- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Mar 9 2023
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1878
Mar 8 2023
There is the regex
It seems don't validate correctly if only one letter before the hyphen, underscores
vyos@r14# set firewall group domain-group a_aa
For "SSH" we have dynamic-protection
vyos@r14# set service ssh dynamic-protection
Possible completions:
+ allow-from Always allow inbound connections from these systems
block-time Block source IP in seconds. Subsequent blocks increase by a
factor of 1.5 (default: 120)
detect-time Remember source IP in seconds before reset their score (default:
1800)
threshold Block source IP when their cumulative attack score exceeds
threshold (default: 30)Mar 7 2023
@dex Update please the documentation if you want to help project or we'll do it later.
Thanks
The same task T5047
We cannot disable keepalived as it is used not only for VRRP and also for virtual-server
set high-availability virtual-server xxxx
So it should be something like set high-availability disable
Or just clean the VRRP configuration with set high-availability vrrp disable
To make sure that a script is not accidentally called without the vyattacfg group, the script can be safeguarded like this:
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fihttps://docs.vyos.io/en/latest/automation/command-scripting.html#executing-configuration-scripts
In T5045#144137, @aserkin wrote:
Mar 6 2023
PR https://github.com/vyos/vyos-1x/pull/1870
>>> from vyos.template import range_to_regex >>> >>> range_to_regex(['11-12', '14-15']) '(1[1-2]|1[4-5])' >>> >>>
I created a separate task for it T5057
The second bug is interface Regex does not work
Get:
interface=re:eth1\.\d+
Expect:
interface=re:^eth1\.(200\d|20[1-9]\d|2[1-9]\d{2}|3000)$PR https://github.com/vyos/vyos-1x/pull/1869
vyos@r14# run show conf com | match ipoe set service ipoe-server authentication mode 'noauth' set service ipoe-server interface eth1 client-subnet '100.64.24.0/24' set service ipoe-server interface eth1 network 'vlan' set service ipoe-server interface eth1 vlan '2000-3000' [edit] vyos@r14#
Check config:
vyos@r14# cat /run/accel-pppd/ipoe.conf | grep "\[ipoe" -A 7 [ipoe] verbose=1 interface=re:eth1\.\d+,shared=0,mode=L2,ifcfg=1,range=100.64.24.0/24,start=dhcpv4,ipv6=1 noauth=1 proxy-arp=1
It is incompatible with static entries.
Maybe it should be fixed after migrating to KEA-DHCP T3316
The similar task T5042
Mar 3 2023
VyOS 1.3-stable-202303030442 Works as expected
vyos@r1# run show conf com | match open set vpn openconnect authentication mode 'radius' set vpn openconnect authentication radius server 192.168.122.14 key 'vyos-secret' set vpn openconnect listen-ports tcp '4433' set vpn openconnect listen-ports udp '4433' set vpn openconnect network-settings client-ip-settings subnet '100.64.12.0/24' set vpn openconnect ssl ca-cert-file '/config/auth/ca.crt' set vpn openconnect ssl cert-file '/config/auth/server.crt' set vpn openconnect ssl key-file '/config/auth/server.key' [edit] vyos@r1# [edit] vyos@r1# run show version all | match ocser ii ocserv 1.1.6-3 amd64 OpenConnect VPN server compatible with Cisco AnyConnect VPN [edit] vyos@r1# [edit] vyos@r1# run show openconnect-server sessions interface username ip remote IP RX TX state uptime ----------- ---------- ------------- --------------- ------ --------- --------- -------- sslvpn0 foo 100.64.12.225 192.168.122.205 1.3 KB 152 bytes connected 55s [edit] vyos@r1#
PR https://github.com/vyos/vyos-1x/pull/1866
set high-availability vrrp global-parameters notification mail 'destination@bar.local' set high-availability vrrp global-parameters notification send-faults set high-availability vrrp global-parameters notification smtp-server address '127.0.0.1' set high-availability vrrp global-parameters notification smtp-server connection-timeout '30' set high-availability vrrp global-parameters notification smtp-server port '25' set high-availability vrrp global-parameters notification source-mail 'foo@bar.local' set high-availability vrrp global-parameters router-id 'MYROUTER'
As I understand there no percent or auto and it now expects only rate, needs to check
vyos@r14# set qos policy shaper test default bandwidth Possible completions: <number> Bits per second <number>bit Bits per second <number>kbit Kilobits per second <number>mbit Megabits per second <number>gbit Gigabits per second <number>tbit Terabits per second <number>
@Jimz Which lease time are you useing?
starts 5 2023/03/03 02:09:13; ends never;
With default config I see something like
lease 192.0.2.10 {
starts 5 2023/03/03 08:07:15;
ends 6 2023/03/04 08:07:15;
...Try the latest rolling release
Mar 2 2023
In T5041#143810, @fernando wrote:Could we use something like Dannil proposes? https://vyos.dev/T4883 , as you said FRR staticd don't allow this option but it could be useful when we have different mtu over the interface.
Cannot reproduce it with this configuration (VyOS 1.4-rolling-202302280651, don't have a lot of file descriptors):
set protocols bfd peer 192.0.2.5 multihop set protocols bfd peer 192.0.2.5 source address '192.0.2.1' set protocols bfd peer 192.0.2.6 multihop set protocols bfd peer 192.0.2.6 source address '192.0.2.1' set protocols bfd profile BBR interval multiplier '3' set protocols bfd profile BBR interval receive '350' set protocols bfd profile BBR interval transmit '350'
The thing is, we don't use iproute2 commands for adding a route. We use FRR staticd for it. As an exception failover route that uses iproute2 commands
FRRouting 8.4.2 doesn't have such option
r14(config)# ip route 192.0.2.1/32 203.0.113.1
<cr>
(1-255) Distance value for this route
INTERFACE IP gateway interface name
dum0 eth0 eth1 eth2 lo veth0 veth1 wg0
Null0 Null interface
color SR-TE color
label Specify label(s) for this route
nexthop-vrf Specify the VRF
table Table to configure
tag Set tag for this route
vrf Specify the VRFshow vpn ipsec remote-access shows only accel-ppp l2tp, pptp https://github.com/vyos/vyos-1x/blob/current/src/op_mode/show_vpn_ra.py
Feb 28 2023
PR for 1.3 https://github.com/vyos/vyos-build/pull/316
For 1.4
vyos@r14# run show version all | match ocser ii ocserv 1.1.6-3 amd64 OpenConnect VPN server compatible with Cisco AnyConnect VPN [edit] vyos@r14#
@Nova_Logic Is this bug still active?
It still requires testing
who can test if this feature works as expected?
@zsdc Can we close it?
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1859
Done in T4014
Feb 27 2023
Openconnect
[edit] vyos@r14# set vpn openconnect network-settings push-route 100.64.22.0/24 [edit] vyos@r14# commit [ vpn openconnect ] /usr/libexec/vyos/conf_mode/vpn_openconnect.py:32: DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 from crypt import crypt, mksalt, METHOD_SHA512