@Apachez, there is no easy way to fix anything related to sysctl, until one component depends on another.
Especially, for example, if we have to deal with "dynamic" interfaces.
Globally, this task is still open and could contain subtasks.
Thanks!
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 25 2024
Apr 25 2024
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX7824097396ca: T6263: Groups 224.0.0.0/24 are reserved and cannot be joined (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEXaa15f74818ca: Merge pull request #3363 from sever-sever/T6263 (authored by c-po).
Viacheslav changed the status of T840: VRRP V3 backup router sending ND RA from Open to Needs testing.
Viacheslav updated subscribers of T6266: Firewall flowtable ability to set timeout for TCP and UDP flow.
In T6266#184977, @sarthurdev wrote:Possibly would make sense for CLI to fall under firewall global-options?
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX8c5c3bc48f76: qos: T4248: Allow to remove the only rule from the qos class (authored by khramshinr <[email protected]>).
khramshinr <[email protected]> committed rVYOSONEXda40bd2b2a82: qos: T4248: Allow to remove the only rule from the qos class.
GitHub <[email protected]> committed rVYOSONEXb8c5c0c3b74f: Merge pull request #3316 from HollyGurza/T4248 (authored by dmbaturin).
Note that "base_reachable_time_ms" is still valid while "base_reachable_time" is obsolete.
jestabro changed the status of T6206: L2tp smoketest fails if vyos-configd is running from Resolved to Unknown Status.
jestabro closed T5660: Remove redundant calls to config dependency scripts, a subtask of T4820: Support for inter-config-mode script dependencies, as Unknown Status.
jestabro closed T5660: Remove redundant calls to config dependency scripts, a subtask of T5644: Firewall groups deletion can break config, as Unknown Status.
jestabro closed T5839: Remove trivial redundancies in calls to config dependency scripts, a subtask of T5660: Remove redundant calls to config dependency scripts, as Unknown Status.
jestabro closed T5839: Remove trivial redundancies in calls to config dependency scripts as Unknown Status.
sarthurdev moved T6241: Updating CRL in "pki" config does not update OpenVPN from Open to In Progress on the VyOS 1.5 Circinus board.
sarthurdev moved T6241: Updating CRL in "pki" config does not update OpenVPN from Need Triage to In Progress on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
marekm added a comment to T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error.
OK, so where can I find the source (without the artwork) with the necessary patches and working build scripts (to build from the LTS, not rolling branch - just to be clear)? No problem to use my own CPU cycles and bandwidth and disk space, I can wait longer for the build to finish, sometimes (on sunny days) I even have some free electricity :) - in fact I would even prefer to build the binaries myself (of any packages not directly copied from Debian) rather than trust an external repo. And no problem, you've just got the 868th star from me, I simply didn't know this is something that matters. I have never distributed the LTS images to third parties, just using them internally. Yes, for some small scale production use (single-person business, running a very small local ISP for a few hundreds of customers) as a BGP router and PPPoE server (the latter replacing MikroTik because of their unfinished IPv6 support), not big enough to be able to afford a subscription.
sarthurdev added a comment to T6266: Firewall flowtable ability to set timeout for TCP and UDP flow.
Possibly would make sense for CLI to fall under firewall global-options?
Viacheslav updated the task description for T6265: Firewall flowtable should allow ethernet only interfaces.
syncer changed the status of T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error from Invalid to Wontfix.
When we say build from the source, we mean build from the source
see https://blog.vyos.io/community-contributors-userbase-and-lts-builds
Viacheslav closed T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error as Invalid.
Stay tuned; check our blog post.
SrividyaA triaged T6267: Improve commit failure messages for wireless interface configuration as Normal priority.
Viacheslav changed the subtype of T6265: Firewall flowtable should allow ethernet only interfaces from "Task" to "Enhancement".
Viacheslav updated the task description for T6265: Firewall flowtable should allow ethernet only interfaces.
Viacheslav triaged T6266: Firewall flowtable ability to set timeout for TCP and UDP flow as Wishlist priority.
