This also implements https://github.com/vyos/vyos-1x/pull/2411
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Nov 12 2023
Nov 12 2023
c-po added a comment to T5733: pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features.
c-po changed the status of T5733: pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features from Open to In progress.
Nov 11 2023
Nov 11 2023
That is my first PR; please, let me know if you need something else.
Nov 10 2023
Nov 10 2023
jestabro updated the task description for T5731: Add ability to call config dependencies by canonical function instead of whole script.
Viacheslav added a comment to T5708: Additional dynamic dns improvements to align with ddclient 3.11.1 release.
@indrajitr could you recheck smoketests?
DEBUG - ---------------------------------------------------------------------- DEBUG - Ran 3 tests in 7.616s DEBUG - DEBUG - OK DEBUG - Running Testcase: /usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py DEBUG - test_01_dyndns_service_standard (__main__.TestServiceDDNS.test_01_dyndns_service_standard) ... ok DEBUG - test_02_dyndns_service_ipv6 (__main__.TestServiceDDNS.test_02_dyndns_service_ipv6) ... ok DEBUG - test_03_dyndns_service_dual_stack (__main__.TestServiceDDNS.test_03_dyndns_service_dual_stack) ... ok DEBUG - test_04_dyndns_rfc2136 (__main__.TestServiceDDNS.test_04_dyndns_rfc2136) ... ok DEBUG - test_05_dyndns_hostname (__main__.TestServiceDDNS.test_05_dyndns_hostname) ... ok DEBUG - test_06_dyndns_web_options (__main__.TestServiceDDNS.test_06_dyndns_web_options) ... ok DEBUG - test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) ... ERROR DEBUG - test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) ... FAIL DEBUG - DEBUG - ====================================================================== DEBUG - ERROR: test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 304, in test_07_dyndns_vrf DEBUG - self.cli_set(['vrf', 'name', vrf_name, 'table', vrf_table]) DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 68, in cli_set DEBUG - self._session.set(config) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 150, in set DEBUG - self.__run_command([SET] + path + value) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 139, in __run_command DEBUG - raise ConfigSessionError(output) DEBUG - vyos.configsession.ConfigSessionError: Number is not in any of allowed ranges DEBUG - DEBUG - DEBUG - DEBUG - VRF routing table must be in range from 100 to 65535 DEBUG - Value validation failed DEBUG - Set failed DEBUG - DEBUG - DEBUG - ====================================================================== DEBUG - FAIL: test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 50, in tearDown DEBUG - self.assertTrue(process_running(DDCLIENT_PID)) DEBUG - AssertionError: False is not true DEBUG - DEBUG - ----------------------------------------------------------------------
n.fort changed the status of T5729: Firewall, nat and policy route - Switch to valueless from Open to In progress.
Viacheslav updated the task description for T4712: Collaborative Protection Profile cPP for Network Devices root task.
Yes I mean sudo ip vrf exec FOO /usr/sbin/conntrackd -C /run/conntrackd/conntrackd.conf
Restricted Repository Identity closed T5727: validator: Use native URL validator instead of regex-based validator as Resolved by committing rVYOSONEX1fcb8637f864: Merge pull request #2467 from indrajitr/validation-fix.
It has been a while since I had setup the HA VRF. I attached the interfaces on both routers to use this VRF but then conntrack-sync wasn't woking anymore. Do you mean if I had also tried to manually start the service and configure it to use this VRF?
PR https://github.com/vyos/vyos-1x/pull/2469
set service file-server listen-address 0.0.0.0 set service file-server port 8000 set service file-server directory '/tmp'
Nov 9 2023
Nov 9 2023
OK, I will.
Did you try to start this service in VRF?
Viacheslav moved T5648: ldpd neighbour template errors from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T5648: ldpd neighbour template errors from Open to Finished on the VyOS 1.5 Circinus board.
Create please a PR if it works for you.
Nov 8 2023
Nov 8 2023
qdrddr added a comment to T5493: Add capability to use local and external dynamic-lists for firewall rules but also for various policies such as access-list, route-maps etc..
++
qdrddr added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
++
++
fernando changed the status of T5563: container: Container environment variable cannot be set from Open to Needs testing.
I've tested this flag in both version 1.4 / 1.5 , it seems to work as expected :
fernando added a project to T5563: container: Container environment variable cannot be set: VyOS 1.5 Circinus.
Make sure conntrack-sync works with active-active HA configuration with BGP environment & IPv6
Command show zone-policy is no longer available in 1.4, and neither in 1.5
I'm closing this task.
tested on 1.4-rolling-202311080309
I'm marking this one as resolved since ZBF was already re-introduced.
Can we mark this one as resolved for 1.5? Seems it wasn't back-ported yet to Saggita @sdev
tjjh89017 added a comment to T5668: Disable VXLAN bridge learning and enable neigh_suppress when using EVPN.
@c-po It seems you only implement the "type bridge_slave neigh_suppress on"
And "type bridge_slave learning on" is not implemented in this PR.
Will you add this also?
Thank you
Viacheslav moved T5716: PPPoE-server shaper template bug down-limiter option does not rely on fwmark from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T5559: Selective proxy-arp/proxy-ndp when doing SNAT/DNAT from Open to Finished on the VyOS 1.4 Sagitta board.
set protocols static neighbor-proxy arp 192.0.2.1 interface eth1
check
vyos@r4# sudo ip nei show proxy 192.0.2.1 dev eth1 proxy [edit] vyos@r4#
Viacheslav moved T5702: Add ability to set include_ifmib_iface_prefix and ifmib_max_num_ifaces for SNMP from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T5720: PPPoE-server adding new interface does not work from Open to Finished on the VyOS 1.4 Sagitta board.
