In T4774#142529, @c-po wrote:Please note the WireGuard crypto Key routing concept: https://www.wireguard.com/#cryptokey-routing
Keys should not be re-used
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 13 2023
Feb 13 2023
Alfa80 awarded T4991: Restore path level information to compare output a Like token.
Please note the WireGuard crypto Key routing concept: https://www.wireguard.com/#cryptokey-routing
trae32566 updated subscribers of T4774: Disallow duplicate pubkey on peers of a wireguard interface.
Everything just worked fine.
service {
+ pppoe-server {
+ authentication {
+ mode radius
+ radius {
+ server 172.31.255.2 {
+ key 123456
+ }
+ }
+ }
+ interface eth1 {
+ }
+ }
}sarthurdev moved T5003: Upgrade base system to Debian 12 "Bookworm" from Open to In Progress on the VyOS 1.4 Sagitta board.
sarthurdev changed the status of T5003: Upgrade base system to Debian 12 "Bookworm" from Open to In progress.
Feb 12 2023
Feb 12 2023
Viacheslav changed the status of T4990: Commit results may not be properly saved if power is cut immediately after a successful commit from Open to Needs testing.
Sorry about the trouble - fixed in next rolling release.
Viacheslav changed the status of T4998: pppoe username validation too restrictive (regression) from Open to In progress.
Viacheslav changed the status of T5001: Replace links to the phabricator site from Open to In progress.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1813
Viacheslav changed the status of T4999: vyos.util backport dict_search_recursive from Open to In progress.
Viacheslav changed the subtype of T4999: vyos.util backport dict_search_recursive from "Bug" to "Feature Request".
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1812
Viacheslav removed a parent task for T4967: Ability to set hostname for the container: T4564: Root task for rewriting [op-mode] to vyos.opmode format.
okay, so with https://vyos.dev/T4997 in place (tested via my custom build https://github.com/b-/vyos-build-action/releases/tag/v1.4-rolling_bri_add-dhcp-user-hooks ) and the following file in /config/scripts/dhcp-client/post-hooks.d/set-addrgroup
#!/bin/sh # # /config/scripts/dhcp-client/post-hooks.d/set-addrgroup
Feb 11 2023
Feb 11 2023
Reading more of the fancy internal scripting going on inside VyOS, there's already both a place to put this script (that would cause it to automatically be called by dhclient upon a new address), _and_ it sets a bunch of variables for us so I don't have to hac hac hac parse output that really isn't intended to be parsed. https://github.com/vyos/vyos-1x/tree/current/src/etc/dhcp/dhclient-exit-hooks.d
c-po added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
This is quiet interesting as container memory defaults to 512.
c-po changed the status of T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536 from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEXc99c1127d3bc: Merge pull request #1806 from sever-sever/T2603-eq (authored by dmbaturin).
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
WAN_IF_GROUP=wan
show firewall group interface ${WAN_IF_GROUP} | cut -c 2- | cut -d' ' -f2 > /tmp/WANS
WANS=$(</tmp/WANS)
getip(){
#ip -4 a show ${1} | grep -Po 'inet \K[0-9.]*'
run show interface ${1:0:3} $1 brief | tr -s ' ' | grep $1 | cut -d' ' -f2 | cut -d/ -f1 | grep -v ':'
# returns like 123.234.34.34
# grep -v : removes ipv6
}In T2196#125917, @lue30499 wrote:This feature would be very helpfull for hairpin nat as we can see from the mentions.
Might also be helpfull for ipv6 as well.
I am aware its a different product but edgeos from ubiquiti does something like this (looks to be a managed address group that populates dynamically) for nat and fw:destination { group { address-group ADDRv4_eth0 } }
I just want to really strongly second this issue — if this feature isn't added and I can't find a good workaround, I won't be able to stick with VyOS :(
Feb 10 2023
Feb 10 2023
Restricted Repository Identity closed T4857: SNMP - Implement FRR SNMP recommendations as Resolved by committing rVYOSONEX847434e1e34e: Merge pull request #1805 from nicolas-fort/T4857-frr-fix.
GitHub <noreply@github.com> committed rVYOSONEX847434e1e34e: Merge pull request #1805 from nicolas-fort/T4857-frr-fix (authored by c-po).
c-po closed T4995: pppoe, wwan and sstp-client - rename user -> username on authentication as Resolved.
c-po changed the status of T4995: pppoe, wwan and sstp-client - rename user -> username on authentication from Open to In progress.
Thanks @Viacheslav, that makes sense.
a.apostoliuk changed the status of T4993: Can't delete conntrack ignore rule from Open to In progress.
Take a look at this T4165
Maybe the same issue but per rule. Different order of "comment"
Viacheslav edited projects for T4993: Can't delete conntrack ignore rule, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Viacheslav updated the task description for T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set.
Viacheslav added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
Thanks for reporting.
We will take a look at it.
Viacheslav changed the status of T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set from Open to Confirmed.
Viacheslav moved T1993: Extended pppoe rate-limiter from Open to Finished on the VyOS 1.4 Sagitta board.
GitHub <noreply@github.com> committed rVYOSONEX7000d33d3dd2: Merge pull request #1808 from sever-sever/T1993 (authored by c-po).
anon3fe35 added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
I have the same issue
Some adjustments made for command output; re-testing for PR.
Feb 9 2023
Feb 9 2023
Running smoketests; PR's to follow:
jestabro added a parent task for T4991: Restore path level information to compare output: T4942: Rewrite vyatta-config-mgmt to Python/XML.
jestabro changed the status of T4991: Restore path level information to compare output from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX078faa6718c2: Merge pull request #1793 from aapostoliuk/T4905-sagitta (authored by dmbaturin).
Viacheslav added a comment to T4852: pppoe - static default route deleted automatically with default-route none option.
eth0 -> PPPoE (Primary link)
eth1 -> DHCP (Backup link)if I use default-route 'auto' for pppoe then default route via pppoe is not getting configured. That's why I am defining the static default route for pppoe with default-route 'none' option.
pratik.g added a comment to T4852: pppoe - static default route deleted automatically with default-route none option.
I have two wan links as following-
Nova_Logic added a comment to T4376: DNAT with multiwan and policy routing, incoming connections only work on primary interface.
It looks like mine issue with wan load balancing - reply for dnat-ed packets from secondary interfaces was sent by vyos from "primary" https://phabricator.vyos.net/T4587 . Could you dump traffic and check that possibility
Viacheslav changed the status of T4971: Radius attribute "Framed-Pool" for PPPoE from In progress to Needs testing.
@fernandolcx Will be present in the next rolling release, could you test it (after 20230209)?
GitHub <noreply@github.com> committed rVYOSONEXc300df1e5a22: Revert "container: T4959: Add container registry authentication config for… (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX10ab68a018dd: Merge pull request #1790 from Zen3515/current-add-container-login (authored by c-po).