- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 6 2023
Apr 6 2023
We have targets-checks 203.0.113.1, 192.0.2.1, and if any of these targets are unreachable, we delete this route.
Is it correct?
@c-po How is the review and discussion on this feature going?
Viacheslav closed T5125: Add op-mode commands for hsflowd based sflow, a subtask of T5086: Integrate hsflowd for sflow accounting, as Resolved.
Viacheslav closed T5146: Show recent login of all users, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Invalid.
A similar output exists
show system login users Possible completions: <Enter> Execute the current command all Show information about all accounts locked Show information about locked accounts other Show information about non VyOS user accounts vyos Show information about VyOS user accounts`
Apr 5 2023
Apr 5 2023
Viacheslav changed the status of T5146: Show recent login of all users, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
c-po closed T425: AWS CloudWatch monitoring scripts, a subtask of T5129: Add AWS build flavour, as Resolved.
c-po moved T5136: Possible config corruption on upgrade from Backport Candidates to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Viacheslav closed T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.
In T4362#146398, @Viacheslav wrote:@marc_s Will be fixed in the next rolling release, could you check?
marc_s added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
Thanks @Viacheslav will test ASAP, next week I have a maintenance window, will let you know.
a.apostoliuk changed the status of T5135: Rewrite opennhrp script using vyos.ipsec library from In progress to Needs testing.
Apr 4 2023
Apr 4 2023
Viacheslav changed the status of T5138: Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID from In progress to Needs testing.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from In progress to Needs testing.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system from In progress to Needs testing.
PR https://github.com/vyos/vyos-1x/pull/1939
set system login max-login-session '1' set system login timeout '600'
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system from Open to In progress.
Is it possible to implement multiple test targets instead of just one?
Bug: unable to rename a failover route:
@Viacheslav Ok!
Harliff awarded T1237: Static Route Path Monitoring, failover a Burninate token.
Harliff awarded T1237: Static Route Path Monitoring, failover a Like token.
Viacheslav updated the task description for T4712: Collaborative Protection Profile cPP for Network Devices root task.
@Harliff It is better to write to this task if you find bugs or propose new features.
So anyone could claim/fix it.
Thanks.
@Viacheslav, where is best place to discuss the feature (ask a question or report a bug)?
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav changed the status of T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events., a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events. from Open to In progress.
Nice feature. I'm testing it now.
Viacheslav changed the status of T5138: Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID from Open to In progress.
@neilmckee Thanks.
If output looks good we can close the task
a.apostoliuk changed the status of T5093: Command 'reset vpn ipsec-profile' doesn't work from In progress to Needs testing.
Viacheslav closed T4362: Wan Load Balancing - Can't create routing tables, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Resolved.
Apr 3 2023
Apr 3 2023
indrajitr changed the status of T5143: Apply constraint on powerdns forward-zones configuration from Open to In progress.
I think one of the problems is that all tables are generated even if there are no rules in it.
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Yes. Packet drops are classed as "event_samples" internally. Definitions for telemetry counters are here:
https://github.com/sflow/host-sflow/blob/v2.0.50-4/src/Linux/hsflowd.h#L460-L486
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs testing.
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables from Open to Needs testing.
@marc_s Will be fixed in the next rolling release, could you check?
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from In progress to Needs testing.
Will be available in the next rolling release.
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from Open to In progress.
Viacheslav added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
PR https://github.com/vyos/vyos-1x/pull/1933
set vpn ipsec authentication psk MY-PEER id '192.0.2.1' set vpn ipsec authentication psk MY-PEER id '192.0.2.10' set vpn ipsec authentication psk MY-PEER secret 'SeCrEt' set vpn ipsec esp-group ESP proposal 1 set vpn ipsec ike-group IKE key-exchange 'ikev2' set vpn ipsec ike-group IKE lifetime '0' set vpn ipsec ike-group IKE proposal 1 dh-group '14' set vpn ipsec ike-group IKE proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE proposal 1 hash 'sha256' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer MY-PEER authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer MY-PEER ike-group 'IKE' set vpn ipsec site-to-site peer MY-PEER local-address '192.0.2.1' set vpn ipsec site-to-site peer MY-PEER remote-address '192.0.2.10' set vpn ipsec site-to-site peer MY-PEER tunnel 1 esp-group 'ESP' set vpn ipsec site-to-site peer MY-PEER tunnel 1 local prefix '10.0.2.0/25' set vpn ipsec site-to-site peer MY-PEER tunnel 1 remote prefix '10.5.5.0/25'
Expected `no rekeying
vyos@r14:~$ sudo swanctl -L
MY-PEER: IKEv2, no reauthentication, no rekeying, dpd delay 30s
local: 192.0.2.1
remote: 192.0.2.10
local pre-shared key authentication:
remote pre-shared key authentication:
id: %any
MY-PEER-tunnel-1: TUNNEL, rekeying every 3272s, dpd action is none
local: 10.0.2.0/25
remote: 10.5.5.0/25
vyos@r14:~$Viacheslav changed the status of T5139: IKE life-time should start from 0 for disable rekey from Open to In progress.
Viacheslav changed the subtype of T5139: IKE life-time should start from 0 for disable rekey from "Bug" to "Feature Request".
PR https://github.com/vyos/vyos-1x/pull/1932
vyos@r14:~$ show sflow -------------------------- ----------------------------------- Agent address 192.168.122.14 sFlow interfaces ['eth0', 'eth1'] sFlow servers ['192.168.122.1', '192.168.122.11'] Counter samples sent 159 Datagrams sent 949 Packet samples sent 124 Packet samples dropped 0 Packet drops sent 815 Packet drops suppressed 0 Flow samples suppressed 0 Counter samples suppressed 0 -------------------------- ----------------------------------- vyos@r14:~$
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
@lcrockett Add please a new bug report.
It actually already exists: https://vyos.dev/T1981
@PSDev Add please a separate bug report
c-po moved T5136: Possible config corruption on upgrade from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5136: Possible config corruption on upgrade from Need Triage to Finished on the VyOS 1.4 Sagitta board.
PR for VyOS 1.3 https://github.com/vyos/vyatta-cfg-system/pull/199
As mentioned on slack, there are quite a few contenders:
Apr 2 2023
Apr 2 2023
Harliff added a comment to T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.
I can confirm this bug in rolling 1.3-2023-03-30.
I created a PR based on the changes from the OSPF PR: https://github.com/vyos/vyos-1x/pull/1931
https://vyos.dev/T5085 did the changes for OSPF, but we need this for BGP too
We actually need the same for BGP...
c-po closed T5134: Try if netavark networks can be moved to a VRF instance, a subtask of T5082: container: switch to netavark network stack, as Resolved.
Unknown Object (User) added a comment to T5137: show tech support command.
Unknown Object (User) added a comment to T5137: show tech support command.
show_techsupport_report.py12 KBDownload