@patrickli In 1.4 we don't use iptables, we use nftables
LInk to nftables example will be helpful.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Aug 15 2022
Aug 15 2022
@patrickli Could you attach an example of VyOS configuration with set service upnp xxx
If you manually change upnpd.conf does it work correctly?
Viacheslav changed the status of T4609: Unable to Restart Container VyOS 1.4 from Open to In progress.
Viacheslav changed the status of T4595: DPD interval and timeout do not work in DMVPN from Open to Needs testing.
Aug 14 2022
Aug 14 2022
It seems after this commit https://github.com/vyos/vyos-1x/commit/08cb762347208b21a8cbf81f7b35707d7e6dd4ac
I’ll take a look later
Aug 13 2022
Aug 13 2022
PR https://github.com/vyos/vyos-1x/pull/1466
Let me know if there is what you are expecting,
requires more tests
set nat static rule 10 destination address '10.0.1.1' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.168.1.1'
Aug 12 2022
Aug 12 2022
@artooro Did you try listen-port option for this case?
set service https api gql set service https api keys id KID key 'foo' set service https api socket set service https virtual-host foo listen-port '2580'
Check:
vyos@r14# sudo netstat -tulpn | grep nginx tcp 0 0 0.0.0.0:2580 0.0.0.0:* LISTEN 3570/nginx: master tcp6 0 0 :::2580 :::* LISTEN 3570/nginx: master [edit] vyos@r14#
Viacheslav added a comment to T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?).
@n.fort Create please PR for 1.3
Aug 11 2022
Aug 11 2022
Viacheslav changed the status of T4603: Need a config option to specify NAS-IP-Address for vpn l2tp from In progress to Needs testing.
@aserkin Will be present in the next rolling release.
@ajgnet Could you show routes after this bug?
sudo ip -6 route show sudo ip -6 route get 2607:f8b0:4006:80d::200e
Aug 10 2022
Aug 10 2022
Viacheslav changed the status of T4485: OpenVPN: Allow multiple CAs certificates from In progress to Needs testing.
hard awarded T4502: Consider implementing (NAT/other) flow table offload a Like token.
Viacheslav changed the status of T4603: Need a config option to specify NAS-IP-Address for vpn l2tp from Open to In progress.
Viacheslav added a project to T4603: Need a config option to specify NAS-IP-Address for vpn l2tp: VyOS 1.4 Sagitta.
@aserkin Could you send an example of the required accel-ppp section? And how do you see this command in VyOS CLI?
Aug 9 2022
Aug 9 2022
Will be fixed in https://github.com/vyos/vyos-1x/pull/1458
Aug 8 2022
Aug 8 2022
ping-check shouldn't be allowed by default
To enable it you have to set set service dhcp-server shared-network-name Lan01 ping-check
There is no configuration in generated .conf:
vyos@r14# cat /run/dhcp-server/dhcpd.conf | grep ping [edit] vyos@r14#
Viacheslav closed T4586: Add to NAT66: SNAT destination address and DNAT source address. as Resolved.
Aug 6 2022
Aug 6 2022
Viacheslav changed the status of T4596: "show openconnect-server sessions" command does not work in the openconnect module, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Viacheslav changed the status of T4596: "show openconnect-server sessions" command does not work in the openconnect module from Open to In progress.
Aug 5 2022
Aug 5 2022
Viacheslav updated subscribers of T4597: Check bind port before assign service HTTPS API and openconnect.
Viacheslav added a comment to T4597: Check bind port before assign service HTTPS API and openconnect.
PR checks if openconnect port is listened by another service https://github.com/vyos/vyos-1x/pull/1460
Viacheslav changed the status of T4597: Check bind port before assign service HTTPS API and openconnect from Open to In progress.
It is already present in 1.4
vyos@r14:~$ show conf com | match bgp set protocols bgp listen limit '1000' set protocols bgp listen range 192.0.2.0/24 peer-group 'FOO' set protocols bgp local-as '65001' set protocols bgp peer-group FOO remote-as '65001'
Viacheslav added a comment to T4596: "show openconnect-server sessions" command does not work in the openconnect module.
