OK. Minor tweaks - actually wired 'show vpn ipsec sa' to use the pretty-print code, rather than just calling swanctl to get half a page of ugliness.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Sep 3 2017
Sep 3 2017
Ok, sorry about that.
Looks to me that you are mixing up two things. 6rd (Radpid Deployment) is used for ISPs to connect the customers to the IPv6 world (https://en.wikipedia.org/wiki/IPv6_rapid_deployment).
c-po moved T379: UDP Broadcast Packet Relay from In Progress to Finished on the VyOS 1.2 Crux board.
@c-po https://github.com/vyos/vyos-cfg-avahi.git is created, and ci integration is also done.
JulesT added a comment to T374: Different default IKE DH Group behaviour between v1.1.7 and v999 Nightlies.
Yeah, C-po. That doesn't surprise me.
Just added Finished Board for 1.2.x project
we likely will keep all there before include it in some milestone release
@syncer @dmbaturin Pull request ready: https://github.com/vyos/vyos-build/pull/10
c-po moved T380: Add system service fail2ban from Need Triage to In Progress on the VyOS 1.2 Crux board.
Tag VyOS 1.2.x should be removed as CVE is already fixed.
Verified using iOS 10.3.3 accross VLANs. mDNS services like Airplay working.
c-po moved T345: Can't delete vti interface due to incorrect directory name in /proc from Need Triage to In Progress on the VyOS 1.2 Crux board.
c-po changed the status of T345: Can't delete vti interface due to incorrect directory name in /proc from Open to In progress.
c-po moved T370: lldpctl: invalid option 'L' from Need Triage to In Progress on the VyOS 1.2 Crux board.
c-po moved T378: mDNS/bonjour forwarding from Need Triage to In Progress on the VyOS 1.2 Crux board.
c-po moved T379: UDP Broadcast Packet Relay from Need Triage to In Progress on the VyOS 1.2 Crux board.
Sep 2 2017
Sep 2 2017
@UnicronNL could you please mirror https://github.com/c-po/vyos-bcast-relay.git to https://github.com/vyos/vyos-bcast-relay.git and set up a CI job? After this I can submit the appropriate merge requests for vyos-world abd vyos-build.
@UnicronNL could you please mirror https://github.com/c-po/vyos-cfg-avahi.git to https://github.com/vyos/vyos-cfg-avahi.git and set up a CI job? After this I can submit the appropriate merge requests for vyos-world abd vyos-build.
Status can be seen here: https://github.com/c-po/vyos-cfg-avahi
That is not something that we need to choose between,
we keep both, but for environments where users comes from AD, LDAP, Radius, etc.
Actually I like the fact to have the users SSH pub key inside the config. This makes it super handy to just copy/paste a users config entry arround VyOS instances.
This one is partially related to T312 but not only
we had some discussions with @dmbaturin in past about keys
and came across idea that it will be great to keep keys outside of config
UnicronNL closed T270: conntrackd.service is enabled in systemd but conntrackd is started by keepalived as Resolved.
Sep 1 2017
Sep 1 2017
same problem:
https://forum.vyos.net/showthread.php?tid=18134
c-po added a comment to T274: L2TP Server: cant connect from macosx behind nat without some changes to ipsec config.
@syncer This one is fixed/merged and already working in the nightly builds.
c-po added a comment to T374: Different default IKE DH Group behaviour between v1.1.7 and v999 Nightlies.
Just to give some more information.
Aug 31 2017
Aug 31 2017
maybe we can use something like | not-strip-private
for cases when dump should contain all info
strip-private is a bash-pipe function (/etc/bash_completion.d/vyatta-op).
Good objection. This should be avoided!
Aug 30 2017
Aug 30 2017
Can you check this @dmbaturin @UnicronNL
syncer edited projects for T66: IPSec v6 over v6 support, added: VyOS 1.2 Crux; removed VyOS 1.1.x (1.1.8).
Moved to 1.2 as per discussion with @dmbaturin
Aug 30 2017, 9:39 PM · Restricted Project
note: careful when overruling vtysh commands (tt == save?)
@syncer could this change be approved or is anything else missing?
Aug 29 2017
Aug 29 2017
Hi @c-po. Unfortunately I have no access to EdgeOS to offer guidance on this. I will however ask on the VyOS boards since a lot of folks seem to be using them, perhaps one of those folks can offer feedback.
I'll start an investigation after T345.
@c-po do you want to pick up this?
