Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Jun 26 2022

aderouineau added a comment to T1733: Route filters syntax redesign.

@MrXermon Let's say someone is setting up BGP peering and wants to control import or export of prefixes using prefixlist. With your suggestion, how would you deny certain prefixes and accept all others? Can JunOS solve this directly with prefixlist without using route-map?

Jun 26 2022, 9:06 PM
Nova_Logic added a comment to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.

Thank you!

Jun 26 2022, 4:16 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4480: add an ability to configure squid acl safe ports and acl ssl safe ports from Open to In progress.
Jun 26 2022, 3:49 PM · VyOS 1.4 Sagitta
n.fort added a project to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports: VyOS 1.4 Sagitta.
Jun 26 2022, 3:49 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.

PR: https://github.com/vyos/vyos-1x/pull/1369

Jun 26 2022, 3:48 PM · VyOS 1.4 Sagitta
Nova_Logic updated the task description for T4488: allow manual configuration changes of interfaces created by high-availability with rfc3768-compatibility option .
Jun 26 2022, 3:11 PM · VyOS Rolling
Nova_Logic created T4488: allow manual configuration changes of interfaces created by high-availability with rfc3768-compatibility option .
Jun 26 2022, 3:06 PM · VyOS Rolling
n.fort claimed T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.
Jun 26 2022, 12:25 PM · VyOS 1.4 Sagitta
sarthurdev committed rVYOSONEXa54c755991af: firewall: T4484: Fix op-mode summary for address groups with ranges..
Jun 26 2022, 8:54 AM
GitHub <noreply@github.com> committed rVYOSONEXf75da014ae29: Merge pull request #1368 from sarthurdev/firewall-opsummary (authored by c-po).
Jun 26 2022, 8:54 AM
Viacheslav changed Version from - to VyOS 1.4-rolling-202206260217 on T4487: Create container without downloaded image wrong behavior.
Jun 26 2022, 8:37 AM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4487: Create container without downloaded image wrong behavior from "Feature Request" to "Bug".
Jun 26 2022, 8:29 AM · VyOS 1.4 Sagitta
Viacheslav created T4487: Create container without downloaded image wrong behavior.
Jun 26 2022, 8:28 AM · VyOS 1.4 Sagitta
Viacheslav closed T4404: Container is not deleted as Not Applicable.
Jun 26 2022, 8:14 AM · VyOS 1.4 Sagitta
Viacheslav created T4486: Container can't be deleted.
Jun 26 2022, 8:11 AM · VyOS 1.4 Sagitta

Jun 25 2022

sarthurdev changed the status of T4485: OpenVPN: Allow multiple CAs certificates from Open to In progress.
Jun 25 2022, 9:58 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1368

