Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Mar 6 2023

Viacheslav changed the status of T5056: IPoE server vlan-mon is not working from In progress to Needs testing.
Mar 6 2023, 2:51 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5056: IPoE server vlan-mon is not working .

The second bug is interface Regex does not work
Get:

interface=re:eth1\.\d+

Expect:

interface=re:^eth1\.(200\d|20[1-9]\d|2[1-9]\d{2}|3000)$
Mar 6 2023, 12:33 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX39f6be1dcb9e: T5056: Fix IPoE server template for vlan-mon.
Mar 6 2023, 12:16 PM
Viacheslav added a comment to T5056: IPoE server vlan-mon is not working .

PR https://github.com/vyos/vyos-1x/pull/1869

vyos@r14# run show conf com | match ipoe
set service ipoe-server authentication mode 'noauth'
set service ipoe-server interface eth1 client-subnet '100.64.24.0/24'
set service ipoe-server interface eth1 network 'vlan'
set service ipoe-server interface eth1 vlan '2000-3000'
[edit]
vyos@r14#

Check config:

vyos@r14# cat /run/accel-pppd/ipoe.conf  | grep "\[ipoe" -A 7
[ipoe]
verbose=1
interface=re:eth1\.\d+,shared=0,mode=L2,ifcfg=1,range=100.64.24.0/24,start=dhcpv4,ipv6=1
noauth=1
proxy-arp=1
Mar 6 2023, 12:06 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T5056: IPoE server vlan-mon is not working from Open to In progress.
Mar 6 2023, 11:14 AM · VyOS 1.4 Sagitta
Viacheslav created T5056: IPoE server vlan-mon is not working .
Mar 6 2023, 11:11 AM · VyOS 1.4 Sagitta
Viacheslav renamed T4973: show dhcp server leases error for lease time 4294967295 from show dhcp server leases error to show dhcp server leases error for static entries.
Mar 6 2023, 10:24 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4973: show dhcp server leases error for lease time 4294967295.

It is incompatible with static entries.
Maybe it should be fixed after migrating to KEA-DHCP T3316

Mar 6 2023, 10:23 AM · VyOS 1.4 Sagitta
Viacheslav added a project to T5053: Vyatta-cfg Post-Removal Hook Tries to Disable Deleted Service: VyOS 1.4 Sagitta.
Mar 6 2023, 10:21 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5054: ipsec: "show vpn ipsec remote-access" does not list active connections.

The similar task T5042

Mar 6 2023, 7:41 AM · VyOS 1.4 Sagitta

Mar 3 2023

Viacheslav closed T4625: Update ocserv to current revision (1.1.6) as Resolved.

VyOS 1.3-stable-202303030442 Works as expected

vyos@r1# run show conf com | match open
set vpn openconnect authentication mode 'radius'
set vpn openconnect authentication radius server 192.168.122.14 key 'vyos-secret'
set vpn openconnect listen-ports tcp '4433'
set vpn openconnect listen-ports udp '4433'
set vpn openconnect network-settings client-ip-settings subnet '100.64.12.0/24'
set vpn openconnect ssl ca-cert-file '/config/auth/ca.crt'
set vpn openconnect ssl cert-file '/config/auth/server.crt'
set vpn openconnect ssl key-file '/config/auth/server.key'
[edit]
vyos@r1# 
[edit]
vyos@r1# run show version all | match ocser
ii  ocserv                               1.1.6-3                        amd64        OpenConnect VPN server compatible with Cisco AnyConnect VPN
[edit]
vyos@r1# 
[edit]
vyos@r1# run show openconnect-server sessions 
interface    username    ip             remote IP        RX      TX         state      uptime
-----------  ----------  -------------  ---------------  ------  ---------  ---------  --------
sslvpn0      foo         100.64.12.225  192.168.122.205  1.3 KB  152 bytes  connected  55s
[edit]
vyos@r1#
Mar 3 2023, 12:36 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a comment to T5022: VRRP add mail notification.

