Just my thoughts - there are situations where rp_filter is not sufficient, and it was not clear to me how to do this cleanly with the zone firewall, so I ended up hacking a few iptables commands in rc.local instead.

Oct 14 2020, 6:59 PM · VyOS 1.3 Equuleus (1.3.6), VyOS-1.2.0-GA

Robot82 created T2979: BGP route leak at system boot.

Oct 14 2020, 6:30 PM · VyOS 1.2 Crux

runar added a comment to T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing.

the issue is verified by soxrok2122 by using a stock ubuntu 20 host with the stock vyos/vyos-build:current-arm64 docker image

Oct 14 2020, 5:39 PM · VyOS 1.3 Equuleus (1.3.0-epa1)

runar reopened T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing, a subtask of T476: Update the base system to Debian 10 (Buster), as Open.

Oct 14 2020, 5:36 PM · VyOS 1.3 Equuleus (1.3.0-epa1)

runar reopened T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing as "Open".

I'm reopening this issue as this seams to still be an issue. reported by user soxrok2212 on slack (#vyos-on-arm64)

Oct 14 2020, 5:36 PM · VyOS 1.3 Equuleus (1.3.0-epa1)

Viacheslav added a comment to T2978: IPoE service does not work on shared mode.

It seems Client1 and Client2 only DHCP-clients.

Oct 14 2020, 3:10 PM · VyOS 1.3 Equuleus (1.3.0)

c-po added a comment to T2978: IPoE service does not work on shared mode.

Could you share also Client1 and Client2 configuration? Would be nice adding this lab setup to the docs

Oct 14 2020, 2:31 PM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) changed the status of T2978: IPoE service does not work on shared mode from Open to Confirmed.

Oct 14 2020, 8:14 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) created T2978: IPoE service does not work on shared mode.

Oct 14 2020, 8:14 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) closed T2972: PPPoE server rate limiter allows max 65535 kbps to be set as Resolved.

Oct 14 2020, 7:59 AM · VyOS 1.2 Crux (VyOS 1.2.7)

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

interfaces {
    ethernet eth2 {
        address 10.201.1.2/30
        description WAN
        hw-id 0c:6b:af:b0:4f:02
    }
    openvpn vtun11 {
        description "CPE MGMT"
        device-type tun
        encryption {
            cipher aes256
        }
        hash sha1
        mode client
        persistent-tunnel
        protocol udp
        remote-host 10.200.200.11
        remote-port 1194
        tls {
            auth-file /config/auth/shared.key
            ca-cert-file /config/auth/ca.crt
            cert-file /config/auth/cpe1-1.crt
            key-file /config/auth/cpe1-1.key
        }
        vrf CPE-MGMT
    }
}
protocols {
    static {
        route 0.0.0.0/0 {
            next-hop 10.201.1.1 {
            }
        }
    }
}
vrf {
    name CPE-MGMT {
        description "CPE MGMT"
        table 112
    }
}

Oct 14 2020, 7:01 AM · VyOS 1.3 Equuleus (1.3.0)

c-po added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Please share your OpenVPN config

Oct 14 2020, 4:58 AM · VyOS 1.3 Equuleus (1.3.0)

c-po changed the status of T2972: PPPoE server rate limiter allows max 65535 kbps to be set from In progress to Needs testing.

Oct 14 2020, 4:56 AM · VyOS 1.2 Crux (VyOS 1.2.7)

tjh created T2977: Permissions Denied doing "show conntrack-sync status" on backup router.

Oct 14 2020, 12:41 AM

Oct 13 2020

GitHub <noreply@github.com> committed rVYOSONEX9c83149664e5: Merge pull request #568 from DmitriyEshenko/crux-pppoe-shaper-incr (authored by c-po).

Oct 13 2020, 6:01 PM

GitHub <noreply@github.com> committed rVYOSONEX741cd00fb687: Merge pull request #566 from DmitriyEshenko/incr-pppoe-shaper (authored by c-po).

Oct 13 2020, 5:57 PM

c-po committed rVYOSONEX6c2a2cb8ce98: pppoe-server: T2976: fix local-users default value retrieval from XML.

Oct 13 2020, 4:56 PM

c-po edited a custom field on T2976: Client IP pool does not work for PPPoE local users.

Oct 13 2020, 4:49 PM · VyOS 1.3 Equuleus (1.3.0)

c-po closed T2976: Client IP pool does not work for PPPoE local users as Resolved.

Oct 13 2020, 4:49 PM · VyOS 1.3 Equuleus (1.3.0)

runar added a comment to T766: Implement support for the Tinc VPN daemon.

I think we could generate private/public keys using openssl instead of using the tinc utility to generate it... But i have not tested it

Oct 13 2020, 4:10 PM

jack9603301 added a comment to T766: Implement support for the Tinc VPN daemon.

I am implementing tinc, but there is a problem I haven't figured out. Normally, in order for tinc to run, it must have a public key and a private key, and it happens that there will be a prompt for this generation command (ask where to save, etc), and it happens that the public key of the local node in the hosts directory is usually used together with some host configuration options. Is there a better way to implement it?

Oct 13 2020, 4:07 PM

SrividyaA added a comment to T2924: Using 'set src' in a route-map invalidates it as part of a subsequent boot-up.

PR: https://github.com/vyos/vyos-1x/pull/569

Oct 13 2020, 1:06 PM · VyOS 1.3 Equuleus (1.3.0)

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

This bug seems to be worse than I thought.
Here's an example:
On reboot an openvpn client inteface will come up outside the vrf. Any routes that get pushed by the server will not get added to the client because it's wants to add the routes inside the vrf of the vtun interface - but the vtun isn't a member.
Heres a log snippet:

Oct 13 2020, 11:35 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) added a comment to T2972: PPPoE server rate limiter allows max 65535 kbps to be set.

PR for CRUX https://github.com/vyos/vyos-1x/pull/568

Oct 13 2020, 11:20 AM · VyOS 1.2 Crux (VyOS 1.2.7)

Unknown Object (User) changed the status of T2972: PPPoE server rate limiter allows max 65535 kbps to be set from Open to In progress.

Oct 13 2020, 10:54 AM · VyOS 1.2 Crux (VyOS 1.2.7)

Unknown Object (User) updated the task description for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT.

Oct 13 2020, 10:51 AM

Unknown Object (User) updated the task description for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT.

Oct 13 2020, 10:48 AM

Unknown Object (User) updated the task description for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT.

Oct 13 2020, 10:45 AM

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

You're right, if-up.d scripts only get run for the interfaces defined in /etc/network/interfaces.

Oct 13 2020, 10:29 AM · VyOS 1.3 Equuleus (1.3.0)

Unknown Object (User) changed the status of T2976: Client IP pool does not work for PPPoE local users from Open to In progress.

Oct 13 2020, 9:53 AM · VyOS 1.3 Equuleus (1.3.0)

All StoriesUse ResultsEdit QueryHide Query

Oct 17 2020

Oct 16 2020

Oct 15 2020

Oct 14 2020

Oct 13 2020

All Stories
Use Results
Edit Query
Hide Query