In T5160#156049, @Apachez wrote:If there would never be such then "INVALID" wouldnt exist as an option.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 17 2023
Aug 17 2023
SrividyaA added projects to T5223: tunnel key doesn't clear : VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.3).
Viacheslav edited projects for T5484: set extcommunity - just allow one extend community, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus.
Aug 16 2023
Aug 16 2023
fernando updated the task description for T5484: set extcommunity - just allow one extend community.
Another update. I noticed that all firewall configuration was gone (apart from the groups) after a reboot.
If there would never be such then "INVALID" wouldnt exist as an option.
I have attached both files.
In T5160#156025, @Apachez wrote:2.2: Invalid shall ALWAYS be processed BEFORE established/related/other rules otherwise it will not serve it purpose.
tjjh89017 added a comment to T5469: Incorrect dependency set in the openvpn-dco package when building VyOS for arm64.
I will suggest to move all arm64 kernel flavour to "arm64-vyos" as "amd64-vyos" in x86_64.
It will be better not to have "LOCALVERSION=-v8" in kernel configs.
Thanks, @jestabro
Zabbix-agent really can include config directory, and if it is set and exists any *.conf file it thinks that those files related to zabbix-agent and expects specific config syntax/options.
I.e. it extends zabbix-agent with custom .confg files.
As it was a wrong format, most likely it can't start at all.
2.2: Invalid shall ALWAYS be processed BEFORE established/related/other rules otherwise it will not serve it purpose.
jestabro closed T5483: Residual dhcp-server test file causing zabbix-agent smoketest to fail, a subtask of T5448: Add service zabbix-agent, as Resolved.
jestabro closed T5483: Residual dhcp-server test file causing zabbix-agent smoketest to fail as Resolved.
jestabro triaged T5483: Residual dhcp-server test file causing zabbix-agent smoketest to fail as Urgent! priority.
giga1699 changed Difficulty level from unknown to easy on T5447: Allow static MACsec keys with peers.
Aug 15 2023
Aug 15 2023
yes, but it's in process to merge : https://github.com/vyos/vyos-documentation/pull/1035
Now we have this included in the nightly builds, is there any documentation on how these refactored rules should be modified? Just bumped my version and was completely lost
Could you share the full configuration ? so we can analyze what is the source of this problem .
dmbaturin closed T5273: Add op mode commands for displaying certificate details and fingerprints, a subtask of T5269: OpenVPN non-TLS site-to-site mode deprecation, as Resolved.
dmbaturin closed T5270: Make OpenVPN `tls dh-params` optional, a subtask of T5269: OpenVPN non-TLS site-to-site mode deprecation, as Resolved.
n.fort changed the status of T5478: Cannot configure resolver-cache options for firewall from Confirmed to In progress.
n.fort changed the status of T5478: Cannot configure resolver-cache options for firewall from Open to Confirmed.
2.1:
Suggestion that established/related merges to a single rule such as:
Cannot pass the smoketest in CI
07:19:00 DEBUG - Running Testcase: /usr/libexec/vyos/tests/smoke/cli/test_service_monitoring_zabbix-agent.py 07:19:02 DEBUG - test_01_zabbix_agent (__main__.TestZabbixAgent.test_01_zabbix_agent) ... FAIL 07:19:04 DEBUG - 07:19:04 DEBUG - ====================================================================== 07:19:04 DEBUG - FAIL: test_01_zabbix_agent (__main__.TestZabbixAgent.test_01_zabbix_agent) 07:19:04 DEBUG - ---------------------------------------------------------------------- 07:19:04 DEBUG - Traceback (most recent call last): 07:19:04 DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_monitoring_zabbix-agent.py", line 34, in tearDown 07:19:04 DEBUG - self.assertTrue(process_named_running(PROCESS_NAME)) 07:19:04 DEBUG - AssertionError: None is not true 07:19:04 DEBUG - 07:19:04 DEBUG - ----------------------------------------------------------------------
Is not reproduced in the local VM test
vyos@r14:~$ /usr/libexec/vyos/tests/smoke/cli/test_service_monitoring_zabbix-agent.py test_01_zabbix_agent (__main__.TestZabbixAgent.test_01_zabbix_agent) ... ok
Viacheslav added a comment to T5479: Helper leftovers found in nftables (firewall) even with all helpers disabled.
The original task https://vyos.dev/T5080
Viacheslav moved T5457: Add environmental variable pointing to current rootfs directory from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T5480: Ability to disable SNMP for VRRP keepalived service: VyOS 1.4 Sagitta.
Aug 14 2023
Aug 14 2023
Still works in VyOS 1.4-rolling-202308140557:
Verified in VyOS 1.4-rolling-202308140557:
Seems to still be happy in VyOS 1.4-rolling-202308140557:
Verified in VyOS 1.4-rolling-202308140557:
1:
Shouldnt set firewall global-options resolver-cache have "enable" and "disable" as options?
Looks like its working as expected in VyOS 1.4-rolling-202308140557:
jestabro added a parent task for T5477: op-mode pki.py should use Config for defaults: T5434: Replace remaining calls of vyos.xml library.
Viacheslav changed the status of T5461: Improve rootfs directory variable from Open to Needs testing.
Viacheslav changed the subtype of T5473: Detect what conflicts with POSIX mode from "Task" to "Bug".
What is the purpose of:
Viacheslav awarded T5474: Establish common file name pattern for XML conf mode commands a Like token.
interesting, as the above diff actually does the same but a bit earlier in the boot process
c-po updated the task description for T5476: netplug: replace Perl helper scripts with a Python equivalent.
c-po changed Version from - to 1.4-rolling on T5474: Establish common file name pattern for XML conf mode commands.
c-po changed the status of T5474: Establish common file name pattern for XML conf mode commands from Open to Confirmed.
Aug 13 2023
Aug 13 2023
Aug 12 2023
Aug 12 2023
I was able to fix by adding the following code in /config/scripts/vyos-postconfig-bootup.script you can edit and save by running:
I can confirm that the issue is still here, something is wrong and usually when you assign ipv6 address to sub-interface like vlan or bridge etc.
How is your IPv6 config from the VyOS config?
Enabled inside VyOS kernel - please check with the next available rolling ISO
c-po changed the status of T5470: wlan: can not disable interface if SSID is not configured from Open to In progress.
- Vyos Router <-> Switch <-> Multiple Computers
A workaround in the meantime:
And in that case the attacker would just replace your router with their own since they already got physical access to the box.
There are use cases when it would be ideal to force a password at boot to protect the contents of the configuration. For example, a portable router with sensitive keys meant for temporary network connectivity.
The problem is how to make sure that the router can boot and reboot (for example "set system option reboot-on-panic" is handy) on itself without somebody having to connect to its console before it starts to function again. Really shitty situation for a remote site because then somebody needs to visit it aswell.