Jun 25 2022, 9:48 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from Open to In progress.
Jun 25 2022, 9:46 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXa83eecfeee1f: op-mode: T1375: Allow to clear dhcp-server lease.
Jun 25 2022, 9:15 AM
GitHub <noreply@github.com> committed rVYOSONEX56457c9f35c5: Merge pull request #1360 from sever-sever/T1375 (authored by c-po).
Jun 25 2022, 9:15 AM
sarthurdev committed rVYOSONEXfb984a3fc56d: firewall: T4435: Verify parent config applied successfully.
Jun 25 2022, 9:14 AM
GitHub <noreply@github.com> committed rVYOSONEX10782837ad7c: Merge pull request #1362 from sarthurdev/T4435 (authored by c-po).
Jun 25 2022, 9:14 AM
c-po closed T4483: Upgrade fastnetmon to v1.2.2 community edition, a subtask of T2659: Add fastnetmon (DDoS detection) support, as Resolved.
Jun 25 2022, 9:11 AM · VyOS 1.3 Equuleus (1.3.0)
c-po closed T4483: Upgrade fastnetmon to v1.2.2 community edition as Resolved.
Jun 25 2022, 9:11 AM · VyOS 1.4 Sagitta
c-po created T4483: Upgrade fastnetmon to v1.2.2 community edition.
Jun 25 2022, 9:11 AM · VyOS 1.4 Sagitta
c-po moved T1748: vbash: beautify tab completion output/line breaks from In Progress to Finished on the VyOS 1.4 Sagitta board.
Jun 25 2022, 9:03 AM · VyOS 1.4 Sagitta
c-po moved T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect from In Progress to Finished on the VyOS 1.4 Sagitta board.
Jun 25 2022, 9:03 AM · VyOS 1.4 Sagitta
c-po closed T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect as Resolved.
Jun 25 2022, 9:03 AM · VyOS 1.4 Sagitta
c-po committed rVYOSONEXb63006b4a5e4: interfaces: dhcp: T4482: toggle of "dhcp-options no-default-route" has no effect.
Jun 25 2022, 9:03 AM
c-po updated the task description for T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect.
Jun 25 2022, 7:47 AM · VyOS 1.4 Sagitta
c-po moved T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect from Open to In Progress on the VyOS 1.4 Sagitta board.
Jun 25 2022, 7:47 AM · VyOS 1.4 Sagitta
c-po claimed T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect.
Jun 25 2022, 7:46 AM · VyOS 1.4 Sagitta
c-po created T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect.
Jun 25 2022, 7:46 AM · VyOS 1.4 Sagitta
c-po committed rVYOSONEXb2fc5f6362a6: dhcp: pppoe: T4384: bugfix not honoring no-default-route CLI option.
Jun 25 2022, 7:13 AM

Jun 24 2022

Nova_Logic created T4481: containers are not starting.
Jun 24 2022, 10:16 PM · VyOS 1.4 Sagitta
Nova_Logic created T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.
Jun 24 2022, 10:13 PM · VyOS 1.4 Sagitta
sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

@Viacheslav As for your other concern, you can filter the actual inbound interface (eth4 in this my case) in mangle-PREROUTING. Maybe you could try packet marking in mangle-PREROUTING, then filter them later in VYOS_FW_FORWARD/VYOS_FW_LOCAL in the filter table?
Something like this:

Jun 24 2022, 4:06 AM · Bugs, VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Jun 23 2022

sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

@Viacheslav I tested your fix in my environment. The inbound filtering worked as expected after the fix. However it did not work correctly for the case we where we want both inbound and outbound firewalls on a single vrf member interface (or any case that has more than 2 directions on the same interface).

Jun 23 2022, 2:57 AM · Bugs, VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Jun 22 2022

n.fort committed rVYOSONEX8c1f4802b48a: Policy: T4475: add support for matching ipv6 addresses on peer option in route….
Jun 22 2022, 4:06 PM
GitHub <noreply@github.com> committed rVYOSONEX12aeb087c34f: Merge pull request #1367 from nicolas-fort/T4475 (authored by c-po).
Jun 22 2022, 4:06 PM
dongjunbo updated the task description for T4479: generate wireguard client command prompt has some error.
Jun 22 2022, 10:51 AM · VyOS 1.3 Equuleus (1.3.4)
dongjunbo created T4479: generate wireguard client command prompt has some error.
Jun 22 2022, 10:50 AM · VyOS 1.3 Equuleus (1.3.4)
c-po closed T1748: vbash: beautify tab completion output/line breaks as Resolved.
Jun 22 2022, 5:36 AM · VyOS 1.4 Sagitta
yas-nyan updated the task description for T4477: router-advert: support RDNSS lifetime option.
Jun 22 2022, 12:11 AM · VyOS 1.4 Sagitta

Jun 21 2022

v.huti updated subscribers of T4394: Improve VYOS_DEBUG profiling support.

Memray:

In order to keep useful tracing/debugging tooling in a single place, the @jestabro has created the repo:

https://github.com/jestabro/profiling-tools

Since there is no vyatta package yet, you need to either compile it by hand or install it from the apt
as explained before. Some examples to play around with:

# NOTE: I had to downgrade this package to resolve the installation conflict
# sudo apt-get install python3-pkg-resources=45.2.0-1
  sudo apt-get install python3-pip
  sudo python3 -m pip install memray
  PATH+=":/home/vyos/.local/bin"
Jun 21 2022, 10:49 PM · VyOS Rolling
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.

