There is a task for "loadbalancing" T4109
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Dec 27 2021
Dec 27 2021
Some of the options can be included in the config:
set interfaces openvpn vtun10 openvpn-option-include '/config/openvpn/included.conf'
Just configure minimal OpenVPN configuration and include what you want
Viacheslav moved T2566: sstp not able to run tunnels ipv6 only from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Viacheslav changed the status of T4081: VRRP health-check script stops working when setting up a sync group from Confirmed to In progress.
Viacheslav moved T4081: VRRP health-check script stops working when setting up a sync group from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1122
Viacheslav added a comment to T4109: Extend high-availability/keepalived for support virtual-server lb.
Dec 26 2021
Dec 26 2021
Viacheslav changed the subtype of T4100: Firewall increase maximum number of rules from "Task" to "Feature Request".
@NikolayP Change it https://github.com/vyos/vyatta-cfg-firewall/blob/1e06e3f891f8238d565ff0eddb4cd8c9b6032346/templates/firewall/name/node.tag/rule/node.def#L5-L9 to the required range.
Dec 25 2021
Dec 25 2021
Dec 24 2021
Dec 24 2021
Viacheslav lowered the priority of T891: Current multi-table usage with VRF-netns tables in FRR is partially broken for PBR. from High to Normal.
Viacheslav added a comment to T891: Current multi-table usage with VRF-netns tables in FRR is partially broken for PBR..
In T891#20803, @Watcher7 wrote:
- VyOS command syntax cannot currently specify both a next-hop and interface for the same static route, despite FRR being able to do so.
Viacheslav moved T3854: Missing op-mode commands for conntrack-sync from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1120
Dec 23 2021
Dec 23 2021
Viacheslav edited projects for T3854: Missing op-mode commands for conntrack-sync, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav moved T4092: IKEv2 mobike commit failed with DMVPN nhrp from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav edited projects for T4092: IKEv2 mobike commit failed with DMVPN nhrp, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
PR for crux https://github.com/vyos/vyatta-cfg-vpn/pull/53
Viacheslav moved T4092: IKEv2 mobike commit failed with DMVPN nhrp from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Viacheslav changed the subtype of T3854: Missing op-mode commands for conntrack-sync from "Task" to "Bug".
Viacheslav changed the status of T3854: Missing op-mode commands for conntrack-sync from Open to In progress.
Dec 22 2021
Dec 22 2021
Viacheslav changed the status of T4092: IKEv2 mobike commit failed with DMVPN nhrp from Open to In progress.
Viacheslav added a project to T4092: IKEv2 mobike commit failed with DMVPN nhrp: VyOS 1.2 Crux (VyOS 1.2.9).
Viacheslav renamed T4092: IKEv2 mobike commit failed with DMVPN nhrp from Reopen: IKEv2 mobike commit failed to IKEv2 mobike commit failed with DMVPN nhrp.
It doesn't matter what you add mobike disable or enable
A possible reason it generates incorrect swanctl.conf for option mobike
@nikeshhajari thanks, I can reproduce it in 1.3:
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 multicast 'enable' set interfaces tunnel tun0 parameters ip key '1' set interfaces tunnel tun0 source-address '192.168.122.14' set protocols nhrp tunnel tun0 cisco-authentication 'orange' set protocols nhrp tunnel tun0 holding-time '300' set protocols nhrp tunnel tun0 multicast 'dynamic' set protocols nhrp tunnel tun0 redirect set protocols nhrp tunnel tun0 shortcut set vpn ipsec esp-group ESP-HUB compression 'disable' set vpn ipsec esp-group ESP-HUB lifetime '3600' set vpn ipsec esp-group ESP-HUB mode 'tunnel' set vpn ipsec esp-group ESP-HUB pfs 'dh-group21' set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha256' set vpn ipsec esp-group ESP-HUB proposal 2 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 2 hash 'sha256' set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no' set vpn ipsec ike-group IKE-HUB key-exchange 'ikev2' set vpn ipsec ike-group IKE-HUB lifetime '28800' set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '21' set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha256' set vpn ipsec ike-group IKE-HUB proposal 2 dh-group '21' set vpn ipsec ike-group IKE-HUB proposal 2 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 2 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'PRE_SHARED_KEY' set vpn ipsec profile NHRPVPN bind tunnel 'tun0' set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB' commit
Add mobile disable:
set vpn ipsec ike-group IKE-HUB mobike 'disable' commit [ vpn ] Warning: unable to [reload changes to swanctl.conf], received error code 5632
I prefer to rewrite the whole https://github.com/vyos/vyatta-config-mgmt to XML/python
A similar bug I see in 1.2 with such configuration:
set service snmp contact 'test' set service snmp listen-address 192.168.122.12 set service snmp location 'test' set service snmp v3 user foo auth encrypted-key '0x2e312e332e362e312e362e332e31302e312e322e34' set service snmp v3 user foo auth type 'sha' set service snmp v3 user foo privacy encrypted-key '0x' set service snmp v3 user foo privacy type 'aes'
Viacheslav added projects to T4093: SNMPv3 snmpd.conf generation bug: VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0).
