Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Nov 22 2022

Viacheslav added a project to T4833: Include wireguard peer name in interface summary report: VyOS 1.4 Sagitta.
Nov 22 2022, 12:17 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
Viacheslav updated subscribers of T4823: swanctl.conf is broken when ipsec site-to-site peer set..
In T4823#138040, @chesskuo wrote:

@Viacheslav

Hello sir,

In vyos-1.4-rolling-202211220318-amd64.iso, the broken syntax was fixed, but I notice a wired behavior on connection.<conn>.remote.id.

The default value on swanctl.conf will be <name> when I don't set site-to-site -> peer <name> -> authentication -> remote-id.

Nov 22 2022, 12:10 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4834: Limit container network name to 15 characters from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1674

Nov 22 2022, 11:58 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4834: Limit container network name to 15 characters from Open to In progress.
Nov 22 2022, 11:55 AM · VyOS 1.4 Sagitta
sarthurdev created T4834: Limit container network name to 15 characters.
Nov 22 2022, 11:55 AM · VyOS 1.4 Sagitta
chesskuo added a comment to T4823: swanctl.conf is broken when ipsec site-to-site peer set..

Hello sir,

Nov 22 2022, 11:08 AM · VyOS 1.4 Sagitta
Alfa80 added a comment to T4774: Disallow duplicate pubkey on peers of a wireguard interface.

@trae32566 My apologies for the inconveniences. You are right. The criteria for triggering this action shall be narrowed down further.
It would be necessary to issue the warning if and only if such colliding peers also specify the exact same remote endpoint addresses (with empty endpoints also being accounted as to be the same).
In other words, we need to identify incoming peers and apply the rule only to them, not the outgoing ones which already have specific remote endpoint addresses statically defined.

Nov 22 2022, 10:24 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
Alfa80 created T4833: Include wireguard peer name in interface summary report.
Nov 22 2022, 9:54 AM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
Viacheslav changed the status of T4823: swanctl.conf is broken when ipsec site-to-site peer set. from In progress to Needs testing.
Nov 22 2022, 8:24 AM · VyOS 1.4 Sagitta
trae32566 added a comment to T4774: Disallow duplicate pubkey on peers of a wireguard interface.

This breaks a perfectly valid use case which I utilize regularly: using IPv4 + IPv6 peers with the same public key. Why would I want to create multiple keys for the exact same devices going over IPv4 and IPv6? If you want to include a warning, fine, but don't limit functionality based on someone's interpretation of how something will be used. I understand where this came from, but any time you limit functionality, you limit your users. As Donald Knuth once said:

Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.

Nov 22 2022, 5:14 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
chesskuo added a comment to T4823: swanctl.conf is broken when ipsec site-to-site peer set..

@Viacheslav Thank you sir!!!

Nov 22 2022, 4:38 AM · VyOS 1.4 Sagitta

Nov 21 2022

jestabro committed rVYOSONEX05b60b2dc6bd: graphql: T4574: add specific error message if token has expired.
Nov 21 2022, 10:07 PM
jestabro committed rVYOSONEXd70350f356c8: graphql: T4574: use Optional in func_sig.
Nov 21 2022, 10:07 PM
jestabro committed rVYOSONEX3d4dedd67097: graphql: T4544: use load_as_module from vyos.util.
Nov 21 2022, 10:07 PM
Viacheslav moved T4812: IPsec ability to show all configured connections from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Nov 21 2022, 8:31 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav closed T4812: IPsec ability to show all configured connections, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Nov 21 2022, 8:31 PM · VyOS Rolling
Viacheslav closed T4812: IPsec ability to show all configured connections as Resolved.
Nov 21 2022, 8:31 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX997215f54a95: T4812: Add op-mode Show vpn ipsec connections.
Nov 21 2022, 7:06 PM
GitHub <noreply@github.com> committed rVYOSONEX1b2a8c822bb5: Merge pull request #1672 from sever-sever/T4812-eq (authored by c-po).
Nov 21 2022, 7:06 PM
Viacheslav committed rVYOSONEX2ac4a8a5fed9: T4823: Fix IPsec transport mode remote TS.
Nov 21 2022, 7:04 PM
GitHub <noreply@github.com> committed rVYOSONEX827f2b223d70: Merge pull request #1673 from sever-sever/T4823 (authored by c-po).
Nov 21 2022, 7:04 PM
Viacheslav added a comment to T4823: swanctl.conf is broken when ipsec site-to-site peer set..

PR https://github.com/vyos/vyos-1x/pull/1673

Nov 21 2022, 6:49 PM · VyOS 1.4 Sagitta
aalmenar added a comment to T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925).

