Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Aug 24 2022

Viacheslav committed rVYOSONEX8d4205a99a9f: nat66: T4626: Rewrite op-mode show nat66 rules.
Aug 24 2022, 6:58 PM
Viacheslav committed rVYOSONEXecaafaa26f85: https: T4597: Verify bind port before apply HTTPS API service.
Aug 24 2022, 5:24 PM
Viacheslav committed rVYOSONEX9b3cdfb96af9: conntrack: T4623: Add conntrack statistics for op-mode.
Aug 24 2022, 5:24 PM
Viacheslav changed the status of T4631: Add port and protocol to nat66 from Open to In progress.
Aug 24 2022, 11:46 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4626: Error showing nat66 source and destination, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Aug 24 2022, 11:41 AM · VyOS Rolling
Viacheslav changed the status of T4626: Error showing nat66 source and destination from Open to In progress.

PR https://github.com/vyos/vyos-1x/pull/1491

set nat66 destination rule 100 destination address '2001:1111:1111:1111::10'
set nat66 destination rule 100 inbound-interface 'eth0'
set nat66 destination rule 100 translation address 'fd00:1111:1111:1111::10'
set nat66 source rule 100 destination prefix '!fd00:2222:2222:2222::/64'
set nat66 source rule 100 outbound-interface 'eth0'
set nat66 source rule 100 source prefix 'fd00:1111:1111:1111::/64'
set nat66 source rule 100 translation address '2001:1111:1111:1111::10'
set nat66 source rule 120 destination prefix '2001:db8:2222::/64'
set nat66 source rule 120 outbound-interface 'eth0'
set nat66 source rule 120 source prefix '2001:db8:1111::/64'
set nat66 source rule 120 translation address 'masquerade'
set nat66 source rule 130 destination prefix '2001:db8:2222::/64'
set nat66 source rule 130 outbound-interface 'eth0'
set nat66 source rule 130 source prefix '2001:db8:2244::/64'
set nat66 source rule 130 translation address 'masquerade'

show

vyos@r14:~$ show nat66 source rules 
Rule    Source                    Destination                Proto    Out-Int    Translation
------  ------------------------  -------------------------  -------  ---------  -----------------------
100     fd00:1111:1111:1111::/64  !fd00:2222:2222:2222::/64  IP6      eth0       2001:1111:1111:1111::10
        sport any                 dport any
120     2001:db8:1111::/64        2001:db8:2222::/64         IP6      eth0       masquerade
        sport any                 dport any
130     2001:db8:2244::/64        2001:db8:2222::/64         IP6      eth0       masquerade
        sport any                 dport any
vyos@r14:~$ 
vyos@r14:~$ 
vyos@r14:~$ show nat66 destination  rules 
Rule    Source     Destination              Proto    In-Int    Translation
------  ---------  -----------------------  -------  --------  -----------------------
100     ::/0       2001:1111:1111:1111::10  any      eth0      fd00:1111:1111:1111::10
        sport any  dport any
vyos@r14:~$
Aug 24 2022, 11:41 AM · VyOS 1.4 Sagitta

Aug 23 2022

Viacheslav updated subscribers of T4635: Add zebra option ip nht resolve-via-default as default option.

I prefer to get this option configurable if it is possible
For IPv6 and VRFs - nice to have.
As it is used in BGP, I see something like set protocols bgp parameters next-hop-track resolve-via-default
Or, as it was mentioned in T3500
set routing-options next-hop-track resolve-via-default but it will be an additional node with only one option, needs to think

Aug 23 2022, 2:42 PM · VyOS Rolling
Viacheslav added a comment to T4623: Add show conntrack statistics.

