Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Jul 12 2021

Viacheslav added a comment to T3671: Webproxy not functional in 1.2.8 update.

@trystan Can you download this pkg to vyos /tmp and install it? It should fix this issue

vyatta-webproxy_1.2.8_all.deb35 KBDownload

Jul 12 2021, 3:40 PM · VyOS 1.2 Crux (VyOS 1.2.9)
yun added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

The workaround stopped working after the OpenVPN configuration checks moved from Perl to Python. As this still applies to VyOS 1.3 this issue should be reopened, I can also create a new issue if that is preferred.

Jul 12 2021, 3:20 PM · Invalid
SrividyaA added a comment to T3656: IPSec 1.4 : "show vpn ike sa" does not show the correct default ike version.

@sdev It still shows the ikev2 as the default version in the output.
I agree with your point that strongswan has changed the default version. A quote from their documentation: "Since 5.0.0 both protocols are handled by Charon and connections marked with ike will use IKEv2 when initiating, but accept any protocol version when responding."

Jul 12 2021, 2:43 PM · VyOS 1.4 Sagitta
fernando added a comment to T3661: [vrf} route-leaking missing command.

good lab, thanks for your time! I want to leave a comment , I used the syntax that you recommend and it worked well ( VyOS 1.3.0-rc5):

Jul 12 2021, 1:55 PM · VyOS 1.3 Equuleus (1.3.0)
fernando added a comment to T3661: [vrf} route-leaking missing command.
Jul 12 2021, 1:34 PM · VyOS 1.3 Equuleus (1.3.0)
c-po committed rVYOSONEX2f3043ffce8a: op-mode: T427: add "summary" command for WireGuard interface information.
Jul 12 2021, 6:11 AM
c-po committed rVYOSONEX84305a8b98bb: op-mode: T427: add "summary" command for WireGuard interface information.
Jul 12 2021, 6:11 AM

Jul 11 2021

c-po committed rVYOSONEX562f4c276215: ipsec: T2816: use common "if key in dict:" pattern.
Jul 11 2021, 6:08 PM
c-po committed rVYOSONEXbffd2687fa55: ipsec: T2816: fix NameError.
Jul 11 2021, 6:08 PM
artooro created T3676: Container option to add Linux capabilities.
Jul 11 2021, 3:44 PM · VyOS 1.4 Sagitta
c-po added a comment to T3661: [vrf} route-leaking missing command.

I did a short lab test using the following topology based on my assumptions what you wan't to do using VyOS 1.3.0-rc5:

Jul 11 2021, 1:54 PM · VyOS 1.3 Equuleus (1.3.0)
c-po added a comment to T2773: EIGRP support for VRF.

@Viacheslav but that sounds more of a decent FRR bug. We could still consider adding EIGRP support for 1.4

Jul 11 2021, 1:13 PM · VyOS 1.4 Sagitta
c-po moved T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors from Open to In Progress on the VyOS 1.4 Sagitta board.
Jul 11 2021, 1:12 PM · VyOS 1.4 Sagitta
c-po moved T3663: Use inotify file watching where applicable from Open to In Progress on the VyOS 1.4 Sagitta board.
Jul 11 2021, 1:12 PM · VyOS 1.4 Sagitta
c-po moved T1210: About IKEv2 IPSec VPN remote access from Open to In Progress on the VyOS 1.4 Sagitta board.
Jul 11 2021, 1:12 PM · VyOS 1.4 Sagitta
c-po changed the status of T1210: About IKEv2 IPSec VPN remote access, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to Needs testing.
Jul 11 2021, 1:12 PM · VyOS 1.4 Sagitta
c-po changed the status of T1210: About IKEv2 IPSec VPN remote access from Open to Needs testing.
Jul 11 2021, 1:12 PM · VyOS 1.4 Sagitta
c-po closed T3665: Missing VRF support for VxLAN but already documented as Resolved.
Jul 11 2021, 1:09 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
c-po committed rVYOSONEX7acd5e4b5319: vxlan: T3665: add VRF support.
Jul 11 2021, 1:09 PM
c-po committed rVYOSONEX701613fc6ec8: smoketest: T3637: add testcase for vrf bind-to-all option.
Jul 11 2021, 1:09 PM
c-po committed rVYOSONEX12bc0e667d66: vxlan: T3665: add VRF support.
Jul 11 2021, 1:08 PM
c-po claimed T3665: Missing VRF support for VxLAN but already documented.
Jul 11 2021, 1:06 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
GitHub <noreply@github.com> committed rVYOSONEX816ae445c011: smoketest: ospf: change passive-interface debugging (authored by c-po).
Jul 11 2021, 12:58 PM
c-po added a project to T3637: vrf: bind-to-all didn't work properly: VyOS 1.3 Equuleus.
Jul 11 2021, 12:33 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po committed rVYOSONEXcc5fdd0bbc95: vrf: T3637: bind-to-all didn't work properly (authored by tjjh89017).
Jul 11 2021, 12:32 PM
c-po added a comment to T3666: VRF bind-to-all - it doesn't apply the settings ..

