@lue30499 T4997 was merged, so the script I put above (which adds/updates a firewall group for the DHCP IP of any DHCP-enabled interfaces) can now be installed on an official build of 1.4-rolling!
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Feb 27 2023
Feb 27 2023
marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.
As a temporary workaround, I use the script below. For some reason /etc/rc.local no longer runs automatically on VyOS 1.3.2, so I run it manually after each reboot for now. Until it is run, Phicomm routers keep disconnecting due to failed IPV6CP negotiation incorrectly triggering complete PPPoE session termination. I have two PPPoE servers at different locations for redundancy, both rebooting at the same time is very unlikely, so I can live with it for now.
a.apostoliuk moved T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from Open to Finished on the VyOS 1.4 Sagitta board.
Feb 25 2023
Feb 25 2023
Viacheslav changed the status of T5033: generate-public-key command fails for address with multiple public keys like GitHub from Open to In progress.
Viacheslav added a comment to T5033: generate-public-key command fails for address with multiple public keys like GitHub.
PR https://github.com/vyos/vyos-1x/pull/1853
vyos@r14:~$ generate public-key-command user foo path https://github.com/xxxxx.keys # To add this key as an embedded key, run the following commands: configure set system login user foo authentication public-keys github@39e9c9ba-408d-4b4b-9aa6-d07f531285bf key xxxxx set system login user foo authentication public-keys github@39e9c9ba-408d-4b4b-9aa6-d07f531285bf type ssh-rsa set system login user foo authentication public-keys github@4732d9b0-4bc5-47d1-9028-0e68348a932f key xxxxx set system login user foo authentication public-keys github@4732d9b0-4bc5-47d1-9028-0e68348a932f type ssh-rsa set system login user foo authentication public-keys github@a93a85ba-5b63-4c3a-a589-2e82da7c8f1f key xxxxx set system login user foo authentication public-keys github@a93a85ba-5b63-4c3a-a589-2e82da7c8f1f type ssh-rsa commit save exit vyos@r14:~$
c-po closed T5034: Migrate multicast CLI node to valueLess, a subtask of T5007: Interface multicast setting is invalid, as Resolved.
c-po changed the status of T5034: Migrate multicast CLI node to valueLess, a subtask of T5007: Interface multicast setting is invalid, from Open to In progress.
c-po moved T4948: pppoe: add CLI option to allow definition of host-uniq flag from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5007: Interface multicast setting is invalid from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5017: Bug with validator interface-name from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
doctorpangloss added a comment to T5033: generate-public-key command fails for address with multiple public keys like GitHub.
Yes, apparently so from GitHub.
Viacheslav edited projects for T5033: generate-public-key command fails for address with multiple public keys like GitHub, added: VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.4).
Do those keys always without an "identifier"?
I mean foo@localhost
ssh-rsa AAA....
Feb 24 2023
Feb 24 2023
a.apostoliuk changed the status of T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from Needs testing to In progress.
Feb 23 2023
Feb 23 2023
Viacheslav added a project to T5007: Interface multicast setting is invalid: VyOS 1.3 Equuleus (1.3.3).
Feb 22 2023
Feb 22 2023
Viacheslav changed the status of T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536 from In progress to Needs testing.
Feb 21 2023
Feb 21 2023
Also bug with ifb interface
vyos@r14# set interfaces input ifb0 [edit] vyos@r14# set interfaces ethernet eth0 redirect 'ifb0'
marc_s added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
Thanks @Viacheslav https://github.com/vyos/vyos-1x/pull/1838 fixed it for me.
Viacheslav added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
Cherry-pick for 1.3.3 https://github.com/vyos/vyos-1x/pull/1838
Viacheslav added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
The thing is we have default values (for example memory) only for the first container:
##################################################
{'name': {'multitool': {'description': 'Network multitool container',
'image': 'wbitt/network-multitool:fedora',
'memory': '512',
'network': {'cntr-net': {}},
'port': {'http': {'destination': '80',
'protocol': 'tcp',
'source': '80'}},
'restart': 'on-failure',
'shared_memory': '64'},
'nrpe': {'allow_host_networks': {},
'image': 'incitem/almalinux9:nrpe',
'protocol': 'tcp'},
'radius': {'allow_host_networks': {},
'image': 'dchidell/radius-web',
'protocol': 'tcp',
'volume': {'clients': {'destination': '/etc/raddb/clients.conf',
'mode': 'rw',
'source': '/config/containers/radius/clients'},
'users': {'destination': '/etc/raddb/users',
'mode': 'rw',
'source': '/config/containers/radius/users'}}}},
'network': {'cntr-net': {'description': 'VyOS Container Network',
'prefix': ['172.253.253.0/24']}},
'registry': ['docker.io', 'quay.io']}
##################################################Feb 20 2023
Feb 20 2023
Viacheslav added a project to T5011: Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped: VyOS 1.3 Equuleus (1.3.3).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1833
Feb 19 2023
Feb 19 2023
@c-po confirmed fixed, thank you.
