vyos-1.4.log165 KBDownload
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Nov 16 2023
Nov 16 2023
Viacheslav updated the task description for T5749: Show MAC address VRF and MTU by default for "show interfaces".
Viacheslav changed the status of T5747: op-mode add MAC VRF and MTU for show interfaces summary from Open to Needs testing.
c-po moved T5736: igmp: migrate "protocols igmp" to "protocols pim" from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T5736: igmp: migrate "protocols igmp" to "protocols pim" from Open to Finished on the VyOS 1.4 Sagitta board.
c-po closed T5595: Multicast - PIM bfd feature enable , a subtask of T5733: pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features, as Resolved.
c-po moved T5595: Multicast - PIM bfd feature enable from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5595: Multicast - PIM bfd feature enable from Open to Finished on the VyOS 1.5 Circinus board.
giuavo added a comment to T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
I would like to contribute with a PR about this. At the same, time I would need some guidance on identifying the conditions requiring the onlink option to be added.
a.hajiyev changed the status of T2816: Rewrite IPsec scripts with the new XML/Python approach from Needs testing to In progress.
n.fort changed the status of T4072: Feature Request: Firewall on bridge interfaces from Needs testing to In progress.
As I undestand it is possible now to create multiple auth ID's
vyos@r4# set vpn ipsec authentication psk FOO id Possible completions: <text> ID used for authentication
Not sure about other options.
Viacheslav added a project to T5747: op-mode add MAC VRF and MTU for show interfaces summary: VyOS 1.4 Sagitta.
Tested in VyOS 1.4-rolling-202311100309 (AES)
Tested in VyOS 1.4-rolling-202311100309 (3DES)
Viacheslav closed T5689: FRR 9.0.1 in VyOS current segfaults on show rpki prefix $prefix as Resolved.
Viacheslav changed the status of T5689: FRR 9.0.1 in VyOS current segfaults on show rpki prefix $prefix from Open to Needs testing.
In VyOS 1.3.4
Configs:
I have a similar setup where I have two VyOS VMs used as VPN routers with some firewalling enabled. Since I use OSPF for dynamic routing I am not able to synchronize the sessions between both routers so in case one VPN router fails the other one can't take over flawlessly. Having conntrack-sync configuration separated from VRRP would be a great benefit.
I tested in VyOS 1.4-rolling-202311100309
Unknown Object (User) added a comment to T4940: Interface debugging.
https://github.com/vyos/vyos-1x/pull/2492
for equuleus
Tested in VyOS 1.4-rolling-202311100309
Tried with single quotes: ''
Nov 15 2023
Nov 15 2023
watson.ash added a comment to T5728: Improve compatibility between OpenVPN on VyOS 1.5 and OpenVPN Connect Client.
looks great from my perspective (I've just updated our nodes. Tested on Community Edition client on windows and Connect V3 client on windows and Tunnelblick on Mac all working as expected. (I tested with; 1.5-rolling-202311150738).
nice work!
Viacheslav added a project to T5745: conntrack-sync: Multiprimary setups for HA/VRRP: VyOS 1.5 Circinus.
Created a related feature request but for VRRP here
https://vyos.dev/T5745
Viacheslav moved T5732: generate firewall rule-resequence drops geoip country-code from output from Open to Finished on the VyOS 1.4 Sagitta board.
to keep track of this request on git
https://github.com/vyos/vyos-1x/pull/1960
Viacheslav added a project to T3983: show pki certificate Doesnt show x509 certificates: VyOS 1.5 Circinus.
I had entered the command as you have suggested and I think it's working somehow.
This is still an issue in 1.5. I tried importing a cert signed by my own CA and got the same error.
Viacheslav changed the status of T5726: HTTPS API image cannot be updated from Open to Needs testing.
Viacheslav moved T5726: HTTPS API image cannot be updated from Open to Finished on the VyOS 1.5 Circinus board.
PR for 1.5
https://github.com/vyos/vyos-1x/pull/2483
Viacheslav moved T5689: FRR 9.0.1 in VyOS current segfaults on show rpki prefix $prefix from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved T5695: Build FRR with LUA scripts --enable-scripting option from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T5695: Build FRR with LUA scripts --enable-scripting option: VyOS 1.4 Sagitta.
Viacheslav moved T5728: Improve compatibility between OpenVPN on VyOS 1.5 and OpenVPN Connect Client from Open to Finished on the VyOS 1.4 Sagitta board.
