I tried on VyOS 1.4-rolling-202308300021 .
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 30 2023
Aug 30 2023
GitHub <[email protected]> committed rVYOSONEXaf737cf57e53: Merge pull request #2186 from nicolas-fort/T5496 (authored by c-po).
PR1 didnt seem to have any affect on this night build:
Aug 29 2023
Aug 29 2023
Duplicate
Available for 1.4
Viacheslav moved T3577: Generating vpn x509 key pair fails with command not found from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav removed a project from T3706: Add proper priorities for systemd daemons: VyOS 1.3 Equuleus (1.3.5).
It's trying to find the template in /etc/, but it is located in /opt/vyatta/etc
vyos@r1:~$ generate vpn x509 key-pair testone
Can't open /etc/key-pair.template for reading, No such file or directory
140089191929024:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/etc/key-pair.template','r')
140089191929024:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
vyos@r1:~$ cat /etc/key-pair.template
cat: /etc/key-pair.template: No such file or directory
vyos@r1:~$
vyos@r1:~$ sudo find / -name key-pair.template
/boot/rw/opt/vyatta/etc/key-pair.template
/opt/vyatta/etc/key-pair.templateViacheslav closed T3390: Expansion of a range in an address-group doesn't include the new addresses after commit as Wontfix.
Impossible to expand with the old firewal l backend
There is a warning that doesn't now you to do it.
vyos@r1# set fire group address-group foo add 10.1.0.2-10.1.0.3
[edit]
vyos@r1# set fire group address-group foo add 10.1.0.2-10.1.0.5
[edit]
vyos@r1# compare
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ group {
+ address-group foo {
+ address 10.1.0.2-10.1.0.3
+ address 10.1.0.2-10.1.0.5
+ }
+ }
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+ twa-hazards-protection disable
+}
[edit]
vyos@r1# commit
[ firewall group address-group foo ]
Address 10.1.0.2 exists in more than one configuration enrtyViacheslav moved T3339: Cloud-Init domain search setting not applied from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav edited projects for T3339: Cloud-Init domain search setting not applied, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T3340: Add dhcp-helper package to replace ISC DHCP Relay, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5), vyatta-cfg-dhcp-relay, VyConf.
Viacheslav edited projects for T3209: Load balancing rules in firewall, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav removed a project from T3264: Allow custom ACME provider for certbot: VyOS 1.3 Equuleus (1.3.5).
Already present VyOS 1.3-stable-202308240442
release dhcp interface eth1
Viacheslav closed T3098: Cannot talk to rtnetlink: Message too long Command failed -:1 as Not Applicable.
Looks like fixed VyOS 1.3-stable-202308240442
vyos@r1# run show conf com | match "traf|bon" set interfaces bonding bond0 member interface 'eth1' set interfaces bonding bond0 traffic-policy in 'BAND-IN' set traffic-policy limiter BAND-IN class 1601 bandwidth '100mbit' set traffic-policy limiter BAND-IN class 1601 match 16xx vif '1601' set traffic-policy limiter BAND-IN default bandwidth '10gbit' set traffic-policy shaper BAND-OUT class 1602 bandwidth '100mbit' set traffic-policy shaper BAND-OUT class 1602 match 16xx vif '1602' set traffic-policy shaper BAND-OUT default bandwidth '10gbit' [edit] vyos@r1# run show ver
Viacheslav closed T3070: Firewall going OOM, possible related to nftables migration as Not Applicable.
Viacheslav added a comment to T3039: Resize a root partition and filesystem automatically during deployment in virtual environments.
I think it is already implemented
set system option root-partition-auto-resize
@zsdc can we close it?
We agree not to use RAW options for service configuration anymore.
PR for 1.4 https://github.com/vyos/vyos-1x/pull/2184
Viacheslav edited projects for T2697: MAC-Telnet Support, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav changed the status of T2908: VRF and bridge membership isn’t mutually exclusive from Resolved to Not Applicable.
Fixed VyOS 1.3-stable-202308240442
vyos@r1# show interfaces ethernet eth2
description LAN
hw-id 52:54:00:6c:c7:ac
vrf foo
[edit]
vyos@r1# compare
[edit interfaces bridge br11]
+member {
+ interface eth2 {
+ }
+}
[edit]
vyos@r1#
[edit]
vyos@r1# commit
[ interfaces bridge br11 ]
Can not add interface "eth2" to bridge, it has a VRF assigned!Sep 21 09:31:58 home-r1 pppd[2827]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
You can ignore it or configure ipv6
set interfaces pppoe pppoe2 ipv6
@banditos13 add please a PR to https://github.com/vyos/vyatta-wanloadbalance
Viacheslav edited projects for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5), VyOS 1.2 Crux.
Viacheslav edited projects for T2884: Upstream Kernel Patches from Semper Victus Linux Hardened Tree, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
VyOS 1.3-stable-202308240442
Works, tested with this steps https://docs.vyos.io/en/latest/installation/virtual/docker.html
root@r14:/home/vyos# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d49f99e058d7 localhost/vyos:1.3-stable-202308240442 /sbin/init About a minute ago Up About a minute ago vyos root@r14:/home/vyos# root@r14:/home/vyos# root@r14:/home/vyos# sudo podman exec -ti vyos su - vyos vyos@vyos:~$ vyos@vyos:~$ vyos@vyos:~$ show version
As we use nftables we won't use iptables modules anymore.
