@ddominet the correct syntax
set protocols bgp neighbor 192.0.2.11 address-family ipv6-unicast allowas-in number 1
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Wed, May 17
Wed, May 17
Viacheslav changed the subtype of T5227: mDNS reflector should allow additional domains to browse and allow filtering services from "Task" to "Feature Request".
indrajitr changed the status of T5226: Deduplicate and standardize validators and constraints for hostname and IP address from Open to In progress.
Tue, May 16
Tue, May 16
I've managed to adapt Alpine Linux patches to build Debian 11 StrongSwan 5.9.1 package, feel free to use it {F3756015}
In T3655#148609, @bbabich wrote:In T3655#131502, @Viacheslav wrote:I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth1 address '192.0.2.1/24' set interfaces ethernet eth1 vrf 'foo' set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo' set system conntrack set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0' set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default' set vrf name foo table '1010'Nftables
[email protected]:/home/vyos# cat nat.nft flush ruleset table ip filter { flowtable fastnat { hook ingress priority filter devices = { eth0, eth1 } } chain forward { type filter hook forward priority filter; policy accept; ip protocol { tcp, udp } flow add @fastnat } } table ip nat { chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; ip saddr 192.0.2.0/24 oif "eth0" snat to 192.168.122.14 persistent } chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } }Conntrack table
[email protected]:~$ sudo conntrack -F conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. [email protected]:~$ [email protected]:~$ sudo conntrack -L tcp 6 431999 ESTABLISHED src=192.168.122.14 dst=192.168.122.1 sport=22 dport=44462 src=192.168.122.1 dst=192.168.122.14 sport=44462 dport=22 [ASSURED] mark=0 use=1 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33018 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33018 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=37517 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=37517 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=59794 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=59794 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39288 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39288 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39616 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39616 [OFFLOAD] mark=0 use=2 icmp 1 29 src=192.0.2.2 dst=1.1.1.1 type=8 code=0 id=12387 src=1.1.1.1 dst=192.168.122.14 type=0 code=0 id=12387 mark=0 use=1 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=41155 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=41155 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39829 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39829 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33655 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33655 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=44835 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=44835 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=40213 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=40213 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33729 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33729 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=48344 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=48344 [OFFLOAD] mark=0 use=2 conntrack v1.4.6 (conntrack-tools): 14 flow entries have been shown. [email protected]:~$This works for me too on current rolling releases from Jan-2023 to now.
indrajitr changed the status of T5144: Modernize dynamic dns operation from Needs testing to In progress.
Mon, May 15
Mon, May 15
I reproduced the problem.
I received the next logs
Viacheslav changed the status of T5197: Conntrack-sync external cache commit error from Open to Needs testing.
Version 1.4-rolling-202305150317 does not have the problem.
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
This can be closed now. I've submitted a Documentation PR
Sun, May 14
Sun, May 14
Fixing that causes this to also be logged. We should probably stop the socket too
[email protected]# commit [ system syslog ] DEBUG/COMMAND returned (err): Warning: Stopping syslog.service, but it can still be activated by: syslog.socket DEBUG/COMMAND cmd 'systemctl stop syslog.service'
Sat, May 13
Sat, May 13
Fri, May 12
Fri, May 12
We should make the ssl-bind ciphers and ssl-bind-options configurable (<multi/> node) by the user
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
Viacheslav updated the task description for T5222: Add load-balancing reverse-proxy based on haproxy .
