@mbailey Can you check it in 1.3.0-rc6?
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 7 2021
Sep 7 2021
Same happens to other op-mode commands:
Viacheslav moved T1894: FRR config not loaded after daemons segfault or restart from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Viacheslav closed T1894: FRR config not loaded after daemons segfault or restart, a subtask of T3217: Save FRR configuration on each commit, as Resolved.
Fixed in T3217
Viacheslav moved T3217: Save FRR configuration on each commit from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Viacheslav moved T3217: Save FRR configuration on each commit from In Progress to Finished on the VyOS 1.4 Sagitta board.
please refer to the PKI documentation at https://docs.vyos.io/en/latest/configuration/pki/index.html or https://blog.vyos.io/pki-and-ipsec-ikev2-remote-access-vpn about how the PKI feature is used.
c-po committed rVYOSONEXd9f20383323a: login: T971 allow quoting in public-keys options (authored by plett).
You don't need line like "begin|end"
For example
set pki ca openvpn_vtun10 certificate 'MIIDSzCCAjOgAwIBAgIUEtkjCVKmZCwUeYLenoznpkxMeZswQ=='
I tested it on ESXi
May I ask whether the vulnerability report should be made public here or submitted to which mailbox? Will a PGP public key be provided to encrypt sensitive information?
Sep 6 2021
Sep 6 2021
It seems some bug in KVM.
I still see this bug
VyOS 1.3.0-rc6 config
vyos@r4-1.3# run show conf com | match mac set interfaces macsec macsec1 address '10.0.0.2/30' set interfaces macsec macsec1 security cipher 'gcm-aes-128' set interfaces macsec macsec1 security encrypt set interfaces macsec macsec1 security mka cak 'f42e15acecc0c1634582bdd32429efdf' set interfaces macsec macsec1 security mka ckn '0ef5ebf77ba031e45ad270e9f80c804d500a2649789db1c87b751114f329e032' set interfaces macsec macsec1 source-interface 'eth1'
Viacheslav closed T2920: Commit crash when adding the second mGRE tunnel with the same key as Resolved.
jestabro moved T3808: ipsec is mistakenly restarted after delete from Need Triage to In Progress on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
GitHub <noreply@github.com> committed rVYOSONEXe1422069475d: Merge pull request #999 from sever-sever/T2920-equ (authored by c-po).
jestabro changed the status of T3808: ipsec is mistakenly restarted after delete from Open to Confirmed.
Works as designed. Note that the MACSec interface will only change its state to u/u after a successful key-exchange.
c-po moved T3800: DHCPv6 client get incorrect mask /128 from Open to In Progress on the VyOS 1.4 Sagitta board.
c-po moved T3803: Add source-address option to the ping CLI from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3803: Add source-address option to the ping CLI from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3806: Don't set link local ipv6 address if MTU less then 1280 from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3806: Don't set link local ipv6 address if MTU less then 1280 from Open to Finished on the VyOS 1.4 Sagitta board.
@kroy Did you get it with any other rc versions?
c-po changed the status of T3806: Don't set link local ipv6 address if MTU less then 1280 from Open to In progress.
Viacheslav added a comment to T2920: Commit crash when adding the second mGRE tunnel with the same key.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/999
Viacheslav added a project to T3806: Don't set link local ipv6 address if MTU less then 1280: VyOS 1.4 Sagitta.
c-po added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.
Does it work if you grand the capabilities to the openvpn group in /etc/security/capability.conf?
c-po committed rVYOSONEX591eee82296b: T3803: add source-address option to the op mode ping CLI. (authored by dmbaturin).
When there is an example for operator rest api commands I could add some functionality.
But the architecture for such operations should be provided by someone who is deeper involved in the vyos roadmap.
jestabro committed rVYOSONEX424c08b6a871: https: T2230: only support TLS1.2 and TLS1.3 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX90b9eeacfb62: Merge pull request #997 from c-po/nginx-tls-12-13 (authored by jestabro).
Required migration script to set commands to proper AFI.
Viacheslav added a comment to T3191: PAM RADIUS freezing when accounting does not configured on RADIUS server.
Maybe disable sent "accounting messages" by default and enable it as a configuration option explicitly?
Viacheslav edited projects for T3396: syslog can't be configured with an ipv6 literal destination in 1.2.x, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
GitHub <noreply@github.com> committed rVYOSONEX5ea56643b9c7: Merge pull request #998 from sever-sever/T3396-equ (authored by c-po).
Fixed VyOS 1.3-beta-202109060342
set interfaces ethernet eth0 redirect 'ifb0' set interfaces input ifb0 traffic-policy out 'MY-INGRESS-SHAPING' set traffic-policy shaper MY-INGRESS-SHAPING bandwidth '1000kbit' set traffic-policy shaper MY-INGRESS-SHAPING default bandwidth '1000kbit' set traffic-policy shaper MY-INGRESS-SHAPING default queue-type 'fair-queue'
Viacheslav moved T3396: syslog can't be configured with an ipv6 literal destination in 1.2.x from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T3396: syslog can't be configured with an ipv6 literal destination in 1.2.x.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/998
@francis Can you check 1.3.0-rc6?
Viacheslav moved T3431: Show version all bug from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
Viacheslav moved T3431: Show version all bug from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
Viacheslav edited projects for T3431: Show version all bug, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
We tested this on 1.4-rolling-202103040218 on our router, unfortunately as this is a production device I couldn't spend long diagnosing this. After upgrading the system image the device didn't come back up (I have layer 2 connectivity to the device via a VLAN on eth1 normally). So I logged in via our serial console and did a show interfaces
Viacheslav moved T3643: show vpn ipsec sa doesn't show tunnels in "down" state from Open to Finished on the VyOS 1.4 Sagitta board.
If to use modified Regex --regex \'^((eth|lan)[0-9]+|(eth)[0-9]v.+|(eno|ens|enp|enx).+)$\'
https://github.com/vyos/vyos-1x/blob/10814c4d3360598262e991e4b20768dfcde91d75/interface-definitions/interfaces-ethernet.xml.in#L17
Fixed VyOS 1.3-beta-202109060342, VyOS 1.4-rolling-202109060217
vyos@r4-1.3:~$ show conf com | match lldp set service lldp interface all
Sep 5 2021
Sep 5 2021
syncer moved T3790: Does not possible to configure PPTP static ip-address to users from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T1176: FRR - BGP replicating routes from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T1350: VRRP transition script will be executed once only from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T2161: snmpd cannot start if ipv6 disabled from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T2328: dhcpv6 server not starting (disable check reversed?) from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T2430: cannot delete specific route static next-hop from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T2432: dhcpd: Can't create new lease file: Permission denied from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T2525: OSPFv3 missing route map, not establishing from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3601: Error in ssh keys for vmware cloud-init if ssh keys is left empty. from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3634: Add op command option for ping for do not fragment bit to be set from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3574: Add constraintGroup for combining validators with logical AND from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T2931: Unicode decode error causes vyos.configd service to restart from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T2727: Add a dotted decimal value validator from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.