Also add IPv6 link local address support to auto generate a link-local address as on any other type of interface.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jul 1 2022
Jul 1 2022
With recent versions of strongSwan and XFRM interface in VyOS 1.4 this is now possible.
c-po changed the status of T2455: No support for the IPv6 VTI, a subtask of T2353: Interface [conf_mode] errors parent task, from Open to In progress.
Jun 30 2022
Jun 30 2022
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
In T1641#125443, @Viacheslav wrote:@trae32566 Extentd conntrack table and reduce timeouts:
for example
There is no dict if exists only one record in the https://github.com/vyos/vyos-1x/blob/cefc7ce9bfcf7750700e73edbc21864fe8ab0bee/src/op_mode/show_nat_translations.py#L103-L110
So it can't parse correctly
Unknown Object (User) added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.
Maybe it depends on the version of accel-ppp.
In 1.2.8:
Viacheslav added a comment to T4313: "generate public-key-command" throws unhandled exceptions when it cannot retrieve the key.
Cherry-pick for 1.3 https://github.com/vyos/vyos-1x/pull/1381
In T2455#68732, @dmbaturin wrote:VTI is secretly IPIP, so it doesn't support IPv6. The real issue is that we don't support the IPv6 variant of VTI yet.
Viacheslav added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
@trae32566 Extentd conntrack table and reduce timeouts:
for example
set system sysctl parameter net.netfilter.nf_conntrack_generic_timeout value 60 set system sysctl parameter net.netfilter.nf_conntrack_icmp_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_icmpv6_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_close_wait value 20 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_established value 1800 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_fin_wait value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_recv value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_sent value 60 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_time_wait value 120 set system sysctl parameter net.netfilter.nf_conntrack_udp_timeout_stream value 60
Viacheslav changed the status of T4498: bridge: Add option to enable/disable IGMP/MLD snooping from Open to Needs testing.
@Viacheslav There is already a set interfaces bridge brN igmp node. If the default option is enabled, I think set interfaces bridge brN igmp disable-snooping would sound better.
I prefer to have IGMP snooping disabled as the default option, since improper IGMP snooping causes issues while disabling IGMP snooping doesn't.
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
This seems to be an issue in 1.4 as well, I have the exact same symptoms, and removing the accept-protocol fixes the issue.
Jun 29 2022
Jun 29 2022
Implemented as: set service router-advert interface eth0 name-server-lifetime <value> which will be option A
PR https://github.com/vyos/vyos-1x/pull/1379 (without completion help)
Because with a rule like that I accept everything coming from nl from wan to lan, or I would need to add the source nl to every rule. That's why I did it with a deny not coming from nl on top, and then specific rules for the traffic that I want to accept.
jestabro closed T4491: Use empty string for internal name of root node of config_tree, a subtask of T4235: Add config tree diff algorithm, as Unknown Status.
jestabro closed T4491: Use empty string for internal name of root node of config_tree as Unknown Status.
GitHub <noreply@github.com> committed rVYOSONEXfba14cd5f498: Merge pull request #1378 from vfreex/add-igmp-snooping-option (authored by c-po).
Viacheslav changed the subtype of T4493: Incorrect help for "show bgp neighbors" from "Task" to "Bug".
Viacheslav changed the subtype of T4496: ping vrf help does not list VRFs from "Task" to "Feature Request".
If the default option is enabled or 1
Maybe it makes sense to create disable option like:
set interfaces bridge br0 ip disable-multicast-snooping
PR to add the option: https://github.com/vyos/vyos-1x/pull/1378
aderouineau triaged T4492: Incorrect list of neighbors in help for "show bgp vrf VRF neighbors" as Normal priority.
Jun 28 2022
Jun 28 2022
jestabro renamed T4491: Use empty string for internal name of root node of config_tree from Use empty string for internal name of root of config_tree to Use empty string for internal name of root node of config_tree.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py, a subtask of T4235: Add config tree diff algorithm, from Open to On hold.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py, a subtask of T4316: Update save-config/load-config, from Open to On hold.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py from Open to On hold.
jestabro updated the task description for T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py.
jestabro changed the status of T4491: Use empty string for internal name of root node of config_tree from Open to In progress.
Viacheslav lowered the priority of T4232: VyOS 1.2 traffic-policy shaper match interface not working from High to Normal.
It is not related to a router bug/feature
Close it
GitHub <noreply@github.com> committed rVYOSONEX2e8fdce2a947: Merge pull request #1376 from sever-sever/T4473 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXd1ff009703bb: Merge pull request #1377 from sever-sever/T4486 (authored by c-po).
Did you try dns forwarding domain?
set service dns forwarding domain abc.local server 192.0.2.5
Viacheslav changed the status of T4475: route-map does not support ipv6 peer from In progress to Needs testing.
Task for rewriting wan-loadbalancing to XML/Python T4470
fernando added a comment to T4490: BGP- warning message that AFI/SAFI is needed to establish the neighborship.
@Viacheslav thanks
Viacheslav changed the status of T4473: Use container network without network declaration error from Open to In progress.
fernando changed the status of T4490: BGP- warning message that AFI/SAFI is needed to establish the neighborship from Open to In progress.
Viacheslav added a project to T4489: MPLS sysctl not persistent for tunnel interfaces: VyOS 1.3 Equuleus (1.3.2).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1375
Viacheslav moved T4429: Ability to detect external IP address from op-mode from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T4429: Ability to detect external IP address from op-mode: VyOS 1.3 Equuleus (1.3.2).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1374
Will be fixed in the next rolling release
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1372
Viacheslav moved T1375: Add clear dhcp server lease function from Open to Finished on the VyOS 1.4 Sagitta board.
GitHub <noreply@github.com> committed rVYOSONEX49d7ba83958a: Merge pull request #1370 from sever-sever/T4489 (authored by c-po).
Why don't use action accept for nl and drop all others?
e.khudiyev added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.
In T4457#124584, @NikolayP wrote:The problem seems to be in these lines:
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.1' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14'Replacing "static IP" with 172.25.255.2 makes it work in VyOS 1.3.1
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2'Full corrected config for 1.3.1 from the first post:
set interfaces dummy dum4 address '4.4.4.4/32' set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth1 address '192.168.6.31/24' set service ssh set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec nat-traversal 'enable' set vpn l2tp remote-access authentication local-users username test password 'test' set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2' set vpn l2tp remote-access authentication mode 'local' set vpn l2tp remote-access authentication require 'mschap-v2' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14' set vpn l2tp remote-access idle '1800' set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret' set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'test' set vpn l2tp remote-access ipsec-settings ike-lifetime '3600' set vpn l2tp remote-access ipsec-settings lifetime '3600' set vpn l2tp remote-access outside-address '192.168.6.31'
Viacheslav changed the status of T4489: MPLS sysctl not persistent for tunnel interfaces from Confirmed to In progress.
It seems a wrong priority
Mpls configuration applied before creation tunnel
As a result sysctl parameter for the tunnel interface doesn't exist yet
To reproduce it in one commit:
set interfaces dummy dum1 address '10.5.4.8/24' set interfaces tunnel tun0 address '10.255.0.2/30' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 remote '192.0.2.254' set interfaces tunnel tun0 source-address '192.0.2.1' set protocols mpls interface 'dum1' set protocols mpls interface 'tun0' set protocols mpls ldp discovery transport-ipv4-address '192.0.2.1' set protocols mpls ldp interface 'dum1' set protocols mpls ldp interface 'tun0' set protocols mpls ldp router-id '192.0.2.1'
Jun 27 2022
Jun 27 2022