Are you using vrf? Maybe it's an issue and router can't resolve dns for ntp servers
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 5 2023
Sep 5 2023
@Viacheslav
I will check it today or tomorrow. But I believe I know the culprit, the new firewall rules didn't allow my VyOS instance to contact the CoreDNS (set to host mode) container that is hosted as a container in VyOS. I was unable to ping 127.0.0.1 as well as all of my VyOS's IP addresses.
sarthurdev changed the status of T5550: Source validation on interface does not work properly from Open to In progress.
Don't have this issue
@dcplaya Could you re-check in the newest rolling image?
Viacheslav changed the status of T5489: Change to BBR as TCP congestion control, or at least make it an config option from Open to In progress.
jestabro changed the status of T5353: config-mgmt: normalize archive updates and commit log entries, a subtask of T5347: Compare commit revision bug, from Open to In progress.
jestabro changed the status of T5353: config-mgmt: normalize archive updates and commit log entries from Open to In progress.
Close it if this issue is solved.
Viacheslav changed the status of T5499: initial arm64 support for RPI4 and QEMU VM from In progress to Needs testing.
Viacheslav edited projects for T2444: Remove keepalived in favor of FRR for VRRP, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav moved T2958: DHCP server doesn't work from a live CD from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav edited projects for T2958: DHCP server doesn't work from a live CD, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).
Should be executed there, for future debugs https://github.com/vyos/vyatta-wanloadbalance/blob/c7708bc6ef689f5744272a15a601a56a03890afa/src/lbdecision.cc#L429
Just waiting for upstream updates
Viacheslav moved T5524: Add config directory to liveCD from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
GitHub <[email protected]> committed rVYOSONEX7bc09074457e: Merge pull request #2200 from sever-sever/T5533-eq (authored by dmbaturin).
Viacheslav edited projects for T5545: sflow is not working, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus.
Viacheslav changed the status of T5548: HAProxy renders timeouts incorrectly from Open to In progress.
There definitely should be a second, i.e., max value 3600 seconds.
PR for 1.3.4 https://github.com/vyos/vyos-build/pull/393
GitHub <[email protected]> committed rVYOSONEX487c817ea320: Merge pull request #2184 from sever-sever/T2958 (authored by c-po).
GitHub <[email protected]> committed rVYOSONEX77937079d93a: Merge pull request #2188 from nicolas-fort/T5496 (authored by c-po).
GitHub <[email protected]> committed rVYOSONEX68aac9a42f6d: Merge pull request #2198 from mlk-89/equuleus (authored by c-po).
vyos@vyos:~$ zcat /proc/config.gz | grep PARPORT CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT=y # CONFIG_PARPORT_PC is not set # CONFIG_PARPORT_AX88796 is not set # CONFIG_PARPORT_1284 is not set # CONFIG_I2C_PARPORT is not set # CONFIG_PPS_CLIENT_PARPORT is not set # CONFIG_USB_SERIAL_MOS7715_PARPORT is not set
Sep 4 2023
Sep 4 2023
anthr76 added a comment to T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023.
I observed the trace from 1.4-rolling-202306180309 as I was trying to slowly increment up. This was the path I took to get there
anthr76 added a comment to T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023.
grub was very buggy for me in a USB console. I did finally manage to get vyos-config-debug to boot.
Apachez added a comment to T4712: Collaborative Protection Profile cPP for Network Devices root task.
Might be related:
T5549_Lynis_audit_system_230904.txt.gz3 KBDownload
GitHub <[email protected]> committed rVYOSONEX432726d83c2e: Merge pull request #2201 from dmbaturin/T671-show-dmi (authored by c-po).
Viacheslav changed the status of T5480: Ability to disable SNMP for VRRP keepalived service from Open to In progress.
Viacheslav moved T5506: Container bridge interfaces do not have a link-local address from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
anthr76 added a comment to T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023.
I would like to stage this in a VM if I do try the above as physical access to the router is tough. Does anyone know where I can find a ISO for 1.4-rolling-202212310809. It seems the old s3 endpoint doesn't resolve https://s3.vyos.io/rolling/current/vyos-1.4-rolling-202212310809-amd64.iso
Viacheslav moved T5533: Keepalived VRRP IPv6 group enters in FAULT state from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav edited projects for T5533: Keepalived VRRP IPv6 group enters in FAULT state , added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).
jestabro added a comment to T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023.
Adding vyos-config-debug to the boot cmdline should allow you to log in and will provide some information in /tmp/boot-config-trace. Cf.:
https://docs.vyos.io/en/latest/contributing/debugging.html
I upgraded from 1.4-rolling-202307060317 to 1.4-rolling-202309040919 and the issue mention in this post was resolved. The configuration was migrated. However nothing worked in regards to the firewall, and I am not familiar enough with the new syntax so I cannot, nor do I have time to troubleshoot it right now.
@syncer At first glance, the generated config is correct for VyOS 1.3-stable-202308240442
set protocols igmp interface eth0 join 239.1.2.3 source '192.0.2.1' set protocols igmp interface eth1 join 239.1.2.3 set protocols igmp interface eth2
fernando changed the status of T5547: ISIS: The L1-2 router cannot advertise L1 routes into L2 from Open to Confirmed.
Unless there is something wrong with the firewall ruleset in VyOS any malfunctions in the FTP helper itself will mainly be fixed upstream at the Linux kernel or in this particular case the netfilter team:
anthr76 added a comment to T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023.
My config file is https://gist.github.com/anthr76/4b091d952bcd69b1ac8d4c7d08aaaac6
sarthurdev changed the status of T4903: Support IPv6 addresses in "set system conntrack ignore" from In progress to Needs testing.
sarthurdev changed the status of T4309: Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore" from In progress to Needs testing.
sarthurdev changed the status of T4309: Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore" from Open to In progress.
sarthurdev changed the status of T4903: Support IPv6 addresses in "set system conntrack ignore" from Open to In progress.
GitHub <[email protected]> committed rVYOSONEX8e22a2f6f77d: Merge pull request #2192 from sever-sever/T5533 (authored by zdc <[email protected]>).
GitHub <[email protected]> committed rVYOSONEXbbcf94bba674: Merge pull request #2197 from anthr76/cap-sys-module (authored by c-po).
Sep 3 2023
Sep 3 2023
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Disabling all validators for both vyatta-cfg and vyatta-op bring the boot time down to approx 73 seconds.
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Modifying node.def (comment out "syntax:expression:") recursively in the paths of:
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Moving along in the blamegame I will after a tip try to disable the various validators being runned.
Any updates to this?
cacack added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
That relates would seem reasonable. I'm seeing a similar explosion in commit lag but I have zero static routes. I did change to zone-based firewall and added about 6 vlans. Lines of my config went from ~500 to ~3000. Commit times increased almost linearly.
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Can be related: https://vyos.dev/T2431
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Continued debugging by also modifying /usr/libexec/vyos/services/vyos-configd by adding:
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Attempted some debugging on this issue.
According to https://man7.org/linux/man-pages/man7/capabilities.7.html this capability can load, unload AND delete kernel modules.
alainlamar changed the status of T5540: vyos-1x: Wrong VHT configuration for WiFi 802.11ac from Open to In progress.
syncer moved T5543: Fix source address handling in static joins from Need Triage to Backlog on the VyOS 1.3 Equuleus (1.3.4) board.
@Viacheslav, can you backport this to 1.3
GitHub <[email protected]> committed rVYOSONEX630d40046b4f: T5543: IGMP: fix source address handling in static joins (authored by vfreex).