- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Jul 2 2024
Jul 2 2024
Viacheslav changed the status of T6523: Error: "nft table ip vyos_filter not found" when commiting prometheus-client from In progress to Needs testing.
@SamLue will be available in the next rolling release, can you check when it will be available?
There are some nuances with it, until we do not have a route from to default VRF to the peer it won't work
set vrf bind-to-all set vrf name first table '123'
Viacheslav changed the status of T6538: Allow adding a geneve interface to the vrf. from Open to In progress.
Viacheslav changed the status of T6523: Error: "nft table ip vyos_filter not found" when commiting prometheus-client from Open to In progress.
Viacheslav changed the status of T4025: OpenVPN server with TAP interface, client didn’t see network from Open to Needs testing.
Jul 2 2024, 6:55 AM · Bugs, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.1), Restricted Project, openvpn
We are not going to implement it.
Viacheslav added a comment to T6379: "generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients.
Should fix it https://github.com/vyos/vyos-1x/pull/3747
Viacheslav added a comment to T6486: Generate openvpn client-config ignores configured protocol type.
PR https://github.com/vyos/vyos-1x/pull/3747
Also it should fix T6379
Viacheslav changed the status of T5487: OPENVPN -DEPRECATED OPTION: --cipher from Resolved to Unknown Status.
Viacheslav moved T5487: OPENVPN -DEPRECATED OPTION: --cipher from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
Viacheslav moved T6477: Adding Loki plugin to Telegraf from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
Viacheslav changed the status of T6486: Generate openvpn client-config ignores configured protocol type from Open to In progress.
Viacheslav changed the status of T6535: NAT66 Prefix Translation not working anymore from Resolved to Invalid.
Jul 1 2024
Jul 1 2024
Viacheslav changed the status of T6535: NAT66 Prefix Translation not working anymore from Open to Needs reporter action.
We do not use iptables, we use nftables.
Check the rules with sudo nft list ruleset
What exactly does not work?
Viacheslav added a comment to T6486: Generate openvpn client-config ignores configured protocol type.
@adestis Can you add an example of the expected configuration if use-lzo-compression is configured and not configured?
https://github.com/vyos/vyos-1x/blob/e270712f7ebd76e4e1be598766d999cef4f05e26/src/op_mode/generate_ovpn_client_file.py#L57
Jun 28 2024
Jun 28 2024
The correct pass options without "
set interfaces openvpn vtun20 encryption ncp-ciphers 'aes256' set interfaces openvpn vtun20 hash 'sha512' set interfaces openvpn vtun20 mode 'server' set interfaces openvpn vtun20 openvpn-option 'push keepalive 1 10' set interfaces openvpn vtun20 server subnet '10.10.2.0/24' set interfaces openvpn vtun20 server topology 'subnet' set interfaces openvpn vtun20 tls ca-certificate 'ca' set interfaces openvpn vtun20 tls certificate 'cert' set interfaces openvpn vtun20 tls dh-params 'dh'
Viacheslav changed the status of T6522: OpenVPN-options does not pass the quotes anymore from Open to In progress.
Viacheslav added a comment to T6360: CGNAT add the ability to exclude (bypass) the translations for specific destinations.
This could be achieved with conntrack ignore
set system conntrack ignore ipv4 rule 10 destination address '100.64.0.0/28'
Viacheslav moved T5359: VyOS user/pass remains in config from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav closed T5359: VyOS user/pass remains in config, a subtask of T5907: cloud-init root task for 1.5 and 1.4 , as Not Applicable.
vyos-vm-images has been archived
Viacheslav changed the status of T5933: Unable to commit BGP config with unnumbered neighbour from Open to Needs reporter action.
Provide the set of commands to reproduce
Still bug, the original config in the top of the task
vyos@r4# run show conf com | match "nat "
set nat source rule 100 destination port '5000-8000'
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 protocol 'tcp'
set nat source rule 100 source address '10.0.0.0/24'
set nat source rule 100 translation address 'masquerade'
[edit]
vyos@r4#
[edit]
vyos@r4# run show nat source rules
Rule Source Destination Proto Out-Int Translation
------ ----------- ----------------------------- ------- --------- -------------
100 10.0.0.0/24 0.0.0.0/0 IP eth0 masquerade
sport any dport {'range': [5000, 8000]}
[edit]
vyos@r4#
[edit]
vyos@r4#
[edit]
vyos@r4# run show ver
Version: VyOS 1.5-rolling-202406260020
Release train: current
Release flavor: genericViacheslav changed the status of T6388: Use OCaml 4.14 for CI builds from Open to Needs reporter action.
We have ENV OCAML_VERSION 4.14.2 for both, @dmbaturin. Can we close it, or will you do an update to 5.0?
