@c-po this is just DHCP-client in this case, Windows, Linux or VPC (Virtual PC).
Feed All Stories
Apr 15 2020
Apr 15 2020
syncer edited projects for T1774: Add a show config operation to the HTTP API, added: VyOS 1.2 Crux (VyOS 1.2.6); removed VyOS 1.2 Crux (VyOS 1.2.5).
syncer edited projects for T1773: Make it possible to export config to JSON, added: VyOS 1.2 Crux (VyOS 1.2.6); removed VyOS 1.2 Crux (VyOS 1.2.5).
syncer moved T2272: Set system flow-accounting disable-imt has syntax error from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.5) board.
syncer moved T2197: Cant add vif-s interface into a bridge from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.5) board.
syncer moved T1773: Make it possible to export config to JSON from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.5) board.
syncer moved T1774: Add a show config operation to the HTTP API from Finished to In Progress on the VyOS 1.2 Crux (VyOS 1.2.5) board.
syncer moved T1774: Add a show config operation to the HTTP API from In Progress to Finished on the VyOS 1.2 Crux (VyOS 1.2.5) board.
syncer moved T2059: Set source-validation on bond vif don't work from In Progress to Finished on the VyOS 1.2 Crux (VyOS 1.2.5) board.
Viacheslav changed the status of T2201: Rewrite protocol BGP [op-mode] to new XML/Python style, a subtask of T2174: Rewrite protocol BGP to new XML/Python style, from Open to Needs testing.
Viacheslav changed the status of T2201: Rewrite protocol BGP [op-mode] to new XML/Python style from Open to Needs testing.
syncer added projects to T2296: Upgrade WALinux to 2.2.41: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.6).
Unknown Object (User) added a comment to T2294: ipoe-server broken (jinja2 template issue).
jjakob added a comment to T508: ISC DHCP incorrect UDP checksum generation.
My first thought would be something wrong with offloading on the NIC -
there was a change recently that turns all the offloading settings on by
default, you can disable some in the ethernet config. My suggestion to
leave the default disabled and enable it on demand wasn't taken into
account.
GitHub <noreply@github.com> committed rVYOSONEX079ffb7a850b: Merge pull request #345 from jjakob/openvpn-pool (authored by c-po).
c-po added a comment to T2295: Passwords with Special Characters Broken.
@trae32566 the reason I used the call is b/c it was the call used in VyOS 1.2 - no particular reason to not look into crypt()
c-po added a comment to T2294: ipoe-server broken (jinja2 template issue).
@Dmitry how can I test the IPoE server? Is there a client for Windows or a "howto"?
trae32566 added a comment to T2295: Passwords with Special Characters Broken.
Any reason in particular you're not using crypt.crypt() here?
hitesh.happani added a comment to T2077: ISO build from crux branch is failing.
Still facing the issue of two initrd images for building iso using latest latest crux branch. Using this kernel rebuilding steps https://wiki.vyos.net/wiki/Rebuild_VyOS_kernel_Step#VyOS_1.2.x
tjh added a comment to T508: ISC DHCP incorrect UDP checksum generation.
I'm seeing this in Vyos 1.2.5 just released:
tjh added a comment to T1938: syslog doesn't start automatically.
I've just encountered this bug with Vyos 1.2.5 (final, official ISO)
Apr 14 2020
Apr 14 2020
Unknown Object (User) deleted Perl API.
Unknown Object (User) created Perl API.
Unknown Object (User) changed the status of T2294: ipoe-server broken (jinja2 template issue) from Open to In progress.
Unknown Object (User) created T2294: ipoe-server broken (jinja2 template issue).
jjakob added a comment to T2293: OpenVPN: UnboundLocalError after merging server_network PullRequest.
alainlamar closed T2213: vyos-1x: WiFi mode ieee80211ac should also activate ieee80211n as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX9bcfdc20ade9: Merge pull request #344 from DmitriyEshenko/ipoe-op (authored by c-po).
Unknown Object (User) changed the status of T2256: Accel-ppp op-mode syntax from Open to In progress.
