Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Jan 12 2022

Viacheslav added a comment to T4168: IPsec VPN is impossible to restart when DMVPN is configured.

PR https://github.com/vyos/vyatta-op-vpn/pull/32

Jan 12 2022, 4:04 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav closed T4174: Validation fails when entering port range with upper port 65535, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 12 2022, 11:29 AM · VyOS 1.4 Sagitta (1.4.0-epa2)
Viacheslav closed T4174: Validation fails when entering port range with upper port 65535 as Resolved.
Jan 12 2022, 11:29 AM · VyOS 1.4 Sagitta

Jan 11 2022

Viacheslav added a project to T4151: IPV6 local PBR Support: VyOS 1.3 Equuleus ( 1.3.1).
Jan 11 2022, 11:48 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta

Jan 10 2022

Viacheslav added a comment to T4163: [BMP-BGP] Routing monitoring feature.

@fernando Thanks, do you have any idea about syntax?

Jan 10 2022, 10:13 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav created T4165: Custom conntrack rules cannot be deleted.
Jan 10 2022, 10:00 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav changed the status of T4152: NHRP shortcut-target holding-time does not work from In progress to Needs testing.
Jan 10 2022, 9:40 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4163: [BMP-BGP] Routing monitoring feature.

There is PR which includes this feature https://github.com/vyos/vyos-1x/pull/1088

Jan 10 2022, 8:17 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav assigned T4162: VPN ipsec ike-group - Incorrect value help for ikev2-reauth to n.fort.
Jan 10 2022, 6:49 PM · VyOS 1.4 Sagitta
Viacheslav assigned T4161: Policy route-map - Incorrect value help for local preference to n.fort.
Jan 10 2022, 5:07 PM · VyOS 1.4 Sagitta
Viacheslav moved T3299: Allow the web proxy service to listen on all IP addresses from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Jan 10 2022, 9:32 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T3299: Allow the web proxy service to listen on all IP addresses from Unknown Status to Resolved.
Jan 10 2022, 9:32 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXaa438129337c: squid: T3299: Add listen address 0.0.0.0 (authored by sever-sever <v.gletenko@vyos.io>).
Jan 10 2022, 9:02 AM
Viacheslav added a comment to T4158: Add support for "ip nhrp registration no-unique" from FRR.

We don’t use frr nhrpd, more details T2326
We use opennhrp

Jan 10 2022, 6:17 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)

Jan 9 2022

Viacheslav committed rVYOSONEX66d59d9e393c: vrrp: T1972: Ability to set IP address on not vrrp interface.
Jan 9 2022, 8:45 PM
Viacheslav committed rVYOSONEXfb464f0b7654: keepalived: T4150: Fix template option conntrack_sync_group.
Jan 9 2022, 7:52 PM
Viacheslav committed rVYOSONEXd997874deb61: nhrp: T4152: Fix template holding-time for nhrp.
Jan 9 2022, 7:46 PM
Viacheslav updated subscribers of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases .
Jan 9 2022, 7:43 PM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases from "Task" to "Bug".
Jan 9 2022, 7:40 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3706: Add proper priorities for systemd daemons.

A simple check works fine:
Set 20% quota for snmpd
And check it with script:

#!/usr/bin/env bash
Jan 9 2022, 5:12 PM · Bugs, VyOS Rolling
Viacheslav added a comment to T3706: Add proper priorities for systemd daemons.

https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html

Jan 9 2022, 4:53 PM · Bugs, VyOS Rolling
Viacheslav changed the status of T3774: atop logs are not limited in size from In progress to Needs testing.
Jan 9 2022, 4:39 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
Viacheslav closed T3822: OpenVPN processes do not have permission to read key files generated with `run generate openvpn key` as Resolved.

It was fixed in above commits, wrong testing form my site.

Jan 9 2022, 4:28 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0.

@aha As I see tftp can't bind ipv6 link local address:

Jan 9 2022, 3:54 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav edited projects for T3299: Allow the web proxy service to listen on all IP addresses, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Jan 9 2022, 2:56 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T3299: Allow the web proxy service to listen on all IP addresses.

