Tested on VyOS 1.4-rolling-202202150317 and working as expected.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 15 2022
Feb 15 2022
n.fort closed T4160: Firewall - Error in rules that matches everything except something as Resolved.
vyos@vyos# run show config comm | grep fire
set firewall name FOO rule 10 action 'accept'
set firewall name FOO rule 10 protocol 'tcp'
set firewall name FOO rule 10 tcp flags not ack
set firewall name FOO rule 10 tcp flags syn
set firewall name FOO rule 40 action 'accept'
set firewall name FOO rule 40 protocol '!gre'
[edit]
vyos@vyos# sudo nft list chain ip filter NAME_FOO
table ip filter {
chain NAME_FOO {
tcp flags & (syn | ack) == syn counter packets 0 bytes 0 return comment "FOO-10"
meta l4proto != gre counter packets 0 bytes 0 return comment "FOO-40"
counter packets 0 bytes 0 return comment "FOO default-action accept"
}
}Solved. New commands:
Unknown Object (User) committed rVYOSONEX81add0813735: dhcpv6-server: T3494: Get address from network to correct sorting.
GitHub <noreply@github.com> committed rVYOSONEX40bf0d3ff078: Merge pull request #1222 from DmitriyEshenko/eq-1x-15022022 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX0f788abea73f: Merge pull request #1223 from sever-sever/T4237-cur (authored by c-po).
Viacheslav moved T4237: Conntrack-sync error - error adding listen-address command from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
PR for current https://github.com/vyos/vyos-1x/pull/1223
Unknown Object (User) added a comment to T3494: DHCPv6 leases traceback when PD using.
PR for equuleus https://github.com/vyos/vyos-1x/pull/1222
Viacheslav moved T3686: Bridging OpenVPN tap with no local-address breaks from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav edited projects for T3686: Bridging OpenVPN tap with no local-address breaks, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1221
Unknown Object (User) changed the status of T3494: DHCPv6 leases traceback when PD using from Resolved to Unknown Status.
Sorry, it works properly only for not PD. Looks like is not backported to equuleus
Client-side configuration to reproduce
set interfaces ethernet eth0 address 'dhcpv6' set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1' set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0' set interfaces ethernet eth0 dhcpv6-options pd 0 length '64'
On server-side we get the same backtrace
vyos@vyos# run show dhcpv6 server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 209, in <module>
leases = get_leases(conf, lease_file, args.state, args.pool, args.sort)
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in get_leases
leases = sorted(leases, key = lambda k: int(ip_address(k['ip'])))
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in <lambda>
leases = sorted(leases, key = lambda k: int(ip_address(k['ip'])))
File "/usr/lib/python3.7/ipaddress.py", line 54, in ip_address
address)
ValueError: '2001:db8:290::/64' does not appear to be an IPv4 or IPv6 addressUnknown Object (User) changed the status of T3494: DHCPv6 leases traceback when PD using from Unknown Status to Resolved.
Tested on VyOS version 1.3.0, works properly
vyos@vyos# run show version | match Version Version: VyOS 1.3.0 [edit] vyos@vyos# run show dhcpv6 server leases IPv6 address State Last communication Lease expiration Remaining Type Pool IAID_DUID ------------------ ------- -------------------- ------------------- ----------- ------------- ----------- ----------------------------------------------------------------- 2001:db8:3456::187 active 2022/02/15 09:28:10 2022/02/15 21:28:10 11:58:28 non-temporary VyOS-DHCPv6 00:00:00:00:00:04:79:76:62:99:23:ad:43:fb:9c:5b:1c:1e:59:4b:58:01
Unknown Object (User) added a comment to T725: Cake and FQ-PIE.
Hi @hensur , I'm sure that this code should be moved to python implementation, patches for the legacy vyatta-cfg-qos will be rejected.
First of all, need to create CLI XML definition
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#xml-used-for-cli-definitions
and then create backend in python to process CLI commands
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#configuration-script-structure-and-behaviour
GitHub <noreply@github.com> committed rVYOSONEXaef699acf11e: Merge pull request #1220 from chenxiaolong/T4244 (authored by c-po).
I can confirm that the latest 202202140317 build fixes this issue, thanks.
Unknown Object (User) updated subscribers of T4246: Failed to delete vrrp transition-script.
Feb 14 2022
Feb 14 2022
chenxiaolong added a comment to T4245: eapol: Support for specifying the full CA chain of trust for both client and server.
