Pull request: https://github.com/vyos/vyos-1x/pull/1010
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 19 2021
Sep 19 2021
c-po moved T3641: Upgrade base system from Debian Buster -> Debian Bullseye from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T1210: About IKEv2 IPSec VPN remote access from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3814: wireguard: commit error showing incorrect peer name from the configured name from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3745: op-mode IPSec show vpn ipse sa sorting from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3773: Delete the "show system integrity" command (to prepare for a re-implementation) from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3757: OSPF: add support to configure the area at an interface level from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3772: VRRP virtual interfaces are not shown in show interfaces from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3776: Rename FRR daemon restart op-mode commands from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3775: Typo in generated Strongswan VPN-config from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3787: Remove deprecated UDP fragmentation offloading option from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3090: Move 'adjust-mss' firewall options to the interface section. from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3739: policy: route-map: add EVPN match support from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3782: Ingress Shaping with IFB No Longer Functional with 1.3 from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3764: Unconfigurable IKE and ESP lifetime from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3765: container: additional op-mode commands from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3752: generate pki certificate file xxx doesn't touch file from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3759: [L3VPN] VPNv4/VPNv6 add commands from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3798: bgp: add support for "neighbor <X> local-as replace-as" option from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3789: Add custom validator for base64 encoded CLI data from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3794: MACsec interfaces in down state after create from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3797: show interface errors with vrrp configuration from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3804: cli: Migrate and merge "system name-servers-dhcp" into "system name-server" from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3809: Not possible to add existing ca? from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3812: Vyos and frr route-map config out of sync from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3275: Disable conntrack helpers by default from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3815: pki : the file command 'generate pki wireguard key-pair file' is not working from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3802: Commit fails if ethernet interface doesn't support flow control from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T2947: Nat translation many-many with prefix does not map 1-1. from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0 from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3838: dhcp-server - sync cli for name-servers to other subsystems from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3840: dns forwarding: Cache size should allow values > 10k from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3840: dns forwarding: Cache size should allow values > 10k from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3837: OpenConnect: Fix typo in help property from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3840: dns forwarding: Cache size should allow values > 10k from Need Triage to 1.3.0-epa1 on the VyOS 1.3 Equuleus board.
c-po moved T3837: OpenConnect: Fix typo in help property from Need Triage to 1.3.0-epa1 on the VyOS 1.3 Equuleus board.
GitHub <noreply@github.com> committed rVYOSONEX8043764dd236: Merge pull request #1010 from lucasec/dns-fw-cache-size (authored by c-po).
Sep 18 2021
Sep 18 2021
I'm clearly missing something. I cannot make the configuration as shown by @c-po. If I try to add a 2nd static route, it replaces the first.
GitHub <noreply@github.com> committed rVYOSONEX3779b32b58eb: Merge pull request #1009 from phoenix0984/equuleus (authored by c-po).
c-po updated the task description for T3838: dhcp-server - sync cli for name-servers to other subsystems.
c-po changed the status of T3838: dhcp-server - sync cli for name-servers to other subsystems from Open to Confirmed.
The following CLI
cpo@LR1.wue3# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 194.145.150.0/24 {
next-hop 1.1.1.1
}
static-route 194.145.151.0/24 {
router 1.1.1.1
}
}
}c-po changed the status of T1968: Allow multiple static routes in dhcp-server from Open to In progress.
c-po added a comment to T2738: Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization.
Enabling debugging gives me:
edofullin added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.
Are there updates on this issue?
c-po added a comment to T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Related/Duplicate issue of T3680
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy added a comment to T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
It's worth adding the no-default-route to the dhcp-options and adding a line like
kroy renamed T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway from Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 gateway to Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy renamed T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway from Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 route to Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 gateway.
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy changed Version from 1.4-rolling- to 1.4-rolling-202109160207 on T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 17 2021
Sep 17 2021
c-po added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.
Thank you for testing!
GitHub <noreply@github.com> committed rVYOSONEX4f8ebdd1d644: Merge pull request #1007 from erkin/current (authored by c-po).
UnicronNL changed the status of T3834: [OPENVPN] Support for Two Factor Authentication totp. from Open to In progress.
Something about commands is meddling with strip-private. I'm looking into it.
Now this is quite strange....
$ echo '2001:1578:2fe:fffd::/64' | strip-private xxxx:xxxx:2fe:fffd::/64
erkin changed the status of T3823: strip-private does not filter public IPv6 addresses from Open to In progress.
lucasec added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.
Tested on latest build VyOS 1.4-rolling-202109160217 and confirmed it is adding the remote id attribute by default as expected. Connections establish without issue.
Sep 16 2021
Sep 16 2021
Curl checks come back with:
root@vyos:/tmp# curl 169.254.169.254/latest/meta-data ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname instance-action instance-id instance-type local-hostname local-ipv4 placement/ public-hostname public-ipv4 public-keys/ reservation-id security-groups
sempervictus renamed T3833: Cloud-init not finding data source in OpenStack from Cloud-init not inding data source in OpenStack to Cloud-init not finding data source in OpenStack.
Viacheslav changed the status of T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0 from Open to Confirmed.
xfrm if_id should not be 0
Sep 15 2021
Sep 15 2021
c-po changed the status of T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified from Open to Needs testing.