PR for 1.3 https://github.com/vyos/vyos-build/pull/260
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 3 2022
Sep 3 2022
c-po added a project to T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584: VyOS 1.3 Equuleus (1.3.3).
c-po changed the status of T4630: Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time from Open to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEXe7719b7be2f8: Merge pull request #1517 from initramfs/current-fix-bond-members (authored by c-po).
Initial draft; suggested changes and testing to follow:
jestabro changed the status of T4669: Extend numeric.ml for inversion of values and range values from Open to In progress.
Unknown Object (User) added a comment to T3900: Add support for raw tables to firewall.
In T3900#133375, @Viacheslav wrote:Regarding interface groups it will be possible later, after firewall re-design
Viacheslav changed the status of T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584 from Open to Needs testing.
Sep 2 2022
Sep 2 2022
chenxiaolong added a comment to T4127: Upgrading from pre-certstore image to certstore image does not handle CA files with multiple certs.
In case anyone comes across this bug report, I submitted a couple PRs to fix this earlier this year: https://phabricator.vyos.net/T4245
chenxiaolong added a project to T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584: VyOS 1.4 Sagitta.
I've submitted a PR to reintroduce the patch: https://github.com/vyos/vyos-build/pull/259
Viacheslav changed the status of T4665: Keepalived cannot use same VRID for VRRPv2 and VRRPv3 from In progress to Needs testing.
@daryll-swer For your use case, you can use your tables/chains (not standard names like RAW/MANGLE INPUT/OUTPUT etc.), that won't be cleared by the VyOS firewall CLI
nft add table MYRAW
nft -- add chain ip MYRAW my_chain '{ type filter hook prerouting priority raw; policy accept; }'
nft add rule ip MYRAW my_chain ip saddr 192.0.2.5 counter droproedie added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..
In case of filtering on a VRF, would it be an idea to use the MAC address instead of the interface name in the rule?
Sep 2 2022, 7:45 PM · Bugs, VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
Unknown Object (User) updated subscribers of T3900: Add support for raw tables to firewall.
Has there been any updates on this? @Viacheslav, it would be great to have this functionality on VyOS.
Viacheslav edited projects for T4668: Adding/removing members from bond doesn't work/results in incorrect interface state, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).
An example of dict that we can use
{
"images": {
"rolling": {
"latest": {
"arch": "amd64",
"flavors": ["azure"],
"image": "vyos-rolling-latest.iso",
"latest": True,
"lts": False,
"release_date": "2022-09-02",
"release_train": "sagitta",
"version": "1.4-rolling-202209020217"
},
"1.4-rolling-202209020217": {
"arch": "amd64",
"flavors": ["generic"],
"image": "vyos-1.4-rolling-202209020217-amd64.iso",
"latest": True,
"lts": False,
"release_date": "2022-09-02",
"release_train": "sagitta",
"version": "1.4-rolling-202209020217"
},
"1.4-rolling-202208291850": {
"arch": "amd64",
"flavors": ["openstack"],
"image": "vyos-1.4-rolling-202208291850-amd64.iso",
"latest": False,
"lts": False,
"release_date": "2022-08-29",
"release_train": "sagitta",
"version": "1.4-rolling-20220829850"
}
},
"lts": {
"latest": {
"arch": "amd64",
"flavors": ["generic"],
"image": "vyos-1.3-x.iso",
"latest": True,
"lts": True,
"release_date": "2022-xx-xx",
"release_train": "equuleus",
"version": "1.3-stable-202208230511"
}
}
}
}initramfs updated the task description for T4668: Adding/removing members from bond doesn't work/results in incorrect interface state.
Viacheslav changed the subtype of T4668: Adding/removing members from bond doesn't work/results in incorrect interface state from "Task" to "Bug".
I will modify the docs.
Could be a part of T4118
Sep 1 2022
Sep 1 2022
GitHub <noreply@github.com> committed rVYOSONEX735767f09f89: Merge pull request #1466 from sever-sever/T538 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX5c20eac6cd62: Merge pull request #1512 from sever-sever/T4655 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX8abd603eadc3: Merge pull request #1513 from roedie/T4665 (authored by c-po).
1.3 is not affected by this bug
GitHub <noreply@github.com> committed rVYOSONEXd2832bca1c01: Merge pull request #1514 from sever-sever/T4663 (authored by dmbaturin).
Viacheslav changed the status of T4665: Keepalived cannot use same VRID for VRRPv2 and VRRPv3 from Open to In progress.
jestabro added a comment to T4628: ConfigTree() throws ValueError() if tagNode contains whitespaces.
This will be resolved by the PR in T4664.
Viacheslav changed the status of T4663: Interface pseudo-ethernet does not change mode from Open to In progress.
I do see I need to update the docs. Will do if this change is going to be merged.
Need an advice guys, how we can reproduce the problem. I tried to peer with bird and announced 100k prefixes to the vyos box, but this simple config did not cause memory leak with bgpd. Still trying
I also notice looking at the backup after another reboot:
I hate to drag up an old ticket, but I've just encountered this issue.
A freshly built VyOS 1.3-rolling-202209010158
Aug 31 2022
Aug 31 2022
jestabro changed the status of T4664: Add validation to reject whitespace in tag node value names from Open to In progress.
A similar task T3541 I'll leave a link here
Maybe I'm wrong, I see it as some small API (on some hosts) without links to the images but with information about images (in JSON).
We compare our local VyOS version and the version that we get from API, if diff => true send a message to the "wall"
Viacheslav added a comment to T4655: Firewall in 1.4 sets the default action 'accept' instead of 'drop'.
Smoketest can't pass policy route
Fix https://github.com/vyos/vyos-1x/pull/1512
jack9603301 changed Is it a breaking change? from none to compatible on T4659: Use vtysh to display bridge and some interface parameter information.
Viacheslav closed T4547: Show vpn ipsec sa show unexpected prefix 'B' in packets, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav closed T4569: Rewrite show bridge to new format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav closed T4650: Rewire show nat translation to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav changed the status of T4367: NAT - Config tmp file not available from In progress to Needs testing.
jack9603301 moved T4659: Use vtysh to display bridge and some interface parameter information from Open to In Progress on the VyOS 1.4 Sagitta board.
Unknown Object (User) created T4662: -.
Unknown Object (User) created T4661: -.
Demon_H changed the status of T4656: Support the listen-host config field of openconnect server from Open to In progress.
Viacheslav updated the task description for T4564: Root task for rewriting [op-mode] to vyos.opmode format.
jack9603301 changed the status of T4659: Use vtysh to display bridge and some interface parameter information from Open to In progress.
zsdc changed the status of T4646: USB serial output console does not work from Open to Needs testing.
Aug 30 2022
Aug 30 2022
GitHub <noreply@github.com> committed rVYOSONEXd5cda147d722: Merge pull request #1509 from zdc/T4657-sagitta (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEX2f8ad342390c: Merge pull request #1506 from sever-sever/T4655 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX74f73bcebcfc: Merge pull request #1505 from sever-sever/T4367 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX938f83e1454f: Merge pull request #1508 from zdc/T4646-sagitta (authored by c-po).