set netns name mgmt
set interfaces virtual-ethernet veth1 address '10.0.0.0/31'
set interfaces virtual-ethernet veth1 peer-name 'veth10'
set interfaces virtual-ethernet veth10 address '10.0.0.1/31'
set interfaces virtual-ethernet veth10 netns 'mgmt'
set interfaces virtual-ethernet veth10 peer-name 'veth1'
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 20 2023
Sep 20 2023
dmbaturin closed T5271: Add support for peer-fingerprint to OpenVPN, a subtask of T5269: OpenVPN non-TLS site-to-site mode deprecation, as Resolved.
Viacheslav moved T5241: Support veth interfaces to working with netns from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved T5241: Support veth interfaces to working with netns from Finished to Backlog on the VyOS 1.4 Sagitta board.
Viacheslav closed T5238: interface virtual-etherne - error when it doesn't use a peer , a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
Viacheslav closed T5241: Support veth interfaces to working with netns, a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
PR https://github.com/vyos/vyos-1x/pull/2295
set system sysctl parameter net.ipv4.tcp_syncookies value '1' set system sysctl parameter net.ipv4.tcp_timestamps value '1'
dmbaturin updated the task description for T5605: Do not generate keysize option in OpenVPN configs.
Viacheslav changed the status of T5602: For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration from Open to In progress.
Viacheslav renamed T5599: Firewall unexpectedly changes some sysctl options from Firwall unexpectedly changes some sysctl options to Firewall unexpectedly changes some sysctl options.
Viacheslav changed the status of T4502: Consider implementing (NAT/other) flow table offload from Open to Needs testing.
You do not use port 80/443, so it does not have HTTP-HEADER (in theory).
service LB_port_451 {
listen-address 10.1.1.1
mode tcp
port 451Try to change to port 80 and check if it works.
You need another solution/configuration
GitHub <[email protected]> committed rVYOSONEXb52cf1b7b3bc: Merge pull request #2293 from sarthurdev/conntrack_flowtable (authored by c-po).
Sep 19 2023
Sep 19 2023
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Some highly unscientific tests (only did 3 reboots of each to rule out that any uncached data at the host would affect the result since I run this in a VM through VirtualBox 7.0) shows a difference of up to 2.1% improvment when having a config with 200 static routes.
Parent task is completed - Bugs will get their own subtask and linked to this parent if possible.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Finished to In Progress on the VyOS 1.5 Circinus board.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Finished to In Progress on the VyOS 1.4 Sagitta board.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Open to Finished on the VyOS 1.5 Circinus board.
c-po added a project to T5239: Host name and domain name missing from the FRR configuration: VyOS 1.5 Circinus.
This should fix the hostname issue reported to BGP neighbors: https://github.com/vyos/vyos-1x/pull/2289
c-po moved T5596: bgp: add new features from FRR 9 from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T5588: Add kernel conntrack_bridge module from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5596: bgp: add new features from FRR 9 from Open to Finished on the VyOS 1.4 Sagitta board.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXe8581998c2bf: init: T5239: configure system hostname prior to FRR startup (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXbdb00d1c781f: utils: T5239: add low-level read from config.boot (authored by jestabro).
c-po committed rVYOSONEX56d3f75de487: utils: T5239: add low-level read from config.boot (authored by jestabro).
GitHub <[email protected]> committed rVYOSONEX483482f16133: Merge pull request #2289 from c-po/t5239-frr (authored by c-po).
In T4502#160404, @Apachez wrote:Perhaps a possible way to detect if the nic supports hardware flowtables or not.
Try to set sudo ethtool -K eth0 hw-tc-offload on.
If the result becomes:
Actual changes: hw-tc-offload: off [requested on] Could not change any device featuresThen it doesnt support hardware flowtables.
Could also verify by reading the capability like so:
$ ethtool -k eth0 | grep hw-tc-offload hw-tc-offload: off [fixed]
Perhaps a possible way to detect if the nic supports hardware flowtables or not.
n.fort renamed T5600: Firewall - Remove or extend constraint on 'interface-name' from Firewall - Remove contraint on 'interface-name' to Firewall - Remove or extend constraint on 'interface-name'.
Some feedback from the #netfilter channel over at libera.chat:
n.fort changed the status of T5600: Firewall - Remove or extend constraint on 'interface-name' from Open to In progress.
GitHub <[email protected]> committed rVYOSONEX78e07ec57102: Merge pull request #2290 from vyos/mergify/bp/sagitta/pr-2285 (authored by dmbaturin).
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
I got some funny results which I hope somebody else (with a faster cpu) are able to verify?
GitHub <[email protected]> committed rVYOSONEXda4006c2a784: Merge pull request #2282 from nicolas-fort/T5594-equuleus (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX42b06ec46f3c: isis: T5597: add new features from FRR 9 (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX7f08523bb7c5: bgp: T5596: add new features from FRR 9 (authored by c-po).
GitHub <[email protected]> committed rVYOSONEXdb53c8e77cd9: Merge pull request #2284 from c-po/t5596-bgp (authored by c-po).
GitHub <[email protected]> committed rVYOSONEXdcdcc18b2097: Merge pull request #2285 from c-po/T5597-isis (authored by c-po).
GitHub <[email protected]> committed rVYOSONEXe570044ff8a8: Merge pull request #2288 from sarthurdev/flowtable (authored by c-po).
GitHub <[email protected]> committed rVYOSONEX89f650f3db2d: Merge pull request #2287 from vyos/mergify/bp/sagitta/pr-2281 (authored by c-po).
Viacheslav updated the task description for T5599: Firewall unexpectedly changes some sysctl options.
syncer changed the subtype of T2612: HTTPS API, changing API key fails but goes through from "Task" to "Bug".
First tests unsecseful
Viacheslav changed the status of T5588: Add kernel conntrack_bridge module from Open to In progress.
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Im guessing that what this task complains about has a huge part of the time it takes to complete smoketests.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX967751b12c98: T5594: vrrp: extend function is_ipv6_tentative to analysis all type of ipv6… (authored by n.fort).
PR updated (again): https://github.com/vyos/vyos-1x/pull/2280
Viacheslav changed the status of T5591: Cleanup of FRR daemons-file and various FRR fixes from Open to In progress.
Viacheslav changed the status of T5590: Firewall "log enable" logs every packet from In progress to Needs testing.
Hello @sdev Sorry to bother you. The issue hasn't been fixed in the recent rolling release: VyOS 1.5-rolling-202309170024
Sep 18 2023
Sep 18 2023
PR updated: https://github.com/vyos/vyos-1x/pull/2280
GitHub <[email protected]> committed rVYOSONEX53999243705b: Merge pull request #2283 from nicolas-fort/T5590-fwall-log (authored by c-po).
GitHub <[email protected]> committed rVYOSONEXcf4759be20c4: Merge pull request #2276 from sarthurdev/conntrack (authored by Viacheslav).
n.fort changed the status of T5590: Firewall "log enable" logs every packet from Confirmed to In progress.
GitHub <[email protected]> committed rVYOSONEX404fc9090629: Merge pull request #2278 from indrajitr/ddclient-cache-fix-smoketest (authored by c-po).
GitHub <[email protected]> committed rVYOSONEX55612d822fe7: Merge pull request #2279 from sever-sever/smoketest (authored by c-po).