I looked into it, but there doesn't seem to be a way to temporarily disable a particular interface in DHCP relay.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 24 2023
Feb 24 2023
Have you try getting same result using VRRP transitions scripts?
zsdc added a comment to T4943: Radius SSH login displays "permission denied" on 1.4 rolling release.
Viacheslav updated the task description for T5029: Nginx change default root directory and fix regex.
jestabro changed Difficulty level from unknown to easy on T5030: HTTPS-API delete key without id error.
a.apostoliuk changed the status of T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from Needs testing to In progress.
zsdc changed the status of T4943: Radius SSH login displays "permission denied" on 1.4 rolling release from Open to In progress.
Looks like a new nightly rolling update was finally released (vyos-1.4-rolling-202302231931-amd64) 🎉 I just installed it and so far it looks good. I'm no longer getting the 502 errors / segfault. Thanks again!
I can confirm adding this packaged worked, you can now mount with
Feb 23 2023
Feb 23 2023
It looks like I also need to add the exfat-fuse package inorder to get the helpers for mounting filesystems.
The above repos are suitable for testing: basic tests in vm's and a Protecli device look fine. Note that the vyos-1x repo artificially disables the potential config mode reordering in order to confirm tests of vyos-interface-monitor.:
https://github.com/vyos/vyos-1x/commit/02d874e65262cbd53b413b3eef659b8e7d78bf31
Viacheslav added a project to T5007: Interface multicast setting is invalid: VyOS 1.3 Equuleus (1.3.3).
Hey @fernando thanks for your comment.
Personally I haven't tried openvpn2.6.0 + ovpn-dco on Debian 12 yet. However, there should be no real difference as ovpn-dco can happily run up to linux-6.1/6.2 as well.
Viacheslav changed the status of T5028: Add package exfatprogs to VyOS from In progress to Needs testing.
@ordex nice your reply here , we're planning to introduce it in our last upgrade version( we need to upgrade openvpn version to work with opvn-dco ) , Di you try it on Debian 12? My current environment was over Debian 11, if you have any suggestion it will good to know.
Viacheslav closed T5013: Extend accelppp.py op-mode to get subnet start stop info from config, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
PR https://github.com/vyos/vyos-1x/pull/1842
vyos@r14:~$ /usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py test_openvpn_client_interfaces (__main__.TestInterfacesOpenVPN.test_openvpn_client_interfaces) ... ok test_openvpn_client_verify (__main__.TestInterfacesOpenVPN.test_openvpn_client_verify) ... ok test_openvpn_options (__main__.TestInterfacesOpenVPN.test_openvpn_options) ... ok test_openvpn_server_net30_topology (__main__.TestInterfacesOpenVPN.test_openvpn_server_net30_topology) ... ok test_openvpn_server_subnet_topology (__main__.TestInterfacesOpenVPN.test_openvpn_server_subnet_topology) ... ok test_openvpn_server_verify (__main__.TestInterfacesOpenVPN.test_openvpn_server_verify) ... ok test_openvpn_site2site_interfaces_tun (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_interfaces_tun) ... ok test_openvpn_site2site_verify (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_verify) ... ok
secret has been deprecated
static key mode (non-TLS) is no longer considered "good and secure enough" for today's requirements. Use TLS mode instead. If deploying a PKI CA is considered "too complicated", using --peer-fingerprint makes TLS mode about as easy as using --secret.https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst
Config VyOS:
set interfaces openvpn vtun5001 local-address 203.0.113.1 set interfaces openvpn vtun5001 mode 'site-to-site' set interfaces openvpn vtun5001 remote-address '192.0.2.5' set interfaces openvpn vtun5001 shared-secret-key 'ovpn_test' set pki openvpn shared-secret ovpn_test key '9caf354e0f313b3a671d01e62ea2b512346a651dd30a9e51d6c45dc1031f1b0931eabdf7a0ddcbe1a147ff882ccce35dcb5e1d4d6ddb5e909ca012a8d8e16fe50dd332005dff9a836a2852f36e84e27bad07993a8094c56fb0553866ef74c6c5cc6ddb8f4673d3ff300c48068b944bd8ba1100d41f91d156bcd2629ff39837ddcb34d93147a4aabc7e6ad95d5800c82c8ab60ba302d6625a3b26fbfe183fd6c06d884be44edde344fd0ac91a33064529e010eba0c0f495fa44519fd98adb97452a27fb3340bc20efadd68c9538aa4a238c9f58f542e3571ec78790fdd03e678e18631b82edb9358a2c55ce581d68b71881cad0d0419d4cc58c13641f84281260' set pki openvpn shared-secret ovpn_test version '1'
Feb 22 2023
Feb 22 2023
Viacheslav changed the status of T5025: Time-zone validation failed from In progress to Needs testing.