PR https://github.com/vyos/vyos-1x/pull/1489

vyos@r14:~$ show conntrack statistics 
CPU    Found    Invalid    Insert    Insert fail      Drop    Early drop    Errors    Search restart
-----  -------  ---------  --------  ---------------  ------  ------------  --------  -----------------
cpu=0  found=0  invalid=0  insert=0  insert_failed=0  drop=0  early_drop=0  error=0   search_restart=0
cpu=1  found=0  invalid=0  insert=0  insert_failed=0  drop=0  early_drop=0  error=0   search_restart=0
cpu=2  found=0  invalid=0  insert=0  insert_failed=0  drop=0  early_drop=0  error=0   search_restart=0
cpu=3  found=0  invalid=0  insert=0  insert_failed=0  drop=0  early_drop=0  error=0   search_restart=48
vyos@r14:~$
Aug 23 2022, 11:37 AM · VyOS 1.4 Sagitta
Viacheslav claimed T4623: Add show conntrack statistics.
Aug 23 2022, 11:35 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4623: Add show conntrack statistics, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Aug 23 2022, 11:34 AM · VyOS Rolling
Viacheslav changed the status of T4623: Add show conntrack statistics from Open to In progress.
Aug 23 2022, 11:34 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4597: Check bind port before assign service HTTPS API and openconnect.

Check NGINX address/port before applying/committing service https
PR https://github.com/vyos/vyos-1x/pull/1488

Aug 23 2022, 9:36 AM · VyOS 1.4 Sagitta
Viacheslav closed T4618: Traffic policy not set on virtual interfaces as Resolved.
Aug 23 2022, 7:50 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav moved T4618: Traffic policy not set on virtual interfaces from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Aug 23 2022, 3:40 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T4309: Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore".

@daniil, could you check/test this PR https://github.com/vyos/vyos-1x/pull/1487 (only for IPv4)

Aug 23 2022, 1:03 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
Viacheslav moved T4206: Policy Based Routing with DHCP Interface Issue from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Aug 23 2022, 12:48 AM · VyOS 1.3 Equuleus (1.3.2)

Aug 22 2022

Viacheslav closed T4089: Show nat destination rules shows ip address instead of interface 'any', a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Aug 22 2022, 7:22 PM · VyOS Rolling
Viacheslav closed T4089: Show nat destination rules shows ip address instead of interface 'any' as Resolved.
Aug 22 2022, 7:22 PM · VyOS 1.4 Sagitta
Viacheslav created T4638: Deleting a parent interface does not delete its underlying VLAN interfaces.
Aug 22 2022, 6:52 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav added a comment to T4636: VLAN-Aware bridge not handling local traffic (and not able to perform inter-vlan routing).

I guess it the task T4632

Aug 22 2022, 2:08 PM · VyOS 1.4 Sagitta
Viacheslav assigned T4632: VLAN-aware bridge not working to c-po.
Aug 22 2022, 1:36 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav changed the status of T4634: Bgp neighbor disable-connected-check does not work from Open to In progress.
Aug 22 2022, 1:17 PM · VyOS 1.4 Sagitta
Viacheslav created T4635: Add zebra option ip nht resolve-via-default as default option.
Aug 22 2022, 10:51 AM · VyOS Rolling
Viacheslav created T4634: Bgp neighbor disable-connected-check does not work.
Aug 22 2022, 10:37 AM · VyOS 1.4 Sagitta

Aug 20 2022

Viacheslav added a comment to T4631: Add port and protocol to nat66.

PR https://github.com/vyos/vyos-1x/pull/1482

set nat66 destination rule 120 description 'foo'
set nat66 destination rule 120 destination port '4545'
set nat66 destination rule 120 inbound-interface 'eth0'
set nat66 destination rule 120 protocol 'tcp'
set nat66 destination rule 120 source address '2001:db8:2222::/64'
set nat66 destination rule 120 source port '8080'
set nat66 destination rule 120 translation address '2001:db8:1111::1'
set nat66 destination rule 120 translation port '5555'
Aug 20 2022, 4:33 PM · VyOS 1.4 Sagitta
Viacheslav closed T4596: "show openconnect-server sessions" command does not work in the openconnect module, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Aug 20 2022, 2:29 PM · VyOS Rolling
Viacheslav closed T4596: "show openconnect-server sessions" command does not work in the openconnect module as Resolved.
Aug 20 2022, 2:29 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXc0f5d00d9266: ocserv: T4597: Fix check bounded port by service itself.
Aug 20 2022, 2:15 PM
Viacheslav added a comment to T4597: Check bind port before assign service HTTPS API and openconnect.

