Fixed
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Sep 27 2023
Sep 27 2023
Sep 26 2023
Sep 26 2023
PR for 1.3 https://github.com/vyos/vyos-1x/pull/2310
In T5497#160905, @JeffWDH wrote:1.5-rolling-202309250022
Is there a reason why some global options and some address groups (not all) are included in the output? Seems unintentional to me.
We have fwmark for policy local-route
But it is only for match mark and routing decision
vyos@vyos-lns# set policy local-route rule 100 Possible completions: + destination Destination address or prefix fwmark Match fwmark value inbound-interface Inbound Interface > set Packet modifications + source Source address or prefix
Sep 23 2023
Sep 23 2023
Viacheslav added a parent task for T2115: VyOS cannot load configs when running in a container: T5613: VyOS in container bugs.
Viacheslav added a project to T2115: VyOS cannot load configs when running in a container: VyOS 1.5 Circinus.
Viacheslav changed the status of T5604: List of debian archives is out of date (non-free-firmware is missing) from Open to Needs testing.
Sep 22 2023
Sep 22 2023
Op-mode command reduce
PR https://github.com/vyos/vyos-1x/pull/2302
vyos@r4:~$ show conf com | match firew set firewall ipv4 input filter default-action 'accept' set firewall ipv4 input filter rule 1 action 'accept' set firewall ipv4 input filter rule 1 description 'Allow loopback' set firewall ipv4 input filter rule 1 inbound-interface interface-name 'lo' set firewall ipv4 input filter rule 1 source address '127.0.0.0/8' set firewall ipv4 input filter rule 2 action 'accept' set firewall ipv4 input filter rule 2 description 'Allow established/related' set firewall ipv4 input filter rule 2 state established 'enable' set firewall ipv4 input filter rule 2 state related 'enable' set firewall ipv4 input filter rule 60 action 'accept' set firewall ipv4 input filter rule 60 description 'Allow SSH from trusted networks' set firewall ipv4 input filter rule 60 destination port '22' set firewall ipv4 input filter rule 60 protocol 'tcp' set firewall ipv4 input filter rule 10000 action 'drop' set firewall ipv4 input filter rule 10000 description 'Drop everything else' vyos@r4:~$ vyos@r4:~$ produce firewall rule-resequence start 10 step 10
Sep 21 2023
Sep 21 2023
Viacheslav moved T5576: Add bgp remove-private-as all option from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T5576: Add bgp remove-private-as all option from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved T5590: Firewall "log enable" logs every packet from Open to Finished on the VyOS 1.5 Circinus board.
Sep 20 2023
Sep 20 2023
@Apachez It is not FQDN based
Contact our sales or ask forum
In T5601#160566, @vvinci00 wrote:Hello,
I need to reverse proxy TCP traffic.
the traffic is not HTTP/HTTPS
Viacheslav moved T5241: Support veth interfaces to working with netns from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved T5241: Support veth interfaces to working with netns from Finished to Backlog on the VyOS 1.4 Sagitta board.
Viacheslav closed T5238: interface virtual-etherne - error when it doesn't use a peer , a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
set netns name mgmt
set interfaces virtual-ethernet veth1 address '10.0.0.0/31'
set interfaces virtual-ethernet veth1 peer-name 'veth10'
set interfaces virtual-ethernet veth10 address '10.0.0.1/31'
set interfaces virtual-ethernet veth10 netns 'mgmt'
set interfaces virtual-ethernet veth10 peer-name 'veth1'
Viacheslav closed T5241: Support veth interfaces to working with netns, a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
PR https://github.com/vyos/vyos-1x/pull/2295
set system sysctl parameter net.ipv4.tcp_syncookies value '1' set system sysctl parameter net.ipv4.tcp_timestamps value '1'
Viacheslav changed the status of T5602: For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration from Open to In progress.
Viacheslav renamed T5599: Firewall unexpectedly changes some sysctl options from Firwall unexpectedly changes some sysctl options to Firewall unexpectedly changes some sysctl options.
Viacheslav changed the status of T4502: Consider implementing (NAT/other) flow table offload from Open to Needs testing.
You do not use port 80/443, so it does not have HTTP-HEADER (in theory).
service LB_port_451 {
listen-address 10.1.1.1
mode tcp
port 451Try to change to port 80 and check if it works.
You need another solution/configuration
Sep 19 2023
Sep 19 2023
Viacheslav updated the task description for T5599: Firewall unexpectedly changes some sysctl options.
First tests unsecseful
Viacheslav changed the status of T5588: Add kernel conntrack_bridge module from Open to In progress.
Viacheslav changed the status of T5591: Cleanup of FRR daemons-file and various FRR fixes from Open to In progress.
Viacheslav changed the status of T5590: Firewall "log enable" logs every packet from In progress to Needs testing.
Sep 18 2023
Sep 18 2023
Viacheslav moved T5586: Disable by default SNMP for Keepalived VRRP from Open to Finished on the VyOS 1.4 Sagitta board.
