It is easy to add
In FRR it looks like:
r4(config-rpki)# rpki cache 192.0.2.1 8888 SSH_UNAME SSH user name preference Preference of the cache server source Configure source IP address of RPKI connection
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Apr 7 2024
Apr 7 2024
Viacheslav triaged T6209: Improve Configuration Load/Commit Speed by moving away from deep-tree flat-file backend as Normal priority.
PoC PR https://github.com/vyos/vyos-1x/pull/3274
set nat cgnat pool external ext1 external-port-range '1024-65535' set nat cgnat pool external ext1 per-user-limit port '1000' set nat cgnat pool external ext1 range 192.0.2.222/32 set nat cgnat pool internal int1 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int1' set nat cgnat rule 10 translation pool 'ext1'
Apr 5 2024
Apr 5 2024
Viacheslav moved T3437: BGP Confederation Addition Causes Error from Finished to Need Triage on the VyOS 1.3 Equuleus (1.3.7) board.
@a.apostoliuk Recheck reconfguration, not new configuration
We are currently using FRR segment routing set protocols segment-routing srv6
For now, it could be closed
Apr 4 2024
Apr 4 2024
It is not a bug with the VyOS itself.
You don't need to create the task on Phabricator
Feel free to create a PR without the task https://github.com/vyos/vyos-documentation/tree/equuleus
Apr 3 2024
Apr 3 2024
Apr 2 2024
Apr 2 2024
You may only use this Speedtest software and information generated
from it for personal, non-commercial use, through a command line
interface on a personal computer. Your use of this software is subject
to the End User License Agreement, Terms of Use and Privacy Policy at
these URLs:
Viacheslav triaged T6197: Validation error in the IPoE server interface client-subnet option as High priority.
Viacheslav moved T6033: hsflowd fails to start when using a tunnel interface from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
The original issue was resolved.
Apr 1 2024
Apr 1 2024
Viacheslav closed T6178: reverse-proxy doesn't check that a certificate exists at set time as Resolved.
@ServerForge It is question for hsflowd
You can open the issue on their git repo
Mar 31 2024
Mar 31 2024
Proposed CLI:
set nat cgnat pool external <external> range 192.0.2.0/30 seq 1 set nat cgnat pool external <external> range 192.0.2.128-192.0.2.132 seq 2 set nat cgnat pool external <external> per-user-limit port 1024 set nat cgnat pool external <external> global-port-range 1024-65535 set nat cgnat pool internal <internal> range 100.64.1.0/24
I'm not sure that a list of ports will be helpful in this way.
From time to time, we need to scan specific ports.
What about
force scan-port-host <x.x.x.x> proto <tcp|udp> port '8080-8081,9200' force port--discovery-host <x.x.x.x> proto <tcp|udp> port '8080' force port-scan host <x.x.x.x> proto <tcp|udp> port '8080'
And use native nmap binaries (as python3 nmap module is not installed by default)
Also, it has XML format if you want a custom table:
sudo nmap -oX - 127.0.0.1
Viacheslav changed the status of T6173: Build Causes Errors When "--version" Contains Slashes ("/") from Open to In progress.
Viacheslav triaged T6173: Build Causes Errors When "--version" Contains Slashes ("/") as Normal priority.
Viacheslav triaged T6156: Include commit hash from repos in nightly build release description as Normal priority.
Viacheslav added a parent task for T6154: Installer should ask for password twice: T4516: Rewrite system image manipulation tools in Python.
Viacheslav edited projects for T6154: Installer should ask for password twice, added: VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.0-epa2).
Viacheslav changed the status of T6185: Simplify marshalling of section and config data for config-sync, a subtask of T6121: Extend service config-sync for sections vpn, policy, vrf, from Open to In progress.
Viacheslav changed the status of T6185: Simplify marshalling of section and config data for config-sync from Open to In progress.
Viacheslav triaged T6188: Add firewall rule description to the output of "show firewall" commands as Wishlist priority.
Viacheslav moved T5832: Allow setting the interface for excluded address in VRRP from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav renamed T6191: Policy route set-mss option is not working correctly from Policy Route Behavior Different from 1.3.x to Policy Route TCP-MSS Behavior Different from 1.3.x.
Probably VNI is applied after BGP
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "vrf|bri|vxlan"
11 vrf.py ['vrf']
310 interfaces_bridge.py ['interfaces', 'bridge']
460 interfaces_vxlan.py ['interfaces', 'vxlan']
481 protocols_static.py ['vrf', 'name', 'protocols', 'static']
611 protocols_isis.py ['vrf', 'name', 'protocols', 'isis']
621 protocols_ospf.py ['vrf', 'name', 'protocols', 'ospf']
621 protocols_ospfv3.py ['vrf', 'name', 'protocols', 'ospfv3']
821 protocols_bgp.py ['vrf', 'name', 'protocols', 'bgp']
821 protocols_eigrp.py ['vrf', 'name', 'protocols', 'eigrp']
822 vrf_vni.py ['vrf', 'name', 'vni']
vyos@r4:~$The current priorities:
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "vrf|bri|vxlan"
11 vrf.py ['vrf']
310 interfaces_bridge.py ['interfaces', 'bridge']
460 interfaces_vxlan.py ['interfaces', 'vxlan']
481 protocols_static.py ['vrf', 'name', 'protocols', 'static']
611 protocols_isis.py ['vrf', 'name', 'protocols', 'isis']
621 protocols_ospf.py ['vrf', 'name', 'protocols', 'ospf']
621 protocols_ospfv3.py ['vrf', 'name', 'protocols', 'ospfv3']
821 protocols_bgp.py ['vrf', 'name', 'protocols', 'bgp']
821 protocols_eigrp.py ['vrf', 'name', 'protocols', 'eigrp']
822 vrf_vni.py ['vrf', 'name', 'vni']
vyos@r4:~$Viacheslav edited projects for T6167: VNI not set on VRF after reboot, added: VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
@kevinrausch Thank you for the report, next time it is better to use set of the commands to reproduce
vyos@r4:~$ generate tech-support archive /tmp/foo
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/generate_tech-support_archive.py", line 123, in <module>
tmp_dir.mkdir()
File "/usr/lib/python3.11/pathlib.py", line 1117, in mkdir
os.mkdir(self, mode)
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/foo/drops-debug_2024-03-31T12-07-09'
vyos@r4:~$It seems hardcoded here https://github.com/vyos/vyos-1x/blob/252d03d6e419aae14ae75caed38d1b1001c916a2/src/op_mode/generate_tech-support_archive.py#L96
Mar 30 2024
Mar 30 2024
Viacheslav edited projects for T6189: BGP L3VPN connectivity is broken after re-enabling VRF, added: VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.
