Just my thoughts - there are situations where rp_filter is not sufficient, and it was not clear to me how to do this cleanly with the zone firewall, so I ended up hacking a few iptables commands in rc.local instead.

Oct 14 2020, 6:59 PM · VyOS 1.3 Equuleus (1.3.6), VyOS-1.2.0-GA

Robot82 created T2979: BGP route leak at system boot.

Oct 14 2020, 6:30 PM · VyOS 1.2 Crux

runar added a comment to T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing.

the issue is verified by soxrok2122 by using a stock ubuntu 20 host with the stock vyos/vyos-build:current-arm64 docker image

Oct 14 2020, 5:39 PM · VyOS 1.3 Equuleus (1.3.0-epa1)

runar reopened T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing, a subtask of T476: Update the base system to Debian 10 (Buster), as Open.

Oct 14 2020, 5:36 PM · VyOS 1.3 Equuleus (1.3.0-epa1)

runar reopened T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing as "Open".

I'm reopening this issue as this seams to still be an issue. reported by user soxrok2212 on slack (#vyos-on-arm64)

Oct 14 2020, 5:36 PM · VyOS 1.3 Equuleus (1.3.0-epa1)

Viacheslav added a comment to T2978: IPoE service does not work on shared mode.

It seems Client1 and Client2 only DHCP-clients.

Oct 14 2020, 3:10 PM · VyOS 1.3 Equuleus (1.3.0)

c-po added a comment to T2978: IPoE service does not work on shared mode.

Could you share also Client1 and Client2 configuration? Would be nice adding this lab setup to the docs

Oct 14 2020, 2:31 PM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) changed the status of T2978: IPoE service does not work on shared mode from Open to Confirmed.

Oct 14 2020, 8:14 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) created T2978: IPoE service does not work on shared mode.

Oct 14 2020, 8:14 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) closed T2972: PPPoE server rate limiter allows max 65535 kbps to be set as Resolved.

Oct 14 2020, 7:59 AM · VyOS 1.2 Crux (VyOS 1.2.7)

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

interfaces {
    ethernet eth2 {
        address 10.201.1.2/30
        description WAN
        hw-id 0c:6b:af:b0:4f:02
    }
    openvpn vtun11 {
        description "CPE MGMT"
        device-type tun
        encryption {
            cipher aes256
        }
        hash sha1
        mode client
        persistent-tunnel
        protocol udp
        remote-host 10.200.200.11
        remote-port 1194
        tls {
            auth-file /config/auth/shared.key
            ca-cert-file /config/auth/ca.crt
            cert-file /config/auth/cpe1-1.crt
            key-file /config/auth/cpe1-1.key
        }
        vrf CPE-MGMT
    }
}
protocols {
    static {
        route 0.0.0.0/0 {
            next-hop 10.201.1.1 {
            }
        }
    }
}
vrf {
    name CPE-MGMT {
        description "CPE MGMT"
        table 112
    }
}

Oct 14 2020, 7:01 AM · VyOS 1.3 Equuleus (1.3.0)

c-po added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Please share your OpenVPN config

Oct 14 2020, 4:58 AM · VyOS 1.3 Equuleus (1.3.0)

c-po changed the status of T2972: PPPoE server rate limiter allows max 65535 kbps to be set from In progress to Needs testing.

Oct 14 2020, 4:56 AM · VyOS 1.2 Crux (VyOS 1.2.7)

tjh created T2977: Permissions Denied doing "show conntrack-sync status" on backup router.

Oct 14 2020, 12:41 AM

Oct 13 2020

GitHub <noreply@github.com> committed rVYOSONEX9c83149664e5: Merge pull request #568 from DmitriyEshenko/crux-pppoe-shaper-incr (authored by c-po).

Oct 13 2020, 6:01 PM

GitHub <noreply@github.com> committed rVYOSONEX741cd00fb687: Merge pull request #566 from DmitriyEshenko/incr-pppoe-shaper (authored by c-po).