Cherry-pick PR https://github.com/vyos/vyos-1x/pull/1146

Jan 9 2022, 2:56 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4100: Firewall increase maximum number of rules.

It requires checking for 1.3 as it was changed and it uses the old backend on Perl (links above).

Jan 9 2022, 2:31 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4153: Monitor bandwidth-test initiate not working.

It seems -V option:

Jan 9 2022, 2:24 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a project to T4154: Error add second gre tunnel with the same source interface: VyOS 1.3 Equuleus ( 1.3.1).
Jan 9 2022, 2:08 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav created T4154: Error add second gre tunnel with the same source interface.
Jan 9 2022, 2:08 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav moved T4142: Input ifbX interfaces not displayed in op-mode from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Jan 9 2022, 2:02 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4142: Input ifbX interfaces not displayed in op-mode as Resolved.
Jan 9 2022, 2:01 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4152: NHRP shortcut-target holding-time does not work.

PR for 1.3 https://github.com/vyos/vyos-nhrp/pull/7

Jan 9 2022, 1:50 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4152: NHRP shortcut-target holding-time does not work.

PR for 1.4 https://github.com/vyos/vyos-1x/pull/1145

Jan 9 2022, 12:42 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T4152: NHRP shortcut-target holding-time does not work from Open to In progress.
Jan 9 2022, 12:19 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4100: Firewall increase maximum number of rules.

Check a real generated firewall iptables/nftables config
As 10000 it is the latest default rule, so your rules can be applied after default action with seq 10000

Jan 9 2022, 9:36 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T4087: IPsec IKE-group proposals limit of 10 pieces from Open to Needs testing.
Jan 9 2022, 7:45 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.2 Crux (VyOS 1.2.9)
Viacheslav added a project to T4087: IPsec IKE-group proposals limit of 10 pieces : VyOS 1.4 Sagitta.

Could you also create a pr for 1.4?
Or 1.4 doesn’t have such limits?

Jan 9 2022, 7:44 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.2 Crux (VyOS 1.2.9)
Viacheslav added a comment to T4072: Feature Request: Firewall on bridge interfaces.

Does it work with vlan bridges T3115?

Jan 9 2022, 7:40 AM · VyOS 1.4 Sagitta

Jan 8 2022

Viacheslav reopened T4100: Firewall increase maximum number of rules as "Needs testing".

@NikolayP Could you test if all works fine?
Check the real generated firewal rules.

Jan 8 2022, 8:04 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4116: Webproxy/Squid not working with IPv6 listen-address as Resolved.
Jan 8 2022, 8:01 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T840: VRRP V3 backup router sending ND RA.

Is it an actual task? If yes, can someone explain which configuration you expect from keepalived.conf or radvd.conf?
As I see PR 9aad6f was merged.

Jan 8 2022, 6:42 PM · VyOS Rolling
Viacheslav moved T4100: Firewall increase maximum number of rules from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Jan 8 2022, 6:09 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4100: Firewall increase maximum number of rules as Resolved.
Jan 8 2022, 6:09 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.

PR https://github.com/vyos/vyos-1x/pull/1143

Jan 8 2022, 2:09 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4150: VRRP with conntrack-sync does not work.

PR https://github.com/vyos/vyos-1x/pull/1142

Jan 8 2022, 11:19 AM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4150: VRRP with conntrack-sync does not work from "Task" to "Bug".
Jan 8 2022, 10:51 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4150: VRRP with conntrack-sync does not work from Open to In progress.
Jan 8 2022, 10:50 AM · VyOS 1.4 Sagitta
Viacheslav edited projects for T4151: IPV6 local PBR Support, added: VyOS 1.4 Sagitta; removed VyOS 1.1.x.

