@dotAndy Is it still relevant?
Can you create a PR?
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 18 2024
Apr 18 2024
Viacheslav edited projects for T5756: L2TP RADIUS backup and weight settings, added: Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav removed projects from T5761: Allow PPPoE interface to be assigned IPv6 address via DHCPv6: VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta.
Viacheslav edited projects for T5810: Add support for RPKI source IP, added: VyOS 1.5 Circinus, Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav placed T2003: BGP FQDN capability has improper hostname after new image install up for grabs.
Viacheslav changed the status of T1790: OSPF Exchanged Routes marked as invalid when run through a GRE PTMP/PTP OSPF between peers from Open to Needs reporter action.
@SquirePug re-check please with the latest rolling image.
Viacheslav reopened T2003: BGP FQDN capability has improper hostname after new image install as "Needs reporter action".
Viacheslav closed T2003: BGP FQDN capability has improper hostname after new image install as Resolved.
@jmaslak can you check the latest rolling image?
Viacheslav changed the status of T2616: BFD Configuration causes flapping from Needs testing to Needs reporter action.
@kroy can you re-test this case?
Viacheslav added a project to T3393: IPoE does not assign IPv6 PD or WAN address: VyOS 1.5 Circinus.
tjh added a comment to T6248: <device> ip source-validation 'strict' - doesn't set /proc/sys/net/ipv4/conf/<device>/rp_filter.
Closed invalid - this is done with nftables now.
Apachez added a comment to T5572: Add capability for sending Gratuitous ARP (GARP) and the equal for IPv6.
It would be handy if the GARP announcement wouldnt be a separate list but rather picked up from any DNAT or SNAT rules.
Viacheslav lowered the priority of T5169: Add CGNAT Carrier-Grade NAT based on nftables from High to Normal.
Apachez added a comment to T6248: <device> ip source-validation 'strict' - doesn't set /proc/sys/net/ipv4/conf/<device>/rp_filter.
Probably related:
In T6247#184232, @jmoore wrote:. We need the feature regardless of the state of the repository.
Apr 17 2024
Apr 17 2024
It very may well have been. That's not really relevant to this request. The repository is an example. We need the feature regardless of the state of the repository.
I saw such repository more than once, but it seems that it has been abandoned. Last commit is dated two years ago.
Another example on nftables: https://github.com/fullcone-nat-nftables/nftables-1.0.5-with-fullcone
Viacheslav removed a project from T6247: Add CGN "full cone" EIF support per RFC6888 REQ-7: VyOS 1.4 Sagitta.
We do not use iptables and their modules for new features.
Feel free to add PR for nftables or if you know which commands should be for nftables
vyos@test1:~$ sudo cat /run/openvpn/vtun20.status OpenVPN CLIENT LIST Updated,2024-04-17 16:40:05 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END
From initial PR these two feedback points are now implemented. PR has been amended see https://github.com/vyos/vyos-1x/pull/3307
I think I might've found the cause of this issue: the vni is unset from all VRFs when making changes. I posted a message about this on Slack (and about another, fairly similar, issue) on Slack about this.
dex added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
Just checked with the current rolling release 1.5-rolling-202404141045. After committing set high-availability disable, keepalived is successfully stopped and the logs show that the transition script seems to be executed:
thank you very much for your analysis. I am still wondering, why it breaks with adding the vrf and why it works before.
Also, why it starts to work again, after rebooting when removing the vrf again (but not before rebooting)
Viacheslav changed the status of T6246: Add support for server health checks to reverse proxy from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX85f055ba5d76: Merge pull request #3323 from vyos/mergify/bp/sagitta/pr-3192 (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEX0b9d2c64103a: Merge pull request #3324 from vyos/mergify/bp/sagitta/pr-3320 (authored by dmbaturin).
Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.
It is not related to VRF at all and is related to the policy routing logic:
Reproduced even on 1.3.2
set interfaces ethernet eth1 address '192.168.122.14/24'
n.fort changed the status of T5535: Move disable-directed-broadcast to firewall global-options from Confirmed to Needs testing.
n.fort changed the status of T6191: Policy route set-mss option is not working correctly from Confirmed to Needs testing.
Viacheslav triaged T6237: IPSec remote access VPN: ability to set EAP ID of clients as Wishlist priority.
indrajitr closed T5612: Miscellaneous improvements and fixes for dynamic DNS configuration as Resolved.
indrajitr closed T5723: mdns repeater: Always reload systemd daemon before applying changes as Resolved.
indrajitr closed T5966: Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments as Resolved.
Updates have been applied on 1.4 and 1.5.
This can probably be closed.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX292f4b8efe2a: T6191: do not append action to firewall and policy route|route6 when its not… (authored by n.fort).
GitHub <noreply@github.com> committed rVYOSONEX24c997dee169: Merge pull request #3320 from nicolas-fort/T6191 (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX9f62c3082429: image-tools: T6168: compat mode update should preserve console type (authored by jestabro).
jestabro closed T6154: Installer should ask for password twice, a subtask of T4516: Rewrite system image manipulation tools in Python, as Resolved.
jestabro moved T6154: Installer should ask for password twice from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
GitHub <noreply@github.com> committed rVYOSONEX06a08f61abb9: Merge pull request #3322 from vyos/mergify/bp/sagitta/pr-3321 (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXabfd62665359: image-tools: T6154: installer prompts to confirm a non-default passwd (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEXce7023bea759: Merge pull request #3321 from jestabro/confirm-pass (authored by jestabro).
Apr 16 2024
Apr 16 2024
I decided to dig into this a little more and try to trace this out:
sudo nft add chain inet vrf_zones trace_chain { type filter hook prerouting priority -301\; }
sudo nft add rule inet vrf_zones trace_chain meta nftrace set 1@dmbaturin, @sever
Would love your input regarding the lack of headers when using the -c option. I've created a PoC around "chronyc -c activity" as it was the most straight forward command to start with.
Viacheslav changed the status of T6242: Add an option to disable certificate verification to reverse proxy from Open to Needs testing.
@dmbaturin , @Viacheslav - I use debian snapshot repository when building VyOS LTS on my own.
side note, if you flush ruleset, and only add:
Something I just figured out is that the minute I do:
jestabro moved T6243: Update vyos-http-api-tools for package idna security advisory from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
jestabro moved T6243: Update vyos-http-api-tools for package idna security advisory from Open to Finished on the VyOS 1.5 Circinus board.
n.fort changed Version from 1.4.0-epa2 to 1.4.0-epa2, 1.5-rolling-202404141045 on T6191: Policy route set-mss option is not working correctly.
n.fort changed the status of T6191: Policy route set-mss option is not working correctly from Open to Confirmed.
The regression causing 'image cannot be found" was fixed in https://vyos.dev/T6186.
jestabro removed a parent task for T5917: Restore annotations of (running)/(default boot) in select image list: T6022: set system image default-boot.
GitHub <noreply@github.com> committed rVYOSONEX41663efaba26: Merge pull request #3317 from natali-rs1985/T6141-equuleus (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX8f778f989d8f: Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX5a481813c059: Merge pull request #3319 from vyos/mergify/bp/sagitta/pr-3313 (authored by c-po).
Viacheslav changed the status of T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from In progress to Needs testing.
jestabro triaged T6243: Update vyos-http-api-tools for package idna security advisory as Normal priority.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX6cace2df99c7: T5722: Failover route add option onlink (authored by Viacheslav).