In T3655#131502, @Viacheslav wrote:I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth1 address '192.0.2.1/24' set interfaces ethernet eth1 vrf 'foo' set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo' set system conntrack set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0' set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default' set vrf name foo table '1010'Nftables
[email protected]:/home/vyos# cat nat.nft flush ruleset table ip filter { flowtable fastnat { hook ingress priority filter devices = { eth0, eth1 } } chain forward { type filter hook forward priority filter; policy accept; ip protocol { tcp, udp } flow add @fastnat } } table ip nat { chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; ip saddr 192.0.2.0/24 oif "eth0" snat to 192.168.122.14 persistent } chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } }Conntrack table
[email protected]:~$ sudo conntrack -F conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. [email protected]:~$ [email protected]:~$ sudo conntrack -L tcp 6 431999 ESTABLISHED src=192.168.122.14 dst=192.168.122.1 sport=22 dport=44462 src=192.168.122.1 dst=192.168.122.14 sport=44462 dport=22 [ASSURED] mark=0 use=1 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33018 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33018 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=37517 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=37517 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=59794 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=59794 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39288 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39288 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39616 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39616 [OFFLOAD] mark=0 use=2 icmp 1 29 src=192.0.2.2 dst=1.1.1.1 type=8 code=0 id=12387 src=1.1.1.1 dst=192.168.122.14 type=0 code=0 id=12387 mark=0 use=1 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=41155 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=41155 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=39829 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39829 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33655 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33655 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=44835 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=44835 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=40213 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=40213 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=33729 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33729 [OFFLOAD] mark=0 use=2 udp 17 src=192.0.2.2 dst=1.1.1.1 sport=48344 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=48344 [OFFLOAD] mark=0 use=2 conntrack v1.4.6 (conntrack-tools): 14 flow entries have been shown. [email protected]:~$
Viacheslav changed the status of T5221: BGP as-override behavior differs from new FRR and other vendors from In progress to Needs testing.
Viacheslav edited projects for T5221: BGP as-override behavior differs from new FRR and other vendors, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Viacheslav renamed T5222: Add load-balancing reverse-proxy based on haproxy from Add loadbalancing based on haproxy to Add load-balancing based on haproxy .
PR with the fix: https://github.com/vyos/vyos-build/pull/350
zsdc changed the status of T5221: BGP as-override behavior differs from new FRR and other vendors from Open to In progress.
In T5186#148559, @c-po wrote:Reverted Kernel back to 5.4.234 for upcoming 1.3.3. release.
Zen3515 changed the status of T5219: ddclient: Cloudflare doesn't require login from Open to In progress.
I've create a pull request for this task at https://github.com/vyos/vyos-1x/pull/2002
Reverted Kernel back to 5.4.234 for upcoming 1.3.3. release.
c-po closed T2778: Migrate "system syslog" to get_config_dict() to support new features as Resolved.
c-po moved T2778: Migrate "system syslog" to get_config_dict() to support new features from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po closed T2769: Add VRF support for syslog, a subtask of T2778: Migrate "system syslog" to get_config_dict() to support new features, as Resolved.
May 11 2023
May 11 2023
c-po moved T2769: Add VRF support for syslog from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T2769: Add VRF support for syslog from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Backport for 1.3.3 https://github.com/vyos/vyos-1x/pull/2001
Viacheslav edited projects for T5219: ddclient: Cloudflare doesn't require login, added: VyOS 1.4 Sagitta; removed ddclient.
@c-po I guess it should be v5.4.234
In T4362#148361, @masterit wrote:one issue.
the migration scripts don't take into account older load balancing configs.if the test > rule > type > ping isn't explicitly set then the rule defaults to the next hop address and ignores the rule entirely.
the default rule seems to be the next hop address for the interface.
Viacheslav added a comment to T5171: Use XML for conf-mode "load-balancing wan" instead of legacy templates.
set default check type ping https://github.com/vyos/vyos-1x/pull/1998
Zen3515 added a comment to T4983: `shutdown_required` should be set when running command `connect interface wwan0`.
This issue was tested in two version which are
1.4-rolling-202212080318
1.4-rolling-202209130217
Viacheslav changed the status of T5213: Accel-ppp sending accounting interim updates acct-interim-interval option from In progress to Needs testing.
Veth is not ready to work together with netns
As Interface moves entirely to logical stack and with the next commit will be recreated and try to move to netns again. As it doesn't see veth interface which moved to another logical stack, it tryes to recreate this interface.