Dec 21 2021
Dec 21 2021
@m.korobeinikov Could you re-check it and close if necessary?
Viacheslav closed T3376: Setting ipv6 address autoconf causes all interfaces besides the target to lose their IP as Not Applicable.
@ernstjo Do you have any news regarding this issue or should we close it?
Viacheslav added a comment to T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.
@SrividyaA Could you re-check it?
Viacheslav closed T3931: SSTP doesn't work after rewriting to PKI, a subtask of T3642: PKI configuration, as Resolved.
@daniil can you edit one file?
sudo nano -c +1308 /usr/lib/python3/dist-packages/vyos/ifconfig/interface.py
And replace string:
if not 'redirect' in self._config:
To string:
if not 'redirect' in self._config and not 'traffic_policy' in self._config:
save and reboot the router or just restart vyos-configd
sudo systemctl restart vyos-configd
Viacheslav changed the subtype of T4072: Feature Request: Firewall on bridge interfaces from "Task" to "Feature Request".
Viacheslav removed a project from T4087: IPsec IKE-group proposals limit of 10 pieces : VyOS 1.2 Crux.
Viacheslav renamed T4039: Rsyslog to use 'protocol23format' for protocol UDP from Rsyslog to use 'protocol23format' to Rsyslog to use 'protocol23format' for protocol UDP.
Viacheslav added a project to T4039: Rsyslog to use 'protocol23format' for protocol UDP: VyOS 1.4 Sagitta.
Viacheslav added a comment to T4062: VRRP IPSEC-AH : sequence number xxxxxxx already processed. Packet dropped. Local(xxxxxxx).
@boevering Do you know how to reproduce it?
Viacheslav changed the status of T4021: Long commit time on bridge interface with 1-4094 allowed VLAN tags from Open to Needs testing.
Viacheslav added a comment to T4021: Long commit time on bridge interface with 1-4094 allowed VLAN tags.
@Boman I don't see such issue:
vyos@r11-roll# set interfaces bridge br0 enable-vlan [edit] vyos@r11-roll# set interfaces bridge br0 member interface eth2 allowed-vlan 1-4094 [edit] vyos@r11-roll# [edit] vyos@r11-roll# time commit
Viacheslav moved T3913: VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2 from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Viacheslav moved T4053: VRRP impossible to set scripts out of the /config directory from Open to Finished on the VyOS 1.4 Sagitta board.
@daniil Can you share an example of traffic-policy 1G?
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
Viacheslav moved T4082: Add op mode command to restart ldpd from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Viacheslav moved T3435: NAT rules show corruption from Finished to In Progress on the VyOS 1.4 Sagitta board.
There is still another bug:
set nat destination rule 120 destination address '203.0.113.1' set nat destination rule 120 inbound-interface 'eth0' set nat destination rule 120 protocol 'tcp' set nat destination rule 120 translation address '192.0.2.40'
PR https://github.com/vyos/vyos-1x/pull/1114
vyos@r11-roll:~$ show nat destination rules Rule Destination Translation Inbound Interface ---- ----------- ----------- ----------------- 100 port 3389 192.0.2.40 port 80 eth0 vyos@r11-roll:~$
Dec 20 2021
Dec 20 2021
Viacheslav changed the subtype of T4087: IPsec IKE-group proposals limit of 10 pieces from "Task" to "Feature Request".
Dec 17 2021
Dec 17 2021
Dec 16 2021
Dec 16 2021
Strace statistics
strace.txt74 KBDownload
Duplicate T1877
Viacheslav removed a project from T4078: A hybrid of "network-group" and "address-group".: VyOS 1.2 Crux.
Viacheslav changed the subtype of T4081: VRRP health-check script stops working when setting up a sync group from "Task" to "Bug".
Dec 15 2021
Dec 15 2021
Dec 14 2021
Dec 14 2021