Fix PR https://github.com/vyos/vyos-1x/pull/1481

Aug 20 2022, 2:03 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4597: Check bind port before assign service HTTPS API and openconnect.

There is a bug with such implementation check for openconnect
It is not possible to create the second user in another commit (as port already bonded)

vyos@r14# run show conf com | match vpn
set vpn openconnect authentication local-users username foo password 'bar'
set vpn openconnect authentication mode local 'password'
set vpn openconnect listen-ports tcp '8443'
set vpn openconnect listen-ports udp '8443'
set vpn openconnect network-settings client-ip-settings subnet '100.64.0.0/24'
set vpn openconnect network-settings name-server '100.64.0.1'
set vpn openconnect ssl ca-certificate 'ca-ocserv'
set vpn openconnect ssl certificate 'srv-ocserv'
[edit]
vyos@r14# commit
No configuration changes to commit
[edit]
vyos@r14# sudo netstat -tulpn | grep 8443
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      23880/ocserv-main   
tcp6       0      0 :::8443                 :::*                    LISTEN      23880/ocserv-main   
udp        0      0 0.0.0.0:8443            0.0.0.0:*                           23880/ocserv-main   
udp6       0      0 :::8443                 :::*                                23880/ocserv-main   
[edit]
vyos@r14# set vpn openconnect authentication local-users username foo2 password 'bar2'
[edit]
vyos@r14# commit
[ vpn openconnect ]
"tcp" port "8443" is used by another service
Aug 20 2022, 10:45 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4596: "show openconnect-server sessions" command does not work in the openconnect module.

It seems after this commit https://github.com/vyos/vyos-1x/commit/1b637f78b870f8ecc4971de5baf0a6fda54c40f7 for T4597
As the port already listens by ocserv itself, maybe we should revert it or change the logic to check that the port bind is not ocserv service

Aug 20 2022, 6:34 AM · VyOS 1.4 Sagitta

Aug 19 2022

Viacheslav closed T4611: UPnP rule IP should be a prefix instead of an address as Resolved.
Aug 19 2022, 8:05 PM · VyOS 1.4 Sagitta
Viacheslav closed T4620: UPnP does not work due to incorrect template as Resolved.
Aug 19 2022, 8:05 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXd0858015f121: UPnP: T4620: Fix Jinja2 template rules.
Aug 19 2022, 6:31 PM
Viacheslav committed rVYOSONEX6940bcf8d650: UPnP: T4611: Rule must be as prefix instead of an address.
Aug 19 2022, 6:31 PM
Viacheslav updated the task description for T4627: Ability to set host part IPv6 address via interface IP token.
Aug 19 2022, 2:05 PM · VyOS 1.5 Circinus (2025.11), VyOS 1.4 Sagitta (1.4.4)
Viacheslav changed the subtype of T4627: Ability to set host part IPv6 address via interface IP token from "Bug" to "Feature Request".
Aug 19 2022, 1:32 PM · VyOS 1.5 Circinus (2025.11), VyOS 1.4 Sagitta (1.4.4)
Viacheslav created T4627: Ability to set host part IPv6 address via interface IP token.
Aug 19 2022, 1:32 PM · VyOS 1.5 Circinus (2025.11), VyOS 1.4 Sagitta (1.4.4)
Viacheslav moved T4619: Static arp is not set if another entry is present from Open to Finished on the VyOS 1.4 Sagitta board.
Aug 19 2022, 12:09 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T4564: Root task for rewriting [op-mode] to vyos.opmode format: T4626: Error showing nat66 source and destination.
Aug 19 2022, 9:19 AM · VyOS Rolling
Viacheslav added a parent task for T4626: Error showing nat66 source and destination: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Aug 19 2022, 9:19 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4625: Update ocserv to current revision (1.1.6).

