I've created a PR for this: https://github.com/vyos/vyos-1x/pull/3655
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Jun 15 2024
Jun 15 2024
talmakion added a comment to T5514: Improve error handling when/if config.boot is deleted or missing .
I've created a PR with a very simple fix: https://github.com/vyos/vyos-1x/pull/3654
Jun 14 2024
Jun 14 2024
I can now reproduce the issue. The reason I was unable to reproduce this was I missed out that you use an ACME certificate
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote ipsec.somedomain
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 153, in <module>
cert_data = load_certificate(pki['certificate'][cert_name]['certificate'])
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
KeyError: 'certificate'
vyos@vyos:~$ show ver | match Version:
Version: VyOS 1.5-rolling-202406130020
vyos@vyos:~$Jun 13 2024
Jun 13 2024
This is not the latest image. Please use 1.5-rolling-202406130020
zsdc moved T6038: Losing default route after first reboot (cloud-init & DHCP) from In Progress to Finished on the VyOS 1.5 Circinus board.
zsdc closed T6038: Losing default route after first reboot (cloud-init & DHCP), a subtask of T5907: cloud-init root task for 1.5 and 1.4 , as Resolved.
zsdc closed T5351: VyOS deployed with cloud-init improperly saves config.boot, a subtask of T5907: cloud-init root task for 1.5 and 1.4 , as Resolved.
The only reason I see why this can happen is that the config.boot format can be unexpected. But this should not happen anymore, because now Cloud-init always runs migrations before doing any work, which should always add required metadata if the original file is a valid VyOS config.
L0crian placed T5931: Add option to append route-target when adding additional imports up for grabs.
natali-rs1985 changed the status of T3202: Enable wireguard debug messages by default from Open to In progress.
Jun 12 2024
Jun 12 2024
For 1.5-rolling-202406120020 it doesnt work even without having a vrf:
vyos@vyos-a# run update geoip Downloaded GeoIP database Error: GeoIP failed to update firewall [edit] vyos@vyos-a#
Unfortunately there is no explaining logging (at least I didn't found any).
In upgrade process
Jun 11 2024
Jun 11 2024
Can you please retest with the latest ISO as additional fixes got added to the code.
talmakion added a comment to T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses.
@a.apostoliuk this one should be resolved in the current rolling release, if you're able to check it out?
I have https://github.com/vyos/vyos-1x/pull/3616 and https://github.com/vyos/vyos-1x/pull/3637 as works in progress.
Jun 10 2024
Jun 10 2024
vyos@vyos:~$ dpkg -l | grep vyos-1x ii vyos-1x 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data ii vyos-1x-vmware 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data for VMware vyos@vyos:~$
Jun 9 2024
Jun 9 2024
Please share the output of dpkg -l | grep vyos-1x
vyos@vyos# show vpn ipsec | commands set esp-group vpn lifetime '3600' set esp-group vpn pfs 'enable' set esp-group vpn proposal 10 encryption 'aes128gcm128' set esp-group vpn proposal 10 hash 'sha256' set ike-group vpn key-exchange 'ikev2' set ike-group vpn lifetime '7200' set ike-group vpn proposal 10 dh-group '14' set ike-group vpn proposal 10 encryption 'aes128gcm128' set ike-group vpn proposal 10 hash 'sha256' set interface 'eth0' set options virtual-ip set remote-access connection support authentication client-mode 'eap-mschapv2' set remote-access connection support authentication local-id 'ipsec.somedomain' set remote-access connection support authentication local-users username test password 'test' set remote-access connection support authentication server-mode 'x509' set remote-access connection support authentication x509 ca-certificate 'isrgrootx1' set remote-access connection support authentication x509 ca-certificate 'lets-encrypt-r3' set remote-access connection support authentication x509 certificate 'vpn2' set remote-access connection support description 'support remote access' set remote-access connection support esp-group 'vpn' set remote-access connection support ike-group 'vpn' set remote-access connection support local-address 'ip on eth0' set remote-access connection support pool 'support' set remote-access pool support name-server '1.1.1.1' set remote-access pool support name-server '9.9.9.9' set remote-access pool support prefix '192.168.120.64/27' [edit] vyos@vyos#
Please share your full ipsec configuration
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote ipsec.somedomain
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 154, in <module>
cert = load_certificate(pki['certificate'][cert_name]['certificate'])
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
KeyError: 'certificate'
vyos@vyos:~$ show ver
Version: VyOS 1.5-rolling-202406060020
Release train: current
Release flavor: genericThis was merged Thu May 30 16:35:43 2024 +0200 and your image is from 2024-05-30.
talmakion added a comment to T4667: DMVPN IPSec allows cleartext GRE over the internet when reconnecting.
I may have figured something out in https://vyos.dev/T4694.
It looks like outbound encap can be matched via routing expressions:
Jun 7 2024
Jun 7 2024
HollyGurza moved T4576: vpn l2tp logging level configuration from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
HollyGurza moved T4576: vpn l2tp logging level configuration from In Progress to Finished on the VyOS 1.5 Circinus board.