It appeared after this commit
It doesn't like this check https://github.com/vyos/vyos-1x/blob/2a10ffa4b5074be27458159fa94d6227d0e5c7f7/src/op_mode/openconnect-control.py#L63-L65
Check root user https://github.com/vyos/vyos-1x/blob/2a10ffa4b5074be27458159fa94d6227d0e5c7f7/python/vyos/util.py#L625-L626
Aug 4 2022
Aug 4 2022
Viacheslav changed the status of T4572: Add an option to force interface MTU to the value received from DHCP from Confirmed to Needs testing.
Viacheslav changed the status of T4547: Show vpn ipsec sa show unexpected prefix 'B' in packets, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Viacheslav changed the status of T4547: Show vpn ipsec sa show unexpected prefix 'B' in packets from Open to In progress.
Viacheslav changed the status of T4594: Rewrite op-mode IPsec to vyos.opmode format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Viacheslav changed the status of T4594: Rewrite op-mode IPsec to vyos.opmode format from Open to In progress.
Viacheslav changed the status of T4586: Add to NAT66: SNAT destination address and DNAT source address. from Open to Needs testing.
PR https://github.com/vyos/vyos-1x/pull/1458
Formatted output
vyos@r14:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------------------- ------- -------- -------------- ---------------- ---------------- ----------- --------------------------------------- peer_2001-db8--2_tunnel_0 up 9m15s 0B/0B 0/0 2001:db8::2 2001:db8::2 AES_CBC_256/HMAC_SHA2_256_128/MODP_2048 peer_2001-db8--2_tunnel_0 up 24m9s 0B/0B 0/0 2001:db8::2 2001:db8::2 AES_CBC_256/HMAC_SHA2_256_128/MODP_2048 vyos@r14:~$
Aug 3 2022
Aug 3 2022
Viacheslav added a comment to T4586: Add to NAT66: SNAT destination address and DNAT source address..
PR https://github.com/vyos/vyos-1x/pull/1457
set nat66 destination rule 10 destination address '2001:db8:1111::/64' set nat66 destination rule 10 inbound-interface 'eth1' set nat66 destination rule 10 source address '!2001:db8::6/127' set nat66 destination rule 10 translation address '2001:db8::444' set nat66 source rule 10 destination prefix '2001:db8::2/128' set nat66 source rule 10 outbound-interface 'eth1' set nat66 source rule 10 source prefix '2001:db8:1111::/64' set nat66 source rule 10 translation address 'masquerade' set nat66 source rule 20 destination prefix '!2001:db8::6/127' set nat66 source rule 20 outbound-interface 'eth1' set nat66 source rule 20 source prefix '2001:db8:1111::/64' set nat66 source rule 20 translation address 'masquerade'
Viacheslav added a parent task for T4443: Wan Load Balancing Multiple Regressions: T4470: Rewrite load-balancing wan to XML/Python.
Viacheslav added a parent task for T4587: wan load balance issues with 3 or more WANs: T4470: Rewrite load-balancing wan to XML/Python.
Aug 2 2022
Aug 2 2022
Viacheslav closed T4585: Rewrite op-mode containers to vyos.opmode , a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
PR https://github.com/vyos/vyos-1x/pull/1456
vyos@r14:~$ /usr/libexec/vyos/op_mode/container.py restart --name alp01 Container name "alp01" restarted! vyos@r14:~$ vyos@r14:~$ /usr/libexec/vyos/op_mode/container.py restart --name alp02 Error: no container with name or ID alp02 found: no such container vyos@r14:~$
Viacheslav changed the status of T4585: Rewrite op-mode containers to vyos.opmode , a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Viacheslav changed the status of T4585: Rewrite op-mode containers to vyos.opmode from Open to In progress.
