I saw such repository more than once, but it seems that it has been abandoned. Last commit is dated two years ago.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Apr 17 2024
Another example on nftables: https://github.com/fullcone-nat-nftables/nftables-1.0.5-with-fullcone
We do not use iptables and their modules for new features.
Feel free to add PR for nftables or if you know which commands should be for nftables
vyos@test1:~$ sudo cat /run/openvpn/vtun20.status OpenVPN CLIENT LIST Updated,2024-04-17 16:40:05 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END
From initial PR these two feedback points are now implemented. PR has been amended see https://github.com/vyos/vyos-1x/pull/3307
I think I might've found the cause of this issue: the vni is unset from all VRFs when making changes. I posted a message about this on Slack (and about another, fairly similar, issue) on Slack about this.
Just checked with the current rolling release 1.5-rolling-202404141045. After committing set high-availability disable, keepalived is successfully stopped and the logs show that the transition script seems to be executed:
thank you very much for your analysis. I am still wondering, why it breaks with adding the vrf and why it works before.
Also, why it starts to work again, after rebooting when removing the vrf again (but not before rebooting)
Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.
It is not related to VRF at all and is related to the policy routing logic:
Reproduced even on 1.3.2
set interfaces ethernet eth1 address '192.168.122.14/24'
Updates have been applied on 1.4 and 1.5.
This can probably be closed.
Apr 16 2024
I decided to dig into this a little more and try to trace this out:
sudo nft add chain inet vrf_zones trace_chain { type filter hook prerouting priority -301\; } sudo nft add rule inet vrf_zones trace_chain meta nftrace set 1
@dmbaturin, @sever
Would love your input regarding the lack of headers when using the -c option. I've created a PoC around "chronyc -c activity" as it was the most straight forward command to start with.
@dmbaturin , @Viacheslav - I use debian snapshot repository when building VyOS LTS on my own.
side note, if you flush ruleset, and only add:
Something I just figured out is that the minute I do:
The regression causing 'image cannot be found" was fixed in https://vyos.dev/T6186.
Status update:
- "Like for like" functionality between .sh script and .py script is complete and working (can be viewed in PR)
- Raw output capability -> in progress
@Viacheslav concur that it looks to be resolved. The last log entry was at 9:10 and nothing telegraph-related has been logged in almost 30 minutes since. I will close ticket. Thank your help and insight.
We'll close it if no response
A docker container usually has issues with loop devices:
Use the VM or attach dev
Apr 15 2024
PR https://github.com/vyos/vyos-1x/pull/3313
Add onlink option
set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10
It is more of a feature request than a bug due to specific kernel routes.
Feature to add onlink option
I even commented on that issue…
It would seem my memory ages out after 3 years 🤣
Read the documentation for the 1.5
The same task https://vyos.dev/T3861
I probably can continue here in summer at first.