Tested in VyOS 1.3.0-epa1 & VyOS 1.4-rolling-202109190558
Feed All Stories
Oct 16 2021
Oct 16 2021
Unknown Object (User) added a comment to T3851: Missing ospf and rip options for bridge vifs.
maznu added a comment to T3724: Allow setting host-name in l2tp section of accel-ppp.
https://github.com/vyos/vyos-1x/pull/1028 — though probably needs some tests developed?
Unknown Object (User) added a comment to T3892: BGP Route Reflects to all neighbors when one neighbor has route-reflect-client.
Tested on VyOS 1.3.0-epa1.
Confirm IBGP reflection to non-RR-Client
Lab Topology:
RR1 & RR2 -route reflectors
P 3 - RR-Client for RR1 & RR2
P1 - IBGP peering with RR1 only
OSPF-core router - only for core network
Result: P1 gets P 3 routes fron RR1:
vyos@VyOS-P1:~$ sh ip bgp neighbors 10.0.0.1 received-routes
*> 10.0.0.201/32 10.0.0.3 0 100 100 i
*> 10.0.0.202/32 10.0.0.3 0 100 100 i
*> 192.168.3.0/24 10.0.0.3 0 100 100 i
Oct 15 2021
Oct 15 2021
Viacheslav closed T3613: Selectors for route-based IPsec tunnel (vti), a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Viacheslav changed the status of T3832: Allow to set DHCP client-id in hexadecimal format from In progress to Needs testing.
Viacheslav moved T3676: Container option to add Linux capabilities from Open to Finished on the VyOS 1.4 Sagitta board.
@artooro Will be available in the next rolling release
Let us know, if you want some other capabilities
jcre added a comment to T3514: NIC flap at any interface change.
Sorry for the late reply, I've been waiting for a maintenance window to test this in. Again as this is a production device I only have limited debug info before having to roll back to the working version. I installed 1.4-rolling-202110150613 and on booting show interfaces does indeed show all the interfaces. The igb driver interfaces were showing as up (u/u). The i40e interfaces were showing as down (u/D).
GitHub <noreply@github.com> committed rVYOSONEXa98efc300c45: Merge pull request #1026 from sever-sever/T3832 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX29c57102b78f: Merge pull request #1027 from sever-sever/T3676 (authored by c-po).
Viacheslav added a comment to T3676: Container option to add Linux capabilities.
Viacheslav changed the status of T3676: Container option to add Linux capabilities from Open to In progress.
fernando added a comment to T3892: BGP Route Reflects to all neighbors when one neighbor has route-reflect-client.
In the real-world to avoid it they used cluster-id / a session BGP between them , it's the idea of RR :
Viacheslav moved T3692: VyOS build failing due to repo.saltstack.com from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T3693: ISIS Route redistribution ipv6 support missing from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T876: L2TP/IPSEC Client.
Maybe be added to gether with T1229
Unknown Object (User) added a comment to T3892: BGP Route Reflects to all neighbors when one neighbor has route-reflect-client.
@francis Sorry, I don't understand the problem.
Agree that route received from one IBGP peer should not be forwarded to another IBGP peer. Except for the RR client.
francis added a comment to T3892: BGP Route Reflects to all neighbors when one neighbor has route-reflect-client.
@NikolayP The concern here is solely this: IBGP neighbors that do not have route-reflector-client set should not received learned routes. Currently, they do. If this in intentional, then the docs should be updated to clarify this.
Viacheslav moved T3702: Policy: Allow routing by fwmark from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T3724: Allow setting host-name in l2tp section of accel-ppp.
@maznu Can you create a PR?
Initial bug was Fixed, VyOS 1.4-rolling-202110130217
vyos@r1-roll# compare
[edit container]
+name dns02 {
+ image ubuntu:focal
+ network dnsnet {
+ address 10.0.72.253
+ }
+}
+network dnsnet {
+ prefix 10.0.72.0/24
+}
-network net01 {
- prefix 10.0.72.0/24
-}Unknown Object (User) added a comment to T3892: BGP Route Reflects to all neighbors when one neighbor has route-reflect-client.
If Cluster ID is not used, full IBGP mesh must be used. Exception is RR client, they should only have peering with RR.
Router 10.0.0.21 has no peering with 10.0.0.3.
This is incorrect IBGP design.
c-po added a comment to T3832: Allow to set DHCP client-id in hexadecimal format.
Why not always move to decimal output and detect on demand if colons are present or not and adjust the string? Ne need for the user to take any action at all?
Oct 14 2021
Oct 14 2021
jestabro added a parent task for T3876: Replace vyos-netplug with a VyOS link state monitor service: T3371: Replace netplugd by udev rules.
c-po added a comment to T3801: containers: do not use podman CLI to create container networks.
Yes, closing this ...
Viacheslav added a comment to T3801: containers: do not use podman CLI to create container networks.
@c-po Is it already implemented with commit https://github.com/vyos/vyos-1x/commit/ae2dc55aa68679e828d4bb133fc515172c081d0f ?
Fixed, VyOS 1.4-rolling-202110130217
vyos@r1-roll:~$ show nat source rules Rule Source Translation Outbound Interface ---- ------ ----------- ------------------ 3 192.168.0.0/24 masquerade eth0
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
UnicronNL closed T3908: [CLOUDINIT] if the fqdn has no domain name cloudinit will fail to run as Invalid.
Is a double task, it looks like the package is not update upstream.
jestabro added a comment to T3876: Replace vyos-netplug with a VyOS link state monitor service.
n.fort added a comment to T3907: Firewall - Set log levels.
Maybe, but if the effort is made in order to be able to configure log level, it would be good that it can be set in different levels.