PR https://github.com/vyos/vyos-1x/pull/1455
curl -k --raw 'https://localhost/graphql' \
-H 'Content-Type: application/json' \
-d '{"query":" {\n ShowVrf (data: {key: \"foo\"}) {\n success\n errors\n data {\n result\n }\n}\n}\n"}'Getting data:
{"data":{"ShowVrf":{"success":true,"errors":null,"data":{"result":[{"ifname":"foo","operstate":"UP","address":"26:f6:35:05:7e:0a","flags":["NOARP","MASTER","UP","LOWER_UP"]}]}}}}Aug 1 2022
Aug 1 2022
Viacheslav added a comment to T4572: Add an option to force interface MTU to the value received from DHCP.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1453
Viacheslav edited projects for T4572: Add an option to force interface MTU to the value received from DHCP, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus.
Viacheslav added a comment to T4572: Add an option to force interface MTU to the value received from DHCP.
To solve the issue with MTU over DHCP we can use some new options like mtu for example:
set interfaces ethernet eth0 dhcp-options mtu
Viacheslav closed T4581: 'show system cpu' not working, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
If vrf not configured:
vyos@r14:~$ /usr/libexec/vyos/op_mode/vrf.py show
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/vrf.py", line 89, in <module>
res = vyos.opmode.run(sys.modules[__name__])
File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 118, in run
res = func(**args)
File "/usr/libexec/vyos/op_mode/vrf.py", line 84, in show
return _get_formatted_output(vrf_data)
File "/usr/libexec/vyos/op_mode/vrf.py", line 68, in _get_formatted_output
state = vrf.get('operstate').lower()
AttributeError: 'NoneType' object has no attribute 'lower'
vyos@r14:~$Viacheslav changed the status of T4582: Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs from Open to Needs testing.
Viacheslav closed T4578: Rewrite show dns forwarding statistics to new format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Viacheslav added a parent task for T4581: 'show system cpu' not working: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Jul 30 2022
Jul 30 2022
@dongjunbo What do you mean?
Could you send a real example? I don't see any issues (VyOS 1.3-stable-202207280515).
Viacheslav changed the subtype of T4375: hairpin nat (nat reflector) "hijacks" all outgoing traffic on specified port to any destination from "Bug" to "Feature Request".
Viacheslav changed the status of T4578: Rewrite show dns forwarding statistics to new format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Viacheslav changed the status of T4578: Rewrite show dns forwarding statistics to new format from Open to In progress.
PR https://github.com/vyos/vyos-1x/pull/1446
vyos@r14:~$ show dns forwarding statistics Cache entries Max cache entries Cache size --------------- ------------------- ------------ 71 10000 20.22 kbytes vyos@r14:~$
Raw:
vyos@r14:~$ /usr/libexec/vyos/op_mode/dns.py show_forwarding_statistics --raw
{
"aggressive-nsec-cache-entries": "0",
"aggressive-nsec-cache-nsec-hits": "0",
"aggressive-nsec-cache-nsec-wc-hits": "0",
"aggressive-nsec-cache-nsec3-hits": "0",
"aggressive-nsec-cache-nsec3-wc-hits": "0",
"all-outqueries": "48",
"answers-slow": "0",
"answers0-1": "0",
"answers1-10": "0",
"answers10-100": "0",
"answers100-1000": "0",
"auth-zone-queries": "0",
"auth4-answers-slow": "0",
"auth4-answers0-1": "0",
"auth4-answers1-10": "0",
"auth4-answers10-100": "20",
"auth4-answers100-1000": "9",
"auth6-answers-slow": "0",
"auth6-answers0-1": "19",
