In this case we can use the next solution:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Oct 16 2023
Still fails:
Oct 15 2023
Looks like this issue may actually be resolved now.
cf. T5027: the commit for this task necessarily removed the fix there, leading to failing of the same two tests. A fix is to specify a specific encryption cipher within test_openvpn_options and test_openvpn_site2site_interfaces_tun to avoid openvpn defaulting to bf.
Oct 14 2023
I was also affected by this issue. I could only update to 1.5-rolling-202309280022. Updates to more recent versions had the effect that after login I coudn't manage VyOS as I only had a standard linux bash.
Did you test it in vrf? Is it really works as expected?
@JeffWDH I am happy to download, build and test when you're ready if you point me to the right version(s)/location(s). I'm also very new to this but I managed to Build Equuleus in a docker container which has been working ok. Appreciate your efforts.
I've updated this to default to no ASCII art as I think it's cleaner, but added an option to show it if you want to see it:
Wow - you guys work quickly! 👍
I think it should be included, its often used during generation in Debian among other distros.
I wonder if we need the ASCII art though or not the plain fingerprints only (first line of the command)
Oct 13 2023
Implementation complete
Implementation complete
Implementation complete
Implementation complete
Implementation complete
Implementation complete
Implementation complete
$ show ssh fingerprints SSH server public key fingerprints:
OpenVPN cannot pass the smoketest
DEBUG - ====================================================================== DEBUG - FAIL: test_openvpn_options (__main__.TestInterfacesOpenVPN.test_openvpn_options) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 525, in test_openvpn_options DEBUG - self.assertNotEqual(cur_pid, new_pid) DEBUG - AssertionError: None == None DEBUG - DEBUG - ====================================================================== DEBUG - FAIL: test_openvpn_site2site_interfaces_tun (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_interfaces_tun) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 601, in test_openvpn_site2site_interfaces_tun DEBUG - self.assertTrue(process_named_running(PROCESS_NAME)) DEBUG - AssertionError: None is not true
I had a similar issue going from 1.5-rolling-202309250022 to 1.5-rolling-202310090023.
Oct 12 2023
Then this task can be set to closed and invalid :-)
PR updated: https://github.com/vyos/vyos-build/pull/435
If you don't use the firewall (statefully at least) then it will go through the FW_CONNTRACK chain and the NAT_CONNTRACK and/or WLB_CONNTRACK chains will be reached, or fall through to the notrack.
But the NAT_CONNTRACK and WLB_CONNTRACK chains are never evaluted because FW_CONNTRACK always set action to accept?
This should fix the problem: https://github.com/vyos/vyos-1x/pull/2361
That is how the conntrack enabling system works. FW_CONNTRACK verdict is set to accept when it is determined the firewall needs conntracking (state rules, flowtable etc.), same for NAT_/WLB_ chains. If none require conntrack - all chains will be return and it falls down the chain to the final notrack and conntrack is not enabled.
An additional "nice to have" would be a hook that runs on route state change.
Examples:
set protocols failover route 0.0.0.0/0 next-hop 100.100.100.1 hook '/config/scripts/failover-hook-100.100.100.1'