CI job for re-build pkg ocserv should fix this issue.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Feb 17 2022
Feb 17 2022
Viacheslav changed the status of T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus from Confirmed to Needs testing.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Feb 16 2022
Feb 16 2022
Viacheslav edited projects for T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Viacheslav changed the status of T4197: Vyos arm64-latest build issue with telegraf pkg from Open to Needs testing.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Install official pkg solve the issue
wget http://ftp.de.debian.org/debian/pool/main/o/ocserv/ocserv_0.12.2-3_amd64.deb dpkg -i *.deb `
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Can be related
Found out some strange things, client address was banned:
ocserv[2072]: main: added 1 points (total 1) for IP '192.168.122.1' to ban list
Viacheslav changed the status of T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus from Open to Confirmed.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
I don't see any issues with LTS 1.3.0
Thanks
Is it required point of binding in a container?
For example:
podman run --rm -it --device=/dev/vdb:/dev/xvdc:rwm --net host ubuntu bash
You can get access to host netwoks with set container name foo allow-host-networks
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1224
Viacheslav reopened T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID as "In progress".
@anthr76 we have ready telegraf exporter, maybe it will work for you?
https://docs.vyos.io/en/latest/configuration/service/monitoring.html
Viacheslav changed the subtype of T4248: There isn't a way to remove the only rule from the (traffic-policy) class. from "Task" to "Bug".
Feb 15 2022
Feb 15 2022
Viacheslav moved T1292: Issues while deleting all rules from a firewall from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T4237: Conntrack-sync error - error adding listen-address command from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
PR for current https://github.com/vyos/vyos-1x/pull/1223
Viacheslav moved T3686: Bridging OpenVPN tap with no local-address breaks from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav edited projects for T3686: Bridging OpenVPN tap with no local-address breaks, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1221
Feb 14 2022
Feb 14 2022
In hosts we can see 2 entries:
vyos@r11-roll# run show conf com | match test set system static-host-mapping host-name test1.com inet '1.1.1.1' set system static-host-mapping host-name test2.com inet '2a00:1450:400f:802::200e'
Task for kea T3316
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
@Alexey.Kirillov it required more tests and responses from 1.4
Could you test it?
Feb 13 2022
Feb 13 2022
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Which version?
Feb 11 2022
Feb 11 2022
Viacheslav changed the status of T3686: Bridging OpenVPN tap with no local-address breaks from In progress to Needs testing.
@Scoopta Can you check your configuration with the next rolling release?
Viacheslav changed the status of T4236: Generate ovpn openvpn client configuration files from Open to Needs testing.
Viacheslav moved T3872: Add configurable telegraf monitoring service from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
@hensur Could you create a PR for 1.3?
Viacheslav added a project to T4237: Conntrack-sync error - error adding listen-address command: VyOS 1.4 Sagitta.
Viacheslav edited projects for T4237: Conntrack-sync error - error adding listen-address command, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Viacheslav changed the status of T4237: Conntrack-sync error - error adding listen-address command from Open to In progress.
Feb 10 2022
Feb 10 2022
Viacheslav updated the task description for T4236: Generate ovpn openvpn client configuration files.
There is an example of a working configuration:
set interfaces openvpn vtun10 authentication password xxxxxx set interfaces openvpn vtun10 authentication username xxxxxx set interfaces openvpn vtun10 device-type 'tun' set interfaces openvpn vtun10 encryption cipher 'aes256' set interfaces openvpn vtun10 hash 'sha512' set interfaces openvpn vtun10 mode 'client' set interfaces openvpn vtun10 openvpn-option '--config /config/auth/nord/included_config.conf' set interfaces openvpn vtun10 persistent-tunnel set interfaces openvpn vtun10 protocol 'udp' set interfaces openvpn vtun10 remote-host 'xxx.xxx.218.155' set interfaces openvpn vtun10 remote-port '1194' set interfaces openvpn vtun10 tls ca-cert-file xxxxxx
Viacheslav changed the status of T4234: Show firewall partly broken in 1.3.x from Confirmed to Needs testing.
Feb 9 2022
Feb 9 2022
@Scoopta I can't get your configuration, how does should work without the declaration source or remote address?