Analysis:

I have collected the profiling data for the following configurations:

Jun 21 2022, 10:48 PM · VyOS Rolling
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.

Gotchas:

If you are running a small QEMU device and it has run out of the memory, the scenario is following:

- The boot process has failed, the prompt is stuck, bash is not initialized
- You reboot the device, it tries to read the config, fails once again as there is no free memory
- Config was not loaded, you cannot log in; it is a loop
Jun 21 2022, 10:47 PM · VyOS Rolling
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.
NOTE: by default, the perf binary is not installed on the ISO image.
Jun 21 2022, 10:45 PM · VyOS Rolling
rob added a comment to T4478: Firewall ipv6 p2p option failed .

https://github.com/vyos/vyatta-cfg-firewall/pull/33

Jun 21 2022, 8:37 PM · Known issue, VyOS 1.3 Equuleus (1.3.0)
c-po committed rVYOSONEXc73c401eba24: T1748: vbash: beautify tab completion output/line breaks.
Jun 21 2022, 8:35 PM
c-po committed rVYOSONEX6ffda0ee36db: xml: T1748: cleanup <help> and </help> nodes not closing on the same line.
Jun 21 2022, 8:35 PM
GitHub <noreply@github.com> committed rVYOSONEX69ad00f3e589: Merge pull request #1366 from c-po/t1748-cli-help (authored by c-po).
Jun 21 2022, 8:35 PM
rob created T4478: Firewall ipv6 p2p option failed .
Jun 21 2022, 7:18 PM · Known issue, VyOS 1.3 Equuleus (1.3.0)
n.fort changed the status of T4475: route-map does not support ipv6 peer from Open to In progress.

PR for 1.4: https://github.com/vyos/vyos-1x/pull/1367

Jun 21 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.4)
n.fort added a project to T4475: route-map does not support ipv6 peer: VyOS 1.4 Sagitta.
Jun 21 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.4)
n.fort claimed T4475: route-map does not support ipv6 peer.
Jun 21 2022, 3:20 PM · VyOS 1.3 Equuleus (1.3.4)
v.huti added a comment to T4462: FRR operational-data pagination.

TBD: GUI

VyOS users can configure the front-end interface, called vycontroll, to examine the configuration state.
A detailed description can be found at:
https://vycontrol.com/
https://github.com/vycontrol/vycontrol
https://docs.vyos.io/en/equuleus/configuration/service/https.html
https://brezular.com/2021/05/01/vycontrol-web-ui-for-vyos-firewall/

Jun 21 2022, 2:40 PM · VyOS Rolling
v.huti added a comment to T4462: FRR operational-data pagination.

FRR Debugging

Recently, I had to triage/debug a bunch of issues that involved running a legacy build of frr.
This involved:

  • Triaging issue down to the place when it was introduced. Otherwise, verifying that feature was never working at all.
  • Comparing the execution flow between legacy/master versions to identify the divergence
  • Building & running multiple (legacy/master) frr versions in parallel
  • Doing deep analysis within gdb
Jun 21 2022, 2:38 PM · VyOS Rolling
v.huti added a comment to T4462: FRR operational-data pagination.

Since the last update, I have simplified the CLI interface:

