In T6266#184977, @sarthurdev wrote:Possibly would make sense for CLI to fall under firewall global-options?
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Apr 25 2024
Apr 25 2024
Viacheslav updated subscribers of T6266: Firewall flowtable ability to set timeout for TCP and UDP flow.
Viacheslav updated the task description for T6265: Firewall flowtable should allow ethernet only interfaces.
Viacheslav closed T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error as Invalid.
Stay tuned; check our blog post.
Viacheslav changed the subtype of T6265: Firewall flowtable should allow ethernet only interfaces from "Task" to "Enhancement".
Viacheslav updated the task description for T6265: Firewall flowtable should allow ethernet only interfaces.
Viacheslav triaged T6266: Firewall flowtable ability to set timeout for TCP and UDP flow as Wishlist priority.
Allowing only ethernet interface task https://vyos.dev/T6265
After adding check, this task can be closed
Viacheslav triaged T6265: Firewall flowtable should allow ethernet only interfaces as Normal priority.
Will be available in the next rolling release.
Viacheslav changed the status of T6263: Commit failures when trying to set an IGMP group with source address on an interface from Open to In progress.
Viacheslav added a comment to T6263: Commit failures when trying to set an IGMP group with source address on an interface.
The group 224.0.0.0/24 is reserved
r4(config)# interface eth2 r4(config-if)# ip igmp join 224.0.0.0 224.0.0.10 % Configuration failed.
PR https://github.com/vyos/vyos-1x/pull/3361
vyos@r4# set interfaces ethernet eth2 ipv6 base-reachable-time 28 [edit] vyos@r4# commit [edit] vyos@r4# [edit] vyos@r4# sudo sysctl net.ipv6.neigh.eth2.base_reachable_time_ms net.ipv6.neigh.eth2.base_reachable_time_ms = 28000 [edit] vyos@r4# vyos@r4# cat /proc/sys/net/ipv6/neigh/eth2/base_reachable_time_ms 28000 [edit] vyos@r4#
Viacheslav moved T5833: Not all AFIs are compatible with VRF from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
In T6258#184876, @canoziia wrote:
This sysctl option is deprecated https://man7.org/linux/man-pages/man8/sysctl.8.html
DEPRECATED PARAMETERS top
Apr 24 2024
Apr 24 2024
Viacheslav triaged T6263: Commit failures when trying to set an IGMP group with source address on an interface as Normal priority.
Viacheslav closed T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic as Wontfix.
Close it as wontfix due to legacy backend.
In some cases, we can't predict the interface name (if the interface name is over 15 characters) https://vyos.dev/T6222
Viacheslav changed the status of T6233: Container configurations on VyOS 1.5 prevent containers from starting from Open to Needs reporter action.
@sempervictus Any updates or additional context?
Fixed, VyOS 1.5-rolling-202404240023
vyos@r4# run show conf com | match "bri|tun0" set interfaces bridge br0 member interface tun0 set interfaces tunnel tun0 encapsulation 'gretap' set interfaces tunnel tun0 remote '192.168.122.111' set interfaces tunnel tun0 source-address '192.168.122.14' [edit] vyos@r4# delete interfaces tunnel [edit] vyos@r4# commit [ interfaces tunnel tun0 ] Interface "tun0" cannot be deleted as it is a member of bridge "br0"!
Viacheslav changed the subtype of T3915: Create op-mode top-level wrapper for ssh/scp command -VyOS 1.4 from "Bug" to "Feature Request".
Viacheslav renamed T5833: Not all AFIs are compatible with VRF from BGP address family flowspec incompatible with VRF to Not all AFIs compatible with VRF.
Viacheslav changed the status of T5833: Not all AFIs are compatible with VRF from Open to In progress.
Viacheslav renamed T5833: Not all AFIs are compatible with VRF from BGP Impossible to use address family flowspec with VRF to BGP address family flowspec incompatible with VRF.
Viacheslav changed the status of T6109: remote syslog does not get all the logs from Unknown Status to Resolved.
