- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Jan 5 2022
Jan 5 2022
Viacheslav added a project to T4141: Set high-availability vrrp sync-group without members error: VyOS 1.4 Sagitta.
Jan 4 2022
Jan 4 2022
Viacheslav renamed T4134: Incorrect firewall protocol completion help uppercase and duplicates from Some firewall protocol completion help in uppercase to Incorrect firewall protocol completion help uppercase and duplicates.
Viacheslav changed the status of T4134: Incorrect firewall protocol completion help uppercase and duplicates from Open to In progress.
Viacheslav renamed T4138: NAT configuration allows to set incorrect port range and invalid port from NAT configuration allows to set incorrect port range to NAT configuration allows to set incorrect port range and invalid port.
Viacheslav renamed T4137: Firewall group configuration allows to set incorrect port range and invalid port from Firewall group configuration allows incorrect port range to Firewall group configuration allows to set incorrect port range and invalid port.
Viacheslav updated the task description for T4137: Firewall group configuration allows to set incorrect port range and invalid port.
PR https://github.com/vyos/vyos-1x/pull/1131
vyos@r11-roll:~$ show firewall group Possible completions: <Enter> Execute the current command FOO Show firewall group FOO2 NETV6 PORTGRP
In 1.3 it looks like just ipset -L:
vyos@r4:~$ show firewall group
Name : FOO2
Type : address
References : none
Members :
203.0.113.3Jan 3 2022
Jan 3 2022
Maybe fixed in T4128
Viacheslav renamed T4135: Declare zone policy firewall without local zone errors from Declare zone policy firewall without local zone erros to Declare zone policy firewall without local zone errors.
Viacheslav renamed T4133: Firewall network group error with zone-based firewall rules from Firewall network group error to Firewall network group error with zone-based firewall rules.
To reproduce it should be zone-policy firewall rules, for example:
Viacheslav renamed T4130: Firewall state policy errors chain from Firewall state policy erros chain to Firewall state policy errors chain.
Viacheslav changed the status of T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 from In progress to Needs testing.
Viacheslav changed the status of T4120: [VXLAN] add ability to set multiple unicast-remotes from Open to In progress.
Viacheslav added a comment to T3976: Missing prefix-list and access-list option from ipv6 route-map.
@egoistdream Just check when this feature was merged. It was implemented in FRR 24th of November, but the latest FRR release was 9th of November
https://frrouting.org/release/8.1/
Dec 31 2021
Dec 31 2021
Viacheslav renamed T4126: Ability to set priority to site to site IPSec vpn tunnels from Ability to set priority to site to site IPSec tunnels to Ability to set priority to site to site IPSec vpn tunnels.
Viacheslav changed the status of T4126: Ability to set priority to site to site IPSec vpn tunnels from Open to Needs testing.
It can't be implemented in 1.3, as it doesn't use swanctl.conf for peers configuration
I didn't find this option for ipsec.conf
PR https://github.com/vyos/vyos-1x/pull/1129
set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 local prefix '172.16.0.0/24' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 priority '100' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 remote prefix '10.0.0.0/24'
Viacheslav updated the task description for T4126: Ability to set priority to site to site IPSec vpn tunnels.
Viacheslav changed the subtype of T4125: Feature Request: bridge STP BPDU translation from "Task" to "Feature Request".
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
How about starting with a simple interface and allowing to set interface for binding address?
set high-availability vrrp group foo address 203.0.113.1 interface ethX Possible completions: > ethN Interfcae used to assign virtual address > eth0 > eth1 > eth2
Viacheslav edited projects for T4081: VRRP health-check script stops working when setting up a sync group, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav closed T4081: VRRP health-check script stops working when setting up a sync group as Resolved.
Dec 29 2021
Dec 29 2021
@insignia96 Will be present in the next rolling release.
Viacheslav reopened T2498: Expected error when deleting vif that has dhcp-server configured as "Open".
Re-opened as this task regarding dhcp-server, not dhcp-client
Viacheslav closed T2498: Expected error when deleting vif that has dhcp-server configured as Not Applicable.