Improve op-mode commands for ipoe-server
https://github.com/vyos/vyos-1x/pull/344
vyos@vyos:~$ show ipoe-server sessions ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime --------+----------+-------------------+------------+------------+------+------+--------+---------- ipoe0 | | 00:50:79:66:68:09 | 100.64.0.2 | | ipoe | | active | 00:00:11 ipoe1 | | 00:50:79:66:68:0a | 100.64.0.3 | | ipoe | | active | 00:00:09
GitHub <noreply@github.com> committed rVYOSONEX8019881c599a: Merge pull request #343 from sever-sever/op-show-bgp (authored by c-po).
Viacheslav added a comment to T2201: Rewrite protocol BGP [op-mode] to new XML/Python style.
These 2 PR are needed for new xml format
jestabro updated the task description for T2292: Ensure graceful shutdown of vyos-http-api.
jestabro updated the task description for T2292: Ensure graceful shutdown of vyos-http-api.
jestabro updated the task description for T2292: Ensure graceful shutdown of vyos-http-api.
GitHub <noreply@github.com> committed rVYOSONEXffd23f72ca3e: Merge pull request #340 from thomas-mangin/T2226-debug (authored by c-po).
thanks for explaining the backgrounds! I wonder if a removal of the hostfile-update option should be suggested.
fetzerms added a comment to T2203: http api: "Failed to generate committed config" .
I can try on four nodes with a recent rolling release in the next few days. I just need to find some proper maintenance window.
jestabro added a comment to T2203: http api: "Failed to generate committed config" .
@fetzerms Thank you for the logs; that was the output I was hoping to confirm. The WSGI server in python3-bottle is showing occasional instabilities; I am not able to confirm with collections of set commands similar to yours, though I am able to induce it artificially. There are a few recent changes that will help avoid triggering this, while I track down a root cause. If you have a chance, it would be helpful if you could try a recent rolling (>= vyos-1.3-rolling-202004100117). If your are able to monitor the output of 'journalctl -fx' on the system, while executing remote configuration, that would be very useful, though that may not be feasible in your setting.
jestabro added a comment to T2096: Provide "generate" and "show" commands via the http API.
@adestis The status 'Backport Candidate' indicates the intention to include it in 1.2.x; I may have mistakenly removed the specific project (1.2.6) when I changed the status.
jjakob added a comment to T2290: pdns recursor does not resolve .io domains.
That's how DNS forwarders usually work. If they can find a domain
locally, they'll use it, if not forward to upstream. The same behaviour
is everywhere, on all resolvers.
alainlamar added a comment to T2290: pdns recursor does not resolve .io domains.
Found the culprit.
adestis added a comment to T2096: Provide "generate" and "show" commands via the http API.
@jestabro you removed VyOS 1.2.6 does this mean it will not be included in 1.2.x ?
alainlamar updated the task description for T2290: pdns recursor does not resolve .io domains.
alainlamar updated the task description for T2290: pdns recursor does not resolve .io domains.
jestabro triaged T2289: Denest cerbot certificate configuration from service https as Normal priority.
Apr 13 2020
Apr 13 2020
Merijn added a comment to T2287: LLDP not working on X710 adapter, i40e driver.
Found that in drivers 2.3.6 and newer this should also work:
Unknown Object (User) added a comment to T2287: LLDP not working on X710 adapter, i40e driver.
Note: will be good to disable this by udev rule for i40e
c-po added a comment to T2185: Start daemons with systemd units instead of with start-stop-daemon.
Todo (migrate to systemd or migrate generated configs to /run, to not leave behind corpses after a system reboot)
Unknown Object (User) created T2286: IPoE server vulnerability.
brussell added a comment to T2100: BGP route adverisement wih checks rib.
It would be interesting to hear the reason the FRR chose this behavior as default for one of their profiles. It causes major reconvergence issues for BGP networks and I don't see an obvious benefit.
trae32566 added a comment to T2281: DHCP and Static IPs on Same Interface.
Shouldn't it be fixed at some point though? I mean is there a reason this should stay something that has to be worked around?
