PR with feature request:
https://github.com/vyos/vyos-1x/pull/1555
Feed All Stories
Sep 22 2022
Sep 22 2022
Unknown Object (User) added a comment to T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.
v.huti added a comment to T4180: Support for QoS Policy Propagation via BGP (QPPB).
DEMO
===============================================
To demonstrate the feature let's look at the following topology
jack9603301 added a comment to T4706: NAT and NAT66 issues.
@sdev @Netboy3 I'll test if the new implementation is done and if the bug is fixed I'll close this PR, thanks
GitHub <noreply@github.com> committed rVYOSONEXcd1875cb1521: Merge pull request #1521 from sever-sever/T3476 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX7ba1f6444d1b: Merge pull request #1552 from sarthurdev/nat_refactor (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXf3e6fb5aab6f: telegraf: T4680: fix prometheus client listen-address invalid format (authored by ServerForge).
Netboy3 added a comment to T4706: NAT and NAT66 issues.
@jack9603301 I've tested your updated PR and it seems to work well now. Thank you for the quick response.
@sdev I've tested your PR and it seems to also fix both issues. I did not test anything beyond DNAT port only in both ip and ip6 families.
Sep 21 2022
Sep 21 2022
GitHub <noreply@github.com> committed rVYOSONEX2921b6fbcdde: Merge pull request #1553 from nicolas-fort/return-action (authored by c-po).
n.fort renamed T4699: Firewall - Add jump action - Add return action from Firewall - Add jump action to Firewall - Add jump action - Add return action.
c-po closed T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node, a subtask of T4678: Rewrite service ipoe-server to get_config_dict, as Resolved.
c-po updated the task description for T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node.
sarthurdev added a comment to T4706: NAT and NAT66 issues.
Included a fix for this in NAT refactor: https://github.com/vyos/vyos-1x/pull/1552
sarthurdev added a comment to T4605: Firewall change default table names.
PR for NAT included with refactor: https://github.com/vyos/vyos-1x/pull/1552
c-po changed the status of T4678: Rewrite service ipoe-server to get_config_dict from Open to In progress.
Netboy3 added a comment to T4706: NAT and NAT66 issues.
@jack9603301, your PR solves the NAT66 issue - thank you. However, the change you made to nat.py to try to solve the NAT44 issue is not complete and seem to also require a template change. I'll post additional details in the PR.
n.fort added a comment to T4699: Firewall - Add jump action - Add return action.
Since jump action was added, It would be good to also add "return" action
jack9603301 added a comment to T4706: NAT and NAT66 issues.
Cheeze_It added a comment to T4707: Enable OSPF segment routing.
Initial PR here, https://github.com/vyos/vyos-1x/pull/1551.
Sep 20 2022
Sep 20 2022
Cheeze_It added a comment to T4693: ISIS segment routing was broken....
It seems we have working ISIS segment routing:
jack9603301 added a comment to T4706: NAT and NAT66 issues.
@Netboy3 Let me modify the template to support
Sep 19 2022
Sep 19 2022
Viacheslav added a project to T4704: Allow to set metric (MED) to rtt with rtt,+rtt or -rtt: VyOS 1.4 Sagitta.
Netboy3 added a comment to T4706: NAT and NAT66 issues.
Why would you enforce an address? It is perfectly OK to have port-only DNAT66 without any destination address such as:
nft add rule ip6 nat PREROUTING iifname eth1 counter tcp dport 443 dnat to :3000
Problem is that the test logic breaks on this and spits out a wrong statement to NFT that barfs on it.
jack9603301 added a comment to T4706: NAT and NAT66 issues.
Maybe we should add check to NAT66 to enforce the given address
n.fort changed the status of T4699: Firewall - Add jump action - Add return action from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEXfdfe3dabcbff: Merge pull request #1549 from sever-sever/T4118-smoketest (authored by c-po).
Sep 18 2022
Sep 18 2022
jmarmorato added a comment to T4694: Allow VyOS Firewall to Match Outbound IPSec Traffic.
@n.fort Maybe set firewall name <name> rule <rule> ipsec match-gre? This feels a bit hacky though... Almost like match should be its own block and contain ipsec, none, or gre
GitHub <noreply@github.com> committed rVYOSONEX877047b9d36f: Merge pull request #1543 from Cheeze-It/current (authored by c-po).
Sep 17 2022
Sep 17 2022
roedie moved T4526: keepalived-fifo.py unable to load config from Open to Finished on the VyOS 1.4 Sagitta board.
roedie moved T4665: Keepalived cannot use same VRID for VRRPv2 and VRRPv3 from Open to Finished on the VyOS 1.4 Sagitta board.
It works for me (tm)
GitHub <noreply@github.com> committed rVYOSONEXdcf755594d3c: Merge pull request #1546 from nicolas-fort/fwall-jump (authored by c-po).
c-po moved T4702: Wireguard peers configuration is not synchronized with CLI from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
c-po added a comment to T4702: Wireguard peers configuration is not synchronized with CLI.
PR for VyOS 1.3.3 https://github.com/vyos/vyos-1x/pull/1548
c-po moved T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node from Open to In Progress on the VyOS 1.4 Sagitta board.
c-po moved T4702: Wireguard peers configuration is not synchronized with CLI from Open to Finished on the VyOS 1.4 Sagitta board.
c-po edited a custom field on T4702: Wireguard peers configuration is not synchronized with CLI.
c-po changed the status of T4702: Wireguard peers configuration is not synchronized with CLI from Confirmed to Needs testing.
c-po edited projects for T4702: Wireguard peers configuration is not synchronized with CLI, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
jack9603301 added a comment to T4689: Support RFS(Receive Flow Steering).
Sep 16 2022
Sep 16 2022
c-po changed the status of T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX748dab43b87c: Merge pull request #1463 from sever-sever/T4118 (authored by dmbaturin).
n.fort added a comment to T4699: Firewall - Add jump action - Add return action.
danhusan awarded T4702: Wireguard peers configuration is not synchronized with CLI a Love token.
Viacheslav added a comment to T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp).
PR https://github.com/vyos/vyos-1x/pull/1545
PR https://github.com/vyos/vyatta-cfg-system/pull/185
set service ids ddos-protection direction 'in' set service ids ddos-protection listen-interface 'eth1' set service ids ddos-protection mode mirror set service ids ddos-protection threshold general fps '1000' set service ids ddos-protection threshold general mbps '200' set service ids ddos-protection threshold general pps '150000' set service ids ddos-protection threshold tcp fps '25' set service ids ddos-protection threshold tcp mbps '55' set service ids ddos-protection threshold tcp pps '155' set service ids ddos-protection threshold udp fps '100' set service ids ddos-protection threshold udp mbps '100' set service ids ddos-protection threshold udp pps '100' set service ids ddos-protection threshold icmp fps '200' set service ids ddos-protection threshold icmp mbps '210' set service ids ddos-protection threshold icmp pps '2040'
Expected fastnermon config entries:
# General threshold ban_for_flows = on threshold_flows = 1000 ban_for_bandwidth = on threshold_mbps = 200 ban_for_pps = on threshold_pps = 150000
zsdc raised the priority of T4702: Wireguard peers configuration is not synchronized with CLI from Normal to High.
zsdc renamed T4702: Wireguard peers configuration is not synchronized with CLI from A `disable` option does not work for Wireguard peers to Wireguard peers configuration is not synchronized with CLI.
n.fort changed the status of T4701: Firewall - Implement global option to use one single general chian from Open to In progress.