It requires option -6
For example:

sudo ip -6 rule add prio 10 from de:de::1 lookup 5

Show v6 rules:

vyos@r11-roll# sudo ip -6 rule show
0:	from all lookup local
10:	from de:de::1 lookup 5
32766:	from all lookup main
[edit]
vyos@r11-roll#
Jan 8 2022, 10:25 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta

Jan 7 2022

Viacheslav moved T3924: VRRP stops working with VRF from Open to Finished on the VyOS 1.4 Sagitta board.
Jan 7 2022, 11:02 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Jan 6 2022

Viacheslav committed rVYOSONEXfab311fa3c79: op-mode: T4142: Fix for show input ifbX interfaces.
Jan 6 2022, 6:36 PM
Viacheslav changed the status of T4109: Extend high-availability/keepalived for support virtual-server lb from In progress to Needs testing.
Jan 6 2022, 5:41 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4145: Conntrack table not showing after firewall rewriting from Open to Needs testing.
Jan 6 2022, 4:21 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4145: Conntrack table not showing after firewall rewriting from Conntrack table not showing after firewall after firewall rewriting to Conntrack table not showing after firewall rewriting.
Jan 6 2022, 12:22 PM · VyOS 1.4 Sagitta
Viacheslav created T4145: Conntrack table not showing after firewall rewriting.
Jan 6 2022, 12:07 PM · VyOS 1.4 Sagitta
Viacheslav assigned T3914: VRRP rfc3768-compatibility doesn't work with unicast peers to c-po.

Fixed for 1.4 in T4128 with update "keepalived".
In 1.3 we don't update this pkg and it still has this bug.

Jan 6 2022, 11:32 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4130: Firewall state policy errors chain as Resolved.
Jan 6 2022, 11:14 AM · VyOS 1.4 Sagitta
Viacheslav closed T4135: Declare zone policy firewall without local zone errors as Resolved.
Jan 6 2022, 11:10 AM · VyOS 1.4 Sagitta

Jan 5 2022

Viacheslav moved T4142: Input ifbX interfaces not displayed in op-mode from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Jan 5 2022, 4:20 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX5fdf4e598834: op-mode: T4142: Fix for show input ifbX interfaces.
Jan 5 2022, 4:13 PM
Viacheslav added a comment to T4142: Input ifbX interfaces not displayed in op-mode.

PR https://github.com/vyos/vyos-1x/pull/1138

vyos@r11-roll:~$ show interfaces input 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
ifb0             -                                 u/u  FOO
ifb1             -                                 u/u  FOO1
vyos@r11-roll:~$
Jan 5 2022, 4:07 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a project to T4142: Input ifbX interfaces not displayed in op-mode: VyOS 1.3 Equuleus ( 1.3.1).
Jan 5 2022, 3:47 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T4142: Input ifbX interfaces not displayed in op-mode from Open to In progress.
Jan 5 2022, 3:42 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav created T4142: Input ifbX interfaces not displayed in op-mode.
Jan 5 2022, 3:41 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav updated the task description for T4141: Set high-availability vrrp sync-group without members error.
Jan 5 2022, 12:49 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T4141: Set high-availability vrrp sync-group without members error from Open to Confirmed.
Jan 5 2022, 12:44 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a project to T4141: Set high-availability vrrp sync-group without members error: VyOS 1.4 Sagitta.
Jan 5 2022, 12:44 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav created T4141: Set high-availability vrrp sync-group without members error.
Jan 5 2022, 12:37 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav created T4140: Lack of SNMP IANA mibs.
Jan 5 2022, 12:06 PM · VyOS 1.4 Sagitta

Jan 4 2022

Viacheslav closed T4134: Incorrect firewall protocol completion help uppercase and duplicates as Resolved.
Jan 4 2022, 6:20 PM · VyOS 1.4 Sagitta
Viacheslav closed T4132: Impossible to show a specific firewall group as Resolved.
Jan 4 2022, 6:18 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX55bf54afb750: firewall: T4132: Fix for op-mode show firewall group.
Jan 4 2022, 5:24 PM
Viacheslav committed rVYOSONEX5f2c965d28f7: firewall: T4134: Fix completion help for protocols.
Jan 4 2022, 5:24 PM
Viacheslav committed rVYOSONEXf0d4f6060034: keepalived: T4109: Add XML for high-availability virtual-server.
Jan 4 2022, 5:22 PM
Viacheslav committed rVYOSONEX2817f86a0faf: conntrack-sync: T4109: Change script name for vrrp.
Jan 4 2022, 5:22 PM
Viacheslav committed rVYOSONEXacefbacf7966: keepalived: T4109: Change smoketest correct path vrrp.
Jan 4 2022, 5:22 PM
Viacheslav committed rVYOSONEX362812150565: keepalived: T4109: Add high-availability virtual-server.
Jan 4 2022, 5:22 PM
Viacheslav assigned T4135: Declare zone policy firewall without local zone errors to sarthurdev.
Jan 4 2022, 4:04 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4134: Incorrect firewall protocol completion help uppercase and duplicates.

