Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Jun 17 2021

Viacheslav created T3633: Add LRO offload for interface ethernet.
Jun 17 2021, 6:05 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Jun 15 2021

Viacheslav added a comment to T3619: Performance Degradation 1.2 --> 1.3 | High ksoftirqd CPU usage.

Flame graph for 1.3-rc4, proxmox/virtio

perf-kernel.png (630×1 px, 111 KB)

Jun 15 2021, 8:50 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav changed the status of T3567: Building Crux from Docker Image failing to download repo index from Confirmed to Needs testing.
Jun 15 2021, 8:10 AM · VyOS 1.2 Crux, vyos-build

Jun 11 2021

Viacheslav closed T3614: Container network name with hyphen fail as Resolved.
Jun 11 2021, 4:34 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3614: Container network name with hyphen fail.

PR https://github.com/vyos/vyos-1x/pull/873

Jun 11 2021, 12:46 PM · VyOS 1.4 Sagitta
Viacheslav claimed T3614: Container network name with hyphen fail.
Jun 11 2021, 12:22 PM · VyOS 1.4 Sagitta
Viacheslav created T3614: Container network name with hyphen fail.
Jun 11 2021, 12:21 PM · VyOS 1.4 Sagitta

Jun 10 2021

Viacheslav added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

@krox2 How should looks like a configuration for many local/remote traffic selectors per one vti interface?

Jun 10 2021, 8:46 PM · VyOS 1.4 Sagitta
Viacheslav awarded T3613: Selectors for route-based IPsec tunnel (vti) a Like token.
Jun 10 2021, 8:37 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T2816: Rewrite IPsec scripts with the new XML/Python approach: T3613: Selectors for route-based IPsec tunnel (vti).
Jun 10 2021, 8:36 PM · VyOS 1.4 Sagitta
Viacheslav added a parent task for T3613: Selectors for route-based IPsec tunnel (vti): T2816: Rewrite IPsec scripts with the new XML/Python approach.
Jun 10 2021, 8:36 PM · VyOS 1.4 Sagitta
Viacheslav closed T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting as Resolved.
Jun 10 2021, 8:16 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav closed T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Jun 10 2021, 8:16 PM · VyOS 1.4 Sagitta
Viacheslav moved T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting from Backport Candidates to Finished on the VyOS 1.3 Equuleus board.
Jun 10 2021, 8:16 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav added a comment to T3567: Building Crux from Docker Image failing to download repo index.

Should be fixed with commit https://github.com/vyos/vyos-build/commit/7905f0d5715bb8da158d09734ba78dc28b2fd4e1

Jun 10 2021, 2:14 PM · VyOS 1.2 Crux, vyos-build
Viacheslav added a comment to T2645: Editing route-map action requires adding a new rule.

I can't reproduce it, VyOS 1.3-beta-202106081558

set policy prefix-list FOO rule 10 action 'permit'
set policy prefix-list FOO rule 10 prefix '0.0.0.0/0'
set policy route-map FOO rule 10 action 'permit'
set policy route-map FOO rule 10 match ip address prefix-list 'FOO'
set policy route-map FOO rule 10 set distance '220'
set policy route-map FOO rule 1000 action 'permit'
Jun 10 2021, 11:55 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav added a comment to T3609: BGP Peer Group Changes Slow.

Commit with such policies:

vyos@r4-1.3# time commit
Jun 10 2021, 11:40 AM · VyOS 1.3 Equuleus (1.3.0)

Jun 9 2021

Viacheslav added a comment to T3610: DHCP-Server creation for not primary IP address fails.

@n.fort You can try to replace True with False there (1.3 and 1.4). But it needs more tests. In some cases, it was some bugs with the DHCP server and not the primary address.
https://github.com/vyos/vyos-1x/blob/5d068442cf7b1863724c83168176ce2940a023fe/src/conf_mode/dhcp_server.py#L237

Jun 9 2021, 6:52 PM · VyOS 1.3 Equuleus (1.3.0-epa3), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.4 Sagitta
Viacheslav added a comment to T3609: BGP Peer Group Changes Slow.