1. I have removed the global iterator and incapsulated the iteration state into the vty structure.
   This way, each vtysh client has its private iteration state for the following requests.
   It should be possible to query multiple data nodes simultaneously and asynchronously.
Jun 21 2022, 2:27 PM · VyOS Rolling
yas-nyan renamed T4477: router-advert: support RDNSS lifetime option from router-advert: support RDNSS lifettime option to router-advert: support RDNSS lifetime option.
Jun 21 2022, 1:38 PM · VyOS 1.4 Sagitta
yas-nyan renamed T4477: router-advert: support RDNSS lifetime option from router-advert: support advertising specific routes to router-advert: support RDNSS lifettime option.
Jun 21 2022, 1:37 PM · VyOS 1.4 Sagitta
yas-nyan created T4477: router-advert: support RDNSS lifetime option.
Jun 21 2022, 1:29 PM · VyOS 1.4 Sagitta
danhusan created T4476: Next steps after installation is not communicated properly to new users.
Jun 21 2022, 12:31 PM · VyOS 1.3 Equuleus ( 1.3.1)
aderouineau created T4475: route-map does not support ipv6 peer.
Jun 21 2022, 2:00 AM · VyOS 1.3 Equuleus (1.3.4)

Jun 20 2022

aalmenar created T4474: Adding more than 1 prefix-list is ignored.
Jun 20 2022, 8:04 PM
c-po closed T1856: Support configuring IPSec SA bytes, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Jun 20 2022, 7:39 PM · VyOS 1.4 Sagitta
c-po closed T1856: Support configuring IPSec SA bytes as Resolved.
Jun 20 2022, 7:39 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)
c-po committed rVYOSONEX32df4dc8fbd2: T778: T782: dhcp-server: add missing bootfile-size and bootfile-name constraints.
Jun 20 2022, 7:37 PM
c-po committed rVYOSONEX87e11e7ca0a4: dhcp: T4156: bootfile-option: add missing constraints and valueHelp.
Jun 20 2022, 7:25 PM
c-po added a comment to T1748: vbash: beautify tab completion output/line breaks.
Jun 20 2022, 7:14 PM · VyOS 1.4 Sagitta
c-po moved T1748: vbash: beautify tab completion output/line breaks from Open to In Progress on the VyOS 1.4 Sagitta board.
Jun 20 2022, 7:03 PM · VyOS 1.4 Sagitta
c-po claimed T1748: vbash: beautify tab completion output/line breaks.
Jun 20 2022, 6:47 PM · VyOS 1.4 Sagitta
danhusan added a comment to T4466: intel i225-v nic does not detect link after boot.
In T4466#124827, @florin wrote:

https://drive.google.com/file/d/1-5G8UPZfw0UJalLJKPVkzoA6AKC5k7Lm/view?usp=sharing

Jun 20 2022, 3:15 PM · VyOS 1.3 Equuleus
florin added a comment to T4466: intel i225-v nic does not detect link after boot.

https://drive.google.com/file/d/1-5G8UPZfw0UJalLJKPVkzoA6AKC5k7Lm/view?usp=sharing

Jun 20 2022, 2:34 PM · VyOS 1.3 Equuleus
danhusan added a comment to T4466: intel i225-v nic does not detect link after boot.

Wow, well done! You don't happen to have an ISO you could share?

Jun 20 2022, 1:29 PM · VyOS 1.3 Equuleus
florin added a comment to T4466: intel i225-v nic does not detect link after boot.
vyos@gw:~$ show version
Jun 20 2022, 9:36 AM · VyOS 1.3 Equuleus
florin added a comment to T4466: intel i225-v nic does not detect link after boot.

yes, I had to do a bit of hacking - i.e. use the 1.4 kernel configs and patches, removed the wirguard-modules package, install the backports open-vm-tools version.
I committed those changes in my fork:
https://github.com/vyos/vyos-build/compare/equuleus...fvlaicu:equuleus

Jun 20 2022, 8:40 AM · VyOS 1.3 Equuleus
danhusan added a comment to T4466: intel i225-v nic does not detect link after boot.

Did you then end up with a fully working nic, bridging included?

Jun 20 2022, 8:05 AM · VyOS 1.3 Equuleus

Jun 19 2022

kajiuray committed rVYOSONEX5b5074c3f2b7: http-api: T4459: Fix to set VRF in http(s) service.
Jun 19 2022, 2:40 PM
GitHub <noreply@github.com> committed rVYOSONEXcd055ce723e0: Merge pull request #1349 from kajiuray/equuleus (authored by dmbaturin).
Jun 19 2022, 2:40 PM
Viacheslav created T4473: Use container network without network declaration error.
Jun 19 2022, 2:11 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4451: The DHCPv6 server leases function the display of the hostname.