PR https://github.com/vyos/vyos-1x/pull/1866

set high-availability vrrp global-parameters notification mail 'destination@bar.local'
set high-availability vrrp global-parameters notification send-faults
set high-availability vrrp global-parameters notification smtp-server address '127.0.0.1'
set high-availability vrrp global-parameters notification smtp-server connection-timeout '30'
set high-availability vrrp global-parameters notification smtp-server port '25'
set high-availability vrrp global-parameters notification source-mail 'foo@bar.local'
set high-availability vrrp global-parameters router-id 'MYROUTER'
Mar 3 2023, 11:41 AM · VyOS Rolling, Restricted Project
Viacheslav assigned T5048: QoS doesn't work correctly root task to c-po.
Mar 3 2023, 8:48 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5048: QoS doesn't work correctly root task.

As I understand there no percent or auto and it now expects only rate, needs to check

vyos@r14# set qos policy shaper test default bandwidth
Possible completions:
   <number>             Bits per second
   <number>bit          Bits per second
   <number>kbit         Kilobits per second
   <number>mbit         Megabits per second
   <number>gbit         Gigabits per second
   <number>tbit         Terabits per second
   <number>
Mar 3 2023, 8:39 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4973: show dhcp server leases error for lease time 4294967295.

@Jimz Which lease time are you useing?

starts 5 2023/03/03 02:09:13;
ends never;

With default config I see something like

lease 192.0.2.10 {
  starts 5 2023/03/03 08:07:15;
  ends 6 2023/03/04 08:07:15;
...
Mar 3 2023, 8:21 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5048: QoS doesn't work correctly root task.

Try the latest rolling release

Mar 3 2023, 8:01 AM · VyOS 1.4 Sagitta

Mar 2 2023

Viacheslav added a subtask for T4712: Collaborative Protection Profile cPP for Network Devices root task: T5046: CLI for password complexity enforcement PAM module.
Mar 2 2023, 4:36 PM · VyOS Rolling, VyOS 1.5 Circinus (1.5-stream-2025-Q4)
Viacheslav added a parent task for T5046: CLI for password complexity enforcement PAM module: T4712: Collaborative Protection Profile cPP for Network Devices root task.
Mar 2 2023, 4:36 PM · VyOS Rolling
Viacheslav updated the task description for T5047: Recreate only a specific container.
Mar 2 2023, 3:12 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav created T5047: Recreate only a specific container.
Mar 2 2023, 3:07 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a comment to T5039: Can't add new local user.

possible reason https://github.com/vyos/vyos-1x/commit/3bad1d0adb1c187f6611f4bed3d0ad16927d5d18

Mar 2 2023, 1:38 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5041: PMTU per route-based .
In T5041#143810, @fernando wrote:

Could we use something like Dannil proposes? https://vyos.dev/T4883 , as you said FRR staticd don't allow this option but it could be useful when we have different mtu over the interface.

Mar 2 2023, 12:06 PM · Restricted Project, VyOS Rolling
Viacheslav added a comment to T5045: BFD is not starting after upgrade to 1.4-rolling-202302150317.

Cannot reproduce it with this configuration (VyOS 1.4-rolling-202302280651, don't have a lot of file descriptors):

set protocols bfd peer 192.0.2.5 multihop
set protocols bfd peer 192.0.2.5 source address '192.0.2.1'
set protocols bfd peer 192.0.2.6 multihop
set protocols bfd peer 192.0.2.6 source address '192.0.2.1'
set protocols bfd profile BBR interval multiplier '3'
set protocols bfd profile BBR interval receive '350'
set protocols bfd profile BBR interval transmit '350'
Mar 2 2023, 11:12 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5041: PMTU per route-based .

The thing is, we don't use iproute2 commands for adding a route. We use FRR staticd for it. As an exception failover route that uses iproute2 commands
FRRouting 8.4.2 doesn't have such option

r14(config)# ip route 192.0.2.1/32 203.0.113.1 
  <cr>         
  (1-255)      Distance value for this route
  INTERFACE    IP gateway interface name
     dum0 eth0 eth1 eth2 lo veth0 veth1 wg0 
  Null0        Null interface
  color        SR-TE color
  label        Specify label(s) for this route
  nexthop-vrf  Specify the VRF
  table        Table to configure
  tag          Set tag for this route
  vrf          Specify the VRF
Mar 2 2023, 9:53 AM · Restricted Project, VyOS Rolling
Viacheslav closed T4967: Ability to set hostname for the container as Resolved.
Mar 2 2023, 9:41 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5042: Command 'show vpn ipsec remote-access' does not work.