In T6448#191159, @Viacheslav wrote:In T6448#191156, @HappyShr00m wrote:I have not used it since I thought it would delete even running instances or stop them. if it doesn't, then may I suggest adding a description to the command to indicate that it will not impact the running containers. thanks
It should not affect running container images.
Try it on some test instance.
Jun 6 2024
Jun 6 2024
I don't know how to solve this problem. I suggest rejecting the problem.
In T6448#191156, @HappyShr00m wrote:I have not used it since I thought it would delete even running instances or stop them. if it doesn't, then may I suggest adding a description to the command to indicate that it will not impact the running containers. thanks
In T6448#191124, @Viacheslav wrote:It will delete all unused images
Did you try this command, as the command does not work?Which original podman command are you expecting?
It will delete all unused images
Did you try this command, as the command does not work?
Jun 5 2024
Jun 5 2024
n.fort moved T6396: MINOR Typo: set system conntrack timeout custom ipv4 rule X from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
Jun 3 2024
Jun 3 2024
If you add this config after the server is configured, it works as it requires a restart of the service
sudo systemctl restart accel-ppp@pppoe.service
Or reconfigure the service again
Add the set of commands to reproduce.
Viacheslav changed the status of T6373: QoS Policy Limiter - classes for marked traffic do not work from Open to Needs testing.
Jun 2 2024
Jun 2 2024
alainlamar updated the task description for T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken.
syncer edited projects for T6432: DAE/DM/COA, added: VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.
Jun 1 2024
Jun 1 2024
Viacheslav moved T6409: Remove unused parameter node from reverse-proxy backend from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
May 31 2024
May 31 2024
Viacheslav changed the status of T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses from Open to In progress.
talmakion added a comment to T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses.
I've created a PR for this that fixed a mistake with my original patch: https://github.com/vyos/vyos-1x/pull/3570
Viacheslav triaged T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken as Normal priority.
May 30 2024
May 30 2024
alainlamar updated the task description for T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken.
alainlamar updated the task description for T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken.
alainlamar edited projects for T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken, added: VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta (1.4.0).
c-po closed T6419: reverse-proxy: full CA chain is not build when verifying backend server as Resolved.
c-po moved T6419: reverse-proxy: full CA chain is not build when verifying backend server from In Progress to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
c-po moved T6407: ipsec profile generation error from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
c-po moved T6421: host-name has no explicit priority to be set on system boot from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
c-po moved T6421: host-name has no explicit priority to be set on system boot from Open to Finished on the VyOS 1.5 Circinus board.
c-po changed the status of T6424: ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate, a subtask of T6407: ipsec profile generation error, from Open to Confirmed.
c-po moved T6407: ipsec profile generation error from Open to Finished on the VyOS 1.5 Circinus board.
Apple IOS now recognizes multiple CAs inside the profile
With this change all CAs in the list are rendered into the template.
Viacheslav triaged T6419: reverse-proxy: full CA chain is not build when verifying backend server as Normal priority.
c-po updated the task description for T6421: host-name has no explicit priority to be set on system boot.
c-po changed the status of T6421: host-name has no explicit priority to be set on system boot from Open to In progress.
Viacheslav moved T6402: Invalid variables referenced in reverse proxy validation from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
Viacheslav moved T6402: Invalid variables referenced in reverse proxy validation from Open to Finished on the VyOS 1.5 Circinus board.
May 29 2024
May 29 2024
c-po updated the task description for T6419: reverse-proxy: full CA chain is not build when verifying backend server.
c-po moved T6419: reverse-proxy: full CA chain is not build when verifying backend server from Open to Finished on the VyOS 1.5 Circinus board.
c-po edited projects for T6419: reverse-proxy: full CA chain is not build when verifying backend server, added: VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.
Tested as working in: VyOS 1.5-rolling-202405280020
fernando added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.
@mersl thanks for confirm.
mersl added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.
just some show commands with test results on my lab
mersl added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.
very cool! I just rebuild a 1.5-rolling and upgraded my lab router and voila - works as expected ;-)
fernando added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.
we've added this ability to configure the topology on isis :
fernando changed the subtype of T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr from "Bug" to "Feature Request".
fernando changed the status of T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr from Open to Needs testing.
Are you sure your DHCP server honors the no-default-route option?
I may be wrong, but I think the no-default-route just sets an option in the DHCP request, asking the DHCP server to not send back the default route.
I have the same issue with my ISP, and they told me they will always send a default route via DHCP.
I have solved the issue using DHCP hooks.
Unknown Object (User) added a comment to T6181: A feature for checking popular ports..
We will bind the code to a new command in operating mode (for example show ports). This will allow you to use the nmap command from operating mode. Just a convenient feature.
May 28 2024
May 28 2024
jestabro moved T6404: Include constraintGroup element in reference tree from Open to Finished on the VyOS 1.5 Circinus board.