In T5153#184332, @n.fort wrote:Output seems to be for VyOS 1.3, rather than 1.5
Can you show VyOS version @PeppyH ?
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 19 2024
Apr 19 2024
Apr 18 2024
Apr 18 2024
Hi,
I was playing around with VyOS and thought i'd build myself an iso and hit this issue. Not sure if its the correct way to solve it, but this is what I did:
syncer reassigned T5752: Check compatibility of new image tools with XCP-NG images from jestabro to Viacheslav.
jestabro claimed T5986: Container: Error on commit when environment variable value contains \n line break.
This will be resolved after backport of T5996.
jestabro moved T6245: Unhandled exception in "show openvpn server" from Open to Finished on the VyOS 1.5 Circinus board.
GitHub <noreply@github.com> committed rVYOSONEX63eb47d62eff: Merge pull request #3331 from vyos/mergify/bp/sagitta/pr-3330 (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX3976eebd3d10: openvpn: T6245: return 'n/a' if client info not available (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEX8bb55a50d08b: Merge pull request #3330 from jestabro/show-openvpn-fail (authored by dmbaturin).
Output seems to be for VyOS 1.3, rather than 1.5
Can you show VyOS version @PeppyH ?
Viacheslav placed T2279: Router resolves as 127.0.1.1 when using Router's Recursive DNS up for grabs.
Viacheslav edited projects for T4732: need an option for VRF name when you specify location for commit-archive, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Wontfix.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed as Wontfix.
Test addresses have to be different
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs reporter action.
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed from Open to Needs reporter action.
Viacheslav added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
Provide the set of the commands to reproduce
Viacheslav removed a project from T5153: OpenConnect route restriction via iptables is ignored: VyOS 1.4 Sagitta.
rusnino updated the task description for T6249: ISO builder fails because of changed buster-backport repository.
rusnino updated the task description for T6249: ISO builder fails because of changed buster-backport repository.
GitHub <noreply@github.com> committed rVYOSONEXcc2458dfc74a: Merge pull request #3329 from vyos/mergify/bp/sagitta/pr-3326 (authored by dmbaturin).
Viacheslav changed the status of T6221: Enabling VRF breaks connectivity from Open to Needs testing.
dmbaturin added a project to T6245: Unhandled exception in "show openvpn server": VyOS 1.4 Sagitta (1.4.0-epa3).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX6d15ae068e47: T6221: Return default ip rule values after deleting VRF (authored by Viacheslav).
GitHub <noreply@github.com> committed rVYOSONEX3a50e87584a8: Merge pull request #3326 from sever-sever/T6221 (authored by dmbaturin).
dmbaturin edited projects for T5986: Container: Error on commit when environment variable value contains \n line break, added: VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.
Viacheslav added a project to T5471: Conntrack logging doesnt seem to be working: VyOS 1.5 Circinus.
The old implementation used this script and https://github.com/vyos/vyatta-conntrack/blob/current/src/vyatta-conntrack-logging.c for the logging and it seems not impelemted for the current
At least there is not mention of the log
GitHub <noreply@github.com> committed rVYOSONEXe8f93864cf72: Merge pull request #3328 from vyos/mergify/bp/sagitta/pr-3327 (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXbbe0821213b7: pki: T6241: do not call dependency before its initialization (authored by jestabro).
sarthurdev committed rVYOSONEXa88b3bd344cc: pki: T6241: do not call dependency before its initialization (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEXfc3fd89a6fa4: Merge pull request #3327 from sarthurdev/T6241 (authored by jestabro).
Without subtasks, it is going to be dead.
@Apachez It is not clear what you want to fix exactly. Fix all and do all working well could be related to any task.
Viacheslav edited projects for T5673: Enable `CONFIG_DEBUG_INFO_DWARF5` and `CONFIG_DEBUG_INFO_BTF` in the Linux kernel, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav edited projects for T5737: Eigrp #11301 - Configuration failed error type: validation, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T5755: Running set pki ca NAME certificate with a name with spaces breaks the config as Not Applicable.