Viacheslav moved T6385: interrupting rollback with Ctrl-C displays an exception trace from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T6387: Bump conntrack to version 1:1.4.7-1 from Open to Finished on the VyOS 1.5 Circinus board.
Not actual
vyos@r4:~$ show version all | match conntrack ii conntrack 1:1.4.7-1+b2 amd64 Program to modify the conntrack tables ii conntrackd 1:1.4.7-1+b2 amd64 Connection tracking daemon ii libnetfilter-conntrack3:amd64 1.0.9-1 amd64 Netfilter netlink-conntrack library vyos@r4:~$ vyos@r4:~$ show version Version: VyOS 1.5-rolling-202406260020 Release train: current Release flavor: generic
Viacheslav added a comment to T6526: hardware flowtables not working on supposedly supported hardware.
Try native nft commands for offload and check what it says.
# cat /tmp/offload.nft
Jun 27 2024
Jun 27 2024
Viacheslav triaged T6523: Error: "nft table ip vyos_filter not found" when commiting prometheus-client as Low priority.
Viacheslav added a comment to T6523: Error: "nft table ip vyos_filter not found" when commiting prometheus-client.
Do you have a firewall?
If not, it is expected error
Which exectly config it generates?
Based on this code should work https://github.com/vyos/vyos-1x/blob/b3b1d59d86af510c454da446f013b514389f5c7f/src/conf_mode/interfaces_openvpn.py#L683
Viacheslav triaged T6520: update vyos-1x workkflow package-smoketest permission for adding comment as Normal priority.
Jun 26 2024
Jun 26 2024
Viacheslav closed T6412: CGNAT allocation calculation may sometimes be incorrect, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, as Resolved.
Jun 25 2024
Jun 25 2024
Viacheslav triaged T6516: ISIS - advertise-passive-only not install route in the RIB as Normal priority.
PR https://github.com/vyos/vyos-1x/pull/3720
set service monitoring telegraf loki url 'http://localhost' set service monitoring telegraf loki metric-name-label 'r123'
@Vijayakumar This package is deprecated as per https://vyos.dev/T6507
Jun 24 2024
Jun 24 2024
Viacheslav changed the status of T5735: Add CLI and configuration scripts for stunnel, a subtask of T4783: Add support for stunnel, from Open to Needs testing.
Viacheslav changed the status of T5735: Add CLI and configuration scripts for stunnel from Open to Needs testing.
The no-verify options exists
vyos@vyos# set load-balancing reverse-proxy backend bk01 ssl Possible completions: ca-certificate Certificate Authority in PKI configuration no-verify Do not attempt to verify SSL certificates for backend servers
Added in the T6242
Jun 22 2024
Jun 22 2024
Jun 21 2024
Jun 21 2024
Viacheslav changed the status of T6488: Firewall op mode output incomplete from In progress to Needs testing.
Viacheslav added a comment to T6502: Load balancer reverse proxy does not allow forwarding SSH port.
Provide a minimal example of configuration (set commands) to reproduce.
Viacheslav triaged T6506: Add a linting rule for checking executable bits on scripts as Normal priority.
Jun 20 2024
Jun 20 2024
Jun 19 2024
Jun 19 2024
Works fine:
set load-balancing reverse-proxy backend bk01 server srv01 address '192.168.122.16' set load-balancing reverse-proxy backend bk01 server srv01 port '22' set load-balancing reverse-proxy service ssh backend 'bk01' set load-balancing reverse-proxy service ssh mode 'tcp' set load-balancing reverse-proxy service ssh port '22' set service ssh disable-host-validation set service ssh port '2222'
Viacheslav triaged T6502: Load balancer reverse proxy does not allow forwarding SSH port as Normal priority.
Viacheslav changed the status of T6497: CGNAT conntrack connections should be deleted if address or port range is changed, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, from Open to In progress.
Viacheslav changed the status of T6497: CGNAT conntrack connections should be deleted if address or port range is changed from Open to In progress.
Viacheslav triaged T6500: openconnect: add support for new multi ca-certificate CLI node as Normal priority.
Jun 18 2024
Jun 18 2024
Viacheslav triaged T6497: CGNAT conntrack connections should be deleted if address or port range is changed as Wishlist priority.
Jun 17 2024
Jun 17 2024
Jun 14 2024
Jun 14 2024
Viacheslav triaged T6486: Generate openvpn client-config ignores configured protocol type as Normal priority.
Jun 13 2024
Jun 13 2024
Viacheslav renamed T6482: LLDP shows description instead of remote port from LLDP shows description instread of remote port to LLDP shows description instead of remote port.
Viacheslav moved T6403: nat64 input validation required from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav triaged T6478: Allow OpenVPN to reload clients' configs without service restart as Normal priority.
Jun 12 2024
Jun 12 2024
@nvollmar Do you want to claim the task?