In T4456#125497, @Viacheslav wrote:@marekm Did you set a proper listen to address for it?
set system ntp listen-address x.x.x.x
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jul 4 2022
Jul 4 2022
Viacheslav closed T3600: DHCP Interface static route breaks PBR, a subtask of T3505: Commits do not respect changes in FRR that are not stored in a config, as Resolved.
marekm added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
Is there any further testing needed by me or someone else will do that?
Viacheslav moved T4501: Syslog-identifier does not work in event handler from Open to Finished on the VyOS 1.4 Sagitta board.
a.apostoliuk closed T4501: Syslog-identifier does not work in event handler, a subtask of T3083: Add feature event-handler, as Resolved.
I tested on VyOS 1.4-rolling-202207030217. The bug was resolved.
GitHub <noreply@github.com> committed rVYOSONEX91ac3a3ecdf8: Merge pull request #1385 from sarthurdev/ovpn-test-pki (authored by c-po).
Jul 3 2022
Jul 3 2022
Viacheslav changed the status of T4507: IPoE-server add multiplier option for shaper from Open to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX3d0cae6c7636: Merge pull request #1387 from sever-sever/T4507 (authored by c-po).
I already tested the PR before submitting:
Jul 2 2022
Jul 2 2022
Viacheslav renamed T4502: Consider implementing (NAT/other) flow table offload from Consider implementing NAT flow table offload to Consider implementing (NAT/other) flow table offload.
Viacheslav updated the task description for T2189: Adding a large port-range will take ~ 20 minutes to commit.
Viacheslav added a project to T4505: Function commit_in_progress works incorrect: VyOS 1.3 Equuleus (1.3.2).
Potentially slow validators:
src/validators/interface-address:ipaddrcheck --is-ipv4-host $1 || ipaddrcheck --is-ipv6-host $1
src/validators/ip-address:ipaddrcheck --is-any-single $1
src/validators/ip-cidr:ipaddrcheck --is-any-cidr $1
src/validators/ip-host:ipaddrcheck --is-any-host $1
src/validators/ip-prefix:ipaddrcheck --is-any-net $1
src/validators/ipv4:ipaddrcheck --is-ipv4 $1
src/validators/ipv4-address:ipaddrcheck --is-ipv4-single $1
src/validators/ipv4-host:ipaddrcheck --is-ipv4-host $1
src/validators/ipv4-multicast:ipaddrcheck --is-ipv4-multicast $1 && ipaddrcheck --is-ipv4-single $1
src/validators/ipv4-prefix:ipaddrcheck --is-ipv4-net $1
src/validators/ipv4-range: ipaddrcheck --is-ipv4-single ${strarr[0]}
src/validators/ipv4-range: ipaddrcheck --is-ipv4-single ${strarr[1]}
src/validators/ipv6:ipaddrcheck --is-ipv6 $1
src/validators/ipv6-address:ipaddrcheck --is-ipv6-single $1
src/validators/ipv6-host:ipaddrcheck --is-ipv6-host $1
src/validators/ipv6-multicast:ipaddrcheck --is-ipv6-multicast $1 && ipaddrcheck --is-ipv6-single $1
src/validators/ipv6-prefix:ipaddrcheck --is-ipv6-net $1Inverse match PR: https://github.com/vyos/vyos-1x/pull/1386
Jul 1 2022
Jul 1 2022
If the counters are visible and incrementing when checking with nft list table ip filter then I don't think this is an implementation issue. Wondering if its a problem with the syslog daemon.
GitHub <noreply@github.com> committed rVYOSONEX3d6e10019b4c: Merge pull request #1384 from vyos/revert-1326-T4429 (authored by Viacheslav).
GitHub <noreply@github.com> committed rVYOSONEX1fbcd549ffa2: Revert "op-mode: T4429: Ability to detect external IP address" (authored by dmbaturin).
Viacheslav changed the status of T1375: Add clear dhcp server lease function from Open to Needs testing.
Viacheslav edited projects for T1375: Add clear dhcp server lease function, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus (1.3.0).
GitHub <noreply@github.com> committed rVYOSONEXf315714d0c68: Merge pull request #1372 from sever-sever/T1375-eq (authored by dmbaturin).
Viacheslav moved T4489: MPLS sysctl not persistent for tunnel interfaces from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
GitHub <noreply@github.com> committed rVYOSONEXd519baabfd29: Merge pull request #1375 from sever-sever/T4489-eq (authored by dmbaturin).
I can't reproduce it in VyOS 1.3.1-S1 and VyOS 1.3-stable-202206240423
vyos@r1:~$ show conf com | match eth1 set interfaces ethernet eth1 address 'dhcp' set interfaces ethernet eth1 mtu '9000'
Viacheslav removed a project from T4451: The DHCPv6 server leases function the display of the hostname: VyOS 1.3 Equuleus.