"auth6-answers1-10": "0",
"auth6-answers10-100": "0",
"auth6-answers100-1000": "0",
"cache-entries": "71",
"cache-hits": "0",
"cache-misses": "0",
"case-mismatches": "0",
"chain-resends": "0",
"client-parse-errors": "0",
"concurrent-queries": "0",
"cpu-iowait": "10857",
"cpu-msec-thread-0": "1242",
"cpu-steal": "672",
"dlg-only-drops": "0",
"dnssec-authentic-data-queries": "0",
"dnssec-check-disabled-queries": "0",
"dnssec-queries": "0",
"dnssec-result-bogus": "0",
"dnssec-result-bogus-invalid-denial": "0",
"dnssec-result-bogus-invalid-dnskey-protocol": "0",
"dnssec-result-bogus-missing-negative-indication": "0",
"dnssec-result-bogus-no-rrsig": "0",
"dnssec-result-bogus-no-valid-dnskey": "0",
"dnssec-result-bogus-no-valid-rrsig": "0",
"dnssec-result-bogus-no-zone-key-bit-set": "0",
"dnssec-result-bogus-revoked-dnskey": "0",
"dnssec-result-bogus-self-signed-ds": "0",
"dnssec-result-bogus-signature-expired": "0",
"dnssec-result-bogus-signature-not-yet-valid": "0",
"dnssec-result-bogus-unable-to-get-dnskeys": "0",
"dnssec-result-bogus-unable-to-get-dss": "0",
"dnssec-result-bogus-unsupported-dnskey-algo": "0",
"dnssec-result-bogus-unsupported-ds-digest-type": "0",
"dnssec-result-indeterminate": "0",
"dnssec-result-insecure": "0",
"dnssec-result-nta": "0",
"dnssec-result-secure": "5",
"dnssec-validations": "5",
"dont-outqueries": "0",
"ecs-queries": "0",
"ecs-responses": "0",
"edns-ping-matches": "0",
"edns-ping-mismatches": "0",
"empty-queries": "0",
"failed-host-entries": "0",
"fd-usage": "18",
"ignored-packets": "0",
"ipv6-outqueries": "19",
"ipv6-questions": "0",
"malloc-bytes": "0",
"max-cache-entries": "10000",
"max-mthread-stack": "0",
"max-packetcache-entries": "500000",
"negcache-entries": "4",
"no-packet-error": "0",
"nod-lookups-dropped-oversize": "0",
"noedns-outqueries": "0",
"noerror-answers": "0",
"noping-outqueries": "0",
"nsset-invalidations": "0",
"nsspeeds-entries": "0",
"nxdomain-answers": "0",
"outgoing-timeouts": "0",
"outgoing4-timeouts": "0",
"outgoing6-timeouts": "0",
"over-capacity-drops": "0",
"packetcache-entries": "0",
"packetcache-hits": "0",
"packetcache-misses": "0",
"policy-drops": "0",
"policy-result-custom": "0",
"policy-result-drop": "0",
"policy-result-noaction": "0",
"policy-result-nodata": "0",
"policy-result-nxdomain": "0",
"policy-result-truncate": "0",
"proxy-protocol-invalid": "0",
"qa-latency": "0",
"qname-min-fallback-success": "0",
"query-pipe-full-drops": "0",
"questions": "0",
"real-memory-usage": "21766144",
"rebalanced-queries": "0",
"record-cache-acquired": "1086473",
"record-cache-contended": "0",
"resource-limits": "19",
"security-status": "1",
"server-parse-errors": "0",
"servfail-answers": "0",
"spoof-prevents": "0",
"sys-msec": "1853",
"taskqueue-expired": "0",
"taskqueue-pushed": "0",
"taskqueue-size": "0",
"tcp-client-overflow": "0",
"tcp-clients": "0",
"tcp-outqueries": "0",
"tcp-questions": "0",
"throttle-entries": "0",
"throttled-out": "0",
"throttled-outqueries": "0",
"too-old-drops": "0",
"truncated-drops": "0",
"udp-in-errors": "0",
"udp-noport-errors": "0",
"udp-recvbuf-errors": "0",
"udp-sndbuf-errors": "0",
"unauthorized-tcp": "0",
"unauthorized-udp": "0",
"unexpected-packets": "0",
"unreachables": "0",
"uptime": "8820",
"user-msec": "621",
"variable-responses": "0",
"x-our-latency": "0",
"x-ourtime-slow": "0",
"x-ourtime0-1": "0",
"x-ourtime1-2": "0",
"x-ourtime16-32": "0",
"x-ourtime2-4": "0",
"x-ourtime4-8": "0",
"x-ourtime8-16": "0",
"cache-size": "20.22"
}