Apr 23 2024
Apr 23 2024
Viacheslav changed the status of T3726: System ntp servers are ignored if provided by DHCP (ISP) from Needs testing to Needs reporter action.
Not actual for 1.5/1.4
@mrlocke Can you re-check the 1.3?
Viacheslav added a comment to T6042: ssh scripts should work with arguments again; they do not anymore.
@doctorpangloss Any updates?
Viacheslav changed the status of T6058: Commit-Archive Save doesn't use https_proxy from Open to Needs reporter action.
@modzilla99 Could you provide an example of set commands to reproduce?
Viacheslav moved T6237: IPSec remote access VPN: ability to set EAP ID of clients from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
What happens if another interface/value occupies the index 101?
For example, PPPoE-server and PPP interface can generate thousands of interfaces
It was filtered in https://vyos.dev/T2086 to avoid pam_unix mess
Viacheslav placed T1751: DNS server addresses from DHCPv6 are not added to resolv.conf up for grabs.
Viacheslav changed the status of T6217: Set the log id of the VRRP contrack-sync script to vyos-vrrp-conntracksync from Open to In progress.
Can't reproduce it, close the task
Viacheslav added a project to T6251: Extend table number limits for policy route-map set table: Restricted Project.
Viacheslav triaged T6257: Add op mode commands for dynamic firewall address groups as Normal priority.
Most likely needs to change priority to 319 for the sysctl
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "ethernet|sysctl"
300 interfaces_virtual-ethernet.py ['interfaces', 'virtual-ethernet']
318 interfaces_ethernet.py ['interfaces', 'ethernet']
318 system_sysctl.py ['system', 'sysctl']
321 interfaces_pseudo-ethernet.py ['interfaces', 'pseudo-ethernet']
vyos@r4:~$Extend to <1-65535>
PR https://github.com/vyos/vyos-1x/pull/3353
What do I need to do to get these values?
root@r1-right:/home/vyos# sysctl net.ipv6.neigh.eth3/2.base_reachable_time_ms sysctl: cannot stat /proc/sys/net/ipv6/neigh/eth3.2/base_reachable_time_ms: No such file or directory
Apr 22 2024
Apr 22 2024
Could you provide the full set of commands to reproduce?
I tried to extend the range, and seems it also relies on nftables conntrack zones
vyos@r4# compare
+ vrf {
+ name blue {
+ table "4294967295"
+ }
+ name red {
+ table "1"
+ }
+ }Viacheslav changed the subtype of T6254: Extend VRF table number from "Feature Request" to "Enhancement".
Viacheslav changed the status of T6255: Static table description should not contain white-space from Open to In progress.
Viacheslav triaged T6229: Unable to view transceiver information for Intel X710 interface as Wishlist priority.
Viacheslav triaged T6255: Static table description should not contain white-space as Normal priority.
Viacheslav triaged T6256: Replace deprecated ISC dhcp-relay (EOL) with something else as Wishlist priority.
Apr 21 2024
Apr 21 2024
Viacheslav changed the status of T5794: Flowtable with Bond Race from Needs reporter action to Open.
The flowtable has to be set on ethernet interfaces only!
It does not need to set it to PPP/BOND/VLAN/WG?etc, as it will work anyway.
We need to hardcode it only for ethX interfaces, because people use it incorrect.
Apr 20 2024
Apr 20 2024
Viacheslav renamed T6255: Static table description should not contain white-space from Static table description. should not contain white-space to Static table description should not contain white-space.
Apr 19 2024
Apr 19 2024
Viacheslav triaged T6251: Extend table number limits for policy route-map set table as Wishlist priority.
Viacheslav triaged T6250: "policy route-map set table" cannot be deleted from the rule as Normal priority.
Viacheslav moved T6221: Enabling VRF breaks connectivity from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Viacheslav moved T6221: Enabling VRF breaks connectivity from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav edited projects for T6221: Enabling VRF breaks connectivity, added: VyOS 1.4 Sagitta (1.4.0-epa3), VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.0-epa2).
