Implementation complete
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Oct 13 2023
Oct 13 2023
Implementation complete
indrajitr closed T5227: mDNS reflector should allow additional domains to browse and allow filtering services as Resolved.
Implementation complete
Implementation complete
Implementation complete
$ show ssh fingerprints SSH server public key fingerprints:
OpenVPN cannot pass the smoketest
DEBUG - ====================================================================== DEBUG - FAIL: test_openvpn_options (__main__.TestInterfacesOpenVPN.test_openvpn_options) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 525, in test_openvpn_options DEBUG - self.assertNotEqual(cur_pid, new_pid) DEBUG - AssertionError: None == None DEBUG - DEBUG - ====================================================================== DEBUG - FAIL: test_openvpn_site2site_interfaces_tun (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_interfaces_tun) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 601, in test_openvpn_site2site_interfaces_tun DEBUG - self.assertTrue(process_named_running(PROCESS_NAME)) DEBUG - AssertionError: None is not true
n.fort changed the status of T5541: Zone-Based Firewalling in VyOS Sagitta 1.4 from Open to In progress.
JeffWDH added a comment to T5652: Config migrate to image upgrade does not properly generate home directory.
I had a similar issue going from 1.5-rolling-202309250022 to 1.5-rolling-202310090023.
a.apostoliuk changed the status of T5254: Modification of any interface setting sets MTU back to default when MTU has been inherited from a bond from In progress to Needs testing.
Oct 12 2023
Oct 12 2023
PR updated: https://github.com/vyos/vyos-build/pull/435
zsdc changed the status of T5232: Flow-accounting uacctd.service cannot restart correctly from Open to In progress.
zsdc changed the status of T5233: Op-mode flow-accounting netflow with disable-imt errors from Open to In progress.
This should fix the problem: https://github.com/vyos/vyos-1x/pull/2361
erkin added a subtask for T3356: Script for remote file transfers: T5650: Progressbars suffer from staircasing effect.
erkin added a parent task for T5650: Progressbars suffer from staircasing effect: T3356: Script for remote file transfers.
Viacheslav removed a project from T1237: Static Route Path Monitoring, failover: VyOS 1.3 Equuleus (1.3.3).
Viacheslav moved T1237: Static Route Path Monitoring, failover from Open to Finished on the VyOS 1.4 Sagitta board.
Oct 11 2023
Oct 11 2023
Viacheslav changed the status of T5165: Policy local-route ability set protocol and port from Open to Needs testing.
Oct 10 2023
Oct 10 2023
jestabro moved T2612: HTTPS API, changing API key fails but goes through from Backlog to Backport Candidates on the VyOS 1.4 Sagitta board.
jestabro moved T2612: HTTPS API, changing API key fails but goes through from Open to Finished on the VyOS 1.5 Circinus board.
show conntrack statistics shows only sudo conntrack -S command
This won't show any logs
In T5497#161764, @Apachez wrote:I assume this will end up in config mode aswell before this task can be set to resolved?
Simply because this is a few more steps:
- Use the command
- Copy the output
- Delete current firewall
- Paste command output
- Commit
than this:
- Use the command
- Commit
I assume this will end up in config mode aswell before this task can be set to resolved?
Once PR https://github.com/vyos/vyos-1x/pull/2344 is merged, counters and logs for default action should be available once again.
It's an op-mode command, so it does not changes configuration. User may get something different from what he expected, so at least on this very first attempt of re-generating and re-ordering firewall rules, it's done in op-mode command with no impact on running configuration.
The syntax seems to have changed from "produce" to "generate" during this task?
Updated scan performed on VyOS 1.5-rolling-202310090023 (see attached file).
show conntrack statistics still fails in VyOS 1.5-rolling-202310090023:
Apachez closed T5479: Helper leftovers found in nftables (firewall) even with all helpers disabled as Resolved.
Seems to be fixed in VyOS 1.5-rolling-202310090023:
Problem remains with "N/D" is being used in show firewall groups instead of "None".
Apachez closed T5489: Change to BBR as TCP congestion control, or at least make it an config option as Resolved.
Verified in VyOS 1.5-rolling-202310090023:
Verified in VyOS 1.5-rolling-202310090023:
Oct 9 2023
Oct 9 2023
dmbaturin renamed T5634: Remove support for Blowfish and DES from OpenVPN from Remove support for Blowfish from OpenVPN to Remove support for Blowfish and DES from OpenVPN.
Unknown Object (User) updated the task description for T5619: Update the Intel ixgbe driver due to issues with Intel X533.
