In T4350#123620, @c-po wrote:Is the fix for DMVPN hub or spoke?
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
May 20 2022
May 20 2022
May 19 2022
May 19 2022
Viacheslav added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..
There is an issue with vrf device for LOCAL direction
Imagine if you have 50 interfaces in one VRF and you want to drop all traffic from one interface for example - eth2 and don't touch other interfaces
You set firewall on eth2 Local - drop all traffic for device vrf and it will be affected to another 49 interfaces as iifname VRF_DEVICE the same
May 19 2022, 9:49 PM · Bugs, VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
Is the fix for DMVPN hub or spoke?
Viacheslav added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..
PR https://github.com/vyos/vyos-1x/pull/1330
set firewall name FOO default-action 'accept' set firewall name FOO description 'desc' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source address '8.8.8.8' set interfaces ethernet eth0 firewall local name 'FOO' set interfaces ethernet eth0 vrf 'ONE' set vrf name ONE table '150'
Check:
table ip filter {
chain VYOS_FW_LOCAL {
type filter hook input priority filter; policy accept;
iifname "ONE" counter packets 63 bytes 6024 jump NAME_FOO
jump VYOS_POST_FW
}
...
chain NAME_FOO {
ip saddr 8.8.8.8 counter packets 79 bytes 6636 drop comment "FOO-10"
counter packets 3 bytes 984 return comment "FOO default-action accept"
}
}May 19 2022, 6:33 PM · Bugs, VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
GitHub <noreply@github.com> committed rVYOSONEX05e952a5111f: Merge pull request #1329 from dmbaturin/T4432 (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEXd458ded452d9: Merge pull request #1315 from sever-sever/T4315-equ (authored by dmbaturin).
dmbaturin added a comment to T4421: Add support for floating point numbers in the numeric validator.
dmbaturin closed T3938: Rewrite the uptime script in Python to allow using it as a library as Resolved.
Viacheslav changed the status of T2194: "show firewall" garbled output, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
@jjakob could you re-check it with new fix?
May 18 2022
May 18 2022
Draft PR here:
https://github.com/vyos/vyos-1x/pull/1328
Viacheslav changed the status of T4430: Show firewall output with visual shift default rule from Open to In progress.
May 17 2022
May 17 2022
Details of adding a query such as this (20 lines of meaningful code/50 of boilerplate):
https://github.com/vyos/vyos-1x/commit/b62f5df2c796d0567b370e27fcec2005a02a4cd3
An initial implementation has been provided to Andrew Moshensky for testing with the local UI.
Viacheslav updated the task description for T4429: Ability to detect external IP address from op-mode.
Viacheslav changed the status of T4429: Ability to detect external IP address from op-mode from Open to In progress.
May 16 2022
May 16 2022
@c-po, lets run with "system-as"
The current discussion has taken place in the vyos-api-discussion channel; results will be summarized here.
Viacheslav changed the status of T4373: PPPoE-server add multiplier option for shaper from In progress to Needs testing.
Need testing:
set service pppoe-server authentication mode 'radius' set service pppoe-server authentication radius rate-limit attribute 'Mikrotik-Rate-Limit' set service pppoe-server authentication radius rate-limit enable set service pppoe-server authentication radius rate-limit multiplier '0.001' set service pppoe-server authentication radius rate-limit vendor 'Mikrotik' set service pppoe-server authentication radius server 192.0.2.1 key 'foo' set service pppoe-server client-ip-pool start '192.0.2.5' set service pppoe-server client-ip-pool stop '192.0.2.254' set service pppoe-server gateway-address '192.0.2.1' set service pppoe-server interface eth3
Or any live example
GitHub <noreply@github.com> committed rVYOSONEX9347dc53c5bd: Merge pull request #1290 from sever-sever/T4373 (authored by c-po).
Firstly, is there any info in the logs ?
As discussed in the slack channel today, let us follow up here, as I'd like to run through some analysis, and set up a reproducer if possible.
dmbaturin renamed T4427: Remove the vyos-utils package list from vyos-build from Remove the vyos-utils package list to Remove the vyos-utils package list from vyos-build.
Unknown Object (User) closed T4377: generate tech-support archive includes previous archives as Resolved.
The command works well.
Unknown Object (User) added a comment to T4377: generate tech-support archive includes previous archives.
vyos@vyos:~$ show version
May 15 2022
May 15 2022
Viacheslav committed rVYOSONEX415a470f9dba: ldp: T4082: Add restart ldp command for op-mode (authored by devon).
GitHub <noreply@github.com> committed rVYOSONEX2353f164fc1f: Merge pull request #1324 from sever-sever/T4082 (authored by dmbaturin).
n.fort added a comment to T4387: Create additional smoketests for multiwan PBR & load-balanced configurations .
I agree that having a smoketest for WLB will be great. But, there are certain limitations/considerations:
May 13 2022
May 13 2022
GitHub <noreply@github.com> committed rVYOSONEX8b122bd2ba6b: Merge pull request #1320 from sever-sever/T4408 (authored by c-po).
Viacheslav added a project to T4377: generate tech-support archive includes previous archives: VyOS 1.4 Sagitta.
Viacheslav changed the status of T4377: generate tech-support archive includes previous archives from Open to Needs testing.
c-po moved T4414: Add route-map "as-path prepend last-as x" option from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4417: VRRP doesn't start with conntrack-sync from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4419: vrf: support to disable IP forwarding within a given VRF from Open to Finished on the VyOS 1.4 Sagitta board.
yakatz awarded T160: Support NAT64 a Like token.
May 12 2022
May 12 2022
It works now.
Thank you!
Fixed in https://github.com/vyos/vyos-1x/commit/d70c2b4493366c02f025f43d2a777b2bef3e1789 and works on 1.4-rolling-202205121610.
GitHub <noreply@github.com> committed rVYOSONEX2a8833356a30: Merge pull request #1323 from sever-sever/T4399 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX02c1993afbac: Merge pull request #1325 from sever-sever/T4424 (authored by c-po).
PR for docs: https://github.com/vyos/vyos-documentation/pull/771
Viacheslav changed the status of T4424: policy local-route6 shows ipv4 format from Open to In progress.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1324
PR revert previous commit https://github.com/vyos/vyos-1x/pull/1323
May 11 2022
May 11 2022
Viacheslav changed the status of T4405: DHCP client sometimes ignores `no-default-route` option of an interface from Unknown Status to Resolved.
Viacheslav committed rVYOSONEX636e9dc5b2b8: T4405: Fix administrative distance of DHCP routes (authored by dtoux).
GitHub <noreply@github.com> committed rVYOSONEXab75607030f0: Merge pull request #1321 from sever-sever/T4405 (authored by c-po).
May 10 2022
May 10 2022
@dmbaturin Do we really need this?
Maybe it will fix it https://github.com/sematext/oxdpus/blob/master/pkg/xdp/prog/xdp.c
zedalert added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
Already tested config in the 1.3-rolling-202205100648 and 1.4-rolling-202205080844, behavior remains the same.
Viacheslav added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
I could be wrong
1.3.0-rc6 old release
Could you check it on more actual version?
Viacheslav added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
PR for 1.4 https://github.com/vyos/vyos-1x/pull/1321
zedalert added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
@Viacheslav But in this case there is no point to use different test addresses, if the target is pinged with "interface" option.
Viacheslav added a comment to T4422: WAN load-balance status failed on all interfaces if one of them failed.
@zedalert Tested addresses should be different, as I remember it send pings with "interface" option
So targets should be different