It may be problem with large prefix-lists T2425

Jun 9 2021, 6:11 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3609: BGP Peer Group Changes Slow.

Try to check the same directly in the FRR.

Jun 9 2021, 5:59 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav moved T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus board.
Jun 9 2021, 5:02 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav moved T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
Jun 9 2021, 5:02 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav added a comment to T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting.

VyOS 1.3-beta-202106081558
Works as expected.

Jun  9 19:57:38 r4-1 charon: 13[CFG] no IKE_SA named 'peer-192.0.2.2-tunnel-0' found
Jun  9 19:57:38 r4-1 charon: 14[CFG] received stroke: initiate 'peer-192.0.2.2-tunnel-0'
Jun  9 19:57:38 r4-1 charon: 06[IKE] <peer-192.0.2.2-tunnel-0|4> initiating Main Mode IKE_SA peer-192.0.2.2-tunnel-0[4] to 192.0.2.2
Jun  9 19:57:38 r4-1 charon: 06[ENC] <peer-192.0.2.2-tunnel-0|4> generating ID_PROT request 0 [ SA V V V V V ]
Jun  9 19:57:38 r4-1 charon: 06[NET] <peer-192.0.2.2-tunnel-0|4> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (180 bytes)
Jun  9 19:57:38 r4-1 charon: 07[NET] <peer-192.0.2.2-tunnel-0|4> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (160 bytes)
Jun  9 19:57:38 r4-1 charon: 07[ENC] <peer-192.0.2.2-tunnel-0|4> parsed ID_PROT response 0 [ SA V V V V ]
Jun  9 19:57:38 r4-1 charon: 07[IKE] <peer-192.0.2.2-tunnel-0|4> received XAuth vendor ID
Jun  9 19:57:38 r4-1 charon: 07[IKE] <peer-192.0.2.2-tunnel-0|4> received DPD vendor ID
Jun  9 19:57:38 r4-1 charon: 07[IKE] <peer-192.0.2.2-tunnel-0|4> received FRAGMENTATION vendor ID
Jun  9 19:57:38 r4-1 charon: 07[IKE] <peer-192.0.2.2-tunnel-0|4> received NAT-T (RFC 3947) vendor ID
Jun  9 19:57:38 r4-1 charon: 07[CFG] <peer-192.0.2.2-tunnel-0|4> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jun  9 19:57:38 r4-1 charon: 07[ENC] <peer-192.0.2.2-tunnel-0|4> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jun  9 19:57:38 r4-1 charon: 07[NET] <peer-192.0.2.2-tunnel-0|4> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (244 bytes)
Jun  9 19:57:38 r4-1 charon: 05[NET] <peer-192.0.2.2-tunnel-0|4> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (244 bytes)
Jun  9 19:57:38 r4-1 charon: 05[ENC] <peer-192.0.2.2-tunnel-0|4> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun  9 19:57:38 r4-1 charon: 05[ENC] <peer-192.0.2.2-tunnel-0|4> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Jun  9 19:57:38 r4-1 charon: 05[NET] <peer-192.0.2.2-tunnel-0|4> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (108 bytes)
Jun  9 19:57:38 r4-1 charon: 08[NET] <peer-192.0.2.2-tunnel-0|4> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (76 bytes)
Jun  9 19:57:38 r4-1 charon: 08[ENC] <peer-192.0.2.2-tunnel-0|4> parsed ID_PROT response 0 [ ID HASH ]
Jun  9 19:57:38 r4-1 charon: 08[IKE] <peer-192.0.2.2-tunnel-0|4> IKE_SA peer-192.0.2.2-tunnel-0[4] established between 192.0.2.1[192.0.2.1]...192.0.2.2[192.0.2.2]
Jun  9 19:57:38 r4-1 charon: 08[IKE] <peer-192.0.2.2-tunnel-0|4> scheduling reauthentication in 2524s
Jun  9 19:57:38 r4-1 charon: 08[IKE] <peer-192.0.2.2-tunnel-0|4> maximum IKE_SA lifetime 3064s
Jun  9 19:57:38 r4-1 charon: 08[ENC] <peer-192.0.2.2-tunnel-0|4> generating QUICK_MODE request 364019988 [ HASH SA No KE ID ID ]
Jun  9 19:57:38 r4-1 charon: 08[NET] <peer-192.0.2.2-tunnel-0|4> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (316 bytes)
Jun  9 19:57:38 r4-1 charon: 09[NET] <peer-192.0.2.2-tunnel-0|4> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (316 bytes)
Jun  9 19:57:38 r4-1 charon: 09[ENC] <peer-192.0.2.2-tunnel-0|4> parsed QUICK_MODE response 364019988 [ HASH SA No KE ID ID ]
Jun  9 19:57:38 r4-1 charon: 09[CFG] <peer-192.0.2.2-tunnel-0|4> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
Jun  9 19:57:38 r4-1 charon: 09[IKE] <peer-192.0.2.2-tunnel-0|4> CHILD_SA peer-192.0.2.2-tunnel-0{1} established with SPIs cb0aa83a_i c728156c_o and TS 10.1.0.0/24 === 10.2.3.0/24
Jun  9 19:57:38 r4-1 charon: 09[ENC] <peer-192.0.2.2-tunnel-0|4> generating QUICK_MODE request 364019988 [ HASH ]
Jun  9 19:57:38 r4-1 charon: 09[NET] <peer-192.0.2.2-tunnel-0|4> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (60 bytes)
vyos@r4-1.3:~$
Jun 9 2021, 4:59 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav claimed T2916: A state of VTI interface in a configuration does not being processing properly.
Jun 9 2021, 4:37 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T2855: disabled vti interfaces still working.

