Feed Search
Oct 22 2023
Oct 22 2023
Viacheslav added a comment to T5299: QoS shaper ceiling does not work.
Oct 21 2023
Oct 21 2023
Viacheslav added a comment to T5018: Redirect to IFB removed after change in qos policy.
@rayzilt Could you re-check and close it if solved?
Viacheslav awarded T5671: vxlan: change port to IANA assigned default port a Like token.
Viacheslav changed the status of T5541: Zone-Based Firewalling in VyOS Sagitta 1.4 from In progress to Needs testing.
Oct 19 2023
Oct 19 2023
Oct 17 2023
Oct 17 2023
Viacheslav added a comment to T5664: 1.4 user has no permissions?.
It seems related https://vyos.dev/T5663
Viacheslav added a comment to T5657: Add VRF support for zabbix-agent.
Yep looks fine @Viacheslav
I've been using it like this for a while now but figure it may be useful as part of making 'VRFs' complete...$ sudo ip vrf exec RCS3 mtr 192.168.222.11
Oct 16 2023
Oct 16 2023
Viacheslav changed the status of T5642: op cmd: generate tech-support archive: does not work from In progress to Needs testing.
Viacheslav changed the status of T5232: Flow-accounting uacctd.service cannot restart correctly from In progress to Needs testing.
Viacheslav closed T5137: show tech support command, a subtask of T3355: Remove all remaining legacy Vyatta code, as Resolved.
Viacheslav moved T5165: Policy local-route ability set protocol and port from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T5634: Remove support for Blowfish and DES from OpenVPN.
Oct 14 2023
Oct 14 2023
Viacheslav added a comment to T5657: Add VRF support for zabbix-agent.
Did you test it in vrf? Is it really works as expected?
Viacheslav closed T5629: Policy local-route bug after migration to destination node address, a subtask of T5165: Policy local-route ability set protocol and port, as Resolved.
Viacheslav closed T5629: Policy local-route bug after migration to destination node address as Resolved.
Oct 13 2023
Oct 13 2023
Viacheslav added a comment to T5634: Remove support for Blowfish and DES from OpenVPN.
OpenVPN cannot pass the smoketest
DEBUG - ====================================================================== DEBUG - FAIL: test_openvpn_options (__main__.TestInterfacesOpenVPN.test_openvpn_options) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 525, in test_openvpn_options DEBUG - self.assertNotEqual(cur_pid, new_pid) DEBUG - AssertionError: None == None DEBUG - DEBUG - ====================================================================== DEBUG - FAIL: test_openvpn_site2site_interfaces_tun (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_interfaces_tun) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 601, in test_openvpn_site2site_interfaces_tun DEBUG - self.assertTrue(process_named_running(PROCESS_NAME)) DEBUG - AssertionError: None is not true
Oct 12 2023
Oct 12 2023
Viacheslav updated the task description for T5647: Extend failover route functionality to use dynamically assigned interface next hops.
Viacheslav removed a project from T1237: Static Route Path Monitoring, failover: VyOS 1.3 Equuleus (1.3.3).
Viacheslav moved T1237: Static Route Path Monitoring, failover from Open to Finished on the VyOS 1.4 Sagitta board.
Oct 11 2023
Oct 11 2023
Viacheslav renamed T5645: Add template for PPPoE-server with custom RADIUS attributes for QoS policy and firewall from Add template for PPPoE server with custom RADIUS attributes for QoS policy and firewall to Add template for PPPoE-server with custom RADIUS attributes for QoS policy and firewall.
Viacheslav changed the status of T5165: Policy local-route ability set protocol and port from Open to Needs testing.
Oct 10 2023
Oct 10 2023
Viacheslav added a comment to T5471: Conntrack logging doesnt seem to be working.
show conntrack statistics shows only sudo conntrack -S command
This won't show any logs
Viacheslav added a comment to T5497: Add ability to resequence rule numbers for firewall.
