chenxiaolong renamed T4245: eapol: Support for specifying the full CA chain of trust for both client and server from eapol: Support for multiple CA certificates (eg. intermediate + root) to eapol: Support for specifying the full CA chain of trust for both client and server.

Feb 17 2022, 7:38 AM

chenxiaolong added a comment to T4245: eapol: Support for specifying the full CA chain of trust for both client and server.

After further testing, it looks like it's not necessary to have <iface>_ca.pem contain both the server and client chains of trust.

Feb 17 2022, 7:32 AM

chenxiaolong added a comment to T4245: eapol: Support for specifying the full CA chain of trust for both client and server.

I started working on implementing my "alternative" idea. It's a little bit more complicated than I first thought because we have to consider both the server and client chain of trust.

Feb 17 2022, 7:16 AM

chenxiaolong created T4252: `show configuration json` (op mode) and `show | json` (conf mode) represent multi-value nodes differently.

Feb 17 2022, 5:39 AM · VyOS Rolling, Restricted Project

bbabich created T4251: Add TLS functionality for rsyslog.

Feb 17 2022, 4:51 AM · VyOS 1.4 Sagitta (1.4.4), VyOS 1.5 Circinus (1.5-stream-2025-Q4)

jestabro added a comment to T3474: Revisit storing syntax version of interface definitions in XML file.

https://github.com/vyos/vyos-1x/pull/1225

Feb 17 2022, 3:51 AM · VyOS 1.4 Sagitta (1.4.0-epa1)

klipz added a comment to T4240: Cannot add wlan0 to bridge via configure.

@c-po Thank you for the work on this.

Feb 17 2022, 1:20 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Feb 16 2022

Viacheslav edited projects for T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.

Feb 16 2022, 11:26 PM · VyOS 1.3 Equuleus ( 1.3.1)

Viacheslav changed the status of T4197: Vyos arm64-latest build issue with telegraf pkg from Open to Needs testing.

Feb 16 2022, 11:25 PM · VyOS 1.4 Sagitta

c-po moved T4240: Cannot add wlan0 to bridge via configure from Open to Finished on the VyOS 1.4 Sagitta board.

Feb 16 2022, 9:19 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

c-po committed rVYOSONEXf076f9f4cf6e: policy: T2425: add completion helper script when referencing IP addresses.

Feb 16 2022, 9:18 PM

c-po committed rVYOSONEX1ceaed55a629: wireless: T4240: bugfix interface bridging.

Feb 16 2022, 9:18 PM

Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.

Install official pkg solve the issue

wget http://ftp.de.debian.org/debian/pool/main/o/ocserv/ocserv_0.12.2-3_amd64.deb
dpkg -i *.deb
`

Feb 16 2022, 9:12 PM · VyOS 1.3 Equuleus ( 1.3.1)

c-po changed the status of T4240: Cannot add wlan0 to bridge via configure from Open to Needs testing.

Feb 16 2022, 8:53 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Viacheslav added a comment to T4249: Add support for device mapping in containers.

Feb 16 2022, 8:44 PM · VyOS 1.4 Sagitta

Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.

Can be related
Found out some strange things, client address was banned:

ocserv[2072]: main: added 1 points (total 1) for IP '192.168.122.1' to ban list

Feb 16 2022, 7:14 PM · VyOS 1.3 Equuleus ( 1.3.1)

zsdc created T4250: Organize logrotate settings to avoid duplicates.

Feb 16 2022, 6:09 PM · VyOS 1.4 Sagitta

Viacheslav changed the status of T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus from Open to Confirmed.

Feb 16 2022, 5:48 PM · VyOS 1.3 Equuleus ( 1.3.1)

Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.

I don't see any issues with LTS 1.3.0

Feb 16 2022, 5:48 PM · VyOS 1.3 Equuleus ( 1.3.1)

Viacheslav added a comment to T4249: Add support for device mapping in containers.

Thanks
Is it required point of binding in a container?
For example:

podman run --rm -it --device=/dev/vdb:/dev/xvdc:rwm --net host ubuntu bash

Feb 16 2022, 4:17 PM · VyOS 1.4 Sagitta

Yuanandyuan added a comment to T4249: Add support for device mapping in containers.

In T4249#118633, @Viacheslav wrote:

You can get access to host netwoks with set container name foo allow-host-networks

Feb 16 2022, 3:56 PM · VyOS 1.4 Sagitta

Viacheslav added a comment to T4249: Add support for device mapping in containers.

You can get access to host netwoks with set container name foo allow-host-networks

Feb 16 2022, 3:44 PM · VyOS 1.4 Sagitta

Yuanandyuan created T4249: Add support for device mapping in containers.

Feb 16 2022, 3:39 PM · VyOS 1.4 Sagitta

Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1224

Feb 16 2022, 3:09 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Viacheslav reopened T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID as "In progress".

Feb 16 2022, 2:57 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Viacheslav closed T4237: Conntrack-sync error - error adding listen-address command as Resolved.

Feb 16 2022, 1:58 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Viacheslav added a comment to T973: Create Prometheus Exporter for VyOS .