Fixed VyOS 1.3.0:
vyos@r4# run show conf com | match dhcp
set interfaces ethernet eth2 vif 35 address 'dhcp'
[edit]
vyos@r4# run show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.122.14/24 u/u WAN
eth1 203.0.113.14/24 u/u Lan
192.0.2.14/24
eth2 - u/u
eth2.35 10.0.2.10/24 u/uViacheslav added a project to T2700: Redirecting traffic from PPPoE interface to IFB fails: VyOS 1.4 Sagitta.
To reproduce:
set interfaces ethernet eth2 vif 35 set interfaces pppoe pppoe0 authentication password 'MYPASSWORD' set interfaces pppoe pppoe0 authentication user 'MYUSER' set interfaces pppoe pppoe0 default-route 'force' set interfaces pppoe pppoe0 mtu '1492' set interfaces pppoe pppoe0 redirect 'ifb0' set interfaces pppoe pppoe0 source-interface 'eth2.35' set interfaces pppoe pppoe0 traffic-policy out 'OUT2' set interfaces input ifb0
Commit:
vyos@r11-roll# commit [ interfaces pppoe pppoe0 redirect ifb0 ] Cannot find device "pppoe0" tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.
Viacheslav moved T2400: OpenVPN: dont restart server if no need from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav closed T2400: OpenVPN: dont restart server if no need, a subtask of T3995: OpenVPN: do not stop/start service on configuration change, as Resolved.
Fixed in eceaa3a7
Just fork the repository vyos-1x and create a PR with propper commit format.
https://docs.vyos.io/en/equuleus/contributing/development.html#fork-repository-and-submit-patch
https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md
Dec 28 2021
Dec 28 2021
Viacheslav edited projects for T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav changed the status of T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check from Open to In progress.
Viacheslav changed the status of T4111: IPSec generates wrong configuration colons for IPv6 peers from In progress to Needs testing.
One issue with static + dhcp on one interface at the same time.
After renew, the static address 192.168.122.11 is disappears
To reproduce:
vyos@r11-roll:~$ show conf com | match eth0 set interfaces ethernet eth0 address '192.168.122.11/24' set interfaces ethernet eth0 address 'dhcp'
Renew dhcp:
vyos@r11-roll:~$ renew dhcp interface eth0
Static address not in the system:
vyos@r11-roll:~$ show int Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 192.168.122.166/24 u/u WAN eth1 203.0.113.1/24 u/u
@johannrichard Is there any real example that you want to achieve?
Viacheslav changed the status of T4023: Add grepcidr or similar functionality from Open to In progress.
Viacheslav changed the status of T4100: Firewall increase maximum number of rules from Open to Needs testing.
Viacheslav changed the status of T4109: Extend high-availability/keepalived for support virtual-server lb from Open to In progress.
Viacheslav changed the status of T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 from Open to In progress.
Viacheslav added a comment to T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0.
PR https://github.com/vyos/vyos-1x/pull/1124
set service ssh disable-host-validation set service ssh listen-address '192.168.122.11' set service ssh listen-address 'fe80::5054:ff:fe48:a0c6%eth0'
Chek service and listen-addresses:
vyos@r11-roll# cat /run/sshd/sshd_config | grep List ListenAddress 192.168.122.11 ListenAddress fe80::5054:ff:fe48:a0c6%eth0
Viacheslav changed the status of T3380: "show vpn ike sa" does not display IPv6 peers from Open to In progress.
Viacheslav moved T3380: "show vpn ike sa" does not display IPv6 peers from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T3380: "show vpn ike sa" does not display IPv6 peers: VyOS 1.3 Equuleus ( 1.3.1).
It still doesn't work for 1.3
This regex not for all IPv6 peers
Viacheslav changed the status of T4111: IPSec generates wrong configuration colons for IPv6 peers from Open to In progress.
Dec 27 2021
Dec 27 2021
Viacheslav renamed T4111: IPSec generates wrong configuration colons for IPv6 peers from IPSec generates wrong configuration for IPv6 peers to IPSec generates wrong configuration colons for IPv6 peers.
Viacheslav changed the status of T3299: Allow the web proxy service to listen on all IP addresses from Resolved to Unknown Status.