Ok it already fixed in 1.3 T2916 and can be migrated to crux

Jun 9 2021, 4:27 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav closed T3602: Renaming BGP Peer Groups Leaves Router Broken, a subtask of T3182: Main blocker Task for FRR 7.4/7.5 series update, as Resolved.
Jun 9 2021, 7:02 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav closed T3602: Renaming BGP Peer Groups Leaves Router Broken as Resolved.
Jun 9 2021, 7:02 AM · VyOS 1.3 Equuleus (1.3.0)

Jun 8 2021

Viacheslav added a comment to T1492: Not able to delete the configured arp-monitor target and interval attribute on VyOS 1.2.0.

It seems Arp monitor not supported in 802.3ad mode

Jun 8 2021, 1:21 PM · VyOS 1.2 Crux
Viacheslav added a comment to T3567: Building Crux from Docker Image failing to download repo index.

It is redirected from

http://archive.repo.saltstack.com/apt/debian/8/amd64/2017.7

to

https://archive.repo.saltproject.io/apt/debian/8/amd64/2017.7
Jun 8 2021, 11:25 AM · VyOS 1.2 Crux, vyos-build
Viacheslav moved T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Jun 8 2021, 10:53 AM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav added a project to T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting: VyOS 1.2 Crux (VyOS 1.2.8).
Jun 8 2021, 10:49 AM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav changed the status of T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to Needs testing.
Jun 8 2021, 9:14 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting from Open to Needs testing.
Jun 8 2021, 9:14 AM · VyOS 1.2 Crux (VyOS 1.2.8)

Jun 7 2021

Viacheslav moved T3289: No description for node "service" conf-mode from Open to Finished on the VyOS 1.4 Sagitta board.
Jun 7 2021, 11:15 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
Viacheslav closed T3455: system users can not be added in "edit" as Resolved.
Jun 7 2021, 11:12 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav changed the status of T3461: OpenConnect Server redundancy check from Unknown Status to Resolved.
Jun 7 2021, 11:10 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav closed T3581: Incomplete command `show ipv6 ospfv3 linkstate` as Resolved.
Jun 7 2021, 11:01 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav created T3606: SNMP unknown notification OID.
Jun 7 2021, 10:37 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting.

