@daniil Any idea for CLI and what it should generate to strongswan.conf?
Which plugin should it use?
https://docs.strongswan.org/docs/5.9/plugins/plugins.html
eap-dynamic Plugin eap-gtc Plugin eap-radius Plugin eap-simaka-sql Plugin eap-tls Plugin
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Nov 26 2024
Nov 26 2024
Viacheslav moved T6912: Build package script misses dependencies from Need Triage to Backport Candidates on the VyOS Rolling board.
Nov 25 2024
Nov 25 2024
@runar btw, we have python script for the priority /usr/libexec/vyos/priority.py
Viacheslav changed the status of T6912: Build package script misses dependencies from Open to In progress.
Viacheslav triaged T6913: XCP-NG: xe-guest-utilities have been replaced by xen-guest-agent as Normal priority.
Viacheslav moved T6876: KEA DHCP-server sometimes could be in the race condition from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav added a comment to T6911: Empty "ntp" CLI node causes a config migration error when upgrading from VyOS 1.3.x.
I’d expect the behavior is correct now. There shouldn't be empty nodes. As some of them uses “default values” and system can see it as partly configured,
In any case the check is here https://github.com/vyos/vyos-1x/blob/ec18cc393591052fd1f021c4a62220ab2e537a2e/src/conf_mode/service_ntp.py#L68
Nov 22 2024
Nov 22 2024
Viacheslav changed the status of T6906: Add an option to start sessions with an unclassified packet to IPoE server from Open to In progress.
Viacheslav triaged T6907: [op-commands] encrypted/hidden sensible information in 'show configuration' as Normal priority.
Nov 21 2024
Nov 21 2024
Viacheslav triaged T6906: Add an option to start sessions with an unclassified packet to IPoE server as Normal priority.
Nov 20 2024
Nov 20 2024
Viacheslav changed the subtype of T6896: OpenVPN change CRL revoke without restart from "Feature Request" to "Bug".
Viacheslav triaged T6902: Commit and Save takes long time when more than 100's ipsec tunnel are already configured as Normal priority.
Viacheslav added a project to T6876: KEA DHCP-server sometimes could be in the race condition: VyOS 1.5 Circinus.
Nov 19 2024
Nov 19 2024
Viacheslav changed the status of T6490: Allow creation of wireguard interfaces without requiring peers from In progress to Needs reporter action.
Needs testing
Viacheslav added a comment to T264: Use base64 or hex format in ipsec.secrets to allow double quotes.
PR https://github.com/vyos/vyos-1x/pull/4198
Add base64 encrypted password
$ echo -n 1234567890 | base64 MTIzNDU2Nzg5MA== $
Viacheslav added a comment to T264: Use base64 or hex format in ipsec.secrets to allow double quotes.
@marco_agostani we do not have validators on the insert config step https://github.com/vyos/vyos-1x/blob/8f76c96cb4d7132b7654aa5f37e8ab49fa2e137a/interface-definitions/vpn_ipsec.xml.in#L35-L43
It is more of an interpreter issue/feature
Maybe it will be fixed after merging https://vyos.dev/T6045
Nov 18 2024
Nov 18 2024
@sskaje, what would it be like without an internet connection while the system was loaded? And will the Internet be available 1-2 minutes after boot?
I think you will get the router without wireguard at all, as it was in the previous commits. It cannot resolve the address, so it cannot create a session. And it will be in this state until you reconfigure it again.
We use podman for containers.
Eq command for the podman:
vyos@r14:~$ sudo podman network create pod-net2 --opt mtu=1200 pod-net2 vyos@r14:~$
Check:
vyos@r14:~$ sudo podman network inspect pod-net2
[
{
"name": "pod-net2",
"id": "f1ec367ee95ee0f5b644b7fb96faffa6cf499490e3ff5e8f3915182639302cc7",
"driver": "bridge",
"network_interface": "podman1",
"created": "2024-11-18T10:08:28.26831792Z",
"subnets": [
{
"subnet": "10.89.0.0/24",
"gateway": "10.89.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"options": {
"mtu": "1200"
},
"ipam_options": {
"driver": "host-local"
}
}
]
vyos@r14:~$Nov 16 2024
Nov 16 2024
Nov 15 2024
Nov 15 2024
Viacheslav changed the status of T6876: KEA DHCP-server sometimes could be in the race condition from Open to Needs testing.
Nov 14 2024
Nov 14 2024
Viacheslav triaged T6876: KEA DHCP-server sometimes could be in the race condition as Normal priority.
Viacheslav changed the subtype of T6875: Make it possible to release an 'active' IP address from DHCP server leases from "Task" to "Feature Request".
Nov 13 2024
Nov 13 2024
Viacheslav updated the task description for T6872: IPoE-server add the ability to configure Lua scripts for username mapping.
Viacheslav triaged T6872: IPoE-server add the ability to configure Lua scripts for username mapping as Normal priority.
Nov 12 2024
Nov 12 2024
Check please bug report guidelines https://blog.vyos.io/feature-requests-and-bug-reports-guidelines
Viacheslav changed the status of T6865: DHCP server op-mode sometimes does not show leases from Open to In progress.
