Happened across this one while trying to find support for defining client classes in Kea in order to pass different PXE boot files depending on client architecture. The following has an example of how this is achieved in kea.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jun 12 2024
Jun 12 2024
Jun 11 2024
Jun 11 2024
Can you please retest with the latest ISO as additional fixes got added to the code.
Just to notice: This task focuses on container part of multi arch support. I can take a look at multiarch pieces outside docker support, but it will demand a deeper knowledge of vyos build system and the vyos goal on multiarch (Or for now, arm) support.
Hey, is this feature currently being worked on? If not then I wouldn't mind working on support for it (I've also created a basic wpa2-enterprise option for client mode)
c-po moved T6462: wireless: add op-mode command for hostapd and wpa_supplicant logs from In Progress to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6473: bgp: missing completion helper for peer-groups inside a VRF from Need Triage to In Progress on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6473: bgp: missing completion helper for peer-groups inside a VRF from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po updated the task description for T6473: bgp: missing completion helper for peer-groups inside a VRF.
talmakion added a comment to T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses.
@a.apostoliuk this one should be resolved in the current rolling release, if you're able to check it out?
I have https://github.com/vyos/vyos-1x/pull/3616 and https://github.com/vyos/vyos-1x/pull/3637 as works in progress.
Vijayakumar renamed T6469: Remove J2Lint workflow from vyos-1x from Renove J2Lint workflow from vyos-1x to Remove J2Lint workflow from vyos-1x.
Viacheslav triaged T6470: Deleting a Firewall addrerss-group object that is tied to a NAT rule or other resources doesn't error out, it hangs. as Normal priority.
@lclements0 Add a simple set of commands to reproduce.
Jun 11 2024, 7:03 AM · Restricted Project
Jun 10 2024
Jun 10 2024
lclements0 created T6470: Deleting a Firewall addrerss-group object that is tied to a NAT rule or other resources doesn't error out, it hangs..
Jun 10 2024, 11:29 PM · Restricted Project
I can probably help with this in August when I'll have access to one of these appliances again.
Vijayakumar changed the status of T6469: Remove J2Lint workflow from vyos-1x from Open to In progress.
Vijayakumar changed the status of T6469: Remove J2Lint workflow from vyos-1x, a subtask of T6309: Check code quality with CodeQL, from Open to In progress.
Approaching implementation of ZeroTier from a different angle in:
https://vyos.dev/T6455
Vijayakumar closed T6467: Add sagitta for vyos-1x workflows trigger branch list, a subtask of T6309: Check code quality with CodeQL, as Resolved.
Giggum updated the task description for T5633: op-cmd: Interrupting the "tech-support report" command generates error.
Giggum updated the task description for T5633: op-cmd: Interrupting the "tech-support report" command generates error.
c-po closed T6463: reverse-proxy: service not reloaded when updating SSL certificate via PKI as Resolved.
c-po moved T6462: wireless: add op-mode command for hostapd and wpa_supplicant logs from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6463: reverse-proxy: service not reloaded when updating SSL certificate via PKI from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po closed T6464: sstpc: interface not restarted when updating SSL certificate via PKI as Resolved.
c-po moved T6462: wireless: add op-mode command for hostapd and wpa_supplicant logs from Need Triage to In Progress on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6463: reverse-proxy: service not reloaded when updating SSL certificate via PKI from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6454: Explicitly set the default reverse proxy mode to HTTP from In Progress to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6401: Attempts to delete vlan-to-vni option causes an unhandled exception from In Progress to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6453: GRUB variables with `=` in a value are parsed improperly from In Progress to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6464: sstpc: interface not restarted when updating SSL certificate via PKI from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
c-po moved T6464: sstpc: interface not restarted when updating SSL certificate via PKI from Need Triage to Finished on the VyOS 1.5 Circinus board.
Viacheslav changed the status of T6442: CGNAT add address allocation logs to syslog during commit, a subtask of T5169: Add CGNAT Carrier-Grade NAT based on nftables, from Open to In progress.
Viacheslav changed the status of T6442: CGNAT add address allocation logs to syslog during commit from Open to In progress.