I'm thinking in a mix scenario, where majority of rules may log with info/debug level (for example default accept rules), while other rules may need a warning/error level (some drop rules).
Viacheslav added a comment to T3907: Firewall - Set log levels.
As for me, it should be configured in the global firewall log level, not per rule.
set firewall log-level x
Viacheslav added a comment to T3832: Allow to set DHCP client-id in hexadecimal format.
Viacheslav changed the status of T3832: Allow to set DHCP client-id in hexadecimal format from Open to In progress.
Viacheslav reassigned T3865: loadkey command help text missing escape sequence from Viacheslav to chaya2z.
Viacheslav changed the status of T3865: loadkey command help text missing escape sequence from Open to In progress.
Viacheslav moved T3763: wireguard checks if port already binding from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T3906: [Traffic Control] Invalid Port Configuration Still Commits.
The real bug is it shouldn't allow port-range values as it is not implemented.
Or just add this feature T2798
trae32566 awarded T2798: Allow port range in tc filter a Like token.
SquirePug added a comment to T3896: Extend ocserv support to allow for per-group configs.
For this we create text files as the group-config includes (they contain route and other per group config directives, generally around security).
Oct 13 2021
Oct 13 2021
Georgiy-Tugai awarded T3008: Migrate from ntpd to chronyd a Like token.
Georgiy-Tugai added a comment to T3008: Migrate from ntpd to chronyd.
Does anyone understand the meaning of these performance data? I don’t know the unit of these data
c-po committed rVYOSONEXd4c5e78fc94a: ntp: T3904: Fix NTP pool associations (authored by Georgiy-Tugai).
c-po moved T3904: NTP pool associations silently fail from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa2) board.
c-po moved T3904: NTP pool associations silently fail from Open to Finished on the VyOS 1.4 Sagitta board.
GitHub <noreply@github.com> committed rVYOSONEX4d99d91829fa: Merge pull request #1023 from Georgiy-Tugai/patch-1 (authored by c-po).
FileGo added a comment to T3902: Firewall does not load on boot, address-group not found, even though it exists.
If I change the double-quotes to single-quotes for all the rules in that firewall, I get this (no changes detected):
c-po moved T3277: DNS Forwarding - reverse zones from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa2) board.
c-po moved T3277: DNS Forwarding - reverse zones from Open to Finished on the VyOS 1.4 Sagitta board.
c-po committed rVYOSONEXe84623a1cd28: dns: T3277: DNS Forwarding - reverse zones for RFC1918 addresses (authored by hard).
Oct 12 2021
Oct 12 2021
Viacheslav moved T3868: Regex and/or wildcard not accepted with large-community-list from Open to Finished on the VyOS 1.4 Sagitta board.
@foxbox Will be fixed in the next rolling release.
GitHub <noreply@github.com> committed rVYOSONEX38421c50e9bd: Merge pull request #1025 from sever-sever/T3868 (authored by c-po).
Viacheslav added a comment to T3868: Regex and/or wildcard not accepted with large-community-list.
Hydra166 added a comment to T3891: X550-T2/Possibly other X550/X540 cards no link on VyOS.
Messaged
Viacheslav changed the status of T3868: Regex and/or wildcard not accepted with large-community-list from Open to In progress.
Viacheslav moved T3881: Wrong description for container section restart from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T3478: Radius.
@BiMW Can you re-check it?
Viacheslav closed T3701: ipoe server fails to start when configuring radius dynamic-author on ipoe as Resolved.
Not reproducible, VyOS 1.4-rolling-202109300217
set service ipoe-server authentication radius dynamic-author key 'ssss' set service ipoe-server authentication radius dynamic-author server '192.168.122.11' set service ipoe-server authentication radius nas-ip-address '192.168.122.11' set service ipoe-server authentication radius server 192.168.122.11 key 'ciscoradiuskey' set service ipoe-server interface eth1 client-subnet '192.0.2.0/24'
Viacheslav added a comment to T3902: Firewall does not load on boot, address-group not found, even though it exists.
@FileGo Can you replace double-quotes with single-quotes?
Viacheslav closed T3216: Removal of restricted-shell broke configure mode for RADIUS users, a subtask of T671: Identify and remove dead code, as Resolved.
Viacheslav closed T3216: Removal of restricted-shell broke configure mode for RADIUS users as Resolved.
Fixed
sever@sever:~$ ssh vyosuser@192.168.122.11
lucasec added a comment to T562: PDNS: Add support for authoritative dns server.
Viacheslav added a project to T3896: Extend ocserv support to allow for per-group configs: VyOS 1.4 Sagitta.
PeppyH added a comment to T3896: Extend ocserv support to allow for per-group configs.
Oct 11 2021
Oct 11 2021
Viacheslav closed T2607: Support for pppoe-server radius mode auth and config radius accouting port as Resolved.
Present in 1.4 and 1.3.0-epa1
set service pppoe-server authentication radius server 192.0.2.1 acct-port Possible completions: <1-65535> Numeric IP port (default: 1813)
Viacheslav added a comment to T3510: RADIUS usersname is not shown on CLI.
@c-po in 1.3.0-epa1 works fine.
c-po added a comment to T3510: RADIUS usersname is not shown on CLI.
What about 1.3.0-epa1?
Viacheslav reopened T3510: RADIUS usersname is not shown on CLI as "Open".
Re-opened, the same bug in VyOS 1.4-rolling-202109300217
sever@sever:~/docker$ ssh user@192.168.122.11
Viacheslav added a comment to T3896: Extend ocserv support to allow for per-group configs.
@SquirePug Can you share more details, which templates and parameters did you edit?