Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Jun 16 2022

trae32566 created T4467: Validator Does Not Accept Signed Numbers.
Jun 16 2022, 6:44 AM · VyOS 1.4 Sagitta
danhusan created T4466: intel i225-v nic does not detect link after boot.
Jun 16 2022, 6:43 AM · VyOS 1.3 Equuleus
Viacheslav closed T4246: Failed to delete vrrp transition-script as Invalid.
Jun 16 2022, 6:43 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav closed T3866: Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax as Resolved.
Jun 16 2022, 6:41 AM · VyOS 1.3 Equuleus (1.3.0)

Jun 15 2022

sarthurdev changed the status of T4435: Policy route and firewall - error when using undefined group from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1362

Jun 15 2022, 9:15 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX34db435e7a74: firewall: T4147: Use named sets for firewall groups.
Jun 15 2022, 6:03 PM
sarthurdev committed rVYOSONEX7e59b2a3f31e: firewall: T970: Use set prefix to domain groups.
Jun 15 2022, 6:03 PM
GitHub <noreply@github.com> committed rVYOSONEXeab402588696: Merge pull request #1361 from sarthurdev/firewall_named (authored by c-po).
Jun 15 2022, 6:03 PM
Viacheslav closed T513: Docs for devs: How to use Python, XML et al instead of Bash and Perl for VyOS configuration as Not Applicable.
Jun 15 2022, 3:28 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T515: Complete the documentation on the suggested Python / XML config framework, a subtask of T513: Docs for devs: How to use Python, XML et al instead of Bash and Perl for VyOS configuration, as Not Applicable.
Jun 15 2022, 3:28 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T515: Complete the documentation on the suggested Python / XML config framework as Not Applicable.
Jun 15 2022, 3:28 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T514: Concentration and streamlining of Python / XML config framework documentation, a subtask of T513: Docs for devs: How to use Python, XML et al instead of Bash and Perl for VyOS configuration, as Not Applicable.
Jun 15 2022, 3:27 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T514: Concentration and streamlining of Python / XML config framework documentation as Not Applicable.
Jun 15 2022, 3:27 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T1890: Metatask: rewrite flow-accounting to XML and Python, a subtask of T3355: Remove all remaining legacy Vyatta code, as Resolved.
Jun 15 2022, 3:21 PM · VyOS Rolling
Viacheslav closed T1890: Metatask: rewrite flow-accounting to XML and Python as Resolved.
Jun 15 2022, 3:21 PM · VyOS 1.3 Equuleus (1.3.0)
n.fort closed T4450: Route-map - Extend options for ip|ipv6 address match as Resolved.
Jun 15 2022, 3:03 PM · VyOS 1.4 Sagitta
n.fort closed T4449: Route-map - Extend options for ip next-hop match as Resolved.
Jun 15 2022, 3:03 PM · VyOS 1.4 Sagitta
n.fort closed T990: Make DNAT/SNAT a valid state in firewall rules. as Resolved.
Jun 15 2022, 3:02 PM · VyOS 1.4 Sagitta, test
sarthurdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from In progress to Needs testing.
Jun 15 2022, 1:33 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4147: New Firewall Implementation - proposed changes on group implementation.

PR: https://github.com/vyos/vyos-1x/pull/1361

Jun 15 2022, 1:32 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T1375: Add clear dhcp server lease function.

PR https://github.com/vyos/vyos-1x/pull/1360

Jun 15 2022, 12:40 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
dmbaturin committed rVYOSONEX74b24c5f5fcc: Improve IPsec help strings.
Jun 15 2022, 6:01 AM
GitHub <noreply@github.com> committed rVYOSONEX609a3abb3d9b: Merge pull request #1359 from dmbaturin/help-proofreading-1 (authored by c-po).
Jun 15 2022, 6:01 AM
Viacheslav added a project to T1375: Add clear dhcp server lease function: VyOS 1.4 Sagitta.
Jun 15 2022, 1:20 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta

Jun 14 2022

n.fort added a comment to T4460: nhrp not starting due to missing cisco-authentication value.

Since in previous version set protocols nhrp tunnel tun0 cisco-authentication "" was allowed, a migration script is required. Otherwise, when upgrading, configuration fails.

