@klase could you make some changes?
sudo nano -c +253 /usr/libexec/vyos/conf_mode/vpn_openconnect.py
and change
call('systemctl restart ocserv.service')to:
call('systemctl reload-or-restart ocserv.service')- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 6 2022
Dec 6 2022
Viacheslav changed the subtype of T4861: Openconnect restart on adding users - Aborts all active connections from "Task" to "Feature Request".
Viacheslav added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.
Viacheslav added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Does it do the same?
set firewall interface l2tp* out name 'FOO' set firewall name FOO rule 10 action 'accept' set firewall name FOO rule 10 protocol 'tcp' set firewall name FOO rule 10 tcp flags syn set firewall name FOO rule 10 tcp mss '1300'
nft
table ip vyos_filter {
chain VYOS_FW_FORWARD {
type filter hook forward priority filter; policy accept;
oifname "l2tp*" counter packets 0 bytes 0 jump NAME_FOO
jump VYOS_POST_FW
}
...
chain NAME_FOO {
tcp flags & syn == syn tcp option maxseg size 1300 counter packets 0 bytes 0 return comment "FOO-10"
counter packets 0 bytes 0 drop comment "FOO default-action drop"
}
}CNI Plugins compatible with nftables https://github.com/greenpau/cni-plugins/
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
a.apostoliuk changed the status of T4862: webproxy domain-block does not work from Open to In progress.
Viacheslav edited projects for T4853: OpenVPN: unable to commit changes when the interface is down/unknown state, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Dec 5 2022
Dec 5 2022
Viacheslav changed the status of T4848: Minor bug in OpenConnect server with default route from In progress to Needs testing.
@klase will be fixed in the next rolling release
Dec 4 2022
Dec 4 2022
Viacheslav changed the status of T4860: Openconnect server incorrect unconfigured check from Open to In progress.
Viacheslav changed the status of T4848: Minor bug in OpenConnect server with default route from Open to In progress.
Viacheslav closed T4825: interfaces veth/veth-pairs -standalone used, a subtask of T4686: Provides support for veth, as Resolved.
Dec 3 2022
Dec 3 2022
PR to fix recursion check: https://github.com/vyos/vyos-1x/pull/1691
Alfa80 awarded T4792: Add SSTP VPN client a Love token.
Viacheslav moved T4858: L3VPN- Route Distinguisher notations from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Dec 2 2022
Dec 2 2022
fernando changed the status of T4854: BGP-route reflector allows to apply route-maps from Confirmed to In progress.
jestabro closed T4859: Correct calling of config mode script dependencies from http-api.py, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.
jestabro closed T4859: Correct calling of config mode script dependencies from http-api.py as Resolved.
fernando changed the status of T4858: L3VPN- Route Distinguisher notations from Open to In progress.
jestabro triaged T4859: Correct calling of config mode script dependencies from http-api.py as Normal priority.
We can do it the same way
vyos@r1# set service snmp oid-enable Possible completions: route-table Enable routing table OIDs (ipCidrRouteTable inetCidrRouteTable)
so by default they should be disabled
Error also present in vyos-1.4-rolling-202212020318
n.fort changed the status of T4857: SNMP - Implement FRR SNMP recommendations from Open to Confirmed.
Verify if you are trying to add a new vethX to exists pair (veth12 link to veth0 should be RaiseConfigerror)
set interfaces virtual-ethernet veth0 peer-name 'veth1' set interfaces virtual-ethernet veth1 peer-name 'veth0' set interfaces virtual-ethernet veth12 peer-name 'veth0' commit
commit
vyos@r1# commit
[ interfaces virtual-ethernet veth12 ]
{'ifname': 'veth12',
'other_interfaces': {'veth0': {'peer_name': 'veth1'},
'veth1': {'peer_name': 'veth0'},
'veth12': {'peer_name': 'veth0'}},
'peer_name': 'veth0'}
VyOS had an issue completing a command.Viacheslav changed the status of T4767: replace sh to Python (generate_ipsec_debug_archive.sh) from In progress to Needs testing.
Dec 1 2022
Dec 1 2022
jestabro closed T4847: Correct calling of config mode script dependencies from pki.py, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.
Nov 30 2022
Nov 30 2022
fernando changed the status of T4854: BGP-route reflector allows to apply route-maps from Open to Confirmed.
Viacheslav added a comment to T4850: Commit error - Could not get property: Failed to activate service 'org.freedesktop.hostname1':.
No, just try the latest rolling
There were a lot of changes/ bug fixed: etc since 2021
pratik.g added a comment to T4850: Commit error - Could not get property: Failed to activate service 'org.freedesktop.hostname1':.
@Viacheslav Can you point to any existing defect in which this issue was fixed to understand the root case and fix?
Viacheslav added a comment to T4850: Commit error - Could not get property: Failed to activate service 'org.freedesktop.hostname1':.
Outdated image 2021
Nov 30 2022, 6:24 AM · Restricted Project, Restricted Project, VyOS 1.4 Sagitta (1.4.1), VyOS 1.5 Circinus
Nov 29 2022
Nov 29 2022
jestabro closed T4845: Add smoketest to detect cycles in config-mode script dependency calls, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.
jestabro closed T4845: Add smoketest to detect cycles in config-mode script dependency calls as Resolved.
Pull request: https://github.com/vyos/vyos-build/pull/288
a.apostoliuk changed the status of T3810: webproxy squidguard rules don't work properly after rewriting to python. from Needs testing to In progress.
Fixed in latest 1.4 rolling
Nov 28 2022
Nov 28 2022
jestabro triaged T4847: Correct calling of config mode script dependencies from pki.py as Normal priority.
jestabro renamed T4845: Add smoketest to detect cycles in config-mode script dependency calls from Add smoketest to detect cycles in config dependency calls to Add smoketest to detect cycles in config-mode script dependency calls.
jestabro added a comment to T4845: Add smoketest to detect cycles in config-mode script dependency calls.
jestabro triaged T4845: Add smoketest to detect cycles in config-mode script dependency calls as Normal priority.
a.apostoliuk changed the status of T4844: Incorrect permissions of the safeguard DB directory from Open to In progress.