Install official pkg solve the issue
wget http://ftp.de.debian.org/debian/pool/main/o/ocserv/ocserv_0.12.2-3_amd64.deb dpkg -i *.deb `
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 16 2022
Feb 16 2022
c-po moved T4240: Cannot add wlan0 to bridge via configure from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
c-po changed the status of T4240: Cannot add wlan0 to bridge via configure from Open to Needs testing.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
Can be related
Found out some strange things, client address was banned:
ocserv[2072]: main: added 1 points (total 1) for IP '192.168.122.1' to ban list
Viacheslav changed the status of T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus from Open to Confirmed.
Viacheslav added a comment to T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus.
I don't see any issues with LTS 1.3.0
Thanks
Is it required point of binding in a container?
For example:
podman run --rm -it --device=/dev/vdb:/dev/xvdc:rwm --net host ubuntu bash
In T4249#118633, @Viacheslav wrote:You can get access to host netwoks with set container name foo allow-host-networks
You can get access to host netwoks with set container name foo allow-host-networks
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1224
Viacheslav reopened T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID as "In progress".
@anthr76 we have ready telegraf exporter, maybe it will work for you?
https://docs.vyos.io/en/latest/configuration/service/monitoring.html
Does anyone at least have an example of how to use the snmp exporter? For example a snmp.yml or generate one with the given mibs?
Tested on 1.4-rolling-202202150317 and 1.3.0, all works
Viacheslav changed the subtype of T4248: There isn't a way to remove the only rule from the (traffic-policy) class. from "Task" to "Bug".
Unknown Object (User) triaged T4248: There isn't a way to remove the only rule from the (traffic-policy) class. as Low priority.
Feb 15 2022
Feb 15 2022
this is very similar to https://phabricator.vyos.net/T3657 , so it seems that this is going to be fixed in 1.4 ( proof https://forum.vyos.io/t/bgp-peering-with-ipv6-link-local-addresses/7309/14 ). Is this going to be backported to 1.3 ? Anyone is able to find the commit that introduced the feature on 1.4? Maybe it is something easy to patch
Viacheslav moved T1292: Issues while deleting all rules from a firewall from Open to Finished on the VyOS 1.4 Sagitta board.
Comman "show conntrack ..." not available any more in latest?
Unknown Object (User) changed the status of T3494: DHCPv6 leases traceback when PD using from Unknown Status to Resolved.
n.fort added a comment to T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used.
Duplicate T1292 was assigned to 1.4 version, and I close it because it was solved.
This bug remains open for 1.3 Equuleus
n.fort closed T1292: Issues while deleting all rules from a firewall, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Tested on VyOS 1.4-rolling-202202150317 and working as expected.
n.fort closed T4160: Firewall - Error in rules that matches everything except something as Resolved.
vyos@vyos# run show config comm | grep fire
set firewall name FOO rule 10 action 'accept'
set firewall name FOO rule 10 protocol 'tcp'
set firewall name FOO rule 10 tcp flags not ack
set firewall name FOO rule 10 tcp flags syn
set firewall name FOO rule 40 action 'accept'
set firewall name FOO rule 40 protocol '!gre'
[edit]
vyos@vyos# sudo nft list chain ip filter NAME_FOO
table ip filter {
chain NAME_FOO {
tcp flags & (syn | ack) == syn counter packets 0 bytes 0 return comment "FOO-10"
meta l4proto != gre counter packets 0 bytes 0 return comment "FOO-40"
counter packets 0 bytes 0 return comment "FOO default-action accept"
}
}Solved. New commands:
Unknown Object (User) committed rVYOSONEX81add0813735: dhcpv6-server: T3494: Get address from network to correct sorting.
GitHub <noreply@github.com> committed rVYOSONEX40bf0d3ff078: Merge pull request #1222 from DmitriyEshenko/eq-1x-15022022 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX0f788abea73f: Merge pull request #1223 from sever-sever/T4237-cur (authored by c-po).
Viacheslav moved T4237: Conntrack-sync error - error adding listen-address command from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
PR for current https://github.com/vyos/vyos-1x/pull/1223
Unknown Object (User) added a comment to T3494: DHCPv6 leases traceback when PD using.
PR for equuleus https://github.com/vyos/vyos-1x/pull/1222
Viacheslav moved T3686: Bridging OpenVPN tap with no local-address breaks from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav edited projects for T3686: Bridging OpenVPN tap with no local-address breaks, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1221
Unknown Object (User) changed the status of T3494: DHCPv6 leases traceback when PD using from Resolved to Unknown Status.
Sorry, it works properly only for not PD. Looks like is not backported to equuleus
Client-side configuration to reproduce
set interfaces ethernet eth0 address 'dhcpv6' set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1' set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0' set interfaces ethernet eth0 dhcpv6-options pd 0 length '64'
On server-side we get the same backtrace
vyos@vyos# run show dhcpv6 server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 209, in <module>
leases = get_leases(conf, lease_file, args.state, args.pool, args.sort)
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in get_leases
leases = sorted(leases, key = lambda k: int(ip_address(k['ip'])))
File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in <lambda>
leases = sorted(leases, key = lambda k: int(ip_address(k['ip'])))
File "/usr/lib/python3.7/ipaddress.py", line 54, in ip_address
address)
ValueError: '2001:db8:290::/64' does not appear to be an IPv4 or IPv6 addressUnknown Object (User) changed the status of T3494: DHCPv6 leases traceback when PD using from Unknown Status to Resolved.