Backported fix from T3637

Jul 11 2021, 12:31 PM · VyOS 1.3 Equuleus (1.3.0)
c-po merged T3666: VRF bind-to-all - it doesn't apply the settings . into T3637: vrf: bind-to-all didn't work properly.
Jul 11 2021, 12:31 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po merged task T3666: VRF bind-to-all - it doesn't apply the settings . into T3637: vrf: bind-to-all didn't work properly.
Jul 11 2021, 12:31 PM · VyOS 1.3 Equuleus (1.3.0)
c-po claimed T3661: [vrf} route-leaking missing command.
Jul 11 2021, 11:39 AM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T3666: VRF bind-to-all - it doesn't apply the settings . from Open to In progress.
Jul 11 2021, 11:36 AM · VyOS 1.3 Equuleus (1.3.0)

Jul 10 2021

joelc added a comment to T3672: DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output .

oh good grief this is an old problem.. Just found a reference here while researching: https://community.ui.com/questions/DHCP-Failover-Configuration-Multiple-VLAN-interfaces/da7a0f03-2c4e-4d9f-9924-c2297db177db

Jul 10 2021, 6:58 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
jack9603301 committed rVYOSONEXbd2c6d55b581: bridge: op-mode: T3667: Fix command line errors.
Jul 10 2021, 12:55 PM
jack9603301 committed rVYOSONEXd32d6d23828b: bridge: op-mode: T3667: Moving `vlan` to better locations.
Jul 10 2021, 12:55 PM
GitHub <noreply@github.com> committed rVYOSONEX3bfaed07d335: Merge pull request #916 from jack9603301/T3667 (authored by c-po).
Jul 10 2021, 12:55 PM
c-po added a comment to T3675: L2TP over IPSEC broken.

I can confirm this on the latest rolling versions, seems to be a problem with the IPSec rewrite/move to swanctl.conf.

Jul 10 2021, 9:00 AM
c-po changed the status of T3675: L2TP over IPSEC broken from Open to Confirmed.
Jul 10 2021, 9:00 AM
Viacheslav closed T3636: SSTP / L2TP ipv6 support broken as Resolved.
Jul 10 2021, 8:38 AM · VyOS 1.4 Sagitta
primoz created T3675: L2TP over IPSEC broken.
Jul 10 2021, 8:18 AM
primoz added a comment to T3636: SSTP / L2TP ipv6 support broken.

This seems to work now.

Jul 10 2021, 8:14 AM · VyOS 1.4 Sagitta

Jul 9 2021

jack9603301 committed rVYOSONEXef4f47003eb1: bridge: op-mode: T3667: Fix command line errors.
Jul 9 2021, 8:16 PM
GitHub <noreply@github.com> committed rVYOSONEX2a299c3fb23e: Merge pull request #915 from jack9603301/T3667 (authored by c-po).
Jul 9 2021, 8:16 PM
jack9603301 closed T3667: brctl is damaged as Resolved.
Jul 9 2021, 3:38 PM · VyOS 1.4 Sagitta
jack9603301 committed rVYOSONEXdb593954f788: op-mode: brctl: T3667: Using `bridge` command structure instead of `brctl`.
Jul 9 2021, 3:33 PM
GitHub <noreply@github.com> committed rVYOSONEX021765700a8a: Merge pull request #913 from jack9603301/T3667 (authored by c-po).
Jul 9 2021, 3:33 PM
Viacheslav added a comment to T3674: Webproxy squid is stared by default without any configuration.

