Cherry-pick for 1.3.4 https://github.com/vyos/vyos-1x/pull/2187
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Aug 30 2023
Aug 30 2023
Viacheslav moved T5221: BGP as-override behavior differs from new FRR and other vendors from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav closed T5221: BGP as-override behavior differs from new FRR and other vendors as Resolved.
Viacheslav removed a project from T5378: Request for clearing single entry multicast route: VyOS 1.3 Equuleus (1.3.5).
Viacheslav added a comment to T4933: Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error.
Viacheslav removed a project from T4930: Allow using domain names for WireGuard peer addresses: VyOS 1.3 Equuleus (1.3.5).
Viacheslav moved T4790: RADIUS login does not work if sum of timeouts more than 50s from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav changed the status of T4790: RADIUS login does not work if sum of timeouts more than 50s from Unknown Status to Resolved.
It cannot reproduce in the current 1.3 VyOS 1.3-stable-202308240442
vyos@r1:~$ sudo sysctl -a | grep send_redire net.ipv4.conf.all.send_redirects = 1 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.dum0.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.eth1.send_redirects = 0 net.ipv4.conf.eth2.send_redirects = 0 net.ipv4.conf.eth3.send_redirects = 0 net.ipv4.conf.eth4.send_redirects = 0 net.ipv4.conf.eth5.send_redirects = 0 net.ipv4.conf.eth6.send_redirects = 0 net.ipv4.conf.lo.send_redirects = 1 vyos@r1:~$ vyos@r1:~$ vyos@r1:~$ reboot now
It could be added the same way https://github.com/vyos/vyatta-cfg-quagga/commit/db2f0bbeb375e0d568ef4740bad2b50690cd8644 (if required)
If not, just close it. Already have in 1.4
Viacheslav changed the status of T4726: Add completion and validation for the accel-ppp RADIUS vendor option from Open to Needs testing.
Viacheslav closed T4688: Add support for customizing packet verdict actions in limiter traffic policy as Wontfix.
We won't extend the old Perl code anymore (for 1.3.x) https://github.com/vyos/vyatta-cfg-qos/pull/19
Implemented for 1.4
Viacheslav edited projects for T4530: Need MTU warning when CCP is on, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Provide some logs and examples of configuration.
Do you use SNMP?
PR for 1.3.4 https://github.com/vyos/vyatta-cfg-quagga/pull/101
Works fine VyOS 1.3-stable-202308240442
vyos@r1# run generate wireguard client-config c1 interface wg0 server 203.0.113.1 address 10.0.0.2/32
Viacheslav changed the status of T4520: Incorrect addresses returned with interaction of static /etc/hosts with DNS64 from Open to Needs testing.
Viacheslav added a comment to T4520: Incorrect addresses returned with interaction of static /etc/hosts with DNS64.
@dsummers Could you re-check? Should be fixed in https://github.com/PowerDNS/pdns/pull/12203
Viacheslav edited projects for T4519: DHCPv6: "set show dhcpv6 server leases" should show DUID instead of IAID_DUID, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
We didn't get the requested information.
Reopen it if it is required with steps to reproduce and some output.
Viacheslav changed the subtype of T4096: Add a flavor field to the image and check flavor compatibility on upgrade from "Task" to "Feature Request".
Viacheslav edited projects for T4091: Progress bar support for HTTP uploads, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav removed a project from T4125: Feature Request: bridge STP BPDU translation: VyOS 1.3 Equuleus (1.3.5).
Viacheslav changed the status of T4113: Incorrect GRUB configuration parsing from Unknown Status to Resolved.
Implemented, checked in VyOS 1.3-stable-202308240442
vyos@r1# set policy local-route Possible completions: > local-route IPv4 policy route of local traffic > local-route6 IPv6 policy route of local traffic
@Rhongomiant could you re-check it? Clear conntrack table between tests
Viacheslav closed T4271: bgp: show ipv6 bgp summary doesn't display neighbor information as Invalid.
Viacheslav closed T4306: Do not check for ditry repository when building release images as Resolved.
Not reproduced
Reopen it with instance details if required
Viacheslav changed the status of T4402: OpenVPN client-ip-pool option is broken from Open to Needs testing.