Nov 7 2023
Nov 7 2023
indrajitr triaged T5723: mdns repeater: Always reload systemd daemon before applying changes as Normal priority.
Viacheslav changed the status of T5706: Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces from In progress to Needs testing.
According to firewall-version.xml.i, the firewall config version was not updated to 12. Was this intentional?
giuavo updated the task description for T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
giuavo added a comment to T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
@Viacheslav My addition of the onlink option is really brute-force, applied blindly to everything just to see if that was a solution and give you more information. I do not think my "fix" is really ready for a PR.
Viacheslav added a comment to T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
@giuavo I didn't test "default route", only regular routes for some prefixes, and it worked.
Could you create a PR?
Tested in 1.3. Everything works
a.apostoliuk added a comment to T5402: VRRP router with rfc3768-compatibility sends multiple ARP replies .
Tested in 1.5
Viacheslav added a project to T5720: PPPoE-server adding new interface does not work: VyOS 1.4 Sagitta.
Backport to 1.4 https://github.com/vyos/vyos-1x/pull/2449
It's fixed in 1.5-rolling-202311060023 but the bug is still present in 1.4.
Nov 6 2023
Nov 6 2023
I would mainly want to log new conntrack entries for various reasons.
c-po changed the status of T4269: node.def generator should automatically add default values from Unknown Status to Resolved.
after merge this ldp bug fixed , I saw that now it's already working . Could you check it ? I've tested on a lab and it seems to work :
That looks better:
chain VZONE_LOCAL_OUT {
oifname "lo" counter packets 387 bytes 33672 return
oifname "bond0.40" counter packets 14 bytes 496 jump NAME_LOCAL_TO_ALL
oifname "bond0.40" counter packets 0 bytes 0 return
oifname "bond0.70" counter packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
oifname "bond0.70" counter packets 0 bytes 0 return
r packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
oifname { "bond0.7", "bond0.30", "bond0.90", "bond0.88" } counter packets 0 bytes 0 return
oifname { "eth0", "pppoe0", "eth1.281" } counter packets 3 bytes 180 jump NAME_LOCAL_TO_ALL
oifname { "eth0", "pppoe0", "eth1.281" } counter packets 0 bytes 0 return
oifname "bond0.80" counter packets 2 bytes 80 jump NAME_LOCAL_TO_ALL
oifname "bond0.80" counter packets 0 bytes 0 return
oifname { "bond0.1", "podman-cntr-net" } counter packets 2 bytes 128 jump NAME_LOCAL_TO_ALL
oifname { "bond0.1", "podman-cntr-net" } counter packets 0 bytes 0 return
oifname { "wg0", "vti0", "vtun0", "podman-ts-net" } counter packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
oifname { "wg0", "vti0", "vtun0", "podman-ts-net" } counter packets 0 bytes 0 return
counter packets 0 bytes 0 drop comment "zone_LOCAL default-action drop"
}tested /resolved
Does anyone knows real scenario where permanently storing/saving this logs are required?
Yes, this feature is not working on 1.4, neither on 1.5
But I can't think on a real case where this logs are needed. I know that keeping information of NAT for certain ISP is mandatory due lo legal requirements. But writing a log entry for every conntrack status change seems like it will flood logs, and may consume more resources than expected.
With usage of netflow/slflow, maybe this required information can be obtained in the netflow collector, and do not increase load on vyos router.
Thanks, I'll wait for the merge and test the new iso ASAP.
Working on it! Thanks for the details!
Viacheslav moved T5704: PPPoE-server add max-starting option from Open to Finished on the VyOS 1.4 Sagitta board.
Nov 5 2023
Nov 5 2023
Nov 4 2023
Nov 4 2023
indrajitr renamed T5708: Additional dynamic dns improvements to align with ddclient 3.11.1 release from Upgrade ddclient to 3.11.1 release to Additional dynamic dns improvements to align with ddclient 3.11.1 release.
Apachez added a comment to T5706: Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces .
In that PR, shouldnt also ifb* be included?
@n.fort Unfortunately, I'm hitting an issue with traffic sent from the router itself.
Running 1.4-rolling-202311021131.
Interfaces eth0 and pppoe0 are WAN. Interfaces bond0* are LAN.
For example, running dig google.nl @9.9.9.9 from the VyOS CLI will fail. The kernel log says:
Viacheslav changed the status of T5706: Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces from Open to In progress.
PR added...
https://github.com/vyos/vyos-1x/pull/2435
Viacheslav added a comment to T5702: Add ability to set include_ifmib_iface_prefix and ifmib_max_num_ifaces for SNMP.
PR https://github.com/vyos/vyos-1x/pull/2434
set service snmp community public client '127.0.0.1' set service snmp mib interface-max '25' set service snmp mib interface 'eth' set service snmp mib interface 'bond'
c-po added a comment to T5706: Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces .
+1 for the other "virtual interfaces like lo, dummy, sstp. If such an interface is created - vyos.ifconfig library sets (or should set) all the appropriate sysctl stuff
Viacheslav changed the status of T5702: Add ability to set include_ifmib_iface_prefix and ifmib_max_num_ifaces for SNMP from Open to In progress.