Oops. Thank you Nicolas.
Suddenly found myself far behind the current rolling release. Will upgrade first.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 7 2022
Dec 7 2022
aserkin added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Viacheslav changed the status of T4861: Openconnect restart on adding users - Aborts all active connections from Open to In progress.
klase added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.
I have made the change in my configuration and tested as many configuration changes as I could (I have not tested radius authentication, and other options that are not valid in my setup) and it seems to work with this change without any unwanted side effects.
Dec 6 2022
Dec 6 2022
@dmbaturin It shows only IPv4 routes
Could you also add IPv6?
Should be fixed in T4794
Check please the newest version
n.fort added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
@aserkin . Viacheslav commands are present in more recent nighly builds.
Try with one of the latests images.
aserkin added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
There's no
set firewall interface
option here:
admin@vyos-lns-1:~$ show version
Version: VyOS 1.4-rolling-202209131208
Viacheslav changed the subtype of T4861: Openconnect restart on adding users - Aborts all active connections from "Task" to "Feature Request".
Viacheslav added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.
@klase could you make some changes?
sudo nano -c +253 /usr/libexec/vyos/conf_mode/vpn_openconnect.py
and change
call('systemctl restart ocserv.service')to:
call('systemctl reload-or-restart ocserv.service')Viacheslav added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Does it do the same?
set firewall interface l2tp* out name 'FOO' set firewall name FOO rule 10 action 'accept' set firewall name FOO rule 10 protocol 'tcp' set firewall name FOO rule 10 tcp flags syn set firewall name FOO rule 10 tcp mss '1300'
nft
table ip vyos_filter {
chain VYOS_FW_FORWARD {
type filter hook forward priority filter; policy accept;
oifname "l2tp*" counter packets 0 bytes 0 jump NAME_FOO
jump VYOS_POST_FW
}
...
chain NAME_FOO {
tcp flags & syn == syn tcp option maxseg size 1300 counter packets 0 bytes 0 return comment "FOO-10"
counter packets 0 bytes 0 drop comment "FOO default-action drop"
}
}CNI Plugins compatible with nftables https://github.com/greenpau/cni-plugins/
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
a.apostoliuk changed the status of T4862: webproxy domain-block does not work from Open to In progress.
Viacheslav edited projects for T4853: OpenVPN: unable to commit changes when the interface is down/unknown state, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Dec 5 2022
Dec 5 2022
GitHub <noreply@github.com> committed rVYOSONEXec6aaf72378d: Merge pull request #1693 from sever-sever/T4860 (authored by c-po).
Viacheslav changed the status of T4848: Minor bug in OpenConnect server with default route from In progress to Needs testing.
@klase will be fixed in the next rolling release
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEXe4befa498740: T4854: route reflector allows to apply route-maps.
GitHub <noreply@github.com> committed rVYOSONEX26723840edb0: Merge pull request #1690 from fett0/T4854 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX9b40b4c047f3: Merge pull request #1692 from sever-sever/T4848 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX31566f8195b7: Merge pull request #1686 from sever-sever/T4804 (authored by c-po).
Dec 4 2022
Dec 4 2022
Viacheslav changed the status of T4860: Openconnect server incorrect unconfigured check from Open to In progress.
Viacheslav changed the status of T4848: Minor bug in OpenConnect server with default route from Open to In progress.
Viacheslav closed T4825: interfaces veth/veth-pairs -standalone used, a subtask of T4686: Provides support for veth, as Resolved.
Dec 3 2022
Dec 3 2022
GitHub <noreply@github.com> committed rVYOSONEX1804f1cb1a90: Merge pull request #1691 from sarthurdev/T478 (authored by c-po).
PR to fix recursion check: https://github.com/vyos/vyos-1x/pull/1691
Alfa80 awarded T4792: Add SSTP VPN client a Love token.
Viacheslav moved T4858: L3VPN- Route Distinguisher notations from Open to Finished on the VyOS 1.4 Sagitta board.
Dec 2 2022
Dec 2 2022
fernando changed the status of T4854: BGP-route reflector allows to apply route-maps from Confirmed to In progress.
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEXfdeb731f831f: T4858: Fix l3vpn Route Distinguisher validator.
GitHub <noreply@github.com> committed rVYOSONEX71aecaa50fb2: Merge pull request #1688 from fett0/T4858 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX3ef14453e068: Merge pull request #1685 from sever-sever/T4805 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX1c792052d435: Merge pull request #1687 from sever-sever/T4825 (authored by c-po).
jestabro closed T4859: Correct calling of config mode script dependencies from http-api.py, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.
jestabro closed T4859: Correct calling of config mode script dependencies from http-api.py as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX8cdc6aea127c: Merge pull request #1689 from jestabro/config-script-dependency (authored by jestabro).
fernando changed the status of T4858: L3VPN- Route Distinguisher notations from Open to In progress.
jestabro triaged T4859: Correct calling of config mode script dependencies from http-api.py as Normal priority.
n.fort changed the status of T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?) from Unknown Status to Resolved.
We can do it the same way
vyos@r1# set service snmp oid-enable Possible completions: route-table Enable routing table OIDs (ipCidrRouteTable inetCidrRouteTable)
so by default they should be disabled
Error also present in vyos-1.4-rolling-202212020318
n.fort changed the status of T4857: SNMP - Implement FRR SNMP recommendations from Open to Confirmed.
Verify if you are trying to add a new vethX to exists pair (veth12 link to veth0 should be RaiseConfigerror)
set interfaces virtual-ethernet veth0 peer-name 'veth1' set interfaces virtual-ethernet veth1 peer-name 'veth0' set interfaces virtual-ethernet veth12 peer-name 'veth0' commit
commit
vyos@r1# commit
[ interfaces virtual-ethernet veth12 ]
{'ifname': 'veth12',
'other_interfaces': {'veth0': {'peer_name': 'veth1'},
'veth1': {'peer_name': 'veth0'},
'veth12': {'peer_name': 'veth0'}},
'peer_name': 'veth0'}
VyOS had an issue completing a command.Viacheslav changed the status of T4767: replace sh to Python (generate_ipsec_debug_archive.sh) from In progress to Needs testing.
Unknown Object (User) committed rVYOSONEX4245fd8fb105: T4767: Rewrite generate ipsec archive to python.
GitHub <noreply@github.com> committed rVYOSONEXaec5295551ef: Merge pull request #1646 from mkorobeinikov/4767py (authored by c-po).
Dec 1 2022
Dec 1 2022
jestabro closed T4847: Correct calling of config mode script dependencies from pki.py, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.