This a project for mobile access to enterprise networks. VyOS plays as an MPLS-PE router as well as L2TP Network Server. Every subscriber coming via l2tp is directed to the customer's VRF other than default (with RADIUS attribute)

vyos-lns-1.cfg8 KBDownload

Oct 6 2022, 4:24 PM · VyOS Rolling, Bugs

v.huti claimed T4731: excessive FRR logs about non-existent VRFs.

Oct 6 2022, 2:29 PM · VyOS Rolling, Bugs

v.huti added a comment to T4731: excessive FRR logs about non-existent VRFs.

Hi @aserkin! It looks like you have some frr server misbehavior. It sends up/down events with an unexisting vrf id.
Could you make/describe the setup that causes the issue to appear? Thanks

Oct 6 2022, 12:48 PM · VyOS Rolling, Bugs

zsdc added a member for Maintainers: a.apostoliuk.

Oct 6 2022, 12:40 PM

zsdc assigned T4492: Incorrect list of neighbors in help for "show bgp vrf VRF neighbors" to a.apostoliuk.

Oct 6 2022, 11:14 AM · VyOS 1.4 Sagitta

aserkin created T4731: excessive FRR logs about non-existent VRFs.

Oct 6 2022, 10:44 AM · VyOS Rolling, Bugs

GitHub <noreply@github.com> committed rVYOSONEX50f26c54d095: T4727: add support for RADIUS rate limiting to PPTP (#1570) (authored by dmbaturin).

Oct 6 2022, 6:44 AM

Unknown Object (User) triaged T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be as High priority.

Oct 6 2022, 1:35 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3)

Oct 5 2022

pasik added a comment to T4729: VxLAN does not work and deleted after tun changed.

Ah, yeah, that's a valid point for gretap.

Oct 5 2022, 3:07 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Viacheslav added a comment to T4729: VxLAN does not work and deleted after tun changed.

In T4729#135223, @pasik wrote:

well, "gre" and "gretap" are different types of tunnels, with different features.. so it makes sense to test and validate with the normal "gre", as in your config I don't see a need for "gretap".

Oct 5 2022, 2:42 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

lferrarotti added a comment to T4676: IPoE server with mac authentication generates a wrong dictionary.

I just checked based on your comment and I can also confirm that with 1.4-rolling-202210050218 (using also different syntax) is working perfectly with the authentication.

Oct 5 2022, 11:35 AM · VyOS 1.4 Sagitta

Unknown Object (User) added a comment to T4676: IPoE server with mac authentication generates a wrong dictionary.

Update: latest rolling has a bit different syntax. I think users just not migrated properly on update. After adding

set service ipoe-server authentication interface eth1.50 mac 00:50:79:66:68:03
set service ipoe-server authentication interface eth1.51 mac 00:50:79:66:68:04

I see that chap-secrets file generated properly and users getsIPs

vyos@vyos# sudo cat /run/accel-pppd/ipoe.chap-secrets 
# username  server  password  acceptable local IP addresses   shaper
eth1.50     * 00:50:79:66:68:03 * 
eth1.51     * 00:50:79:66:68:04
vyos@vyos# run show ipoe-server sessions 
ifname | username |    calling-sid    |     ip      | rate-limit | type | comp | state  |  uptime  
--------+----------+-------------------+-------------+------------+------+------+--------+----------
 ipoe0  | eth1.50  | 00:50:79:66:68:03 | 172.16.50.2 |            | ipoe |      | active | 00:05:21 
 ipoe1  | eth1.51  | 00:50:79:66:68:04 | 172.16.98.2 |            | ipoe |      | active | 00:03:43

Oct 5 2022, 11:05 AM · VyOS 1.4 Sagitta

Unknown Object (User) claimed T4676: IPoE server with mac authentication generates a wrong dictionary.

Oct 5 2022, 8:55 AM · VyOS 1.4 Sagitta

Unknown Object (User) added a comment to T4676: IPoE server with mac authentication generates a wrong dictionary.

This issue also present in 1.3.0-1.3.2. Latest rolling 1.4-rolling-202210040218 also affected, it has empty user list in chap-secrets

vyos@vyos:~$ sudo cat /run/accel-pppd/ipoe.chap-secrets 
# username  server  password  acceptable local IP addresses   shaper
vyos@vyos:~$

Oct 5 2022, 8:55 AM · VyOS 1.4 Sagitta

pasik added a comment to T4729: VxLAN does not work and deleted after tun changed.

well, "gre" and "gretap" are different types of tunnels, with different features.. so it makes sense to test and validate with the normal "gre", as in your config I don't see a need for "gretap".

