Is this still an issue on newer rolling images? This PR addresses ownership issues in /config on system update: https://github.com/vyos/vyos-1x/pull/2731

Jan 7 2024, 7:21 PM · VyOS 1.5 Circinus

Jan 4 2024

sarthurdev added a comment to T5876: Dhcp bug in latest 1.5 rolling releases.

Can you provide your DHCP server config?

Jan 4 2024, 3:26 PM · VyOS 1.5 Circinus

Dec 17 2023

sarthurdev committed rVYOSONEX8e0a54676ff2: dhcp: T3316: Kea DHCP and DHCPv6 fixes.

Dec 17 2023, 7:14 AM

sarthurdev added a comment to T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6).

In T3316#167382, @indrajitr wrote:

with set service dhcp-server hostfile-update the file /etc/hosts doesn't get update with any entry from dhcp at all

Thanks, will investigate this.

@sdev, this will require adjusting on-dhcp-event.sh. I have a hacky local version that writes to /etc/hosts that partially works -- the $domain part is not picked up (which I suspect could be related to how kea-dhcp4.conf is generating the FQDN).

Do you want me to raise a draft PR for you to review?

Dec 17 2023, 12:56 AM · VyOS 1.5 Circinus

sarthurdev added a comment to T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6).

Update PR: https://github.com/vyos/vyos-1x/pull/2646

Dec 17 2023, 12:55 AM · VyOS 1.5 Circinus

sarthurdev added a comment to T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6).

@Zen3515

dhcp server doesn't start automatically after reboot, and due to the next problem, I'm forced to use set service dhcp-server disable then delete service dhcp-server disable after each boot

Could not reproduce this:

Welcome to VyOS - vyos ttyS0
...
vyos@vyos:~$ ps aux | grep kea
_kea        1818  1.6  0.9  67384 20324 ?        Ssl  00:14   0:00 /usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4.conf

Dec 17 2023, 12:31 AM · VyOS 1.5 Circinus

Dec 13 2023

sarthurdev committed rVYOSONEX56a8eaeda7e8: dhcp: T3316: Fix dhcp op-mode state 'all' matching.

Dec 13 2023, 6:53 AM

sarthurdev committed rVYOSONEX7d50be0318db: dhcp: T3316: Fix raw op-mode lease output.

Dec 13 2023, 6:53 AM

Dec 12 2023

sarthurdev added a comment to T5820: error on dhcpv6-server range prefix with trailing colon (:).

I think this regex needs to be made more strict to prevent this issue.

Dec 12 2023, 11:46 PM · VyOS Rolling, Bugs

Dec 9 2023

sarthurdev committed rVYOSONEXd95200e96763: dhcp: T3316: Migrate dhcp/dhcpv6 server to Kea.

Dec 9 2023, 8:36 PM

sarthurdev committed rVYOSONEX4484a7398482: dhcp: T3316: Add captive portal v4/v6 options.

Dec 9 2023, 8:36 PM

sarthurdev committed rVYOSONEX2787e7915c12: dhcp: T3316: Add time-zone node for options 100 and 101.

Dec 9 2023, 8:36 PM

Oct 26 2023

sarthurdev closed T3509: No BCP38 for IPv6 on VyOS as Resolved.

Oct 26 2023, 12:49 PM · VyOS 1.4 Sagitta

sarthurdev closed T5558: Update config test to check resulting migrations as Resolved.

Oct 26 2023, 12:48 PM · VyOS 1.5 Circinus

sarthurdev closed T5568: Install image from live ISO always defaults boot to KVM entry as Resolved.

Oct 26 2023, 12:48 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

sarthurdev added a comment to T5606: IPSec VPN: Allow multiple CAs certificates.

@SrividyaA Can you confirm this is working as you expect?

Oct 26 2023, 12:42 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev closed T4309: Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore" as Resolved.

Oct 26 2023, 12:41 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev added a project to T4309: Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore": VyOS 1.5 Circinus.

Oct 26 2023, 12:41 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev moved T4903: Support IPv6 addresses in "set system conntrack ignore" from Finished to Backlog on the VyOS 1.4 Sagitta board.

Oct 26 2023, 12:40 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev moved T4903: Support IPv6 addresses in "set system conntrack ignore" from Open to Finished on the VyOS 1.5 Circinus board.

Oct 26 2023, 12:40 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev added a project to T4903: Support IPv6 addresses in "set system conntrack ignore": VyOS 1.5 Circinus.

Oct 26 2023, 12:40 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev closed T4903: Support IPv6 addresses in "set system conntrack ignore" as Resolved.

Oct 26 2023, 12:39 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev added a comment to T5550: Source validation on interface does not work properly.

@a.apostoliuk Can you confirm this is working as expected?

Oct 26 2023, 12:38 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

sarthurdev closed T5571: Firewall does not delete networks from the table raw as Resolved.

Oct 26 2023, 12:37 PM · VyOS 1.5 Circinus

sarthurdev closed T5598: unknown parameter 'nf_conntrack_helper' ignored as Resolved.

Oct 26 2023, 12:36 PM · VyOS 1.5 Circinus

Oct 12 2023

sarthurdev closed T5651: chain FW_CONNTRACK incorrectly use accept as action as Invalid.

