@Dataforce @fetzerms
ip rule "from" already in CLI T439
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Nov 22 2020
Nov 22 2020
Okay, then I can merge this service into NAT66
That we can deal with later on when it‘s needed
@pasik Can you check if it solves your expectation?
I can consider migrating to the implementation of nat66, but I'm not sure if there is a case where the nat66 feature does not need to be enabled, but NDP proxy needs to be enabled
I still have the opinion that NDP proxy should be automatically configured when configuring nat66 as by then all interfaces and directions of the translation are known and the user must not configure any additional daemon.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02, a subtask of T3060: OpenVPN virtual interface not coming up after upgrade, from In progress to Needs testing.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02, a subtask of T3081: get_config_dict() does not honor whitespaces in the CLI values field, from In progress to Needs testing.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02 from In progress to Needs testing.
c-po updated the task description for T3081: get_config_dict() does not honor whitespaces in the CLI values field.
c-po updated subscribers of T3081: get_config_dict() does not honor whitespaces in the CLI values field.
c-po updated the task description for T3081: get_config_dict() does not honor whitespaces in the CLI values field.
c-po changed the status of T3081: get_config_dict() does not honor whitespaces in the CLI values field from Open to Confirmed.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02, a subtask of T3060: OpenVPN virtual interface not coming up after upgrade, from Open to In progress.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02 from Open to In progress.
Nov 21 2020
Nov 21 2020
syncer moved T3035: Allow IPv4 over IPv6 IPsec and vice versa from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved T3035: Allow IPv4 over IPv6 IPsec and vice versa from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.
syncer changed the status of T3035: Allow IPv4 over IPv6 IPsec and vice versa from Open to Needs testing.
syncer changed the subtype of T3035: Allow IPv4 over IPv6 IPsec and vice versa from "Task" to "Enhancement".
Thanks, works now.
@danielpo thanks foe the config. A new rolling containig a fix for this issue was just published. A smoketest will be added today to ensure this wont happen again.
jack9603301 moved T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge from In Progress to Finished on the VyOS 1.3 Equuleus board.
jack9603301 closed T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX9b8e3d83e9cf: bridge: T3079: bugfix on VLAN 1 is deleted in VLAN-aware bridges (authored by jack9603301).
jack9603301 added a comment to T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge.
jack9603301 changed Is it a breaking change? from none to compatible on T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge.
jack9603301 moved T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
jack9603301 changed the status of T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge from Open to In progress.
Nov 20 2020
Nov 20 2020
authentication {
password xxxx
username xxxxx
}
device-type tun
encryption {
cipher aes256
}
firewall {
in {
ipv6-name DENYv6_IN
name DENY_IN
}
local {
ipv6-name DENYv6_IN
name DENY_IN
}
}
hash sha256
mode client
openvpn-option "key-direction 1"
openvpn-option route-nopull
persistent-tunnel
protocol tcp-active
remote-host 1.2.3.4
remote-host 1.2.3.5
remote-port 1195
tls {
ca-cert-file /config/auth/cert.ca
auth-file /config/auth/tls-auth
tls-version-min 1.2
}c-po changed the status of T3078: CLI cleanup: rename "system options" -> "system option" from Open to In progress.
Please show us your config
Now this error appear when trying the latest image:
@dmbaturin @artooro Come on, remember not to forget NAT46
@c-po I am thinking, although it is not possible to incorporate NAT66, whether we can prioritize how to improve and incorporate NDP Proxy
GitHub <noreply@github.com> committed rVYOSONEX8bc6775a692e: Merge pull request #614 from sever-sever/T439 (authored by c-po).
c-po closed T3077: WireGuard: automatically create link-local IPv6 adresses, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.
c-po changed the status of T3077: WireGuard: automatically create link-local IPv6 adresses, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, from Open to In progress.
c-po changed the status of T3077: WireGuard: automatically create link-local IPv6 adresses from Open to In progress.
c-po added a comment to T2997: DHCP: disallow/do-not-request certain options when requesting IP address from server.
DNS domain name servers are always requested from the server but must be explicitly "allowed" by set systems name-servers-dhcp
Running Docker on 1.3 rolling works, but there is no integration with the docker bridge interfaces and docker iptables rules obviously.
My goal was to run Traefik and Pihole and it works so far.
https://gist.github.com/Cremator/183c1a4d24e7812f94ec4bd41f7718b3
c-po closed T3065: Add "interfaces wirelessmodem" IPv6 support, a subtask of T3063: Add support for Huawei LTE Module ME909s-120, as Resolved.
c-po closed T3072: Migrate tunnel interfaces to new get_config_dict() approach, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.
c-po closed T3068: Automatic generation of IPv6 link local addresses for tunnel interfaces, a subtask of T3072: Migrate tunnel interfaces to new get_config_dict() approach, as Resolved.
c-po closed T3068: Automatic generation of IPv6 link local addresses for tunnel interfaces as Resolved.
https://marc.info/?l=dhcp-hackers&m=128755776831463 describes the solution.
Setting ClientName, ClientIp, ClientMac, ClientDomain on release and expire fails, and there's no need for that since they are already known.
Simply removing all "set" commands in the release and expire section fixes this bug and restores the desired behaviour that i.e. the leases are removed from /etc/hosts.
tjh added a comment to T2977: Permissions Denied doing "show conntrack-sync status" on backup router.
I just saw the patch above for how to fix this and yes, with that line changed to sudo it now works correctly.
Thanks!
Nov 19 2020
Nov 19 2020
I have adjust the logic which now sets the interface MAC address before any other parameter. Using the OSI model this makes sense as the MAC layer is below IP.