Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Jan 4 2022

Viacheslav changed the status of T4134: Incorrect firewall protocol completion help uppercase and duplicates from Open to In progress.
Jan 4 2022, 12:26 PM · VyOS 1.4 Sagitta
Viacheslav claimed T4134: Incorrect firewall protocol completion help uppercase and duplicates.
Jan 4 2022, 12:26 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4138: NAT configuration allows to set incorrect port range and invalid port from NAT configuration allows to set incorrect port range to NAT configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:14 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4137: Firewall group configuration allows to set incorrect port range and invalid port from Firewall group configuration allows incorrect port range to Firewall group configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:12 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4137: Firewall group configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:10 PM · VyOS 1.4 Sagitta
Viacheslav created T4138: NAT configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:05 PM · VyOS 1.4 Sagitta
Viacheslav created T4137: Firewall group configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:00 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4132: Impossible to show a specific firewall group.

PR https://github.com/vyos/vyos-1x/pull/1131

vyos@r11-roll:~$ show firewall group 
Possible completions:
  <Enter>       Execute the current command
  FOO           Show firewall group
  FOO2
  NETV6
  PORTGRP
Jan 4 2022, 11:47 AM · VyOS 1.4 Sagitta
Viacheslav claimed T4132: Impossible to show a specific firewall group.
Jan 4 2022, 11:37 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4131: Show firewall group incorrect format members.

In 1.3 it looks like just ipset -L:

vyos@r4:~$ show firewall group 
Name       : FOO2
Type       : address
References : none
Members    :
             203.0.113.3
Jan 4 2022, 9:53 AM · VyOS 1.4 Sagitta
c-po added a comment to T4131: Show firewall group incorrect format members.

Can you please add output from VyOS 1.3 as reference?

Jan 4 2022, 6:52 AM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX84a83ecc4c78: firewall: T4130: Fix firewall state-policy errors.
Jan 4 2022, 4:11 AM
sarthurdev committed rVYOSONEX9213d9cc7bcd: firewall: T4130: Add state-policy test to firewall smoketest.
Jan 4 2022, 4:11 AM
GitHub <noreply@github.com> committed rVYOSONEX993b87458456: Merge pull request #1130 from sarthurdev/firewall (authored by c-po).
Jan 4 2022, 4:11 AM
syncer merged T4136: Firewall State Policy entries fail to load. into T4130: Firewall state policy errors chain.
Jan 4 2022, 1:19 AM · VyOS 1.4 Sagitta
syncer merged task T4136: Firewall State Policy entries fail to load. into T4130: Firewall state policy errors chain.
Jan 4 2022, 1:18 AM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4136: Firewall State Policy entries fail to load..

Duplicate of T4130

Jan 4 2022, 12:45 AM · VyOS 1.4 Sagitta
JamesGreenlee created T4136: Firewall State Policy entries fail to load..
Jan 4 2022, 12:36 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4130: Firewall state policy errors chain from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1130

Jan 4 2022, 12:14 AM · VyOS 1.4 Sagitta

Jan 3 2022

sarthurdev changed the status of T4130: Firewall state policy errors chain from Open to In progress.
Jan 3 2022, 9:58 PM · VyOS 1.4 Sagitta
Viacheslav closed T4065: IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory as Resolved.

Fixed in https://github.com/vyos/vyatta-cfg-vpn/pull/56

Jan 3 2022, 9:09 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3914: VRRP rfc3768-compatibility doesn't work with unicast peers.

Maybe fixed in T4128

Jan 3 2022, 9:05 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav renamed T4135: Declare zone policy firewall without local zone errors from Declare zone policy firewall without local zone erros to Declare zone policy firewall without local zone errors.
Jan 3 2022, 8:02 PM · VyOS 1.4 Sagitta
Viacheslav created T4135: Declare zone policy firewall without local zone errors.
Jan 3 2022, 8:00 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4133: Firewall network group error with zone-based firewall rules from Firewall network group error to Firewall network group error with zone-based firewall rules.
Jan 3 2022, 7:47 PM · VyOS 1.4 Sagitta, VyConf
Viacheslav added a comment to T4133: Firewall network group error with zone-based firewall rules.

