It will be fixed in T4545
PR https://github.com/vyos/vyos-1x/pull/1426
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Jul 24 2022
Jul 24 2022
Jul 23 2022
Jul 23 2022
Viacheslav added a parent task for T4552: Unable to reset IPsec IPv6 peer: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Viacheslav added a parent task for T4545: Rewrite show nat source rules: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Viacheslav added a parent task for T4562: Rewrite show vrf to new format: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
PR https://github.com/vyos/vyos-1x/pull/1430
vyos@r14:~$ show vrf Name State MAC address Flags Interfaces ------ ------- ----------------- ------------------------ --------------- foo up be:e3:5c:f1:54:99 noarp,master,up,lower_up eth1.50,eth1.55 bar up 1e:7c:94:da:e0:35 noarp,master,up,lower_up n/a vyos@r14:~$
Viacheslav changed the subtype of T4562: Rewrite show vrf to new format from "Bug" to "Feature Request".
PR https://github.com/vyos/vyos-1x/pull/1428
vyos@r14:~$ reset vpn ipsec-peer 2001:db8::2
CHILD_SA {21241} closed successfully
CHILD_SA {21243} closed successfully
CHILD_SA {21245} closed successfully
CHILD_SA {21244} closed successfully
CHILD_SA {21247} closed successfully
CHILD_SA {21246} closed successfully
CHILD_SA {21249} closed successfully
CHILD_SA {21248} closed successfully
closing CHILD_SA peer_2001-db8--2_tunnel_0{21250} with SPIs cab47d6b_i (0 bytes) c3cbba13_o (0 bytes) and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
sending DELETE for ESP CHILD_SA with SPI cab47d6b
generating INFORMATIONAL request 14065 [ D ]
sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes)
received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes)
parsed INFORMATIONAL response 14065 [ D ]
received DELETE for ESP CHILD_SA with SPI c3cbba13
CHILD_SA closed
CHILD_SA {21250} closed successfully
establishing CHILD_SA peer_2001-db8--2_tunnel_0{21251}
generating CREATE_CHILD_SA request 14066 [ SA No KE TSi TSr ]
sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (497 bytes)
received packet: from 2001:db8::2[500] to 2001:db8::1[500] (497 bytes)
parsed CREATE_CHILD_SA response 14066 [ SA No KE TSi TSr ]
selected proposal: ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ
CHILD_SA peer_2001-db8--2_tunnel_0{21251} established with SPIs ccaff1e5_i c5a2b674_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
connection 'peer_2001-db8--2_tunnel_0' established successfully
Peer reset result: success
vyos@r14:~$Jul 22 2022
Jul 22 2022
Viacheslav changed the status of T4546: Does not connect Cisco spoke to VyOS hub. from In progress to Needs testing.
PR https://github.com/vyos/vyos-1x/pull/1426
An example with only one rule 10 raw output
vyos@r14:~$ /usr/libexec/vyos/op_mode/nat.py show_rules --direction source --raw
[
{
"rule": {
"family": "ip",
"table": "nat",
"chain": "POSTROUTING",
"handle": 114,
"comment": "SRC-NAT-10",
"expr": [
{
"match": {
"op": "==",
"left": {
"meta": {
"key": "oifname"
}
},
"right": "eth0"
}
},
{
"counter": {
"packets": 0,
"bytes": 0
}
},
{
"masquerade": null
}
]
}
}
]
vyos@r14:~$PR to new format + IPv6 entries https://github.com/vyos/vyos-1x/pull/1425
Viacheslav added a comment to T4561: reset ip bgp <neighbor> allows reset bgp peer for ipv4, also it should exist one for ipv6.
@aalmenar try the next command
vyos@r14# run reset bgp ipv6
Possible completions:
<h:h:h:h:h:h:h:h>
IPv6 neighbor to clear
1-4294967295 Reset peers with the AS number
all Clear all peers
external Reset all external peers
peer-group Reset all members of peer-groupViacheslav changed the status of T4550: router-advert: Add deprecate-prefix & decrement-lifetimes options from Open to In progress.
Viacheslav changed the subtype of T4556: fastnetmon: Allow configure white_list_path and populate with hosts/networks that should be ignored. from "Task" to "Feature Request".
Viacheslav added a comment to T4558: Incomplete error message when duplicate firewall port-group used.
I just leave it here. We must not return to bug T2189 with this fix.
Jul 21 2022
Jul 21 2022
As I remember fastnetmon wasn’t rewritten to dict
And requires manual set default value in config dictionary
Jul 20 2022
Jul 20 2022
Viacheslav moved T4475: route-map does not support ipv6 peer from Open to Finished on the VyOS 1.4 Sagitta board.
@daniil Could you re-check it?
