In T3655#131502, @Viacheslav wrote:I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth1 address '192.0.2.1/24' set interfaces ethernet eth1 vrf 'foo' set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo' set system conntrack set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0' set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default' set vrf name foo table '1010'Nftables
root@r14:/home/vyos# cat nat.nft flush ruleset table ip filter { flowtable fastnat { hook ingress priority filter devices = { eth0, eth1 } } chain forward { type filter hook forward priority filter; policy accept; ip protocol { tcp, udp } flow add @fastnat } } table ip nat { chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; ip saddr 192.0.2.0/24 oif "eth0" snat to 192.168.122.14 persistent } chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } }Conntrack table
vyos@r14:~$ sudo conntrack -F conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. vyos@r14:~$ vyos@r14:~$ sudo conntrack -L tcp 6 431999 ESTABLISHED src=192.168.122.14 dst=192.168.122.1 sport=22 dport=44462 src=192.168.122.1 dst=192.168.122.14 sport=44462 dport=22 [ASSURED] mark=0 use=1 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33018 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33018 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=37517 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=37517 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=59794 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=59794 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39288 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39288 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39616 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39616 [OFFLOAD] mark=0 use=2 icmp 1 29 src=192.0.2.2 dst=1.1.1.1 type=8 code=0 id=12387 src=1.1.1.1 dst=192.168.122.14 type=0 code=0 id=12387 mark=0 use=1 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=41155 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=41155 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39829 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39829 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33655 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33655 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=44835 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=44835 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=40213 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=40213 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33729 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33729 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=48344 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=48344 [OFFLOAD] mark=0 use=2 conntrack v1.4.6 (conntrack-tools): 14 flow entries have been shown. vyos@r14:~$
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
May 12 2023
May 12 2023
GitHub <noreply@github.com> committed rVYOSONEX380bc7ddf6b9: T2778: Fix syslog octet_counted format (authored by Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <me@bjw-s.dev>).
GitHub <noreply@github.com> committed rVYOSONEX25ddb57b66de: Merge pull request #2003 from bjw-s/octet_counted (authored by c-po).
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
GitHub <noreply@github.com> committed rVYOSONEXc60e9c932cab: Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-x (authored by c-po).
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
GitHub <noreply@github.com> committed rVYOSONEX0224707acc72: Merge pull request #2002 from Zen3515/fix-cloudflare-ddns (authored by c-po).
Viacheslav changed the status of T5221: BGP as-override behavior differs from new FRR and other vendors from In progress to Needs testing.
Viacheslav edited projects for T5221: BGP as-override behavior differs from new FRR and other vendors, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Viacheslav renamed T5222: Add load-balancing reverse-proxy based on haproxy from Add loadbalancing based on haproxy to Add load-balancing based on haproxy .
PR with the fix: https://github.com/vyos/vyos-build/pull/350
zsdc changed the status of T5221: BGP as-override behavior differs from new FRR and other vendors from Open to In progress.
In T5186#148559, @c-po wrote:Reverted Kernel back to 5.4.234 for upcoming 1.3.3. release.
Zen3515 changed the status of T5219: ddclient: Cloudflare doesn't require login from Open to In progress.
I've create a pull request for this task at https://github.com/vyos/vyos-1x/pull/2002
Reverted Kernel back to 5.4.234 for upcoming 1.3.3. release.
c-po closed T2778: Migrate "system syslog" to get_config_dict() to support new features as Resolved.
c-po moved T2778: Migrate "system syslog" to get_config_dict() to support new features from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po changed the status of T2769: Add VRF support for syslog, a subtask of T2778: Migrate "system syslog" to get_config_dict() to support new features, from Unknown Status to Resolved.
GitHub <noreply@github.com> committed rVYOSONEX0b85c416525e: Merge pull request #2001 from c-po/t2769-syslog-vrf-backport (authored by Viacheslav).
GitHub <noreply@github.com> committed rVYOSONEX25545b1e3cf2: Merge pull request #1999 from dmbaturin/T5251-vrrp-group-ping-fix (authored by jestabro).