Viacheslav triaged T6868: Monitoring: Loki Basic Authentication limitation prevents Cloud Monitoring as Normal priority.
Nov 11 2024
Nov 11 2024
Viacheslav added a project to T6865: DHCP server op-mode sometimes does not show leases: VyOS 1.4 Sagitta (1.4.1).
Viacheslav set Forum thread to https://forum.vyos.io/t/updating-vyos-does-not-run-grub-update/ on T6864: Update from the 1.3.8 to the latest rolling does not work.
Viacheslav updated the task description for T6863: The default route distance for PPPoE (210) in the migration script is incorrect and may break server availability.
Nov 8 2024
Nov 8 2024
Viacheslav changed the status of T6031: static-route option breaks DHCP server from In progress to Needs reporter action.
Needs testing, will be fixed in the next rolling release
Viacheslav added a comment to T6764: Failure to apply configuration with new ethtool parsing if using virtual ethernet driver (xen vif).
@syncer not it doesn’t
JSON parser wasn’t back ported so other branches are not affected
Nov 7 2024
Nov 7 2024
Viacheslav renamed T6856: Race condition two drivers initiate interfaces at the same time from Race condition two drivers intiate interfaces at the same time to Race condition two drivers initiate interfaces at the same time.
I created a separated bug report https://vyos.dev/T6856
Viacheslav triaged T6856: Race condition two drivers initiate interfaces at the same time as High priority.
I'm going to close PR, https://github.com/vyos/vyos-build/pull/832#pullrequestreview-2420618828
Viacheslav changed the status of T6764: Failure to apply configuration with new ethtool parsing if using virtual ethernet driver (xen vif) from Open to Needs reporter action.
@paulywog Can you check the latest rolling?
@SteveP Thanks!
I created a PR to exclude these rules https://github.com/vyos/vyos-build/pull/832
Nov 6 2024
Nov 6 2024
Nov 5 2024
Nov 5 2024
We use suricata only for the rolling
backport not required
Nov 3 2024
Nov 3 2024
@marekm, stop spamming in every message about LTS.
You know all the ways to get LTS images, including entirely free ones.
Thanks!
Nov 1 2024
Nov 1 2024
The vyos-vm-image is deprecated
Viacheslav closed T6112: Cloud Init Ordering Incorrect, a subtask of T5907: cloud-init root task for 1.5 and 1.4 , as Wontfix.
Viacheslav added a comment to T6101: IPsec some proposal combinations could be invalid and the service strongswan stops.
@natali-rs1985, can we close this task if it is fixed?
Viacheslav added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.
@marekm It has to be solved in the upstrem, https://github.com/accel-ppp/accel-ppp
It cannot be fixed otherwise.
Oct 31 2024
Oct 31 2024
Just do not use bond in the flow
Use native ethernet interfaces
Oct 30 2024
Oct 30 2024
Viacheslav added a comment to T4455: smp-affinity required by some platforms but doesn't exists in the CLI.
@syncer In my opinion, it is better to have a CLI that can process network interrupts only by the local NUMA node.
As I remember, the set system option performance xxx option overrides some sysctl options if it is not fixed.
Otherwise, we have to use customer scripts to balance interrupts on the required cores.
Viacheslav added a comment to T4455: smp-affinity required by some platforms but doesn't exists in the CLI.
@syncer What I know only from XEN or XCP-NG was reported
Do no have reports from other platforms
Viacheslav changed the status of T5471: Conntrack logging doesnt seem to be working from Open to Needs testing.
Viacheslav triaged T6841: Separate interface and VRF options in firewall zone configuration as Normal priority.
It is not implemented
But it probably will not be implemented
The only affected service was SNMP
Oct 29 2024
Oct 29 2024
In T6545#204568, @ordex wrote:Thanks for the pointer. I am even surprised that this worked with --cipher. In any case, I presume that template needs an exception.
The problem is that the template returns the none values in uppercase https://github.com/vyos/vyos-1x/blob/ba18d12f6863505133cde688d5e8188689af63bb/python/vyos/template.py#L567
In T2584#204474, @syncer wrote:@Viacheslav do we want to do this?
Oct 28 2024
Oct 28 2024
Viacheslav changed the status of T6840: build OpenVPN-otp use commit-id instead of master from Open to In progress.
Viacheslav renamed T6840: build OpenVPN-otp use commit-id instead of master from OpenVPN-otp use commit-id instead of master to build OpenVPN-otp use commit-id instead of master.
Viacheslav updated the task description for T6840: build OpenVPN-otp use commit-id instead of master.
@SteveP could you attach those files for debugging where the issue exists?
/config/config.boot /run/udev/log/vyos-net-name sudo journalctl -b | tee /tmp/journalct.log sudo journalctl -k | tee /tmp/journalct-k.log
Viacheslav moved T6812: The new version of iproute2 breaks smoketsts from Need Triage to Completed on the VyOS Rolling board.
Oct 27 2024
Oct 27 2024
I’d prefer to drop it at all for now.
Until someone can investigate it more deeply.
I don’t have any idea what is wrong.
Thanks