Not reproduced on VyOS 1.5-rolling-202404141045
vyos@r-left# set pki ca "my test ca name" certificate 'MIIDnTCCAoWgAwIBAgIUFvyB2rY0V1V6AaIpPWHCftGRwN8wDQYJKoZIhvcNAQELBQAwVzELMAkGA0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yNDA0MTgxMTM3MzZaFw0yOTA0MzZaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggEiMA0GCQEBAQUAA4IBDwAwggEKAoIBAQCKEVxs7gdzmnN4iMinvXN1vdGaT+v3TOnHSXbBkWHnt9YdWmo8UoqFpVqyVM3E8xmoT+3HOXJeWkKArEpMkGo93kWaGo0f25KGEFWbS2ttgNA9cqH9PGa42XTKyTY+5ZoIWaQQzNNiUSaIoslRrMSV4V2yQs90ECxR37ezlV2RAIHEhZ6mizUkMkuSmdjqRolh2tpF1MoisyhspFPXBC6lJ8d0jFZEi1tP3tlQjqVEWPjTvtddy34iOLFeUjBF5cOwfmpVLzWBVLbIxJr5ZHamGeQIabn36Jg1u0+/6p7hb8avqBW4dT0K8UykWVqgjQ4W4rM7AgMBAAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUxEx+IVaoLb7M/SW9AkCVRaXCNTUwDQYJKoZIhvcNAQELBQADggEBAGjV6WiH4Z+hfdANG8oWgY0xsHmUZg8dCjwqO5GMwjBVIuu8GuoZu0JobtLa097behWcgCkwjvKBffuwCu542WbFkxdXzBLZjSAc+K3itegZIuy4jqRO5z6Q0IbPSaFUhR4HhfwejwlyXgjNCFzEMzwoDL2/3PXjWyilkqthYyFcx092tgwiXtnfO9z9Xm/YQHQmRG2VWzLEwucOhV698xnqFgRJk3uKqcDN9KjF+5v32OQ0eis7GHn1aJim5aUee1nnCRFdQO0llNJRwF6fIaICzKLwa7zzMjF7HhRehh5kpwY8omcQX7xYz7GJag4='
Viacheslav edited projects for T5756: L2TP RADIUS backup and weight settings, added: Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav removed projects from T5761: Allow PPPoE interface to be assigned IPv6 address via DHCPv6: VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta.
@dotAndy Is it still relevant?
Can you create a PR?
Viacheslav edited projects for T5810: Add support for RPKI source IP, added: VyOS 1.5 Circinus, Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav placed T2003: BGP FQDN capability has improper hostname after new image install up for grabs.
Viacheslav changed the status of T1790: OSPF Exchanged Routes marked as invalid when run through a GRE PTMP/PTP OSPF between peers from Open to Needs reporter action.
@SquirePug re-check please with the latest rolling image.
Viacheslav reopened T2003: BGP FQDN capability has improper hostname after new image install as "Needs reporter action".
Viacheslav closed T2003: BGP FQDN capability has improper hostname after new image install as Resolved.
@jmaslak can you check the latest rolling image?
Viacheslav changed the status of T2616: BFD Configuration causes flapping from Needs testing to Needs reporter action.
@kroy can you re-test this case?
Viacheslav added a project to T3393: IPoE does not assign IPv6 PD or WAN address: VyOS 1.5 Circinus.
tjh added a comment to T6248: <device> ip source-validation 'strict' - doesn't set /proc/sys/net/ipv4/conf/<device>/rp_filter.
Closed invalid - this is done with nftables now.
Apachez added a comment to T5572: Add capability for sending Gratuitous ARP (GARP) and the equal for IPv6.
It would be handy if the GARP announcement wouldnt be a separate list but rather picked up from any DNAT or SNAT rules.
Viacheslav lowered the priority of T5169: Add CGNAT Carrier-Grade NAT based on nftables from High to Normal.
Apachez added a comment to T6248: <device> ip source-validation 'strict' - doesn't set /proc/sys/net/ipv4/conf/<device>/rp_filter.
Probably related:
In T6247#184232, @jmoore wrote:. We need the feature regardless of the state of the repository.
Apr 17 2024
Apr 17 2024
It very may well have been. That's not really relevant to this request. The repository is an example. We need the feature regardless of the state of the repository.
I saw such repository more than once, but it seems that it has been abandoned. Last commit is dated two years ago.
Another example on nftables: https://github.com/fullcone-nat-nftables/nftables-1.0.5-with-fullcone
Viacheslav removed a project from T6247: Add CGN "full cone" EIF support per RFC6888 REQ-7: VyOS 1.4 Sagitta.
We do not use iptables and their modules for new features.
Feel free to add PR for nftables or if you know which commands should be for nftables
vyos@test1:~$ sudo cat /run/openvpn/vtun20.status OpenVPN CLIENT LIST Updated,2024-04-17 16:40:05 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END
From initial PR these two feedback points are now implemented. PR has been amended see https://github.com/vyos/vyos-1x/pull/3307
I think I might've found the cause of this issue: the vni is unset from all VRFs when making changes. I posted a message about this on Slack (and about another, fairly similar, issue) on Slack about this.
dex added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
Just checked with the current rolling release 1.5-rolling-202404141045. After committing set high-availability disable, keepalived is successfully stopped and the logs show that the transition script seems to be executed:
thank you very much for your analysis. I am still wondering, why it breaks with adding the vrf and why it works before.
Also, why it starts to work again, after rebooting when removing the vrf again (but not before rebooting)
Viacheslav changed the status of T6246: Add support for server health checks to reverse proxy from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX85f055ba5d76: Merge pull request #3323 from vyos/mergify/bp/sagitta/pr-3192 (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEX0b9d2c64103a: Merge pull request #3324 from vyos/mergify/bp/sagitta/pr-3320 (authored by dmbaturin).
Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.
It is not related to VRF at all and is related to the policy routing logic:
Reproduced even on 1.3.2
set interfaces ethernet eth1 address '192.168.122.14/24'
n.fort changed the status of T5535: Move disable-directed-broadcast to firewall global-options from Confirmed to Needs testing.
n.fort changed the status of T6191: Policy route set-mss option is not working correctly from Confirmed to Needs testing.
Viacheslav triaged T6237: IPSec remote access VPN: ability to set EAP ID of clients as Wishlist priority.