As I understand it is impossible directly with config option but possible with module omudpspoof
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 12 2022
Dec 12 2022
GitHub <noreply@github.com> committed rVYOSONEX89100cee64d4: Merge pull request #1704 from aapostoliuk/T4874-equuleus (authored by Viacheslav).
jestabro triaged T4875: Replace Python validator 'interface-name' to avoid Python startup cost as Normal priority.
GitHub <noreply@github.com> committed rVYOSONEX0c5416e9e629: Merge pull request #1699 from jestabro/op-mode-openvpn (authored by jestabro).
zsdc changed Issue type from improvement to bug on T4857: SNMP - Implement FRR SNMP recommendations.
Viacheslav closed T4861: Openconnect restart on adding users - Aborts all active connections as Resolved.
klase added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.
It works. The user connections persist over a reload and configuration changes causes a reload instead of a restart!
Thank you.
Dec 11 2022
Dec 11 2022
c-po moved T4671: linux-firmware package is missing symlinks defined in WHENCE file from Need Triage to Backlog on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T4709: TCP MSS clamping broken in equuleus from Need Triage to Backlog on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T4734: Feature Request: openvpn: add OTP 2FA support from Need Triage to Backlog on the VyOS 1.3 Equuleus (1.3.3) board.
@initramfs can we close this?
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}Hi,
same issue on VyOS 1.4-rolling-202212090319
Dec 10 2022
Dec 10 2022
jestabro closed T4872: Op-mode show openvpn misses a case when parsing for tunnel IP, a subtask of T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command, as Unknown Status.
jestabro closed T4872: Op-mode show openvpn misses a case when parsing for tunnel IP as Unknown Status.
GitHub <noreply@github.com> committed rVYOSONEXfb6ceae548ec: Merge pull request #1703 from jestabro/bug-tunnel-ip (authored by jestabro).
jestabro updated the task description for T4872: Op-mode show openvpn misses a case when parsing for tunnel IP.
jestabro updated the task description for T4872: Op-mode show openvpn misses a case when parsing for tunnel IP.
Unknown Object (User) updated the task description for T4873: Option to define source IP for rsyslog.
Unknown Object (User) created T4873: Option to define source IP for rsyslog.
Dec 9 2022
Dec 9 2022
jestabro changed Version from vyos-1.4, vyos-1.3.3 to vyos-1.4, vyos-1.3.2 on T4872: Op-mode show openvpn misses a case when parsing for tunnel IP.
jestabro triaged T4872: Op-mode show openvpn misses a case when parsing for tunnel IP as Normal priority.
Viacheslav renamed T4870: Containers switch to using overlay driver for podman storage from Switch to using overlay driver for docker storage to Containers switch to using overlay driver for podman storage.
Started a PR for this: https://github.com/vyos/vyos-1x/pull/1702
GitHub <noreply@github.com> committed rVYOSONEX810be56a7c74: Merge pull request #1701 from sever-sever/T4865 (authored by c-po).
zsdc changed the status of T4869: A network with `/32` or `/128` mask cannot be removed from a network-group from Open to In progress.
PR with fix is here: https://github.com/vyos/vyatta-cfg-firewall/pull/35
Viacheslav changed the status of T4865: container impossible to generate local image from a file if it requires install some pkgs from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEXb67f7c85b72b: Merge pull request #1700 from sever-sever/T4868 (authored by c-po).
Viacheslav added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.
@klase It is already in the latest rolling release. Could you re-check?
Viacheslav added a comment to T4868: L2TP ppp-options ipv6 does not work without ipv6 pool but should.
Viacheslav renamed T4868: L2TP ppp-options ipv6 does not work without ipv6 pool but should from L2TP ppp-oprions ipv6 does not work without ipv6 pool but should to L2TP ppp-options ipv6 does not work without ipv6 pool but should.
Unknown Object (User) added a comment to T4867: "show bgp neighbors ... advertised-routes" and some other commands fail for IPv4 neighbors.
This works,
but if this is the new syntax the cli needs some cleanup.
Viacheslav changed the status of T4868: L2TP ppp-options ipv6 does not work without ipv6 pool but should from Open to In progress.
Viacheslav updated the task description for T4868: L2TP ppp-options ipv6 does not work without ipv6 pool but should.
Viacheslav changed the status of T4117: Does not possible to configure PoD/CoA for L2TP vpn from In progress to Needs testing.
According to this https://forum.vyos.io/t/vagrant-auth-failure-on-new-vagrant-images/9871/2
This issue is due to T874.
My understanding is that is not changeable, so my proposal is to add the "vagrant insecure key" for the vyos user during the vagrant box creation.
Viacheslav added a comment to T4867: "show bgp neighbors ... advertised-routes" and some other commands fail for IPv4 neighbors.
use the next syntax
show bgp ipv4 neighbors x.x.x.x advertised-routes
Unknown Object (User) created T4867: "show bgp neighbors ... advertised-routes" and some other commands fail for IPv4 neighbors.
Dec 8 2022
Dec 8 2022
jestabro renamed T4866: Rewrite show_interfaces to standardized form from Rewrite show_interfaces to standardized format to Rewrite show_interfaces to standardized form.
PR for show/reset functions:
https://github.com/vyos/vyos-1x/pull/1699
Viacheslav updated the task description for T4865: container impossible to generate local image from a file if it requires install some pkgs.
Viacheslav updated the task description for T4865: container impossible to generate local image from a file if it requires install some pkgs.
GitHub <noreply@github.com> committed rVYOSONEX7e449725bf90: Merge pull request #1698 from sever-sever/T4117 (authored by c-po).
fix for 1.4 PR https://github.com/vyos/vyos-1x/pull/1698
vyos@r14# cat /run/accel-pppd/l2tp.conf | grep dae-s dae-server=127.0.0.1:1700,testing123 [edit] vyos@r14#
Viacheslav added a project to T4117: Does not possible to configure PoD/CoA for L2TP vpn: VyOS 1.4 Sagitta.
Viacheslav changed the status of T4117: Does not possible to configure PoD/CoA for L2TP vpn from Needs testing to In progress.
GitHub <noreply@github.com> committed rVYOSONEXd37387dd4510: Merge pull request #1695 from aapostoliuk/T4862-sagitta (authored by c-po).
Viacheslav changed the status of T4861: Openconnect restart on adding users - Aborts all active connections from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX1669f59f2a97: Merge pull request #1696 from sever-sever/T4861 (authored by Viacheslav).
Dec 7 2022
Dec 7 2022
I can confirm the firewall errors are fixed in the newest rolling VyOS 1.4-rolling-202212070318
Viacheslav added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.
aserkin added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Yes they are. 192.168.101.10 - is an ip of vpn remote access subscriber. He's connected to interface l2tp0 (accel-ppp). And i'm just trying to open tcp connection to port 80 on client from peer node.
Viacheslav added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
@aserkin Thanks
Do l2tp clients in the network 192.168.101.x ? And you are trying to connect to some web resource behind l2tp?
aserkin added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
The firewall settings does not seem to catch the traffic going out of l2tp* interfaces.
admin@vyos-lns-1:~$ show config commands |grep firewall set firewall interface l2tp* out name 'nodefw' set firewall log-martians 'disable' set firewall name nodefw rule 100 action 'accept' set firewall name nodefw rule 100 protocol 'tcp' set firewall name nodefw rule 100 tcp flags syn set firewall name nodefw rule 100 tcp mss '1300'