To reproduce it should be zone-policy firewall rules, for example:

Jan 3 2022, 7:46 PM · VyOS 1.4 Sagitta, VyConf
c-po assigned T4133: Firewall network group error with zone-based firewall rules to sarthurdev.
Jan 3 2022, 7:39 PM · VyOS 1.4 Sagitta, VyConf
c-po committed rVYOSONEX5a73c9460009: keepalived: T4128: add missing keepalived.service file.
Jan 3 2022, 7:31 PM
c-po changed the status of T3924: VRRP stops working with VRF from Confirmed to Needs testing.
Jan 3 2022, 7:20 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav created T4134: Incorrect firewall protocol completion help uppercase and duplicates.
Jan 3 2022, 7:16 PM · VyOS 1.4 Sagitta
n.fort created T4133: Firewall network group error with zone-based firewall rules.
Jan 3 2022, 7:08 PM · VyOS 1.4 Sagitta, VyConf
c-po added a comment to T4130: Firewall state policy errors chain.
Comparing the old iptables firewall it will look like this:
Jan 3 2022, 7:00 PM · VyOS 1.4 Sagitta
n.fort added a comment to T3435: NAT rules show corruption.
Error still present on VyOS 1.4-rolling-202201020317
Jan 3 2022, 6:57 PM · VyOS 1.4 Sagitta
Viacheslav created T4132: Impossible to show a specific firewall group.
Jan 3 2022, 6:56 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4131: Show firewall group incorrect format members.
Jan 3 2022, 6:53 PM · VyOS 1.4 Sagitta
Viacheslav created T4131: Show firewall group incorrect format members.
Jan 3 2022, 6:45 PM · VyOS 1.4 Sagitta
c-po claimed T3924: VRRP stops working with VRF.
Jan 3 2022, 6:18 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po added a comment to T3924: VRRP stops working with VRF.
keepalived was upgraded to include the above mentioned commits.
Jan 3 2022, 6:18 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po assigned T4130: Firewall state policy errors chain to sarthurdev.
Jan 3 2022, 6:13 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4130: Firewall state policy errors chain from Firewall state policy erros chain to Firewall state policy errors chain.
Jan 3 2022, 5:56 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX2a279f48e208: keepalived: T4128: add systemd option Type=simple.
Jan 3 2022, 5:44 PM
c-po committed rVYOSONEXb64dbabe1cca: test: vyos.validate: also test interface identifier in is_ipv6_link_local().
Jan 3 2022, 5:44 PM
Viacheslav created T4130: Firewall state policy errors chain.
Jan 3 2022, 5:41 PM · VyOS 1.4 Sagitta
dcplaya created T4129: Certstore only accepts `PKCS#8` cert types .
Jan 3 2022, 5:38 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)
dcplaya added a comment to T4127: Upgrading from pre-certstore image to certstore image does not handle CA files with multiple certs.
I was able to test and get a screenshot of the exact error eapol spits out when using certstore as well.
Jan 3 2022, 5:35 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)
c-po closed T4128: keepalived: Upgrade package to add VRF support, a subtask of T3924: VRRP stops working with VRF, as Resolved.
Jan 3 2022, 5:29 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po closed T4128: keepalived: Upgrade package to add VRF support as Resolved.
Jan 3 2022, 5:28 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po created T4128: keepalived: Upgrade package to add VRF support.
Jan 3 2022, 5:28 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4052: Validator return traceback on VRRP configuration with the script path not in config dir as Resolved.
Jan 3 2022, 5:17 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX67c25c6468b5: monitoring: T3872: Add templates for telegraf.
Jan 3 2022, 4:35 PM
Viacheslav committed rVYOSONEXc5a54d4c54d4: monitoring: T3872: Add python handler for service monitoring.
Jan 3 2022, 4:35 PM
Viacheslav committed rVYOSONEX605cac35526c: monitoring: T3872: Add a new feature service monitoring telegraf.
Jan 3 2022, 4:35 PM
GitHub <noreply@github.com> committed rVYOSONEXca3cd970f297: Merge pull request #1018 from sever-sever/T3872 (authored by c-po).
Jan 3 2022, 4:35 PM
Viacheslav changed the status of T4110: [IPV6-SSH/DNS}  enable IPv6 link local adresses as listen-address %eth0 from In progress to Needs testing.
Jan 3 2022, 3:10 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
GitHub <noreply@github.com> committed rVYOSONEXfc2a99e024fc: vrf: xml: rename text -> txt format identifier in valueHelp (authored by c-po).
Jan 3 2022, 9:51 AM
Viacheslav closed T4126: Ability to set priority to site to site IPSec vpn tunnels as Resolved.
Jan 3 2022, 9:16 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4120: [VXLAN] add ability to set multiple unicast-remotes from Open to In progress.
Jan 3 2022, 9:14 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T3976: Missing prefix-list and access-list option from ipv6 route-map.
@egoistdream Just check when this feature was merged. It was implemented in FRR 24th of November, but the latest FRR release was 9th of November

