It seems UPnP rules doesn't work at all task T4620
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 16 2022
Aug 16 2022
Viacheslav changed the status of T4611: UPnP rule IP should be a prefix instead of an address from Open to In progress.
Viacheslav changed the status of T4620: UPnP does not work due to incorrect template from Open to In progress.
@patrickli Could you send a real example? In your example, port ranges are incorrect also it is not all required UPnP configuration
If you sent all UPnP configuration, it already has been done :)
I'm not a UPnP person, so I ask for some examples.
Viacheslav changed the status of T4613: UPnP configuration without listen option fail from Open to In progress.
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
I tried to add vrf, but it requires some permissions, service is not starting
diff --git a/data/templates/monitoring/override.conf.j2 b/data/templates/monitoring/override.conf.j2 index 9f1b4ebe..63e479af 100644 --- a/data/templates/monitoring/override.conf.j2 +++ b/data/templates/monitoring/override.conf.j2 @@ -1,7 +1,10 @@ +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} [Unit] After=vyos-router.service ConditionPathExists=/run/telegraf/vyos-telegraf.conf [Service] +ExecStart= +ExecStart={{ vrf_command }}/usr/bin/telegraf -config /run/telegraf/vyos-telegraf.conf -config-directory /etc/telegraf/telegraf.d $TELEGRAF_OPTS Environment=INFLUX_TOKEN={{ influxdb.authentication.token }} CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in index 36f40a53..dc014ee1 100644 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ b/interface-definitions/service-monitoring-telegraf.xml.in @@ -306,6 +306,7 @@ </leafNode> </children> </node> + #include <include/interface/vrf.xml.i> </children> </node> </children>
jestabro moved T3993: Extend HTTP API GraphQL support from Open to In Progress on the VyOS 1.4 Sagitta board.
jestabro edited projects for T3993: Extend HTTP API GraphQL support, added: VyOS 1.4 Sagitta, VyOS 1.3 Equuleus; removed VyOS 1.3 Equuleus (1.3.2).
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
Viacheslav changed the status of T4596: "show openconnect-server sessions" command does not work in the openconnect module, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Viacheslav changed the status of T4596: "show openconnect-server sessions" command does not work in the openconnect module from In progress to Needs testing.
dmbaturin committed rVYOSONEX8f63565add6b: syslog: T4039: Add protocol23format logging for UDP (authored by Viacheslav).
GitHub <noreply@github.com> committed rVYOSONEX4d845cc36822: Merge pull request #1473 from dmbaturin/T4039-equ (authored by Viacheslav).
Viacheslav changed the status of T4618: Traffic policy not set on virtual interfaces from Open to In progress.
Viacheslav changed the status of T4601: dhcp : relay agent IP address issue. from Confirmed to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEXa8793122bb22: Merge pull request #1472 from c-po/debian-t4584-equuleus (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEXa21669ee5c87: Merge pull request #1462 from sever-sever/T4596 (authored by c-po).
c-po moved T4584: hostap: create custom package build from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
c-po closed T4584: hostap: create custom package build, a subtask of T4537: MACsec not working with cipher gcm-aes-256, as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX160262edaf1b: dhcp-relay: T4601: restart dhcp relay-agent (authored by mkorobeinikov <92354771+mkorobeinikov@users.noreply.github.com>).
GitHub <noreply@github.com> committed rVYOSONEX1e81eec1b916: Merge pull request #1471 from mkorobeinikov/current (authored by c-po).
Unknown Object (User) changed the status of T4601: dhcp : relay agent IP address issue. from Open to Confirmed.
Aug 15 2022
Aug 15 2022
c-po edited projects for T4616: openconnect: KeyError: 'local_users', added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
PR for VyOS 1.3 https://github.com/vyos/vyos-1x/pull/1470
c-po moved T4614: OpenConnect split-dns directive from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4565: vlan aware bridge not working from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
c-po edited projects for T4565: vlan aware bridge not working , added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus (1.3.3).
GitHub <noreply@github.com> committed rVYOSONEX50bdb0e9e450: Merge pull request #1469 from c-po/macsec-equuleus (authored by c-po).
aserkin renamed T4615: vpn sessions-columns configuration needed from vpn session-columns configuration needed to vpn sessions-columns configuration needed.
Viacheslav edited projects for T4082: Add op mode command to restart ldpd, added: VyOS 1.3 Equuleus; removed VyOS 1.3 Equuleus (1.3.2).
Viacheslav closed T3988: Feature Request: IPsec Multiple local/remote prefix for the tunnel as Resolved.
Nice. Is this syntax supported in vyos or it needs some development?
It is possible but with specific syntax
I found some examples:
nft insert rule ip filter VYOS_FW_FORWARD ip 'saddr & 0.255.0.255 != 0.11.0.13' counter
GitHub <noreply@github.com> committed rVYOSONEXbe96aa03a1e4: Merge pull request #1468 from sever-sever/T4609 (authored by c-po).
OK. I was trying to migrate from an EdgeRouter and this is a rule I used to have.
set service upnp rule 10 action allow set service upnp rule 10 external-port-range 1024-65536 set service upnp rule 10 internal-port-range 1024-65536 set service upnp rule 10 ip 10.0.0.1/24
@patrickli nftables is not engine for iptables. It is programs to work with netfilter
That's why I ask for the real example
root@r1:/home/vyos# nft insert rule ip6 filter INPUT ip6 saddr ::dead:beef/::ffff:ffff counter
Error: syntax error, unexpected string, expecting number
insert rule ip6 filter INPUT ip6 saddr ::dead:beef/::ffff:ffff counter
^^^^^^^^^^^
root@r1:/home/vyos#Yeah nftables is just the engine for iptables. EdgeOS supports this syntax.
@patrickli In 1.4 we don't use iptables, we use nftables
LInk to nftables example will be helpful.
@patrickli Could you attach an example of VyOS configuration with set service upnp xxx
If you manually change upnpd.conf does it work correctly?
Viacheslav changed the status of T4609: Unable to Restart Container VyOS 1.4 from Open to In progress.
Viacheslav changed the status of T4595: DPD interval and timeout do not work in DMVPN from Open to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX63d572ffa332: Merge pull request #1467 from dmbaturin/macsec-fix (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX3c4e778d713b: Merge pull request #1465 from sever-sever/T4595 (authored by c-po).
Aug 14 2022
Aug 14 2022
@dmbaturin, here are the changes I made: https://github.com/vyos/vyos-build/compare/equuleus...fvlaicu:equuleus
I'm using the 1.4 kernel in 1.3.
dmbaturin edited projects for T4393: sstp: add support for configuring host-name (SNI), added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).