Oct 5 2022, 7:33 AM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Oct 4 2022

Viacheslav added a comment to T4729: VxLAN does not work and deleted after tun changed.

In T4729#135221, @pasik wrote:

Hmm, any specific reason for the tun0 encapsulation 'gretap' ? did you try with normal 'gre' tunnels ? Does it change anything?

Oct 4 2022, 11:36 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

pasik added a comment to T4729: VxLAN does not work and deleted after tun changed.

Hmm, any specific reason for the tun0 encapsulation 'gretap' ? did you try with normal 'gre' tunnels ? Does it change anything?

Oct 4 2022, 6:29 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

n.fort changed the status of T4706: NAT and NAT66 issues from Confirmed to Needs testing.

Oct 4 2022, 5:53 PM · VyOS 1.4 Sagitta

n.fort closed T4700: Firewall - Add interface match criteria as Resolved.

Oct 4 2022, 5:52 PM · VyOS 1.4 Sagitta

initramfs closed T4685: Interface does not exist on boot when used as inbound-interface for local policy route as Resolved.

Oct 4 2022, 4:59 PM · VyOS 1.4 Sagitta

initramfs closed T4582: Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs as Resolved.

Oct 4 2022, 4:58 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

initramfs closed T4648: PPPoE: Ignore default router from RA when PPPoE default-route is set to none as Resolved.

Oct 4 2022, 4:57 PM · VyOS 1.3 Equuleus (1.3.3)

Viacheslav added a comment to T4676: IPoE server with mac authentication generates a wrong dictionary.

Needs to check, maybe fixed with rewriting in T4678

Oct 4 2022, 3:48 PM · VyOS 1.4 Sagitta

Unknown Object (User) updated the task description for T4676: IPoE server with mac authentication generates a wrong dictionary.

Oct 4 2022, 2:15 PM · VyOS 1.4 Sagitta

n.fort closed T4699: Firewall - Add jump action - Add return action as Resolved.

Oct 4 2022, 12:05 PM · VyOS 1.4 Sagitta

n.fort closed T4651: Firewall - Add options to match packet size as Resolved.

Oct 4 2022, 12:05 PM · VyOS 1.4 Sagitta

Viacheslav updated the task description for T4729: VxLAN does not work and deleted after tun changed.

Oct 4 2022, 8:54 AM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Viacheslav renamed T4729: VxLAN does not work and deleted after tun changed from VxLAN does not work after tun changed to VxLAN does not work and deleted after tun changed.

Oct 4 2022, 8:49 AM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Viacheslav updated the task description for T4729: VxLAN does not work and deleted after tun changed.

Oct 4 2022, 8:45 AM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Viacheslav created T4729: VxLAN does not work and deleted after tun changed.

Oct 4 2022, 8:44 AM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Viacheslav closed T4708: 'show nat destination rules' throwing an error as Resolved.

Oct 4 2022, 8:13 AM · VyOS 1.4 Sagitta

c-po closed T4652: Upgrade PowerDNS recursor to 4.7 series, a subtask of T3882: Upgrade PowerDNs recursor to 4.5 series, as Resolved.

Oct 4 2022, 6:23 AM · VyOS 1.3 Equuleus (1.3.0-epa2), VyOS 1.4 Sagitta

c-po closed T4652: Upgrade PowerDNS recursor to 4.7 series as Resolved.

Oct 4 2022, 6:23 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

c-po closed T4702: Wireguard peers configuration is not synchronized with CLI as Resolved.

Oct 4 2022, 6:23 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Oct 3 2022

GitHub <noreply@github.com> committed rVYOSONEX7d719106cbfd: wwan: T4728: fix crontab file missing newline (authored by bmhughes).

Oct 3 2022, 6:03 PM

bmhughes added a comment to T4728: Crontab file for vyos-wwan is ignored due to missing newline at EOF.

PR: https://github.com/vyos/vyos-1x/pull/1571

Oct 3 2022, 4:37 PM

bmhughes created T4728: Crontab file for vyos-wwan is ignored due to missing newline at EOF.

Oct 3 2022, 4:35 PM

dmbaturin added projects to T4726: Add completion and validation for the accel-ppp RADIUS vendor option: VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3).

Oct 3 2022, 4:27 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

dmbaturin created T4727: Add RADIUS rate limit support to PPTP server.