If you don't use the firewall (statefully at least) then it will go through the FW_CONNTRACK chain and the NAT_CONNTRACK and/or WLB_CONNTRACK chains will be reached, or fall through to the notrack.

Oct 12 2023, 6:29 PM · VyOS 1.5 Circinus

sarthurdev closed T5651: chain FW_CONNTRACK incorrectly use accept as action as Invalid.

That is how the conntrack enabling system works. FW_CONNTRACK verdict is set to accept when it is determined the firewall needs conntracking (state rules, flowtable etc.), same for NAT_/WLB_ chains. If none require conntrack - all chains will be return and it falls down the chain to the final notrack and conntrack is not enabled.

Oct 12 2023, 5:29 PM · VyOS 1.5 Circinus

Sep 29 2023

sarthurdev committed rVYOSONEX42ff4d8a7ba7: conntrack: T5376: Fixes for conntrack-sync configdep.

Sep 29 2023, 1:39 PM

Sep 28 2023

sarthurdev committed rVYOSONEX6eda98d14ad9: firewall: T5217: Synproxy bugfix and ct state conflict checking.

Sep 28 2023, 7:16 PM

sarthurdev committed rVYOSONEXfd0bcaf120bc: conntrack: T5376: T5598: Fix for kernel conntrack helpers.

Sep 28 2023, 2:54 PM

sarthurdev committed rVYOSONEX5acf5acedbf7: conntrack: T5376: Use vyos.configdep to call conntrack-sync.

Sep 28 2023, 2:54 PM

sarthurdev committed rVYOSONEX81dee963a9ca: firewall: T5614: Add support for matching on conntrack helper.

Sep 28 2023, 2:52 PM

sarthurdev committed rVYOSONEX1ac230548c86: ipsec: T5606: Add support for whole CA chains.

Sep 28 2023, 2:43 PM

Sep 26 2023

sarthurdev committed rVYOSONEX9b9b37e9cbb2: firewall: T5160: Remove zone policy op-mode.

Sep 26 2023, 6:11 PM

Sep 24 2023

sarthurdev added a comment to T5599: Firewall unexpectedly changes some sysctl options.

Not sure what to do on this one. The firewall is depending on conntrack module, which updates the conntrack related sysctls. It'd be the same if someone defines custom sysctls used by other conf scripts.

Sep 24 2023, 6:30 PM · VyOS Rolling, Bugs

sarthurdev changed the status of T5614: Add conntrack helper matching on firewall from Open to In progress.

Sep 24 2023, 2:44 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

sarthurdev changed the status of T5606: IPSec VPN: Allow multiple CAs certificates from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2305

Sep 24 2023, 1:54 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev moved T5606: IPSec VPN: Allow multiple CAs certificates from Open to In Progress on the VyOS 1.5 Circinus board.

Sep 24 2023, 12:17 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev added a project to T5606: IPSec VPN: Allow multiple CAs certificates: VyOS 1.5 Circinus.

Sep 24 2023, 12:17 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev changed the status of T5606: IPSec VPN: Allow multiple CAs certificates from Open to In progress.

Sep 24 2023, 12:17 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

sarthurdev added a comment to T5160: Firewall refactor.

PR removing zone-policy op-mode: https://github.com/vyos/vyos-1x/pull/2304

Sep 24 2023, 11:44 AM · VyOS 1.4 Sagitta

sarthurdev changed the status of T5376: Conntrack FTP helper does not work properly from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2304

Sep 24 2023, 11:44 AM · VyOS 1.4 Sagitta (1.4.0-epa1), VyOS 1.5 Circinus

sarthurdev changed the status of T5598: unknown parameter 'nf_conntrack_helper' ignored from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/2304

Sep 24 2023, 11:44 AM · VyOS 1.5 Circinus

Sep 21 2023

sarthurdev changed the status of T5376: Conntrack FTP helper does not work properly from Open to Confirmed.

Sep 21 2023, 9:49 AM · VyOS 1.4 Sagitta (1.4.0-epa1), VyOS 1.5 Circinus

sarthurdev changed the status of T5598: unknown parameter 'nf_conntrack_helper' ignored from Open to Confirmed.

This is likely also the issue causing T5376

Sep 21 2023, 9:49 AM · VyOS 1.5 Circinus

Sep 20 2023

sarthurdev committed rVYOSONEXcdbe969308c1: conntrack: firewall: T4502: Update conntrack check for new flowtable CLI.

Sep 20 2023, 4:12 AM

Sep 19 2023

sarthurdev added a comment to T4502: Consider implementing (NAT/other) flow table offload.

In T4502#160404, @Apachez wrote:
Perhaps a possible way to detect if the nic supports hardware flowtables or not.

Try to set sudo ethtool -K eth0 hw-tc-offload on.

If the result becomes:
Actual changes:
hw-tc-offload: off [requested on]
Could not change any device features
Then it doesnt support hardware flowtables.

Could also verify by reading the capability like so:
$ ethtool -k eth0 | grep hw-tc-offload
hw-tc-offload: off [fixed]