Viacheslav changed the status of T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536 from In progress to Needs testing.
In T5022#143112, @syncer wrote:@Viacheslav can you see what auth modes supported by keepalive
also I think we don't need to configure bothset high-availablilty vrrp global notification_email [email protected] set high-availablilty vrrp global notification_email_from [email protected]or that is destination and from ?
Yes @syncer . One option is for source and other for destination.
sarthurdev changed the status of T5023: PKI commit fails to update dependents from In progress to Needs testing.
Viacheslav updated the task description for T5024: check-qemu-install VM is not shutdown the first time.
sarthurdev changed the status of T5023: PKI commit fails to update dependents from Open to In progress.
Feb 21 2023
Feb 21 2023
@Viacheslav can you see what auth modes supported by keepalive
also I think we don't need to configure both
sarthurdev changed the status of T5003: Upgrade base system to Debian 12 "Bookworm" from In progress to Needs testing.
Builds completing. ISO worker on Jenkins should be fixed and pushing new rolling images shortly.
Viacheslav closed T5020: Extend openvpn.py op-mode to get a list of configured clients, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Also bug with ifb interface
vyos@r14# set interfaces input ifb0 [edit] vyos@r14# set interfaces ethernet eth0 redirect 'ifb0'
Viacheslav changed the status of T5007: Interface multicast setting is invalid from Open to Needs testing.
marc_s added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
Thanks @Viacheslav https://github.com/vyos/vyos-1x/pull/1838 fixed it for me.
Viacheslav added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
Cherry-pick for 1.3.3 https://github.com/vyos/vyos-1x/pull/1838
krox2 closed T5021: IPsec SA is closed before negotiating a new one or it is negotiated on every second if big life-time is set in swanctl.conf as Resolved.
it's fixed already in vyos/vyos-build#293 (although in a different way), just downloaded the newest image and tested it. I'm closing this ticket, apologies for the noise.
Viacheslav added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
The thing is we have default values (for example memory) only for the first container:
##################################################
{'name': {'multitool': {'description': 'Network multitool container',
'image': 'wbitt/network-multitool:fedora',
'memory': '512',
'network': {'cntr-net': {}},
'port': {'http': {'destination': '80',
'protocol': 'tcp',
'source': '80'}},
'restart': 'on-failure',
'shared_memory': '64'},
'nrpe': {'allow_host_networks': {},
'image': 'incitem/almalinux9:nrpe',
'protocol': 'tcp'},
'radius': {'allow_host_networks': {},
'image': 'dchidell/radius-web',
'protocol': 'tcp',
'volume': {'clients': {'destination': '/etc/raddb/clients.conf',
'mode': 'rw',
'source': '/config/containers/radius/clients'},
'users': {'destination': '/etc/raddb/users',
'mode': 'rw',
'source': '/config/containers/radius/users'}}}},
'network': {'cntr-net': {'description': 'VyOS Container Network',
'prefix': ['172.253.253.0/24']}},
'registry': ['docker.io', 'quay.io']}
##################################################pratik.g added a comment to T4852: pppoe - static default route deleted automatically with default-route none option.
@Viacheslav Its working fine on latest vyos image. Thanks for support.
Feb 20 2023
Feb 20 2023
marc_s added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
Same problem here, on 1.3:
Viacheslav renamed T5020: Extend openvpn.py op-mode to get a list of configured clients from Extend openvpn.py op-mode to get list of configured clients to Extend openvpn.py op-mode to get a list of configured clients.
Viacheslav changed Version from - to 1.4 on T5020: Extend openvpn.py op-mode to get a list of configured clients.
Viacheslav renamed T5020: Extend openvpn.py op-mode to get a list of configured clients from Extend openvpn.py op-mode to get number of configured clients to Extend openvpn.py op-mode to get list of configured clients.
a.apostoliuk changed the status of T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from In progress to Needs testing.
Viacheslav changed the status of T5020: Extend openvpn.py op-mode to get a list of configured clients, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Viacheslav changed the status of T5020: Extend openvpn.py op-mode to get a list of configured clients from Open to In progress.
Viacheslav added a project to T5011: Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped: VyOS 1.3 Equuleus (1.3.3).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1833
Feb 19 2023
Feb 19 2023
@c-po confirmed fixed, thank you.
Feb 18 2023
Feb 18 2023
c-po moved T5017: Bug with validator interface-name from Finished to In Progress on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5017: Bug with validator interface-name from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
A 2nd proposal could be:
n.fort changed Version from - to vyos-1.4-rolling-202302150317 on T5016: Policy Route - Add load balancer capabilities.