PR https://github.com/vyos/vyos-1x/pull/1132

Jan 4 2022, 1:32 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4134: Incorrect firewall protocol completion help uppercase and duplicates from Some firewall protocol completion help in uppercase to Incorrect firewall protocol completion help uppercase and duplicates.
Jan 4 2022, 1:21 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4134: Incorrect firewall protocol completion help uppercase and duplicates from Open to In progress.
Jan 4 2022, 12:26 PM · VyOS 1.4 Sagitta
Viacheslav claimed T4134: Incorrect firewall protocol completion help uppercase and duplicates.
Jan 4 2022, 12:26 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4138: NAT configuration allows to set incorrect port range and invalid port from NAT configuration allows to set incorrect port range to NAT configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:14 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4137: Firewall group configuration allows to set incorrect port range and invalid port from Firewall group configuration allows incorrect port range to Firewall group configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:12 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4137: Firewall group configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:10 PM · VyOS 1.4 Sagitta
Viacheslav created T4138: NAT configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:05 PM · VyOS 1.4 Sagitta
Viacheslav created T4137: Firewall group configuration allows to set incorrect port range and invalid port.
Jan 4 2022, 12:00 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4132: Impossible to show a specific firewall group.

PR https://github.com/vyos/vyos-1x/pull/1131

vyos@r11-roll:~$ show firewall group 
Possible completions:
  <Enter>       Execute the current command
  FOO           Show firewall group
  FOO2
  NETV6
  PORTGRP
Jan 4 2022, 11:47 AM · VyOS 1.4 Sagitta
Viacheslav claimed T4132: Impossible to show a specific firewall group.
Jan 4 2022, 11:37 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4131: Show firewall group incorrect format members.

In 1.3 it looks like just ipset -L:

vyos@r4:~$ show firewall group 
Name       : FOO2
Type       : address
References : none
Members    :
             203.0.113.3
Jan 4 2022, 9:53 AM · VyOS 1.4 Sagitta

Jan 3 2022

Viacheslav closed T4065: IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory as Resolved.

Fixed in https://github.com/vyos/vyatta-cfg-vpn/pull/56

Jan 3 2022, 9:09 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3914: VRRP rfc3768-compatibility doesn't work with unicast peers.

Maybe fixed in T4128

Jan 3 2022, 9:05 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav renamed T4135: Declare zone policy firewall without local zone errors from Declare zone policy firewall without local zone erros to Declare zone policy firewall without local zone errors.
Jan 3 2022, 8:02 PM · VyOS 1.4 Sagitta
Viacheslav created T4135: Declare zone policy firewall without local zone errors.
Jan 3 2022, 8:00 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4133: Firewall network group error with zone-based firewall rules from Firewall network group error to Firewall network group error with zone-based firewall rules.
Jan 3 2022, 7:47 PM · VyOS 1.4 Sagitta, VyConf
Viacheslav added a comment to T4133: Firewall network group error with zone-based firewall rules.

To reproduce it should be zone-policy firewall rules, for example:

Jan 3 2022, 7:46 PM · VyOS 1.4 Sagitta, VyConf
Viacheslav created T4134: Incorrect firewall protocol completion help uppercase and duplicates.
Jan 3 2022, 7:16 PM · VyOS 1.4 Sagitta
Viacheslav created T4132: Impossible to show a specific firewall group.
Jan 3 2022, 6:56 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4131: Show firewall group incorrect format members.
Jan 3 2022, 6:53 PM · VyOS 1.4 Sagitta
Viacheslav created T4131: Show firewall group incorrect format members.
Jan 3 2022, 6:45 PM · VyOS 1.4 Sagitta
First
Prev
Next