VyOS 1.4
set interfaces input ifb042 set interfaces ethernet eth0 vif 42 address 203.0.113.47/32 set interfaces ethernet eth0 vif 42 redirect 'ifb042'
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Feb 22 2022
Feb 22 2022
Viacheslav changed the status of T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?) from Open to In progress.
Viacheslav added a comment to T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?).
@Cheeze_It There is a task for op-mode T4265
Task for controller T4266
Feb 21 2022
Feb 21 2022
Feb 20 2022
Feb 20 2022
Viacheslav added a comment to T3656: IPSec 1.4 : "show vpn ike sa" does not show the correct default ike version.
@SrividyaA Could you fix the old command help description?
Viacheslav changed the status of T3948: IPSec VPN: Add a new option "none" for the connection-type from Open to In progress.
Viacheslav changed the subtype of T4262: install image doesn't respect chosen root partition size from "Task" to "Bug".
Which version?
@SrividyaA Which configurations do you expect with option set vpn ipsec site-to-site peer 192.168.122.14 connection-type none ?
Viacheslav changed the status of T1856: Support configuring IPSec SA bytes, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to In progress.
Viacheslav changed the status of T1856: Support configuring IPSec SA bytes from Open to In progress.
Viacheslav changed the subtype of T4001: Cannot use local-subnet or remote-subnet when using transport mode from "Task" to "Feature Request".
Feb 19 2022
Feb 19 2022
It is used in keepalived Template
Viacheslav changed the status of T4249: Add support for device mapping in containers from Open to In progress.
Feb 18 2022
Feb 18 2022
Viacheslav updated the task description for T4254: VPN IPSec charon add options cisco_flexvpn and install_virtual_ip_on.
@kirvio Could you check it on 1.3/1.4?
Feb 17 2022
Feb 17 2022
Viacheslav updated the task description for T4254: VPN IPSec charon add options cisco_flexvpn and install_virtual_ip_on.
Viacheslav changed the status of T3600: DHCP Interface static route breaks PBR, a subtask of T3505: Commits do not respect changes in FRR that are not stored in a config, from In progress to Needs testing.
Viacheslav changed the status of T3600: DHCP Interface static route breaks PBR from In progress to Needs testing.
Viacheslav closed T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus as Resolved.
@dutty Thanks for confirming.
Viacheslav changed the status of T4254: VPN IPSec charon add options cisco_flexvpn and install_virtual_ip_on from Open to In progress.
Viacheslav changed the status of T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID from In progress to Needs testing.
Viacheslav changed the status of T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus from Confirmed to Needs testing.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
CI job for re-build pkg ocserv should fix this issue.
Feb 16 2022
Feb 16 2022
Viacheslav edited projects for T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Viacheslav changed the status of T4197: Vyos arm64-latest build issue with telegraf pkg from Open to Needs testing.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Install official pkg solve the issue
wget http://ftp.de.debian.org/debian/pool/main/o/ocserv/ocserv_0.12.2-3_amd64.deb dpkg -i *.deb `
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Can be related
Found out some strange things, client address was banned:
ocserv[2072]: main: added 1 points (total 1) for IP '192.168.122.1' to ban list
Viacheslav changed the status of T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus from Open to Confirmed.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
I don't see any issues with LTS 1.3.0
Thanks
Is it required point of binding in a container?
For example:
podman run --rm -it --device=/dev/vdb:/dev/xvdc:rwm --net host ubuntu bash
You can get access to host netwoks with set container name foo allow-host-networks
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1224
Viacheslav reopened T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID as "In progress".
@anthr76 we have ready telegraf exporter, maybe it will work for you?
https://docs.vyos.io/en/latest/configuration/service/monitoring.html
Viacheslav changed the subtype of T4248: There isn't a way to remove the only rule from the (traffic-policy) class. from "Task" to "Bug".
