Thanks @Viacheslav will test ASAP, next week I have a maintenance window, will let you know.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 5 2023
Apr 5 2023
marc_s added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
a.apostoliuk changed the status of T5135: Rewrite opennhrp script using vyos.ipsec library from In progress to Needs testing.
Apr 4 2023
Apr 4 2023
Viacheslav changed the status of T5138: Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID from In progress to Needs testing.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from In progress to Needs testing.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX85b46a6b225c: Merge pull request #1937 from aapostoliuk/T5135-sagitta (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXe520e0841013: Merge pull request #1939 from sever-sever/T5145 (authored by c-po).
PR https://github.com/vyos/vyos-1x/pull/1939
set system login max-login-session '1' set system login timeout '600'
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system from Open to In progress.
Is it possible to implement multiple test targets instead of just one?
Bug: unable to rename a failover route:
@Viacheslav Ok!
Harliff awarded T1237: Static Route Path Monitoring, failover a Burninate token.
Harliff awarded T1237: Static Route Path Monitoring, failover a Like token.
Viacheslav updated the task description for T4712: Collaborative Protection Profile cPP for Network Devices root task.
@Harliff It is better to write to this task if you find bugs or propose new features.
So anyone could claim/fix it.
Thanks.
@Viacheslav, where is best place to discuss the feature (ask a question or report a bug)?
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav changed the status of T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events., a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events. from Open to In progress.
Nice feature. I'm testing it now.
Viacheslav changed the status of T5138: Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID from Open to In progress.
@neilmckee Thanks.
If output looks good we can close the task
a.apostoliuk changed the status of T5093: Command 'reset vpn ipsec-profile' doesn't work from In progress to Needs testing.
Viacheslav closed T4362: Wan Load Balancing - Can't create routing tables, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Resolved.
Apr 3 2023
Apr 3 2023
indrajitr changed the status of T5143: Apply constraint on powerdns forward-zones configuration from Open to In progress.
I think one of the problems is that all tables are generated even if there are no rules in it.
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Yes. Packet drops are classed as "event_samples" internally. Definitions for telemetry counters are here:
https://github.com/sflow/host-sflow/blob/v2.0.50-4/src/Linux/hsflowd.h#L460-L486
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs testing.
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables from Open to Needs testing.
@marc_s Will be fixed in the next rolling release, could you check?
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from In progress to Needs testing.
Will be available in the next rolling release.
GitHub <noreply@github.com> committed rVYOSONEX94b65bb3936b: Merge pull request #1932 from sever-sever/T5125 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXbcc9e2092b07: Merge pull request #1934 from sever-sever/T5141 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX95245860277a: Merge pull request #1933 from sever-sever/T5139 (authored by c-po).
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from Open to In progress.
Viacheslav added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
PR https://github.com/vyos/vyos-1x/pull/1933
set vpn ipsec authentication psk MY-PEER id '192.0.2.1' set vpn ipsec authentication psk MY-PEER id '192.0.2.10' set vpn ipsec authentication psk MY-PEER secret 'SeCrEt' set vpn ipsec esp-group ESP proposal 1 set vpn ipsec ike-group IKE key-exchange 'ikev2' set vpn ipsec ike-group IKE lifetime '0' set vpn ipsec ike-group IKE proposal 1 dh-group '14' set vpn ipsec ike-group IKE proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE proposal 1 hash 'sha256' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer MY-PEER authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer MY-PEER ike-group 'IKE' set vpn ipsec site-to-site peer MY-PEER local-address '192.0.2.1' set vpn ipsec site-to-site peer MY-PEER remote-address '192.0.2.10' set vpn ipsec site-to-site peer MY-PEER tunnel 1 esp-group 'ESP' set vpn ipsec site-to-site peer MY-PEER tunnel 1 local prefix '10.0.2.0/25' set vpn ipsec site-to-site peer MY-PEER tunnel 1 remote prefix '10.5.5.0/25'
Expected `no rekeying
vyos@r14:~$ sudo swanctl -L
MY-PEER: IKEv2, no reauthentication, no rekeying, dpd delay 30s
local: 192.0.2.1
remote: 192.0.2.10
local pre-shared key authentication:
remote pre-shared key authentication:
id: %any
MY-PEER-tunnel-1: TUNNEL, rekeying every 3272s, dpd action is none
local: 10.0.2.0/25
remote: 10.5.5.0/25
vyos@r14:~$Viacheslav changed the status of T5139: IKE life-time should start from 0 for disable rekey from Open to In progress.
Viacheslav changed the subtype of T5139: IKE life-time should start from 0 for disable rekey from "Bug" to "Feature Request".
PR https://github.com/vyos/vyos-1x/pull/1932
vyos@r14:~$ show sflow -------------------------- ----------------------------------- Agent address 192.168.122.14 sFlow interfaces ['eth0', 'eth1'] sFlow servers ['192.168.122.1', '192.168.122.11'] Counter samples sent 159 Datagrams sent 949 Packet samples sent 124 Packet samples dropped 0 Packet drops sent 815 Packet drops suppressed 0 Flow samples suppressed 0 Counter samples suppressed 0 -------------------------- ----------------------------------- vyos@r14:~$
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
@lcrockett Add please a new bug report.
It actually already exists: https://vyos.dev/T1981
@PSDev Add please a separate bug report
c-po moved T5136: Possible config corruption on upgrade from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5136: Possible config corruption on upgrade from Open to Finished on the VyOS 1.4 Sagitta board.
PR for VyOS 1.3 https://github.com/vyos/vyatta-cfg-system/pull/199
As mentioned on slack, there are quite a few contenders:
Apr 2 2023
Apr 2 2023
Harliff added a comment to T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.
I can confirm this bug in rolling 1.3-2023-03-30.
I created a PR based on the changes from the OSPF PR: https://github.com/vyos/vyos-1x/pull/1931
https://vyos.dev/T5085 did the changes for OSPF, but we need this for BGP too
We actually need the same for BGP...
c-po closed T5134: Try if netavark networks can be moved to a VRF instance, a subtask of T5082: container: switch to netavark network stack, as Resolved.
Unknown Object (User) added a comment to T5137: show tech support command.
Unknown Object (User) added a comment to T5137: show tech support command.
show_techsupport_report.py12 KBDownload
Apr 1 2023
Apr 1 2023
The packet-drop events are not really samples in the same way as the packets are random-samples and the counters are time-samples. Even if there is only 1 dropped packet it will be sent. So it might be better to change the wording from “Samples drop events sent” to something like “Packet drop events sent” or just “Packet drops sent”. Make sense?
GitHub <noreply@github.com> committed rVYOSONEX37740abd88aa: Merge pull request #1929 from sever-sever/T5125 (authored by c-po).
Apologies. I believe it is corrected now.
a.apostoliuk changed the status of T5135: Rewrite opennhrp script using vyos.ipsec library from Open to In progress.
c-po updated the task description for T5134: Try if netavark networks can be moved to a VRF instance.