A simple check works fine:
Set 20% quota for snmpd
And check it with script:
#!/usr/bin/env bash- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Jan 9 2022
Jan 9 2022
Viacheslav changed the status of T3774: atop logs are not limited in size from In progress to Needs testing.
Viacheslav closed T3822: OpenVPN processes do not have permission to read key files generated with `run generate openvpn key` as Resolved.
It was fixed in above commits, wrong testing form my site.
Viacheslav added a comment to T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0.
@aha As I see tftp can't bind ipv6 link local address:
Viacheslav edited projects for T3299: Allow the web proxy service to listen on all IP addresses, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Cherry-pick PR https://github.com/vyos/vyos-1x/pull/1146
It requires checking for 1.3 as it was changed and it uses the old backend on Perl (links above).
It seems -V option:
Viacheslav moved T4142: Input ifbX interfaces not displayed in op-mode from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
PR for 1.3 https://github.com/vyos/vyos-nhrp/pull/7
PR for 1.4 https://github.com/vyos/vyos-1x/pull/1145
Viacheslav changed the status of T4152: NHRP shortcut-target holding-time does not work from Open to In progress.
Check a real generated firewall iptables/nftables config
As 10000 it is the latest default rule, so your rules can be applied after default action with seq 10000
Viacheslav changed the status of T4087: IPsec IKE-group proposals limit of 10 pieces from Open to Needs testing.
Viacheslav added a project to T4087: IPsec IKE-group proposals limit of 10 pieces : VyOS 1.4 Sagitta.
Could you also create a pr for 1.4?
Or 1.4 doesn’t have such limits?
Does it work with vlan bridges T3115?
Jan 8 2022
Jan 8 2022
@NikolayP Could you test if all works fine?
Check the real generated firewal rules.
Is it an actual task? If yes, can someone explain which configuration you expect from keepalived.conf or radvd.conf?
As I see PR 9aad6f was merged.
Viacheslav moved T4100: Firewall increase maximum number of rules from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
Viacheslav changed the subtype of T4150: VRRP with conntrack-sync does not work from "Task" to "Bug".
Viacheslav changed the status of T4150: VRRP with conntrack-sync does not work from Open to In progress.
Viacheslav edited projects for T4151: IPV6 local PBR Support, added: VyOS 1.4 Sagitta; removed VyOS 1.1.x.
It requires option -6
For example:
sudo ip -6 rule add prio 10 from de:de::1 lookup 5
Show v6 rules:
vyos@r11-roll# sudo ip -6 rule show 0: from all lookup local 10: from de:de::1 lookup 5 32766: from all lookup main [edit] vyos@r11-roll#
Jan 7 2022
Jan 7 2022
Viacheslav moved T3924: VRRP stops working with VRF from Open to Finished on the VyOS 1.4 Sagitta board.
Jan 6 2022
Jan 6 2022
Viacheslav changed the status of T4109: Extend high-availability/keepalived for support virtual-server lb from In progress to Needs testing.
Viacheslav changed the status of T4145: Conntrack table not showing after firewall rewriting from Open to Needs testing.
Viacheslav renamed T4145: Conntrack table not showing after firewall rewriting from Conntrack table not showing after firewall after firewall rewriting to Conntrack table not showing after firewall rewriting.
Fixed for 1.4 in T4128 with update "keepalived".
In 1.3 we don't update this pkg and it still has this bug.
Jan 5 2022
Jan 5 2022
Viacheslav moved T4142: Input ifbX interfaces not displayed in op-mode from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
PR https://github.com/vyos/vyos-1x/pull/1138
vyos@r11-roll:~$ show interfaces input Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- ifb0 - u/u FOO ifb1 - u/u FOO1 vyos@r11-roll:~$
Viacheslav added a project to T4142: Input ifbX interfaces not displayed in op-mode: VyOS 1.3 Equuleus ( 1.3.1).
Viacheslav changed the status of T4142: Input ifbX interfaces not displayed in op-mode from Open to In progress.
Viacheslav updated the task description for T4141: Set high-availability vrrp sync-group without members error.
Viacheslav changed the status of T4141: Set high-availability vrrp sync-group without members error from Open to Confirmed.
Viacheslav added a project to T4141: Set high-availability vrrp sync-group without members error: VyOS 1.4 Sagitta.
Jan 4 2022
Jan 4 2022
Viacheslav renamed T4134: Incorrect firewall protocol completion help uppercase and duplicates from Some firewall protocol completion help in uppercase to Incorrect firewall protocol completion help uppercase and duplicates.
Viacheslav changed the status of T4134: Incorrect firewall protocol completion help uppercase and duplicates from Open to In progress.
Viacheslav renamed T4138: NAT configuration allows to set incorrect port range and invalid port from NAT configuration allows to set incorrect port range to NAT configuration allows to set incorrect port range and invalid port.
Viacheslav renamed T4137: Firewall group configuration allows to set incorrect port range and invalid port from Firewall group configuration allows incorrect port range to Firewall group configuration allows to set incorrect port range and invalid port.
Viacheslav updated the task description for T4137: Firewall group configuration allows to set incorrect port range and invalid port.
PR https://github.com/vyos/vyos-1x/pull/1131
vyos@r11-roll:~$ show firewall group Possible completions: <Enter> Execute the current command FOO Show firewall group FOO2 NETV6 PORTGRP
In 1.3 it looks like just ipset -L:
vyos@r4:~$ show firewall group
Name : FOO2
Type : address
References : none
Members :
203.0.113.3Jan 3 2022
Jan 3 2022
Maybe fixed in T4128
Viacheslav renamed T4135: Declare zone policy firewall without local zone errors from Declare zone policy firewall without local zone erros to Declare zone policy firewall without local zone errors.
Viacheslav renamed T4133: Firewall network group error with zone-based firewall rules from Firewall network group error to Firewall network group error with zone-based firewall rules.
To reproduce it should be zone-policy firewall rules, for example:
Viacheslav renamed T4130: Firewall state policy errors chain from Firewall state policy erros chain to Firewall state policy errors chain.
Viacheslav changed the status of T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 from In progress to Needs testing.
Viacheslav changed the status of T4120: [VXLAN] add ability to set multiple unicast-remotes from Open to In progress.
Viacheslav added a comment to T3976: Missing prefix-list and access-list option from ipv6 route-map.
@egoistdream Just check when this feature was merged. It was implemented in FRR 24th of November, but the latest FRR release was 9th of November
https://frrouting.org/release/8.1/
Dec 31 2021
Dec 31 2021
Viacheslav renamed T4126: Ability to set priority to site to site IPSec vpn tunnels from Ability to set priority to site to site IPSec tunnels to Ability to set priority to site to site IPSec vpn tunnels.
Viacheslav changed the status of T4126: Ability to set priority to site to site IPSec vpn tunnels from Open to Needs testing.
It can't be implemented in 1.3, as it doesn't use swanctl.conf for peers configuration
I didn't find this option for ipsec.conf
PR https://github.com/vyos/vyos-1x/pull/1129
set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 local prefix '172.16.0.0/24' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 priority '100' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 remote prefix '10.0.0.0/24'
Viacheslav updated the task description for T4126: Ability to set priority to site to site IPSec vpn tunnels.
Viacheslav changed the subtype of T4125: Feature Request: bridge STP BPDU translation from "Task" to "Feature Request".