Viacheslav added a comment to T2100: BGP route adverisement wih checks rib.
@dmbaturin to enable it by default we need rewrite BGP to new python/XML format and use template, where this feature will be by default because FRR by default doesn't check routes in the RIB.
dmbaturin added a comment to T2100: BGP route adverisement wih checks rib.
As far as I remember, originally in our Quagga days, it was the case: nothing was advertised if it wasn't present in the RIB. So if you wanted to advertise e.g. 192.0.2.0/24 but had it split into /25's, you'd need both set protocols bgp ... network 192.0.2.0/24 and set protocols static route 192.0.2.0/24 blackhole.
Sorry for the noise, it was disabled. I forgot to save the config before upgrading, doh.
jjakob added a comment to T2285: 2nd openvpn vtun not getting started.
vyos@rt-home# show openvpn
openvpn vtun0 {
encryption {
ncp-ciphers aes256gcm
}
hash sha512
keep-alive {
failure-count 60
interval 59
}
mode server
persistent-tunnel
server {
client jernej-note3 {
ip x.x..7.10
}
client-ip-pool {
start x.x.7.127
}
domain-name home
max-connections 10
push-route x.x.0.0/24
subnet x.x.7.0/24
topology subnet
}
tls {
ca-cert-file /config/auth/openvpn/ca.crt
cert-file /config/auth/openvpn/rt-home.crt
crypt-file /config/auth/openvpn/tls.key
key-file /config/auth/openvpn/rt-home.key
}
}
openvpn vtun1 {
description b
device-type tun
disable
encryption {
ncp-ciphers aes256gcm
}
hash sha512
keep-alive {
failure-count 60
interval 59
}
local-port 1195
mode server
persistent-tunnel
server {
client jernej-note3 {
ip x.x.8.10
}
client-ip-pool {
start x.x.8.6
stop x.x.0.3
}
domain-name home
max-connections 10
push-route x.x.0.0/24
subnet x.x.8.0/24
topology subnet
}
tls {
ca-cert-file /config/auth/openvpn/ca.crt
cert-file /config/auth/openvpn/rt-home.crt
crypt-file /config/auth/openvpn/tls.key
key-file /config/auth/openvpn/rt-home.key
}
}
[edit interfaces]I tried removing client-ip-pool if it was a issue with it, no difference.
vyos@rt-home# delete openvpn vtun1 server client-ip-pool [edit interfaces] vyos@rt-home# commit [ interfaces openvpn vtun1 ] Warning: Client "jernej-note3" IP x.x.8.10 is in server IP pool, it is not reserved for this client. Diffie-Hellman prime file is unspecified, assuming ECDH
GitHub <noreply@github.com> committed rVYOSONEX1e6dc1a45dd1: Merge pull request #325 from jjakob/openvpn-pool (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX518626c9cdd4: Merge pull request #337 from thomas-mangin/T2226-log (authored by c-po).
c-po closed T2283: openvpn not starting: ccd path in template not moved to /run/openvpn/ccd as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX19effc692969: Merge pull request #339 from jjakob/openvpn-dir-fix (authored by c-po).
c-po added a comment to T2285: 2nd openvpn vtun not getting started.
Using the following configuration on 1.3-rolling-202004131043 I see two tunnels running:
c-po added a comment to T2285: 2nd openvpn vtun not getting started.
Can you share me a configuration?
c-po added a comment to T2236: DMVPN broken after tunnel rewrite to XML/Python.
Fixed in VyOS 1.3-rolling-20200413104
zsdc assigned T1899: Unionfs metadata folder is copied to the active configuration directory to Unknown Object (User).
jjakob added a comment to T2281: DHCP and Static IPs on Same Interface.
This is a old quirk that's long known (probably was already reported) and
can be worked around by adding a pseudo-ethernet interface with the DHCP
client on it.
Upgraded the firmware of the X710 adapters from 6.0 to 6.8, waiting for Dell to get 7.0 and 7.2 ready. But for now the sessions are 18 hours stable so little optimistic that it was a firmware issue and not BGPd causing issues