show vpn ipsec remote-access shows only accel-ppp l2tp, pptp https://github.com/vyos/vyos-1x/blob/current/src/op_mode/show_vpn_ra.py

Mar 2 2023, 8:54 AM · VyOS 1.4 Sagitta
Viacheslav triaged T5039: Can't add new local user as Urgent! priority.
Mar 2 2023, 8:43 AM · VyOS 1.4 Sagitta

Feb 28 2023

Viacheslav committed rVYOSONEXc68d73e6720a: T4967: Allow setting container hostname.
Feb 28 2023, 9:17 PM
Viacheslav changed the status of T4625: Update ocserv to current revision (1.1.6) from In progress to Needs testing.
Feb 28 2023, 6:09 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav changed the status of T5022: VRRP add mail notification from Open to In progress.
Feb 28 2023, 5:43 PM · VyOS Rolling, Restricted Project
Viacheslav added a comment to T4625: Update ocserv to current revision (1.1.6).

PR for 1.3 https://github.com/vyos/vyos-build/pull/316

Feb 28 2023, 5:35 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav changed the status of T4625: Update ocserv to current revision (1.1.6) from Open to In progress.
Feb 28 2023, 5:07 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav claimed T4625: Update ocserv to current revision (1.1.6).
Feb 28 2023, 5:07 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav moved T4625: Update ocserv to current revision (1.1.6) from Open to Finished on the VyOS 1.4 Sagitta board.

For 1.4

vyos@r14# run show version all | match ocser
ii  ocserv                               1.1.6-3                          amd64        OpenConnect VPN server compatible with Cisco AnyConnect VPN
[edit]
vyos@r14#
Feb 28 2023, 5:03 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav moved T4219: support incoming-interface (iif) in local PBR from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Feb 28 2023, 4:57 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav closed T4219: support incoming-interface (iif) in local PBR as Resolved.
Feb 28 2023, 4:57 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a comment to T4481: containers are not starting.

@Nova_Logic Is this bug still active?

Feb 28 2023, 4:31 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4481: containers are not starting from Open to Needs testing.
Feb 28 2023, 4:24 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3420: Support UPNP protocol.

It still requires testing
who can test if this feature works as expected?

Feb 28 2023, 4:23 PM
Viacheslav added a comment to T2640: Running VyOS inside Docker containers.

@zsdc Can we close it?

Feb 28 2023, 4:17 PM · VyOS 1.3 Equuleus (1.3.3)
Viacheslav changed the status of T2640: Running VyOS inside Docker containers from In progress to Needs testing.
Feb 28 2023, 4:14 PM · VyOS 1.3 Equuleus (1.3.3)
Viacheslav closed T3903: Containers: after command "reboot" the host system will reboot after 1.5 minutes as Resolved.
Feb 28 2023, 3:55 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4967: Ability to set hostname for the container.

PR https://github.com/vyos/vyos-1x/pull/1860

Feb 28 2023, 2:32 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4967: Ability to set hostname for the container from Open to In progress.
Feb 28 2023, 1:28 PM · VyOS 1.4 Sagitta
Viacheslav edited projects for T5038: WAN load balancing sticky-connections inbound does not work., added: VyOS 1.3 Equuleus (1.3.3); removed vyatta-wanloadbalance, VyOS 1.3 Equuleus.
Feb 28 2023, 9:58 AM · VyOS Rolling, Bugs
Viacheslav moved T5033: generate-public-key command fails for address with multiple public keys like GitHub from Open to Finished on the VyOS 1.4 Sagitta board.
Feb 28 2023, 9:56 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)
Viacheslav added a comment to T5033: generate-public-key command fails for address with multiple public keys like GitHub.