Jun 14 2022, 2:54 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
Viacheslav moved T4380: Feature Request: ocserv: 2FA OTP key generator in VyOS CLI from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 14 2022, 1:05 PM · VyOS 1.4 Sagitta
Viacheslav moved T4420: Feature Request: ocserv: show configured 2FA OTP key from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 14 2022, 1:04 PM · VyOS 1.4 Sagitta
Viacheslav added a project to T4420: Feature Request: ocserv: show configured 2FA OTP key: VyOS 1.4 Sagitta.
Jun 14 2022, 1:04 PM · VyOS 1.4 Sagitta

Jun 13 2022

Viacheslav added a comment to T1237: Static Route Path Monitoring, failover.

PR https://github.com/vyos/vyos-1x/pull/1358

set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 check target '192.168.100.1'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 check timeout '10'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 check type 'icmp'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 interface 'eth1'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 metric '2'
Jun 13 2022, 4:56 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from Open to In progress.

Working on moving groups to named set as part of a refactor in some firewall code.

Jun 13 2022, 12:11 PM · VyOS 1.4 Sagitta

Jun 12 2022

sarthurdev committed rVYOSONEX8ba45cfcc1cc: firewall: T4299: Add support for GeoIP filtering.
Jun 12 2022, 7:32 AM
GitHub <noreply@github.com> committed rVYOSONEX59526a8adca2: Merge pull request #1357 from sarthurdev/geoip (authored by c-po).
Jun 12 2022, 7:32 AM
panachoi added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

Thanks for the pointer, but I think it should still be considered a "bug" that you can no longer use an empty group (I'm just going to assume that this would apply to any kind of group, but most are probably using this for host/network groups, as this is where it would be most useful). Judging from the comments in T4147, I'm clearly not the only one who was taking advantage of managing sets outside of the system. Alas, my boot times for 1.4 (what this discussion is about) are not really valid, as my configuration didn't really get migrated from 1.3.1->1.4, or better said, it doesn't actually commit, and I actually ended up with a mostly empty firewall config on boot, which is perhaps why its booting so quickly now.

Jun 12 2022, 7:09 AM · VyOS 1.3 Equuleus (1.3.6)
Unknown Object (User) closed T4380: Feature Request: ocserv: 2FA OTP key generator in VyOS CLI as Resolved.

Tested with VyOS 1.4-rolling-202206100921
Works as expected
Described in the documentation

Jun 12 2022, 5:16 AM · VyOS 1.4 Sagitta
Unknown Object (User) closed T4420: Feature Request: ocserv: show configured 2FA OTP key as Resolved.

Tested in VyOS 1.4-rolling-202206100921

Jun 12 2022, 5:04 AM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.

The problem seems to be in these lines:

Jun 12 2022, 3:56 AM · VyOS 1.3 Equuleus ( 1.3.1)

Jun 11 2022

n.fort renamed T4435: Policy route and firewall - error when using undefined group from Policy route without defined port-group error to Policy route and firewall - error when using undefined group.
Jun 11 2022, 11:19 AM · VyOS 1.4 Sagitta
n.fort added a comment to T4435: Policy route and firewall - error when using undefined group.

Extra checks are needed not only when attaching a policy route to an interface, but also when attaching firewall.
For example:

vyos@vyos# set firewall name FOO rule 10 action accept 
[edit]
vyos@vyos# set firewall name FOO rule 10 destination group address-group NOAG
[edit]
vyos@vyos# commit
Jun 11 2022, 11:15 AM · VyOS 1.4 Sagitta
dmbaturin created 1.3.1.
Jun 11 2022, 8:40 AM
dmbaturin edited a custom field on T3686: Bridging OpenVPN tap with no local-address breaks.
Jun 11 2022, 8:38 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
dmbaturin renamed T3380: "show vpn ike sa" does not display IPv6 peers from Show vpn ike sa with IPv6 remote peer to "show vpn ike sa" does not display IPv6 peers.
Jun 11 2022, 8:37 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Jun 10 2022

sarthurdev changed the status of T4299: Firewall - GeoIP filtering from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1357

