1.3 is not affected by this bug
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Sep 1 2022
Sep 1 2022
Viacheslav changed the status of T4665: Keepalived cannot use same VRID for VRRPv2 and VRRPv3 from Open to In progress.
Viacheslav changed the status of T4663: Interface pseudo-ethernet does not change mode from Open to In progress.
Aug 31 2022
Aug 31 2022
A similar task T3541 I'll leave a link here
Maybe I'm wrong, I see it as some small API (on some hosts) without links to the images but with information about images (in JSON).
We compare our local VyOS version and the version that we get from API, if diff => true send a message to the "wall"
Viacheslav added a comment to T4655: Firewall in 1.4 sets the default action 'accept' instead of 'drop'.
Smoketest can't pass policy route
Fix https://github.com/vyos/vyos-1x/pull/1512
Viacheslav closed T4547: Show vpn ipsec sa show unexpected prefix 'B' in packets, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav closed T4569: Rewrite show bridge to new format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav closed T4650: Rewire show nat translation to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav changed the status of T4367: NAT - Config tmp file not available from In progress to Needs testing.
Viacheslav updated the task description for T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Aug 30 2022
Aug 30 2022
Required version for offload hardware flag nftables 0.9.9
The current version we use 0.9.8-3.1
Viacheslav updated the task description for T4502: Consider implementing (NAT/other) flow table offload.
Viacheslav changed the status of T4606: monitor nat destination translation shows missing script from Open to In progress.
Viacheslav updated the task description for T4502: Consider implementing (NAT/other) flow table offload.
Aug 29 2022
Aug 29 2022
I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth1 address '192.0.2.1/24' set interfaces ethernet eth1 vrf 'foo' set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo' set system conntrack set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0' set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default' set vrf name foo table '1010'
Viacheslav changed the status of T4655: Firewall in 1.4 sets the default action 'accept' instead of 'drop' from Open to In progress.
Viacheslav updated the task description for T4655: Firewall in 1.4 sets the default action 'accept' instead of 'drop'.
Viacheslav added a project to T4653: Interface offload options are not applied correctly: VyOS 1.4 Sagitta.
The same for VyOS 1.4-rolling-202208290458
vyos@r14# set interfaces ethernet eth0 offload gro [edit] vyos@r14# commit
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1504
This bug was in T4241, client couldn't connect to openconnect server and logs from the server site like:
Feb 16 19:46:03 r4 ocserv[2409]: main:192.168.122.1:44480 user disconnected (reason: unspecified, rx: 0, tx: 0) Feb 16 19:46:03 r4 ocserv[2409]: main:192.168.122.1:44482 user disconnected (reason: unspecified, rx: 0, tx: 0) ^C
It was tested with self-signed certificates.
Viacheslav moved T2498: Expected error when deleting vif that has dhcp-server configured from Finished to Need Triage on the VyOS 1.3 Equuleus (1.3.0) board.
@syncer It is affected also and 1.3
It should be a warning if we delete an interface (IP address of Interface) that belongs to some service.
Viacheslav changed the status of T4367: NAT - Config tmp file not available from Open to In progress.
Viacheslav changed the status of T4526: keepalived-fifo.py unable to load config from Open to Needs testing.
In T4533#126598, @c-po wrote:In T4533#126578, @Viacheslav wrote:It is operator level, that shouldn’t have permission for configurations. Only basic diagnostics (op-mode)
Operator mode is no longer supported in VyOS 1.4
Even if so - we should still try to "support" it somehow for the upcoming future when there is a true secure op-mode again.
Could you please add a new Cmnd_Alias vor VRF to /etc/sudoers.d/vyos and allow it for the %operator group?
ip vrf exec requires the CAP_SYS_ADMIN capability which somehow is more or less equal to root.
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
It seems working:
● telegraf.service - The plugin-driven server agent for reporting metrics into InfluxDB
Loaded: loaded (/lib/systemd/system/telegraf.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/telegraf.service.d
└─10-override.conf
Active: active (running) since Mon 2022-08-29 12:51:47 EEST; 1min 7s ago
Docs: https://github.com/influxdata/telegraf
Main PID: 6740 (telegraf)
Tasks: 9 (limit: 9409)
Memory: 49.7M
CPU: 836ms
CGroup: /system.slice/telegraf.service
└─vrf
└─foo
└─6740 /usr/bin/telegraf --config /run/telegraf/telegraf.conf --config-directory /etc/telegraf/telegraf.d --pidfile /run/telegraf/telegraf.pidViacheslav moved T4654: RPKI cache incorrect description from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav closed T4594: Rewrite op-mode IPsec to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav closed T4623: Add show conntrack statistics, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav edited projects for T3702: Policy: Allow routing by fwmark, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav renamed T4654: RPKI cache incorrect description from RPKI cache incorrect desctiption to RPKI cache incorrect description.
