We do not need add tasks for the documentation. There are a lot of things that are not documented or require improvements.
Just create a PR to the documentation repo.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Jun 1 2024
Jun 1 2024
May 31 2024
May 31 2024
Viacheslav changed the status of T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses from Open to In progress.
Viacheslav triaged T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken as Normal priority.
This is a new feature that was added after EPA-3 release
It was added 3 days ago https://github.com/vyos/vyos-1x/pull/3535
Viacheslav added a comment to T6428: Routing networks through multiple wireguard tunnels not properly working when using WAN load balancing.
Provide the full (minimal) set of commands to reproduce.
May 30 2024
May 30 2024
Need a general place to store accounts for VPN; whether it is a local radius server or chap-secrets file(this option seems simpler and more correct) is not so important.
A separate radius server is another point of failure and a separate infrastructure object. Wants to have a boxed solution where everything is available at once
Viacheslav triaged T6419: reverse-proxy: full CA chain is not build when verifying backend server as Normal priority.
Viacheslav triaged T6413: BGP conditional route advertisement does not work as expected as Normal priority.
The similar task T6409
Viacheslav moved T6402: Invalid variables referenced in reverse proxy validation from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
Viacheslav moved T6402: Invalid variables referenced in reverse proxy validation from Open to Finished on the VyOS 1.5 Circinus board.
May 29 2024
May 29 2024
It is not clear why it should be ignored? If they should be ignored they must not be in the CLI at all.
Why not use RADIUS authentication for it?
Viacheslav triaged T6417: Common storage location for accounts for different VPNs as Wishlist priority.
It probably cannot be a universal solution due to specific per-user options.
For example, for opencoonect, you can add otp if you want on a per-user basis and not do it for other users.
vyos@r4# set vpn openconnect authentication local-users username foo Possible completions: disable Disable instance > otp 2FA OTP authentication parameters password Password used for authentication
Viacheslav renamed T6416: Run smoke tests before merging from Run smole tests before merging to Run smoke tests before merging .
Viacheslav closed T6411: CGNAT does not rely on seq number, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, as Resolved.
Viacheslav added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.
More a feature request than a bug
May 28 2024
May 28 2024
Viacheslav changed the status of T6411: CGNAT does not rely on seq number, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, from Open to In progress.
Viacheslav added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.
Can you provide set of commands instead? Bug-report-guidelines
Viacheslav triaged T6412: CGNAT allocation calculation may sometimes be incorrect as Normal priority.
Viacheslav renamed T6411: CGNAT does not rely on seq number from CGNAt does not rely on seq number to CGNAT does not rely on seq number.
Viacheslav added a parent task for T6411: CGNAT does not rely on seq number: T5169: Add CGNAT Carrier-Grade NAT based on nftables.
The charon identifier also shows IKE name of the SA; this way, we can identify peers in the logs https://github.com/vyos/vyos-build/blob/b809886538eaad66b8756be8f5e758584f88e6a6/data/live-build-config/hooks/live/30-strongswan-configs.chroot#L41-L54
The current show log vpn does https://github.com/vyos/vyos-1x/blob/48e5266e2bca8d1d7a2ee4bacbe0e6628de3fa66/op-mode-definitions/show-log.xml.in#L710
May 27 2024
May 27 2024
Viacheslav added a comment to T6398: Missing the package kpartx for the container vyos-build:current-arm64.
The dependency allowed for 386/amd64 only https://github.com/vyos/vyos-build/blob/b809886538eaad66b8756be8f5e758584f88e6a6/docker/Dockerfile#L281
Though the package is available for ARM
As several CA were allowed some time ago it is a bug with op-mode generator.
There is a list of CA's https://github.com/vyos/vyos-1x/blob/48e5266e2bca8d1d7a2ee4bacbe0e6628de3fa66/src/op_mode/ikev2_profile_generator.py#L147
The template https://github.com/vyos/vyos-1x/blob/current/data/templates/ipsec/windows_profile.j2
May 25 2024
May 25 2024
Viacheslav triaged T6396: MINOR Typo: set system conntrack timeout custom ipv4 rule X as Normal priority.
