As a workaround, you can try to use the "transition script" to manipulate with interfaces
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Oct 13 2022
Oct 13 2022
Viacheslav added a comment to T4488: allow manual configuration changes of interfaces created by high-availability with rfc3768-compatibility option .
Viacheslav changed the status of T4728: Crontab file for vyos-wwan is ignored due to missing newline at EOF from Open to Needs testing.
ISC-DHCP-Server does not support vrf's
https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpd
Viacheslav added a project to T4733: Feature Request: dhcp server: add VRF support: VyOS 1.4 Sagitta.
I can't reproduce it
vyos@r14:~$ show conf com | match "vrf|tele" set interfaces ethernet eth1 vrf 'mgmt' set service monitoring telegraf influxdb authentication organization 'log@in.local' set service monitoring telegraf influxdb authentication token 'GuRJc12tIzfjnYdKRAIYbxdWd2aTpOT9PVYNddzDnFV4HkAcD7u7-kndTFXjGuXzJN6TTxmrvPODB4mnFcseDV==' set service monitoring telegraf influxdb port '8086' set service monitoring telegraf influxdb url 'https://foo.local' set service monitoring telegraf prometheus-client set service monitoring telegraf vrf 'mgmt' set vrf name mgmt table '1010' vyos@r14:~$
After reboot, the service telegraf works correctly
vyos@r14:~$ sudo systemctl status telegraf
● telegraf.service - The plugin-driven server agent for reporting metrics into InfluxDB
Loaded: loaded (/lib/systemd/system/telegraf.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/telegraf.service.d
└─10-override.conf
Active: active (running) since Thu 2022-10-13 15:24:23 EEST; 1min 19s ago
Docs: https://github.com/influxdata/telegraf
Main PID: 1868 (telegraf)
Tasks: 10 (limit: 9404)
Memory: 54.4M
CPU: 2.650s
CGroup: /system.slice/telegraf.service
└─vrf
└─mgmt
└─1868 /usr/bin/telegraf --config /run/telegraf/telegraf.conf --config-directory /etc/telegraf/telegraf.d --pidfile /run/telegraf/telegraf.pidViacheslav closed T4716: SSH ability to configure RekeyLimit, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.
KEA DHCP have some hook limitations https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?#available-hook-libraries
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1593
Viacheslav changed the status of T4746: Monitoring nft. table vyos_filter by default does not exist but telegraf checks this table from Open to In progress.
Viacheslav moved T4312: Telegraf configuration doesn't accept IPs for URL from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav changed the status of T4312: Telegraf configuration doesn't accept IPs for URL from Open to In progress.
Viacheslav added a project to T4312: Telegraf configuration doesn't accept IPs for URL: VyOS 1.4 Sagitta.
Oct 12 2022
Oct 12 2022
Viacheslav changed the status of T4744: BGP directly connected neighbors don't compatible with ebgp-multihop from In progress to Needs testing.
Viacheslav added a comment to T4744: BGP directly connected neighbors don't compatible with ebgp-multihop.
PR https://github.com/vyos/vyos-1x/pull/1586
vyos@r14# commit [ protocols bgp ] Ebgp-multihop can not be used with directly connected neighbor "eth0"
Viacheslav changed the status of T4744: BGP directly connected neighbors don't compatible with ebgp-multihop from Open to In progress.
For 1.4 was implemented in T3834
Viacheslav added a project to T4734: Feature Request: openvpn: add OTP 2FA support: VyOS 1.3 Equuleus (1.3.3).
@aserkin as workaround try to change facility level
vtysh -c "conf t" -c "log facility local0"
But it can affect to bgp logs
@thetooth There is a new feature failover route where you can set metrics
https://github.com/vyos/vyos-1x/pull/1358
It could be extended to some "load-balancing"
Oct 11 2022
Oct 11 2022
Viacheslav removed a project from T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6): VyOS 1.3 Equuleus (1.3.3).
Viacheslav changed the status of T4747: Monitoring influxdb template input exec plugin does not work from In progress to Needs testing.
PR https://github.com/vyos/vyos-1x/pull/1584
vyos@r14# cat /run/telegraf/telegraf.conf | grep 'inputs.exec' -A 8
[[inputs.exec]]
commands = [
"/etc/telegraf/custom_scripts/show_firewall_input_filter.py",
"/etc/telegraf/custom_scripts/show_interfaces_input_filter.py",
"/etc/telegraf/custom_scripts/vyos_services_input_filter.py"
]
timeout = "10s"
data_format = "influx"
[edit]
vyos@r14#Viacheslav changed the status of T4747: Monitoring influxdb template input exec plugin does not work from Open to In progress.
Viacheslav moved T4680: Telegraf prometheus-client listen-address invalid format from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1583
Viacheslav changed the status of T4740: Show conntrack table ipv6 fail from In progress to Needs testing.
Viacheslav added a comment to T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1582
PR https://github.com/vyos/vyos-1x/pull/1581
vyos@r14:~$ show conntrack table ipv6 Entries not found vyos@r14:~$
In T4729#135230, @pasik wrote:Ah, yeah, that's a valid point for gretap.
Anyway, my point was, it would be good to test if the issue/bug also affects plain 'gre', as behind the scenes 'gre' and 'gretap' are handled and configured differently, even though they might seem as very similar in vyos cli/config.
The bug might affect both, but it would be good to check and verify.