This is a nice addition but it requires also implementation of RFC 8781 for it to work. It has been merged in latest radvd https://github.com/radvd-project/radvd/commit/a6460662c6ac2b13307a8977ef068825b66fbce0 but it still hasnt been released

Nov 21 2022, 4:38 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
jestabro closed T4829: Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional, a subtask of T4552: Unable to reset IPsec IPv6 peer, as Resolved.
Nov 21 2022, 3:58 PM · VyOS 1.4 Sagitta
jestabro closed T4829: Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional as Resolved.
Nov 21 2022, 3:58 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEX11273157f651: IPsec: T4829: add missing import TimeoutExpired.
Nov 21 2022, 2:01 PM
jestabro committed rVYOSONEX97771d427c16: IPsec: T4829: use type hint Optional for arg tunnel in reset_peer.
Nov 21 2022, 2:01 PM
GitHub <noreply@github.com> committed rVYOSONEXdc9726636f18: Merge pull request #1671 from jestabro/reset-tunnel-arg-optional (authored by dmbaturin).
Nov 21 2022, 2:01 PM
Viacheslav assigned T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925) to vfreex.
Nov 21 2022, 11:36 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a comment to T4812: IPsec ability to show all configured connections.

PR for 1.3
https://github.com/vyos/vyatta-op-vpn/pull/34
https://github.com/vyos/vyos-1x/pull/1672

Nov 21 2022, 11:30 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
egoistdream added a comment to T4818: IPv6 NDP not working everytime.

I think the issue is realated to this: https://blog.ipspace.net/2014/09/ipv6-neighbor-discovery-nd-and.html

Nov 21 2022, 7:58 AM · VyOS Rolling, Bugs
vfreex updated the task description for T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925).
Nov 21 2022, 7:50 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
egoistdream added a comment to T4818: IPv6 NDP not working everytime.

I add here what I just found and I can reproduce the issue everytime.

Nov 21 2022, 7:45 AM · VyOS Rolling, Bugs
egoistdream added a comment to T4818: IPv6 NDP not working everytime.

You can test with 3-5 servers, the config is basic for each server:

Nov 21 2022, 6:40 AM · VyOS Rolling, Bugs
Viacheslav added a comment to T4818: IPv6 NDP not working everytime.

Could you provide config from several items?
How many nodes do we need to reproduce it?

Nov 21 2022, 6:25 AM · VyOS Rolling, Bugs

Nov 20 2022

Viacheslav added a project to T4812: IPsec ability to show all configured connections: VyOS 1.3 Equuleus (1.3.3).
Nov 20 2022, 10:28 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav changed the status of T4823: swanctl.conf is broken when ipsec site-to-site peer set. from Open to In progress.
Nov 20 2022, 10:22 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4812: IPsec ability to show all configured connections, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Nov 20 2022, 10:20 PM · VyOS Rolling
Viacheslav changed the status of T4812: IPsec ability to show all configured connections from In progress to Needs testing.
Nov 20 2022, 10:20 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX2c4b6b743172: T4812: Add op-mode Show vpn ipsec connections.
Nov 20 2022, 10:04 PM
GitHub <noreply@github.com> committed rVYOSONEX2e011313a9b5: Merge pull request #1657 from sever-sever/T4812 (authored by dmbaturin).
Nov 20 2022, 10:04 PM
vfreex added a comment to T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925).

1.3 backport https://github.com/vyos/vyos-1x/pull/1670

Nov 20 2022, 5:53 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
vfreex added a comment to T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925).

PR https://github.com/vyos/vyos-1x/pull/1669

Nov 20 2022, 5:46 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
vfreex created T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925).
Nov 20 2022, 5:45 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po committed rVYOSONEXda5bff2e835a: op-mode: dns-forwarding: T4578: drop sudo calls.
Nov 20 2022, 4:01 PM
c-po committed rVYOSONEXd34240d21899: macvlan: pseudo-ethernet: T2104: _create() should place interface in A/D state.
Nov 20 2022, 3:42 PM
Viacheslav added a comment to T4823: swanctl.conf is broken when ipsec site-to-site peer set..

ipsec site-to-site peer <name> - it is just a connection name and is not related to the IP address
I'll take a look at TS

Nov 20 2022, 2:55 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4825: interfaces veth/veth-pairs -standalone used.

PR https://github.com/vyos/vyos-1x/pull/1668

Nov 20 2022, 1:50 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
Viacheslav changed the status of T4830: nat66 - Error in port translation rules from Confirmed to Needs testing.
Nov 20 2022, 9:52 AM · VyOS 1.4 Sagitta
Viacheslav closed T4827: route-map issues , not load configuration FRR as Resolved.
vyos@r14# set policy route-map FOO rule 100 action permit
[edit]
vyos@r14# set policy route-map FOO rule 50 action 'deny'
[edit]
vyos@r14# set policy route-map FOO rule 50 continue '100'
[edit]
vyos@r14# 
[edit]
vyos@r14# commit
[ policy ]
rule 50 "continue" cannot be used with action deny!
Nov 20 2022, 9:47 AM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX42373334b1ed: T4827: Route-map state continue must be with action permit only.
Nov 20 2022, 9:40 AM
GitHub <noreply@github.com> committed rVYOSONEXb7e203d168d5: Merge pull request #1667 from sever-sever/T4827 (authored by c-po).
Nov 20 2022, 9:40 AM
Viacheslav added a comment to T4827: route-map issues , not load configuration FRR.