It seems wpa_supplicant doesn't support GCM-AES-256
https://w1.fi/wpa_supplicant/devel/dir_4261af1259721e3e39e0d2dd7354b511.html
Viacheslav updated the task description for T4547: Show vpn ipsec sa show unexpected prefix 'B' in packets.
Jul 19 2022
Jul 19 2022
Jul 18 2022
Jul 18 2022
Also, there are no any Inbound/Outbound packets with aes-256
vyos@r14:~$ sudo ip -s macsec show
7: macsec1: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off
cipher suite: GCM-AES-256, using ICV length 16
TXSC: eeb5e212f04f0001 on SA 0
stats: OutPktsUntagged InPktsUntagged OutPktsTooLong InPktsNoTag InPktsBadTag InPktsUnknownSCI InPktsNoSCI InPktsOverrun
0 0 0 0 0 0 0 0
stats: OutPktsProtected OutPktsEncrypted OutOctetsProtected OutOctetsEncrypted
0 0 0 0
offload: off
vyos@r14:~$But service starts without issues:
vyos@r14:~$ sudo systemctl status wpa_supplicant-macsec@vxlan1.service
● wpa_supplicant-macsec@vxlan1.service - WPA supplicant daemon (macsec-specific version)
Loaded: loaded (/lib/systemd/system/wpa_supplicant-macsec@.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2022-07-18 20:07:16 EEST; 18min ago
Main PID: 1802 (wpa_supplicant)
Tasks: 1 (limit: 9411)
Memory: 4.4M
CPU: 101ms
CGroup: /system.slice/system-wpa_supplicant\x2dmacsec.slice/wpa_supplicant-macsec@vxlan1.service
└─1802 /sbin/wpa_supplicant -c/run/wpa_supplicant/vxlan1.conf -Dmacsec_linux -ivxlan1Viacheslav closed T4523: OP-mode Extend conntrack output to get marks, zones and directions as Resolved.
Jul 18 2022, 8:48 AM · Restricted Project
It is operator level, that shouldn’t have permission for configurations. Only basic diagnostics (op-mode)
Jul 17 2022
Jul 17 2022
Viacheslav moved T3435: NAT rules show corruption from Finished to Open on the VyOS 1.4 Sagitta board.
Jul 15 2022
Jul 15 2022
@a.apostoliuk Could you specify how to reproduce this bug?
Some CLI config examples and/or some pings that indicate the issue.
Viacheslav edited projects for T2763: New SNMP resource request - SNMP over TCP, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus (1.3.0).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1416
Fix smoketest for 1.3 https://github.com/vyos/vyos-1x/pull/1415
PR for 1.4 https://github.com/vyos/vyos-1x/pull/1414
Requires update smoketests
Viacheslav added a comment to T4028: FRR 8.1 routes not being applied to routing table after reboot if an interface has 2 ip addresses.
@diekos Is it working after reboot?
Jul 14 2022
Jul 14 2022
Viacheslav renamed T4533: Radius clients don’t have simple permissions from Radius clients doesnt have simple permissions to Radius clients don’t have simple permissions.
It is different shells in 1.4 and 1.3 for this user config
In 1.3 it seems correct:
vyosuser@r1# echo $SHELL /sbin/radius_shell [edit] vyosuser@r1#
Viacheslav added a project to T4533: Radius clients don’t have simple permissions: VyOS 1.4 Sagitta.
Viacheslav renamed T4532: Flow-accounting IPv6 server/receiver bug from Flow-accounting ipv6 server/receiver bug to Flow-accounting IPv6 server/receiver bug.
Viacheslav changed the status of T4532: Flow-accounting IPv6 server/receiver bug from Open to In progress.
Viacheslav edited projects for T4532: Flow-accounting IPv6 server/receiver bug, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus.
Jul 13 2022
Jul 13 2022
If I want to use also x.pool.ntp.org how should I use it if it will migrate anything from x.pool.ntp.org?
Viacheslav changed the status of T3714: Some sysctl custom parameters disappear after reboot from Open to In progress.
Viacheslav edited projects for T3714: Some sysctl custom parameters disappear after reboot, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus (1.3.0).
Jul 12 2022
Jul 12 2022
Viacheslav moved T4084: Dehardcode the default login banner from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Viacheslav changed the status of T4113: Incorrect GRUB configuration parsing from In progress to Needs testing.
I only see one solution - exclude mirror node from interface and add it as a separate option/service
set service redirect|port-mirror <x> source tunX set service redirect|port-mirror <x> destination tunY
As tc filter applied for every interface step by step and in this case (adding tun0) we don't have tun1 yet
To reproduce:
Viacheslav moved T4527: Prevent to create VRF name default from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1410