PR https://github.com/vyos/vyos-build/pull/176

Jul 9 2021, 3:21 PM · VyOS 1.2 Crux (VyOS 1.2.9)
Viacheslav claimed T3674: Webproxy squid is stared by default without any configuration.
Jul 9 2021, 3:15 PM · VyOS 1.2 Crux (VyOS 1.2.9)
Viacheslav created T3674: Webproxy squid is stared by default without any configuration.
Jul 9 2021, 2:23 PM · VyOS 1.2 Crux (VyOS 1.2.9)
Viacheslav added a comment to T3673: BGP large-community del operation missing.

PR https://github.com/vyos/vyos-1x/pull/914

Jul 9 2021, 2:06 PM · VyOS 1.4 Sagitta
Viacheslav claimed T3673: BGP large-community del operation missing.
Jul 9 2021, 1:58 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3673: BGP large-community del operation missing.

It is a feature request.
So we don't have a "large-comm-list" for set in our CLI. It is incorrect to compare "large-community" with "large-comm-list"
The option "delete" is preset only for the "lists"

Jul 9 2021, 12:40 PM · VyOS 1.4 Sagitta
Viacheslav triaged T3673: BGP large-community del operation missing as Normal priority.
Jul 9 2021, 12:01 PM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T3673: BGP large-community del operation missing from "Bug" to "Feature Request".
Jul 9 2021, 12:00 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3537: Unable to override the default OSPFv3 link cost for wireguard interface.

I can't reproduce it in 1.3-rc5

set interfaces wireguard wg0 address '10.1.0.3/24'
set interfaces wireguard wg0 address 'cafe:c01d:c01a::2/64'
set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-192.0.2.1'
set interfaces wireguard wg0 ipv6 ospfv3 cost '24'
set interfaces wireguard wg0 ipv6 ospfv3 dead-interval '40'
set interfaces wireguard wg0 ipv6 ospfv3 hello-interval '10'
set interfaces wireguard wg0 ipv6 ospfv3 instance-id '0'
set interfaces wireguard wg0 ipv6 ospfv3 priority '1'
set interfaces wireguard wg0 ipv6 ospfv3 retransmit-interval '5'
set interfaces wireguard wg0 ipv6 ospfv3 transmit-delay '1'
set interfaces wireguard wg0 peer PEER01 address '192.0.2.1'
set interfaces wireguard wg0 peer PEER01 allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer PEER01 allowed-ips '10.0.3.0/24'
set interfaces wireguard wg0 peer PEER01 allowed-ips '::/0'
set interfaces wireguard wg0 peer PEER01 port '12345'
set interfaces wireguard wg0 peer PEER01 pubkey 'Cpqy8='
set interfaces wireguard wg0 port '54321'
set protocols ospf area 0 network '10.1.0.0/24'
set protocols ospf passive-interface 'default'
set protocols ospf passive-interface-exclude 'wg0'
set protocols ospfv3 area 0 interface 'wg0'
Jul 9 2021, 9:31 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
ernstjo created T3673: BGP large-community del operation missing.
Jul 9 2021, 9:00 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3662: Container configuration upgrade destroys system.

In the latest rolling release all works fine without any changes

vyos@r1-roll:~$ show version
Jul 9 2021, 8:39 AM · VyOS 1.4 Sagitta
jack9603301 updated the task description for T3667: brctl is damaged.
Jul 9 2021, 7:16 AM · VyOS 1.4 Sagitta
jack9603301 updated the task description for T3667: brctl is damaged.
Jul 9 2021, 7:15 AM · VyOS 1.4 Sagitta
dtoux changed Version from VyOS 1.3-rolling-202105011026 to VyOS 1.3-rolling-202105011026, VyOS 1.3.0-rc5 on T3537: Unable to override the default OSPFv3 link cost for wireguard interface.
Jul 9 2021, 4:47 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
dtoux added a comment to T3537: Unable to override the default OSPFv3 link cost for wireguard interface.