PR https://github.com/vyos/vyos-build/pull/169

Jun  8 00:59:20 r1-roll ipsec_starter[2373]: charon (2374) started after 400 ms
Jun  8 00:59:20 r1-roll charon: 05[CFG] received stroke: add connection 'peer-192.0.2.2-tunnel-0'
Jun  8 00:59:20 r1-roll charon: 05[CFG] added configuration 'peer-192.0.2.2-tunnel-0'
Jun  8 00:59:20 r1-roll charon: 07[CFG] received stroke: initiate 'peer-192.0.2.2-tunnel-0'
Jun  8 00:59:20 r1-roll charon: 07[IKE] <peer-192.0.2.2-tunnel-0|1> initiating Main Mode IKE_SA peer-192.0.2.2-tunnel-0[1] to 192.0.2.2
Jun  8 00:59:20 r1-roll charon: 07[ENC] <peer-192.0.2.2-tunnel-0|1> generating ID_PROT request 0 [ SA V V V V V ]
Jun  8 00:59:20 r1-roll charon: 07[NET] <peer-192.0.2.2-tunnel-0|1> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (180 bytes)
Jun  8 00:59:20 r1-roll charon: 09[NET] <peer-192.0.2.2-tunnel-0|1> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (160 bytes)
Jun  8 00:59:20 r1-roll charon: 09[ENC] <peer-192.0.2.2-tunnel-0|1> parsed ID_PROT response 0 [ SA V V V V ]
Jun  8 00:59:20 r1-roll charon: 09[IKE] <peer-192.0.2.2-tunnel-0|1> received XAuth vendor ID
Jun  8 00:59:20 r1-roll charon: 09[IKE] <peer-192.0.2.2-tunnel-0|1> received DPD vendor ID
Jun  8 00:59:20 r1-roll charon: 09[IKE] <peer-192.0.2.2-tunnel-0|1> received FRAGMENTATION vendor ID
Jun  8 00:59:20 r1-roll charon: 09[IKE] <peer-192.0.2.2-tunnel-0|1> received NAT-T (RFC 3947) vendor ID
Jun  8 00:59:20 r1-roll charon: 09[CFG] <peer-192.0.2.2-tunnel-0|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jun  8 00:59:20 r1-roll charon: 09[ENC] <peer-192.0.2.2-tunnel-0|1> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jun  8 00:59:20 r1-roll charon: 09[NET] <peer-192.0.2.2-tunnel-0|1> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (244 bytes)
Jun  8 00:59:20 r1-roll charon: 10[NET] <peer-192.0.2.2-tunnel-0|1> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (244 bytes)
Jun  8 00:59:20 r1-roll charon: 10[ENC] <peer-192.0.2.2-tunnel-0|1> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun  8 00:59:20 r1-roll charon: 10[ENC] <peer-192.0.2.2-tunnel-0|1> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Jun  8 00:59:20 r1-roll charon: 10[NET] <peer-192.0.2.2-tunnel-0|1> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (108 bytes)
Jun  8 00:59:20 r1-roll charon: 11[NET] <peer-192.0.2.2-tunnel-0|1> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (76 bytes)
Jun  8 00:59:20 r1-roll charon: 11[ENC] <peer-192.0.2.2-tunnel-0|1> parsed ID_PROT response 0 [ ID HASH ]
Jun  8 00:59:20 r1-roll charon: 11[IKE] <peer-192.0.2.2-tunnel-0|1> IKE_SA peer-192.0.2.2-tunnel-0[1] established between 192.0.2.1[192.0.2.1]...192.0.2.2[192.0.2.2]
Jun  8 00:59:20 r1-roll charon: 11[IKE] <peer-192.0.2.2-tunnel-0|1> scheduling rekeying in 2720s
Jun  8 00:59:20 r1-roll charon: 11[IKE] <peer-192.0.2.2-tunnel-0|1> maximum IKE_SA lifetime 3260s
Jun  8 00:59:20 r1-roll charon: 11[ENC] <peer-192.0.2.2-tunnel-0|1> generating QUICK_MODE request 3783917425 [ HASH SA No KE ID ID ]
Jun  8 00:59:20 r1-roll charon: 11[NET] <peer-192.0.2.2-tunnel-0|1> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (316 bytes)
Jun  8 00:59:20 r1-roll charon: 12[NET] <peer-192.0.2.2-tunnel-0|1> received packet: from 192.0.2.2[500] to 192.0.2.1[500] (316 bytes)
Jun  8 00:59:20 r1-roll charon: 12[ENC] <peer-192.0.2.2-tunnel-0|1> parsed QUICK_MODE response 3783917425 [ HASH SA No KE ID ID ]
Jun  8 00:59:20 r1-roll charon: 12[CFG] <peer-192.0.2.2-tunnel-0|1> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
Jun  8 00:59:20 r1-roll charon: 12[IKE] <peer-192.0.2.2-tunnel-0|1> CHILD_SA peer-192.0.2.2-tunnel-0{1} established with SPIs c4d940b7_i c9a69e83_o and TS 10.1.0.0/24 === 10.2.3.0/24
Jun  8 00:59:20 r1-roll charon: 12[ENC] <peer-192.0.2.2-tunnel-0|1> generating QUICK_MODE request 3783917425 [ HASH ]
Jun  8 00:59:20 r1-roll charon: 12[NET] <peer-192.0.2.2-tunnel-0|1> sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (60 bytes)
Jun 7 2021, 10:22 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav added a project to T2620: Add ipsec peer-name to log to simplifies grepping and troubleshooting: VyOS 1.4 Sagitta.
Jun 7 2021, 8:50 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav closed T3358: VRRP: Is it necessary to support switches between master and backup with script? as Invalid.