Feb 15 2022
Feb 15 2022
Viacheslav moved T1292: Issues while deleting all rules from a firewall from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T4237: Conntrack-sync error - error adding listen-address command from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
PR for current https://github.com/vyos/vyos-1x/pull/1223
Viacheslav moved T3686: Bridging OpenVPN tap with no local-address breaks from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav edited projects for T3686: Bridging OpenVPN tap with no local-address breaks, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1221
Feb 14 2022
Feb 14 2022
In hosts we can see 2 entries:
vyos@r11-roll# run show conf com | match test set system static-host-mapping host-name test1.com inet '1.1.1.1' set system static-host-mapping host-name test2.com inet '2a00:1450:400f:802::200e'
Task for kea T3316
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
@Alexey.Kirillov it required more tests and responses from 1.4
Could you test it?
Feb 13 2022
Feb 13 2022
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Which version?
Feb 11 2022
Feb 11 2022
Viacheslav changed the status of T3686: Bridging OpenVPN tap with no local-address breaks from In progress to Needs testing.
@Scoopta Can you check your configuration with the next rolling release?
Viacheslav changed the status of T4236: Generate ovpn openvpn client configuration files from Open to Needs testing.
Viacheslav moved T3872: Add configurable telegraf monitoring service from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
@hensur Could you create a PR for 1.3?
Viacheslav added a project to T4237: Conntrack-sync error - error adding listen-address command: VyOS 1.4 Sagitta.
Viacheslav edited projects for T4237: Conntrack-sync error - error adding listen-address command, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Viacheslav changed the status of T4237: Conntrack-sync error - error adding listen-address command from Open to In progress.
Feb 10 2022
Feb 10 2022
Viacheslav updated the task description for T4236: Generate ovpn openvpn client configuration files.
There is an example of a working configuration:
set interfaces openvpn vtun10 authentication password xxxxxx set interfaces openvpn vtun10 authentication username xxxxxx set interfaces openvpn vtun10 device-type 'tun' set interfaces openvpn vtun10 encryption cipher 'aes256' set interfaces openvpn vtun10 hash 'sha512' set interfaces openvpn vtun10 mode 'client' set interfaces openvpn vtun10 openvpn-option '--config /config/auth/nord/included_config.conf' set interfaces openvpn vtun10 persistent-tunnel set interfaces openvpn vtun10 protocol 'udp' set interfaces openvpn vtun10 remote-host 'xxx.xxx.218.155' set interfaces openvpn vtun10 remote-port '1194' set interfaces openvpn vtun10 tls ca-cert-file xxxxxx
Viacheslav changed the status of T4234: Show firewall partly broken in 1.3.x from Confirmed to Needs testing.
Feb 9 2022
Feb 9 2022
@Scoopta I can't get your configuration, how does should work without the declaration source or remote address?
There is a template that generates OpenVPN site-to-site configuration https://github.com/vyos/vyos-1x/blob/9910020ae6ef37964c97bb28b6b1d84f8227650b/data/templates/openvpn/server.conf.tmpl#L143-L147
To reproduce in 1.4
set interfaces bridge br3 member interface vtun2 set interfaces openvpn vtun2 device-type 'tap' set interfaces openvpn vtun2 mode 'site-to-site' set interfaces openvpn vtun2 persistent-tunnel set interfaces openvpn vtun2 shared-secret-key 'foo' set pki openvpn shared-secret foo key '190696ff2244ca9ce8d5bef8718c58881fe8df8e3519c8bf6ede49108c97a5d9456db648d8c5ca953bb19d21978527a742497426313e614640d037ffffa4980be315e193727ebfb28f3725b779e2d3309ad6f8c939363f7fc14a0080c81e3faf4b053661c81c3003ddabeb87ac8611b81718956b7325f03978c74f502b39965f0d788b21b4370f6a625e3098f8d71ff3e653f50c54b424c511cba78871b38337237830a34266aa9558cd69c68ded89f7f0a82f94b5b87200c7ea05edb14a806e9e4998b00dc2895d976c0e506a6a06056745bca6ce1d2a5c95a51a1460e3080c7743eecbcee9d2c4f89d9e1b59f44484e43591f43bf713255b5de13ae8500620' set pki openvpn shared-secret foo version '1'
Commit:
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 663, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 228, in verify
if len([addr for addr in openvpn['local_address'] if is_ipv4(addr)]) > 1:
KeyError: 'local_address'