The issue seems still present in Vyos 1.3.0-rc5

Jul 9 2021, 4:46 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
joelc created T3672: DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output .
Jul 9 2021, 12:58 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

Jul 8 2021

Viacheslav changed the status of T3671: Webproxy not functional in 1.2.8 update from Open to Confirmed.

It seems there were changes in squid , but not in our code.

Jul 8 2021, 10:52 PM · VyOS 1.2 Crux (VyOS 1.2.9)
trystan created T3671: Webproxy not functional in 1.2.8 update.
Jul 8 2021, 8:51 PM · VyOS 1.2 Crux (VyOS 1.2.9)
artooro created T3670: Option to disable HTTP port 80 redirect.
Jul 8 2021, 5:22 PM · VyOS 1.4 Sagitta
Viacheslav closed T3669: frr.log file missing from /var/log/frr/ as Invalid.

It is not used /var/log/frr anymore T2061

Jul 8 2021, 5:09 PM
dmbaturin committed rVYOSONEX5dd06565d9f3: Version update..
Jul 8 2021, 5:06 PM
dmbaturin committed rVYOSONEX27936c01b8ab: T3663: add a dependency on python3-inotify..
Jul 8 2021, 2:14 PM
dmbaturin committed rVYOSONEXe6bce67f2ab2: T3663: add pre_hook argument to util.wait_for_inotify.
Jul 8 2021, 1:51 PM
dmbaturin committed rVYOSONEX63713fc60c0f: T3663: fix the call to time.time() to match the new import scheme..
Jul 8 2021, 1:51 PM
dmbaturin committed rVYOSONEX859afacfeafc: T3663: use inotify-based waiting for keepalived in `show vrrp`.
Jul 8 2021, 1:47 PM
RyVolodya added a comment to T3494: DHCPv6 leases traceback when PD using.

Please backport this to 1.3. Thanks.

Jul 8 2021, 11:40 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
hitesh.happani created T3669: frr.log file missing from /var/log/frr/.
Jul 8 2021, 10:59 AM
trae32566 added a comment to T3628: commit-archive source-address Interface Broken.
trae@cr01a-vyos# show system config-management 
 commit-archive {
     location sftp://cr01a-vyos.int:<somePassword>@stor01z-rh8.int.trae32566.org:/int/cr01a-vyos
     source-address lo
 }
 commit-revisions 10000
Jul 8 2021, 5:20 AM · VyOS 1.4 Sagitta

Jul 7 2021

jack9603301 added a comment to T3667: brctl is damaged.

PR: https://github.com/vyos/vyos-1x/pull/913

Jul 7 2021, 4:51 PM · VyOS 1.4 Sagitta
jack9603301 changed the status of T3667: brctl is damaged from Open to In progress.
Jul 7 2021, 4:45 PM · VyOS 1.4 Sagitta
jack9603301 created T3667: brctl is damaged.
Jul 7 2021, 4:45 PM · VyOS 1.4 Sagitta
fernando created T3666: VRF bind-to-all - it doesn't apply the settings ..
Jul 7 2021, 4:24 PM · VyOS 1.3 Equuleus (1.3.0)
sarthurdev <965089+sarthurdev@users.noreply.github.com> committed rVYOSONEX5a7c46016a23: pki: T3642: Migrate rsa-keys to PKI configuration.
Jul 7 2021, 3:32 PM
GitHub <noreply@github.com> committed rVYOSONEX17dff3088104: Merge pull request #912 from sarthurdev/pki_ipsec_rsa (authored by c-po).
Jul 7 2021, 3:32 PM
tom.siewert renamed T3665: Missing VRF support for VxLAN but already documented from Missing `vrf` support for VxLAN to Missing VRF support for VxLAN but already documented.
Jul 7 2021, 1:57 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
tom.siewert created T3665: Missing VRF support for VxLAN but already documented.
Jul 7 2021, 1:57 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sarthurdev updated the task description for T3642: PKI configuration.
Jul 7 2021, 11:59 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev added a comment to T3642: PKI configuration.

vpn rsa-keys migrated: https://github.com/vyos/vyos-1x/pull/912

Jul 7 2021, 11:57 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
erkin added a comment to T3628: commit-archive source-address Interface Broken.