@anthr76 we have ready telegraf exporter, maybe it will work for you?
https://docs.vyos.io/en/latest/configuration/service/monitoring.html

Feb 16 2022, 1:34 PM · VyOS Rolling, VyOS 1.5 Circinus

anthr76 added a comment to T973: Create Prometheus Exporter for VyOS .

Does anyone at least have an example of how to use the snmp exporter? For example a snmp.yml or generate one with the given mibs?

Feb 16 2022, 1:28 PM · VyOS Rolling, VyOS 1.5 Circinus

Unknown Object (User) closed T3408: vyos 1.4 not delivering ipv6 to devices via PPPOE as Invalid.

Tested on 1.4-rolling-202202150317 and 1.3.0, all works

Feb 16 2022, 11:18 AM · VyOS 1.4 Sagitta

Viacheslav changed the subtype of T4248: There isn't a way to remove the only rule from the (traffic-policy) class. from "Task" to "Bug".

Feb 16 2022, 7:08 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Unknown Object (User) triaged T4248: There isn't a way to remove the only rule from the (traffic-policy) class. as Low priority.

Feb 16 2022, 1:10 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Feb 15 2022

pedro added a comment to T941: BGP neighbours with IPv6 link-local addresses.

this is very similar to https://phabricator.vyos.net/T3657 , so it seems that this is going to be fixed in 1.4 ( proof https://forum.vyos.io/t/bgp-peering-with-ipv6-link-local-addresses/7309/14 ). Is this going to be backported to 1.3 ? Anyone is able to find the commit that introduced the feature on 1.4? Maybe it is something easy to patch

Feb 15 2022, 11:26 PM · VyOS 1.3 Equuleus (1.3.9), test

Viacheslav moved T1292: Issues while deleting all rules from a firewall from Open to Finished on the VyOS 1.4 Sagitta board.

Feb 15 2022, 10:12 PM · VyOS 1.4 Sagitta

sarthurdev updated subscribers of T4145: Conntrack table not showing after firewall rewriting.

I think @c-po has started migrating it in T3579 but op-mode not yet complete.

Feb 15 2022, 7:10 PM · VyOS 1.4 Sagitta

n.fort added a comment to T4145: Conntrack table not showing after firewall rewriting.

Comman "show conntrack ..." not available any more in latest?

Feb 15 2022, 7:04 PM · VyOS 1.4 Sagitta

Unknown Object (User) changed the status of T3494: DHCPv6 leases traceback when PD using from Unknown Status to Resolved.

Feb 15 2022, 6:58 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

n.fort added a comment to T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used.

Duplicate T1292 was assigned to 1.4 version, and I close it because it was solved.
This bug remains open for 1.3 Equuleus

Feb 15 2022, 6:56 PM

n.fort closed T1292: Issues while deleting all rules from a firewall, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.

Feb 15 2022, 6:51 PM · VyOS 1.4 Sagitta (1.4.0-epa2)

n.fort closed T1292: Issues while deleting all rules from a firewall as Resolved.

Feb 15 2022, 6:51 PM · VyOS 1.4 Sagitta

n.fort added a comment to T1292: Issues while deleting all rules from a firewall.

Tested on VyOS 1.4-rolling-202202150317 and working as expected.

Feb 15 2022, 6:50 PM · VyOS 1.4 Sagitta

n.fort closed T4160: Firewall - Error in rules that matches everything except something as Resolved.

vyos@vyos# run show config comm | grep fire
set firewall name FOO rule 10 action 'accept'
set firewall name FOO rule 10 protocol 'tcp'
set firewall name FOO rule 10 tcp flags not ack
set firewall name FOO rule 10 tcp flags syn
set firewall name FOO rule 40 action 'accept'
set firewall name FOO rule 40 protocol '!gre'
[edit]
vyos@vyos# sudo nft list chain ip filter NAME_FOO
table ip filter {
	chain NAME_FOO {
		tcp flags & (syn | ack) == syn counter packets 0 bytes 0 return comment "FOO-10"
		meta l4proto != gre counter packets 0 bytes 0 return comment "FOO-40"
		counter packets 0 bytes 0 return comment "FOO default-action accept"
	}
}

Feb 15 2022, 6:44 PM · VyOS 1.4 Sagitta

n.fort closed T4201: Firewall - ICMPv6 matches not working as expected on 1.3.0 as Resolved.

Solved. New commands:

Feb 15 2022, 6:22 PM · VyOS 1.3 Equuleus (1.3.0)

rgrant created T4247: Access Control for SSH (and other?) services.

Feb 15 2022, 5:00 PM

Unknown Object (User) committed rVYOSONEX81add0813735: dhcpv6-server: T3494: Get address from network to correct sorting.

Feb 15 2022, 4:03 PM

GitHub <noreply@github.com> committed rVYOSONEX40bf0d3ff078: Merge pull request #1222 from DmitriyEshenko/eq-1x-15022022 (authored by c-po).

Feb 15 2022, 4:03 PM

Viacheslav committed rVYOSONEX283688fe52bd: conntrack-sync: T4237: Fix checks for listen-address list to str.

Feb 15 2022, 4:03 PM