Confirmed fixed and working in 1.3.0-rc6
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 10 2021
Sep 10 2021
dmbaturin renamed T166: NPTv6 is broken in the rolling release 999.201609170235 from NPTv6 is broken to NPTv6 is broken in the rolling release 999.201609170235 .
dmbaturin edited projects for T149: IPv6 support in OpenVPN tunnel, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
dmbaturin removed a project from T103: DHCP server prepends shared network name to hostnames: VyOS 1.3 Equuleus.
dmbaturin edited projects for T56: Add pkcs11 support to OpenVPN interfaces, added: Invalid; removed VyOS 1.3 Equuleus.
dmbaturin edited projects for T50: Better support for tcp-mss, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
dmbaturin renamed T41: Include bgpq3 for BGP policy creation from Feature Request: Include bgpq3 for BGP policy creation to Include bgpq3 for BGP policy creation.
dmbaturin edited projects for T31: Add VRF support, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
dmbaturin edited projects for T20: duplicate address detection, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
Sep 9 2021
Sep 9 2021
GitHub <noreply@github.com> committed rVYOSONEX6bf2d436a784: op-mode: wireguard rename "preshared-key" -> "pre-shared-key" (authored by c-po).
Will be fixed in tomorrows rolling - thanks for reporting this.
Viacheslav renamed T3810: webproxy squidguard rules don't work properly after rewriting to python. from webproxy squidguard rules doesn't work properly to webproxy squidguard rules don't work properly after rewriting to python. .
c-po moved T3817: PKI: add "import" keyword when in "configure" mode from Open to Backlog on the VyOS 1.4 Sagitta board.
c-po added a comment to T3815: pki : the file command 'generate pki wireguard key-pair file' is not working.
cpo@LR1.wue3:~$ generate pki wireguard key-pair file test Private key: QG039BeDoy2MXKxQwFRhYYea7B50crYvZ1RUn+N0c3A= Public key: iXVG4GSHc0O7NHgX47DhhNO/WWSTZS83/eF2z4GHYSE= File written to /config/auth/test_public.key File written to /config/auth/test_private.key
dmbaturin renamed T2738: Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization from VRRP lock configuration and High CPU utilization. to Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization.
c-po moved T3816: Error after entering outbound-interface command in NAT from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po changed the status of T3816: Error after entering outbound-interface command in NAT from Open to In progress.
amxj9 added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.
Sorry, I haven;t managed to test yet, due to some configuration migration errors leaving me unable to login. Will comment once I've confirmed though, most likely tomorrow.
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Unknown Object (User) added a comment to T2326: Migrate NHRP(DMVPN) to FRR.
Cisco Auth is a necessity for those who want to migrate from this vendor's hardware to VyOS. You can easily add a VyOS node to an existing DMVPN.
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
c-po edited a custom field on T3814: wireguard: commit error showing incorrect peer name from the configured name.
Thanks, I got it working now.
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
c-po moved T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface from Need Triage to 1.3.0-epa1 on the VyOS 1.3 Equuleus board.
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
c-po moved T3814: wireguard: commit error showing incorrect peer name from the configured name from Open to In Progress on the VyOS 1.4 Sagitta board.
Your problem is that this is not a CA certificate, it's the servers certificate.
Sep 8 2021
Sep 8 2021
Can you share your CAs public cert for testing?
Hello, Sorry, but I tried this I get "Invalid certificate on CA certificate "test"
c-po added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.
A new ISO 1.4-rolling-202109081242 is currently build - you may check in 30 minutes and try if this works for you - it did in my example config.
That would only work if accept_local will be added as proper CLI node on the tunnel interface, or use set system sysctl parameter net.ipv4.conf.default.accept_local value '1'
c-po moved T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface from Open to Finished on the VyOS 1.4 Sagitta board.
c-po changed the status of T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface from Confirmed to Needs testing.
c-po changed the status of T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface from Open to Confirmed.
Viacheslav updated the task description for T3813: Some custom sysctl parameters can't be applied bug.
Viacheslav moved T3786: GRE tunnel source address 0.0.0.0 error from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
amxj9 added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.
Certainly, here it is:
openvpn vtun0 {
authentication {
password ******
username ******
}
encryption {
cipher aes256
}
hash sha512
mode client
openvpn-option fast-io
openvpn-option "remote-cert-tls server"
openvpn-option "resolv-retry infinite"
openvpn-option "pull-filter ignore redirect-gateway"
openvpn-option "tun-mtu 1500"
openvpn-option "tun-mtu-extra 32"
openvpn-option "mssfix 1450"
openvpn-option "comp-lzo no"
openvpn-option "ping-restart 0"
openvpn-option ping-timer-rem
openvpn-option "ping 15"
openvpn-option "reneg-sec 0"
persistent-tunnel
protocol udp
remote-host xxx.xxx.xx.xxx
remote-port 1194
tls {
auth-key ****************
ca-certificate ***************
tls-version-min 1.2
}
}Sep 7 2021
Sep 7 2021
c-po edited projects for T3796: Wireguard interfaces are not shown in op-mode, added: VyOS 1.2 Crux (VyOS 1.2.9); removed VyOS 1.2 Crux.
@absolutesantaja this is definately a bug in the 1.2.9 op-mode commands
c-po added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.
Can you please share a version of your anonymized client configuration?
Are you saying "show interfaces wireguard" is being back-ported to crux 1.2.9 or something? If not then the crux documentation is still wrong.
Note also that nothing here has been backported to 1.3 yet.
The operational command "show interfaces <interface-type> " has been fixed in the latest rolling and equuleus release.
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
amxj9 added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.
Unfortunately not. I reverted my changes and then added:
cap_dac_override,cap_setgid,cap_setuid,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_sys_chroot,cap_audit_write @openvpn
to /etc/security/capability.conf but got the same errors as before (I rebooted to make sure).
dmbaturin added a project to T3808: ipsec is mistakenly restarted after delete: VyOS 1.2 Crux (VyOS 1.2.9).
c-po edited a custom field on T3807: Op Command "show interfaces wireguard" does not show the output.
c-po moved T3807: Op Command "show interfaces wireguard" does not show the output from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3807: Op Command "show interfaces wireguard" does not show the output from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3807: Op Command "show interfaces wireguard" does not show the output from Need Triage to 1.3.0-epa1 on the VyOS 1.3 Equuleus board.