I made an attempt at integrating openvpn-dco into the build here https://github.com/spion06/vyos-build/tree/ovpn-dco. This works fine for me in my testing so far. The kernel module loaded, verified in the logs that it detected and used the dco tunnel. I'm not super familiar with the build system or what else would need to be done for contributing this. I'm just and end-user who would like to see this feature :)
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 28 2023
Apr 28 2023
Apr 27 2023
Apr 27 2023
zsdc changed the status of T5190: Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0 from Open to In progress.
c-po moved T5010: bgp: EVPN route-target not honored from Open to Finished on the VyOS 1.4 Sagitta board.
Your CLI config is valid in general but FRR will refuse it with the error message: This command is only supported under EVPN VRF
GitHub <noreply@github.com> committed rVYOSONEXc2e8bbc64a5c: Merge pull request #1972 from sever-sever/T5181 (authored by c-po).
Viacheslav edited projects for T5188: Update Intel igc driver for improved 2.5 GbE support, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Dear Jestabro,
i built an updated docker image and a new ISO, i do confirm now IPv6 is working correctly.
GitHub <noreply@github.com> committed rVYOSONEX5875f9a5e365: Merge pull request #1721 from dmbaturin/T4888-conntrack-sync-op-mode (authored by jestabro).
jestabro changed the status of T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0 from Unknown Status to Resolved.
jestabro changed the status of T5176: http-api: update vyos-http-api-tools for FastAPI security vulnerability, a subtask of T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0, from Unknown Status to Resolved.
jestabro changed the status of T5176: http-api: update vyos-http-api-tools for FastAPI security vulnerability from Unknown Status to Resolved.
GitHub <noreply@github.com> committed rVYOSONEX2c5307d42e0d: Merge pull request #1969 from jestabro/eq-multipart-parser (authored by dmbaturin).
Ok, if we merge the patch (backported to frr v8.5), this task can be close.
Viacheslav reopened T5181: Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd as "Needs testing".
Viacheslav edited projects for T5186: QoS test cannot pass for 1.3, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.4 Sagitta.
I think the only solution is to use network namespaces
https://docs.strongswan.org/docs/5.9/howtos/nameSpaces.html
Usernames usually take the following format: abc-1234-12
Passwords are a combination of alphanumeric characters.
In T5116#147640, @c-po wrote:Do you know how to tell Linux to use nameservers within a VRF?
What you mean IPSec/OpenVPN "punch a tunnel through a VRF" ? So the underlay should run via a VRF? source-interface binding does not work?
Apr 26 2023
Apr 26 2023
Thanks for opening the task; note that Viacheslav had opened
https://vyos.dev/T5185
as well, and the updates on the now fixed issue can be found there. This task can be merged into that one and closed.
Merged and repos updated, so this will be in the next nightly build. Note that for a local build, one will need an updated Docker image for the update to vyos1x-config.
Do you know how to tell Linux to use nameservers within a VRF?
What you mean IPSec/OpenVPN "punch a tunnel through a VRF" ? So the underlay should run via a VRF? source-interface binding does not work?
c-po moved T5132: Operational command "show isis vrf XXX route | neighbord" aren't working from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5134: Try if netavark networks can be moved to a VRF instance from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5174: vrf: ensure no duplicate VNIs can be created from Open to In Progress on the VyOS 1.4 Sagitta board.
c-po moved T4998: pppoe username validation too restrictive (regression) from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5114: bgp: implement new CLI commands introduced in FRR 8.5 from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T366: SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5170: Relocate ntp config path in config.boot.default from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5075: QoS removes interface mirror/redirect rules from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5178: Fix missed case in multi_to_list conversion from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro changed the status of T5185: Static IPv6 route with blackhole fails from Open to In progress.
This is a simple bug in the recently introduced configtree node name comparison function; fixed and should be in next rolling.
Do you have users/passwords with specsymbols or not utf-8 or some ascii symbols?
hmmm very strange.... here is my configuration (IP addresses removed):
Could you provide l2tp configuration? show conf com | match l2tp
I cannot reproduce it
vyos@r14:~$ vyos@r14:~$ show l2tp-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes --------+----------+--------------+-----+--------+---------------+------------+--------+----------+----------+---------- l2tp0 | alice | 100.64.203.0 | | | 192.168.122.1 | | active | 00:00:10 | 246 B | 208 B vyos@r14:~$ vyos@r14:~$ vyos@r14:~$ show version Version: VyOS 1.4-rolling-202304261027 Release train: current
@Viacheslav It hangs for a while and then eventually the following output:
@joshua.hanley Could you provide the output of the next command?
sudo accel-cmd -p 2004 show sessions
joshua.hanley updated the task description for T5184: Unable to display L2TP sessions l2tp-server sessions.
SrividyaA changed the status of T5127: VPNv4/VPNv6 routes are not reinstalled following link flap from Open to Confirmed.
PR with dependencies: https://github.com/vyos/vyos-build/pull/341
GitHub <noreply@github.com> committed rVYOSONEX930f76cf88a4: Merge pull request #1971 from sever-sever/T5181 (authored by c-po).
Apr 25 2023
Apr 25 2023
PR (for build): https://github.com/vyos/vyos-build/pull/340
GitHub <noreply@github.com> committed rVYOSONEX28429f615e1e: Merge pull request #1970 from jestabro/xml-merge (authored by c-po).
zsdc changed the status of T5180: initramfs-tools ignores firmware from updates directory from Open to In progress.
Viacheslav added a comment to T5181: Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd.
Incorrect modify modify_section: starting search for '^vrf protocols' until '^exit-vrf'
vyos@r14# delete vrf name red vni
[edit]
vyos@r14# commit
[ vrf name red vni 3000 ]
{'name': {'protocols': {'bgp': {'address_family': {'ipv4_unicast': {'redistribute': {'connected': {}}},
'l2vpn_evpn': {'advertise': {'ipv4': {'unicast': {}}}}},
'system_as': '65001'}},
'table': '3000'}}
load_configuration: Configuration loaded from FRR daemon zebra
load_configuration: loaded 0 !
load_configuration: loaded 1 frr version 8.5
load_configuration: loaded 2 frr defaults traditional
load_configuration: loaded 3 hostname debian
load_configuration: loaded 4 log syslog
load_configuration: loaded 5 log facility local7
load_configuration: loaded 6 hostname r14
load_configuration: loaded 7 service integrated-vtysh-config
load_configuration: loaded 8 !
load_configuration: loaded 9 vrf red
load_configuration: loaded 10 vni 3000
load_configuration: loaded 11 exit-vrf
load_configuration: loaded 12 !
load_configuration: loaded 13 end
modify_section: starting search for '^vrf protocols' until '^exit-vrf'Two cents from the fields. It will be nice to see vrf aware cg-nat solution, when subscribers from a number of "inside" vrfs NAT'ed into one outside vrf. Of course if that's possible.
Viacheslav updated the task description for T5181: Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd.
Viacheslav renamed T5181: Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd from Wrong dependencies or priorities for zebra vni vrf and bgpd to Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd.
jestabro renamed T5178: Fix missed case in multi_to_list conversion from Fix misssed case in multi_to_list conversion to Fix missed case in multi_to_list conversion.