@arvin This functions in all versions of VyOS.

Jun 7 2021, 7:08 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav changed the subtype of T2763: New SNMP resource request - SNMP over TCP from "Task" to "Feature Request".
Jun 7 2021, 6:35 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T2855: disabled vti interfaces still working.

I can't reproduce it in 1.2.7 and VyOS 1.3-beta-202105272051

Jun 7 2021, 6:25 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav added a comment to T3017: bridge will lose the tuntap member after reboots.

@jingyun Can you describe steps on how to reproduce it? Or re-check it.
My test config after reboot works fine

set interfaces bridge br0 member interface tun0
set interfaces tunnel tun0 encapsulation 'gre-bridge'
set interfaces tunnel tun0 local-ip '100.64.0.1'
set interfaces tunnel tun0 remote-ip '100.64.0.254'
Jun 7 2021, 6:08 PM · Invalid
Viacheslav moved T3138: ddclient improperly updated when apply rfc2136 config from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Jun 7 2021, 5:20 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav changed the status of T3602: Renaming BGP Peer Groups Leaves Router Broken, a subtask of T3182: Main blocker Task for FRR 7.4/7.5 series update, from Open to Needs testing.
Jun 7 2021, 4:40 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav changed the status of T3602: Renaming BGP Peer Groups Leaves Router Broken from Open to Needs testing.
Jun 7 2021, 4:40 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav closed T3516: FRR 7.5 adds a second route when you attempt to change a static route distance instead of overwriting the old route, a subtask of T3182: Main blocker Task for FRR 7.4/7.5 series update, as Resolved.
Jun 7 2021, 4:39 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav closed T3516: FRR 7.5 adds a second route when you attempt to change a static route distance instead of overwriting the old route as Resolved.
Jun 7 2021, 4:39 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav claimed T3602: Renaming BGP Peer Groups Leaves Router Broken.
Jun 7 2021, 4:35 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3602: Renaming BGP Peer Groups Leaves Router Broken.

