PR 1.4 https://github.com/vyos/vyos-1x/pull/1804
PR 1.3 https://github.com/vyos/vyos-1x/pull/1806
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 8 2023
Feb 8 2023
n.fort changed the status of T4857: SNMP - Implement FRR SNMP recommendations from Confirmed to Needs testing.
Viacheslav changed the subtype of T4972: Support FQDN and IPv6 addresses for RADIUS servers in accel-ppp-backed protocols from "Task" to "Feature Request".
Viacheslav triaged T4972: Support FQDN and IPv6 addresses for RADIUS servers in accel-ppp-backed protocols as Wishlist priority.
Viacheslav added a comment to T4852: pppoe - static default route deleted automatically with default-route none option.
Why did you delete this option and add a static route? Is there any use case?
Viacheslav added a comment to T4852: pppoe - static default route deleted automatically with default-route none option.
This option has more priority than others.
Viacheslav closed T1288: FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*) as Resolved.
Rewritten in 1.4
We are not planning to modify it in 1.3
Viacheslav added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Got it; it is impossible for now after this migration https://phabricator.vyos.net/T3090
We are working on the re-design firewall CLI
Viacheslav changed the status of T4948: pppoe: add CLI option to allow definition of host-uniq flag from In progress to Needs testing.
Viacheslav changed the subtype of T4985: reset vpn ipsec-peer command with peer name does not work from "Task" to "Bug".
Feb 7 2023
Feb 7 2023
Viacheslav closed T4868: L2TP ppp-options ipv6 does not work without ipv6 pool but should as Resolved.
Viacheslav moved T4980: chrony not listening as a server from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T4117: Does not possible to configure PoD/CoA for L2TP vpn from Open to Finished on the VyOS 1.4 Sagitta board.
I built a 1.4 ISO after my change was merged and deployed it to my home network. Setting a restrictive allow list works as expected, only the allowed IPs/subnets are able to use NTP. Removing all allow IPs prevents chrony/ntp from even listening to port 123. I don't think the "deny all" is needed in the code at all, but it is also not preventing the service to run as expected so I'll leave it.
Viacheslav changed the status of T4969: QoS Policy - Unable to set class match mark number from In progress to Needs testing.
Viacheslav changed the status of T4980: chrony not listening as a server from Open to Needs testing.
aderouineau updated subscribers of T4123: checksum file fails to download from AWS S3 in rolling-release.
@c-po is this an S3 bucket policy issue, or do the files not exist?
Viacheslav added a comment to T4982: OpenConnect should have TLS 1.0 and TLS 1.1 disabled by default.
Setting it configurable will be a good solution.
Just like it is done in OpenVPN
vyos@r14# set interfaces openvpn vtun0 tls tls-version-min Possible completions: 1.0 TLS v1.0 1.1 TLS v1.1 1.2 TLS v1.2 1.3 TLS v1.3
Viacheslav changed the subtype of T4981: Warn when a nat rule evicts a set of other active rules from "Task" to "Feature Request".
Zen3515 added a comment to T4983: `shutdown_required` should be set when running command `connect interface wwan0`.
Maybe, we need to handle cron script differently if ping failed?
Please let me know what should be the direction for solving this issue.
Zen3515 renamed T4983: `shutdown_required` should be set when running command `connect interface wwan0` from shutdown_required' to `shutdown_required` should be set when running command `connect interface wwan0`.
Feb 6 2023
Feb 6 2023
Kyle Mitchell <kyle.m.mitchell@oracle.com> committed rVYOSONEXba6277dfa089: ntp: T4980: change chrony deny all logic.
GitHub <noreply@github.com> committed rVYOSONEX6b9b36db47a4: Merge pull request #1802 from kylem0/T4980 (authored by c-po).
Alfa80 changed Issue type from unspecified to feature on T4981: Warn when a nat rule evicts a set of other active rules.
We also need to increase opened file descriptors (ulimit -n) to listen limit + some margin.
And consider adding a warning about increasing net.core.optmem_max for systems with a limit of more than 100 peers.
n.fort changed the status of T2408: DHCP Relay upstream and downstream interfaces from In progress to Needs testing.
a.apostoliuk added a comment to T4943: Radius SSH login displays "permission denied" on 1.4 rolling release.