In T5586#160073, @Apachez wrote:How does FRR/vrrpd work regarding SNMP compatability?
Im thinking if the keepalived could be replaced in favour of FRR/vrrpd?
And for now keep keepalived around only for virtual-server (unless that too can be dealt with by FRR/vrrpd)?
Viacheslav triaged T5594: VRRP - Error if using IPv6 Link Local as hello source address as High priority.
r4# show version FRRouting 9.0.1 (r4) on Linux(6.1.53-amd64-vyos)
Still has bugs
For example with redistribute
r4# conf t r4(config)# router eigrp 65001 r4(config-router)# redistribute connected % Configuration failed.
Cannot pass the smoketest:
DEBUG - ====================================================================== DEBUG - FAIL: test_01_dyndns_service_standard (__main__.TestServiceDDNS.test_01_dyndns_service_standard) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 82, in test_01_dyndns_service_standard DEBUG - self.assertIn(f'use=if', ddclient_conf) DEBUG - AssertionError: 'use=if' not found in '### Autogenerated by dns_dynamic.py ###\ndaemon=300\nsyslog=yes\nssl=yes\npid=/run/ddclient/ddclient.pid\ncache=/run/ddclient/ddclient.cache\nweb=googledomains use=no \n # Web service dynamic DNS configuration for cloudflare: [cloudflare, test.ddns.vyos.io]\nusev4=ifv4, \\\nifv4=eth0, \\\nprotocol=cloudflare, \\\nzone=vyos.io, \\\npassword=paSS_@4ord \\\ntest.ddns.vyos.io' DEBUG - DEBUG - ---------------------------------------------------------------------- DEBUG - Ran 4 tests in 11.489s DEBUG - DEBUG - FAILED (failures=1)
Sep 15 2023
Sep 15 2023
Viacheslav moved T5586: Disable by default SNMP for Keepalived VRRP from Open to Finished on the VyOS 1.5 Circinus board.
Fixed
Viacheslav changed the status of T5586: Disable by default SNMP for Keepalived VRRP from Open to In progress.
Viacheslav renamed T5586: Disable by default SNMP for Keepalived VRRP from Disable be default SNMP for Keepalived VRRP to Disable by default SNMP for Keepalived VRRP.
Viacheslav changed the status of T5579: Log firewall - Wrong command after firewall refactor, a subtask of T5160: Firewall refactor, from In progress to Needs testing.
Viacheslav changed the status of T5579: Log firewall - Wrong command after firewall refactor from In progress to Needs testing.
Viacheslav changed the status of T5574: Support per-service cache management for dynamic dns providers from Open to Needs testing.
Viacheslav changed the status of T5585: Fix file access mode for dynamic dns configuration from Open to Needs testing.
Sep 14 2023
Sep 14 2023
Sep 13 2023
Sep 13 2023
Viacheslav changed the status of T5576: Add bgp remove-private-as all option from Open to In progress.
Viacheslav edited projects for T5578: "ikev2-reauth" description contains outdated information, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
PR for 1.3.x https://github.com/vyos/vyatta-cfg-quagga/pull/102
PR for the current https://github.com/vyos/vyos-1x/pull/2252
Sep 12 2023
Sep 12 2023
Sep 11 2023
Sep 11 2023
Viacheslav moved T5564: Both show firewall group and show firewall summary fails from Open to Backport Candidates on the VyOS 1.5 Circinus board.
Viacheslav added a project to T5564: Both show firewall group and show firewall summary fails: VyOS 1.4 Sagitta.
In T5564#159459, @Apachez wrote:Confirmed working with VyOS 1.5-rolling-202309110651
A question before setting this to resolved:
What does N/D mean?
Shouldnt it be N/A instead?
Sep 10 2023
Sep 10 2023
PR https://github.com/vyos/vyos-1x/pull/2240
set protocols static proxy-arp 192.0.2.1 interface eth0 set protocols static proxy-arp 192.0.2.1 interface eth1 set protocols static proxy-ndp 2001:db8::1 interface eth1
Viacheslav changed the status of T5564: Both show firewall group and show firewall summary fails from Open to Needs testing.
I guess we should use the current ip neighbor xxx instead of old arp. I hope it does the same.
sudo ip neighbor add proxy 192.0.2.1 dev eth0 sudo ip -6 neigh add proxy aa::1 dev eth0
Show
vyos@r1# sudo ip neighbor show proxy 192.168.122.11 dev eth0 proxy 192.0.2.1 dev eth0 proxy aa::1 dev eth0 proxy [edit] vyos@r1#
Viacheslav closed T5565: Builds as vyos-999-timestamp instead of vyos-1.4-rolling-timestamp as Resolved.
Sep 9 2023
Sep 9 2023
Viacheslav moved T4426: Add arpwatch to the image from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav moved T5489: Change to BBR as TCP congestion control, or at least make it an config option from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav changed the status of T4754: Improvement: system login: show configured 2FA OTP key, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to Needs testing.