Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Feb 15 2022

Unknown Object (User) reopened T3494: DHCPv6 leases traceback when PD using as "Backport candidate".

Sorry, it works properly only for not PD. Looks like is not backported to equuleus
Client-side configuration to reproduce

set interfaces ethernet eth0 address 'dhcpv6'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0'
set interfaces ethernet eth0 dhcpv6-options pd 0 length '64'

On server-side we get the same backtrace

vyos@vyos# run show dhcpv6 server leases 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 209, in <module>
    leases = get_leases(conf, lease_file, args.state, args.pool, args.sort)
  File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in get_leases
    leases = sorted(leases, key = lambda k: int(ip_address(k['ip'])))
  File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in <lambda>
    leases = sorted(leases, key = lambda k: int(ip_address(k['ip'])))
  File "/usr/lib/python3.7/ipaddress.py", line 54, in ip_address
    address)
ValueError: '2001:db8:290::/64' does not appear to be an IPv4 or IPv6 address
Feb 15 2022, 9:40 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Unknown Object (User) closed T3494: DHCPv6 leases traceback when PD using as Resolved.

Tested on VyOS version 1.3.0, works properly

vyos@vyos# run show version | match Version
Version:          VyOS 1.3.0
[edit]
vyos@vyos# run show dhcpv6 server leases 
IPv6 address        State    Last communication    Lease expiration     Remaining    Type           Pool         IAID_DUID
------------------  -------  --------------------  -------------------  -----------  -------------  -----------  -----------------------------------------------------------------
2001:db8:3456::187  active   2022/02/15 09:28:10   2022/02/15 21:28:10  11:58:28     non-temporary  VyOS-DHCPv6  00:00:00:00:00:04:79:76:62:99:23:ad:43:fb:9c:5b:1c:1e:59:4b:58:01
Feb 15 2022, 9:30 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T725: Cake and FQ-PIE.

Hi @hensur , I'm sure that this code should be moved to python implementation, patches for the legacy vyatta-cfg-qos will be rejected.
First of all, need to create CLI XML definition
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#xml-used-for-cli-definitions
and then create backend in python to process CLI commands
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#configuration-script-structure-and-behaviour

Feb 15 2022, 9:18 AM · VyOS 1.4 Sagitta
Scoopta added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

I can confirm that the latest 202202140317 build fixes this issue, thanks.

Feb 15 2022, 1:34 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Unknown Object (User) updated subscribers of T4246: Failed to delete vrrp transition-script.
Feb 15 2022, 1:19 AM · VyOS 1.3 Equuleus (1.3.0)

Feb 14 2022

Unknown Object (User) triaged T4246: Failed to delete vrrp transition-script as Low priority.
Feb 14 2022, 10:54 PM · VyOS 1.3 Equuleus (1.3.0)
chenxiaolong added a comment to T4245: eapol: Support for specifying the full CA chain of trust for both client and server.

Alternatively, since the pki code seems to already recognize parents/issuers:

Feb 14 2022, 10:35 PM
chenxiaolong created T4245: eapol: Support for specifying the full CA chain of trust for both client and server.
Feb 14 2022, 10:31 PM
chenxiaolong added a comment to T4244: eapol: commit fails with KeyError when PKI certificate name differs from the CA name.

I've submitted a PR to fix this here: https://github.com/vyos/vyos-1x/pull/1220

Feb 14 2022, 10:11 PM
chenxiaolong created T4244: eapol: commit fails with KeyError when PKI certificate name differs from the CA name.
Feb 14 2022, 10:06 PM
hensur added a comment to T4151: IPV6 local PBR Support.

PR: https://github.com/vyos/vyos-1x/pull/1219

Feb 14 2022, 9:17 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4243: Nat log - Add translated data to nat logs.

@n.fort it is possible with conntrackd logging option syslog

sudo rm /etc/systemd/system/conntrackd.service.d/override.conf

edit nano /etc/conntrackd/conntrackd.conf and add Syslog on in General section, then restart conntrackd service.
After that you will get messages

conntrack-tools[5097]: udp      17 src=100.64.0.3 dst=1.1.1.1 sport=41900 dport=53 src=1.1.1.1 dst=198.51.100.1 sport=53 dport=41900
Feb 14 2022, 8:17 PM · VyOS 1.5 Circinus
hensur added a comment to T725: Cake and FQ-PIE.

I'd like to see cake in vyos as well. I don't think this has been implemented yet (at least not under the traffic-policy section in 1.4-rolling) ?

