Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Nov 3 2022

TheSin- updated the task description for T4797: External address/network lists for firewall (Local and remote).
Nov 3 2022, 9:15 PM · VyOS 1.5 Circinus
TheSin- updated the task description for T4797: External address/network lists for firewall (Local and remote).
Nov 3 2022, 8:59 PM · VyOS 1.5 Circinus
TheSin- added a comment to T4797: External address/network lists for firewall (Local and remote).

After a few hours of digging I do think this request would be very similar to geoip, only ipv4, and ipv6 groups would be required per list.

Nov 3 2022, 8:06 PM · VyOS 1.5 Circinus
sarthurdev triaged T4797: External address/network lists for firewall (Local and remote) as Wishlist priority.
Nov 3 2022, 7:44 PM · VyOS 1.5 Circinus
Viacheslav changed the status of T4758: Rewrite show dhcp server to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Nov 3 2022, 7:42 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Viacheslav changed the status of T4758: Rewrite show dhcp server to vyos.opmode format from In progress to Needs testing.
Nov 3 2022, 7:42 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T1097: Make firewall groups work everywhere that's appropropriate from Open to In progress.

PR adds groups to NAT: https://github.com/vyos/vyos-1x/pull/1633

Nov 3 2022, 7:41 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T1097: Make firewall groups work everywhere that's appropropriate, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to In progress.
Nov 3 2022, 7:41 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
jestabro reopened T3574: Add constraintGroup for combining validators with logical AND as "Open".

Reopened, as this was never backported to 1.3; set for 1.3.3.

Nov 3 2022, 6:14 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
TheSin- added a comment to T4797: External address/network lists for firewall (Local and remote).

I didn't look deep into the nft groups, so I wasn't sure if we could mix ipv4/6 and addresses and networks, if we can then I agree one group would be best, though I'm sure ipv4/6 would still need to separate but checking each line for : makes that task super easy and fast.

Nov 3 2022, 5:38 PM · VyOS 1.5 Circinus
n.fort added a comment to T4797: External address/network lists for firewall (Local and remote).

From my point of fiew, looks interesting.
The proposed structure and behaviour doesn't look that different than what is currently in geoip filtering: external URLs with data, and sync from time to time.

Nov 3 2022, 5:29 PM · VyOS 1.5 Circinus
TheSin- created T4797: External address/network lists for firewall (Local and remote).
Nov 3 2022, 5:00 PM · VyOS 1.5 Circinus
dmbaturin created T4796: build-vyos-image ignores multiple options.
Nov 3 2022, 4:42 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
c-po changed the status of T4795: Cleanup custom python validators from Open to In progress.
Nov 3 2022, 4:17 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
c-po created T4795: Cleanup custom python validators.
Nov 3 2022, 4:15 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
TheSin- renamed T4794: show firewall name <name> - Can't use .items() on a list from Can't use .items() on a list to show firewall name <name> - Can't use .items() on a list.
Nov 3 2022, 2:33 PM · VyOS 1.4 Sagitta
TheSin- created T4794: show firewall name <name> - Can't use .items() on a list.
Nov 3 2022, 2:14 PM · VyOS 1.4 Sagitta
a.apostoliuk added a subtask for T3953: IPSec with vti interfaces by default add default route to table 220: T4793: Create warning message about disable-route-autoinstall when ipsec vti is used.
Nov 3 2022, 12:37 PM · VyOS 1.3 Equuleus (1.3.9)
a.apostoliuk added a parent task for T4793: Create warning message about disable-route-autoinstall when ipsec vti is used: T3953: IPSec with vti interfaces by default add default route to table 220.
Nov 3 2022, 12:37 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
a.apostoliuk changed the status of T4793: Create warning message about disable-route-autoinstall when ipsec vti is used from Open to In progress.
Nov 3 2022, 12:32 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
a.apostoliuk triaged T4793: Create warning message about disable-route-autoinstall when ipsec vti is used as Normal priority.
Nov 3 2022, 12:31 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
jack9603301 added a comment to T1797: Implement DPDK Fast-Path using FRR's Alternate Forwarding Planes and VPP.
Nov 3 2022, 10:02 AM · Restricted Project, VyOS 1.5 Circinus
giezi added a comment to T1797: Implement DPDK Fast-Path using FRR's Alternate Forwarding Planes and VPP.