Oct 10 2022
Oct 10 2022
PR https://github.com/vyos/vyos-1x/pull/1579
set service dns dynamic interface eth2 ipv6-enable set service dns dynamic interface eth2 service dynv6 host-name 'xxx.dynv6.net' set service dns dynamic interface eth2 service dynv6 login 'none' set service dns dynamic interface eth2 service dynv6 password 'passWorD' set service dns dynamic interface eth2 service dynv6 protocol 'dyndns2' set service dns dynamic interface eth2 service dynv6 server 'dynv6.com'
Viacheslav changed the status of T4716: SSH ability to configure RekeyLimit, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from In progress to Needs testing.
Viacheslav changed the status of T4716: SSH ability to configure RekeyLimit from In progress to Needs testing.
Viacheslav changed the status of T4743: Enable IPv6 address for Dynamic DNS from Open to In progress.
Viacheslav changed the subtype of T4743: Enable IPv6 address for Dynamic DNS from "Bug" to "Feature Request".
Viacheslav changed the subtype of T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be from "Task" to "Bug".
Viacheslav changed the status of T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be from Confirmed to In progress.
Viacheslav changed the status of T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be from Open to Confirmed.
Viacheslav edited projects for T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).
Oct 5 2022
Oct 5 2022
In T4729#135223, @pasik wrote:well, "gre" and "gretap" are different types of tunnels, with different features.. so it makes sense to test and validate with the normal "gre", as in your config I don't see a need for "gretap".
Oct 4 2022
Oct 4 2022
In T4729#135221, @pasik wrote:Hmm, any specific reason for the tun0 encapsulation 'gretap' ? did you try with normal 'gre' tunnels ? Does it change anything?
Viacheslav added a comment to T4676: IPoE server with mac authentication generates a wrong dictionary.
Needs to check, maybe fixed with rewriting in T4678
Viacheslav updated the task description for T4729: VxLAN does not work and deleted after tun changed.
Viacheslav renamed T4729: VxLAN does not work and deleted after tun changed from VxLAN does not work after tun changed to VxLAN does not work and deleted after tun changed.
Viacheslav updated the task description for T4729: VxLAN does not work and deleted after tun changed.
Oct 3 2022
Oct 3 2022
Sep 30 2022
Sep 30 2022
Viacheslav edited projects for T4721: Static IPv6 Route Tags Missing, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Viacheslav changed the subtype of T4721: Static IPv6 Route Tags Missing from "Bug" to "Feature Request".
Sep 29 2022
Sep 29 2022
Viacheslav closed T4715: Auto logout user after a period of inactivity, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.
@narey83 Could you re-check it with the latest rolling (start since vyos-1.4-rolling-202209290218-amd64.iso)?
@icyfire0573 Could you re-check it?
Should be fixed in vyos-1.4-rolling-202209290218-amd64.iso
Viacheslav added a comment to T4710: show openvpn server occasionally returns IndexError: list index out of range.
I can't reproduce it, VyOS 1.4-rolling-202209290218
Config:
vyos@r14:~$ show conf com | match openv set interfaces openvpn vtun10 hash 'sha1' set interfaces openvpn vtun10 keep-alive failure-count '60' set interfaces openvpn vtun10 keep-alive interval '10' set interfaces openvpn vtun10 local-host '203.0.113.1' set interfaces openvpn vtun10 local-port '1194' set interfaces openvpn vtun10 mode 'server' set interfaces openvpn vtun10 openvpn-option '--data-ciphers-fallback BF-CBC' set interfaces openvpn vtun10 openvpn-option '--data-ciphers AES-128-CBC:AES-128-GCM:AES-256-CBC:AES-256-GCM:BF-CBC' set interfaces openvpn vtun10 openvpn-option '--comp-lzo yes' set interfaces openvpn vtun10 openvpn-option '--allow-compression yes' set interfaces openvpn vtun10 openvpn-option '--push redirect-gateway def1' set interfaces openvpn vtun10 openvpn-option '--push remote-gateway 10.9.1.1' set interfaces openvpn vtun10 openvpn-option '--push dhcp-option DNS 8.8.8.8' set interfaces openvpn vtun10 protocol 'udp' set interfaces openvpn vtun10 server client-ip-pool start '10.9.1.10' set interfaces openvpn vtun10 server client-ip-pool stop '10.9.1.99' set interfaces openvpn vtun10 server domain-name 'vtr.example.com' set interfaces openvpn vtun10 server max-connections '1000' set interfaces openvpn vtun10 server name-server '10.8.0.1' set interfaces openvpn vtun10 server subnet '10.9.1.0/24' set interfaces openvpn vtun10 server topology 'net30' set interfaces openvpn vtun10 tls ca-certificate 'ca' set interfaces openvpn vtun10 tls certificate 'cert' set interfaces openvpn vtun10 tls dh-params 'dh' set interfaces openvpn vtun10 use-lzo-compression vyos@r14:~$
Op-mode
vyos@r14:~$ show openvpn server
Sep 28 2022
Sep 28 2022
Viacheslav added a comment to T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp).
Viacheslav added a comment to T4718: DHCP server listen-address doesn't take effect if the interface is in a VRF.
Maybe something wrong with this check https://github.com/vyos/vyos-1x/blob/f5a50135f07ac4ec8ed431a757b9c56e607d2132/src/conf_mode/dhcp_server.py#L265-L271
Maybe incorrect parsing of port ranges (comma-separated)
rule 120 {
description "Playstation - 172.16.136.96"
destination {
port 1935,3074,3478,3479,3480
}Sep 27 2022
Sep 27 2022
Viacheslav changed the status of T4716: SSH ability to configure RekeyLimit, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T4716: SSH ability to configure RekeyLimit from Open to In progress.
Viacheslav closed T4711: Ability to terminate user TTY and PTS sessions, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.