Oct 13 2020, 5:57 PM

c-po committed rVYOSONEX6c2a2cb8ce98: pppoe-server: T2976: fix local-users default value retrieval from XML.

Oct 13 2020, 4:56 PM

c-po edited a custom field on T2976: Client IP pool does not work for PPPoE local users.

Oct 13 2020, 4:49 PM · VyOS 1.3 Equuleus (1.3.0)

c-po closed T2976: Client IP pool does not work for PPPoE local users as Resolved.

Oct 13 2020, 4:49 PM · VyOS 1.3 Equuleus (1.3.0)

runar added a comment to T766: Implement support for the Tinc VPN daemon.

I think we could generate private/public keys using openssl instead of using the tinc utility to generate it... But i have not tested it

Oct 13 2020, 4:10 PM

jack9603301 added a comment to T766: Implement support for the Tinc VPN daemon.

I am implementing tinc, but there is a problem I haven't figured out. Normally, in order for tinc to run, it must have a public key and a private key, and it happens that there will be a prompt for this generation command (ask where to save, etc), and it happens that the public key of the local node in the hosts directory is usually used together with some host configuration options. Is there a better way to implement it?

Oct 13 2020, 4:07 PM

SrividyaA added a comment to T2924: Using 'set src' in a route-map invalidates it as part of a subsequent boot-up.

PR: https://github.com/vyos/vyos-1x/pull/569

Oct 13 2020, 1:06 PM · VyOS 1.3 Equuleus (1.3.0)

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

This bug seems to be worse than I thought.
Here's an example:
On reboot an openvpn client inteface will come up outside the vrf. Any routes that get pushed by the server will not get added to the client because it's wants to add the routes inside the vrf of the vtun interface - but the vtun isn't a member.
Heres a log snippet:

Oct 13 2020, 11:35 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) added a comment to T2972: PPPoE server rate limiter allows max 65535 kbps to be set.

PR for CRUX https://github.com/vyos/vyos-1x/pull/568

Oct 13 2020, 11:20 AM · VyOS 1.2 Crux (VyOS 1.2.7)

Unknown Object (User) changed the status of T2972: PPPoE server rate limiter allows max 65535 kbps to be set from Open to In progress.

Oct 13 2020, 10:54 AM · VyOS 1.2 Crux (VyOS 1.2.7)

Unknown Object (User) updated the task description for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT.

Oct 13 2020, 10:51 AM

Unknown Object (User) updated the task description for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT.

Oct 13 2020, 10:48 AM

Unknown Object (User) updated the task description for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT.

Oct 13 2020, 10:45 AM

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

You're right, if-up.d scripts only get run for the interfaces defined in /etc/network/interfaces.

Oct 13 2020, 10:29 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) changed the status of T2976: Client IP pool does not work for PPPoE local users from Open to In progress.

Oct 13 2020, 9:53 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) added a comment to T2972: PPPoE server rate limiter allows max 65535 kbps to be set.

PR with increasing validator values https://github.com/vyos/vyos-1x/pull/566

Oct 13 2020, 9:53 AM · VyOS 1.2 Crux (VyOS 1.2.7)

Unknown Object (User) created T2976: Client IP pool does not work for PPPoE local users.

Oct 13 2020, 9:44 AM · VyOS 1.3 Equuleus (1.3.0)

jack9603301 added a comment to T766: Implement support for the Tinc VPN daemon.

I wrote a preliminary CLI configuration file rule. This is the first step in tinc implementation. For details, please read: https://github.com/jack9603301/vyos-1x/blob/T766/interface-definitions/interfaces-tinc.xml.in

Oct 13 2020, 3:45 AM

trae32566 updated the task description for T2975: BFD default timers.

Oct 13 2020, 3:07 AM · VyOS 1.4 Sagitta

trae32566 updated the task description for T2975: BFD default timers.

Oct 13 2020, 2:57 AM · VyOS 1.4 Sagitta

Oct 12 2020

trae32566 created T2975: BFD default timers.

