Mark it as resolved, reopen the task if required.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Apr 9 2024
Apr 9 2024
Viacheslav triaged T6218: Container network interface in VRF fails to generate IPv6 link-local address as Normal priority.
Viacheslav added a comment to T6106: Improve the commit error message for the case when route-reflector-client option is defined in a peer-group.
Was it fixed?
Viacheslav changed the status of T6106: Improve the commit error message for the case when route-reflector-client option is defined in a peer-group from In progress to Needs testing.
@MattK Could you re-check and close it?
Viacheslav changed the status of T6132: Conntrack-sync Internal Cache Growing Uncontrollably from Open to Needs reporter action.
Viacheslav changed the status of T6212: Firewall offload counters show always zero from Open to Needs testing.
@tjh Any updates?
By the way there is a new option
vyos@r4# set service conntrack-sync disable-syslog [edit] vyos@r4#
https://conntrack-tools.netfilter.org/manual.html#sync-aa
conntrackd allows you to deploy an symmetric Active-Active setup based on a static approach. For example, assume that you have two virtual IPs, vIP1 and vIP2, and two firewall replicas, FW1 and FW2. You can give the virtual vIP1 to the firewall FW1 and the vIP2 to the FW2.
Viacheslav added a project to T6217: Set the log id of the VRRP contrack-sync script to vyos-vrrp-conntracksync: Restricted Project.
@trae32566 Can you provide the next output?
sudo conntrackd -C /run/conntrackd/conntrackd.conf -s && echo "conntrack_count: " && sudo conntrack -C sudo conntrackd -C /run/conntrackd/conntrackd.conf -s network sudo conntrackd -C /run/conntrackd/conntrackd.conf -s cache sudo conntrackd -C /run/conntrackd/conntrackd.conf -s runtime sudo conntrackd -C /run/conntrackd/conntrackd.conf -s link sudo conntrackd -C /run/conntrackd/conntrackd.conf -s queue
Viacheslav triaged T6217: Set the log id of the VRRP contrack-sync script to vyos-vrrp-conntracksync as Low priority.
Viacheslav moved T6121: Extend service config-sync for sections vpn, policy, vrf from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Viacheslav edited projects for T6121: Extend service config-sync for sections vpn, policy, vrf, added: VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta (1.4.0-epa2).
Viacheslav moved T6121: Extend service config-sync for sections vpn, policy, vrf from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav changed the status of T5858: Improve the formatting of conntrack statistics output from Open to In progress.
PR https://github.com/vyos/vyos-1x/pull/3280
vyos@r15-left:~$ show conntrack statistics CPU Found Invalid Insert Insert fail Drop Early drop Errors Search restart ----- ------- --------- -------- ------------- ------ ------------ -------- ---------------- -- -- 0 0 280 0 1 1 0 1 0 2 0 1 0 73 0 0 0 0 126 0 1 0 vyos@r15-left:~$
Apr 8 2024
Apr 8 2024
Viacheslav changed the status of T3437: BGP Confederation Addition Causes Error from Needs testing to Confirmed.
After deleting and adding the firewall, it looks good
So, for some reason, the rule 10 and default action accept were applied 2 times to the firewall
chain VYOS_FORWARD_filter {
type filter hook forward priority filter; policy accept;
counter packets 928376 bytes 1800341472 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-10"
counter packets 928376 bytes 1800341472 accept comment "FWD-filter default-action accept"
counter packets 0 bytes 0 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-10"
ct state { established, related } counter packets 0 bytes 0 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-20"
counter packets 0 bytes 0 accept comment "FWD-filter default-action accept"
}Apr 7 2024
Apr 7 2024
Viacheslav added a project to T5169: Add CGNAT Carrier-Grade NAT based on nftables: VyOS 1.5 Circinus.
Viacheslav changed the status of T1641: VRRP conntrack-sync dropping packets passing through the router from Open to Needs reporter action.
@Daya @trae32566 Any updates?
Viacheslav added a comment to T5966: Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments.
@indrajitr Can we close it?
@indrajitr Can we close it?
Viacheslav changed the status of T4588: BGP Peer Group Scaling issues from Open to Needs reporter action.
Viacheslav closed T6039: cloud-init DNS search-domain causes configuration migration/validation error, a subtask of T5907: cloud-init root task for 1.5 and 1.4 , as Resolved.