Tested on VyOS version 1.3.0, works properly
vyos@vyos# run show version | match Version Version: VyOS 1.3.0 [edit] vyos@vyos# run show dhcpv6 server leases IPv6 address State Last communication Lease expiration Remaining Type Pool IAID_DUID ------------------ ------- -------------------- ------------------- ----------- ------------- ----------- ----------------------------------------------------------------- 2001:db8:3456::187 active 2022/02/15 09:28:10 2022/02/15 21:28:10 11:58:28 non-temporary VyOS-DHCPv6 00:00:00:00:00:04:79:76:62:99:23:ad:43:fb:9c:5b:1c:1e:59:4b:58:01
Unknown Object (User) added a comment to T725: Cake and FQ-PIE.
Hi @hensur , I'm sure that this code should be moved to python implementation, patches for the legacy vyatta-cfg-qos will be rejected.
First of all, need to create CLI XML definition
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#xml-used-for-cli-definitions
and then create backend in python to process CLI commands
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#configuration-script-structure-and-behaviour
GitHub <noreply@github.com> committed rVYOSONEXaef699acf11e: Merge pull request #1220 from chenxiaolong/T4244 (authored by c-po).
I can confirm that the latest 202202140317 build fixes this issue, thanks.
Unknown Object (User) updated subscribers of T4246: Failed to delete vrrp transition-script.
Feb 14 2022
Feb 14 2022
chenxiaolong added a comment to T4245: eapol: Support for specifying the full CA chain of trust for both client and server.
Alternatively, since the pki code seems to already recognize parents/issuers:
chenxiaolong added a comment to T4244: eapol: commit fails with KeyError when PKI certificate name differs from the CA name.
I've submitted a PR to fix this here: https://github.com/vyos/vyos-1x/pull/1220
Unknown Object (User) added a comment to T4243: Nat log - Add translated data to nat logs.
@n.fort it is possible with conntrackd logging option syslog
sudo rm /etc/systemd/system/conntrackd.service.d/override.conf
edit nano /etc/conntrackd/conntrackd.conf and add Syslog on in General section, then restart conntrackd service.
After that you will get messages
conntrack-tools[5097]: udp 17 src=100.64.0.3 dst=1.1.1.1 sport=41900 dport=53 src=1.1.1.1 dst=198.51.100.1 sport=53 dport=41900
I'd like to see cake in vyos as well. I don't think this has been implemented yet (at least not under the traffic-policy section in 1.4-rolling) ?
In hosts we can see 2 entries:
vyos@r11-roll# run show conf com | match test set system static-host-mapping host-name test1.com inet '1.1.1.1' set system static-host-mapping host-name test2.com inet '2a00:1450:400f:802::200e'
Task for kea T3316
@Viacheslav Working on it, should be ready soon.
c-po changed the status of T4154: Error add second gre tunnel with the same source interface from Open to Needs testing.
c-po moved T4154: Error add second gre tunnel with the same source interface from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po moved T4154: Error add second gre tunnel with the same source interface from Open to Finished on the VyOS 1.4 Sagitta board.
I think it is necessary to show this kind information . it should use tools/service as netflow/ipfix . for example:
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
works as expected:
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
sure, I'll test 1.4 rolling
but if this feature simply adds "dev XXX" to virtual_address in vrrp config that shouldn't break much
Viacheslav added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
@Alexey.Kirillov it required more tests and responses from 1.4
Could you test it?
I can't get your configuration, how does should work without the declaration source or remote address?
I think I'm experiencing this same issue. I just tried upgrading a VPN server running 1.3-rolling-202001260217 to 1.3.0 LTS. As this is a production server (albeit a secondary/backup server) I've reverted to the old version of VyOS, and it looks like a fix is already on its way, so I just wanted to add my info to the ticket.
Feb 13 2022
Feb 13 2022
Alexey.Kirillov added a comment to T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID.
Is there any chance to backport this to 1.3x ?
It makes migration from cluster way easier.
c-po moved T4191: Lost access to host after VRF re-creating from In Progress to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po moved T4191: Lost access to host after VRF re-creating from Need Triage to In Progress on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po added a project to T4191: Lost access to host after VRF re-creating: VyOS 1.3 Equuleus ( 1.3.1).
c-po moved T4191: Lost access to host after VRF re-creating from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4218: firewall: rule name is not allowed to start with a number from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4225: Performance degration with latest rolling release from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4220: Commit broke dhclient 78b247b724f74bdabab0706aaa7f5b00e5809bc1 from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4226: VRRP transition-script does not work for groups name which contains -(minus) sign from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4223: policy route cannot have several entries with the same table from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4242: ethernet speed/duplex can never be switched back to auto/auto from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4204: Update Accel-PPP to a newer revision from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
c-po moved T4242: ethernet speed/duplex can never be switched back to auto/auto from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.