Final testing before PR, the following corrects behavior when configuring the http-api using the http-api, for example:
PR created: https://github.com/vyos/vyos-build/pull/435
Oct 8 2023
Oct 8 2023
As @twan mentioned previously...
Turns out that packages/linux-kernel/arch/x86/configs/vyos_defconfig doesnt include xz as option for initrd:
Will attempt to:
I see, looks like a way more streamlined approach. Thank you for the information and the quick response!
A new firewall frontend engine was implemented in VyOS 1.4-rolling-202308040557.
Good to hear that this was implemented, thank you! Could you elaborate in which release this feature will be available?
In T5635#161656, @freebsdjlu wrote:I think it depends on nftables , https://wiki.nftables.org/wiki-nftables/index.php/Matching_packet_metainformation#Matching_by_socket_UID_.2F_GID , it is first handled by nftables and mark , then use rule .
Apachez added a comment to T5489: Change to BBR as TCP congestion control, or at least make it an config option.
PR created: https://github.com/vyos/vyos-1x/pull/2349
PR for 1.3 https://github.com/vyos/vyos-1x/pull/2348
c-po moved T4269: node.def generator should automatically add default values from Open to Finished on the VyOS 1.4 Sagitta board.
c-po changed the status of T4269: node.def generator should automatically add default values from Resolved to Unknown Status.
c-po moved T5630: pppoe: allow to specify MRU in addition to already configurable MTU from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/2347
I think it depends on nftables , https://wiki.nftables.org/wiki-nftables/index.php/Matching_packet_metainformation#Matching_by_socket_UID_.2F_GID , it is first handled by nftables and mark , then use rule .
c-po moved T5630: pppoe: allow to specify MRU in addition to already configurable MTU from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.4 https://github.com/vyos/vyos-1x/pull/2346
Oct 7 2023
Oct 7 2023
Oct 6 2023
Oct 6 2023
The blog over at claims:
Closing this one, because it's already implemented
erkin closed T3506: Migrate loadkey command to op-mode, a subtask of T3356: Script for remote file transfers, as Resolved.
erkin closed T3506: Migrate loadkey command to op-mode, a subtask of T3355: Remove all remaining legacy Vyatta code, as Resolved.
PR https://github.com/vyos/vyos-1x/pull/2342
set policy local-route rule 23 destination port '222' set policy local-route rule 23 protocol 'tcp' set policy local-route rule 23 set table '123' set policy local-route rule 23 source port '8888'
Check:
vyos@r4# ip rule show prio 23 23: from all ipproto tcp sport 8888 dport 222 lookup 123 [edit] vyos@r4#
It supports uidrange https://man7.org/linux/man-pages/man8/ip-rule.8.html
is it what you want?
uidrange NUMBER-NUMBER
select the uid value to match.I don't see gid option there.
jestabro changed the status of T2612: HTTPS API, changing API key fails but goes through from Open to In progress.
Hello @sdev , could you please help to check if the fix can resolve the problem with FTP ALG? I tested the newest rolling release but the PASV command still causes the data connection gets failed. My testing FTP server and client are both Filezilla product, please correct me if any mistakes I made during the test.
Oct 5 2023
Oct 5 2023
Yes, I will add that as a first step ...
jestabro closed T5631: Ability to export the current configuration in JSON format as Unknown Status.
Added for 1.4, 1.5; as mentioned above, a backport to Equuleus will require a different implementation.
jestabro moved T5631: Ability to export the current configuration in JSON format from Open to Finished on the VyOS 1.5 Circinus board.
jestabro moved T4320: Remove legacy version files in vyatta-cfg-system/cfg-version from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T4320: Remove legacy version files in vyatta-cfg-system/cfg-version, a subtask of T3355: Remove all remaining legacy Vyatta code, as Resolved.
The similar bug with load if we change something in service https api
curl -k --location 192.168.122.11 --request POST 'https://192.168.122.11/config-file' --form data='{"op": "load", "file": "config.boot"}' --form key='foo'
{"success": false, "error": "", "data": null}jestabro changed the status of T5631: Ability to export the current configuration in JSON format from Open to In progress.
jestabro triaged T5631: Ability to export the current configuration in JSON format as Normal priority.
jestabro changed Difficulty level from unknown to normal on T5631: Ability to export the current configuration in JSON format.
Based on the requirements, it is natural to add this to the commit_revision post-commit hook of the config_mgmt module: this is low overhead as we use the existing configtree representation of the current config to save with ConfigTree().to_json().
Oct 4 2023
Oct 4 2023
@rherold Could you re-check it?
for me , it's ok . I didn't see another issue related it . we can close