Tried to enable both software and hardware flowtable with VyOS 1.5-rolling-202309151051:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 15 2023
Sep 15 2023
How does FRR/vrrpd work regarding SNMP compatability?
Viacheslav moved T5586: Disable by default SNMP for Keepalived VRRP from Need Triage to Finished on the VyOS 1.5 Circinus board.
Fixed
sarthurdev moved T5568: Install image from live ISO always defaults boot to KVM entry from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
https://github.com/vyos/vyos-1x/pull/2272 should fix this
Viacheslav changed the status of T5586: Disable by default SNMP for Keepalived VRRP from Open to In progress.
Viacheslav renamed T5586: Disable by default SNMP for Keepalived VRRP from Disable be default SNMP for Keepalived VRRP to Disable by default SNMP for Keepalived VRRP.
Some extra lines were mistakenly included during rebase:
Viacheslav changed the status of T5579: Log firewall - Wrong command after firewall refactor, a subtask of T5160: Firewall refactor, from In progress to Needs testing.
Viacheslav changed the status of T5579: Log firewall - Wrong command after firewall refactor from In progress to Needs testing.
Viacheslav changed the status of T5574: Support per-service cache management for dynamic dns providers from Open to Needs testing.
Viacheslav changed the status of T5585: Fix file access mode for dynamic dns configuration from Open to Needs testing.
indrajitr updated the task description for T5574: Support per-service cache management for dynamic dns providers.
indrajitr renamed T5574: Support per-service cache management for dynamic dns providers from Inprove and refactor dns dynamic service configuration to Support per-service cache management for dynamic dns providers.
Note that PR2062 is broken.
Sep 14 2023
Sep 14 2023
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor, a subtask of T5160: Firewall refactor, from Confirmed to In progress.
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor from Confirmed to In progress.
Regarding testing of arm-builds, hopefully this article might come handy (how to use qemu-system-aarch64 (on x86) part of the qemu-system-arm package):
aalmenar added a comment to T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023.
In my case the upgrade from 1.4-rolling-202308060317 to vyos-1.4-rolling-202308060317 made the vrf unavailable so no access to management. Booting back to old version became working again.
Apachez added a comment to T5511: Cleanup of unused directories (and files) in order to shrink image-size.
The excludes-file in PR406 had incorrectly a '/' as first character (for the directory to be excluded from the squashfs-file).
Would also be nice to include the global known_hosts file in /etc/ssh/ssh_known_hosts.
I would also like to know if zone based firewall still work or support is removed?
PR created: https://github.com/vyos/vyos-1x/pull/2264
Should probably add "-M rpki" permanently to FRR/bgp.
Could the error from latest nightly be due to that rpki module isnt loaded for FRR/bgp?
@fernando This is really nice. Thank you for the testing!
Could https://vyos.dev/T2044 be related to the failed nightly build from last night?
Added PR here https://github.com/vyos/vyos-1x/pull/2263
Sep 13 2023
Sep 13 2023
This is still the case in VyOS 1.5-rolling-202309130022:
Suggestion of "hidden" ruleset (visible when doing show firewall and show firewall statistics):
Apachez added a comment to T5511: Cleanup of unused directories (and files) in order to shrink image-size.
PR created: https://github.com/vyos/vyos-build/pull/406
Apachez added a comment to T5511: Cleanup of unused directories (and files) in order to shrink image-size.
Found out that mksquashfs supports -ef EXCLUDE_FILE as a file that (line by line) defines which files and directories to be excluded during creation of filesystem.squashfs. Adding -wildcard will make it possible to use wildcards within the EXCLUDE_FILE.
PR for 1.5: https://github.com/vyos/vyos-1x/pull/2256
PR updated: https://github.com/vyos/vyos-1x/pull/2255
Something like this console command but more handy in op-mode?
c-po moved T5581: Add "show ip nht" op-mode command (IPv4 nexthop tracking table) from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T5581: Add "show ip nht" op-mode command (IPv4 nexthop tracking table) from Backlog to In Progress on the VyOS 1.4 Sagitta board.
c-po moved T5581: Add "show ip nht" op-mode command (IPv4 nexthop tracking table) from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
c-po changed the status of T5581: Add "show ip nht" op-mode command (IPv4 nexthop tracking table) from Open to In progress.
@sdev greats !!!
n.fort added a subtask for T5160: Firewall refactor: T5579: Log firewall - Wrong command after firewall refactor.
n.fort added a parent task for T5579: Log firewall - Wrong command after firewall refactor: T5160: Firewall refactor.
n.fort changed the status of T5579: Log firewall - Wrong command after firewall refactor from Open to Confirmed.
PR created: https://github.com/vyos/vyos-1x/pull/2255
Turns out that the values who override the vyos-config values are set in /etc/sysctl.d/30-vyos-router.conf:
sarthurdev changed the status of T5571: Firewall does not delete networks from the table raw from Open to Confirmed.
n.fort changed the status of T5561: NAT - Inbound or outbound interface should not be mandatory from Confirmed to In progress.
I can confirm that setting these values AFTER boot (and doing commit) they will be properly set.
Viacheslav changed the status of T5576: Add bgp remove-private-as all option from Open to In progress.
Viacheslav edited projects for T5578: "ikev2-reauth" description contains outdated information, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
PR for 1.3.x https://github.com/vyos/vyatta-cfg-quagga/pull/102
PR for the current https://github.com/vyos/vyos-1x/pull/2252
a.apostoliuk changed the status of T5578: "ikev2-reauth" description contains outdated information from Open to In progress.
zsdc added a parent task for T5554: Disable sudo for PAM RADIUS: T5577: Optimize PAM configs for RADIUS/TACACS+.
zsdc added a parent task for T5570: PAM config RADIUS ignore for default and success: T5577: Optimize PAM configs for RADIUS/TACACS+.
Which VyOS 1.4-rolling will have the fixes made by FRRouting?
indrajitr triaged T5574: Support per-service cache management for dynamic dns providers as Normal priority.
Apachez added a comment to T5572: Add capability for sending Gratuitous ARP (GARP) and the equal for IPv6.
Turns out to exist an RFC for this regarding IPv6 along with a naming:
Sep 12 2023
Sep 12 2023
Apachez renamed T5559: Selective proxy-arp/proxy-ndp when doing SNAT/DNAT from Selective proxy-arp when doing SNAT to Selective proxy-arp/proxy-ndp when doing SNAT/DNAT.
fernando changed the status of T3655: NAT doesn't work correctly with VRF from Backport candidate to Needs testing.
command on 1.5 :
@Apachez note that all lb commands take --debug and --verbose: using 'lb build --debug' in scripts/build-vyos-image will output the full mksquashfs command.
fernando changed the status of T3655: NAT doesn't work correctly with VRF from In progress to Backport candidate.
@vfreex I've tested in my labs related this issues , I can confirm that it work as expected . this original zone solved the problem when there was a src-nat /dst-nat with different VRFs or leaking with them ,Thanks you for this contribution .
In T2405#159522, @Apachez wrote:Note that command = command.lstrip() for def cmd in python/vyos/utils/process.py was reverted yesterday.
Causes funny problems during smoketests.
Note that command = command.lstrip() for def cmd in python/vyos/utils/process.py was reverted yesterday.
I created a PR for Git support here: https://github.com/vyos/vyos-1x/pull/2241