Basically we need to filter out private info by default
currently it possible to do via
To implement remote auth sources we will need to deal with logins
it seems that we need to handle home folder creation for users that doesn´t exist in config
it´s kind of similar how active directory integration work on linux, where home folder for Active Directory user will be created on first login
Only difference that we not limited to AD and will need same for radius/tacacs+/ad
this will allow us start implement remote auth mechanisms
Should be fixed now
During restructuring my IPsec HUB/SPOKES I would have liked this possibility, too.
@babak do you happen to know if this is workong on EdgeOS devices? Then I could extract their implementation.
Aug 28 2017
Aug 28 2017
@UnicronNL please merge when you have time
Awesome :) So It seems that we waited for @c-po all that time to do that :)
@syncer, I integrated your referenced splash.png
using this opportunity we can replace splash M4
that was original plan that i discussed with @UnicronNL and @dmbaturin
but it's never happened as it's not criticl
This is how it would look like:
Right. Pull request merged. I'll make sure that it's all working once it's made it to the nightlies, and then close this one.
Well, I have to ask everybody to double think about the very decision to drop the support for "install system" option.
The point is - when you do "install image" - you just drop known-working OS image file to some directory, and if you want to update the OS, you just drop another one (am I correct here?).
But, If you've installed some custom .deb's on the host, you should re-install them after the OS image is updated, even if you had to install new image because of one-line security fix.
Isn't it the scenario for which all those people in debian have used package manager for decades? Isn't it better to just update one package in installed system?
+1 for removal.
JulesT closed T295: VyOS 1.2 (Beta) doesn't save OpenVpn interface in /config/config.boot file as Resolved.
Yup. Definately not reproducible.
Removed and sent pull request:
https://github.com/vyos/vyatta-cfg-system/pull/59
https://github.com/vyos/vyatta-op/pull/10
UnicronNL edited projects for T366: SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only, added: VyOS 1.2 Crux; removed VyOS 1.1.x.
syncer moved T176: Kernel: CVE-2016-5195 from Need Triage to In Progress on the VyOS 1.2 Crux board.
Fixed in Kernel 4.4.26. VyOS 1.2.x (development) uses 4.4.47.
I just have verified that " LLDP-MED fast start mechanism: yes" is the default after my mentioned commit.
Aug 27 2017
Aug 27 2017
@syncer As this is an option to lldpcli I suggest fixing the above (1) and create a new command (2) for LLDP-MED enable/disable and interval. My current knowledge ov VyOS build/configure currently only allows me to fix (1).
that will be half fix
let me check on all lldpctl
i almost sure that we can add some other things (not sure if anything else missing there)
I can remove -L so it's working again. Should I?
in old version
-L location Enable the transmission of LLDP-MED location TLV for the
given interfaces. Can be repeated to enable the transmission of the location in several formats.
but in new it´s likely moved to lldpctl
for reference: http://manpages.ubuntu.com/manpages/trusty/man8/lldpctl.8.html
syncer closed T278: VyOS Beta, location of 'iw' changed in debian from /usr/sbin/iw to /sbin/iw as Resolved.
@dmbaturin merged it into
Thanks @c-po
c-po added a comment to T278: VyOS Beta, location of 'iw' changed in debian from /usr/sbin/iw to /sbin/iw.
Please see: https://github.com/vyos/vyatta-wireless/pull/6 this should fix the wrong path issue!
syncer changed the edit policy for T278: VyOS Beta, location of 'iw' changed in debian from /usr/sbin/iw to /sbin/iw.
Aug 26 2017
Aug 26 2017
@EwaldvanGeffen pointed another issue in T329
.bash_history content also must be processed (private info must be stripped) before it included
syncer added a comment to T329: add phabricator.vyos.net paste app as valid destination for show tech-support save-uncompressed.
Well is part of show tech-support, output of which must be reviewed,
but i agree
Aug 25 2017
Aug 25 2017
EwaldvanGeffen added a comment to T329: add phabricator.vyos.net paste app as valid destination for show tech-support save-uncompressed.
@syncer not in the config dump, in the bash-history that's included.
syncer added a comment to T329: add phabricator.vyos.net paste app as valid destination for show tech-support save-uncompressed.
@EwaldvanGeffen see T328
EwaldvanGeffen added a comment to T329: add phabricator.vyos.net paste app as valid destination for show tech-support save-uncompressed.
I just noticed your pastes. We need to filter out the set password commands as they will contain plaintext passwords. This could be solved by making the command interactive (it asks for the password to be typed in) similarly to other platforms. There might be other stuff that requires filtering-out history or refactoring.