@egoistdream Just check when this feature was merged. It was implemented in FRR 24th of November, but the latest FRR release was 9th of November
https://frrouting.org/release/8.1/
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Jan 3 2022
Jan 3 2022
Viacheslav renamed T4130: Firewall state policy errors chain from Firewall state policy erros chain to Firewall state policy errors chain.
Viacheslav changed the status of T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 from In progress to Needs testing.
Viacheslav changed the status of T4120: [VXLAN] add ability to set multiple unicast-remotes from Open to In progress.
Viacheslav added a comment to T3976: Missing prefix-list and access-list option from ipv6 route-map.
Dec 31 2021
Dec 31 2021
Viacheslav renamed T4126: Ability to set priority to site to site IPSec vpn tunnels from Ability to set priority to site to site IPSec tunnels to Ability to set priority to site to site IPSec vpn tunnels.
Viacheslav changed the status of T4126: Ability to set priority to site to site IPSec vpn tunnels from Open to Needs testing.
It can't be implemented in 1.3, as it doesn't use swanctl.conf for peers configuration
I didn't find this option for ipsec.conf
PR https://github.com/vyos/vyos-1x/pull/1129
set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 local prefix '172.16.0.0/24' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 priority '100' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 remote prefix '10.0.0.0/24'
Viacheslav updated the task description for T4126: Ability to set priority to site to site IPSec vpn tunnels.
Viacheslav changed the subtype of T4125: Feature Request: bridge STP BPDU translation from "Task" to "Feature Request".
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
How about starting with a simple interface and allowing to set interface for binding address?
set high-availability vrrp group foo address 203.0.113.1 interface ethX Possible completions: > ethN Interfcae used to assign virtual address > eth0 > eth1 > eth2
Viacheslav edited projects for T4081: VRRP health-check script stops working when setting up a sync group, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav closed T4081: VRRP health-check script stops working when setting up a sync group as Resolved.
Dec 29 2021
Dec 29 2021
@insignia96 Will be present in the next rolling release.
Viacheslav reopened T2498: Expected error when deleting vif that has dhcp-server configured as "Open".
Re-opened as this task regarding dhcp-server, not dhcp-client
Viacheslav closed T2498: Expected error when deleting vif that has dhcp-server configured as Not Applicable.
Fixed VyOS 1.3.0:
vyos@r4# run show conf com | match dhcp
set interfaces ethernet eth2 vif 35 address 'dhcp'
[edit]
vyos@r4# run show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.122.14/24 u/u WAN
eth1 203.0.113.14/24 u/u Lan
192.0.2.14/24
eth2 - u/u
eth2.35 10.0.2.10/24 u/uViacheslav added a project to T2700: Redirecting traffic from PPPoE interface to IFB fails: VyOS 1.4 Sagitta.
To reproduce:
set interfaces ethernet eth2 vif 35 set interfaces pppoe pppoe0 authentication password 'MYPASSWORD' set interfaces pppoe pppoe0 authentication user 'MYUSER' set interfaces pppoe pppoe0 default-route 'force' set interfaces pppoe pppoe0 mtu '1492' set interfaces pppoe pppoe0 redirect 'ifb0' set interfaces pppoe pppoe0 source-interface 'eth2.35' set interfaces pppoe pppoe0 traffic-policy out 'OUT2' set interfaces input ifb0
Commit:
vyos@r11-roll# commit [ interfaces pppoe pppoe0 redirect ifb0 ] Cannot find device "pppoe0" tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.
Viacheslav moved T2400: OpenVPN: dont restart server if no need from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav closed T2400: OpenVPN: dont restart server if no need, a subtask of T3995: OpenVPN: do not stop/start service on configuration change, as Resolved.
Fixed in eceaa3a7
Just fork the repository vyos-1x and create a PR with propper commit format.
https://docs.vyos.io/en/equuleus/contributing/development.html#fork-repository-and-submit-patch
https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md
Dec 28 2021
Dec 28 2021
Viacheslav edited projects for T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav changed the status of T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check from Open to In progress.
Viacheslav changed the status of T4111: IPSec generates wrong configuration colons for IPv6 peers from In progress to Needs testing.
One issue with static + dhcp on one interface at the same time.