Viacheslav added a subtask for T5907: cloud-init root task for 1.5 and 1.4 : T6112: Cloud Init Ordering Incorrect.
Viacheslav added a parent task for T6112: Cloud Init Ordering Incorrect: T5907: cloud-init root task for 1.5 and 1.4 .
Viacheslav added a comment to T6099: Suppress unsupported interfaces from appearing in messages log by Telegraf .
@Giggum Can you check it on 1.5?
It is easy to add
In FRR it looks like:
r4(config-rpki)# rpki cache 192.0.2.1 8888 SSH_UNAME SSH user name preference Preference of the cache server source Configure source IP address of RPKI connection
Viacheslav triaged T6209: Improve Configuration Load/Commit Speed by moving away from deep-tree flat-file backend as Normal priority.
PoC PR https://github.com/vyos/vyos-1x/pull/3274
set nat cgnat pool external ext1 external-port-range '1024-65535' set nat cgnat pool external ext1 per-user-limit port '1000' set nat cgnat pool external ext1 range 192.0.2.222/32 set nat cgnat pool internal int1 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int1' set nat cgnat rule 10 translation pool 'ext1'
Apr 5 2024
Apr 5 2024
Viacheslav moved T3437: BGP Confederation Addition Causes Error from Finished to Need Triage on the VyOS 1.3 Equuleus (1.3.7) board.
@a.apostoliuk Recheck reconfguration, not new configuration
We are currently using FRR segment routing set protocols segment-routing srv6
For now, it could be closed
Apr 4 2024
Apr 4 2024
It is not a bug with the VyOS itself.
You don't need to create the task on Phabricator
Feel free to create a PR without the task https://github.com/vyos/vyos-documentation/tree/equuleus
Apr 3 2024
Apr 3 2024
Apr 2 2024
Apr 2 2024
You may only use this Speedtest software and information generated
from it for personal, non-commercial use, through a command line
interface on a personal computer. Your use of this software is subject
to the End User License Agreement, Terms of Use and Privacy Policy at
these URLs:
Viacheslav triaged T6197: Validation error in the IPoE server interface client-subnet option as High priority.
Viacheslav moved T6033: hsflowd fails to start when using a tunnel interface from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
The original issue was resolved.
Apr 1 2024
Apr 1 2024
Viacheslav closed T6178: reverse-proxy doesn't check that a certificate exists at set time as Resolved.
@ServerForge It is question for hsflowd
You can open the issue on their git repo
Mar 31 2024
Mar 31 2024
Proposed CLI:
set nat cgnat pool external <external> range 192.0.2.0/30 seq 1 set nat cgnat pool external <external> range 192.0.2.128-192.0.2.132 seq 2 set nat cgnat pool external <external> per-user-limit port 1024 set nat cgnat pool external <external> global-port-range 1024-65535 set nat cgnat pool internal <internal> range 100.64.1.0/24
I'm not sure that a list of ports will be helpful in this way.
From time to time, we need to scan specific ports.
What about
force scan-port-host <x.x.x.x> proto <tcp|udp> port '8080-8081,9200' force port--discovery-host <x.x.x.x> proto <tcp|udp> port '8080' force port-scan host <x.x.x.x> proto <tcp|udp> port '8080'
And use native nmap binaries (as python3 nmap module is not installed by default)
Also, it has XML format if you want a custom table:
sudo nmap -oX - 127.0.0.1
Viacheslav changed the status of T6173: Build Causes Errors When "--version" Contains Slashes ("/") from Open to In progress.
Viacheslav triaged T6173: Build Causes Errors When "--version" Contains Slashes ("/") as Normal priority.
Viacheslav triaged T6156: Include commit hash from repos in nightly build release description as Normal priority.
Viacheslav added a parent task for T6154: Installer should ask for password twice: T4516: Rewrite system image manipulation tools in Python.
Viacheslav edited projects for T6154: Installer should ask for password twice, added: VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.0-epa2).
Viacheslav changed the status of T6185: Simplify marshalling of section and config data for config-sync, a subtask of T6121: Extend service config-sync for sections vpn, policy, vrf, from Open to In progress.
Viacheslav changed the status of T6185: Simplify marshalling of section and config data for config-sync from Open to In progress.
Viacheslav triaged T6188: Add firewall rule description to the output of "show firewall" commands as Wishlist priority.