The enhanced linux-cp plugin (from IPng) is since 21.06 an official part of VPP, so the integration should be simple:
https://vpp.flirble.org/master/aboutvpp/releasenotes/v21.06.html#linux-control-plane-plugin-linux-cp

Nov 3 2022, 9:49 AM · Restricted Project, VyOS 1.5 Circinus
Viacheslav placed T3953: IPSec with vti interfaces by default add default route to table 220 up for grabs.
Nov 3 2022, 7:43 AM · VyOS 1.3 Equuleus (1.3.9)
initramfs added a comment to T4760: VyOS does not support running multiple instances of DHCPv6 clients.

A patch to the WIDE DHCPv6 client seems to be sufficient to resolve this issue with respect to the way VyOS currently uses the daemon (one daemon per configured interface), PRs below:

Nov 3 2022, 1:59 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
Viacheslav renamed T4789: Ability to get L2TP/PPTP/SSTP sessions info in a machine readable format from Ability to get L2TP/PPTP sessions info in a machine readable format to Ability to get L2TP/PPTP/SSTP sessions info in a machine readable format.
Nov 3 2022, 12:17 AM · VyOS 1.4 Sagitta

Nov 2 2022

c-po moved T4177: Strip-private doesn't work for service monitoring from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Nov 2 2022, 6:52 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
zsdc changed the status of T4776: NVME storage is not detected properly during installation from In progress to Needs testing.

Sure, it is fully compatible with 1.3. If no problems are found after the changes in 1.4 it must be backported.

Nov 2 2022, 4:10 PM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
Viacheslav created T4792: Add SSTP VPN client.
Nov 2 2022, 3:29 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4771: Rewrite protocol BGP op-mode to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Nov 2 2022, 2:40 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Viacheslav changed the status of T4771: Rewrite protocol BGP op-mode to vyos.opmode format from In progress to Needs testing.
Nov 2 2022, 2:40 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4777: Ability to get logs in machine readable format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Nov 2 2022, 2:39 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Viacheslav changed the status of T4777: Ability to get logs in machine readable format from In progress to Needs testing.

Requires rewriting function show to python-systemd

Nov 2 2022, 2:39 PM · VyOS 1.5 Circinus
hard added a comment to T4502: Consider implementing (NAT/other) flow table offload.

on nightly build nftables v1.0.5 and kernel 5.15.76

Nov 2 2022, 9:10 AM · VyOS 1.4 Sagitta
jack9603301 added a comment to T4756: General applications that support SOCAT.

As a first step, we need a wrapper script to control the start, stop and restart of socat, because socat sometimes exits automatically

Nov 2 2022, 7:37 AM · Restricted Project, VyOS 1.5 Circinus
jack9603301 added a comment to T4766: Enable Cross-Protocol Translation (relay).

As a first step, we need a wrapper script to control the start, stop and restart of socat, because socat sometimes exits automatically

Nov 2 2022, 7:37 AM · VyOS 1.5 Circinus
a.apostoliuk changed the status of T4790: RADIUS login does not work if sum of timeouts more than 50s from Open to In progress.
Nov 2 2022, 6:41 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
a.apostoliuk claimed T4790: RADIUS login does not work if sum of timeouts more than 50s .
Nov 2 2022, 6:41 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta

Nov 1 2022

ordex added a comment to T3214: OpenVPN IPv6 fixes.

I created a PR to solve this specific issue (and some more related to this): https://github.com/vyos/vyos-1x/pull/1637

Nov 1 2022, 10:38 PM · VyOS 1.5 Circinus
Viacheslav added a comment to T4777: Ability to get logs in machine readable format.

PR https://github.com/vyos/vyos-1x/pull/1635

Nov 1 2022, 5:36 PM · VyOS 1.5 Circinus
Viacheslav edited projects for T4737: FRRouting/zebra 7.5.1 does not redistribute routes to other protocols, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Nov 1 2022, 5:31 PM · VyOS 1.3 Equuleus (1.3.3)
Viacheslav awarded T4791: Consistent normalization of 'raw' output of op-mode scripts for CLI and API a Like token.
Nov 1 2022, 5:30 PM · VyOS 1.4 Sagitta
Viacheslav edited projects for T4790: RADIUS login does not work if sum of timeouts more than 50s , added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Nov 1 2022, 5:28 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
c-po closed T4177: Strip-private doesn't work for service monitoring as Resolved.
Nov 1 2022, 5:24 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
jestabro changed the status of T4791: Consistent normalization of 'raw' output of op-mode scripts for CLI and API from Open to In progress.
Nov 1 2022, 4:34 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4777: Ability to get logs in machine readable format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Nov 1 2022, 3:45 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Viacheslav changed the status of T4777: Ability to get logs in machine readable format from Open to In progress.
Nov 1 2022, 3:45 PM · VyOS 1.5 Circinus
a.apostoliuk created T4790: RADIUS login does not work if sum of timeouts more than 50s .
Nov 1 2022, 3:43 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
fernando added a comment to T4788: Factory-reset/default command .

normally, when I want to make an empty-base config, I save config.boot another place. So I load it when I need to restart the configuration. I was thinking that we can make something like it by cli, it should be saved in the first config.boot file and restored.