https://frrouting.org/release/8.1/
Jan 3 2022, 9:03 AM
Viacheslav committed rVYOSONEX1da1701ce75d: listen-address: T4110: Ability to set IPv6 link-local addresses.
Jan 3 2022, 8:53 AM
GitHub <noreply@github.com> committed rVYOSONEX4743b91f4eb9: Merge pull request #1124 from sever-sever/T4110 (authored by c-po).
Jan 3 2022, 8:53 AM
Unknown Object (User) added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
Checked in 1.3-rolling-202201030317, health-check works
Jan 3 2022, 7:44 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Jan 2 2022
egoistdream added a comment to T3976: Missing prefix-list and access-list option from ipv6 route-map.
Still the same on vyos-1.4-rolling-202201020317-amd64.iso
Jan 2 2022, 9:53 PM
c-po added a reverting change for rVYOSONEX522c9d916e39: snmp: T4093: add missing verify() step for required group per snmp v3 user: rVYOSONEXd39187f4bde6: Revert "snmp: T4093: add missing verify() step for required group per snmp v3….
Jan 2 2022, 7:35 PM
c-po committed rVYOSONEXd39187f4bde6: Revert "snmp: T4093: add missing verify() step for required group per snmp v3….
Jan 2 2022, 7:35 PM
Jan 1 2022
dcplaya created T4127: Upgrading from pre-certstore image to certstore image does not handle CA files with multiple certs.
Jan 1 2022, 11:09 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA)
c-po committed rVYOSONEX901e40dc3b52: nat: T2199: rename iptables -> nftables variable prefix.
Jan 1 2022, 9:54 AM
Dec 31 2021
sarthurdev committed rVYOSONEX85710cee8fe9: firewall: T2199: Migrate firewall op-mode to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXfdeba8da3e99: firewall: T2199: Migrate firewall to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEX3ebb08893b4b: zone-policy: T2199: Migrate zone-policy op-mode to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXc7cf7b941445: zone-policy: T2199: Migrate zone-policy to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXdcd202aeeb89: policy: T2199: Migrate policy route op-mode to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEXf86041de88c3: policy: T2199: Migrate policy route to XML/Python.
Dec 31 2021, 6:35 PM
sarthurdev committed rVYOSONEX28b285b4791a: zone_policy: T3873: Implement intra-zone-filtering.
Dec 31 2021, 6:35 PM
c-po committed rVYOSONEX0091f6080181: Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current.
Dec 31 2021, 6:35 PM
c-po changed the status of T4121: Nameservers from DHCP client cannot be used in specific cases from In progress to Needs testing.
Dec 31 2021, 5:37 PM · VyOS 1.3 Equuleus (1.3.4)
c-po committed rVYOSONEX42a43b1c572f: smoketest: ipsec: make use of setUpClass().
Dec 31 2021, 4:01 PM
c-po committed rVYOSONEXc5f118b3af48: smoketest: ipsec: T4126: verify configured priority.
Dec 31 2021, 4:01 PM
Viacheslav renamed T4126: Ability to set priority to site to site IPSec vpn tunnels from Ability to set priority to site to site IPSec tunnels to Ability to set priority to site to site IPSec vpn tunnels.
Dec 31 2021, 3:45 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4126: Ability to set priority to site to site IPSec vpn tunnels from Open to Needs testing.
It can't be implemented in 1.3, as it doesn't use swanctl.conf for peers configuration