PR https://github.com/vyos/vyos-1x/pull/1667

Nov 20 2022, 9:27 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4831: implement Telegraf build on arm64 / fix hardcoded x86-64 reference from Open to Needs testing.
Nov 20 2022, 7:25 AM
c-po committed rVYOSONEX94287c304068: vrf: T4562: no need to invode "sudo" when retrieving VRf information.
Nov 20 2022, 6:44 AM
c-po committed rVYOSONEXa2cd4ae4cf55: T4830: nat66: remove external IPv6 check on bracketize_ipv6().
Nov 20 2022, 6:38 AM
mcbridematt added a comment to T4831: implement Telegraf build on arm64 / fix hardcoded x86-64 reference.

Pull request: https://github.com/vyos/vyos-build/pull/286

Nov 20 2022, 2:12 AM
mcbridematt created T4831: implement Telegraf build on arm64 / fix hardcoded x86-64 reference.
Nov 20 2022, 2:07 AM

Nov 19 2022

jestabro updated the task description for T4829: Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional.
Nov 19 2022, 9:49 PM · VyOS 1.4 Sagitta
n.fort committed rVYOSONEXad27ccbe68bd: T4830: nat66: fix how nat66 rules are written in nftables, so translation works….
Nov 19 2022, 7:59 PM
GitHub <noreply@github.com> committed rVYOSONEX2fa43aea9c47: Merge pull request #1666 from nicolas-fort/T4830-nat66 (authored by c-po).
Nov 19 2022, 7:59 PM
Viacheslav closed T4720: Ability to configure SSH HostKeyAlgorithms, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.
Nov 19 2022, 4:00 PM · VyOS Rolling, VyOS 1.5 Circinus (1.5-stream-2025-Q4)
Viacheslav closed T4720: Ability to configure SSH HostKeyAlgorithms as Resolved.
Nov 19 2022, 4:00 PM · VyOS 1.4 Sagitta
Viacheslav closed T4826: Wrong key type is used for SSH SK public keys as Resolved.

Thanks
Don’t think that there should be a migration
As new keys were added several days ago.

Nov 19 2022, 3:56 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4830: nat66 - Error in port translation rules.

PR: https://github.com/vyos/vyos-1x/pull/1666

Nov 19 2022, 3:55 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4830: nat66 - Error in port translation rules from Open to Confirmed.
Nov 19 2022, 3:05 PM · VyOS 1.4 Sagitta
n.fort created T4830: nat66 - Error in port translation rules.
Nov 19 2022, 3:00 PM · VyOS 1.4 Sagitta
jestabro closed T4828: Raise appropriate op-mode errors in ipsec.py 'reset_peer', a subtask of T4552: Unable to reset IPsec IPv6 peer, as Resolved.
Nov 19 2022, 1:04 PM · VyOS 1.4 Sagitta
jestabro closed T4828: Raise appropriate op-mode errors in ipsec.py 'reset_peer' as Resolved.
Nov 19 2022, 1:04 PM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4720: Ability to configure SSH HostKeyAlgorithms.

@Viacheslav Works!

Nov 19 2022, 11:46 AM · VyOS 1.4 Sagitta
DerEnderKeks added a comment to T4826: Wrong key type is used for SSH SK public keys.

It works as expected now on 1.4-rolling-202211190627, but my system failed to boot with the old key types in the config, so I had to remove them before switching to the new image. Thanks for the quick fix!

Nov 19 2022, 10:03 AM · VyOS 1.4 Sagitta
c-po edited projects for T4760: VyOS does not support running multiple instances of DHCPv6 clients, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).
Nov 19 2022, 5:59 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
c-po moved T4760: VyOS does not support running multiple instances of DHCPv6 clients from Open to Finished on the VyOS 1.4 Sagitta board.
Nov 19 2022, 5:59 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
c-po changed the status of T4760: VyOS does not support running multiple instances of DHCPv6 clients from Open to Needs testing.
Nov 19 2022, 5:59 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
jestabro committed rVYOSONEX58057480e227: IPsec: T4828: raise op-mode error on incorrect value.
Nov 19 2022, 5:53 AM
GitHub <noreply@github.com> committed rVYOSONEX0cec72de1716: Merge pull request #1665 from jestabro/op-mode-value-error (authored by c-po).
Nov 19 2022, 5:53 AM

