@insignia96 Will be present in the next rolling release.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Dec 31 2021
Dec 31 2021
Viacheslav edited projects for T4081: VRRP health-check script stops working when setting up a sync group, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav closed T4081: VRRP health-check script stops working when setting up a sync group as Resolved.
Dec 29 2021
Dec 29 2021
Viacheslav reopened T2498: Expected error when deleting vif that has dhcp-server configured as "Open".
Re-opened as this task regarding dhcp-server, not dhcp-client
Viacheslav closed T2498: Expected error when deleting vif that has dhcp-server configured as Not Applicable.
Fixed VyOS 1.3.0:
vyos@r4# run show conf com | match dhcp
set interfaces ethernet eth2 vif 35 address 'dhcp'
[edit]
vyos@r4# run show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.122.14/24 u/u WAN
eth1 203.0.113.14/24 u/u Lan
192.0.2.14/24
eth2 - u/u
eth2.35 10.0.2.10/24 u/uViacheslav added a project to T2700: Redirecting traffic from PPPoE interface to IFB fails: VyOS 1.4 Sagitta.
To reproduce:
set interfaces ethernet eth2 vif 35 set interfaces pppoe pppoe0 authentication password 'MYPASSWORD' set interfaces pppoe pppoe0 authentication user 'MYUSER' set interfaces pppoe pppoe0 default-route 'force' set interfaces pppoe pppoe0 mtu '1492' set interfaces pppoe pppoe0 redirect 'ifb0' set interfaces pppoe pppoe0 source-interface 'eth2.35' set interfaces pppoe pppoe0 traffic-policy out 'OUT2' set interfaces input ifb0
Commit:
vyos@r11-roll# commit [ interfaces pppoe pppoe0 redirect ifb0 ] Cannot find device "pppoe0" tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.
Viacheslav moved T2400: OpenVPN: dont restart server if no need from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav closed T2400: OpenVPN: dont restart server if no need, a subtask of T3995: OpenVPN: do not stop/start service on configuration change, as Resolved.
Fixed in eceaa3a7
Just fork the repository vyos-1x and create a PR with propper commit format.
https://docs.vyos.io/en/equuleus/contributing/development.html#fork-repository-and-submit-patch
https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md
Dec 28 2021
Dec 28 2021
Viacheslav edited projects for T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav changed the status of T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check from Open to In progress.
Viacheslav changed the status of T4111: IPSec generates wrong configuration colons for IPv6 peers from In progress to Needs testing.
One issue with static + dhcp on one interface at the same time.
After renew, the static address 192.168.122.11 is disappears
To reproduce:
vyos@r11-roll:~$ show conf com | match eth0 set interfaces ethernet eth0 address '192.168.122.11/24' set interfaces ethernet eth0 address 'dhcp'
Renew dhcp:
vyos@r11-roll:~$ renew dhcp interface eth0
Static address not in the system:
vyos@r11-roll:~$ show int Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 192.168.122.166/24 u/u WAN eth1 203.0.113.1/24 u/u
@johannrichard Is there any real example that you want to achieve?
Viacheslav changed the status of T4023: Add grepcidr or similar functionality from Open to In progress.
Viacheslav changed the status of T4100: Firewall increase maximum number of rules from Open to Needs testing.
Viacheslav changed the status of T4109: Extend high-availability/keepalived for support virtual-server lb from Open to In progress.
Viacheslav changed the status of T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 from Open to In progress.
Viacheslav added a comment to T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0.
PR https://github.com/vyos/vyos-1x/pull/1124
set service ssh disable-host-validation set service ssh listen-address '192.168.122.11' set service ssh listen-address 'fe80::5054:ff:fe48:a0c6%eth0'
Chek service and listen-addresses:
vyos@r11-roll# cat /run/sshd/sshd_config | grep List ListenAddress 192.168.122.11 ListenAddress fe80::5054:ff:fe48:a0c6%eth0
Viacheslav changed the status of T3380: "show vpn ike sa" does not display IPv6 peers from Open to In progress.
Viacheslav moved T3380: "show vpn ike sa" does not display IPv6 peers from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T3380: "show vpn ike sa" does not display IPv6 peers: VyOS 1.3 Equuleus ( 1.3.1).
It still doesn't work for 1.3
This regex not for all IPv6 peers
Viacheslav changed the status of T4111: IPSec generates wrong configuration colons for IPv6 peers from Open to In progress.
Dec 27 2021
Dec 27 2021
Viacheslav renamed T4111: IPSec generates wrong configuration colons for IPv6 peers from IPSec generates wrong configuration for IPv6 peers to IPSec generates wrong configuration colons for IPv6 peers.
Viacheslav changed the status of T3299: Allow the web proxy service to listen on all IP addresses from Resolved to Unknown Status.
There is a task for "loadbalancing" T4109
Some of the options can be included in the config:
set interfaces openvpn vtun10 openvpn-option-include '/config/openvpn/included.conf'
Just configure minimal OpenVPN configuration and include what you want
Viacheslav moved T2566: sstp not able to run tunnels ipv6 only from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Viacheslav changed the status of T4081: VRRP health-check script stops working when setting up a sync group from Confirmed to In progress.