Viacheslav changed the status of T4501: Syslog-identifier does not work in event handler, a subtask of T3083: Add feature event-handler, from In progress to Needs testing.
Viacheslav changed the status of T4501: Syslog-identifier does not work in event handler from In progress to Needs testing.
@a.apostoliuk Will be fixed in the next rolling release, could you re-test it?
@n.fort Could you create PR for 1.3?
I think it should be here https://github.com/vyos/vyatta-cfg-quagga/blob/d4097690c40f619bc0e78a0d674985f7880a19a3/templates/policy/route-map/node.tag/rule/node.tag/match/peer/node.def#L3-L4
GitHub <noreply@github.com> committed rVYOSONEXab27f3f73ad5: Merge pull request #1383 from sever-sever/T4501 (authored by c-po).
The same behavior for 1.2
It seems some old/depricated pkg ipp2p
vyos@r12# set firewall ipv6-name TEST rule 1 action drop [edit] vyos@r12# set firewall ipv6-name TEST rule 1 p2p all [edit] vyos@r12# commit [ firewall ipv6-name TEST ] ip6tables v1.4.21: Couldn't load match `ipp2p':No such file or directory
Viacheslav added a parent task for T4501: Syslog-identifier does not work in event handler: T3083: Add feature event-handler.
Viacheslav removed a subtask for T4501: Syslog-identifier does not work in event handler: T3083: Add feature event-handler.
Viacheslav removed a parent task for T3083: Add feature event-handler: T4501: Syslog-identifier does not work in event handler.
Viacheslav added a parent task for T3083: Add feature event-handler: T4501: Syslog-identifier does not work in event handler.
Viacheslav changed the status of T4501: Syslog-identifier does not work in event handler from Open to In progress.
Viacheslav added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
@marekm Did you set a proper listen to address for it?
set system ntp listen-address x.x.x.x
GitHub <noreply@github.com> committed rVYOSONEX196aaf47a71b: Merge pull request #1380 from sarthurdev/ovpn-multi-ca (authored by c-po).
c-po closed T2455: No support for the IPv6 VTI, a subtask of T2353: Interface [conf_mode] errors parent task, as Resolved.
Also add IPv6 link local address support to auto generate a link-local address as on any other type of interface.
With recent versions of strongSwan and XFRM interface in VyOS 1.4 this is now possible.
c-po changed the status of T2455: No support for the IPv6 VTI, a subtask of T2353: Interface [conf_mode] errors parent task, from Open to In progress.
Jun 30 2022
Jun 30 2022
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
In T1641#125443, @Viacheslav wrote:@trae32566 Extentd conntrack table and reduce timeouts:
for example
There is no dict if exists only one record in the https://github.com/vyos/vyos-1x/blob/cefc7ce9bfcf7750700e73edbc21864fe8ab0bee/src/op_mode/show_nat_translations.py#L103-L110
So it can't parse correctly
Unknown Object (User) added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.
Maybe it depends on the version of accel-ppp.
In 1.2.8:
Viacheslav added a comment to T4313: "generate public-key-command" throws unhandled exceptions when it cannot retrieve the key.
Cherry-pick for 1.3 https://github.com/vyos/vyos-1x/pull/1381
In T2455#68732, @dmbaturin wrote:VTI is secretly IPIP, so it doesn't support IPv6. The real issue is that we don't support the IPv6 variant of VTI yet.
Viacheslav added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
@trae32566 Extentd conntrack table and reduce timeouts:
for example
set system sysctl parameter net.netfilter.nf_conntrack_generic_timeout value 60 set system sysctl parameter net.netfilter.nf_conntrack_icmp_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_icmpv6_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_close_wait value 20 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_established value 1800 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_fin_wait value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_recv value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_sent value 60 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_time_wait value 120 set system sysctl parameter net.netfilter.nf_conntrack_udp_timeout_stream value 60
Viacheslav changed the status of T4498: bridge: Add option to enable/disable IGMP/MLD snooping from Open to Needs testing.
@Viacheslav There is already a set interfaces bridge brN igmp node. If the default option is enabled, I think set interfaces bridge brN igmp disable-snooping would sound better.
I prefer to have IGMP snooping disabled as the default option, since improper IGMP snooping causes issues while disabling IGMP snooping doesn't.
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
This seems to be an issue in 1.4 as well, I have the exact same symptoms, and removing the accept-protocol fixes the issue.
Jun 29 2022
Jun 29 2022
Implemented as: set service router-advert interface eth0 name-server-lifetime <value> which will be option A