- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jul 25 2022
Jul 25 2022
GitHub <noreply@github.com> committed rVYOSONEX55d7ff854cfe: Merge pull request #1434 from aalmenar/T4556 (authored by c-po).
Viacheslav changed the status of T4556: fastnetmon: Allow configure white_list_path and populate with hosts/networks that should be ignored. from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEXdf7348da1116: Merge pull request #1426 from sever-sever/T4545-nat (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXc8ffb9a03c70: Merge pull request #1428 from sever-sever/T4552 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXfd4bda3c791a: Merge pull request #1430 from sever-sever/T4562 (authored by c-po).
Agree that both options are not available in cli.. But, you can use source-address:
I can't reproduce it (VyOS 1.4-rolling-202207220217):
set policy prefix-list BARRA32 rule 5 action 'permit' set policy prefix-list BARRA32 rule 5 ge '32' set policy prefix-list BARRA32 rule 5 le '32' set policy prefix-list BARRA32 rule 5 prefix '0.0.0.0/0' set policy prefix-list UTRSv4s25 rule 5 action 'permit' set policy prefix-list UTRSv4s25 rule 5 le '25' set policy prefix-list UTRSv4s25 rule 5 prefix '0.0.0.0/0' set policy prefix-list6 BARRA128 rule 5 action 'permit' set policy prefix-list6 BARRA128 rule 5 ge '128' set policy prefix-list6 BARRA128 rule 5 le '128' set policy prefix-list6 BARRA128 rule 5 prefix '::/0' set policy prefix-list6 UTRSv6s49 rule 5 action 'permit' set policy prefix-list6 UTRSv6s49 rule 5 le '49' set policy prefix-list6 UTRSv6s49 rule 5 prefix '::/0'
Viacheslav closed T1233: ipsec vpn sa showing down, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Will be fixed with syntax migration in T4118
GitHub <noreply@github.com> committed rVYOSONEX3337aedd5f7f: Merge pull request #1431 from jestabro/gql-dev (authored by dmbaturin).
Viacheslav added a comment to T4271: bgp: show ipv6 bgp summary doesn't display neighbor information.
@NikolayP Try the next command:
Jul 24 2022
Jul 24 2022
GitHub <noreply@github.com> committed rVYOSONEX4168e03721b2: Merge pull request #1416 from sever-sever/T2763-eq (authored by dmbaturin).
alainlamar updated the task description for T4566: Cannot log in on serial console on Equuleus v1.3.1.
alainlamar updated the task description for T4566: Cannot log in on serial console on Equuleus v1.3.1.
Jul 23 2022
Jul 23 2022
Viacheslav added a parent task for T4552: Unable to reset IPsec IPv6 peer: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Viacheslav added a parent task for T4545: Rewrite show nat source rules: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Viacheslav added a parent task for T4562: Rewrite show vrf to new format: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
It will be fixed in T4545
PR https://github.com/vyos/vyos-1x/pull/1426
PR https://github.com/vyos/vyos-1x/pull/1430
vyos@r14:~$ show vrf Name State MAC address Flags Interfaces ------ ------- ----------------- ------------------------ --------------- foo up be:e3:5c:f1:54:99 noarp,master,up,lower_up eth1.50,eth1.55 bar up 1e:7c:94:da:e0:35 noarp,master,up,lower_up n/a vyos@r14:~$
Viacheslav changed the subtype of T4562: Rewrite show vrf to new format from "Bug" to "Feature Request".
goodNETnick <pknet@ya.ru> committed rVYOSONEXdbadbbf6453d: route-map: T4542: match prefix-len Kernel notice.
GitHub <noreply@github.com> committed rVYOSONEXe1e9f690d3eb: Merge pull request #1427 from goodNETnick/rm-pref-len (authored by c-po).
Unknown Object (User) added a comment to T4542: route-map: "match prefix-len" incorrect behavior.
New PR (Notice corrected):
https://github.com/vyos/vyos-1x/pull/1427
aalmenar added a comment to T4556: fastnetmon: Allow configure white_list_path and populate with hosts/networks that should be ignored..