In T2044#129750, @egoistdream wrote:Hi,
Same issue on VyOS 1.4-rolling-202208240217
And when you set the rpki ips you have wrong description on the options, instead of the "rpki server ip" you have "NTP server"
router# set protocols rpki cache ?
Possible completions:
> <x.x.x.x> IP address of NTP server
> <h:h:h:h:h:h:h:h> IPv6 address of NTP server
> <hostname> Fully qualified domain name of NTP server
In the 1.4 nat translations were rewritten, but I didn't delete the old python code yet https://github.com/vyos/vyos-1x/pull/1501
Viacheslav moved T4601: dhcp : relay agent IP address issue. from Backport Candidates to Need Triage on the VyOS 1.3 Equuleus (1.3.3) board.
Viacheslav moved T4601: dhcp : relay agent IP address issue. from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Viacheslav moved T4601: dhcp : relay agent IP address issue. from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.
Viacheslav edited projects for T4601: dhcp : relay agent IP address issue., added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).
Aug 27 2022
Aug 27 2022
Viacheslav changed the status of T4650: Rewire show nat translation to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Viacheslav changed the status of T4650: Rewire show nat translation to vyos.opmode format from In progress to Needs testing.
Aug 26 2022
Aug 26 2022
Viacheslav changed the status of T4631: Add port and protocol to nat66 from In progress to Needs testing.
Viacheslav changed the status of T4650: Rewire show nat translation to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Viacheslav changed the status of T4650: Rewire show nat translation to vyos.opmode format from Open to In progress.
Viacheslav added a comment to T4643: Smoketest exclude either sstp or openconnect from pki-misc default listen port.
Before fix:
06:04:21 DEBUG - FAIL: test_pki_misc (__main__.TestConfigPkiMisc) 06:04:21 DEBUG - ---------------------------------------------------------------------- 06:04:21 DEBUG - Traceback (most recent call last): 06:04:21 DEBUG - File "/usr/bin/vyos-configtest", line 50, in test_config_load 06:04:21 DEBUG - self.session.commit() 06:04:21 DEBUG - vyos.configsession.ConfigSessionError: [[service https]] failed 06:04:21 DEBUG - Commit failed 06:04:21 DEBUG - 06:04:21 DEBUG - 06:04:21 DEBUG - During handling of the above exception, another exception occurred: 06:04:21 DEBUG - 06:04:21 DEBUG - Traceback (most recent call last): 06:04:21 DEBUG - File "/usr/bin/vyos-configtest", line 53, in test_config_load 06:04:21 DEBUG - self.fail() 06:04:21 DEBUG - AssertionError: None
After fix:
vyos@r14:~$ /usr/bin/vyos-configtest Generating tests ... completed: 0.000608 test_pki_misc (__main__.TestConfigPkiMisc) ... time: 16.943 ok
Viacheslav reopened T4643: Smoketest exclude either sstp or openconnect from pki-misc default listen port as "Needs testing".
Aug 25 2022
Aug 25 2022
Viacheslav added a comment to T4202: NFT: Zone policies fail to apply when "l2tp+" is in the interface list.
We have to replace it in migration scripts if it is already not done
PR https://github.com/vyos/vyos-1x/pull/1497
vyos@r14:~$ show nat source statistics Rule Packets Bytes Interface ------ --------- ------- ----------- 100 1279 107896 eth0 120 1 60 eth1 vyos@r14:~$
Viacheslav changed the status of T4645: show nat source statistics lack argument --family from Open to In progress.
The easiest way it add vyatta-nat-translations.pl scripts to the op-mode script directory or rewrite it to the python.
Also discussed this configuration:
set service dhcp-relay <tag> interface eth0 upstream set service dhcp-relay <tag> interface eth1 downstream set service dhcp-relay <tag> server <x.x.x.x> set service dhcp-relay <tag> relay-options hop-count 1 set service dhcp-relay <tag> relay-options upsteam-port 547