Feb 18 2023
Feb 18 2023
c-po moved T5017: Bug with validator interface-name from Finished to In Progress on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5017: Bug with validator interface-name from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Feb 17 2023
Feb 17 2023
Thanks for clarification @b-
This isn’t specific to WANs at all, no! I am using it for a WAN, so some of my comments reflect that, but really this is just a generic hook for any DHCP interface.
@b- Im not sure 100% sure whats happening, as I am not a developer... I saw your code samples and PR in git...
Feb 15 2023
Feb 15 2023
n.fort changed the status of T5009: op-mode command: restart dhcp relay-agent not working from In progress to Needs testing.
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from Finished to 1.3.3 on the VyOS 1.3 Equuleus board.
Viacheslav edited projects for T5009: op-mode command: restart dhcp relay-agent not working, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Viacheslav triaged T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set as High priority.
Feb 14 2023
Feb 14 2023
Error still present in 1.4: https://vyos.dev/T5004
zsdc changed the status of T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set from Confirmed to In progress.
PR with a fix: https://github.com/vyos/vyatta-cfg/pull/61
Feb 13 2023
Feb 13 2023
n.fort changed the status of T4153: Monitor bandwidth-test initiate not working from Unknown Status to Resolved.
Then lets close it
Don't see any issue with 1.3
vyos@r1:~$ monitor bandwidth-test initiate 192.168.122.14 ------------------------------------------------------------ Client connecting to 192.168.122.14, TCP port 5001 TCP window size: 85.0 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.122.11 port 58042 connected with 192.168.122.14 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 6.37 GBytes 5.47 Gbits/sec vyos@r1:~$ vyos@r1:~$ show version
a.apostoliuk changed the status of T4993: Can't delete conntrack ignore rule from In progress to Needs testing.
Everything works on version 1.4
Feb 12 2023
Feb 12 2023
Viacheslav changed the status of T4999: vyos.util backport dict_search_recursive from Open to In progress.
Viacheslav changed the subtype of T4999: vyos.util backport dict_search_recursive from "Bug" to "Feature Request".
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1812
okay, so with https://vyos.dev/T4997 in place (tested via my custom build https://github.com/b-/vyos-build-action/releases/tag/v1.4-rolling_bri_add-dhcp-user-hooks ) and the following file in /config/scripts/dhcp-client/post-hooks.d/set-addrgroup
#!/bin/sh # # /config/scripts/dhcp-client/post-hooks.d/set-addrgroup
Feb 11 2023
Feb 11 2023
Reading more of the fancy internal scripting going on inside VyOS, there's already both a place to put this script (that would cause it to automatically be called by dhclient upon a new address), _and_ it sets a bunch of variables for us so I don't have to hac hac hac parse output that really isn't intended to be parsed. https://github.com/vyos/vyos-1x/tree/current/src/etc/dhcp/dhclient-exit-hooks.d
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
WAN_IF_GROUP=wan
show firewall group interface ${WAN_IF_GROUP} | cut -c 2- | cut -d' ' -f2 > /tmp/WANS
WANS=$(</tmp/WANS)
getip(){
#ip -4 a show ${1} | grep -Po 'inet \K[0-9.]*'
run show interface ${1:0:3} $1 brief | tr -s ' ' | grep $1 | cut -d' ' -f2 | cut -d/ -f1 | grep -v ':'
# returns like 123.234.34.34
# grep -v : removes ipv6
}In T2196#125917, @lue30499 wrote:This feature would be very helpfull for hairpin nat as we can see from the mentions.
Might also be helpfull for ipv6 as well.
I am aware its a different product but edgeos from ubiquiti does something like this (looks to be a managed address group that populates dynamically) for nat and fw:destination { group { address-group ADDRv4_eth0 } }
I just want to really strongly second this issue — if this feature isn't added and I can't find a good workaround, I won't be able to stick with VyOS :(
Feb 10 2023
Feb 10 2023
a.apostoliuk changed the status of T4993: Can't delete conntrack ignore rule from Open to In progress.
Take a look at this T4165
Maybe the same issue but per rule. Different order of "comment"
Viacheslav edited projects for T4993: Can't delete conntrack ignore rule, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Viacheslav updated the task description for T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set.
Viacheslav changed the status of T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set from Open to Confirmed.
Viacheslav moved T1993: Extended pppoe rate-limiter from Open to Finished on the VyOS 1.4 Sagitta board.
Feb 8 2023
Feb 8 2023
@c-po Do you have any idea for CLI?
Viacheslav moved T2603: pppoe-server: reduce min MTU from Open to Finished on the VyOS 1.4 Sagitta board.
@skoenman Could you write some examples of configuration?