Viacheslav moved T5832: Allow setting the interface for excluded address in VRRP from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav renamed T6191: Policy route set-mss option is not working correctly from Policy Route Behavior Different from 1.3.x to Policy Route TCP-MSS Behavior Different from 1.3.x.
Probably VNI is applied after BGP
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "vrf|bri|vxlan"
11 vrf.py ['vrf']
310 interfaces_bridge.py ['interfaces', 'bridge']
460 interfaces_vxlan.py ['interfaces', 'vxlan']
481 protocols_static.py ['vrf', 'name', 'protocols', 'static']
611 protocols_isis.py ['vrf', 'name', 'protocols', 'isis']
621 protocols_ospf.py ['vrf', 'name', 'protocols', 'ospf']
621 protocols_ospfv3.py ['vrf', 'name', 'protocols', 'ospfv3']
821 protocols_bgp.py ['vrf', 'name', 'protocols', 'bgp']
821 protocols_eigrp.py ['vrf', 'name', 'protocols', 'eigrp']
822 vrf_vni.py ['vrf', 'name', 'vni']
vyos@r4:~$The current priorities:
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "vrf|bri|vxlan"
11 vrf.py ['vrf']
310 interfaces_bridge.py ['interfaces', 'bridge']
460 interfaces_vxlan.py ['interfaces', 'vxlan']
481 protocols_static.py ['vrf', 'name', 'protocols', 'static']
611 protocols_isis.py ['vrf', 'name', 'protocols', 'isis']
621 protocols_ospf.py ['vrf', 'name', 'protocols', 'ospf']
621 protocols_ospfv3.py ['vrf', 'name', 'protocols', 'ospfv3']
821 protocols_bgp.py ['vrf', 'name', 'protocols', 'bgp']
821 protocols_eigrp.py ['vrf', 'name', 'protocols', 'eigrp']
822 vrf_vni.py ['vrf', 'name', 'vni']
vyos@r4:~$Viacheslav edited projects for T6167: VNI not set on VRF after reboot, added: VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
@kevinrausch Thank you for the report, next time it is better to use set of the commands to reproduce
vyos@r4:~$ generate tech-support archive /tmp/foo
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/generate_tech-support_archive.py", line 123, in <module>
tmp_dir.mkdir()
File "/usr/lib/python3.11/pathlib.py", line 1117, in mkdir
os.mkdir(self, mode)
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/foo/drops-debug_2024-03-31T12-07-09'
vyos@r4:~$It seems hardcoded here https://github.com/vyos/vyos-1x/blob/252d03d6e419aae14ae75caed38d1b1001c916a2/src/op_mode/generate_tech-support_archive.py#L96
Mar 30 2024
Mar 30 2024
Viacheslav edited projects for T6189: BGP L3VPN connectivity is broken after re-enabling VRF, added: VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.
Mar 29 2024
Mar 29 2024
Viacheslav changed the status of T6033: hsflowd fails to start when using a tunnel interface from In progress to Needs testing.
Viacheslav changed the status of T6033: hsflowd fails to start when using a tunnel interface from Open to In progress.
@ServerForge, it seems to be working with the v2.0.55-1 version. Could you build a package and re-check?
git clone -b v2.0.55-1 --single-branch https://github.com/sflow/host-sflow.git sudo apt-get install -y libpcap0.8-dev make deb FEATURES="PCAP DROPMON DBUS"
Viacheslav changed the subtype of T6033: hsflowd fails to start when using a tunnel interface from "Task" to "Bug".
Viacheslav added a project to T6033: hsflowd fails to start when using a tunnel interface: VyOS 1.5 Circinus.
Only ethernet interfaces or bridges are allowed; from their docs https://sflow.net/host-sflow-linux-config.php
PCAP Packet Sampling
It seems a broken local build; close the task.
Reopen if necessary.
Viacheslav added a comment to T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down.
"reset vpn ipsec " command and does not reset SAs that are dow
Mar 28 2024
Mar 28 2024
Viacheslav triaged T6183: OpenVPN IPv6 server: Unable to establish connection without local-host parameter as Normal priority.
Viacheslav changed the status of T6159: "show openvpn server" prints a superfluous "OpenVPN status on vtunx" message for every client connection from Open to In progress.
Viacheslav edited projects for T4718: DHCP server listen-address doesn't take effect if the interface is in a VRF, added: VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.