- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Dec 23 2021
Dec 23 2021
Viacheslav changed the subtype of T3854: Missing op-mode commands for conntrack-sync from "Task" to "Bug".
Viacheslav changed the status of T3854: Missing op-mode commands for conntrack-sync from Open to In progress.
Dec 22 2021
Dec 22 2021
Viacheslav changed the status of T4092: IKEv2 mobike commit failed with DMVPN nhrp from Open to In progress.
Viacheslav added a project to T4092: IKEv2 mobike commit failed with DMVPN nhrp: VyOS 1.2 Crux (VyOS 1.2.9).
Viacheslav renamed T4092: IKEv2 mobike commit failed with DMVPN nhrp from Reopen: IKEv2 mobike commit failed to IKEv2 mobike commit failed with DMVPN nhrp.
It doesn't matter what you add mobike disable or enable
A possible reason it generates incorrect swanctl.conf for option mobike
@nikeshhajari thanks, I can reproduce it in 1.3:
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 multicast 'enable' set interfaces tunnel tun0 parameters ip key '1' set interfaces tunnel tun0 source-address '192.168.122.14' set protocols nhrp tunnel tun0 cisco-authentication 'orange' set protocols nhrp tunnel tun0 holding-time '300' set protocols nhrp tunnel tun0 multicast 'dynamic' set protocols nhrp tunnel tun0 redirect set protocols nhrp tunnel tun0 shortcut set vpn ipsec esp-group ESP-HUB compression 'disable' set vpn ipsec esp-group ESP-HUB lifetime '3600' set vpn ipsec esp-group ESP-HUB mode 'tunnel' set vpn ipsec esp-group ESP-HUB pfs 'dh-group21' set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha256' set vpn ipsec esp-group ESP-HUB proposal 2 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 2 hash 'sha256' set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no' set vpn ipsec ike-group IKE-HUB key-exchange 'ikev2' set vpn ipsec ike-group IKE-HUB lifetime '28800' set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '21' set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha256' set vpn ipsec ike-group IKE-HUB proposal 2 dh-group '21' set vpn ipsec ike-group IKE-HUB proposal 2 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 2 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'PRE_SHARED_KEY' set vpn ipsec profile NHRPVPN bind tunnel 'tun0' set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB' commit
Add mobile disable:
set vpn ipsec ike-group IKE-HUB mobike 'disable' commit [ vpn ] Warning: unable to [reload changes to swanctl.conf], received error code 5632
I prefer to rewrite the whole https://github.com/vyos/vyatta-config-mgmt to XML/python
A similar bug I see in 1.2 with such configuration:
set service snmp contact 'test' set service snmp listen-address 192.168.122.12 set service snmp location 'test' set service snmp v3 user foo auth encrypted-key '0x2e312e332e362e312e362e332e31302e312e322e34' set service snmp v3 user foo auth type 'sha' set service snmp v3 user foo privacy encrypted-key '0x' set service snmp v3 user foo privacy type 'aes'
Viacheslav added projects to T4093: SNMPv3 snmpd.conf generation bug: VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0).
Dec 21 2021
Dec 21 2021
@m.korobeinikov Could you re-check it and close if necessary?
Viacheslav closed T3376: Setting ipv6 address autoconf causes all interfaces besides the target to lose their IP as Not Applicable.
@ernstjo Do you have any news regarding this issue or should we close it?
Viacheslav added a comment to T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.
@SrividyaA Could you re-check it?
Viacheslav closed T3931: SSTP doesn't work after rewriting to PKI, a subtask of T3642: PKI configuration, as Resolved.
@daniil can you edit one file?
sudo nano -c +1308 /usr/lib/python3/dist-packages/vyos/ifconfig/interface.py
And replace string:
if not 'redirect' in self._config:
To string:
if not 'redirect' in self._config and not 'traffic_policy' in self._config:
save and reboot the router or just restart vyos-configd
sudo systemctl restart vyos-configd
Viacheslav changed the subtype of T4072: Feature Request: Firewall on bridge interfaces from "Task" to "Feature Request".
Viacheslav removed a project from T4087: IPsec IKE-group proposals limit of 10 pieces : VyOS 1.2 Crux.
Viacheslav renamed T4039: Rsyslog to use 'protocol23format' for protocol UDP from Rsyslog to use 'protocol23format' to Rsyslog to use 'protocol23format' for protocol UDP.
Viacheslav added a project to T4039: Rsyslog to use 'protocol23format' for protocol UDP: VyOS 1.4 Sagitta.
Viacheslav added a comment to T4062: VRRP IPSEC-AH : sequence number xxxxxxx already processed. Packet dropped. Local(xxxxxxx).
@boevering Do you know how to reproduce it?
Viacheslav changed the status of T4021: Long commit time on bridge interface with 1-4094 allowed VLAN tags from Open to Needs testing.
Viacheslav added a comment to T4021: Long commit time on bridge interface with 1-4094 allowed VLAN tags.
@Boman I don't see such issue:
vyos@r11-roll# set interfaces bridge br0 enable-vlan [edit] vyos@r11-roll# set interfaces bridge br0 member interface eth2 allowed-vlan 1-4094 [edit] vyos@r11-roll# [edit] vyos@r11-roll# time commit
Viacheslav moved T3913: VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2 from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Viacheslav moved T4053: VRRP impossible to set scripts out of the /config directory from Open to Finished on the VyOS 1.4 Sagitta board.
@daniil Can you share an example of traffic-policy 1G?
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
Viacheslav moved T4082: Add op mode command to restart ldpd from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Viacheslav moved T3435: NAT rules show corruption from Finished to In Progress on the VyOS 1.4 Sagitta board.