Viacheslav moved T4081: VRRP health-check script stops working when setting up a sync group from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1122
Viacheslav added a comment to T4109: Extend high-availability/keepalived for support virtual-server lb.
Dec 26 2021
Dec 26 2021
Viacheslav changed the subtype of T4100: Firewall increase maximum number of rules from "Task" to "Feature Request".
@NikolayP Change it https://github.com/vyos/vyatta-cfg-firewall/blob/1e06e3f891f8238d565ff0eddb4cd8c9b6032346/templates/firewall/name/node.tag/rule/node.def#L5-L9 to the required range.
Dec 25 2021
Dec 25 2021
Dec 24 2021
Dec 24 2021
Viacheslav lowered the priority of T891: Current multi-table usage with VRF-netns tables in FRR is partially broken for PBR. from High to Normal.
Viacheslav added a comment to T891: Current multi-table usage with VRF-netns tables in FRR is partially broken for PBR..
In T891#20803, @Watcher7 wrote:
- VyOS command syntax cannot currently specify both a next-hop and interface for the same static route, despite FRR being able to do so.
Viacheslav moved T3854: Missing op-mode commands for conntrack-sync from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1120
Dec 23 2021
Dec 23 2021
Viacheslav edited projects for T3854: Missing op-mode commands for conntrack-sync, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav moved T4092: IKEv2 mobike commit failed with DMVPN nhrp from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav edited projects for T4092: IKEv2 mobike commit failed with DMVPN nhrp, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
PR for crux https://github.com/vyos/vyatta-cfg-vpn/pull/53
Viacheslav moved T4092: IKEv2 mobike commit failed with DMVPN nhrp from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Viacheslav changed the subtype of T3854: Missing op-mode commands for conntrack-sync from "Task" to "Bug".
Viacheslav changed the status of T3854: Missing op-mode commands for conntrack-sync from Open to In progress.
Dec 22 2021
Dec 22 2021
Viacheslav changed the status of T4092: IKEv2 mobike commit failed with DMVPN nhrp from Open to In progress.
Viacheslav added a project to T4092: IKEv2 mobike commit failed with DMVPN nhrp: VyOS 1.2 Crux (VyOS 1.2.9).
Viacheslav renamed T4092: IKEv2 mobike commit failed with DMVPN nhrp from Reopen: IKEv2 mobike commit failed to IKEv2 mobike commit failed with DMVPN nhrp.
It doesn't matter what you add mobike disable or enable
A possible reason it generates incorrect swanctl.conf for option mobike
@nikeshhajari thanks, I can reproduce it in 1.3:
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 multicast 'enable' set interfaces tunnel tun0 parameters ip key '1' set interfaces tunnel tun0 source-address '192.168.122.14' set protocols nhrp tunnel tun0 cisco-authentication 'orange' set protocols nhrp tunnel tun0 holding-time '300' set protocols nhrp tunnel tun0 multicast 'dynamic' set protocols nhrp tunnel tun0 redirect set protocols nhrp tunnel tun0 shortcut set vpn ipsec esp-group ESP-HUB compression 'disable' set vpn ipsec esp-group ESP-HUB lifetime '3600' set vpn ipsec esp-group ESP-HUB mode 'tunnel' set vpn ipsec esp-group ESP-HUB pfs 'dh-group21' set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha256' set vpn ipsec esp-group ESP-HUB proposal 2 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 2 hash 'sha256' set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no' set vpn ipsec ike-group IKE-HUB key-exchange 'ikev2' set vpn ipsec ike-group IKE-HUB lifetime '28800' set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '21' set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha256' set vpn ipsec ike-group IKE-HUB proposal 2 dh-group '21' set vpn ipsec ike-group IKE-HUB proposal 2 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 2 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'PRE_SHARED_KEY' set vpn ipsec profile NHRPVPN bind tunnel 'tun0' set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB' commit
Add mobile disable:
set vpn ipsec ike-group IKE-HUB mobike 'disable' commit [ vpn ] Warning: unable to [reload changes to swanctl.conf], received error code 5632
I prefer to rewrite the whole https://github.com/vyos/vyatta-config-mgmt to XML/python
A similar bug I see in 1.2 with such configuration:
set service snmp contact 'test' set service snmp listen-address 192.168.122.12 set service snmp location 'test' set service snmp v3 user foo auth encrypted-key '0x2e312e332e362e312e362e332e31302e312e322e34' set service snmp v3 user foo auth type 'sha' set service snmp v3 user foo privacy encrypted-key '0x' set service snmp v3 user foo privacy type 'aes'
Viacheslav added projects to T4093: SNMPv3 snmpd.conf generation bug: VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0).
Dec 21 2021
Dec 21 2021
@m.korobeinikov Could you re-check it and close if necessary?
Viacheslav closed T3376: Setting ipv6 address autoconf causes all interfaces besides the target to lose their IP as Not Applicable.
@ernstjo Do you have any news regarding this issue or should we close it?
Viacheslav added a comment to T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.
@SrividyaA Could you re-check it?