@klipz In my case, the only problem is adding the wlan interface to the bridge at startup (looks like an order thing), when vyos is started (and the wlan interface is up) no problem to add it to the bridge witth the CLI.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jan 18 2022
Jan 18 2022
The XDP proof of concept program that is availbale in 1.4 does not support 802.1q - those headers are not parsed and processed.
c-po changed the status of T4187: XDP broken for VLAN/vif interfaces with hardware offloading from Open to Confirmed.
What would be the use-case? We can start PDNS in one VRF context only.
c-po changed the status of T3700: Support VLAN tunnel mapping of VLAN aware bridges, a subtask of T3137: Let VLAN aware bridge approach the behavior of professional equipment, from In progress to On hold.
c-po changed the status of T3700: Support VLAN tunnel mapping of VLAN aware bridges from In progress to On hold.
Jan 17 2022
Jan 17 2022
Viacheslav added a comment to T2762: VRF: when SSHd is VRF bound all commands are executed in VRF context.
PR for ping https://github.com/vyos/vyos-1x/pull/1175
You need to remove the state new match on the rule and it'll work.
c-po moved T3164: console-server ssh does not work with RADIUS PAM auth from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav closed T891: Current multi-table usage with VRF-netns tables in FRR is partially broken for PBR. as Not Applicable.
Close the task
@Watcher7 Re-test it or describe steps hot to reproduce, as since 1.2-rc2 was implemented a lot of changes regarding vrf + frr.
You can set both vrf + next-hop address
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.171 / 5.10.91 to Update Linux Kernel to v5.4.172 / 5.10.92.
I experience the same problem of VyOS failing to add wlan0 to bridge, which persists in all 1.3-epa and 1.3-LTS versions, as well as 1.4 nightly builds.
GitHub <noreply@github.com> committed rVYOSONEX9fb2e1432209: Merge pull request #1174 from sarthurdev/firewall (authored by c-po).
Tested and working as expected on VyOS 1.4-rolling-202201150317
There are some issues with powerdns in vrf context.
Included those flags in PR: https://github.com/vyos/vyos-1x/pull/1174
Think 2 flag options should be added.
According to nft wiki these are all the flags that nft could match: tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr}
Included in PR: https://github.com/vyos/vyos-1x/pull/1174
It is a different task, it extends only the range which you can to use for rule numbers.
For example, if you want 3 rules
Rule 100, rule 1000, rule 10000 etc.
Accepting time it is another task. B.t.w firewall was rewritten in 1.4, I hope that commit time was decreased.
Unknown Object (User) added a comment to T4100: Firewall increase maximum number of rules.
I think we will have a problem with such a large number of rules. Now, if there are 1500 vyos rules, it takes 30 minutes to load. If there are 999999 rules, it will take a very long time to load.
Jan 16 2022
Jan 16 2022
sarthurdev changed the status of T3873: Zone based Firewall - Filter traffic in same zone from Open to In progress.
Thanks, will include a fix in a PR shortly
c-po moved T3164: console-server ssh does not work with RADIUS PAM auth from Open to Finished on the VyOS 1.4 Sagitta board.
c-po changed the status of T3164: console-server ssh does not work with RADIUS PAM auth from Open to Needs testing.
n.fort added a comment to T4160: Firewall - Error in rules that matches everything except something.
I can see the fix, but now trying invert selection on tcp flags doesn't work
Testing this feature in VyOS 1.4-rolling-202201100317 I'm getting some unexpected behavior.
Config:
GitHub <noreply@github.com> committed rVYOSONEX56255941e584: Merge pull request #1172 from sever-sever/T4184-equ (authored by c-po).
For full support we need this added to FRR: https://github.com/FRRouting/frr/pull/9204
Jan 15 2022
Jan 15 2022
Viacheslav moved T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1172
GitHub <noreply@github.com> committed rVYOSONEX618db51b3b4c: Merge pull request #1171 from sever-sever/T4184 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX31a27136a499: Merge pull request #1170 from sever-sever/T4183-equ (authored by c-po).
Viacheslav renamed T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses from NTP allow-clients address doesn't work to NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Viacheslav changed the subtype of T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses from "Task" to "Bug".
Viacheslav changed the status of T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses from Open to In progress.
Viacheslav added a comment to T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1170
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1170
Viacheslav reopened T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 as "In progress".
Viacheslav moved T4150: VRRP with conntrack-sync does not work from Open to Finished on the VyOS 1.4 Sagitta board.
GitHub <noreply@github.com> committed rVYOSONEX3b4ece7dde02: Merge pull request #1169 from sever-sever/T4183 (authored by c-po).
Re-tested in VyOS 1.4-rolling-202201140317
Now it works, thank you!
Jan 14 2022
Jan 14 2022
fernando renamed T4185: [VPN-IPSEC] not boot config after reboot from [VPN-IPSEC] no boot config after reboot to [VPN-IPSEC] not boot config after reboot.
Viacheslav changed the status of T4172: Patch ndppd to not read route table if there are no auto prefixes from Open to In progress.
Viacheslav changed the status of T4183: IPv6 link-local address not accepted as wireguard peer from Open to In progress.
@NikolayP Could you re-test it?
Viacheslav closed T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID as Resolved.
Viacheslav edited projects for T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
GitHub <noreply@github.com> committed rVYOSONEX6e8a8934a7d4: Merge pull request #1164 from sever-sever/T4179 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX9aa8e51de06b: Merge pull request #1167 from sarthurdev/firewall (authored by c-po).
Viacheslav added a comment to T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Some detail here T1280
@sdev: in your original commit for this task, recent rules are somehow semi-discarded (the time/counter condition will not be written out; however, the action will be written out) because of an apparent problem with nftables in this area.
Unknown Object (User) updated the task description for T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Unknown Object (User) renamed T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses from NTP allow-clients address requires a reboot to NTP allow-clients address doesn't work.
Unknown Object (User) updated the task description for T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Unknown Object (User) created T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Thanks; I just tested commenting out line 5 of that file, and it successfully works around the issue, allowing me to set a link-local IPv6 address as my endpoint. The wireguard connection itself also works, and I can pass traffic.
@odhnera Try to comment or delete the validation string and restart vyos-configd service