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1859

Feb 28 2023, 9:22 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)
Viacheslav changed the status of T4977: Babel routing protocol support from Open to Needs testing.
Feb 28 2023, 8:25 AM · VyOS 1.4 Sagitta (1.4.0-epa2)
Viacheslav closed T4843: Command-line arguments in container config, a subtask of T578: Support Linux Container, as Resolved.
Feb 28 2023, 8:24 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav closed T4843: Command-line arguments in container config as Resolved.

Done in T4014

Feb 28 2023, 8:24 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4014: Add “command” and “arg” configuration options for containers, a subtask of T2216: Containerized third-party applications for VyOS, from Open to Needs testing.
Feb 28 2023, 8:22 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4014: Add “command” and “arg” configuration options for containers from Open to Needs testing.
Feb 28 2023, 8:22 AM · VyOS 1.4 Sagitta
Viacheslav closed T5025: Time-zone validation failed as Resolved.
Feb 28 2023, 8:02 AM · VyOS 1.4 Sagitta
Viacheslav moved T5028: Add package exfatprogs to VyOS from Open to Finished on the VyOS 1.4 Sagitta board.
Feb 28 2023, 8:01 AM · VyOS 1.4 Sagitta
Viacheslav closed T5029: Nginx change default root directory and fix regex as Resolved.
Feb 28 2023, 8:01 AM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX599781b3a458: T5033: Ability to generate muliple keys from a file or link.
Feb 28 2023, 6:30 AM

Feb 27 2023

Viacheslav added a comment to T5026: Python3 modules crypt and spwd are deprecated.

Openconnect

[edit]
vyos@r14# set vpn openconnect network-settings push-route 100.64.22.0/24
[edit]
vyos@r14# commit
[ vpn openconnect ]
/usr/libexec/vyos/conf_mode/vpn_openconnect.py:32: DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13
  from crypt import crypt, mksalt, METHOD_SHA512
Feb 27 2023, 4:06 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T5026: Python3 modules crypt and spwd are deprecated.
Feb 27 2023, 4:05 PM · VyOS 1.4 Sagitta
Viacheslav closed T5036: show nat source translations - fails to function as Invalid.
Feb 27 2023, 1:26 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5036: show nat source translations - fails to function.

@Hazza06 https://github.com/vyos/vyos-1x/commit/09be3e86f2171e8b090fd3270ce05ae67ade58ec T4907

Feb 27 2023, 12:45 PM · VyOS 1.4 Sagitta
Viacheslav updated subscribers of T5018: Redirect to IFB removed after change in qos policy.

There is missed the command tc qdisc add dev eth0 handle ffff: ingress

vyos@r14# tc qdisc show dev eth0
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
[edit]
vyos@r14# 
[edit]
vyos@r14# tc filter add dev eth0 parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
[edit]
vyos@r14#
Feb 27 2023, 12:06 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T5018: Redirect to IFB removed after change in qos policy from Open to Confirmed.
Feb 27 2023, 11:51 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5036: show nat source translations - fails to function.

Try the latest rolling release

Feb 27 2023, 9:14 AM · VyOS 1.4 Sagitta
Viacheslav added a project to T3191: PAM RADIUS freezing when accounting does not configured on RADIUS server: VyOS 1.4 Sagitta.
Feb 27 2023, 8:22 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Feb 26 2023

Viacheslav changed the status of T5035: Add more actions to policy route rule from Open to In progress.
Feb 26 2023, 4:53 PM · VyOS 1.4 Sagitta
Viacheslav added a project to T5035: Add more actions to policy route rule: VyOS 1.4 Sagitta.
Feb 26 2023, 4:52 PM · VyOS 1.4 Sagitta

Feb 25 2023

Viacheslav changed the status of T5033: generate-public-key command fails for address with multiple public keys like GitHub from Open to In progress.
Feb 25 2023, 10:49 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)
Viacheslav added a comment to T5033: generate-public-key command fails for address with multiple public keys like GitHub.