Feb 14 2022, 8:00 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4239: static-host-mapping only working on ipv4 addresses.

In hosts we can see 2 entries:

vyos@r11-roll# run show conf com | match test
set system static-host-mapping host-name test1.com inet '1.1.1.1'
set system static-host-mapping host-name test2.com inet '2a00:1450:400f:802::200e'
Feb 14 2022, 7:57 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3977: dhcp-relay-agent uses "physical" IP instead of vrrp IP.

Task for kea T3316

Feb 14 2022, 7:45 PM · VyOS 1.3 Equuleus (1.3.6)
olofl updated subscribers of T3977: dhcp-relay-agent uses "physical" IP instead of vrrp IP.

@sever https://kea.readthedocs.io/en/kea-2.0.1/arm/dhcp4-srv.html#using-a-specific-relay-agent-for-a-subnet

Feb 14 2022, 7:11 PM · VyOS 1.3 Equuleus (1.3.6)
hensur added a comment to T4151: IPV6 local PBR Support.

@Viacheslav Working on it, should be ready soon.

Feb 14 2022, 6:57 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
c-po changed the status of T4154: Error add second gre tunnel with the same source interface from Open to Needs testing.
Feb 14 2022, 6:10 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4154: Error add second gre tunnel with the same source interface from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Feb 14 2022, 6:10 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4154: Error add second gre tunnel with the same source interface from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 14 2022, 6:10 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
fernando added a comment to T4243: Nat log - Add translated data to nat logs.

I think it is necessary to show this kind information . it should use tools/service as netflow/ipfix . for example:

Feb 14 2022, 5:48 PM · VyOS 1.5 Circinus
n.fort created T4243: Nat log - Add translated data to nat logs.
Feb 14 2022, 5:15 PM · VyOS 1.5 Circinus
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.

works as expected:

Feb 14 2022, 2:51 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.

sure, I'll test 1.4 rolling
but if this feature simply adds "dev XXX" to virtual_address in vrrp config that shouldn't break much

Feb 14 2022, 2:22 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.

@Alexey.Kirillov it required more tests and responses from 1.4
Could you test it?

Feb 14 2022, 2:18 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Scoopta added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

I can't get your configuration, how does should work without the declaration source or remote address?

Feb 14 2022, 8:42 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
freelancer added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

I think I'm experiencing this same issue. I just tried upgrading a VPN server running 1.3-rolling-202001260217 to 1.3.0 LTS. As this is a production server (albeit a secondary/backup server) I've reverted to the old version of VyOS, and it looks like a fix is already on its way, so I just wanted to add my info to the ticket.

Feb 14 2022, 12:11 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Feb 13 2022

Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.

Is there any chance to backport this to 1.3x ?
It makes migration from cluster way easier.

Feb 13 2022, 9:14 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po closed T4191: Lost access to host after VRF re-creating as Resolved.
Feb 13 2022, 8:33 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4191: Lost access to host after VRF re-creating from In Progress to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Feb 13 2022, 8:33 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4191: Lost access to host after VRF re-creating from Need Triage to In Progress on the VyOS 1.3 Equuleus ( 1.3.1) board.
Feb 13 2022, 8:16 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po added a project to T4191: Lost access to host after VRF re-creating: VyOS 1.3 Equuleus ( 1.3.1).
Feb 13 2022, 8:15 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4191: Lost access to host after VRF re-creating from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:38 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4218: firewall: rule name is not allowed to start with a number from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:38 PM · VyOS 1.4 Sagitta
c-po moved T4225: Performance degration with latest rolling release from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:38 PM · VyOS 1.4 Sagitta
c-po moved T4220: Commit broke dhclient 78b247b724f74bdabab0706aaa7f5b00e5809bc1 from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:38 PM · VyOS 1.4 Sagitta
c-po moved T4224: Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso) from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:38 PM · VyOS 1.4 Sagitta
c-po moved T4226: VRRP transition-script does not work for groups name which contains -(minus) sign from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:38 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4223: policy route cannot have several entries with the same table from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:37 PM · VyOS 1.4 Sagitta
c-po moved T4242: ethernet speed/duplex can never be switched back to auto/auto from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2022, 7:37 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4204: Update Accel-PPP to a newer revision from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Feb 13 2022, 7:37 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4226: VRRP transition-script does not work for groups name which contains -(minus) sign from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Feb 13 2022, 7:37 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po moved T4242: ethernet speed/duplex can never be switched back to auto/auto from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Feb 13 2022, 7:37 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po changed Why the issue appeared? from none to implementation-mistake on T4242: ethernet speed/duplex can never be switched back to auto/auto.
Feb 13 2022, 7:37 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po closed T4242: ethernet speed/duplex can never be switched back to auto/auto as Resolved.
Feb 13 2022, 7:37 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po claimed T4242: ethernet speed/duplex can never be switched back to auto/auto.
Feb 13 2022, 7:28 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
c-po created T4242: ethernet speed/duplex can never be switched back to auto/auto.
Feb 13 2022, 7:28 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
dutty added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.