There is an example of how we build ocserv for 1.3 https://github.com/vyos/vyos-build/commit/2e1eac5980720d060834540e717f4f8a1189b9b0

Aug 19 2022, 2:49 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Aug 18 2022

Viacheslav closed T4570: Exception when trying to set up VXLAN over Wireguard as Resolved.
Aug 18 2022, 7:39 PM · VyOS 1.4 Sagitta
Viacheslav closed T4613: UPnP configuration without listen option fail as Resolved.
Aug 18 2022, 5:57 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .

Try to add some capabilities, for example, CAP_CHOWN or CAP_DAC_OVERRIDE or something else

sudo nano /etc/systemd/system/vyos-telegraf.service.d/10-override.conf

https://github.com/vyos/vyos-1x/blob/1f880973e221b91ac843a27d2e4c0b3de1880b97/data/templates/monitoring/override.conf.j2#L6

Aug 18 2022, 5:56 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4622: Firewall allow drop packets by TCP MSS size.

PR https://github.com/vyos/vyos-1x/pull/1478

set firewall name FOO rule 10 action 'drop'
set firewall name FOO rule 10 protocol 'tcp'
set firewall name FOO rule 10 tcp flags syn
set firewall name FOO rule 10 tcp mss '1-500'
Aug 18 2022, 5:23 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4622: Firewall allow drop packets by TCP MSS size from Open to In progress.
Aug 18 2022, 4:30 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4610: Firewall with 20K entries cannot load after reboot.

I did my internal tests and can't reproduce it
20K entries applied in 0.20 sec

root@r14:/home/vyos# cat tmp.nft | wc -l
20029
root@r14:/home/vyos# 
root@r14:/home/vyos# sudo time nft -f tmp.nft
real	0m 0.20s
user	0m 0.13s
sys	0m 0.06s
root@r14:/home/vyos#

200K entries in 2 sec

root@r14:/home/vyos# cat tmp.nft | wc -l
200029
root@r14:/home/vyos# 
root@r14:/home/vyos# sudo nft flush ruleset
root@r14:/home/vyos# 
root@r14:/home/vyos# sudo time nft -f tmp.nft
real	0m 1.91s
user	0m 1.20s
sys	0m 0.70s
root@r14:/home/vyos#
Aug 18 2022, 1:49 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T4564: Root task for rewriting [op-mode] to vyos.opmode format: T4623: Add show conntrack statistics.
Aug 18 2022, 10:09 AM · VyOS Rolling
Viacheslav added a parent task for T4623: Add show conntrack statistics: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
Aug 18 2022, 10:09 AM · VyOS 1.4 Sagitta
Viacheslav created T4623: Add show conntrack statistics.
Aug 18 2022, 10:02 AM · VyOS 1.4 Sagitta

Aug 17 2022

Viacheslav updated the task description for T4622: Firewall allow drop packets by TCP MSS size.
Aug 17 2022, 4:12 PM · VyOS 1.4 Sagitta
Viacheslav renamed T4622: Firewall allow drop packets by TCP MSS size from Firewall allow drop packets by TCP MSS to Firewall allow drop packets by TCP MSS size.
Aug 17 2022, 4:11 PM · VyOS 1.4 Sagitta
Viacheslav created T4622: Firewall allow drop packets by TCP MSS size.
Aug 17 2022, 3:37 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4619: Static arp is not set if another entry is present from Open to Needs testing.
Aug 17 2022, 3:22 PM · VyOS 1.4 Sagitta
Viacheslav moved T4480: add an ability to configure squid acl safe ports and acl ssl safe ports from Open to Finished on the VyOS 1.4 Sagitta board.
Aug 17 2022, 3:20 PM · VyOS 1.4 Sagitta
Viacheslav moved T4598: nat66 - Add exclude options from Open to Finished on the VyOS 1.4 Sagitta board.
Aug 17 2022, 3:19 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4601: dhcp : relay agent IP address issue..

@m.korobeinikov Could you check it in 1.3

Aug 17 2022, 11:31 AM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
Viacheslav moved T4618: Traffic policy not set on virtual interfaces from Open to Finished on the VyOS 1.4 Sagitta board.
Aug 17 2022, 9:49 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T4618: Traffic policy not set on virtual interfaces.

PR for 1.3.2 https://github.com/vyos/vyatta-cfg-qos/pull/16

Aug 17 2022, 9:49 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T4621: OpenConnect group selection.