PR https://github.com/vyos/vyos-1x/pull/1853

vyos@r14:~$ generate public-key-command user foo path https://github.com/xxxxx.keys
# To add this key as an embedded key, run the following commands:
configure
set system login user foo authentication public-keys github@39e9c9ba-408d-4b4b-9aa6-d07f531285bf key xxxxx
set system login user foo authentication public-keys github@39e9c9ba-408d-4b4b-9aa6-d07f531285bf type ssh-rsa
set system login user foo authentication public-keys github@4732d9b0-4bc5-47d1-9028-0e68348a932f key xxxxx
set system login user foo authentication public-keys github@4732d9b0-4bc5-47d1-9028-0e68348a932f type ssh-rsa
set system login user foo authentication public-keys github@a93a85ba-5b63-4c3a-a589-2e82da7c8f1f key xxxxx
set system login user foo authentication public-keys github@a93a85ba-5b63-4c3a-a589-2e82da7c8f1f type ssh-rsa
commit
save
exit
vyos@r14:~$
Feb 25 2023, 10:47 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)
Viacheslav edited projects for T5033: generate-public-key command fails for address with multiple public keys like GitHub, added: VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.4).

Do those keys always without an "identifier"?
I mean foo@localhost

ssh-rsa AAA....
Feb 25 2023, 8:11 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)
Viacheslav closed T5027: OpenVPN options and site-to-site cannot pass smoketest as Resolved.
Feb 25 2023, 6:56 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4943: Radius SSH login displays "permission denied" on 1.4 rolling release from In progress to Needs testing.
Feb 25 2023, 5:30 AM · VyOS 1.4 Sagitta

Feb 24 2023

Viacheslav committed rVYOSONEXd3fa059264bf: T5029: Change nginx default root directory.
Feb 24 2023, 4:38 PM
Viacheslav committed rVYOSONEXf1dc4ef24173: T5029: Fix Regex for nginx to find a better match.
Feb 24 2023, 4:37 PM
Viacheslav updated the task description for T5029: Nginx change default root directory and fix regex.
Feb 24 2023, 3:45 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5029: Nginx change default root directory and fix regex.

PR https://github.com/vyos/vyos-1x/pull/1848
PR https://github.com/vyos/vyos-1x/pull/1849

Feb 24 2023, 3:30 PM · VyOS 1.4 Sagitta
Viacheslav created T5030: HTTPS-API delete key without id error.
Feb 24 2023, 2:14 PM · VyOS 1.4 Sagitta
Viacheslav created T5029: Nginx change default root directory and fix regex.
Feb 24 2023, 1:45 PM · VyOS 1.4 Sagitta

Feb 23 2023

Viacheslav committed rVYOSONEX3fd4d5b9c595: T5027: Enable legacy provider to support current ciphers.
Feb 23 2023, 7:23 PM
Viacheslav committed rVYOSONEX05d0f593bbfe: T5007: Fix multicast implementation for the tunnel interfaces.
Feb 23 2023, 7:22 PM
Viacheslav added a comment to T5007: Interface multicast setting is invalid.

PR https://github.com/vyos/vyos-1x/pull/1843

Feb 23 2023, 3:31 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a project to T5007: Interface multicast setting is invalid: VyOS 1.3 Equuleus (1.3.3).
Feb 23 2023, 3:31 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav changed the status of T5028: Add package exfatprogs to VyOS from In progress to Needs testing.
Feb 23 2023, 3:17 PM · VyOS 1.4 Sagitta
Viacheslav closed T5013: Extend accelppp.py op-mode to get subnet start stop info from config, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Feb 23 2023, 2:48 PM · VyOS Rolling
Viacheslav closed T5013: Extend accelppp.py op-mode to get subnet start stop info from config as Resolved.
Feb 23 2023, 2:48 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX4298941471eb: T5013: accelppp replace cpu key to cpu_load_percentage op-mode.
Feb 23 2023, 2:47 PM
Viacheslav committed rVYOSONEX9e2e1700c9ea: T5013: Extend accelppp op-mode script to get statistic.
Feb 23 2023, 2:47 PM
Viacheslav committed rVYOSONEX86c8117a75e4: T5017: Add interface ifbX to constraint interface-name.
Feb 23 2023, 2:21 PM
Viacheslav added a comment to T5017: Bug with validator interface-name.