May 11 2023
May 11 2023
GitHub <noreply@github.com> committed rVYOSONEX59b8b3879a3f: Merge pull request #1998 from sever-sever/T5171 (authored by c-po).
c-po moved T2769: Add VRF support for syslog from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T2769: Add VRF support for syslog from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Backport for 1.3.3 https://github.com/vyos/vyos-1x/pull/2001
GitHub <noreply@github.com> committed rVYOSONEXd051e9def858: Merge pull request #2000 from dmbaturin/T5195-remove-snake-case-function (authored by jestabro).
Viacheslav edited projects for T5219: ddclient: Cloudflare doesn't require login, added: VyOS 1.4 Sagitta; removed ddclient.
@c-po I guess it should be v5.4.234
In T4362#148361, @masterit wrote:one issue.
the migration scripts don't take into account older load balancing configs.if the test > rule > type > ping isn't explicitly set then the rule defaults to the next hop address and ignores the rule entirely.
the default rule seems to be the next hop address for the interface.
Viacheslav added a comment to T5171: Use XML for conf-mode "load-balancing wan" instead of legacy templates.
set default check type ping https://github.com/vyos/vyos-1x/pull/1998
Zen3515 added a comment to T4983: `shutdown_required` should be set when running command `connect interface wwan0`.
This issue was tested in two version which are
1.4-rolling-202212080318
1.4-rolling-202209130217
mkorobeinikov <92354771+mkorobeinikov@users.noreply.github.com> committed rVYOSONEX292ac4e7c4d4: T5158: Refactoring the commad '$ sh interfaces counters'.
GitHub <noreply@github.com> committed rVYOSONEXc3f957b9bfc7: Merge pull request #1956 from mkorobeinikov/current (authored by c-po).
Viacheslav changed the status of T5213: Accel-ppp sending accounting interim updates acct-interim-interval option from In progress to Needs testing.
Veth is not ready to work together with netns
As Interface moves entirely to logical stack and with the next commit will be recreated and try to move to netns again. As it doesn't see veth interface which moved to another logical stack, it tryes to recreate this interface.
We should either fix it or revert the previous commit.
May 10 2023
May 10 2023
jestabro added a parent task for T5218: Revise vyos xml lib for bug fixes and extensions: T2665: vyos.xml.defaults for tag nodes.
PR:
https://github.com/vyos/vyos-1x/pull/1997
This will remain in draft until corresponding PR fro vyos1x-config is merged.
jestabro changed the status of T5218: Revise vyos xml lib for bug fixes and extensions from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX834a786a308d: Merge pull request #1996 from frebib/veth-netns (authored by c-po).
syncer changed the status of T3829: Support separated TCP/IP stack via "ip netns" from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX7ccd7b4ab990: Merge pull request #1979 from zdc/T5190-equuleus (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXe5e6a32eced3: Merge pull request #1989 from dmbaturin/T5195-file-utils (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXced599b0d6b0: Merge pull request #1990 from dmbaturin/T5195-conversion-utils (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX79a693ed7adf: Merge pull request #1991 from dmbaturin/T5195-io-utils (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX6eaa327c2a3b: Merge pull request #1987 from dmbaturin/T5251-vrrp-group-ping (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX96d9bf0a88fc: Merge pull request #1988 from sever-sever/T5213 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXb469ed55403b: Merge pull request #1992 from sever-sever/T5217 (authored by c-po).
Add kernel module https://github.com/vyos/vyos-build/pull/348
Viacheslav added a comment to T5213: Accel-ppp sending accounting interim updates acct-interim-interval option.
PR for L2TP https://github.com/vyos/vyos-1x/pull/1988
Not working. The same errors
May 9 2023
May 9 2023
c-po changed the status of T2778: Migrate "system syslog" to get_config_dict() to support new features from In progress to Needs testing.
c-po changed the status of T2769: Add VRF support for syslog, a subtask of T2778: Migrate "system syslog" to get_config_dict() to support new features, from Resolved to Unknown Status.
c-po closed T2769: Add VRF support for syslog, a subtask of T2778: Migrate "system syslog" to get_config_dict() to support new features, as Resolved.