I have added a pull request for this:
PR https://github.com/vyos/vyos-1x/pull/1428
vyos@r14:~$ reset vpn ipsec-peer 2001:db8::2
CHILD_SA {21241} closed successfully
CHILD_SA {21243} closed successfully
CHILD_SA {21245} closed successfully
CHILD_SA {21244} closed successfully
CHILD_SA {21247} closed successfully
CHILD_SA {21246} closed successfully
CHILD_SA {21249} closed successfully
CHILD_SA {21248} closed successfully
closing CHILD_SA peer_2001-db8--2_tunnel_0{21250} with SPIs cab47d6b_i (0 bytes) c3cbba13_o (0 bytes) and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
sending DELETE for ESP CHILD_SA with SPI cab47d6b
generating INFORMATIONAL request 14065 [ D ]
sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes)
received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes)
parsed INFORMATIONAL response 14065 [ D ]
received DELETE for ESP CHILD_SA with SPI c3cbba13
CHILD_SA closed
CHILD_SA {21250} closed successfully
establishing CHILD_SA peer_2001-db8--2_tunnel_0{21251}
generating CREATE_CHILD_SA request 14066 [ SA No KE TSi TSr ]
sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (497 bytes)
received packet: from 2001:db8::2[500] to 2001:db8::1[500] (497 bytes)
parsed CREATE_CHILD_SA response 14066 [ SA No KE TSi TSr ]
selected proposal: ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ
CHILD_SA peer_2001-db8--2_tunnel_0{21251} established with SPIs ccaff1e5_i c5a2b674_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
connection 'peer_2001-db8--2_tunnel_0' established successfully
Peer reset result: success
vyos@r14:~$Jul 22 2022
Jul 22 2022
Viacheslav changed the status of T4546: Does not connect Cisco spoke to VyOS hub. from In progress to Needs testing.
Commit fails b/c of frr-reload output: 200 % Local-AS allowed only for EBGP peers - we should add an appropriate verify() stage I guess.
GitHub <noreply@github.com> committed rVYOSONEX929915b57382: Merge pull request #1418 from zdc/T4546-sagitta (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX875560ae8a84: Merge pull request #1425 from sever-sever/T4145 (authored by c-po).
PR https://github.com/vyos/vyos-1x/pull/1426
An example with only one rule 10 raw output
vyos@r14:~$ /usr/libexec/vyos/op_mode/nat.py show_rules --direction source --raw
[
{
"rule": {
"family": "ip",
"table": "nat",
"chain": "POSTROUTING",
"handle": 114,
"comment": "SRC-NAT-10",
"expr": [
{
"match": {
"op": "==",
"left": {
"meta": {
"key": "oifname"
}
},
"right": "eth0"
}
},
{
"counter": {
"packets": 0,
"bytes": 0
}
},
{
"masquerade": null
}
]
}
}
]
vyos@r14:~$PR to new format + IPv6 entries https://github.com/vyos/vyos-1x/pull/1425
c-po added a comment to T4561: reset ip bgp <neighbor> allows reset bgp peer for ipv4, also it should exist one for ipv6.
Unfortunately not all commands are present when using the bgp <afi> syntax. We should find the remaining ones and then move all to the new syntax - less confusing
aalmenar added a comment to T4561: reset ip bgp <neighbor> allows reset bgp peer for ipv4, also it should exist one for ipv6.
@Viacheslav yep that one works...
Viacheslav added a comment to T4561: reset ip bgp <neighbor> allows reset bgp peer for ipv4, also it should exist one for ipv6.
@aalmenar try the next command
vyos@r14# run reset bgp ipv6
Possible completions:
<h:h:h:h:h:h:h:h>
IPv6 neighbor to clear
1-4294967295 Reset peers with the AS number
all Clear all peers
external Reset all external peers
peer-group Reset all members of peer-groupaalmenar changed Version from - to 1.4-rolling-202207220217 on T4561: reset ip bgp <neighbor> allows reset bgp peer for ipv4, also it should exist one for ipv6.
aalmenar updated the task description for T4561: reset ip bgp <neighbor> allows reset bgp peer for ipv4, also it should exist one for ipv6.
aalmenar updated the task description for T4561: reset ip bgp <neighbor> allows reset bgp peer for ipv4, also it should exist one for ipv6.
@aaliddell I am not too concerned about tayga's maintenance. It have been proved to work well for years, and the package is already a part of the official repository of debian. Actually debian's tayga package includes a few patches: https://salsa.debian.org/debian/tayga/-/tree/debian/master/debian/patches