PR https://github.com/vyos/vyatta-cfg-quagga/pull/81

Jun 7 2021, 4:20 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a subtask for T3182: Main blocker Task for FRR 7.4/7.5 series update: T3602: Renaming BGP Peer Groups Leaves Router Broken.
Jun 7 2021, 2:44 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav added a parent task for T3602: Renaming BGP Peer Groups Leaves Router Broken: T3182: Main blocker Task for FRR 7.4/7.5 series update.
Jun 7 2021, 2:44 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3602: Renaming BGP Peer Groups Leaves Router Broken.

https://github.com/vyos/vyatta-cfg-quagga/blob/fef5870b764e6166b639043fadb9317c8a49881d/scripts/bgp/vyatta-bgp.pl#L621-L625
https://github.com/vyos/vyatta-cfg-quagga/blob/fef5870b764e6166b639043fadb9317c8a49881d/scripts/bgp/vyatta-bgp.pl#L802-L806

Jun 7 2021, 2:31 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3579: Rewrite vyatta-conntrack in new XML and Python flavour.

In the crux.

set system conntrack timeout custom rule 10 destination address '203.0.113.74'
set system conntrack timeout custom rule 10 destination port '80'
set system conntrack timeout custom rule 10 protocol tcp established '300'
set system conntrack timeout custom rule 10 source address '192.0.2.168'

commit

vyos@r2-lts# commit
[ system conntrack hash-size 32768 ]
Updated conntrack hash size. This change will take affect when the system is rebooted.
Jun 7 2021, 12:39 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T3505: Commits do not respect changes in FRR that are not stored in a config: T3600: DHCP Interface static route breaks PBR.
Jun 7 2021, 9:17 AM · VyOS 1.4 Sagitta (1.4.0-GA)
Viacheslav added a parent task for T3600: DHCP Interface static route breaks PBR: T3505: Commits do not respect changes in FRR that are not stored in a config.
Jun 7 2021, 9:17 AM · VyOS 1.4 Sagitta

Jun 2 2021

Viacheslav added a comment to T3595: Cannot create new VTI interface.

It seems after that commit
but it is not a root case

Jun 2 2021, 7:54 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T2816: Rewrite IPsec scripts with the new XML/Python approach: T3595: Cannot create new VTI interface.
Jun 2 2021, 7:52 PM · VyOS 1.4 Sagitta
Viacheslav added a parent task for T3595: Cannot create new VTI interface: T2816: Rewrite IPsec scripts with the new XML/Python approach.
Jun 2 2021, 7:52 PM · VyOS 1.4 Sagitta
Viacheslav edited projects for T3595: Cannot create new VTI interface, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
Jun 2 2021, 7:51 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T3597: Add tunnels FOO over UDP (FOU).
Jun 2 2021, 7:33 PM
Viacheslav created T3597: Add tunnels FOO over UDP (FOU).
Jun 2 2021, 5:08 PM

Jun 1 2021

Viacheslav updated the task description for T3592: Set default TTL 64 for tunnels.
Jun 1 2021, 2:45 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav updated the task description for T3592: Set default TTL 64 for tunnels.
Jun 1 2021, 2:37 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav renamed T3594: Disable by default service strongswan-starter from Disable by defaul service strongswan-starter to Disable by default service strongswan-starter.
Jun 1 2021, 1:10 PM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T3594: Disable by default service strongswan-starter from "Task" to "Bug".
Jun 1 2021, 1:10 PM · VyOS 1.4 Sagitta
Viacheslav triaged T3594: Disable by default service strongswan-starter as Normal priority.
Jun 1 2021, 1:09 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3592: Set default TTL 64 for tunnels.

