Fixed/added https://github.com/vyos/vyos-user-utils/blob/d99b3497de6b057d23a7e29759b022a3567284a8/debian/control#L11
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Aug 30 2021
Aug 30 2021
Viacheslav changed the status of T3782: Ingress Shaping with IFB No Longer Functional with 1.3 from Open to Needs testing.
Viacheslav renamed T3786: GRE tunnel source address 0.0.0.0 error from GRE tunnel source address without remote address error to GRE tunnel source address 0.0.0.0 error.
Viacheslav renamed T3786: GRE tunnel source address 0.0.0.0 error from GRE tunnel source address 0.0.0.0 error to GRE tunnel source address without remote address error.
Add key to successful commit.
set interfaces tunnel tun1 parameters ip key '1'
Viacheslav closed T3553: OSPFv3 redistribute configuration remains in frr running config after removal as Invalid.
Not reproducible.
I close the task.
Reopen it if necessary. Describe step by step with an example of config how to reproduce it.
Thanks.
PR for 1.3 https://github.com/vyos/vyos-build/pull/184
Fixed in VyOS 1.3-beta-202108300342
Viacheslav added projects to T3782: Ingress Shaping with IFB No Longer Functional with 1.3: VyOS 1.4 Sagitta, test.
Aug 29 2021
Aug 29 2021
In T3782#102239, @trystan wrote:
Possible bug after this commit https://github.com/vyos/vyos-1x/pull/621/commits/ede2972be4c49962a04b1addb9df6ce58f2d9f42
As it works in vyos-1.3-rolling-202011 before that commit.
Viacheslav changed the status of T3777: adding IPv6 EUI64 address fails commit in 1.3.0-rc6 from Open to Needs testing.
1.3 fixed in T3779
The issue may be with OpenVPN/dynamic interfaces only, without the option "persist".
In that case, if no connectivity between interfaces it tried to re-add the interface "down/up" vtunX with a new SNMP index. And it will be in the loop until connectivity will be restored with the remote site.
Difference between 1.2 and 1.3
1.3 don't have option qdisc ingress ffff: dev eth0 parent ffff:fff1 ----------------
How about CLI set system syslog atop file 5
That means save the latest 5 files.
Viacheslav changed the status of T3770: BGP neighbor not generating the correct frr configuration when moved to peer-group from Open to Confirmed.
PR https://github.com/vyos/vyos-1x/pull/981
vyos@r4-1.3# set interfaces ethernet eth0 ipv6 address eui64 2001:db8::/64
[edit]
vyos@r4-1.3# commit
ru[edit]
vyos@r4-1.3# run show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.122.14/24 u/u
2001:db8::5054:ff:fe5d:4609/64Aug 24 2021
Aug 24 2021
Similar task T3360
Aug 18 2021
Aug 18 2021
Viacheslav added a comment to T3766: containers: Expanding options for networking and building containers.
Network re-creates every time after reboot and gets configuration from "container network" section.
https://github.com/vyos/vyatta-cfg/blob/242f5685159f615ff79312041d3dde2063e5579a/scripts/init/vyos-router#L273-L277
So there is podman decide how to name this network.
From conf mode I get error VyOS 1.4-rolling-202108130117
vyos@vyos-oobm# loadkey vyos scp://vyos@192.168.122.11:/etc/ssh/ssh_host_rsa_key.pub Global symbol "$generate" requires explicit package name (did you forget to declare "my $generate"?) at /opt/vyatta/sbin/vyatta-load-user-key.pl line 162. Execution of /opt/vyatta/sbin/vyatta-load-user-key.pl aborted due to compilation errors. [edit] vyos@vyos-oobm#
Viacheslav added a project to T3762: Support network and address groups for policy ipv6-route: VyOS 1.4 Sagitta.
Viacheslav closed T3537: Unable to override the default OSPFv3 link cost for wireguard interface as Resolved.
I close the task, because it can't be reproducible in 1.3.0-rc5
Re-open it, if necessary with described step by step how to reproduce it.
Or open a new one.
from vyos.xml import defaults doesn't work for 1.3 correctly, for some reason it gets 2 isis process with same name "FOO"
https://github.com/sever-sever/vyos-1x/commit/7b0a33618bfa1d1ef99b9744ed1ded49a2c832af
vyos@r4-1.3# compare
[edit protocols]
+isis FOO {
+ interface tun0 {
+ }
+ net 49.0001.0000.0011.0001.00
+}
[edit]
vyos@r4-1.3# commit
[ protocols isis FOO ]
{'FOO': {'interface': {'tun0': {}}, 'net': '49.0001.0000.0011.0001.00'},
'lsp_mtu': '1497'}
Only one isis process can be definedAug 17 2021
Aug 17 2021
Viacheslav closed T1643: Deleting all firewall zones failed and locked out box, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Not reproducible, tested on "1.3-beta-202108151336"
Viacheslav added a comment to T1753: Configuring `ip source-validation loose` doesn't properly configure `sysctl`.
