PR removes the empty line when there are no group members, also adds a warning message when empty groups are used in rules.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jan 11 2022
@Viacheslav Not using exact ipset format, however addresses are sorted and output one per line.
Should resolve the rest of the error messages.
Jan 10 2022
IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152
Error for rule being in use when deleting base node was fixed in https://github.com/vyos/vyos-1x/pull/1151
Thanks for catching that!
Jan 6 2022
Updates the vyatta-conntrack package to work without legacy firewall and fixes the op-mode commands. Should also fix some conntrack functionality (untested).
Jan 5 2022
Jan 4 2022
Duplicate of T4130
Jan 3 2022
Nov 4 2021
Nov 3 2021
Oct 31 2021
Included this feature in the firewall/zone-policy rewrite: https://github.com/vyos/vyos-1x/pull/1033
Oct 20 2021
Oct 19 2021
Sep 24 2021
Sep 14 2021
Good shout, fixed in following PR: https://github.com/vyos/vyos-1x/pull/1005
Sep 13 2021
Aug 13 2021
Aug 10 2021
Jul 22 2021
Jul 21 2021
Jul 20 2021
Jul 19 2021
PKI Wireguard PR: https://github.com/vyos/vyos-1x/pull/929
Jul 16 2021
Jul 13 2021
This error occurs because the ipsec module blindly updates the l2tp module after a commit change to ensure any l2tp via ipsec config is then refreshed also.
Jul 7 2021
vpn rsa-keys migrated: https://github.com/vyos/vyos-1x/pull/912
Jul 2 2021
Should be resolved in PR: https://github.com/vyos/vyos-1x/pull/903
Fixed in PR: https://github.com/vyos/vyos-1x/pull/903
Jun 29 2021
PR is in: https://github.com/vyos/vyos-1x/pull/901
I should soon have a PR ready for this, including an update to IPSec config to show how to port existing configs to use PKI.
Jun 26 2021
When using show pki ... commands you would be able to see the relation between certificates and CAs.
Jun 22 2021
@SrividyaA Fixed in PR https://github.com/vyos/vyos-1x/pull/894
Jun 21 2021
Jun 19 2021
Jun 17 2021
@SrividyaA Fixed in PR: https://github.com/vyos/vyos-1x/pull/884
Jun 15 2021
Swanctl migration PR: https://github.com/vyos/vyos-1x/pull/881
Jun 12 2021
Jun 11 2021
Included in PR: https://github.com/vyos/vyos-1x/pull/881
I've left vti esp-group to keep backwards compatibility with current behaviour when vti is configured without any tunnels (when it uses 0.0.0.0/0), in that scenario it would still use the group specified.
I wonder if instead it should just use the existing tunnel node for this. So if VTI is set on a peer, all configured tunnels get marked for the VTI interface. Current VyOS behaviour allows only for tunnels, or VTI - not both.
@krox2 Oh I think I understand what you mean. You'd want to also be able to create multiple child SAs each with unique left/right subnets?
Jun 10 2021
Jun 7 2021
Clarifying as requested by c-po:
Jun 4 2021
Jun 3 2021
Jun 1 2021
May 30 2021
Also vpn ipsec site-to-site peer x tunnel x allow-nat-networks and vpn ipsec site-to-site peer x tunnel x allow-public-networks
May 28 2021
May 27 2021
IPSec / DMVPN PR: https://github.com/vyos/vyos-1x/pull/856
May 24 2021
The main issue seems to be a lack of execute permissions on the script vyatta-gen-x509-keypair