PR https://github.com/vyos/vyos-1x/pull/861

Jun 1 2021, 12:01 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav added a comment to T842: Adopt VyOS CLI to latest StrongSwan options and deprecated Keywords.

Note
ipsec-interface not deprecated. This option needed.

set vpn ipsec ipsec-interfaces interface 'eth1'
Jun 1 2021, 10:17 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.

https://phabricator.vyos.net/T842

Jun 1 2021, 10:13 AM · VyOS 1.4 Sagitta
Viacheslav created T3592: Set default TTL 64 for tunnels.
Jun 1 2021, 10:04 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav closed T406: VPN configuration error: IPv6 over IPv4 IPsec is not supported when using IPv6 ONLY tunnel., a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Jun 1 2021, 8:51 AM · VyOS 1.4 Sagitta
Viacheslav closed T406: VPN configuration error: IPv6 over IPv4 IPsec is not supported when using IPv6 ONLY tunnel. as Resolved.
set vpn ipsec esp-group ESP-GRP compression 'disable'
set vpn ipsec esp-group ESP-GRP lifetime '1800'
set vpn ipsec esp-group ESP-GRP mode 'tunnel'
set vpn ipsec esp-group ESP-GRP pfs 'enable'
set vpn ipsec esp-group ESP-GRP proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-GRP proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-GRP ikev2-reauth 'no'
set vpn ipsec ike-group IKE-GRP key-exchange 'ikev1'
set vpn ipsec ike-group IKE-GRP lifetime '3600'
set vpn ipsec ike-group IKE-GRP proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-GRP proposal 1 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 authentication pre-shared-secret 'SeCrEt'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 connection-type 'respond'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 ike-group 'IKE-GRP'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 local-address 'c01d:c01a:cafe::2'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 0 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 0 allow-public-networks 'disable'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 0 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 0 local prefix '2001:db7::/64'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 0 remote prefix '2001:db8::/64'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 1 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 1 allow-public-networks 'disable'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 1 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 1 local prefix '10.2.3.0/24'
set vpn ipsec site-to-site peer c01d:c01a:cafe::1 tunnel 1 remote prefix '10.1.0.0/24'
Jun 1 2021, 8:51 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
Viacheslav renamed T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan from IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in stringSwan to IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.
Jun 1 2021, 7:08 AM · VyOS 1.4 Sagitta

May 31 2021

Viacheslav added a comment to T3591: OpenVPN with/without VRF not working (NordVPN).

@mTx87 Do you have a working example in Linux?
Maybe it also needs OpenVPN >= 2.5.0
https://blog.sdn.clinic/2018/12/openvpn-and-vrfs/

May 31 2021, 8:07 PM · VyOS 1.4 Sagitta

May 29 2021

Viacheslav added a comment to T1200: SNMP GET broken at least for BGP4-MIB.
root@r2-lts:/home/vyos# snmpget -v 2c -c public 192.168.122.11 IF-MIB::ifAdminStatus.1
IF-MIB::ifAdminStatus.1 = INTEGER: up(1)
May 29 2021, 11:10 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.6)

May 27 2021

Viacheslav closed T1905: Update to Keepalived 2.0.19 as Resolved.

Fixed in T3540
https://phabricator.vyos.net/R3:3652b3fd8eb7b4e5134906aa1c3aba2a35d293ca

May 27 2021, 12:14 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav changed the status of T1976: deleting address-family under neighbor will disable neighbor from Needs testing to Confirmed.
May 27 2021, 12:04 PM · VyOS 1.3 Equuleus (1.3.7), test
Viacheslav added a comment to T1976: deleting address-family under neighbor will disable neighbor.