After renew, the static address 192.168.122.11 is disappears
To reproduce:
vyos@r11-roll:~$ show conf com | match eth0 set interfaces ethernet eth0 address '192.168.122.11/24' set interfaces ethernet eth0 address 'dhcp'
Renew dhcp:
vyos@r11-roll:~$ renew dhcp interface eth0
Static address not in the system:
vyos@r11-roll:~$ show int Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 192.168.122.166/24 u/u WAN eth1 203.0.113.1/24 u/u
@johannrichard Is there any real example that you want to achieve?
Viacheslav changed the status of T4023: Add grepcidr or similar functionality from Open to In progress.
Viacheslav changed the status of T4100: Firewall increase maximum number of rules from Open to Needs testing.
Viacheslav changed the status of T4109: Extend high-availability/keepalived for support virtual-server lb from Open to In progress.
Viacheslav changed the status of T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 from Open to In progress.
Viacheslav added a comment to T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0.
PR https://github.com/vyos/vyos-1x/pull/1124
set service ssh disable-host-validation set service ssh listen-address '192.168.122.11' set service ssh listen-address 'fe80::5054:ff:fe48:a0c6%eth0'
Chek service and listen-addresses:
vyos@r11-roll# cat /run/sshd/sshd_config | grep List ListenAddress 192.168.122.11 ListenAddress fe80::5054:ff:fe48:a0c6%eth0
Viacheslav changed the status of T3380: "show vpn ike sa" does not display IPv6 peers from Open to In progress.
Viacheslav moved T3380: "show vpn ike sa" does not display IPv6 peers from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T3380: "show vpn ike sa" does not display IPv6 peers: VyOS 1.3 Equuleus ( 1.3.1).
It still doesn't work for 1.3
This regex not for all IPv6 peers
Viacheslav changed the status of T4111: IPSec generates wrong configuration colons for IPv6 peers from Open to In progress.
Dec 27 2021
Dec 27 2021
Viacheslav renamed T4111: IPSec generates wrong configuration colons for IPv6 peers from IPSec generates wrong configuration for IPv6 peers to IPSec generates wrong configuration colons for IPv6 peers.
Viacheslav changed the status of T3299: Allow the web proxy service to listen on all IP addresses from Resolved to Unknown Status.
There is a task for "loadbalancing" T4109
Some of the options can be included in the config:
set interfaces openvpn vtun10 openvpn-option-include '/config/openvpn/included.conf'
Just configure minimal OpenVPN configuration and include what you want
Viacheslav moved T2566: sstp not able to run tunnels ipv6 only from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Viacheslav changed the status of T4081: VRRP health-check script stops working when setting up a sync group from Confirmed to In progress.
Viacheslav moved T4081: VRRP health-check script stops working when setting up a sync group from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1122
Viacheslav added a comment to T4109: Extend high-availability/keepalived for support virtual-server lb.
Dec 26 2021
Dec 26 2021
Viacheslav changed the subtype of T4100: Firewall increase maximum number of rules from "Task" to "Feature Request".
@NikolayP Change it https://github.com/vyos/vyatta-cfg-firewall/blob/1e06e3f891f8238d565ff0eddb4cd8c9b6032346/templates/firewall/name/node.tag/rule/node.def#L5-L9 to the required range.
Dec 25 2021
Dec 25 2021
Dec 24 2021
Dec 24 2021
Viacheslav lowered the priority of T891: Current multi-table usage with VRF-netns tables in FRR is partially broken for PBR. from High to Normal.
Viacheslav added a comment to T891: Current multi-table usage with VRF-netns tables in FRR is partially broken for PBR..
In T891#20803, @Watcher7 wrote:
- VyOS command syntax cannot currently specify both a next-hop and interface for the same static route, despite FRR being able to do so.
Viacheslav moved T3854: Missing op-mode commands for conntrack-sync from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1120
Dec 23 2021
Dec 23 2021
Viacheslav edited projects for T3854: Missing op-mode commands for conntrack-sync, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav moved T4092: IKEv2 mobike commit failed with DMVPN nhrp from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav edited projects for T4092: IKEv2 mobike commit failed with DMVPN nhrp, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
PR for crux https://github.com/vyos/vyatta-cfg-vpn/pull/53