In T4362#146398, @Viacheslav wrote:@marc_s Will be fixed in the next rolling release, could you check?
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 5 2023
Apr 5 2023
Viacheslav changed the status of T5146: Show recent login of all users, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX0b0f991a8646: Merge pull request #1928 from c-po/t4959-backport (authored by c-po).
c-po closed T425: AWS CloudWatch monitoring scripts, a subtask of T5129: Add AWS build flavour, as Resolved.
c-po moved T5136: Possible config corruption on upgrade from Backport Candidates to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Viacheslav closed T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.
marc_s added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
Thanks @Viacheslav will test ASAP, next week I have a maintenance window, will let you know.
a.apostoliuk changed the status of T5135: Rewrite opennhrp script using vyos.ipsec library from In progress to Needs testing.
Apr 4 2023
Apr 4 2023
Viacheslav changed the status of T5138: Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID from In progress to Needs testing.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from In progress to Needs testing.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX85b46a6b225c: Merge pull request #1937 from aapostoliuk/T5135-sagitta (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXe520e0841013: Merge pull request #1939 from sever-sever/T5145 (authored by c-po).
PR https://github.com/vyos/vyos-1x/pull/1939
set system login max-login-session '1' set system login timeout '600'
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system , a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T5145: Add maxsyslogins maximum number of all logins on system from Open to In progress.
Is it possible to implement multiple test targets instead of just one?
Bug: unable to rename a failover route:
@Viacheslav Ok!
Harliff awarded T1237: Static Route Path Monitoring, failover a Burninate token.
Harliff awarded T1237: Static Route Path Monitoring, failover a Like token.
Viacheslav updated the task description for T4712: Collaborative Protection Profile cPP for Network Devices root task.
@Harliff It is better to write to this task if you find bugs or propose new features.
So anyone could claim/fix it.
Thanks.
@Viacheslav, where is best place to discuss the feature (ask a question or report a bug)?
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav changed the status of T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events., a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events. from Open to In progress.
Nice feature. I'm testing it now.
Viacheslav changed the status of T5138: Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID from Open to In progress.
@neilmckee Thanks.
If output looks good we can close the task
a.apostoliuk changed the status of T5093: Command 'reset vpn ipsec-profile' doesn't work from In progress to Needs testing.
Viacheslav closed T4362: Wan Load Balancing - Can't create routing tables, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Resolved.
Apr 3 2023
Apr 3 2023
indrajitr changed the status of T5143: Apply constraint on powerdns forward-zones configuration from Open to In progress.
I think one of the problems is that all tables are generated even if there are no rules in it.
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Yes. Packet drops are classed as "event_samples" internally. Definitions for telemetry counters are here:
https://github.com/sflow/host-sflow/blob/v2.0.50-4/src/Linux/hsflowd.h#L460-L486
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs testing.
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables from Open to Needs testing.
@marc_s Will be fixed in the next rolling release, could you check?
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from In progress to Needs testing.
Will be available in the next rolling release.
GitHub <noreply@github.com> committed rVYOSONEX94b65bb3936b: Merge pull request #1932 from sever-sever/T5125 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXbcc9e2092b07: Merge pull request #1934 from sever-sever/T5141 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX95245860277a: Merge pull request #1933 from sever-sever/T5139 (authored by c-po).
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from Open to In progress.
Viacheslav added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
PR https://github.com/vyos/vyos-1x/pull/1933
set vpn ipsec authentication psk MY-PEER id '192.0.2.1' set vpn ipsec authentication psk MY-PEER id '192.0.2.10' set vpn ipsec authentication psk MY-PEER secret 'SeCrEt' set vpn ipsec esp-group ESP proposal 1 set vpn ipsec ike-group IKE key-exchange 'ikev2' set vpn ipsec ike-group IKE lifetime '0' set vpn ipsec ike-group IKE proposal 1 dh-group '14' set vpn ipsec ike-group IKE proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE proposal 1 hash 'sha256' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer MY-PEER authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer MY-PEER ike-group 'IKE' set vpn ipsec site-to-site peer MY-PEER local-address '192.0.2.1' set vpn ipsec site-to-site peer MY-PEER remote-address '192.0.2.10' set vpn ipsec site-to-site peer MY-PEER tunnel 1 esp-group 'ESP' set vpn ipsec site-to-site peer MY-PEER tunnel 1 local prefix '10.0.2.0/25' set vpn ipsec site-to-site peer MY-PEER tunnel 1 remote prefix '10.5.5.0/25'
Expected `no rekeying
vyos@r14:~$ sudo swanctl -L
MY-PEER: IKEv2, no reauthentication, no rekeying, dpd delay 30s
local: 192.0.2.1
remote: 192.0.2.10
local pre-shared key authentication:
remote pre-shared key authentication:
id: %any
MY-PEER-tunnel-1: TUNNEL, rekeying every 3272s, dpd action is none
local: 10.0.2.0/25
remote: 10.5.5.0/25
vyos@r14:~$Viacheslav changed the status of T5139: IKE life-time should start from 0 for disable rekey from Open to In progress.
Viacheslav changed the subtype of T5139: IKE life-time should start from 0 for disable rekey from "Bug" to "Feature Request".
PR https://github.com/vyos/vyos-1x/pull/1932
vyos@r14:~$ show sflow -------------------------- ----------------------------------- Agent address 192.168.122.14 sFlow interfaces ['eth0', 'eth1'] sFlow servers ['192.168.122.1', '192.168.122.11'] Counter samples sent 159 Datagrams sent 949 Packet samples sent 124 Packet samples dropped 0 Packet drops sent 815 Packet drops suppressed 0 Flow samples suppressed 0 Counter samples suppressed 0 -------------------------- ----------------------------------- vyos@r14:~$
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
@lcrockett Add please a new bug report.
It actually already exists: https://vyos.dev/T1981
@PSDev Add please a separate bug report
c-po moved T5136: Possible config corruption on upgrade from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5136: Possible config corruption on upgrade from Open to Finished on the VyOS 1.4 Sagitta board.
PR for VyOS 1.3 https://github.com/vyos/vyatta-cfg-system/pull/199
As mentioned on slack, there are quite a few contenders:
Apr 2 2023
Apr 2 2023
Harliff added a comment to T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.
I can confirm this bug in rolling 1.3-2023-03-30.
I created a PR based on the changes from the OSPF PR: https://github.com/vyos/vyos-1x/pull/1931
https://vyos.dev/T5085 did the changes for OSPF, but we need this for BGP too
We actually need the same for BGP...
c-po closed T5134: Try if netavark networks can be moved to a VRF instance, a subtask of T5082: container: switch to netavark network stack, as Resolved.