We don't have such option client-hostname in dhcpdv6.leases

Jun 19 2022, 12:21 PM · VyOS Rolling
Viacheslav added a comment to T4472: Alternative validators.

PR https://github.com/vyos/vyos-1x/pull/1365

Jun 19 2022, 11:15 AM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4472: Alternative validators.
Jun 19 2022, 10:07 AM · VyOS 1.4 Sagitta
Viacheslav created T4472: Alternative validators.
Jun 19 2022, 9:46 AM · VyOS 1.4 Sagitta
sccfit created T4471: Explicit declare root domain in static-host-mapping.
Jun 19 2022, 3:29 AM · VyOS 1.4 Sagitta

Jun 18 2022

Viacheslav changed the subtype of T4470: Rewrite load-balancing wan to XML/Python from "Bug" to "Feature Request".
Jun 18 2022, 2:52 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS Rolling
Viacheslav created T4470: Rewrite load-balancing wan to XML/Python.
Jun 18 2022, 2:52 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS Rolling
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.197 / 5.10.121 to Update Linux Kernel to v5.4.197 / 5.10.123.
Jun 18 2022, 6:05 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po committed rVYOSONEX300535e2b8b7: policy: T4467: bugfix relative (+/-) increase of metric.
Jun 18 2022, 6:04 AM
c-po closed T4467: Validator Does Not Accept Signed Numbers as Resolved.
Jun 18 2022, 6:04 AM · VyOS 1.4 Sagitta
c-po added a comment to T4467: Validator Does Not Accept Signed Numbers.

Tested and works correct. Thanks @jestabro

Jun 18 2022, 6:04 AM · VyOS 1.4 Sagitta
dongjunbo updated the task description for T4469: Build Azure image by follow offical build instruction Error .
Jun 18 2022, 3:05 AM
dongjunbo created T4469: Build Azure image by follow offical build instruction Error .
Jun 18 2022, 3:05 AM
jestabro claimed T4467: Validator Does Not Accept Signed Numbers.
Jun 18 2022, 12:59 AM · VyOS 1.4 Sagitta
jestabro added a comment to T4467: Validator Does Not Accept Signed Numbers.

PR: https://github.com/vyos/vyos-utils/pull/4
Adding the additional validator to policy.xml.in allows the smoketest (above) to pass.

Jun 18 2022, 12:55 AM · VyOS 1.4 Sagitta

Jun 17 2022

jestabro added a comment to T4467: Validator Does Not Accept Signed Numbers.

One approach is linked below; to be discussed before PR.
https://github.com/vyos/vyos-utils/compare/master...jestabro:increment-decrement?expand=1

Jun 17 2022, 5:31 PM · VyOS 1.4 Sagitta
blackhole added a comment to T4362: Wan Load Balancing - Can't create routing tables.

I hope it can be found. I have been banging my head against the wall with this issue :( and it's hurting.

Jun 17 2022, 1:56 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4362: Wan Load Balancing - Can't create routing tables.

load-balancing wan completely broken with nexthop dhcp for 1.4 (it happens after first reboot or renew)
The script gets empty values there https://github.com/vyos/vyatta-wanloadbalance/blob/a831f22d4c34bf947b0335e55573280b75c2bde0/src/lbdecision.cc#L180
So ip route replace table is never executed
Why does it get an empty value?
It parse lease file https://github.com/vyos/vyatta-wanloadbalance/blob/a831f22d4c34bf947b0335e55573280b75c2bde0/src/lbdata.cc#L335-L341
option new_routers and in 1.4 the file looks as

Jun 17 2022, 1:43 PM · VyOS 1.4 Sagitta
Viacheslav closed T4209: Firewall incorrect handler for recent count and time as Resolved.
Jun 17 2022, 10:02 AM · VyOS 1.4 Sagitta
First
Prev
Next