Viacheslav triaged T6249: ISO builder fails because of changed buster-backport repository as High priority.
Apr 18 2024
Apr 18 2024
Viacheslav placed T2279: Router resolves as 127.0.1.1 when using Router's Recursive DNS up for grabs.
Viacheslav edited projects for T4732: need an option for VRF name when you specify location for commit-archive, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Wontfix.
Viacheslav closed T4422: WAN load-balance status failed on all interfaces if one of them failed as Wontfix.
Test addresses have to be different
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs reporter action.
Viacheslav changed the status of T4422: WAN load-balance status failed on all interfaces if one of them failed from Open to Needs reporter action.
Viacheslav added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
Provide the set of the commands to reproduce
Viacheslav removed a project from T5153: OpenConnect route restriction via iptables is ignored: VyOS 1.4 Sagitta.
Viacheslav changed the status of T6221: Enabling VRF breaks connectivity from Open to Needs testing.
Viacheslav added a project to T5471: Conntrack logging doesnt seem to be working: VyOS 1.5 Circinus.
The old implementation used this script and https://github.com/vyos/vyatta-conntrack/blob/current/src/vyatta-conntrack-logging.c for the logging and it seems not impelemted for the current
At least there is not mention of the log
Without subtasks, it is going to be dead.
@Apachez It is not clear what you want to fix exactly. Fix all and do all working well could be related to any task.
Viacheslav edited projects for T5673: Enable `CONFIG_DEBUG_INFO_DWARF5` and `CONFIG_DEBUG_INFO_BTF` in the Linux kernel, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav edited projects for T5737: Eigrp #11301 - Configuration failed error type: validation, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T5755: Running set pki ca NAME certificate with a name with spaces breaks the config as Not Applicable.
Not reproduced on VyOS 1.5-rolling-202404141045
vyos@r-left# set pki ca "my test ca name" certificate 'MIIDnTCCAoWgAwIBAgIUFvyB2rY0V1V6AaIpPWHCftGRwN8wDQYJKoZIhvcNAQELBQAwVzELMAkGA0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yNDA0MTgxMTM3MzZaFw0yOTA0MzZaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggEiMA0GCQEBAQUAA4IBDwAwggEKAoIBAQCKEVxs7gdzmnN4iMinvXN1vdGaT+v3TOnHSXbBkWHnt9YdWmo8UoqFpVqyVM3E8xmoT+3HOXJeWkKArEpMkGo93kWaGo0f25KGEFWbS2ttgNA9cqH9PGa42XTKyTY+5ZoIWaQQzNNiUSaIoslRrMSV4V2yQs90ECxR37ezlV2RAIHEhZ6mizUkMkuSmdjqRolh2tpF1MoisyhspFPXBC6lJ8d0jFZEi1tP3tlQjqVEWPjTvtddy34iOLFeUjBF5cOwfmpVLzWBVLbIxJr5ZHamGeQIabn36Jg1u0+/6p7hb8avqBW4dT0K8UykWVqgjQ4W4rM7AgMBAAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUxEx+IVaoLb7M/SW9AkCVRaXCNTUwDQYJKoZIhvcNAQELBQADggEBAGjV6WiH4Z+hfdANG8oWgY0xsHmUZg8dCjwqO5GMwjBVIuu8GuoZu0JobtLa097behWcgCkwjvKBffuwCu542WbFkxdXzBLZjSAc+K3itegZIuy4jqRO5z6Q0IbPSaFUhR4HhfwejwlyXgjNCFzEMzwoDL2/3PXjWyilkqthYyFcx092tgwiXtnfO9z9Xm/YQHQmRG2VWzLEwucOhV698xnqFgRJk3uKqcDN9KjF+5v32OQ0eis7GHn1aJim5aUee1nnCRFdQO0llNJRwF6fIaICzKLwa7zzMjF7HhRehh5kpwY8omcQX7xYz7GJag4='