Oct 12 2020, 9:52 PM · VyOS 1.4 Sagitta

Cheeze_It added a comment to T915: MPLS Support.

The last thing I think we can add is the dual stack capability options. We only got 2.

Oct 12 2020, 8:00 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

Cheeze_It added a comment to T915: MPLS Support.

Ok, so here's the import LDP FEC one that I think we could take advantage of as well.

Oct 12 2020, 7:38 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

D0peX added a comment to T2938: Adding remote Syslog RFC5424 compatibility.

I'd suggest:
set system syslog host 10.0.3.2 format 5424 - description stating this uses RFC5424 style format
set system syslog host 10.0.3.2 format ocetet-counted - description stating messages are octet counted

Oct 12 2020, 7:35 PM · VyOS 1.3 Equuleus (1.3.0)

Cheeze_It added a comment to T915: MPLS Support.

Ok, so here's the export LDP FEC one that I think we could take advantage of.

Oct 12 2020, 7:33 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

christophedc0 closed T2951: Cannot enable logging for monitor nat as Resolved.

It seems to be working now, for some reason it didn't work when I first tried, but now it seems OK.

Oct 12 2020, 6:23 PM · VyOS 1.3 Equuleus (1.3.0)

Cheeze_It added a comment to T915: MPLS Support.

The one after that I feel would be fairly easy to also implement is customized label allocation. Again, it is under the family of IPv4 or IPv6.

Oct 12 2020, 5:05 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

Cheeze_It added a comment to T915: MPLS Support.

The next one that I think would be fairly easy to add would be the following:

Oct 12 2020, 4:51 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

Cheeze_It added a comment to T915: MPLS Support.

Hello sir. I am unsure if you're able to add more under LDP but I have found others if you possibly could add. They should be simple additions and are already supported under FRR 7.3.1.

Oct 12 2020, 3:46 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

c-po committed rVYOSONEXf0f7d0658a7b: smoketest: tftp-server: listen on dummy interface address rather then loopback.

Oct 12 2020, 9:12 AM

Viacheslav added a comment to T2967: Duplicate IPv6 BFD peers created.

I can't reproduce it in the latest rolling

Oct 12 2020, 8:04 AM · VyOS 1.3 Equuleus (1.3.0)

runar added a comment to T766: Implement support for the Tinc VPN daemon.

placing the tinc deb in vyos-build/packages is appropriate while writing support for tinc, but for building on a production iso that is distribute it is not appropriate.. but it's quite easy to add the package to our own repository if we need that...

Oct 12 2020, 7:34 AM

jack9603301 added a comment to T766: Implement support for the Tinc VPN daemon.

Another option is to compile and package by yourself, but the location of the repository is the problem

Oct 12 2020, 7:17 AM

Viacheslav closed T2782: Changing timezone, does not restart rsyslog as Resolved.

Oct 12 2020, 6:27 AM · VyOS 1.3 Equuleus (1.3.0)

runar added a comment to T766: Implement support for the Tinc VPN daemon.

The version of tinc vpn supplied with buster is 1.0.35, and 1.1-pre17 is only availabe in the experimental repository as for now. The first release of 1.1pre is from 2011 and i would say that it is quite mature at this point.

Oct 12 2020, 5:53 AM

jack9603301 added a comment to T766: Implement support for the Tinc VPN daemon.

I don't think it's necessary to compile DEB packages because they can be obtained directly from apt

Oct 12 2020, 2:57 AM

EwaldvanGeffen added a comment to T563: webproxy: migrate 'service webproxy' to get_config_dict().

ATS looks nice.

Oct 12 2020, 1:37 AM · VyOS 1.3 Equuleus (1.3.0-epa1)

Oct 11 2020

c-po committed rVYOSONEX190b6612f653: broadcast-relay: T2712: enable render trim_blocks.

Oct 11 2020, 7:09 PM

c-po committed rVYOSONEX8fab454559a8: tftp-server: T2974: migrate to get_config_dict().

