It very may well have been. That's not really relevant to this request. The repository is an example. We need the feature regardless of the state of the repository.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 18 2024
Apr 18 2024
Apr 17 2024
Apr 17 2024
I saw such repository more than once, but it seems that it has been abandoned. Last commit is dated two years ago.
Another example on nftables: https://github.com/fullcone-nat-nftables/nftables-1.0.5-with-fullcone
Viacheslav removed a project from T6247: Add CGN "full cone" EIF support per RFC6888 REQ-7: VyOS 1.4 Sagitta.
We do not use iptables and their modules for new features.
Feel free to add PR for nftables or if you know which commands should be for nftables
vyos@test1:~$ sudo cat /run/openvpn/vtun20.status OpenVPN CLIENT LIST Updated,2024-04-17 16:40:05 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END
From initial PR these two feedback points are now implemented. PR has been amended see https://github.com/vyos/vyos-1x/pull/3307
I think I might've found the cause of this issue: the vni is unset from all VRFs when making changes. I posted a message about this on Slack (and about another, fairly similar, issue) on Slack about this.
dex added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
Just checked with the current rolling release 1.5-rolling-202404141045. After committing set high-availability disable, keepalived is successfully stopped and the logs show that the transition script seems to be executed:
thank you very much for your analysis. I am still wondering, why it breaks with adding the vrf and why it works before.
Also, why it starts to work again, after rebooting when removing the vrf again (but not before rebooting)
Viacheslav changed the status of T6246: Add support for server health checks to reverse proxy from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX85f055ba5d76: Merge pull request #3323 from vyos/mergify/bp/sagitta/pr-3192 (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEX0b9d2c64103a: Merge pull request #3324 from vyos/mergify/bp/sagitta/pr-3320 (authored by dmbaturin).
Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.
It is not related to VRF at all and is related to the policy routing logic:
Reproduced even on 1.3.2
set interfaces ethernet eth1 address '192.168.122.14/24'
n.fort changed the status of T5535: Move disable-directed-broadcast to firewall global-options from Confirmed to Needs testing.
n.fort changed the status of T6191: Policy route set-mss option is not working correctly from Confirmed to Needs testing.
Viacheslav triaged T6237: IPSec remote access VPN: ability to set EAP ID of clients as Wishlist priority.
indrajitr closed T5612: Miscellaneous improvements and fixes for dynamic DNS configuration as Resolved.
indrajitr closed T5723: mdns repeater: Always reload systemd daemon before applying changes as Resolved.
indrajitr closed T5966: Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments as Resolved.
Updates have been applied on 1.4 and 1.5.
This can probably be closed.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX292f4b8efe2a: T6191: do not append action to firewall and policy route|route6 when its not… (authored by n.fort).
GitHub <noreply@github.com> committed rVYOSONEX24c997dee169: Merge pull request #3320 from nicolas-fort/T6191 (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX9f62c3082429: image-tools: T6168: compat mode update should preserve console type (authored by jestabro).
jestabro closed T6154: Installer should ask for password twice, a subtask of T4516: Rewrite system image manipulation tools in Python, as Resolved.
jestabro moved T6154: Installer should ask for password twice from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
GitHub <noreply@github.com> committed rVYOSONEX06a08f61abb9: Merge pull request #3322 from vyos/mergify/bp/sagitta/pr-3321 (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXabfd62665359: image-tools: T6154: installer prompts to confirm a non-default passwd (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEXce7023bea759: Merge pull request #3321 from jestabro/confirm-pass (authored by jestabro).
Apr 16 2024
Apr 16 2024
I decided to dig into this a little more and try to trace this out:
sudo nft add chain inet vrf_zones trace_chain { type filter hook prerouting priority -301\; }
sudo nft add rule inet vrf_zones trace_chain meta nftrace set 1@dmbaturin, @sever
Would love your input regarding the lack of headers when using the -c option. I've created a PoC around "chronyc -c activity" as it was the most straight forward command to start with.
Viacheslav changed the status of T6242: Add an option to disable certificate verification to reverse proxy from Open to Needs testing.
@dmbaturin , @Viacheslav - I use debian snapshot repository when building VyOS LTS on my own.
side note, if you flush ruleset, and only add:
Something I just figured out is that the minute I do:
jestabro moved T6243: Update vyos-http-api-tools for package idna security advisory from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
jestabro moved T6243: Update vyos-http-api-tools for package idna security advisory from Open to Finished on the VyOS 1.5 Circinus board.
n.fort changed Version from 1.4.0-epa2 to 1.4.0-epa2, 1.5-rolling-202404141045 on T6191: Policy route set-mss option is not working correctly.
n.fort changed the status of T6191: Policy route set-mss option is not working correctly from Open to Confirmed.
The regression causing 'image cannot be found" was fixed in https://vyos.dev/T6186.
jestabro removed a parent task for T5917: Restore annotations of (running)/(default boot) in select image list: T6022: set system image default-boot.
GitHub <noreply@github.com> committed rVYOSONEX41663efaba26: Merge pull request #3317 from natali-rs1985/T6141-equuleus (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX8f778f989d8f: Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX5a481813c059: Merge pull request #3319 from vyos/mergify/bp/sagitta/pr-3313 (authored by c-po).
Viacheslav changed the status of T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from In progress to Needs testing.
jestabro triaged T6243: Update vyos-http-api-tools for package idna security advisory as Normal priority.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX6cace2df99c7: T5722: Failover route add option onlink (authored by Viacheslav).
GitHub <noreply@github.com> committed rVYOSONEX6825873bd1e8: Merge pull request #3313 from sever-sever/T5722 (authored by dmbaturin).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXdeb92e466110: T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify… (authored by Embezzle).
GitHub <noreply@github.com> committed rVYOSONEXc0eec365e2e3: Merge pull request #3315 from Embezzle/T6242 (authored by dmbaturin).
Status update:
- "Like for like" functionality between .sh script and .py script is complete and working (can be viewed in PR)
- Raw output capability -> in progress
Giggum added a comment to T6099: Suppress unsupported interfaces from appearing in messages log by Telegraf .
@Viacheslav concur that it looks to be resolved. The last log entry was at 9:10 and nothing telegraph-related has been logged in almost 30 minutes since. I will close ticket. Thank your help and insight.
Viacheslav changed the status of T6123: Limit NTP allow-client config to internal addresses by default from Open to Needs testing.
Viacheslav changed the status of T4915: Minisign verification failure == pass?? from Needs testing to Needs reporter action.
We'll close it if no response
Viacheslav edited projects for T4982: OpenConnect should have TLS 1.0 and TLS 1.1 disabled by default, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.0-epa3), Restricted Project.
Viacheslav closed T5946: TASK [setup-root-partition : Create a fileystem on EFI partition] failing in Docker as Wontfix.
A docker container usually has issues with loop devices:
Use the VM or attach dev
HollyGurza changed the status of T4248: There isn't a way to remove the only rule from the (traffic-policy) class. from Open to In progress.
Apr 15 2024
Apr 15 2024
Embezzle added a comment to T6242: Add an option to disable certificate verification to reverse proxy.
GitHub <noreply@github.com> committed rVYOSONEXd8bca084a1f0: Merge pull request #3310 from vyos/mergify/bp/sagitta/pr-3309 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX131bb134ec7f: Merge pull request #3314 from vyos/mergify/bp/sagitta/pr-3311 (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXc976d71110df: pki: T6241: Fix dependency updates on PKI changes (authored by sarthurdev).