There is still another bug:
set nat destination rule 120 destination address '203.0.113.1' set nat destination rule 120 inbound-interface 'eth0' set nat destination rule 120 protocol 'tcp' set nat destination rule 120 translation address '192.0.2.40'
PR https://github.com/vyos/vyos-1x/pull/1114
vyos@r11-roll:~$ show nat destination rules Rule Destination Translation Inbound Interface ---- ----------- ----------- ----------------- 100 port 3389 192.0.2.40 port 80 eth0 vyos@r11-roll:~$
Dec 20 2021
Dec 20 2021
Viacheslav changed the subtype of T4087: IPsec IKE-group proposals limit of 10 pieces from "Task" to "Feature Request".
Dec 17 2021
Dec 17 2021
Dec 16 2021
Dec 16 2021
Strace statistics
strace.txt74 KBDownload
Duplicate T1877
Viacheslav removed a project from T4078: A hybrid of "network-group" and "address-group".: VyOS 1.2 Crux.
Viacheslav changed the subtype of T4081: VRRP health-check script stops working when setting up a sync group from "Task" to "Bug".
Dec 15 2021
Dec 15 2021
Dec 14 2021
Dec 14 2021
Viacheslav added a project to T4071: Allow HTTP API to bind to unix domain socket: VyOS 1.3 Equuleus (1.3.0).
Dec 11 2021
Dec 11 2021
Not sure if we can migrate all old cluster CLI syntax, but create a new I think we can
Something like:
set cluster corosync name xxx set cluster corosync resource ip|systemd x.x.x.x set cluster corosync two-node enable|disable (default enable) set cluster corosync transport udpu|knet set cluster corosync node node01 address|name x.x.x.x|node01.local set cluster corosync node node01 node-id 1 set cluster corosync node node02 adderss|name x.x.x.x|node02.local set cluster corosync node node02 node-id 2
Still with issues, VyOS 1.4-rolling-202112090318:
vyos@r11-roll# set system config-management commit-archive location sftp://foo:foo@192.168.122.14/
[edit]
vyos@r11-roll# commit
Archiving config...
sftp://192.168.122.14/ Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 312, in upload
urlc(urlstring, *args, **kwargs).upload(local_path)
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 202, in upload
with self._establish() as ssh, ssh.open_sftp() as sftp:
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 189, in _establish
sock = socket.create_connection((self.hostname, self.port), socket.getdefaulttimeout(), self.source)
File "/usr/lib/python3.9/socket.py", line 830, in create_connection
sock.bind(source_address)
TypeError: str, bytes or bytearray expected, not NoneType
[edit]
vyos@r11-roll#
[edit]But save is working:
vyos@r11-roll# save sftp://foo:foo@192.168.122.14/ Saving configuration to 'sftp://foo:foo@192.168.122.14/'... Done [edit] vyos@r11-roll#
Viacheslav changed the status of T4029: Broken SFTP uploads, a subtask of T3356: Script for remote file transfers, from Open to Needs testing.
Dec 10 2021
Dec 10 2021
Viacheslav added a comment to T4065: IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory.
Duplicate T2922
Dec 9 2021
Dec 9 2021
Viacheslav changed the status of T4064: IP address for vif is not removed from the system when deleted in configuration from Open to Confirmed.
Viacheslav edited projects for T4064: IP address for vif is not removed from the system when deleted in configuration, added: VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa2).
@hexes Do I understand correctly that when you set this option you get logs "Options error"?
openvpn-option "--server-bridge 10.1.4.1 255.255.255.0 10.1.4.240 10.1.4.250"
Dec 9 2021, 12:46 PM · Bugs, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.1), Restricted Project, openvpn
Dec 6 2021
Dec 6 2021
Viacheslav renamed T4028: FRR 8.1 routes not being applied to routing table after reboot if an interface has 2 ip addresses from [1.4-rolling-202111290926] 0.0.0.0/0 not being applied to routing table to FRR 8.1 routes not being applied to routing table after reboot if an interface has 2 ip addresses.
Viacheslav added a comment to T4024: Access-lists and prefix-lists disappear when setting ldp hello-ipv4-interval.
To reproduce:
set policy access-list 100 rule 1 source any set policy access-list 100 rule 1 destination any set policy access-list 100 rule 1 action permit set interface ethernet eth1 address 203.0.113.1/24 set protocols mpls ldp discovery transport-ipv4-address 203.0.113.1 set protocols mpls ldp interface eth1 set protocols mpls ldp router-id 203.0.113.1 commit
Access list is present:
vyos@r4-epa2# vtysh -c "show run" | grep access access-list 100 seq 5 permit ip any any [edit]
Add hello interval:
set protocols mpls ldp discovery hello-ipv4-interval 1
There is no access-list anymore
vyos@r4-epa2# commit [edit] vyos@r4-epa2# vtysh -c "show run" | grep access [edit] vyos@r4-epa2#
Viacheslav changed the status of T4024: Access-lists and prefix-lists disappear when setting ldp hello-ipv4-interval from Open to Confirmed.
Viacheslav changed the status of T4046: Sflow - Add Source address parameter from In progress to Needs testing.
Viacheslav changed the status of T4052: Validator return traceback on VRRP configuration with the script path not in config dir from In progress to Needs testing.
Viacheslav changed the status of T4053: VRRP impossible to set scripts out of the /config directory from Open to Needs testing.
The correct key for sflow sfprobe_source_ip
PR https://github.com/vyos/vyos-1x/pull/1099
Viacheslav changed the status of T4046: Sflow - Add Source address parameter from Open to In progress.
Viacheslav changed the status of T4033: VRRP - Error security when setting scripts from Open to In progress.
Viacheslav updated the task description for T4053: VRRP impossible to set scripts out of the /config directory.