Oct 8 2023
Oct 8 2023
Viacheslav added a comment to T5635: Policy local-route ability with uid or gid.
Oct 6 2023
Oct 6 2023
Viacheslav added a comment to T5165: Policy local-route ability set protocol and port.
PR https://github.com/vyos/vyos-1x/pull/2342
set policy local-route rule 23 destination port '222' set policy local-route rule 23 protocol 'tcp' set policy local-route rule 23 set table '123' set policy local-route rule 23 source port '8888'
Check:
vyos@r4# ip rule show prio 23 23: from all ipproto tcp sport 8888 dport 222 lookup 123 [edit] vyos@r4#
Viacheslav added a comment to T5635: Policy local-route ability with uid or gid.
It supports uidrange https://man7.org/linux/man-pages/man8/ip-rule.8.html
is it what you want?
uidrange NUMBER-NUMBER
select the uid value to match.I don't see gid option there.
Viacheslav added a comment to T5635: Policy local-route ability with uid or gid.
Oct 5 2023
Oct 5 2023
Viacheslav added a comment to T2612: HTTPS API, changing API key fails but goes through.
The similar bug with load if we change something in service https api
curl -k --location 192.168.122.11 --request POST 'https://192.168.122.11/config-file' --form data='{"op": "load", "file": "config.boot"}' --form key='foo'
{"success": false, "error": "", "data": null}Oct 4 2023
Oct 4 2023
Viacheslav added a comment to T3655: NAT doesn't work correctly with VRF.
@rherold Could you re-check it?
Viacheslav moved T5585: Fix file access mode for dynamic dns configuration from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T5585: Fix file access mode for dynamic dns configuration from Open to Finished on the VyOS 1.5 Circinus board.
@indrajitr Thanks!
Viacheslav added a comment to T3655: NAT doesn't work correctly with VRF.
Can we close it?
Viacheslav added a comment to T5585: Fix file access mode for dynamic dns configuration.
Can we close it?
Viacheslav changed the status of T5612: Miscellaneous improvements and fixes for dynamic DNS configuration from Open to Needs testing.
@indrajitr, Could you re-check and close if it was solved?
Viacheslav changed the status of T5615: Narrow down spurious name conflict with mdns from Open to Needs testing.
Viacheslav updated the task description for T5631: Ability to export the current configuration in JSON format.
Viacheslav moved T5632: Add jq package to parse JSON files from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
Viacheslav moved T5632: Add jq package to parse JSON files from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav updated the task description for T5631: Ability to export the current configuration in JSON format.
Proposed CLI:
set system syslog global service wireguard
Expected command for debug
echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control
To disable
echo "module wireguard -p" | sudo tee /sys/kernel/debug/dynamic_debug/control
Viacheslav added a comment to T5632: Add jq package to parse JSON files.
PR https://github.com/vyos/vyos-user-utils/pull/7
vyos@r4# echo '{"system": "VyOS", "rate": 100}' | jq '.system'
"VyOS"
[edit]
vyos@r4#Viacheslav changed the status of T5632: Add jq package to parse JSON files from Open to In progress.
Viacheslav added a comment to T5080: Disable conntrack by default.
Try this
delete system conntrack ignore set system conntrack ignore ipv4 rule 10 source address 0.0.0.0/0
Viacheslav updated subscribers of T5631: Ability to export the current configuration in JSON format.
Oct 3 2023
Oct 3 2023
Viacheslav changed the subtype of T5629: Policy local-route bug after migration to destination node address from "Feature Request" to "Bug".
Viacheslav added a project to T5213: Accel-ppp sending accounting interim updates acct-interim-interval option: VyOS 1.3 Equuleus (1.3.5).
PR for 1.3.5 https://github.com/vyos/vyos-1x/pull/2333
Oct 2 2023
Oct 2 2023
Viacheslav added a comment to T5627: Multicast - PIM prune state timers expire with time longer to remove a mroute.