Oct 3 2022, 4:26 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

dmbaturin created T4726: Add completion and validation for the accel-ppp RADIUS vendor option.

Oct 3 2022, 4:15 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

n.fort added a comment to T3655: NAT doesn't work correctly with VRF.

At least on my lab, with one of the latest 1.4, this is working for me:

Oct 3 2022, 2:21 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

narey83 added a comment to T4708: 'show nat destination rules' throwing an error.

In T4708#135016, @Viacheslav wrote:

@narey83 Could you re-check it with the latest rolling (start since vyos-1.4-rolling-202209290218-amd64.iso)?

Oct 3 2022, 12:25 PM · VyOS 1.4 Sagitta

c-po committed rVYOSONEX99b63a1eb5a4: wireguard: T4702: actively revoke peer if it gets disabled.

Oct 3 2022, 12:00 PM

GitHub <noreply@github.com> committed rVYOSONEX8560c1cc38f9: Merge pull request #1548 from c-po/t4702-equuleus-wireguard (authored by c-po).

Oct 3 2022, 12:00 PM

c-po committed rVYOSONEXb09d5beae229: smoketest: T4652: upgrade PowerDNS recursor to 4.7 series.

Oct 3 2022, 11:48 AM

GitHub <noreply@github.com> committed rVYOSONEX180a1b0a79de: Merge pull request #1520 from c-po/t4652-equuleus-pdns-47 (authored by c-po).

Oct 3 2022, 11:48 AM

c-po committed rVYOSONEX23e92590334a: ethernet: T3171: enable RPS (Receive Packet Steering) for all RX queues.

Oct 3 2022, 11:47 AM

GitHub <noreply@github.com> committed rVYOSONEX1b00aefa5a42: Merge pull request #1556 from c-po/equules-t3171 (authored by dmbaturin).

Oct 3 2022, 11:47 AM

Viacheslav created T4725: Unable to reset vpn IPsec peer.

Oct 3 2022, 11:39 AM · VyOS 1.4 Sagitta

insertjokehere created T4724: Support for configuring Telegraf "exec" input plugin.

Oct 3 2022, 8:11 AM · VyOS Rolling

Oct 1 2022

narey83 created T4723: Error when issuing 'show flow-accounting interface pppoe0'.

Oct 1 2022, 6:25 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project

aohanian added a comment to T3655: NAT doesn't work correctly with VRF.

Is there a way to isolate a NAT rule to operate within a VRF?

Oct 1 2022, 2:31 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

dmbaturin committed rVYOSONEX8bda23594d95: T4722: consistently use the "IPsec" spelling for IPsec.

Oct 1 2022, 10:35 AM

dmbaturin committed rVYOSONEX542a964d7207: T4722: consistently use the "RADIUS" spelling for the RADIUS protocol.

Oct 1 2022, 10:35 AM

GitHub <noreply@github.com> committed rVYOSONEX8248aaaa7952: Merge pull request #1568 from dmbaturin/abbr-consistency (authored by c-po).

Oct 1 2022, 10:35 AM

dmbaturin created T4722: Improve abbreviation/acronym consistency.

Oct 1 2022, 9:57 AM · VyOS 1.4 Sagitta

Sep 30 2022

c-po committed rVYOSONEX4105b464491f: bgp: evpn: T1315: add route-target CLI node <multi/> property.

Sep 30 2022, 7:00 PM

Viacheslav edited projects for T4721: Static IPv6 Route Tags Missing, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.

Sep 30 2022, 11:37 AM · VyOS 1.3 Equuleus (1.3.6)

Viacheslav changed the subtype of T4721: Static IPv6 Route Tags Missing from "Bug" to "Feature Request".

Sep 30 2022, 11:37 AM · VyOS 1.3 Equuleus (1.3.6)

RyVolodya added a comment to T4718: DHCP server listen-address doesn't take effect if the interface is in a VRF.

If you document this check then everything commits.
https://github.com/vyos/vyos-1x/blob/f5a50135f07ac4ec8ed431a757b9c56e607d2132/src/conf_mode/dhcp_server.py#L265-L271

Sep 30 2022, 7:43 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

trae32566 created T4721: Static IPv6 Route Tags Missing.

Sep 30 2022, 3:34 AM · VyOS 1.3 Equuleus (1.3.6)

icyfire0573 added a comment to T4713: vyos@vyos:~$ show nat destination rules | doesn't work.