@Viacheslav As I said: every rolling version of VyOS 1.3 branch starting from mid-January. I built ISO several times during this month. Last one I tried today (built today). All of them behave like this in my two different routers. Last time ocserv worked was middle of December build.

Feb 13 2022, 5:46 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.

Which version?

Feb 13 2022, 5:07 PM · VyOS 1.3 Equuleus ( 1.3.1)
dutty updated the task description for T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Feb 13 2022, 2:08 PM · VyOS 1.3 Equuleus ( 1.3.1)
dutty updated the task description for T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Feb 13 2022, 1:55 PM · VyOS 1.3 Equuleus ( 1.3.1)
dutty created T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Feb 13 2022, 1:04 PM · VyOS 1.3 Equuleus ( 1.3.1)

Feb 12 2022

al-pankov added a comment to T4197: Vyos arm64-latest build issue with telegraf pkg.

build.log37 KBDownload

Feb 12 2022, 9:08 PM · VyOS 1.4 Sagitta
al-pankov closed T4211: Vyos arm64-latest build issue with libc6 pkg as Invalid.
Feb 12 2022, 8:20 PM · VyOS 1.4 Sagitta, vyos-build
c-po claimed T4240: Cannot add wlan0 to bridge via configure.
Feb 12 2022, 7:56 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
c-po created T4240: Cannot add wlan0 to bridge via configure.
Feb 12 2022, 7:56 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Feb 11 2022

danielpo created T4239: static-host-mapping only working on ipv4 addresses.
Feb 11 2022, 5:02 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T3686: Bridging OpenVPN tap with no local-address breaks from In progress to Needs testing.
Feb 11 2022, 1:39 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

@Scoopta Can you check your configuration with the next rolling release?

Feb 11 2022, 1:39 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T4236: Generate ovpn openvpn client configuration files from Open to Needs testing.
Feb 11 2022, 1:37 PM · VyOS 1.4 Sagitta
Viacheslav moved T3872: Add configurable telegraf monitoring service from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Feb 11 2022, 1:35 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T3872: Add configurable telegraf monitoring service as Resolved.
Feb 11 2022, 1:35 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4151: IPV6 local PBR Support.

@hensur Could you create a PR for 1.3?

Feb 11 2022, 1:34 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
Viacheslav closed T4234: Show firewall partly broken in 1.3.x as Resolved.
Feb 11 2022, 1:28 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a project to T4237: Conntrack-sync error - error adding listen-address command: VyOS 1.4 Sagitta.
Feb 11 2022, 1:25 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav edited projects for T4237: Conntrack-sync error - error adding listen-address command, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Feb 11 2022, 1:25 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a comment to T4237: Conntrack-sync error - error adding listen-address command.

PR https://github.com/vyos/vyos-1x/pull/1218

Feb 11 2022, 1:24 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
erkin added a subtask for T3644: Replace GCC with a simpler preprocessor for including nested XML snippets in XML documents: T4238: Support for overriding XML properties in the template preprocessor.
Feb 11 2022, 1:22 PM · VyOS 1.4 Sagitta (1.4.0-GA)
erkin added a parent task for T4238: Support for overriding XML properties in the template preprocessor: T3644: Replace GCC with a simpler preprocessor for including nested XML snippets in XML documents.
Feb 11 2022, 1:22 PM · VyOS 1.5 Circinus
erkin triaged T4238: Support for overriding XML properties in the template preprocessor as Low priority.
Feb 11 2022, 1:21 PM · VyOS 1.5 Circinus
Viacheslav changed the status of T4237: Conntrack-sync error - error adding listen-address command from Open to In progress.
Feb 11 2022, 1:12 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
n.fort created T4237: Conntrack-sync error - error adding listen-address command.
Feb 11 2022, 11:31 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Unknown Object (User) added a comment to T4234: Show firewall partly broken in 1.3.x.