Nov 18 2022

jestabro added a subtask for T4552: Unable to reset IPsec IPv6 peer: T4829: Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional.
Nov 18 2022, 10:21 PM · VyOS 1.4 Sagitta
jestabro added a parent task for T4829: Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional: T4552: Unable to reset IPsec IPv6 peer.
Nov 18 2022, 10:21 PM · VyOS 1.4 Sagitta
jestabro triaged T4829: Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional as Normal priority.
Nov 18 2022, 10:20 PM · VyOS 1.4 Sagitta
jestabro added a subtask for T4552: Unable to reset IPsec IPv6 peer: T4828: Raise appropriate op-mode errors in ipsec.py 'reset_peer'.
Nov 18 2022, 10:15 PM · VyOS 1.4 Sagitta
jestabro added a parent task for T4828: Raise appropriate op-mode errors in ipsec.py 'reset_peer': T4552: Unable to reset IPsec IPv6 peer.
Nov 18 2022, 10:15 PM · VyOS 1.4 Sagitta
jestabro added a comment to T4828: Raise appropriate op-mode errors in ipsec.py 'reset_peer'.

https://github.com/vyos/vyos-1x/pull/1665

Nov 18 2022, 10:14 PM · VyOS 1.4 Sagitta
jestabro triaged T4828: Raise appropriate op-mode errors in ipsec.py 'reset_peer' as Normal priority.
Nov 18 2022, 10:06 PM · VyOS 1.4 Sagitta
fernando added a comment to T4827: route-map issues , not load configuration FRR.

as we talked , this behavior is the same on vyos1.3.x/frr7.5.x . the main difference is that on vyos-cli doesn't add this command .

Nov 18 2022, 10:06 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T973: Create Prometheus Exporter for VyOS .
In T973#137840, @elico wrote:

@Viacheslav I want to test this, what should be done?

Nov 18 2022, 9:25 PM · VyOS Rolling, VyOS 1.5 Circinus
Viacheslav added a comment to T4720: Ability to configure SSH HostKeyAlgorithms.

@Arc771 Thanks, Could you check it in the next rolling release after 20221118?

Nov 18 2022, 8:42 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4826: Wrong key type is used for SSH SK public keys from Open to Needs testing.

@DerEnderKeks Could you check it in the next rolling release after 20221118?

Nov 18 2022, 8:40 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX6458f99cc31b: T4826: Fix login pubkey key type ed25519-sk ecdsa-sk.
Nov 18 2022, 6:28 PM
GitHub <noreply@github.com> committed rVYOSONEX95abda42a4ef: Merge pull request #1664 from sever-sever/T4826 (authored by c-po).
Nov 18 2022, 6:28 PM
jestabro closed T4821: Correct calling of config mode script dependencies from firewall.py as Resolved.
Nov 18 2022, 6:11 PM · VyOS 1.4 Sagitta
jestabro closed T4821: Correct calling of config mode script dependencies from firewall.py, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.
Nov 18 2022, 6:11 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4826: Wrong key type is used for SSH SK public keys.

PR https://github.com/vyos/vyos-1x/pull/1664

Nov 18 2022, 2:15 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEX048bd27676c0: firewall: T4821: add support for adding conf_mode script dependencies.
Nov 18 2022, 1:42 PM
jestabro committed rVYOSONEXc29f1be7372d: firewall: T4821: add utility to load script as module.
Nov 18 2022, 1:42 PM
jestabro committed rVYOSONEXb8bda7c8d54f: firewall: T4821: correct calling of conf_mode script dependencies.
Nov 18 2022, 1:42 PM
GitHub <noreply@github.com> committed rVYOSONEX97056cad1866: Merge pull request #1662 from jestabro/config-script-dependency (authored by dmbaturin).
Nov 18 2022, 1:42 PM
elico added a comment to T973: Create Prometheus Exporter for VyOS .

@Viacheslav I want to test this, what should be done?

Nov 18 2022, 12:33 PM · VyOS Rolling, VyOS 1.5 Circinus
Viacheslav changed the status of T4819: Allow printing Warning messages in multiple lines with \n from In progress to Needs testing.
Nov 18 2022, 12:25 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4827: route-map issues , not load configuration FRR.
set policy route-map MAP-ISP1-AS1001-EXPORT rule 50 action 'deny'
set policy route-map MAP-ISP1-AS1001-EXPORT rule 50 continue '100'
Nov 18 2022, 11:10 AM · VyOS 1.4 Sagitta
a.apostoliuk committed rVYOSONEXc3be3f0a1278: T4793: Added warning about disable-route-autoinstall.
Nov 18 2022, 8:45 AM
First
Prev
Next