PR https://github.com/vyos/vyos-1x/pull/1845

Feb 23 2023, 1:49 PM · VyOS 1.3 Equuleus (1.3.3)
Viacheslav changed the status of T5028: Add package exfatprogs to VyOS from Open to In progress.
Feb 23 2023, 1:21 PM · VyOS 1.4 Sagitta
Viacheslav closed T5002: Add uk (United Kingdom) keymap as Resolved.
Feb 23 2023, 12:17 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5027: OpenVPN options and site-to-site cannot pass smoketest.

PR https://github.com/vyos/vyos-1x/pull/1842

vyos@r14:~$ /usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py
test_openvpn_client_interfaces (__main__.TestInterfacesOpenVPN.test_openvpn_client_interfaces) ... ok
test_openvpn_client_verify (__main__.TestInterfacesOpenVPN.test_openvpn_client_verify) ... ok
test_openvpn_options (__main__.TestInterfacesOpenVPN.test_openvpn_options) ... ok
test_openvpn_server_net30_topology (__main__.TestInterfacesOpenVPN.test_openvpn_server_net30_topology) ... ok
test_openvpn_server_subnet_topology (__main__.TestInterfacesOpenVPN.test_openvpn_server_subnet_topology) ... ok
test_openvpn_server_verify (__main__.TestInterfacesOpenVPN.test_openvpn_server_verify) ... ok
test_openvpn_site2site_interfaces_tun (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_interfaces_tun) ... ok
test_openvpn_site2site_verify (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_verify) ... ok
Feb 23 2023, 11:11 AM · VyOS 1.4 Sagitta
Viacheslav triaged T5027: OpenVPN options and site-to-site cannot pass smoketest as High priority.
Feb 23 2023, 9:58 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5027: OpenVPN options and site-to-site cannot pass smoketest.
secret has been deprecated
    static key mode (non-TLS) is no longer considered "good and secure enough" for today's requirements. Use TLS mode instead. If deploying a PKI CA is considered "too complicated", using --peer-fingerprint makes TLS mode about as easy as using --secret.

https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst

Feb 23 2023, 9:26 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5027: OpenVPN options and site-to-site cannot pass smoketest.
Feb 23 2023, 9:02 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T5027: OpenVPN options and site-to-site cannot pass smoketest.

Config VyOS:

set interfaces openvpn vtun5001 local-address 203.0.113.1
set interfaces openvpn vtun5001 mode 'site-to-site'
set interfaces openvpn vtun5001 remote-address '192.0.2.5'
set interfaces openvpn vtun5001 shared-secret-key 'ovpn_test'
set pki openvpn shared-secret ovpn_test key '9caf354e0f313b3a671d01e62ea2b512346a651dd30a9e51d6c45dc1031f1b0931eabdf7a0ddcbe1a147ff882ccce35dcb5e1d4d6ddb5e909ca012a8d8e16fe50dd332005dff9a836a2852f36e84e27bad07993a8094c56fb0553866ef74c6c5cc6ddb8f4673d3ff300c48068b944bd8ba1100d41f91d156bcd2629ff39837ddcb34d93147a4aabc7e6ad95d5800c82c8ab60ba302d6625a3b26fbfe183fd6c06d884be44edde344fd0ac91a33064529e010eba0c0f495fa44519fd98adb97452a27fb3340bc20efadd68c9538aa4a238c9f58f542e3571ec78790fdd03e678e18631b82edb9358a2c55ce581d68b71881cad0d0419d4cc58c13641f84281260'
set pki openvpn shared-secret ovpn_test version '1'
Feb 23 2023, 9:00 AM · VyOS 1.4 Sagitta
Viacheslav created T5027: OpenVPN options and site-to-site cannot pass smoketest.
Feb 23 2023, 8:39 AM · VyOS 1.4 Sagitta

Feb 22 2023

Viacheslav created T5026: Python3 modules crypt and spwd are deprecated.
Feb 22 2023, 6:09 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T5025: Time-zone validation failed from In progress to Needs testing.
Feb 22 2023, 5:44 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXd95808b5186f: T5025: Fix timezones and validator use timedatectl.
Feb 22 2023, 5:42 PM
Viacheslav added a comment to T5025: Time-zone validation failed.

PR https://github.com/vyos/vyos-1x/pull/1841

Feb 22 2023, 5:39 PM · VyOS 1.4 Sagitta
First
Prev
Next