Nov 1 2022, 2:51 PM · VyOS 1.5 Circinus
n.fort added a comment to T4788: Factory-reset/default command .

Maybe a simplified and interactive cli, as when adding new image? So user can decide what to do with other images and containers.

Nov 1 2022, 1:29 PM · VyOS 1.5 Circinus
sarthurdev changed the status of T1877: Feature Request: Allow NAT to use network and address groups from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1633

Nov 1 2022, 12:48 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T970: Support matching domain name in firewall rules.

Adds firewall node rule N source/destination fqdn domain.com for single domains per rule and refactors resolver daemon.

Nov 1 2022, 12:47 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Viacheslav updated the task description for T4789: Ability to get L2TP/PPTP/SSTP sessions info in a machine readable format.
Nov 1 2022, 11:46 AM · VyOS 1.4 Sagitta
Viacheslav created T4789: Ability to get L2TP/PPTP/SSTP sessions info in a machine readable format.
Nov 1 2022, 11:45 AM · VyOS 1.4 Sagitta
sarthurdev moved T4759: domain-group on policy route not working from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4759: domain-group on policy route not working from Open to In progress.
Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta
sarthurdev closed T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat as Resolved.
Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4774: Disallow duplicate pubkey on peers of a wireguard interface from In progress to Backport candidate.
Nov 1 2022, 9:18 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4788: Factory-reset/default command from "Task" to "Feature Request".

In addition to the configuration, you also need to reset all logs/custom scripts and boot from the base image.
What will be if you have several images? Should we delete all other images?
What will be if you have container images? Should we delete them?
And there are many other nuances.

Nov 1 2022, 9:02 AM · VyOS 1.5 Circinus
c-po changed the status of T4750: Support of higher level SSH keys (sk-ssh-ed25519) from In progress to Needs testing.
Nov 1 2022, 8:22 AM · VyOS 1.4 Sagitta
c-po changed the status of T4750: Support of higher level SSH keys (sk-ssh-ed25519) from Open to In progress.
Nov 1 2022, 8:03 AM · VyOS 1.4 Sagitta
c-po claimed T4750: Support of higher level SSH keys (sk-ssh-ed25519).
Nov 1 2022, 8:03 AM · VyOS 1.4 Sagitta
c-po reopened T4720: Ability to configure SSH HostKeyAlgorithms, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Needs testing.
Nov 1 2022, 8:03 AM · VyOS 1.5 Circinus
c-po reopened T4720: Ability to configure SSH HostKeyAlgorithms as "Needs testing".
Nov 1 2022, 8:03 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4720: Ability to configure SSH HostKeyAlgorithms.

@Arc771
Could you provide an example of how to generate the required keys? We will test it.
But It should be a separate task

Nov 1 2022, 8:01 AM · VyOS 1.4 Sagitta
Viacheslav placed T4750: Support of higher level SSH keys (sk-ssh-ed25519) up for grabs.
Nov 1 2022, 8:00 AM · VyOS 1.4 Sagitta
Viacheslav reopened T4750: Support of higher level SSH keys (sk-ssh-ed25519) as "Open".

So the original task means that we don't have new CLI options in login keys
Missing sk-ssh-ed25519

vyos@r14# set system login user foo authentication public-keys foo type 
Possible completions:
   ssh-dss              None
   ssh-rsa              None
   ecdsa-sha2-nistp256  None
   ecdsa-sha2-nistp384  None
   ssh-ed25519          None
   ecdsa-sha2-nistp521
Nov 1 2022, 8:00 AM · VyOS 1.4 Sagitta

Oct 31 2022

fernando triaged T4788: Factory-reset/default command as Normal priority.
Oct 31 2022, 8:32 PM · VyOS 1.5 Circinus
sarthurdev changed the status of T1877: Feature Request: Allow NAT to use network and address groups from Open to In progress.
Oct 31 2022, 8:15 PM · VyOS 1.4 Sagitta
Arc771 added a comment to T4720: Ability to configure SSH HostKeyAlgorithms.