Should be fixed, needs testing.
Aug 29 2023
Aug 29 2023
Duplicate
Available for 1.4
Viacheslav moved T3577: Generating vpn x509 key pair fails with command not found from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav removed a project from T3706: Add proper priorities for systemd daemons: VyOS 1.3 Equuleus (1.3.5).
It's trying to find the template in /etc/, but it is located in /opt/vyatta/etc
vyos@r1:~$ generate vpn x509 key-pair testone
Can't open /etc/key-pair.template for reading, No such file or directory
140089191929024:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/etc/key-pair.template','r')
140089191929024:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
vyos@r1:~$ cat /etc/key-pair.template
cat: /etc/key-pair.template: No such file or directory
vyos@r1:~$
vyos@r1:~$ sudo find / -name key-pair.template
/boot/rw/opt/vyatta/etc/key-pair.template
/opt/vyatta/etc/key-pair.templateViacheslav closed T3390: Expansion of a range in an address-group doesn't include the new addresses after commit as Wontfix.
Impossible to expand with the old firewal l backend
There is a warning that doesn't now you to do it.
vyos@r1# set fire group address-group foo add 10.1.0.2-10.1.0.3
[edit]
vyos@r1# set fire group address-group foo add 10.1.0.2-10.1.0.5
[edit]
vyos@r1# compare
+firewall {
+ all-ping enable
+ broadcast-ping disable
+ config-trap disable
+ group {
+ address-group foo {
+ address 10.1.0.2-10.1.0.3
+ address 10.1.0.2-10.1.0.5
+ }
+ }
+ ipv6-receive-redirects disable
+ ipv6-src-route disable
+ ip-src-route disable
+ log-martians enable
+ receive-redirects disable
+ send-redirects enable
+ source-validation disable
+ syn-cookies enable
+ twa-hazards-protection disable
+}
[edit]
vyos@r1# commit
[ firewall group address-group foo ]
Address 10.1.0.2 exists in more than one configuration enrtyViacheslav moved T3339: Cloud-Init domain search setting not applied from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav edited projects for T3339: Cloud-Init domain search setting not applied, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T3340: Add dhcp-helper package to replace ISC DHCP Relay, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5), vyatta-cfg-dhcp-relay, VyConf.
Viacheslav edited projects for T3209: Load balancing rules in firewall, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav removed a project from T3264: Allow custom ACME provider for certbot: VyOS 1.3 Equuleus (1.3.5).
Already present VyOS 1.3-stable-202308240442
release dhcp interface eth1
Viacheslav closed T3098: Cannot talk to rtnetlink: Message too long Command failed -:1 as Not Applicable.
Looks like fixed VyOS 1.3-stable-202308240442
vyos@r1# run show conf com | match "traf|bon" set interfaces bonding bond0 member interface 'eth1' set interfaces bonding bond0 traffic-policy in 'BAND-IN' set traffic-policy limiter BAND-IN class 1601 bandwidth '100mbit' set traffic-policy limiter BAND-IN class 1601 match 16xx vif '1601' set traffic-policy limiter BAND-IN default bandwidth '10gbit' set traffic-policy shaper BAND-OUT class 1602 bandwidth '100mbit' set traffic-policy shaper BAND-OUT class 1602 match 16xx vif '1602' set traffic-policy shaper BAND-OUT default bandwidth '10gbit' [edit] vyos@r1# run show ver
Viacheslav closed T3070: Firewall going OOM, possible related to nftables migration as Not Applicable.
Viacheslav added a comment to T3039: Resize a root partition and filesystem automatically during deployment in virtual environments.
I think it is already implemented
set system option root-partition-auto-resize
@zsdc can we close it?
We agree not to use RAW options for service configuration anymore.
PR for 1.4 https://github.com/vyos/vyos-1x/pull/2184
Viacheslav edited projects for T2697: MAC-Telnet Support, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav changed the status of T2908: VRF and bridge membership isn’t mutually exclusive from Resolved to Not Applicable.