Alternatively, since the pki code seems to already recognize parents/issuers:
chenxiaolong added a comment to T4244: eapol: commit fails with KeyError when PKI certificate name differs from the CA name.
I've submitted a PR to fix this here: https://github.com/vyos/vyos-1x/pull/1220
Unknown Object (User) added a comment to T4243: Nat log - Add translated data to nat logs.
@n.fort it is possible with conntrackd logging option syslog
sudo rm /etc/systemd/system/conntrackd.service.d/override.conf
edit nano /etc/conntrackd/conntrackd.conf and add Syslog on in General section, then restart conntrackd service.
After that you will get messages
conntrack-tools[5097]: udp 17 src=100.64.0.3 dst=1.1.1.1 sport=41900 dport=53 src=1.1.1.1 dst=198.51.100.1 sport=53 dport=41900
I'd like to see cake in vyos as well. I don't think this has been implemented yet (at least not under the traffic-policy section in 1.4-rolling) ?
In hosts we can see 2 entries:
vyos@r11-roll# run show conf com | match test set system static-host-mapping host-name test1.com inet '1.1.1.1' set system static-host-mapping host-name test2.com inet '2a00:1450:400f:802::200e'
Task for kea T3316
@Viacheslav Working on it, should be ready soon.
c-po changed the status of T4154: Error add second gre tunnel with the same source interface from Open to Needs testing.
c-po moved T4154: Error add second gre tunnel with the same source interface from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po moved T4154: Error add second gre tunnel with the same source interface from Open to Finished on the VyOS 1.4 Sagitta board.
I think it is necessary to show this kind information . it should use tools/service as netflow/ipfix . for example:
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
works as expected:
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
sure, I'll test 1.4 rolling
but if this feature simply adds "dev XXX" to virtual_address in vrrp config that shouldn't break much
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
@Alexey.Kirillov it required more tests and responses from 1.4
Could you test it?
I can't get your configuration, how does should work without the declaration source or remote address?
I think I'm experiencing this same issue. I just tried upgrading a VPN server running 1.3-rolling-202001260217 to 1.3.0 LTS. As this is a production server (albeit a secondary/backup server) I've reverted to the old version of VyOS, and it looks like a fix is already on its way, so I just wanted to add my info to the ticket.
Feb 13 2022
Feb 13 2022
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
Is there any chance to backport this to 1.3x ?
It makes migration from cluster way easier.
c-po moved T4191: Lost access to host after VRF re-creating from In Progress to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po moved T4191: Lost access to host after VRF re-creating from Need Triage to In Progress on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po added a project to T4191: Lost access to host after VRF re-creating: VyOS 1.3 Equuleus ( 1.3.1).
c-po moved T4191: Lost access to host after VRF re-creating from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4218: firewall: rule name is not allowed to start with a number from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4225: Performance degration with latest rolling release from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4220: Commit broke dhclient 78b247b724f74bdabab0706aaa7f5b00e5809bc1 from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4226: VRRP transition-script does not work for groups name which contains -(minus) sign from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4223: policy route cannot have several entries with the same table from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4242: ethernet speed/duplex can never be switched back to auto/auto from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4204: Update Accel-PPP to a newer revision from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po moved T4242: ethernet speed/duplex can never be switched back to auto/auto from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
@Viacheslav As I said: every rolling version of VyOS 1.3 branch starting from mid-January. I built ISO several times during this month. Last one I tried today (built today). All of them behave like this in my two different routers. Last time ocserv worked was middle of December build.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Which version?
dutty updated the task description for T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
dutty updated the task description for T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Feb 12 2022
Feb 12 2022
build.log37 KBDownload
Feb 11 2022
Feb 11 2022
GitHub <noreply@github.com> committed rVYOSONEXd8b60d58ac8f: Merge pull request #1218 from sever-sever/T4237 (authored by c-po).
Viacheslav changed the status of T3686: Bridging OpenVPN tap with no local-address breaks from In progress to Needs testing.
@Scoopta Can you check your configuration with the next rolling release?
Viacheslav changed the status of T4236: Generate ovpn openvpn client configuration files from Open to Needs testing.
Viacheslav moved T3872: Add configurable telegraf monitoring service from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
@hensur Could you create a PR for 1.3?
Viacheslav added a project to T4237: Conntrack-sync error - error adding listen-address command: VyOS 1.4 Sagitta.
Viacheslav edited projects for T4237: Conntrack-sync error - error adding listen-address command, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
erkin triaged T4238: Support for overriding XML properties in the template preprocessor as Low priority.