I didn't find this option for ipsec.conf
Dec 31 2021, 3:45 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX78494fe6de53: ipsec: T4126: Ability to set priorities for installed policy.
Dec 31 2021, 3:29 PM
GitHub <noreply@github.com> committed rVYOSONEXdcf8baa5b304: Merge pull request #1129 from sever-sever/T4126 (authored by c-po).
Dec 31 2021, 3:29 PM
Viacheslav added a comment to T4126: Ability to set priority to site to site IPSec vpn tunnels.
PR https://github.com/vyos/vyos-1x/pull/1129



set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 local prefix '172.16.0.0/24'
set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 priority '100'
set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 remote prefix '10.0.0.0/24'
Dec 31 2021, 3:11 PM · VyOS 1.4 Sagitta
fernando added a comment to T4125: Feature Request: bridge STP BPDU translation.
I want to leave a comment , it's also common that customers don't know that PVST is enabled by default (and send bpdu peer VLANS), So it's possible to mitigate it also using nf rules , below  leave a example:
Dec 31 2021, 2:59 PM
Viacheslav claimed T4126: Ability to set priority to site to site IPSec vpn tunnels.
Dec 31 2021, 1:52 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4126: Ability to set priority to site to site IPSec vpn tunnels.
Dec 31 2021, 1:32 PM · VyOS 1.4 Sagitta
Viacheslav created T4126: Ability to set priority to site to site IPSec vpn tunnels.
Dec 31 2021, 1:24 PM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4125: Feature Request: bridge STP BPDU translation from "Task" to "Feature Request".
Dec 31 2021, 12:11 PM
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
How about starting with a simple interface and allowing to set interface for binding address?



set high-availability vrrp group foo address 203.0.113.1 interface ethX      
Possible completions:
 > ethN         Interfcae used to assign virtual address
 > eth0         
 > eth1         
 > eth2
Dec 31 2021, 12:09 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav moved T4081: VRRP health-check script stops working when setting up a sync group from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Dec 31 2021, 11:04 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav edited projects for T4081: VRRP health-check script stops working when setting up a sync group, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Dec 31 2021, 11:04 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4081: VRRP health-check script stops working when setting up a sync group as Resolved.
Dec 31 2021, 11:04 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXda7248337aa0: keepalived: T4081: Fix health-checking when syn-group is used.
Dec 31 2021, 9:36 AM
GitHub <noreply@github.com> committed rVYOSONEX02dfd272ad99: Merge pull request #1122 from sever-sever/T4081-equ (authored by dmbaturin).
Dec 31 2021, 9:36 AM
c-po committed rVYOSONEXb468930a61d4: firewall: xml: T4100: increase maximum number of rules to 999999.
Dec 31 2021, 8:11 AM
SrividyaA placed T4115: reboot in <x> not working as expected up for grabs.
Dec 31 2021, 8:00 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
c-po triaged T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID as Low priority.
Dec 31 2021, 8:00 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
This sounds like a "peer-link" or "heartbeat-link" between two VyOS boxes. I have yet no idea how the CLI could look like, maybe you have one?
Dec 31 2021, 7:59 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po committed rVYOSONEXad9289163aff: snmp: T4124: remove snmp.py from vyos-configd.
Dec 31 2021, 7:55 AM
Unknown Object (User) created T4125: Feature Request: bridge STP BPDU translation.
Dec 31 2021, 3:56 AM
Dec 30 2021
c-po closed T4124: snmp: migrate to get_config_dict() as Resolved.
Dec 30 2021, 8:39 PM · VyOS 1.4 Sagitta
First
Prev
Next