I installed the latest release and its not working for me. Whenever I boot I lose eth0 and eth2 interfaces.
I end up with an eth1 (previously eth2) interface and startup errors that seem to indicate that migrate failed.
I would reconfigure everything to help test this, but I do need two network interfaces.

Sep 30 2022, 12:41 AM · VyOS 1.4 Sagitta

Sep 29 2022

Viacheslav closed T4715: Auto logout user after a period of inactivity, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.

Sep 29 2022, 5:00 PM · VyOS Rolling, VyOS 1.5 Circinus (1.5-stream-2025-Q4)

Viacheslav closed T4715: Auto logout user after a period of inactivity as Resolved.

Sep 29 2022, 5:00 PM · VyOS 1.4 Sagitta

florin added a comment to T4466: intel i225-v nic does not detect link after boot.

@pasik you can build your own image: https://github.com/vyos/vyos-build/compare/equuleus...fvlaicu:vyos-build:equuleus-1.3.2

Sep 29 2022, 3:45 PM · VyOS 1.3 Equuleus

pasik added a comment to T4466: intel i225-v nic does not detect link after boot.

It'd be nice to get a newer igc driver version in 1.3 branch though, as there are now multiple good 2.5 GbE based platforms out there..

Sep 29 2022, 3:32 PM · VyOS 1.3 Equuleus

pasik added a comment to T4466: intel i225-v nic does not detect link after boot.

Yes, and no updates for the driver in 1.3.2. Ok, thanks!

Sep 29 2022, 3:03 PM · VyOS 1.3 Equuleus

florin added a comment to T4466: intel i225-v nic does not detect link after boot.

@pasik the problem is with the igc driver in the 5.4 kernel, not with vyos.

Sep 29 2022, 1:11 PM · VyOS 1.3 Equuleus

narey83 added a comment to T3626: Configuring and disabling DHCP Server.

Sorted out the WARNING: terminal is not fully functional message with adding the following export command: -

Sep 29 2022, 12:58 PM · VyOS 1.3 Equuleus (1.3.0-epa3), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.4 Sagitta

narey83 added a comment to T3626: Configuring and disabling DHCP Server.

Yeah, that new nightly release has fixed the issue, thanks. Strangely now getting some weird message in my show commands (WARNING: terminal is not fully functional). This message wasn't there on the previous nightly.

Sep 29 2022, 12:46 PM · VyOS 1.3 Equuleus (1.3.0-epa3), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.4 Sagitta

pasik added a comment to T4466: intel i225-v nic does not detect link after boot.

So hmm, is it still the same issue in stock vyos 1.3.2 with i225 nics?

Sep 29 2022, 11:40 AM · VyOS 1.3 Equuleus

sarthurdev committed rVYOSONEX10a76e846be2: firewall: T2199: Fix op-mode script for interface migration and vyos_filter….

Sep 29 2022, 11:22 AM

GitHub <noreply@github.com> committed rVYOSONEXdaceea11d966: Merge pull request #1566 from sarthurdev/firewall_op (authored by c-po).

Sep 29 2022, 11:22 AM

Viacheslav closed T4697: policy route: Generating ConfigError failes when tcp flag is missing on set tcp-mss rule commit as Resolved.

Sep 29 2022, 10:40 AM · VyOS 1.4 Sagitta

Viacheslav added a comment to T4708: 'show nat destination rules' throwing an error.

@narey83 Could you re-check it with the latest rolling (start since vyos-1.4-rolling-202209290218-amd64.iso)?

Sep 29 2022, 10:21 AM · VyOS 1.4 Sagitta

Viacheslav added a comment to T4713: vyos@vyos:~$ show nat destination rules | doesn't work.

@icyfire0573 Could you re-check it?
Should be fixed in vyos-1.4-rolling-202209290218-amd64.iso

Sep 29 2022, 10:17 AM · VyOS 1.4 Sagitta

Viacheslav updated subscribers of T2196: Dynamic ipv4 interface list hairpin.

Sep 29 2022, 10:02 AM · VyOS Rolling

Viacheslav added a comment to T4710: show openvpn server occasionally returns IndexError: list index out of range.