Checked in VyOS 1.3-stable-202202101926

Feb 11 2022, 1:10 AM · VyOS 1.3 Equuleus ( 1.3.1)

Feb 10 2022

Viacheslav added a comment to T4236: Generate ovpn openvpn client configuration files.

PR https://github.com/vyos/vyos-1x/pull/1217

Feb 10 2022, 10:15 PM · VyOS 1.4 Sagitta
c-po added a comment to T4191: Lost access to host after VRF re-creating.

Issue can be triggered also with a reduced CLI config, just run this multiple times:

Feb 10 2022, 8:58 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
jmbwell added a comment to T2044: RPKI doesn't boot properly.

I'm able to reproduce this with 1.4, using the new config structure:

Feb 10 2022, 7:28 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav updated the task description for T4236: Generate ovpn openvpn client configuration files.
Feb 10 2022, 5:01 PM · VyOS 1.4 Sagitta
nikeshhajari closed T4192: OpenVPN custom option for "--client-to-client" causes configuration error as Invalid.
Feb 10 2022, 4:44 PM · VyOS 1.3 Equuleus (1.3.0)
nikeshhajari added a comment to T4192: OpenVPN custom option for "--client-to-client" causes configuration error.

I will close this. It turns out the root cause is related to this other bug I filed:

Feb 10 2022, 4:44 PM · VyOS 1.3 Equuleus (1.3.0)
jestabro closed T4235: Add config tree diff algorithm as Resolved.
Feb 10 2022, 3:58 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav closed T4165: Custom conntrack rules cannot be deleted as Resolved.
Feb 10 2022, 3:54 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a comment to T3591: OpenVPN with/without VRF not working (NordVPN).

There is an example of a working configuration:

set interfaces openvpn vtun10 authentication password xxxxxx
set interfaces openvpn vtun10 authentication username xxxxxx
set interfaces openvpn vtun10 device-type 'tun'
set interfaces openvpn vtun10 encryption cipher 'aes256'
set interfaces openvpn vtun10 hash 'sha512'
set interfaces openvpn vtun10 mode 'client'
set interfaces openvpn vtun10 openvpn-option '--config /config/auth/nord/included_config.conf'
set interfaces openvpn vtun10 persistent-tunnel
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 remote-host 'xxx.xxx.218.155'
set interfaces openvpn vtun10 remote-port '1194'
set interfaces openvpn vtun10 tls ca-cert-file xxxxxx
Feb 10 2022, 3:20 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4234: Show firewall partly broken in 1.3.x from Confirmed to Needs testing.
Feb 10 2022, 3:19 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a comment to T1925: DMVPN is always listed as down in "show vpn ipsec sa".

PR https://github.com/vyos/vyos-1x/pull/1133

Feb 10 2022, 12:11 PM · VyOS 1.3 Equuleus (1.3.6)
Viacheslav triaged T4234: Show firewall partly broken in 1.3.x as High priority.
Feb 10 2022, 7:37 AM · VyOS 1.3 Equuleus ( 1.3.1)

Feb 9 2022

fernando added a comment to T4163: [BMP-BGP] Routing monitoring feature.

we found an error when we tried to upload the configuration using the frr.reload.py . I did an issues request to FRR with this problem ,here is the case:

Feb 9 2022, 8:29 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav updated subscribers of T4236: Generate ovpn openvpn client configuration files.
Feb 9 2022, 5:45 PM · VyOS 1.4 Sagitta
Viacheslav created T4236: Generate ovpn openvpn client configuration files.
Feb 9 2022, 5:45 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

PR https://github.com/vyos/vyos-1x/pull/1214

Feb 9 2022, 4:19 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
RyVolodya added a comment to T4192: OpenVPN custom option for "--client-to-client" causes configuration error.