The reason it such script https://github.com/vyos/vyatta-cfg-quagga/blob/d962ef0f2c15333411e719f7d1b02dd7575ebdee/scripts/bgp/vyatta-bgp.pl#L385
That do

router bgp xxx
 address-family ipv4 unicast 
 no neighbor x.x.x.x activate
May 27 2021, 11:49 AM · VyOS 1.3 Equuleus (1.3.7), test
Viacheslav added a subtask for T2199: Rewrite firewall in new XML/Python style: T2045: Can't commit due to with the same name, but different firewall groups types.
May 27 2021, 11:05 AM · VyOS 1.4 Sagitta (1.4.0-epa2)
Viacheslav added a parent task for T2045: Can't commit due to with the same name, but different firewall groups types: T2199: Rewrite firewall in new XML/Python style.
May 27 2021, 11:05 AM · VyOS 1.3 Equuleus (1.3.6)
Viacheslav closed T2512: vyatta-op-quagga [show ip] to XML format, a subtask of T2511: Migrate vyatta-op-quagga to new XML format, as Resolved.
May 27 2021, 10:32 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
Viacheslav closed T2512: vyatta-op-quagga [show ip] to XML format as Resolved.
May 27 2021, 10:32 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav closed T2617: Rewrite vyatta-op-quagga "show" to XML, a subtask of T2546: The root task for rewriting [op-mode] to XML, as Resolved.
May 27 2021, 10:20 AM · VyOS 1.3 Equuleus (1.3.6)
Viacheslav closed T2617: Rewrite vyatta-op-quagga "show" to XML as Resolved.
May 27 2021, 10:20 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav closed T2629: VXLAN interfaces don't actually allow you to configure most settings as Resolved.
May 27 2021, 9:58 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a project to T2669: DHCP-server overlapping ranges.: VyOS 1.4 Sagitta.
May 27 2021, 8:49 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav added a comment to T3561: router-advert: support advertising specific routes.
May 27 2021, 8:12 AM · VyOS 1.4 Sagitta
Viacheslav closed T3561: router-advert: support advertising specific routes as Resolved.
May 27 2021, 8:11 AM · VyOS 1.4 Sagitta

May 26 2021

Viacheslav added a comment to T3383: BGP IPv6 neighbor statements configuration not normalized..

FRR doing normalization for ipv6

May 26 2021, 7:06 PM
Viacheslav added a subtask for T2199: Rewrite firewall in new XML/Python style: T3390: Expansion of a range in an address-group doesn't include the new addresses after commit.
May 26 2021, 6:22 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
Viacheslav added a parent task for T3390: Expansion of a range in an address-group doesn't include the new addresses after commit: T2199: Rewrite firewall in new XML/Python style.
May 26 2021, 6:22 PM · VyOS 1.3 Equuleus (1.3.5)
Viacheslav added a comment to T3421: MTR/Traceroute broken in 1.3-beta.

Possible was fixed in that task T3502

May 26 2021, 6:17 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3553: OSPFv3 redistribute configuration remains in frr running config after removal.

https://community.vyos.net/get/snapshots/

May 26 2021, 4:21 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
Viacheslav added a comment to T3527: Sometimes installing of static routes failes.

Unfortunately, I can't reproduce it.
Also, all smoke test for static routes looks good.

May 26 2021, 4:16 PM
Viacheslav closed T3558: autocomplete options for dhcp-interface is not showing for the static route command as Resolved.
vyos@r4-1.3# set protocols static route 192.0.2.0/24 dhcp-interface 
Possible completions:
   <text>       DHCP interface name
   eth0         
   eth1         
   lo
May 26 2021, 4:03 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3536: Unable to list all available routes.

@olofl Add please a separate task for JSON.

May 26 2021, 3:58 PM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
Viacheslav added a comment to T3546: Add support for running scripts on PPPoE server session events.

As I understand the needed section

[pppd-compat]
verbose=1
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
#ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
#fork-limit=16
May 26 2021, 3:52 PM · VyOS 1.3 Equuleus (1.3.4)
Viacheslav added a subtask for T2199: Rewrite firewall in new XML/Python style: T3560: Ability to create groups of MAC addresses.
May 26 2021, 3:45 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
First
Prev
Next