@trae32566 I can't replicate this. Can you post your config?

Jul 7 2021, 9:04 AM · VyOS 1.4 Sagitta
erkin changed the status of T3628: commit-archive source-address Interface Broken, a subtask of T3356: Script for remote file transfers, from Open to In progress.
Jul 7 2021, 9:03 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
erkin changed the status of T3628: commit-archive source-address Interface Broken from Open to In progress.
Jul 7 2021, 9:03 AM · VyOS 1.4 Sagitta
trae32566 reopened T3628: commit-archive source-address Interface Broken, a subtask of T3356: Script for remote file transfers, as Open.
Jul 7 2021, 5:51 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
trae32566 reopened T3628: commit-archive source-address Interface Broken as "Open".

This is still broken on the most recent rolling release:

trae@cr01a-vyos# commit
Using source address lo
Archiving config...
  sftp://stor01z-rh8.int.trae32566.org:/int/cr01a-vyos Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python3/dist-packages/vyos/remote.py", line 315, in upload
    upload_sftp(local_path, url.hostname, url.path, username, password, port, source, progressbar)
  File "/usr/lib/python3/dist-packages/vyos/remote.py", line 190, in upload_sftp
    transfer_sftp('upload', *args, **kwargs)
  File "/usr/lib/python3/dist-packages/vyos/remote.py", line 162, in transfer_sftp
    sock.connect((hostname, port))
OSError: [Errno 22] Invalid argument
[edit protocols bgp]
Jul 7 2021, 5:51 AM · VyOS 1.4 Sagitta

Jul 6 2021

SrividyaA added a comment to T3656: IPSec 1.4 : "show vpn ike sa" does not show the correct default ike version.

@sdev , Thank you. I will test and confirm, once the new rolling version is released.

Jul 6 2021, 4:34 PM · VyOS 1.4 Sagitta
dmbaturin created T3664: Build flavor system redesign.
Jul 6 2021, 1:47 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev <965089+sarthurdev@users.noreply.github.com> committed rVYOSONEX20c4d06c717c: pki: T3642: Support for adding SANs on certificate requests.
Jul 6 2021, 10:22 AM
sarthurdev <965089+sarthurdev@users.noreply.github.com> committed rVYOSONEXda0298077982: pki: ipsec: T3642: Fix issue with '.' being present in tag nodes, adds new vyos..
Jul 6 2021, 10:22 AM
sarthurdev <965089+sarthurdev@users.noreply.github.com> committed rVYOSONEX0b93fce06526: ipsec: T1210: T1251: Add more features to remote-access connections.
Jul 6 2021, 10:22 AM
sarthurdev <965089+sarthurdev@users.noreply.github.com> committed rVYOSONEXa5cd877a0a4a: ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.py.
Jul 6 2021, 10:22 AM
GitHub <noreply@github.com> committed rVYOSONEX511253635a9b: Merge pull request #911 from sarthurdev/pki_san (authored by c-po).
Jul 6 2021, 10:22 AM
c-po closed T3660: Conntrack-Sync configuration command to specify destination udp port for peer as Resolved.
Jul 6 2021, 5:33 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
c-po added a comment to T3660: Conntrack-Sync configuration command to specify destination udp port for peer.

Thanks for the confirmation

Jul 6 2021, 5:33 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Jul 5 2021

jestabro committed rVYOSONEX50b8d38abdb1: T3663: python3-inotify should be a runtime dependency.
Jul 5 2021, 5:23 PM
m1nus added a comment to T3660: Conntrack-Sync configuration command to specify destination udp port for peer.

Hi @c-po i've been testing the added command.

Jul 5 2021, 2:23 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
fernando added a comment to T3661: [vrf} route-leaking missing command.

yes , but when you use 'set protocols static route 10.0.0.0/8 next-hop 1.1.1.1 next-hop-vrf red' it doesn't install the prefix in the default table :

Jul 5 2021, 1:25 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3076: Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration.

@tjh If you have a test lab, can you check conntrack-sync in the latest 1.3?

Jul 5 2021, 10:48 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
First
Prev
Next