The similar request T3896

Aug 17 2022, 1:49 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Aug 16 2022

Viacheslav committed rVYOSONEXd69b7989620d: upnp: T4613: Verify listen key in dictionary.
Aug 16 2022, 5:24 PM
Viacheslav added a comment to T4620: UPnP does not work due to incorrect template.

PR https://github.com/vyos/vyos-1x/pull/1476

Aug 16 2022, 4:30 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4611: UPnP rule IP should be a prefix instead of an address.

PR https://github.com/vyos/vyos-1x/pull/1476

Aug 16 2022, 4:30 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4611: UPnP rule IP should be a prefix instead of an address from Open to In progress.
Aug 16 2022, 4:11 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4620: UPnP does not work due to incorrect template.
Aug 16 2022, 3:54 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4620: UPnP does not work due to incorrect template from Open to In progress.
Aug 16 2022, 3:52 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4611: UPnP rule IP should be a prefix instead of an address.

It seems UPnP rules doesn't work at all task T4620

Aug 16 2022, 3:52 PM · VyOS 1.4 Sagitta
Viacheslav created T4620: UPnP does not work due to incorrect template.
Aug 16 2022, 3:51 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4611: UPnP rule IP should be a prefix instead of an address.

@patrickli Could you send a real example? In your example, port ranges are incorrect also it is not all required UPnP configuration
If you sent all UPnP configuration, it already has been done :)
I'm not a UPnP person, so I ask for some examples.

Aug 16 2022, 3:23 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4613: UPnP configuration without listen option fail.

PR https://github.com/vyos/vyos-1x/pull/1475

Aug 16 2022, 3:04 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4613: UPnP configuration without listen option fail from Open to In progress.
Aug 16 2022, 2:29 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4613: UPnP configuration without listen option fail.
Aug 16 2022, 2:28 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .

I tried to add vrf, but it requires some permissions, service is not starting

diff --git a/data/templates/monitoring/override.conf.j2 b/data/templates/monitoring/override.conf.j2
index 9f1b4ebe..63e479af 100644
--- a/data/templates/monitoring/override.conf.j2
+++ b/data/templates/monitoring/override.conf.j2
@@ -1,7 +1,10 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
 [Unit]
 After=vyos-router.service
 ConditionPathExists=/run/telegraf/vyos-telegraf.conf
 [Service]
+ExecStart=
+ExecStart={{ vrf_command }}/usr/bin/telegraf -config /run/telegraf/vyos-telegraf.conf -config-directory /etc/telegraf/telegraf.d $TELEGRAF_OPTS
 Environment=INFLUX_TOKEN={{ influxdb.authentication.token }}
 CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN
 AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in
index 36f40a53..dc014ee1 100644
--- a/interface-definitions/service-monitoring-telegraf.xml.in
+++ b/interface-definitions/service-monitoring-telegraf.xml.in
@@ -306,6 +306,7 @@
                   </leafNode>
                 </children>
               </node>
+              #include <include/interface/vrf.xml.i>
             </children>
           </node>
         </children>
Aug 16 2022, 1:40 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .

As we have one config file for all plugins, as we start only one telegraf process, I guess it should be global telegraf option set service monitoring telegraf vrf <vrf-name>

Aug 16 2022, 12:32 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4596: "show openconnect-server sessions" command does not work in the openconnect module, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Aug 16 2022, 11:58 AM · VyOS Rolling
Viacheslav changed the status of T4596: "show openconnect-server sessions" command does not work in the openconnect module from In progress to Needs testing.
Aug 16 2022, 11:58 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4618: Traffic policy not set on virtual interfaces.