Jun 10 2022, 11:02 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEX9791258d7d53: firewall: T478: Add support for nesting groups.
Jun 10 2022, 7:28 PM
GitHub <noreply@github.com> committed rVYOSONEXfe18efba34c5: Merge pull request #1356 from sarthurdev/nested_groups (authored by c-po).
Jun 10 2022, 7:28 PM
sarthurdev changed the status of T478: Firewall address group (multi and nesting), a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jun 10 2022, 7:23 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T478: Firewall address group (multi and nesting) from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1356

Jun 10 2022, 7:23 PM · VyOS 1.4 Sagitta
c-po moved T4434: DMVPN: cisco-authentication password length is 8 characters from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4436: BGP/VRF - not enable peer on address-family from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4437: flow-accounting: support IPv6 flow collectors from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails from In Progress to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases from In Progress to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4345: New firewall code does not accept "rate/time interval" syntax used in old config from In Progress to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4144: Firewall address-group - Improve error messages from In Progress to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4301: The "arp-monitor" option in bonding interface settings does not work from In Progress to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4444: sstp: Feature request. Port number changing support from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4448: rip: add support for explicit version selection from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T2473: Xml for EIGRP [conf_mode] from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po moved T4465: node.def generation misses whitespace on multiple use of <path> from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po closed T4465: node.def generation misses whitespace on multiple use of <path> as Resolved.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po closed T4465: node.def generation misses whitespace on multiple use of <path>, a subtask of T4284: QoS: rewrite to XML and Python, as Resolved.
Jun 10 2022, 6:31 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX2f4031c810a2: scripts: T4465: node.def generation requires whitespace on multiple use of….
Jun 10 2022, 6:31 PM
c-po changed the status of T4465: node.def generation misses whitespace on multiple use of <path> from Open to In progress.
Jun 10 2022, 6:29 PM · VyOS 1.4 Sagitta
c-po changed the status of T4465: node.def generation misses whitespace on multiple use of <path>, a subtask of T4284: QoS: rewrite to XML and Python, from Open to In progress.
Jun 10 2022, 6:29 PM · VyOS 1.4 Sagitta
c-po created T4465: node.def generation misses whitespace on multiple use of <path>.
Jun 10 2022, 6:29 PM · VyOS 1.4 Sagitta
n.fort committed rVYOSONEX81a269d2d7ac: Firewall:T4458: Add ttl match option in firewall.
Jun 10 2022, 6:19 PM
GitHub <noreply@github.com> committed rVYOSONEXc3275306ce56: Merge pull request #1355 from nicolas-fort/T4458-ipv4-ttl (authored by c-po).
Jun 10 2022, 6:19 PM
n.fort changed the status of T4460: nhrp not starting due to missing cisco-authentication value from Open to Needs testing.
Jun 10 2022, 6:13 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
Viacheslav committed rVYOSONEXa03b89039266: op-mode: T4429: Ability to detect external IP address.
Jun 10 2022, 6:08 PM
GitHub <noreply@github.com> committed rVYOSONEX299e16aae6d2: Merge pull request #1326 from sever-sever/T4429 (authored by c-po).
Jun 10 2022, 6:08 PM
c-po committed rVYOSONEX18b303734d84: xml: drop not always applicable REQUIRED suffix from completion help string.
Jun 10 2022, 6:08 PM
c-po added a reverting change for rVYOSONEX6f818ee9033e: dmvpn: nhrp: T4434: secret length can not exceed 8 characters: rVYOSONEX884cd2519515: Revert "dmvpn: nhrp: T4434: secret length can not exceed 8 characters".
Jun 10 2022, 6:00 PM
c-po committed rVYOSONEX884cd2519515: Revert "dmvpn: nhrp: T4434: secret length can not exceed 8 characters".
Jun 10 2022, 6:00 PM
c-po committed rVYOSONEX1341980cb39e: nhrp: T4460: update error message for cisco-authentication password length.
Jun 10 2022, 6:00 PM
n.fort committed rVYOSONEX09d6d88c5ae4: Protocols: T4460: Add input checks for cisco-authentication parameter in nhrp….
Jun 10 2022, 5:58 PM
GitHub <noreply@github.com> committed rVYOSONEXf4d4648472bb: Merge pull request #1353 from nicolas-fort/T4460 (authored by c-po).
Jun 10 2022, 5:58 PM
Viacheslav committed rVYOSONEX76684692f897: firewall: T970: Fix for Regex for domain and check empty group.
Jun 10 2022, 5:53 PM
GitHub <noreply@github.com> committed rVYOSONEX007953d36388: Merge pull request #1354 from sever-sever/T970 (authored by c-po).
Jun 10 2022, 5:53 PM
n.fort added a comment to T4458: Firewall - add support for matching ip ttl in firewall rules.