- Bug, values on interfaces are overwritten after firewall global parameters.
By default:
vyos@r4-1.3# sudo sysctl -a | grep "\.rp_filter" net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 0 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.vtun10.rp_filter = 0
Set value for the interface eth2 value "loose"
vyos@r4-1.3# set interfaces ethernet eth2 ip source-validation 'loose' [edit] vyos@r4-1.3# commit vyos@r4-1.3# sudo sysctl -a | grep "\.rp_filter" net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 2 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.vtun10.rp_filter = 0
Viacheslav added a comment to T1349: L2TP remote-access vpn terminated and not showing as connected.
@Merijn Any updates?
@c-po Can we close it?
Not more actual for 1.3, as it used isc-dhcp-client/isc-dhcp-relay/isc-dhcp-server 4.4.1-2
I can't find in logs something like bad udp checksums
Do we need to set this option configurable?
We have an option --disable-syslog so for enable logging it should be --enable-syslog
SA only with hub, output correct
vyos@spoke1:~$ show vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
------------ ------- -------- -------------- ---------------- ---------------- ----------- ----------------------------------
dmvpn up 16m24s 2K/2K 24/23 192.0.2.1 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024
vyos@spoke1:~$
vyos@spoke1:~$
vyos@spoke1:~$ sudo swanctl -l
dmvpn-NHRPVPN-tun100: #1, ESTABLISHED, IKEv1, 2bc867b1ca327379_i* c85b15462b657b03_r
local '100.64.1.11' @ 100.64.1.11[500]
remote '192.0.2.1' @ 192.0.2.1[500]
AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
established 1001s ago, rekeying in 2400s
dmvpn: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-256/HMAC_SHA1_96/MODP_1024
installed 1001s ago, rekeying in 505s, expires in 979s
in cb2b55ee, 3044 bytes, 24 packets, 91s ago
out cb3647d6, 2474 bytes, 23 packets, 91s ago
local 100.64.1.11/32[gre]
remote 192.0.2.1/32[gre]
vyos@spoke1:~$Tested on VyOS 1.3.0-rc5
Not reproducible update from 1.2.4 to 1.3-rc5
1.2.4 config
set interfaces ethernet eth1 bond-group bond0 set interfaces ethernet eth1 bond-group bond0 set interfaces bonding bond0 vif 29 address '192.168.159.167/31' set interfaces bonding bond0 vif 29 address 'fd12:45:fff:29::2/126' set interfaces bonding bond0 vif 29 description 'Point to Point - DMZ' set interfaces bonding bond0 vif 29 ip ospf dead-interval '20' set interfaces bonding bond0 vif 29 ip ospf hello-interval '10' set interfaces bonding bond0 vif 29 ip ospf priority '220' set interfaces bonding bond0 vif 29 ip ospf retransmit-interval '5' set interfaces bonding bond0 vif 29 ip ospf transmit-delay '1' set interfaces bonding bond0 vif 29 ipv6 dup-addr-detect-transmits '1' set interfaces bonding bond0 vif 29 ipv6 ospfv3 cost '1' set interfaces bonding bond0 vif 29 ipv6 ospfv3 dead-interval '20' set interfaces bonding bond0 vif 29 ipv6 ospfv3 hello-interval '10' set interfaces bonding bond0 vif 29 ipv6 ospfv3 instance-id '0' set interfaces bonding bond0 vif 29 ipv6 ospfv3 priority '220' set interfaces bonding bond0 vif 29 ipv6 ospfv3 retransmit-interval '5' set interfaces bonding bond0 vif 29 ipv6 ospfv3 transmit-delay '1' set interfaces bonding bond0 vif 29 mtu '1500' set interfaces loopback lo address 'fd12:45::14/128' set policy route-map OSPF-Filter description 'This route map will apply to outgoing routes sent via OSPF' set policy route-map OSPF-Filter rule 10 action 'permit' set policy route-map OSPF-Filter rule 10 description 'Only permit loopback interface' set policy route-map OSPF-Filter rule 10 match interface 'lo' set policy route-map OSPF-Filter rule 100 action 'deny' set policy route-map OSPF-Filter rule 100 description 'Default deny' set protocols ospfv3 area 0.0.0.0 interface 'lo' set protocols ospfv3 area 0.0.0.0 interface 'bond0.29' set protocols ospfv3 area 0.0.0.0 range fd12:45:fff:29::/126 set protocols ospfv3 parameters router-id '192.168.159.241' set protocols ospfv3 redistribute connected route-map 'OSPF-Filter'
Large-community and large-community-list it is different functions.