Allowing only ethernet interface task https://vyos.dev/T6265
After adding check, this task can be closed
Viacheslav triaged T6265: Firewall flowtable should allow ethernet only interfaces as Normal priority.
marekm added a comment to T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error.
Sorry about the priority, but it may be quite serious for those who will lose access due to end of program "images for donations" on May 1, and would like to be able to build stable images from source.
Will be available in the next rolling release.
syncer lowered the priority of T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error from Urgent! to Normal.
Unfortunately not yet resolved for 1.4 - now reported separately here https://vyos.dev/T6264
marekm triaged T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error as Urgent! priority.
Viacheslav changed the status of T6263: Commit failures when trying to set an IGMP group with source address on an interface from Open to In progress.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXec94901d7c87: T6258: Add sysctl base-reachable-time for IPv6 (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEX13af058504c6: Merge pull request #3361 from sever-sever/T6258 (authored by dmbaturin).
Viacheslav added a comment to T6263: Commit failures when trying to set an IGMP group with source address on an interface.
The group 224.0.0.0/24 is reserved
r4(config)# interface eth2 r4(config-if)# ip igmp join 224.0.0.0 224.0.0.10 % Configuration failed.
PR https://github.com/vyos/vyos-1x/pull/3361
vyos@r4# set interfaces ethernet eth2 ipv6 base-reachable-time 28 [edit] vyos@r4# commit [edit] vyos@r4# [edit] vyos@r4# sudo sysctl net.ipv6.neigh.eth2.base_reachable_time_ms net.ipv6.neigh.eth2.base_reachable_time_ms = 28000 [edit] vyos@r4# vyos@r4# cat /proc/sys/net/ipv6/neigh/eth2/base_reachable_time_ms 28000 [edit] vyos@r4#
syncer lowered the priority of T6117: Bug in cloud-init when MTU in network_data.json is set to 'null' from High to Normal.
Viacheslav moved T5833: Not all AFIs are compatible with VRF from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
In T6258#184876, @canoziia wrote:
In T6258#184875, @Viacheslav wrote:This sysctl option is deprecated
DEPRECATED PARAMETERS top The base_reachable_time and retrans_time are deprecated. The sysctl command does not allow changing values of these parameters. Users who insist to use deprecated kernel interfaces should push values to /proc file system by other means. For example: echo 256 > /proc/sys/net/ipv6/neigh/eth0/base_reachable_timeI propose to add new option under interface
set interfaces ethernet eth1 ip[v6] base-reachable-time xxx
This sysctl option is deprecated https://man7.org/linux/man-pages/man8/sysctl.8.html
DEPRECATED PARAMETERS top
Hi everyone, I think I found the simplest configuration that can reproduce this problem. If we set up firewall and use this command(set system sysctl parameter net.ipv6.neigh.eth3/2) in configuration at the same time, an error message will show when startup.
This is an example
set firewall set interfaces ethernet eth0 address 'xxx.xxx.184.32/24' set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:50' set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:ba' set interfaces ethernet eth1 vif 2 set interfaces loopback lo set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.184.1 set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0' set service ntp allow-client xxxxxx '::/0' set service ntp server xxxxx.tld set service ntp server xxxxx.tld set service ntp server xxxxx.tld set service ssh set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '115200' set system host-name xxxxxx set system login user xxxxxx authentication encrypted-password xxxxxx set system sysctl parameter net.ipv6.neigh.eth1/2.base_reachable_time_ms value '14400000' set system syslog global facility all level 'info' set system syslog global facility local7 level 'debug'
If delete the first line (set firewall), system will start normally without error message.
Apr 24 2024
Apr 24 2024
Meanwhile, trying to build 1.4 fails for a different reason - Debian 12 (bookworm) is still where it was, but sagitta-packages.vyos.net gives a 403 error:
GitHub <[email protected]> committed rVYOSONEX018b940f685b: Merge pull request #3360 from vyos/mergify/bp/sagitta/pr-3359 (authored by dmbaturin).
So most likely we will have to find another implementation.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX9bdc522e2dbf: T5833: Not all AFIs compatible with VRF add verify check (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEXafb910c1efbe: Merge pull request #3359 from sever-sever/T5833 (authored by c-po).