Viacheslav triaged T6398: Missing the package kpartx for the container vyos-build:current-arm64 as Normal priority.
May 24 2024
May 24 2024
Viacheslav moved T6391: load-balancing reverse-proxy: typo in timeout help from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
Probably the best way will be moving the config to the vrf section (not implemented)
For example:
set vrf name foo service dhcp-server shared-network-name eth1 option default-router '192.168.1.1' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'
And start several instances, each with its configuration.
The similar task for redirect T260
May 23 2024
May 23 2024
Viacheslav moved T6381: Typos in select ConfigError messages in dhcpv6-server from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav edited projects for T6387: Bump conntrack to version 1:1.4.7-1, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T6357: Create test repository to validate setup, a subtask of T6309: Check code quality with CodeQL, as Resolved.
May 22 2024
May 22 2024
Viacheslav triaged T6382: Add dkms in order to make firmware updates of NIC's possible as Wishlist priority.
Viacheslav moved T6384: rollback-soft should tell the user to compare and commit from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
Viacheslav edited projects for T6373: QoS Policy Limiter - classes for marked traffic do not work, added: VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.
Viacheslav moved T3493: DHCPv6 does not have prefix range validation from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
Does 1.5 has the same bug?
Viacheslav triaged T6379: "generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients as Normal priority.
Viacheslav closed T6366: CGNAT add the ability to show allocation per external or internal address, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, as Resolved.
May 21 2024
May 21 2024
Viacheslav changed the status of T6366: CGNAT add the ability to show allocation per external or internal address, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, from Open to In progress.
Viacheslav changed the status of T6366: CGNAT add the ability to show allocation per external or internal address from Open to In progress.
Viacheslav added a comment to T5584: System cannot boot with commit-arachive location sftp in some cases.
@jestabro It was a report from the user; unfortunately, I do not have more details.
May 20 2024
May 20 2024
Viacheslav closed T6364: CGNAT drop hard limit that allowed only one translation rule, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, as Resolved.
Can you manually edit the node and re-check if it will work for acme
sudo nano -c /opt/vyatta/share/vyatta-cfg/templates/pki/certificate/node.tag/acme/listen-address/node.def
replace:
type: txt
help: Local IPv4 addresses to listen on
val_help: ipv4; IPv4 address to listen for incoming connections
allowed: sh -c "${vyos_completion_dir}/list_local_ips.sh --ipv4"
syntax:expression: exec "${vyos_libexec_dir}/validate-value --exec \"${vyos_validators_dir}/ipv4-address \" --value \'$VAR(@)\'"; "Invalid value"to
type: txt help: Local IPv4 addresses to listen on val_help: ipv4; IPv4 address to listen for incoming connections
May 19 2024
May 19 2024
May 18 2024
May 18 2024
Viacheslav triaged T6366: CGNAT add the ability to show allocation per external or internal address as Wishlist priority.
PR https://github.com/vyos/vyos-1x/pull/3483
set nat cgnat pool external ext-01 external-port-range '40000-60000' set nat cgnat pool external ext-01 per-user-limit port '5000' set nat cgnat pool external ext-01 range 192.0.2.1-192.0.2.2 set nat cgnat pool external ext-01 range 192.0.2.11/32
Viacheslav triaged T6364: CGNAT drop hard limit that allowed only one translation rule as Low priority.
Viacheslav changed the status of T6364: CGNAT drop hard limit that allowed only one translation rule, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, from Open to In progress.
Viacheslav changed the status of T6364: CGNAT drop hard limit that allowed only one translation rule from Open to In progress.
May 17 2024
May 17 2024
In T6344#188757, @n.fort wrote:Maybe we should create another xml file identical to listen-address.xml.i but without multi option define in line 16.
Viacheslav added a parent task for T6362: Add a conntrack/translations logger daemon: T5169: Add CGNAT Carrier-Grade NAT based on nftables.