Tested VyOS 1.4-rolling-202311100309
syncer moved T5739: Password recovery does not work if public keys are configured from Open to Backport Candidates on the VyOS 1.5 Circinus board.
syncer changed the status of T5739: Password recovery does not work if public keys are configured from Needs testing to In progress.
Nov 14 2023
Nov 14 2023
Viacheslav edited projects for T5739: Password recovery does not work if public keys are configured, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
Viacheslav changed the status of T5728: Improve compatibility between OpenVPN on VyOS 1.5 and OpenVPN Connect Client from In progress to Needs testing.
zsdc changed the status of T5739: Password recovery does not work if public keys are configured from In progress to Needs testing.
New patch for migration scripts in 1.5: https://github.com/vyos/vyos-1x/pull/2480
Changing this https://github.com/vyos/vyos-1x/blob/2e587c8329a1d32fc1ec601c7753211d0fedbf2c/python/vyos/remote.py#L356
to
download(local_path, urlstring, False, True, source_host, source_port)
Fixes the issue for API
Viacheslav moved T5563: container: Container environment variable cannot be set from Open to Finished on the VyOS 1.5 Circinus board.
Contact me via Slack for testing
The fear of having the HTTP-API part of nginx compromised by another virtualhost config (as in they are sharing the same process) should be overcome by having a dedicated config file and start a 2nd nginx process.
Nov 13 2023
Nov 13 2023
v.huti triaged T5737: Eigrp #11301 - Configuration failed error type: validation as Normal priority.
I have created a draft pull request for FRR, but I can still see a bunch of odd bugs.
I'm going to activate it after additional testing by the team.
Most issues involve Wireshark's inability to parse packets correctly and display an exception, although the demons seem to run fine.
https://github.com/FRRouting/frr/pull/14788
I`m back after a long break and will follow up on this feature.
Here is a summary of things that have happened since the last update:
1. In my absence, the feature testing got broken as a result of migrating from the `mininet` to the `munet` framework From debugging, I have identified a root cause to be - bpf fs was not inherited by the `munet` router. The solution is to hop into the router mount namespace for the test run.
Because there is a long-running development for operation data retrieval, we can postpone this ticket until an effort is finished.
Then, I can open a feature request or visit the yang meeting and start a discussion about the data pagination functionality.
Currently, my idea is to simulate pagination at the fs level by having a split of requested JSON.
This solution involves:
- Fetching an operation data from the demon
vtysh -c "show yang operational-data /frr-vrf:lib/vrf[name='default']/frr-zebra:zebra/ribs zebra" > big.json
- Fetching flat data stream and formating it 1 item (prefix) per line with jq -c option
jq -c '."frr-vrf:lib" .vrf[0] ."frr-zebra:zebra" .ribs .rib[0] .route[]' big.json | split -l 100 -d
- Splitting result by the number of lines (objects), saving into files on the filesystem
Now, UI can display 1 of the resulting files at a time. These files may be regenerated on page refresh.
Such a solution will utilize extra disk space, although it can be avoided by using pipes and other
streaming utilities like awk/sed
PR for Sagitta: https://github.com/vyos/vyos-1x/pull/2478
Will be tracked via PR https://github.com/vyos/vyos-1x/pull/2476 as it's realted to the ongoing PIM/PIM6 CLI extension
Viacheslav moved T5706: Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces from Open to Finished on the VyOS 1.4 Sagitta board.
n.fort changed the status of T5729: Firewall, nat and policy route - Switch to valueless from In progress to Needs testing.
In T5167#164447, @JeffWDH wrote:What about using nginx which seems to be already leveraged by the web API?
I would vote for that (using nginx as backend since it already exists).
Nov 12 2023
Nov 12 2023
What about using nginx which seems to be already leveraged by the web API?
c-po renamed T5733: pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features from pim: rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features to pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features.
c-po added a comment to T5733: pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features.
PR for VyOS 1.5 https://github.com/vyos/vyos-1x/pull/2476
Viacheslav added a project to T5735: Add CLI and configuration scripts for stunnel: VyOS 1.5 Circinus.
Instead of "file-server" I think "http-server" would be a better name or even "web-server" in this context.
c-po renamed T5733: pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features from pim: rewrite FRR PIM daemon configuration to get_config_dict() to pim: rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features.