Create please a new one if you find something for nftables, I didn't find it for quick searching
Viacheslav closed T2508: Enable user to configure a LUA script that modifies resolving in PowerDNS as Wontfix.
We should avoid raw options for configurations.
We agree don’t implement it anymore.
Aug 28 2023
Aug 28 2023
PR created: https://github.com/vyos/vyos-live-build/pull/1
c-po changed the status of T5521: Home owner directory changed to vyos for the user after reboot from Open to In progress.
The old backend doesn't allow it to do it for 1.3 Release.
Available for 1.4
The old backend doesn't allow it to do it for 1.3 Release.
GitHub <[email protected]> committed rVYOSONEX710b928d6d99: Merge pull request #2180 from vfreex/fix-call-hangs (authored by c-po).
Viacheslav added a comment to T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS.
@Sonicbx As I remember, HyperV is not affected.
But thanks anyway,
Could you provide your policy route?
Viacheslav changed the status of T2710: Many op mode "show interfaces $type" commands no longer work from Open to Needs testing.
Not sure that it is a good idea.
At least not for the LTS release.
I close it until we don't really need it and there are no use cases to do it.
Reopen it if required.
@kroy What is wrong here?
set policy prefix-list foo rule 10 action 'permit' set policy prefix-list foo rule 10 prefix '10.0.0.0/8'
Viacheslav edited projects for T2549: repository restructuration suggestions, added: VyOS 2.0.x; removed VyOS 1.3 Equuleus (1.3.5).
Sonicbx added a comment to T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS.
In T2505#157736, @Viacheslav wrote:@Sonicbx Is it an actual bug?
Viacheslav moved T5472: NAT redirect should not require port from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T1311: WAN load-balancing can't flush connections when conntrack-sync is enabled.
In T1311#157738, @syncer wrote:@Viacheslav will you backport this to 1.3 ?
Aug 28 2023, 4:10 PM · VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, test
Viacheslav edited projects for T2296: Upgrade WALinux to 2.2.41, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5), VyOS 1.2 Crux (VyOS 1.2.9).
we have a version updated , this case should be closed:
azureuser@vyos-support:~$ sudo /usr/sbin/waagent -version WALinuxAgent-2.2.45 running on debian 10.12 Python: 3.7.3 Goal state agent: 2.2.45
syncer added a comment to T1311: WAN load-balancing can't flush connections when conntrack-sync is enabled.
@Viacheslav will you backport this to 1.3 ?
Aug 28 2023, 2:54 PM · VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, test
Viacheslav added a comment to T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS.
@Sonicbx Is it an actual bug?
Viacheslav edited projects for T2433: Improve CLI value validator performance, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2444: Remove keepalived in favor of FRR for VRRP, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2424: Ability to choose the direction of Mirroring, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).
Implemented in previous versions, https://github.com/vyos/vyos-1x/blob/a5c5998a84917cc45f9fb3234607f53b27a109fc/interface-definitions/include/interface/mirror.xml.i#L1-L25
vyos@r1# set interfaces ethernet eth0 mirror Possible completions: egress Mirror the egress traffic of the interface to the destination interface ingress Mirror the ingress traffic of the interface to the destination interface
@n.fort Add please a PR for 1.3 or delete the 1.3 tag if it is not required
Viacheslav changed the status of T2416: Do not always delete all bond members when adding new ones from Open to Needs testing.
Viacheslav edited projects for T2405: commit archive to GIT, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2390: unify the chmod_ function of VyOS, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav removed a project from T2315: Ability to have right address-family for BGP peers.: VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2326: Migrate NHRP(DMVPN) to FRR, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Can be resolved by route-map acting on community (for example <ASN>:888) and setting nexthop to 192.0.2.1 (optional tag 666) or for IPv6 set nexthop 0100:: along with a static route where 192.0.2.1/32 and 0100::/64 have null0 as nexthop.
Viacheslav closed T2274: Move the interface default values from the conf_mode file to the interface, a subtask of T2171: Unify creation and manipulation of interfaces, as Invalid.
Viacheslav closed T2274: Move the interface default values from the conf_mode file to the interface as Invalid.
It is not a task for 1.3 LTS releases.
For 1.4, there a new feature that was implemented in https://vyos.dev/T5228
get_config_dict and add argument with_defaults
Viacheslav closed T2258: VRF route leaking from BGP, a subtask of T2579: The root task for VRF features, as Wontfix.
Route leaking for dynamic protocols won't be implemented in VyOS 1.3 due to the old backend.
You can set a table in the route-map or use virtual-ethernet interfaces
Viacheslav removed a project from T2199: Rewrite firewall in new XML/Python style: VyOS 1.3 Equuleus (1.3.5).
Viacheslav closed T2123: Configure 3 NTP servers, a subtask of T2014: Use vendor specific NTP Pool hostname, as Resolved.
PR https://github.com/vyos/vyos-1x/pull/2182
vyos@r1:~$ show pppoe-server interfaces
interface: connections: state:
-----------------------------------
eth0 1 active
vyos@r1:~$