Mar 29 2024
Mar 29 2024
Viacheslav changed the status of T6033: hsflowd fails to start when using a tunnel interface from In progress to Needs testing.
Viacheslav changed the status of T6033: hsflowd fails to start when using a tunnel interface from Open to In progress.
@ServerForge, it seems to be working with the v2.0.55-1 version. Could you build a package and re-check?
git clone -b v2.0.55-1 --single-branch https://github.com/sflow/host-sflow.git sudo apt-get install -y libpcap0.8-dev make deb FEATURES="PCAP DROPMON DBUS"
Viacheslav changed the subtype of T6033: hsflowd fails to start when using a tunnel interface from "Task" to "Bug".
Viacheslav added a project to T6033: hsflowd fails to start when using a tunnel interface: VyOS 1.5 Circinus.
Only ethernet interfaces or bridges are allowed; from their docs https://sflow.net/host-sflow-linux-config.php
PCAP Packet Sampling
It seems a broken local build; close the task.
Reopen if necessary.
Viacheslav added a comment to T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down.
"reset vpn ipsec " command and does not reset SAs that are dow
Mar 28 2024
Mar 28 2024
Viacheslav triaged T6183: OpenVPN IPv6 server: Unable to establish connection without local-host parameter as Normal priority.
Viacheslav changed the status of T6159: "show openvpn server" prints a superfluous "OpenVPN status on vtunx" message for every client connection from Open to In progress.
Viacheslav edited projects for T4718: DHCP server listen-address doesn't take effect if the interface is in a VRF, added: VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.
Mar 27 2024
Mar 27 2024
Viacheslav triaged T6179: Incorrect HAProxy config generated for reverse-proxy rules with url-path as Normal priority.
Viacheslav triaged T6178: reverse-proxy doesn't check that a certificate exists at set time as Normal priority.
PR https://github.com/vyos/vyos-1x/pull/3193
Extend config-sync for sections qos and system
vyos@r4# set service config-sync section system Possible completions: conntrack Connection Tracking flow-accounting Flow accounting option System Options sflow sFlow static-host-mapping Map host names to addresses sysctl Configure kernel parameters at runtime
Mar 26 2024
Mar 26 2024
Viacheslav triaged T6174: can't view dhcp server leases if logged in as a tacacs account as Normal priority.
Mar 25 2024
Mar 25 2024
Viacheslav triaged T6172: Static routes not working with PPPoE and VyOS 1.4.0-epa2 as High priority.
Viacheslav triaged T6171: Rename the DHCP server "failover" command to "high-availability mode" as Normal priority.
Viacheslav added a comment to T5991: 1.4.0-RC3 deleting portions of config in error (migration script).
It is not an actual ethernet interface, but you name it as an ethernet interface.
You can check the output sudo ip link show type wireguard or sudo ip link show type tun
@tjh already backported
Viacheslav triaged T6169: DNS forwarding configuration rejects underscores in SRV records as Normal priority.
Mar 24 2024
Mar 24 2024
Viacheslav changed the status of T6076: [1.3.3->1.4.0-epa1 Migration] Most of config missing from Open to Needs testing.
Mar 22 2024
Mar 22 2024
Viacheslav closed T6158: Linux kernel version did not matched then caused LTS version building failed as Wontfix.
Tags show the code base at the step where the tag was added.
But binary can be changed since this time. For the same reason, you will not be able to build 1.1.8 or 1.2.1, etc. exactly with those binary that were on the step of tagging.
Close it as wonfix.
Viacheslav triaged T6153: Installer offers RAID-1 without excluding the USB install media as Normal priority.
Mar 21 2024
Mar 21 2024
Viacheslav moved T6143: Increase configuration timeout range for service config-sync from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0) board.
Viacheslav edited projects for T6143: Increase configuration timeout range for service config-sync, added: VyOS 1.4 Sagitta (1.4.0); removed VyOS 1.4 Sagitta (1.4.0-epa2).
Mar 20 2024
Mar 20 2024
Viacheslav changed the subtype of T6146: Add python script to get all priorities of service or section from XML from "Bug" to "Feature Request".
Viacheslav renamed T6121: Extend service config-sync for sections vpn, policy, vrf from Extend service config-syn for sections vpn, policy, vrf to Extend service config-sync for sections vpn, policy, vrf.
Viacheslav changed the status of T6143: Increase configuration timeout range for service config-sync from In progress to Needs testing.
Viacheslav added a comment to T6144: Updating the system image without enough space for the files can break the system.
At least tech-support-archive.tgz MUST not copied between updates
Mar 20 2024, 1:23 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.3), Restricted Project, VyOS Rolling
Viacheslav updated the task description for T6144: Updating the system image without enough space for the files can break the system.
Mar 20 2024, 1:14 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.3), Restricted Project, VyOS Rolling