I checked in the OpenVPN network lab.
Version:

Version:          VyOS 1.3.0
Release train:    equuleus

Configuration:

vyos@vyos# show interfaces openvpn vtun0
set interfaces openvpn vtun0 encryption cipher 'aes256gcm'
set interfaces openvpn vtun0 hash 'sha512'
set interfaces openvpn vtun0 local-host '192.168.122.100'
set interfaces openvpn vtun0 local-port '1194'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 openvpn-option '--client-to-client'
set interfaces openvpn vtun0 openvpn-option '--verb 9'
set interfaces openvpn vtun0 openvpn-option '--mute 10'
set interfaces openvpn vtun0 openvpn-option '--dev vtun0'
set interfaces openvpn vtun0 openvpn-option '--ifconfig-pool-persist ipp.txt'
set interfaces openvpn vtun0 openvpn-option '--status openvpn2.log'
set interfaces openvpn vtun0 openvpn-option '--user nobody --group nogroup'
set interfaces openvpn vtun0 openvpn-option '--persist-key --persist-tun'
set interfaces openvpn vtun0 openvpn-option '--keepalive 10 120'
set interfaces openvpn vtun0 persistent-tunnel
set interfaces openvpn vtun0 protocol 'udp'
set interfaces openvpn vtun0 server max-connections '5'
set interfaces openvpn vtun0 server name-server '1.1.1.1'
set interfaces openvpn vtun0 server push-route 10.10.10.0/24
set interfaces openvpn vtun0 server subnet '10.10.20.0/24'
set interfaces openvpn vtun0 server topology 'subnet'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/openvpn/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/openvpn/central.crt'
set interfaces openvpn vtun0 tls dh-file '/config/auth/openvpn/dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/openvpn/central.key'
set interfaces openvpn vtun0 use-lzo-compression

After rebooting, the OpenVPN configuration is saved:

Feb 9 2022, 3:32 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

@Scoopta I can't get your configuration, how does should work without the declaration source or remote address?
There is a template that generates OpenVPN site-to-site configuration https://github.com/vyos/vyos-1x/blob/9910020ae6ef37964c97bb28b6b1d84f8227650b/data/templates/openvpn/server.conf.tmpl#L143-L147

Feb 9 2022, 2:57 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

To reproduce in 1.4

set interfaces bridge br3 member interface vtun2
set interfaces openvpn vtun2 device-type 'tap'
set interfaces openvpn vtun2 mode 'site-to-site'
set interfaces openvpn vtun2 persistent-tunnel
set interfaces openvpn vtun2 shared-secret-key 'foo'
set pki openvpn shared-secret foo key '190696ff2244ca9ce8d5bef8718c58881fe8df8e3519c8bf6ede49108c97a5d9456db648d8c5ca953bb19d21978527a742497426313e614640d037ffffa4980be315e193727ebfb28f3725b779e2d3309ad6f8c939363f7fc14a0080c81e3faf4b053661c81c3003ddabeb87ac8611b81718956b7325f03978c74f502b39965f0d788b21b4370f6a625e3098f8d71ff3e653f50c54b424c511cba78871b38337237830a34266aa9558cd69c68ded89f7f0a82f94b5b87200c7ea05edb14a806e9e4998b00dc2895d976c0e506a6a06056745bca6ce1d2a5c95a51a1460e3080c7743eecbcee9d2c4f89d9e1b59f44484e43591f43bf713255b5de13ae8500620'
set pki openvpn shared-secret foo version '1'

Commit:

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 663, in <module>
    verify(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 228, in verify
    if len([addr for addr in openvpn['local_address'] if is_ipv4(addr)]) > 1:
KeyError: 'local_address'
Feb 9 2022, 1:50 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a project to T3686: Bridging OpenVPN tap with no local-address breaks: VyOS 1.4 Sagitta.
Feb 9 2022, 1:39 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T3686: Bridging OpenVPN tap with no local-address breaks from Open to In progress.
Feb 9 2022, 1:39 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T1317: OpenVPN configuration fails if it depends on another interface..

It can be fixed in thoses PR's:
https://github.com/vyos/vyos-1x/pull/1210
https://github.com/vyos/vyos-1x/pull/1211
T4230

Feb 9 2022, 12:33 PM · VyOS 1.3 Equuleus (1.3.9), test
jestabro changed the status of T4235: Add config tree diff algorithm from Open to Needs testing.
Feb 9 2022, 3:27 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
jestabro added a subtask for T4235: Add config tree diff algorithm: T3441: More intelligent config loading scripts.
Feb 9 2022, 3:21 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
jestabro added a parent task for T3441: More intelligent config loading scripts: T4235: Add config tree diff algorithm.
Feb 9 2022, 3:21 AM · VyOS 1.5 Circinus
jestabro updated the task description for T4235: Add config tree diff algorithm.
Feb 9 2022, 3:20 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
jestabro triaged T4235: Add config tree diff algorithm as Normal priority.
Feb 9 2022, 3:04 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
First
Prev
Next