PR https://github.com/vyos/vyos-1x/pull/3621
set nat cgnat log-allocation set nat cgnat pool external ext-01 external-port-range '1024-65535' set nat cgnat pool external ext-01 per-user-limit port '2000' set nat cgnat pool external ext-01 range 192.168.122.222/32 set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int-01' set nat cgnat rule 10 translation pool 'ext-01'
check logs:
Jun 10 14:10:02 r4 sudo[9057]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c ' /usr/libexec/vyos/conf_mode/nat_cgnat.py' Jun 10 14:10:02 r4 sudo[9057]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1003) Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.0, external host: 192.168.122.222, Port range: 1024-3023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.1, external host: 192.168.122.222, Port range: 3024-5023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.2, external host: 192.168.122.222, Port range: 5024-7023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.3, external host: 192.168.122.222, Port range: 7024-9023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.4, external host: 192.168.122.222, Port range: 9024-11023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.5, external host: 192.168.122.222, Port range: 11024-13023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.6, external host: 192.168.122.222, Port range: 13024-15023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.7, external host: 192.168.122.222, Port range: 15024-17023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.8, external host: 192.168.122.222, Port range: 17024-19023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.9, external host: 192.168.122.222, Port range: 19024-21023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.10, external host: 192.168.122.222, Port range: 21024-23023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.11, external host: 192.168.122.222, Port range: 23024-25023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.12, external host: 192.168.122.222, Port range: 25024-27023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.13, external host: 192.168.122.222, Port range: 27024-29023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.14, external host: 192.168.122.222, Port range: 29024-31023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.15, external host: 192.168.122.222, Port range: 31024-33023 Jun 10 14:10:03 r4 sudo[9057]: pam_unix(sudo:session): session closed for user root
dmbaturin triaged T6463: reverse-proxy: service not reloaded when updating SSL certificate via PKI as High priority.
dmbaturin triaged T6464: sstpc: interface not restarted when updating SSL certificate via PKI as High priority.
dmbaturin triaged T6461: Create a workflow, that checks existence of codeowners file in repo, if not create one. as Normal priority.
dmbaturin triaged T6457: Update strip-private function to improve op command output for IPs as Low priority.
Accel-ppp does not work with VPP
vyos@vyos:~$ dpkg -l | grep vyos-1x ii vyos-1x 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data ii vyos-1x-vmware 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data for VMware vyos@vyos:~$
drw_08 updated subscribers of T6405: Add disk_setup and mounts in vyos cloud-init config under cloud_init_modules .
Vijayakumar changed the status of T6467: Add sagitta for vyos-1x workflows trigger branch list, a subtask of T6309: Check code quality with CodeQL, from Open to In progress.
Vijayakumar changed the status of T6467: Add sagitta for vyos-1x workflows trigger branch list from Open to In progress.
Vijayakumar closed T6466: Add PR checks as mandatory for vyos-1x, a subtask of T6309: Check code quality with CodeQL, as Resolved.
Giggum added a comment to T5633: op-cmd: Interrupting the "tech-support report" command generates error.
Updated task description to denote two issues (Bug 1 and Bug 2) with show tech-support report.
Giggum updated the task description for T5633: op-cmd: Interrupting the "tech-support report" command generates error.
Jun 9 2024
Jun 9 2024
@blueish - thanks! Yes, apt-mirror works now - but will it continue to work with the new storage too?
BTW, good to see "deb-src" - but only a few source packages are in there. I think it would be great to have corresponding source for all these *.deb packages in the Debian source package format, then anyone who wants to contribute will be able to use dpkg-buildpackage to rebuild them.
Please share the output of dpkg -l | grep vyos-1x
c-po added a comment to T6464: sstpc: interface not restarted when updating SSL certificate via PKI.
c-po changed the status of T6464: sstpc: interface not restarted when updating SSL certificate via PKI from Open to In progress.
c-po updated the task description for T6462: wireless: add op-mode command for hostapd and wpa_supplicant logs.
vyos@vyos# show vpn ipsec | commands set esp-group vpn lifetime '3600' set esp-group vpn pfs 'enable' set esp-group vpn proposal 10 encryption 'aes128gcm128' set esp-group vpn proposal 10 hash 'sha256' set ike-group vpn key-exchange 'ikev2' set ike-group vpn lifetime '7200' set ike-group vpn proposal 10 dh-group '14' set ike-group vpn proposal 10 encryption 'aes128gcm128' set ike-group vpn proposal 10 hash 'sha256' set interface 'eth0' set options virtual-ip set remote-access connection support authentication client-mode 'eap-mschapv2' set remote-access connection support authentication local-id 'ipsec.somedomain' set remote-access connection support authentication local-users username test password 'test' set remote-access connection support authentication server-mode 'x509' set remote-access connection support authentication x509 ca-certificate 'isrgrootx1' set remote-access connection support authentication x509 ca-certificate 'lets-encrypt-r3' set remote-access connection support authentication x509 certificate 'vpn2' set remote-access connection support description 'support remote access' set remote-access connection support esp-group 'vpn' set remote-access connection support ike-group 'vpn' set remote-access connection support local-address 'ip on eth0' set remote-access connection support pool 'support' set remote-access pool support name-server '1.1.1.1' set remote-access pool support name-server '9.9.9.9' set remote-access pool support prefix '192.168.120.64/27' [edit] vyos@vyos#
Please share your full ipsec configuration
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote ipsec.somedomain
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 154, in <module>
cert = load_certificate(pki['certificate'][cert_name]['certificate'])
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
KeyError: 'certificate'
vyos@vyos:~$ show ver
Version: VyOS 1.5-rolling-202406060020
Release train: current
Release flavor: genericReporter action missing - running this setup in production so does not feel like a bug.
c-po changed the status of T6462: wireless: add op-mode command for hostapd and wpa_supplicant logs from Open to In progress.