The easiest way is to add a Patch for FRR 7.5.1 if possible.
We can't migrate to FRR 9.1 for 1.3.x
Sep 30 2023
Sep 30 2023
Sep 29 2023
Sep 29 2023
Viacheslav added a comment to T5518: Add MLD protocol support.
Could be a cause of this bug https://forum.vyos.io/t/igmp-proxy-not-working-in-1-4-since-around-7-sept
Viacheslav changed the status of T5621: Show uncommited "commands" (compare | commands) from Resolved to Invalid.
Viacheslav added a comment to T5165: Policy local-route ability set protocol and port.
PR migration https://github.com/vyos/vyos-1x/pull/2325
Viacheslav updated the task description for T5623: Add tunnel over Socks5 proxy .
Viacheslav changed the status of T5261: Add AWS gateway load-balancing tunnel handler (gwlbtun) from In progress to Needs testing.
Viacheslav changed the subtype of T5620: "Deactivate" certain config snippets from "Task" to "Feature Request".
Sep 28 2023
Sep 28 2023
Sep 27 2023
Sep 27 2023
Viacheslav added a comment to T5165: Policy local-route ability set protocol and port.
Add option protocol, PR https://github.com/vyos/vyos-1x/pull/2313
set policy local-route rule 100 destination '192.0.2.12' set policy local-route rule 100 protocol 'tcp' set policy local-route rule 100 set table '100'
Fixed
Sep 26 2023
Sep 26 2023
Viacheslav added a comment to T5586: Disable by default SNMP for Keepalived VRRP.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/2310
Viacheslav added a comment to T5497: Add ability to resequence rule numbers for firewall.
Viacheslav added a comment to T5616: Firewall mark - Add capabilities for matching firewall mark.
We have fwmark for policy local-route
But it is only for match mark and routing decision
vyos@vyos-lns# set policy local-route rule 100 Possible completions: + destination Destination address or prefix fwmark Match fwmark value inbound-interface Inbound Interface > set Packet modifications + source Source address or prefix
Sep 23 2023
Sep 23 2023
Viacheslav changed the edit policy for T5613: VyOS in container bugs.
Viacheslav added a parent task for T2115: VyOS cannot load configs when running in a container: T5613: VyOS in container bugs.
Viacheslav added a project to T2115: VyOS cannot load configs when running in a container: VyOS 1.5 Circinus.
Viacheslav updated the task description for T5613: VyOS in container bugs.
Viacheslav changed the status of T5604: List of debian archives is out of date (non-free-firmware is missing) from Open to Needs testing.
Sep 22 2023
Sep 22 2023
Viacheslav added a comment to T5497: Add ability to resequence rule numbers for firewall.
Op-mode command reduce
PR https://github.com/vyos/vyos-1x/pull/2302
vyos@r4:~$ show conf com | match firew set firewall ipv4 input filter default-action 'accept' set firewall ipv4 input filter rule 1 action 'accept' set firewall ipv4 input filter rule 1 description 'Allow loopback' set firewall ipv4 input filter rule 1 inbound-interface interface-name 'lo' set firewall ipv4 input filter rule 1 source address '127.0.0.0/8' set firewall ipv4 input filter rule 2 action 'accept' set firewall ipv4 input filter rule 2 description 'Allow established/related' set firewall ipv4 input filter rule 2 state established 'enable' set firewall ipv4 input filter rule 2 state related 'enable' set firewall ipv4 input filter rule 60 action 'accept' set firewall ipv4 input filter rule 60 description 'Allow SSH from trusted networks' set firewall ipv4 input filter rule 60 destination port '22' set firewall ipv4 input filter rule 60 protocol 'tcp' set firewall ipv4 input filter rule 10000 action 'drop' set firewall ipv4 input filter rule 10000 description 'Drop everything else' vyos@r4:~$ vyos@r4:~$ produce firewall rule-resequence start 10 step 10