I can't reproduce it, VyOS 1.4-rolling-202209290218
Config:

vyos@r14:~$ show conf com | match openv
set interfaces openvpn vtun10 hash 'sha1'
set interfaces openvpn vtun10 keep-alive failure-count '60'
set interfaces openvpn vtun10 keep-alive interval '10'
set interfaces openvpn vtun10 local-host '203.0.113.1'
set interfaces openvpn vtun10 local-port '1194'
set interfaces openvpn vtun10 mode 'server'
set interfaces openvpn vtun10 openvpn-option '--data-ciphers-fallback BF-CBC'
set interfaces openvpn vtun10 openvpn-option '--data-ciphers AES-128-CBC:AES-128-GCM:AES-256-CBC:AES-256-GCM:BF-CBC'
set interfaces openvpn vtun10 openvpn-option '--comp-lzo yes'
set interfaces openvpn vtun10 openvpn-option '--allow-compression yes'
set interfaces openvpn vtun10 openvpn-option '--push redirect-gateway def1'
set interfaces openvpn vtun10 openvpn-option '--push remote-gateway 10.9.1.1'
set interfaces openvpn vtun10 openvpn-option '--push dhcp-option DNS 8.8.8.8'
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 server client-ip-pool start '10.9.1.10'
set interfaces openvpn vtun10 server client-ip-pool stop '10.9.1.99'
set interfaces openvpn vtun10 server domain-name 'vtr.example.com'
set interfaces openvpn vtun10 server max-connections '1000'
set interfaces openvpn vtun10 server name-server '10.8.0.1'
set interfaces openvpn vtun10 server subnet '10.9.1.0/24'
set interfaces openvpn vtun10 server topology 'net30'
set interfaces openvpn vtun10 tls ca-certificate 'ca'
set interfaces openvpn vtun10 tls certificate 'cert'
set interfaces openvpn vtun10 tls dh-params 'dh'
set interfaces openvpn vtun10 use-lzo-compression
vyos@r14:~$

Op-mode

vyos@r14:~$ show openvpn server

Sep 29 2022, 9:54 AM · VyOS 1.4 Sagitta

rherold added a comment to T3509: No BCP38 for IPv6 on VyOS.

After digging a step deeper we could also move the function into:

Sep 29 2022, 7:41 AM · VyOS 1.4 Sagitta

rherold added a comment to T3509: No BCP38 for IPv6 on VyOS.

Stumbled again about it and would ask if it is not possible to switch to the iptables extension so that rp filter will also work for IPv6.
From my point of view we must create in firewall setup a new chain RPFILTER in IPv4 and IPv6.

Sep 29 2022, 7:32 AM · VyOS 1.4 Sagitta

Sep 28 2022

Viacheslav committed rVYOSONEXee2dc735e029: login: T4715: Auto logout user after inactivity.

Sep 28 2022, 5:43 PM

GitHub <noreply@github.com> committed rVYOSONEX0af970a6d984: Merge pull request #1561 from sever-sever/T4715 (authored by c-po).

Sep 28 2022, 5:43 PM

c-po committed rVYOSONEXd5e84fab2e66: op-mode: ipsec: T4719: bugfix IKEv2 road-warrior profile generator.

Sep 28 2022, 5:36 PM

c-po closed T4719: iOS Profile has a bug when generating IKEv2 config that doesn't allow to connect as Resolved.

Sep 28 2022, 5:34 PM

Viacheslav created T4720: Ability to configure SSH HostKeyAlgorithms.

Sep 28 2022, 5:26 PM · VyOS 1.4 Sagitta

aalmenar renamed T4719: iOS Profile has a bug when generating IKEv2 config that doesn't allow to connect from iOS Profile has a bug when generating IKEv2 config to iOS Profile has a bug when generating IKEv2 config that doesn't allow to connect.

Sep 28 2022, 5:24 PM

aalmenar updated the task description for T4719: iOS Profile has a bug when generating IKEv2 config that doesn't allow to connect.

Sep 28 2022, 5:22 PM

aalmenar created T4719: iOS Profile has a bug when generating IKEv2 config that doesn't allow to connect.

Sep 28 2022, 5:20 PM

Viacheslav committed rVYOSONEX51d75a533eda: ids: T4557: Update xml-component-version.

Sep 28 2022, 4:02 PM

GitHub <noreply@github.com> committed rVYOSONEX4e9b292730f9: Merge pull request #1565 from sever-sever/T4557 (authored by c-po).

Sep 28 2022, 4:02 PM

sarthurdev committed rVYOSONEX87fdfa6c6ece: nat: T4713: Fix op-mode nat translation output.

Sep 28 2022, 3:35 PM

GitHub <noreply@github.com> committed rVYOSONEXa4c679ead2ed: Merge pull request #1564 from sarthurdev/T4713 (authored by c-po).