I sent a question to ISC regarding https://www.isc.org/blogs/dhcp-client-relay-eom/ and:
natali-rs1985 changed the status of T6234: PPPoE-server pado-delay refactoring from Open to In progress.
Viacheslav triaged T6263: Commit failures when trying to set an IGMP group with source address on an interface as Normal priority.
Reopen to investigate.
I tested in the latest rolling version and the traceback error is not received anymore and the tunnel ip column shows n/a but with multiple entries.
It still shows the disconnected client and I assume it should not show disconnected clients
Viacheslav closed T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic as Wontfix.
Close it as wontfix due to legacy backend.
In some cases, we can't predict the interface name (if the interface name is over 15 characters) https://vyos.dev/T6222
Viacheslav changed the status of T6233: Container configurations on VyOS 1.5 prevent containers from starting from Open to Needs reporter action.
@sempervictus Any updates or additional context?
Fixed, VyOS 1.5-rolling-202404240023
vyos@r4# run show conf com | match "bri|tun0" set interfaces bridge br0 member interface tun0 set interfaces tunnel tun0 encapsulation 'gretap' set interfaces tunnel tun0 remote '192.168.122.111' set interfaces tunnel tun0 source-address '192.168.122.14' [edit] vyos@r4# delete interfaces tunnel [edit] vyos@r4# commit [ interfaces tunnel tun0 ] Interface "tun0" cannot be deleted as it is a member of bridge "br0"!
Viacheslav changed the subtype of T3915: Create op-mode top-level wrapper for ssh/scp command -VyOS 1.4 from "Bug" to "Feature Request".
Viacheslav renamed T5833: Not all AFIs are compatible with VRF from BGP address family flowspec incompatible with VRF to Not all AFIs compatible with VRF.
GitHub <[email protected]> committed rVYOSONEXa63e93407374: Merge pull request #3345 from Embezzle/T6259 (authored by dmbaturin).
GitHub <[email protected]> committed rVYOSONEXa5f847beab09: Merge pull request #3349 from vyos/mergify/bp/equuleus/pr-3347 (authored by dmbaturin).
GitHub <[email protected]> committed rVYOSONEXc1b328f6818b: Merge pull request #3351 from c-po/action-update (authored by dmbaturin).
Viacheslav changed the status of T5833: Not all AFIs are compatible with VRF from Open to In progress.
Viacheslav renamed T5833: Not all AFIs are compatible with VRF from BGP Impossible to use address family flowspec with VRF to BGP address family flowspec incompatible with VRF.
Viacheslav changed the status of T6109: remote syslog does not get all the logs from Unknown Status to Resolved.
GitHub <[email protected]> committed rVYOSONEX33b4f340b6ed: Merge pull request #3358 from vyos/mergify/bp/sagitta/pr-3355 (authored by Viacheslav).
c-po moved T6244: Improve formatting in "show system uptime" from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
c-po moved T6261: Typo in the operational mode connect and disconnect command output from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.7) board.
c-po moved T6261: Typo in the operational mode connect and disconnect command output from Finished to 1.3.7 on the VyOS 1.3 Equuleus board.
c-po moved T6261: Typo in the operational mode connect and disconnect command output from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po moved T5755: Running set pki ca NAME certificate with a name with spaces breaks the config from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T6246: Add support for server health checks to reverse proxy from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T6261: Typo in the operational mode connect and disconnect command output from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T6252: GRE tunnels don't allow configuring MTU larger than 8024 from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T6261: Typo in the operational mode connect and disconnect command output from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T6226: Add "tcp-requece inspect-delay" to reverse proxy from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX9865cd931aa8: T6109: Fix remote logging for sudo commands (authored by Viacheslav).
c-po moved T6259: PKI: Support RFC822 (email) names in SAN from Open to In Progress on the VyOS 1.5 Circinus board.
c-po moved T6226: Add "tcp-requece inspect-delay" to reverse proxy from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T6262: Update the boot splash for VyOS 1.5 ISO from Open to Finished on the VyOS 1.5 Circinus board.