.

Feb 11 2018, 7:46 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
dsummers added a comment to T297: DNS Forwarding server does not allow IPv6 address in name-server.

I tested with vyos.999.201802100337 and the original problem is solved.....However....

Feb 11 2018, 2:45 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 10 2018

syncer added a comment to T539: Add support for packet.net hosts.

for type1 we need setup LACP by default

Feb 10 2018, 8:42 PM
tic226 closed T540: HowTo VyOS 1.1.x on Packet.net, a subtask of T539: Add support for packet.net hosts, as Resolved.
Feb 10 2018, 8:41 PM
syncer updated the task description for T539: Add support for packet.net hosts.
Feb 10 2018, 8:38 PM
First
Prev
Next