Oct 11 2020, 7:09 PM

c-po closed T2974: Migrate tftp-server to get_config_dict(), a subtask of T692: TFTP server functionality, as Resolved.

Oct 11 2020, 7:08 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

c-po closed T2974: Migrate tftp-server to get_config_dict() as Resolved.

Oct 11 2020, 7:08 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

c-po created T2974: Migrate tftp-server to get_config_dict().

Oct 11 2020, 7:08 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

c-po moved T2891: Support to change ring-buffers from CLI from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.

Oct 11 2020, 5:36 PM · Restricted Project, VyOS 1.2 Crux (VyOS 1.2.7)

c-po moved T2878: LACP / bonding: new op-mode command: show interfaces bonding bond0 detail from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.

Oct 11 2020, 5:36 PM · VyOS 1.2 Crux (VyOS 1.2.7)

c-po moved T2959: PPPoE server has migrations scripts but the config version is not incrememnted from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.

Oct 11 2020, 5:36 PM · VyOS 1.2 Crux (VyOS 1.2.7)

c-po moved T2973: tftp-server cannot listen on IPv6 address from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.

Oct 11 2020, 5:36 PM · VyOS 1.2 Crux (VyOS 1.2.7)

c-po closed T2973: tftp-server cannot listen on IPv6 address as Resolved.

Oct 11 2020, 5:36 PM · VyOS 1.2 Crux (VyOS 1.2.7)

c-po committed rVYOSONEX0cbb195d197e: tftp-server: T2973: bugfix IPv6 listen address/port combination.

Oct 11 2020, 5:35 PM

c-po committed rVYOSONEX0142810c0666: smoketest: tftp-server: add initial testcases.

Oct 11 2020, 5:35 PM

c-po committed rVYOSONEXc30849469492: tftp-server: T2973: bugfix IPv6 listen address/port combination.

Oct 11 2020, 5:35 PM

c-po created T2973: tftp-server cannot listen on IPv6 address.

Oct 11 2020, 5:33 PM · VyOS 1.2 Crux (VyOS 1.2.7)

Unknown Object (User) added a comment to T2972: PPPoE server rate limiter allows max 65535 kbps to be set.

@c-po , it looks like the wrong CLI definition, we can increase the limit in XML.

Oct 11 2020, 5:09 PM · VyOS 1.2 Crux (VyOS 1.2.7)

c-po committed rVYOSONEX1acc499f5e50: nat: T2198: use proper validators for dnat translation address.

Oct 11 2020, 5:00 PM

c-po committed rVYOSONEX281533f59e9a: smoketest: nat: extend snat and add dnat test cases.

Oct 11 2020, 5:00 PM

c-po committed rVYOSONEX5dac49f576b5: smoketest: nat: concentrate validation logic checks.

Oct 11 2020, 5:00 PM

c-po added a comment to T2972: PPPoE server rate limiter allows max 65535 kbps to be set.

@Dmitry is this a limitation of Accel-PPP or can we increase the limits on the CLI?

Oct 11 2020, 4:30 PM · VyOS 1.2 Crux (VyOS 1.2.7)

c-po renamed T2972: PPPoE server rate limiter allows max 65535 kbps to be set from Rate limiter of PPPoE session allows max 65535 kbps to be set to PPPoE server rate limiter allows max 65535 kbps to be set.

Oct 11 2020, 4:29 PM · VyOS 1.2 Crux (VyOS 1.2.7)

c-po added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

I can feel that pain! When looking at the source from VyOS 1.2 (crux) it looks like it always behaved in this way.

Oct 11 2020, 4:27 PM · VyOS 1.3 Equuleus (1.3.0)

WhoIsHE created T2972: PPPoE server rate limiter allows max 65535 kbps to be set.

Oct 11 2020, 2:28 PM · VyOS 1.2 Crux (VyOS 1.2.7)

syncer closed T2935: PPPoE/IPOE with different vlan to allocate ip addrss under different ip pool as Invalid.

Please post at forum.vyos.io for support

Oct 11 2020, 11:49 AM · Rejected