We should either fix it or revert the previous commit.
May 10 2023
May 10 2023
jestabro added a parent task for T5218: Revise vyos xml lib for bug fixes and extensions: T2665: vyos.xml.defaults for tag nodes.
PR:
https://github.com/vyos/vyos-1x/pull/1997
This will remain in draft until corresponding PR fro vyos1x-config is merged.
jestabro changed the status of T5218: Revise vyos xml lib for bug fixes and extensions from Open to In progress.
syncer changed the status of T3829: Support separated TCP/IP stack via "ip netns" from Open to In progress.
Add kernel module https://github.com/vyos/vyos-build/pull/348
Viacheslav added a comment to T5213: Accel-ppp sending accounting interim updates acct-interim-interval option.
PR for L2TP https://github.com/vyos/vyos-1x/pull/1988
Not working. The same errors
May 9 2023
May 9 2023
c-po changed the status of T2778: Migrate "system syslog" to get_config_dict() to support new features from In progress to Needs testing.
c-po reopened T2769: Add VRF support for syslog, a subtask of T2778: Migrate "system syslog" to get_config_dict() to support new features, as Backport candidate.
c-po closed T2769: Add VRF support for syslog, a subtask of T2778: Migrate "system syslog" to get_config_dict() to support new features, as Resolved.
one issue.
the migration scripts don't take into account older load balancing configs.
Viacheslav changed the status of T5209: dhclient load-balancing exit hook 04-dhcp-wanlb returned non-zero exit status from Open to In progress.
Viacheslav closed T5202: After removal load-balancing a pid remained which used in dhclient-exit-hooks as Resolved.
Fixed with rewriting to systemd unit vyos-wan-load-balance.service
Viacheslav added a comment to T5213: Accel-ppp sending accounting interim updates acct-interim-interval option.
In T5213#148346, @joshua.hanley wrote:@Viacheslav Thanks for the prompt response. Not sure if the change will also cover L2TP as well. For example:
set vpn l2tp remote-access authentication radius accounting-interim-interval '60'
Viacheslav reopened T5203: load-balancing wan add systemd unit instead of old vyatta-wanloadbalance.init, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Needs testing.
Viacheslav reopened T5203: load-balancing wan add systemd unit instead of old vyatta-wanloadbalance.init as "Needs testing".
Sometimes it stuck for ~1.5 minutes after deleting.
[email protected]# delete load-balancing [edit] [email protected]# commit
joshua.hanley updated subscribers of T5213: Accel-ppp sending accounting interim updates acct-interim-interval option.
@Viacheslav Thanks for the prompt response. Not sure if the change will also cover L2TP as well. For example:
Viacheslav added a comment to T5213: Accel-ppp sending accounting interim updates acct-interim-interval option.
PR https://github.com/vyos/vyos-1x/pull/1986
set service pppoe-server authentication mode 'radius' set service pppoe-server authentication radius accounting-interim-interval '60' set service pppoe-server authentication radius server 203.0.113.1 key '123' set service pppoe-server client-ip-pool name POOL-01 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL-01 subnet '192.0.2.0/24' set service pppoe-server interface eth1
Viacheslav changed the status of T5214: PPPoE-server incorrect warning if a named pool is defined from Open to In progress.
Viacheslav renamed T5213: Accel-ppp sending accounting interim updates acct-interim-interval option from Sending accounting interim updates to Accel-ppp sending accounting interim updates acct-interim-interval option.
Viacheslav changed the status of T5213: Accel-ppp sending accounting interim updates acct-interim-interval option from Open to In progress.
In T5186#148294, @rh7819 wrote:this is cause by
tcindex classifier is removed by upstream kernel, so
08:04:48 DEBUG - filter add dev eth1 parent 11: protocol ip prio 1 handle 128 tcindex classid 11:a
fails.
joshua.hanley updated the task description for T5213: Accel-ppp sending accounting interim updates acct-interim-interval option.