It is a problem with mapping user to radius_priv_user
This problem began after https://github.com/vyos/vyos-1x/commit/765f84386b6e94984ff79db2eab36d51f759159b#diff-0ab0ed71ce757261c4a6ae2f3a5bc441d6257d477bfb5435ae38f230777ff81cR51
If I set in sshd_config
Viacheslav changed the status of T4971: Radius attribute "Framed-Pool" for PPPoE from Open to In progress.
jack9603301 added a comment to T4921: Miniupnpd only allows for IGDv2 while IGDv1 is mostly common used and supported.
I'm not free now. I'll check it when I'm free
Feb 5 2023
Feb 5 2023
@Viacheslav unfortunately I am not too familiar with your build system, but basically you need to clone the ovpn-dco repository (https://github.com/OpenVPN/ovpn-dco.git) and compile it against your kernel, as you would normally do for any other out-of-tree kernel module.
GitHub <noreply@github.com> committed rVYOSONEX0a5579b84d7c: Merge pull request #1801 from c-po/fix-tftp-smoketest (authored by c-po).
PR for alternative completion helper. This provides the same args/output of the Python script, with a speedup of 1--2 orders of magnitude; testing needed.
https://github.com/vyos/vyos-utils/pull/11
GitHub <noreply@github.com> committed rVYOSONEX3eb77660f6bb: Merge pull request #1798 from c-po/t4975-equuleus (authored by c-po).
I just confirmed that it's still reproducible in VyOS 1.4-rolling-202301241944. It seems that I cannot copy stanza to a new name instead of trying to rename it, either.
Feb 4 2023
Feb 4 2023
A basic implementation: https://github.com/vyos/vyos-1x/pull/1800
when an incompatible option is found, OpenVPN will simply disable DCO and go back to tun (this info will be logged). Therefore the limitations should not be a reason for not including DCO in VyOS.
GitHub <noreply@github.com> committed rVYOSONEX9ee41e63880e: Merge pull request #1603 from nicolas-fort/T2408 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX437f96843bed: GitHub: update assign author action to version 1.6.2 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXd2885ad028ec: T4969: fix class match mark number (authored by daniil).
GitHub <noreply@github.com> committed rVYOSONEX55877a9914ce: Merge pull request #1792 from DaniilHarun/current (authored by c-po).
c-po moved T4975: CLI does not work after cutting off the power or reset from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T4975: CLI does not work after cutting off the power or reset from Need Triage to 1.3.3 on the VyOS 1.3 Equuleus board.
c-po moved T4975: CLI does not work after cutting off the power or reset from In Progress to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 which makes the change available for every config subsystem https://github.com/vyos/vyos-1x/pull/1798
GitHub <noreply@github.com> committed rVYOSONEX3329943339ce: Merge pull request #1797 from ServerForge/current (authored by c-po).
Feb 3 2023
Feb 3 2023
In T3871#141847, @jestabro wrote:Before adopting the approach mentioned above, there was development of an alternative using pyudev within an 'interface-monitor' daemon; the following branches contain (a version of) the rebased code. It would need a few hours of attention to check the logic and add the is_persistent check from vyos-interface-rescan.py; it could use some refactoring as well.
https://github.com/vyos/vyos-1x/compare/current...jestabro:vyos-1x:interface-monitor
https://github.com/vyos/vyatta-cfg/compare/current...jestabro:vyatta-cfg:interface-monitor
https://github.com/vyos/vyos-build/compare/current...jestabro:vyos-build:interface-monitor
Before adopting the approach mentioned above, there was development of an alternative using pyudev within an 'interface-monitor' daemon; the following branches contain (a version of) the rebased code. It would need a few hours of attention to check the logic and add the is_persistent check from vyos-interface-rescan.py; it could use some refactoring as well.
ghavag updated the task description for T4976: Unable to form bond with Broadcom Inc. BCM57454 NetXtrem-E.
GitHub <noreply@github.com> committed rVYOSONEXb9ba0a67da3f: Merge pull request #1796 from zdc/T4975-equuleus (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEXbcee46aaed5b: Merge pull request #1795 from zdc/T4975-sagitta (authored by dmbaturin).
### generated by accel_pppoe.py ### [modules] log_syslog pppoe shaper radius ippool auth_pap auth_chap_md5 auth_mschap_v1 auth_mschap_v2
Viacheslav changed the status of T4969: QoS Policy - Unable to set class match mark number from Open to In progress.