Seems to be not fully functional

Oct 31 2022, 5:00 PM · VyOS 1.4 Sagitta
c-po closed T4787: ipsec: add support for road-warrior/remote-access RADIUS timeout as Resolved.
Oct 31 2022, 2:11 PM · VyOS 1.4 Sagitta
c-po claimed T4787: ipsec: add support for road-warrior/remote-access RADIUS timeout.
Oct 31 2022, 2:09 PM · VyOS 1.4 Sagitta
c-po created T4787: ipsec: add support for road-warrior/remote-access RADIUS timeout.
Oct 31 2022, 2:08 PM · VyOS 1.4 Sagitta
Viacheslav moved T1875: Add the ability to use network address as BGP neighbor (bgp listen range) from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Oct 31 2022, 12:00 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav closed T1875: Add the ability to use network address as BGP neighbor (bgp listen range), a subtask of T2174: Rewrite protocol BGP to new XML/Python style, as Resolved.
Oct 31 2022, 12:00 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav closed T1875: Add the ability to use network address as BGP neighbor (bgp listen range) as Resolved.
Oct 31 2022, 12:00 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav closed T4786: Add package python3-pyhumps as Resolved.
Oct 31 2022, 11:44 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4771: Rewrite protocol BGP op-mode to vyos.opmode format.

PR https://github.com/vyos/vyos-1x/pull/1623

Oct 31 2022, 11:06 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4786: Add package python3-pyhumps.

PR https://github.com/vyos/vyos-1x/pull/1631

Oct 31 2022, 11:05 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4786: Add package python3-pyhumps from Open to In progress.
Oct 31 2022, 10:44 AM · VyOS 1.4 Sagitta
Viacheslav changed Difficulty level from unknown to easy on T4786: Add package python3-pyhumps.
Oct 31 2022, 10:41 AM · VyOS 1.4 Sagitta
Viacheslav created T4786: Add package python3-pyhumps.
Oct 31 2022, 10:41 AM · VyOS 1.4 Sagitta
c-po closed T4785: snmp: Allow !, @, * and # in community name as Resolved.
Oct 31 2022, 5:50 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po moved T4785: snmp: Allow !, @, * and # in community name from Backport Candidates to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Oct 31 2022, 5:50 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Oct 30 2022

roedie added a comment to T4526: keepalived-fifo.py unable to load config.

Done: https://github.com/vyos/vyos-1x/pull/1630

Oct 30 2022, 2:53 PM · vyos-keepalived, vyatta-vrrp, VyOS 1.4 Sagitta
c-po renamed T4785: snmp: Allow !, @, * and # in community name from snmp: Allow ! in community name to snmp: Allow !, @, * and # in community name.
Oct 30 2022, 11:52 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Oct 29 2022

Viacheslav added a comment to T4776: NVME storage is not detected properly during installation.

@zsdc could we backport it to 1.3?

Oct 29 2022, 7:26 PM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
Viacheslav added a parent task for T4779: Make raw op mode command outputs use bytes for data amount values: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Oct 29 2022, 7:21 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T4564: Root task for rewriting [op-mode] to vyos.opmode format: T4779: Make raw op mode command outputs use bytes for data amount values.
Oct 29 2022, 7:21 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Viacheslav updated subscribers of T4781: cloud-init fails to handle "::" as a netmask for routes.
Oct 29 2022, 7:18 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA)
Viacheslav closed T4783: Add support for stunnel as Resolved.
Oct 29 2022, 7:16 PM · VyOS 1.4 Sagitta
c-po moved T4785: snmp: Allow !, @, * and # in community name from Finished to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.
Oct 29 2022, 7:04 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po moved T4785: snmp: Allow !, @, * and # in community name from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Oct 29 2022, 7:04 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po moved T4785: snmp: Allow !, @, * and # in community name from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Oct 29 2022, 7:03 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po added a comment to T4785: snmp: Allow !, @, * and # in community name.

Backport for VyOS 1.3.3 https://github.com/vyos/vyos-1x/pull/1629

Oct 29 2022, 7:03 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po closed T4784: Add description node for static route/route6 tagNodes as Resolved.
Oct 29 2022, 6:59 PM · VyOS 1.4 Sagitta
c-po claimed T4785: snmp: Allow !, @, * and # in community name.
Oct 29 2022, 6:57 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po created T4785: snmp: Allow !, @, * and # in community name.
Oct 29 2022, 6:57 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
sarthurdev moved T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Oct 29 2022, 5:54 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4782: Allow multiple CA certificates (on e.g. EAPoL) from Open to Confirmed.

Good point, I'll try and look into this and see if it can be handled everywhere the new PKI nodes are used.

Oct 29 2022, 5:53 PM · VyOS 1.4 Sagitta
First
Prev
Next