@marekm Did you set a proper listen to address for it?
set system ntp listen-address x.x.x.x
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jul 1 2022
Jul 1 2022
Viacheslav added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
GitHub <noreply@github.com> committed rVYOSONEX196aaf47a71b: Merge pull request #1380 from sarthurdev/ovpn-multi-ca (authored by c-po).
c-po closed T2455: No support for the IPv6 VTI, a subtask of T2353: Interface [conf_mode] errors parent task, as Resolved.
Also add IPv6 link local address support to auto generate a link-local address as on any other type of interface.
With recent versions of strongSwan and XFRM interface in VyOS 1.4 this is now possible.
c-po changed the status of T2455: No support for the IPv6 VTI, a subtask of T2353: Interface [conf_mode] errors parent task, from Open to In progress.
Jun 30 2022
Jun 30 2022
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
In T1641#125443, @Viacheslav wrote:@trae32566 Extentd conntrack table and reduce timeouts:
for example
There is no dict if exists only one record in the https://github.com/vyos/vyos-1x/blob/cefc7ce9bfcf7750700e73edbc21864fe8ab0bee/src/op_mode/show_nat_translations.py#L103-L110
So it can't parse correctly
Unknown Object (User) added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.
Maybe it depends on the version of accel-ppp.
In 1.2.8:
Viacheslav added a comment to T4313: "generate public-key-command" throws unhandled exceptions when it cannot retrieve the key.
Cherry-pick for 1.3 https://github.com/vyos/vyos-1x/pull/1381
In T2455#68732, @dmbaturin wrote:VTI is secretly IPIP, so it doesn't support IPv6. The real issue is that we don't support the IPv6 variant of VTI yet.
Viacheslav added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
@trae32566 Extentd conntrack table and reduce timeouts:
for example
set system sysctl parameter net.netfilter.nf_conntrack_generic_timeout value 60 set system sysctl parameter net.netfilter.nf_conntrack_icmp_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_icmpv6_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_close_wait value 20 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_established value 1800 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_fin_wait value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_recv value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_sent value 60 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_time_wait value 120 set system sysctl parameter net.netfilter.nf_conntrack_udp_timeout_stream value 60
Viacheslav changed the status of T4498: bridge: Add option to enable/disable IGMP/MLD snooping from Open to Needs testing.
@Viacheslav There is already a set interfaces bridge brN igmp node. If the default option is enabled, I think set interfaces bridge brN igmp disable-snooping would sound better.
I prefer to have IGMP snooping disabled as the default option, since improper IGMP snooping causes issues while disabling IGMP snooping doesn't.
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
This seems to be an issue in 1.4 as well, I have the exact same symptoms, and removing the accept-protocol fixes the issue.
Jun 29 2022
Jun 29 2022
Implemented as: set service router-advert interface eth0 name-server-lifetime <value> which will be option A
PR https://github.com/vyos/vyos-1x/pull/1379 (without completion help)
Because with a rule like that I accept everything coming from nl from wan to lan, or I would need to add the source nl to every rule. That's why I did it with a deny not coming from nl on top, and then specific rules for the traffic that I want to accept.
jestabro closed T4491: Use empty string for internal name of root node of config_tree, a subtask of T4235: Add config tree diff algorithm, as Unknown Status.
jestabro closed T4491: Use empty string for internal name of root node of config_tree as Unknown Status.
GitHub <noreply@github.com> committed rVYOSONEXfba14cd5f498: Merge pull request #1378 from vfreex/add-igmp-snooping-option (authored by c-po).
Viacheslav changed the subtype of T4493: Incorrect help for "show bgp neighbors" from "Task" to "Bug".
Viacheslav changed the subtype of T4496: ping vrf help does not list VRFs from "Task" to "Feature Request".
If the default option is enabled or 1
Maybe it makes sense to create disable option like:
set interfaces bridge br0 ip disable-multicast-snooping
PR to add the option: https://github.com/vyos/vyos-1x/pull/1378
aderouineau triaged T4492: Incorrect list of neighbors in help for "show bgp vrf VRF neighbors" as Normal priority.
Jun 28 2022
Jun 28 2022
jestabro renamed T4491: Use empty string for internal name of root node of config_tree from Use empty string for internal name of root of config_tree to Use empty string for internal name of root node of config_tree.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py, a subtask of T4235: Add config tree diff algorithm, from Open to On hold.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py, a subtask of T4316: Update save-config/load-config, from Open to On hold.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py from Open to On hold.
jestabro updated the task description for T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py.
jestabro changed the status of T4491: Use empty string for internal name of root node of config_tree from Open to In progress.
Viacheslav lowered the priority of T4232: VyOS 1.2 traffic-policy shaper match interface not working from High to Normal.
It is not related to a router bug/feature
Close it
GitHub <noreply@github.com> committed rVYOSONEX2e8fdce2a947: Merge pull request #1376 from sever-sever/T4473 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXd1ff009703bb: Merge pull request #1377 from sever-sever/T4486 (authored by c-po).
Did you try dns forwarding domain?
set service dns forwarding domain abc.local server 192.0.2.5
Viacheslav changed the status of T4475: route-map does not support ipv6 peer from In progress to Needs testing.
Task for rewriting wan-loadbalancing to XML/Python T4470
fernando added a comment to T4490: BGP- warning message that AFI/SAFI is needed to establish the neighborship.
@Viacheslav thanks
Viacheslav changed the status of T4473: Use container network without network declaration error from Open to In progress.
fernando changed the status of T4490: BGP- warning message that AFI/SAFI is needed to establish the neighborship from Open to In progress.
Viacheslav added a project to T4489: MPLS sysctl not persistent for tunnel interfaces: VyOS 1.3 Equuleus (1.3.2).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1375
Viacheslav moved T4429: Ability to detect external IP address from op-mode from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T4429: Ability to detect external IP address from op-mode: VyOS 1.3 Equuleus (1.3.2).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1374
Will be fixed in the next rolling release
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1372
Viacheslav moved T1375: Add clear dhcp server lease function from Open to Finished on the VyOS 1.4 Sagitta board.