Fixed VyOS 1.3-stable-202308240442
vyos@r1# show interfaces ethernet eth2
description LAN
hw-id 52:54:00:6c:c7:ac
vrf foo
[edit]
vyos@r1# compare
[edit interfaces bridge br11]
+member {
+ interface eth2 {
+ }
+}
[edit]
vyos@r1#
[edit]
vyos@r1# commit
[ interfaces bridge br11 ]
Can not add interface "eth2" to bridge, it has a VRF assigned!Sep 21 09:31:58 home-r1 pppd[2827]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
You can ignore it or configure ipv6
set interfaces pppoe pppoe2 ipv6
@banditos13 add please a PR to https://github.com/vyos/vyatta-wanloadbalance
Viacheslav edited projects for T2971: Provide a CLI solution for Ingress Shaping when there is SNAT, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5), VyOS 1.2 Crux.
Viacheslav edited projects for T2884: Upstream Kernel Patches from Semper Victus Linux Hardened Tree, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
VyOS 1.3-stable-202308240442
Works, tested with this steps https://docs.vyos.io/en/latest/installation/virtual/docker.html
root@r14:/home/vyos# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d49f99e058d7 localhost/vyos:1.3-stable-202308240442 /sbin/init About a minute ago Up About a minute ago vyos root@r14:/home/vyos# root@r14:/home/vyos# root@r14:/home/vyos# sudo podman exec -ti vyos su - vyos vyos@vyos:~$ vyos@vyos:~$ vyos@vyos:~$ show version
As we use nftables we won't use iptables modules anymore.
Create please a new one if you find something for nftables, I didn't find it for quick searching
Viacheslav closed T2508: Enable user to configure a LUA script that modifies resolving in PowerDNS as Wontfix.
We should avoid raw options for configurations.
We agree don’t implement it anymore.
Aug 28 2023
Aug 28 2023
The old backend doesn't allow it to do it for 1.3 Release.
Available for 1.4
The old backend doesn't allow it to do it for 1.3 Release.
Viacheslav added a comment to T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS.
@Sonicbx As I remember, HyperV is not affected.
But thanks anyway,
Could you provide your policy route?
Viacheslav changed the status of T2710: Many op mode "show interfaces $type" commands no longer work from Open to Needs testing.
Not sure that it is a good idea.
At least not for the LTS release.
I close it until we don't really need it and there are no use cases to do it.
Reopen it if required.
@kroy What is wrong here?
set policy prefix-list foo rule 10 action 'permit' set policy prefix-list foo rule 10 prefix '10.0.0.0/8'
Viacheslav edited projects for T2549: repository restructuration suggestions, added: VyOS 2.0.x; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav moved T5472: NAT redirect should not require port from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T1311: WAN load-balancing can't flush connections when conntrack-sync is enabled.
In T1311#157738, @syncer wrote:@Viacheslav will you backport this to 1.3 ?
Aug 28 2023, 4:10 PM · VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, test
Viacheslav edited projects for T2296: Upgrade WALinux to 2.2.41, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5), VyOS 1.2 Crux (VyOS 1.2.9).
Viacheslav added a comment to T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS.
@Sonicbx Is it an actual bug?
Viacheslav edited projects for T2433: Improve CLI value validator performance, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2444: Remove keepalived in favor of FRR for VRRP, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2424: Ability to choose the direction of Mirroring, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).
Implemented in previous versions, https://github.com/vyos/vyos-1x/blob/a5c5998a84917cc45f9fb3234607f53b27a109fc/interface-definitions/include/interface/mirror.xml.i#L1-L25
vyos@r1# set interfaces ethernet eth0 mirror Possible completions: egress Mirror the egress traffic of the interface to the destination interface ingress Mirror the ingress traffic of the interface to the destination interface
@n.fort Add please a PR for 1.3 or delete the 1.3 tag if it is not required
Viacheslav changed the status of T2416: Do not always delete all bond members when adding new ones from Open to Needs testing.
Viacheslav edited projects for T2405: commit archive to GIT, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2390: unify the chmod_ function of VyOS, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).
Viacheslav removed a project from T2315: Ability to have right address-family for BGP peers.: VyOS 1.3 Equuleus (1.3.5).
Viacheslav edited projects for T2326: Migrate NHRP(DMVPN) to FRR, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).