There is a template that generates OpenVPN site-to-site configuration https://github.com/vyos/vyos-1x/blob/9910020ae6ef37964c97bb28b6b1d84f8227650b/data/templates/openvpn/server.conf.tmpl#L143-L147
To reproduce in 1.4
set interfaces bridge br3 member interface vtun2 set interfaces openvpn vtun2 device-type 'tap' set interfaces openvpn vtun2 mode 'site-to-site' set interfaces openvpn vtun2 persistent-tunnel set interfaces openvpn vtun2 shared-secret-key 'foo' set pki openvpn shared-secret foo key '190696ff2244ca9ce8d5bef8718c58881fe8df8e3519c8bf6ede49108c97a5d9456db648d8c5ca953bb19d21978527a742497426313e614640d037ffffa4980be315e193727ebfb28f3725b779e2d3309ad6f8c939363f7fc14a0080c81e3faf4b053661c81c3003ddabeb87ac8611b81718956b7325f03978c74f502b39965f0d788b21b4370f6a625e3098f8d71ff3e653f50c54b424c511cba78871b38337237830a34266aa9558cd69c68ded89f7f0a82f94b5b87200c7ea05edb14a806e9e4998b00dc2895d976c0e506a6a06056745bca6ce1d2a5c95a51a1460e3080c7743eecbcee9d2c4f89d9e1b59f44484e43591f43bf713255b5de13ae8500620' set pki openvpn shared-secret foo version '1'
Commit:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 663, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 228, in verify
if len([addr for addr in openvpn['local_address'] if is_ipv4(addr)]) > 1:
KeyError: 'local_address'Viacheslav added a project to T3686: Bridging OpenVPN tap with no local-address breaks: VyOS 1.4 Sagitta.
Viacheslav changed the status of T3686: Bridging OpenVPN tap with no local-address breaks from Open to In progress.
Viacheslav added a comment to T1317: OpenVPN configuration fails if it depends on another interface..
It can be fixed in thoses PR's:
https://github.com/vyos/vyos-1x/pull/1210
https://github.com/vyos/vyos-1x/pull/1211
T4230
Feb 8 2022
Feb 8 2022
Viacheslav changed the status of T4115: reboot in <x> not working as expected from Open to Confirmed.
Issue not resolved, re-open
For example, I have 300 routers in different timezones and I want to reboot 50% of routers via 1441min and the other 50% via 2881min
Viacheslav renamed T4234: Show firewall partly broken in 1.3.x from Show firewall partly broken to Show firewall partly broken in 1.3.x.
Viacheslav changed the status of T4234: Show firewall partly broken in 1.3.x from Open to Confirmed.
Viacheslav changed the status of T4219: support incoming-interface (iif) in local PBR from Open to Needs testing.
Viacheslav added a comment to T4230: OpenVPN server configuration deleted after reboot when using a VRRP virtual-address.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1210
PR for 1.4 https://github.com/vyos/vyos-1x/pull/1211
Viacheslav edited projects for T4230: OpenVPN server configuration deleted after reboot when using a VRRP virtual-address, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Viacheslav changed the status of T4230: OpenVPN server configuration deleted after reboot when using a VRRP virtual-address from Confirmed to In progress.
Viacheslav changed the status of T4230: OpenVPN server configuration deleted after reboot when using a VRRP virtual-address from Open to Confirmed.
Viacheslav changed the subtype of T4230: OpenVPN server configuration deleted after reboot when using a VRRP virtual-address from "Task" to "Bug".
Viacheslav added a comment to T4230: OpenVPN server configuration deleted after reboot when using a VRRP virtual-address.
Ip address for openvpn is not yet assigned as a priority for OpenVPN less than for HA
460 interfaces/openvpn 800 high-availability
Anf we have checks if address assigned:
set interfaces ethernet eth0 address '10.1.12.1/24' set high-availability vrrp group FOO interface 'eth0' set high-availability vrrp group FOO no-preempt set high-availability vrrp group FOO priority '150' set high-availability vrrp group FOO rfc3768-compatibility set high-availability vrrp group FOO virtual-address '203.0.113.1/24' set high-availability vrrp group FOO vrid '10'
PR ability to get nftables counters, telegraf input plugin https://github.com/vyos/vyos-1x/pull/1209
Feb 7 2022
Feb 7 2022
Viacheslav changed the status of T3600: DHCP Interface static route breaks PBR, a subtask of T3505: Commits do not respect changes in FRR that are not stored in a config, from Open to In progress.
Viacheslav changed the status of T3600: DHCP Interface static route breaks PBR from Open to In progress.
Viacheslav moved T4087: IPsec IKE-group proposals limit of 10 pieces from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Viacheslav edited projects for T4087: IPsec IKE-group proposals limit of 10 pieces , added: VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.4 Sagitta, VyOS 1.3 Equuleus.
Viacheslav assigned T4231: Feature Request: ocserv: 2FA (password+OTP) support in Openconnect to Unknown Object (User).
Feb 5 2022
Feb 5 2022
Feb 4 2022
Feb 4 2022
@aohanian I got it, thanks, so it doesn't delete the previous route in one commit
it can be archived with 2 commits
configure delete protocols static route 1.1.1.1/32 dhcp-interface eth4 commit set protocols static route 1.1.1.1/32 dhcp-interface eth5 commit
@fernando What do you want to see it that case?
In the our CLI DHCP-route can be as a single value now:
set protocols static route 192.0.2.192/32 dhcp-interface 'eth0' set protocols static route 192.0.2.192/32 dhcp-interface 'eth2'
I.e. the first route will be replaced with the second route in CLI.
So if I understand correctly you expect that this route will be also replaced an in the FRR?