It seems all works fine
Viacheslav changed the status of T690: Allow OpenVPN servers to push routes with custom metric values from Open to Needs testing.
@darkdragon-001 It will be available in the next rolling release, can you test it?
Aug 16 2021
Aug 16 2021
PR for current https://github.com/vyos/vyos-1x/pull/974
Viacheslav moved T3738: openvpn fails if server and authentication are configured from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Fixed, 1.3-beta-202108151336
vyos@r4-1.3# run show conf com | match openvpn set interfaces openvpn vtun10 encryption cipher 'aes256' set interfaces openvpn vtun10 hash 'sha512' set interfaces openvpn vtun10 local-host '192.168.122.14' set interfaces openvpn vtun10 local-port '1194' set interfaces openvpn vtun10 mode 'server' set interfaces openvpn vtun10 persistent-tunnel set interfaces openvpn vtun10 protocol 'udp' set interfaces openvpn vtun10 server client client1 ip '10.10.0.10' set interfaces openvpn vtun10 server domain-name 'vyos.net' set interfaces openvpn vtun10 server max-connections '250' set interfaces openvpn vtun10 server name-server '172.16.254.30' set interfaces openvpn vtun10 server subnet '10.10.0.0/24' set interfaces openvpn vtun10 server topology 'subnet' set interfaces openvpn vtun10 tls ca-cert-file '/config/auth/ca.crt' set interfaces openvpn vtun10 tls cert-file '/config/auth/central.crt' set interfaces openvpn vtun10 tls dh-file '/config/auth/dh.pem' set interfaces openvpn vtun10 tls key-file '/config/auth/central.key' set interfaces openvpn vtun10 tls tls-version-min '1.0' set interfaces openvpn vtun10 use-lzo-compression [edit] vyos@r4-1.3# vyos@r4-1.3# set interfaces openvpn vtun10 authentication username foo [edit] vyos@r4-1.3# commit
Not sure that it is a good idea for this format.
The syntax between versions (1.3/1.4 bgd/isisd) is changed. With every syntax change you should also change and section "service https API ... bgp"
My point API must have a full access to all configuration options.
Aug 15 2021
Aug 15 2021
Aug 14 2021
Aug 14 2021
@c-po It makes sense
Need to try.
Aug 13 2021
Aug 13 2021
Viacheslav moved T3738: openvpn fails if server and authentication are configured from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T3750: pdns-recursor 4.4 issue with dont-query and private DNS servers.
I don't see the repo for "bullseye"
http://repo.powerdns.com/
PR for current https://github.com/vyos/vyos-1x/pull/967
Viacheslav closed T3727: VPN IPsec ESP proposal and ESP presented in config missmatch, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Fixed, thanks.
It seems impossible to delete network and container and add a new one in one commit
Aug 12 2021
Aug 12 2021
Another bug.
From time to time I get errors in debug mode ("touch /tmp/vyos.frr.debug" and "sudo systemctl stop vyos-configd") when changing lsp-mtu size
vyos@r1-roll# set protocols isis lsp-mtu 1308 [edit] vyos@r1-roll# commit [ protocols isis ]
Aug 11 2021
Aug 11 2021
Similar task T2315, also there is bug related T1976, etc.
It should be a migration script that determines ip/ipv6 neighbor and set neighbor to properly afi.
So there is one question, how to determine which afi we should to use if we see "peer-group" in configuration?
I don't think that we can implement it in 1.3 as it uses an old codebase.
To reproduce in 1.4:
Viacheslav added a comment to T3737: openvpn-option needs to be able to support quotes as since openvpn 2.4..
As Workaround in T3350 set raw option "config /path/to/config/file"
Viacheslav closed T3709: Snmp: Allow enable MIDs/OIDs ipCidrRouteTable, a subtask of T3706: Add proper priorities for systemd daemons, as Resolved.
@fernando Thanks.
Aug 10 2021
Aug 10 2021
Viacheslav changed the status of T3709: Snmp: Allow enable MIDs/OIDs ipCidrRouteTable, a subtask of T3706: Add proper priorities for systemd daemons, from Open to Needs testing.
Viacheslav changed the status of T3709: Snmp: Allow enable MIDs/OIDs ipCidrRouteTable from Open to Needs testing.
@fernando Can you check this feature in the next rolling release?
set service snmp community public client 127.0.0.1 set service snmp oid-enable route-table
Aug 9 2021
Aug 9 2021
Viacheslav changed the status of T3730: op-mode conntrack-sync miss some functions from Open to Needs testing.