PR: https://github.com/vyos/vyos-1x/pull/1355

Jun 10 2022, 5:52 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T970: Support matching domain name in firewall rules.

Fix Regex for addresses and python ckecks https://github.com/vyos/vyos-1x/pull/1354

Jun 10 2022, 3:15 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort closed T4365: NAT - Error on setting up tables as Resolved.
Jun 10 2022, 3:14 PM · VyOS 1.4 Sagitta
n.fort changed the status of T3907: Firewall - Set log levels from In progress to Needs testing.
Jun 10 2022, 3:11 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4460: nhrp not starting due to missing cisco-authentication value.

PR: https://github.com/vyos/vyos-1x/pull/1353

Jun 10 2022, 3:08 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
n.fort committed rVYOSONEX1ca645d1a499: Firewall: T3907: add log-level options in firewall.
Jun 10 2022, 2:48 PM
n.fort committed rVYOSONEX44326619582f: Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8.
Jun 10 2022, 2:48 PM
n.fort committed rVYOSONEX2f3fdb9e96a1: Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8.
Jun 10 2022, 2:48 PM
GitHub <noreply@github.com> committed rVYOSONEXfcad9572e880: Merge pull request #1322 from nicolas-fort/T3907-fwall-log (authored by dmbaturin).
Jun 10 2022, 2:47 PM
Viacheslav added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

@panachoi There is a task for groups T4147

Jun 10 2022, 2:42 PM · VyOS 1.3 Equuleus (1.3.6)
n.fort claimed T4460: nhrp not starting due to missing cisco-authentication value.
Jun 10 2022, 2:34 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
Viacheslav committed rVYOSONEX7a46ac5ebe7a: smoketest: T970: Add commit after static-host-mapping.
Jun 10 2022, 2:28 PM
GitHub <noreply@github.com> committed rVYOSONEX865f38d22a07: Merge pull request #1352 from sever-sever/T970-test (authored by jestabro).
Jun 10 2022, 2:28 PM
mortzu updated mortzu.
Jun 10 2022, 2:15 PM
panachoi added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

Indeed, I figured that out. I also found that my openvpn config was not migrated properly (T3642?); all of the tls configuration stuff (previously kept under /config/auth somewhere) was gone. After doing run import pki for all of the necessary bits it was able at least to commit openvpn properly.

Jun 10 2022, 1:02 PM · VyOS 1.3 Equuleus (1.3.6)
n.fort added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.

Same as Viacheslav. No issues on my tests in Ubuntu.

Jun 10 2022, 12:56 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a comment to T970: Support matching domain name in firewall rules.
  1. Some domains can't be added, for example dns.google
vyos@r12# set firewall group domain-group DOMAINS address dns.google
Jun 10 2022, 12:35 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Viacheslav added a project to T2522: Python CLI: VyOS 1.4 Sagitta.
Jun 10 2022, 12:30 PM · VyOS 2.0.x
Viacheslav added a comment to T970: Support matching domain name in firewall rules.

Fix smoketest https://github.com/vyos/vyos-1x/pull/1352

Jun 10 2022, 11:40 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
n.fort added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

Yes. New 1.4 has more restricted checks on addresses and networks.
Actually, if you are using /22, the correct network for this case is 192.168.44.0/22.
You can use this online tool for checking ipv4 networks and subnets.

Jun 10 2022, 11:02 AM · VyOS 1.3 Equuleus (1.3.6)
zsdc created T4464: Include packages source to binary images.
Jun 10 2022, 9:50 AM
panachoi added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

Sorry its taken me so long to follow up on this

Jun 10 2022, 8:10 AM · VyOS 1.3 Equuleus (1.3.6)

Jun 9 2022

c-po moved T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Jun 9 2022, 7:40 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
First
Prev
Next