PR https://github.com/vyos/vyatta-cfg-qos/pull/14

Aug 16 2022, 11:48 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav changed the status of T4618: Traffic policy not set on virtual interfaces from Open to In progress.
Aug 16 2022, 11:31 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav assigned T4601: dhcp : relay agent IP address issue. to Unknown Object (User).
Aug 16 2022, 9:58 AM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
Viacheslav changed the status of T4601: dhcp : relay agent IP address issue. from Confirmed to Needs testing.
Aug 16 2022, 9:58 AM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX1bd3a9635a5f: ocserv: T4596: Rewrite show openconnect sessions op-mode.
Aug 16 2022, 6:27 AM

Aug 15 2022

Viacheslav edited projects for T4082: Add op mode command to restart ldpd, added: VyOS 1.3 Equuleus; removed VyOS 1.3 Equuleus (1.3.2).
Aug 15 2022, 11:38 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav closed T3988: Feature Request: IPsec Multiple local/remote prefix for the tunnel as Resolved.
Aug 15 2022, 11:33 AM · VyOS 1.4 Sagitta
Viacheslav created T4613: UPnP configuration without listen option fail.
Aug 15 2022, 11:21 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4612: Support arbitrary netmasks in firewall rules.

It is possible but with specific syntax
I found some examples:

nft insert rule ip filter VYOS_FW_FORWARD ip 'saddr & 0.255.0.255 != 0.11.0.13' counter
Aug 15 2022, 11:15 AM · VyOS 1.4 Sagitta
Viacheslav closed T4609: Unable to Restart Container VyOS 1.4 as Resolved.
Aug 15 2022, 11:05 AM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX03e69f280725: container: T4609: Fix restart container.
Aug 15 2022, 11:04 AM
Viacheslav added a comment to T4612: Support arbitrary netmasks in firewall rules.

@patrickli nftables is not engine for iptables. It is programs to work with netfilter
That's why I ask for the real example

root@r1:/home/vyos# nft insert rule ip6 filter INPUT ip6 saddr ::dead:beef/::ffff:ffff counter
Error: syntax error, unexpected string, expecting number
insert rule ip6 filter INPUT ip6 saddr ::dead:beef/::ffff:ffff counter
                                                   ^^^^^^^^^^^
root@r1:/home/vyos#
Aug 15 2022, 10:15 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4612: Support arbitrary netmasks in firewall rules.

@patrickli In 1.4 we don't use iptables, we use nftables
LInk to nftables example will be helpful.

Aug 15 2022, 10:03 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4611: UPnP rule IP should be a prefix instead of an address.

@patrickli Could you attach an example of VyOS configuration with set service upnp xxx
If you manually change upnpd.conf does it work correctly?

Aug 15 2022, 10:01 AM · VyOS 1.4 Sagitta
Viacheslav closed T2763: New SNMP resource request - SNMP over TCP as Resolved.
Aug 15 2022, 9:54 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav created T4610: Firewall with 20K entries cannot load after reboot.
Aug 15 2022, 9:50 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4609: Unable to Restart Container VyOS 1.4.

PR https://github.com/vyos/vyos-1x/pull/1468

Aug 15 2022, 9:36 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4609: Unable to Restart Container VyOS 1.4 from Open to In progress.
Aug 15 2022, 9:24 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4595: DPD interval and timeout do not work in DMVPN from Open to Needs testing.
Aug 15 2022, 9:05 AM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXfed4cbf9b2f0: dmvpn: T4595: Fix dpd profile options.
Aug 15 2022, 8:49 AM

Aug 14 2022

Viacheslav added a comment to T4609: Unable to Restart Container VyOS 1.4.

It seems after this commit https://github.com/vyos/vyos-1x/commit/08cb762347208b21a8cbf81f7b35707d7e6dd4ac
I’ll take a look later

Aug 14 2022, 2:40 PM · VyOS 1.4 Sagitta

Aug 13 2022

Viacheslav created T4608: IPSec shows only one IKE for the same peer.
Aug 13 2022, 1:03 PM · Bugs, VyOS Rolling
Viacheslav added a comment to T538: Support for network mapping in NAT.

PR https://github.com/vyos/vyos-1x/pull/1466
Let me know if there is what you are expecting,
requires more tests

set nat static rule 10 destination address '10.0.1.1'
set nat static rule 10 inbound-interface 'eth0'
set nat static rule 10 translation address '192.168.1.1'
Aug 13 2022, 12:21 AM · VyOS 1.4 Sagitta
First
Prev
Next