Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Sep 27 2022

icyfire0573 created T4713: vyos@vyos:~$ show nat destination rules | doesn't work.
Sep 27 2022, 9:28 AM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T4712: Collaborative Protection Profile cPP for Network Devices root task: T4711: Ability to terminate user TTY and PTS sessions.
Sep 27 2022, 9:05 AM · VyOS Rolling, VyOS 1.5 Circinus (1.5-stream-2025-Q4)
Viacheslav added a parent task for T4711: Ability to terminate user TTY and PTS sessions: T4712: Collaborative Protection Profile cPP for Network Devices root task.
Sep 27 2022, 9:05 AM · VyOS 1.4 Sagitta
Viacheslav created T4712: Collaborative Protection Profile cPP for Network Devices root task.
Sep 27 2022, 9:04 AM · VyOS Rolling, VyOS 1.5 Circinus (1.5-stream-2025-Q4)
aalmenar changed Issue type from unspecified to improvement on T4704: Allow to set metric (MED) to rtt with rtt,+rtt or -rtt.
Sep 27 2022, 7:55 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp) from In progress to Needs testing.
Sep 27 2022, 7:31 AM · VyOS 1.4 Sagitta
Viacheslav moved T4693: ISIS segment routing was broken... from Open to Finished on the VyOS 1.4 Sagitta board.
Sep 27 2022, 7:26 AM · VyOS 1.4 Sagitta

Sep 26 2022

c-po committed rVYOSONEX5fe0e9c163ee: ethernet: T4689: support asymetric RFS configuration on multiple interfaces.
Sep 26 2022, 6:31 PM
Viacheslav committed rVYOSONEX67cf858c8727: ids: T4557: Migrate threshold and add new threshold types.
Sep 26 2022, 5:46 PM
GitHub <noreply@github.com> committed rVYOSONEX2cf6275eac10: Merge pull request #1545 from sever-sever/T4557 (authored by c-po).
Sep 26 2022, 5:46 PM
Viacheslav created T4711: Ability to terminate user TTY and PTS sessions.
Sep 26 2022, 4:02 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4700: Firewall - Add interface match criteria.

PR: https://github.com/vyos/vyos-1x/pull/1560

Sep 26 2022, 11:51 AM · VyOS 1.4 Sagitta
initramfs added a comment to T4709: TCP MSS clamping broken in equuleus.

It seems like I was wrong about the netfilter rule not working as intended (and in my testing the clamp was broken for some other reason that was an error on my part), the post has been edited to only indicate the remaining issue of an overly strict MSS clamping range.

Sep 26 2022, 3:10 AM · VyOS 1.3 Equuleus (1.3.3)
initramfs updated the task description for T4709: TCP MSS clamping broken in equuleus.
Sep 26 2022, 3:08 AM · VyOS 1.3 Equuleus (1.3.3)

Sep 25 2022

Viacheslav changed the status of T4680: Telegraf prometheus-client listen-address invalid format from In progress to Needs testing.
Sep 25 2022, 6:31 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
ajgnet updated the task description for T4710: show openvpn server occasionally returns IndexError: list index out of range.
Sep 25 2022, 6:30 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4708: 'show nat destination rules' throwing an error.

Send steps to reproduce it or “show conf com | match nat”

Sep 25 2022, 6:29 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4710: show openvpn server occasionally returns IndexError: list index out of range.

Send steps to reproduce it or “show conf com | match openvpn ”

Sep 25 2022, 6:27 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX8f2f63032298: wireguard: ifconfig: T2653: move Config() import to be local to consumer.
Sep 25 2022, 7:19 AM
c-po committed rVYOSONEX01fcfb82122f: wireguard: ifconfig: T2653: use NamedTemporaryFile() when dealing with private….
Sep 25 2022, 7:19 AM

Sep 24 2022

ajgnet created T4710: show openvpn server occasionally returns IndexError: list index out of range.
Sep 24 2022, 9:53 PM · VyOS 1.4 Sagitta
initramfs added a comment to T4709: TCP MSS clamping broken in equuleus.

See https://unix.stackexchange.com/questions/672742/why-mss-clamping-in-iptables-nft-seems-to-take-no-effect-in-nftables for additional explanation why the iptables version do not work under iptables-nft.

Sep 24 2022, 8:28 PM · VyOS 1.3 Equuleus (1.3.3)
initramfs added a comment to T4709: TCP MSS clamping broken in equuleus.

Relevant PRs:

Sep 24 2022, 8:15 PM · VyOS 1.3 Equuleus (1.3.3)
initramfs committed rVYOSONEXcc01700d2a2b: interfaces: T4709: raise minimum TCP MSS clamping value.
Sep 24 2022, 8:10 PM
GitHub <noreply@github.com> committed rVYOSONEXadc59ad72d91: Merge pull request #1558 from initramfs/current-fix-tcp-mss (authored by c-po).
Sep 24 2022, 8:10 PM
initramfs created T4709: TCP MSS clamping broken in equuleus.
Sep 24 2022, 7:43 PM · VyOS 1.3 Equuleus (1.3.3)
c-po committed rVYOSONEX13645bc2cfd3: ethernet: T3171: enable RPS (Receive Packet Steering) for all RX queues.
Sep 24 2022, 5:30 PM

Sep 22 2022

c-po committed rVYOSONEX35d8141575c3: ipoe: T4703: fix migration of vlan node for loca authenticated users.
Sep 22 2022, 6:03 PM
c-po committed rVYOSONEX8ee9bc18f137: ipoe: T4703: fix migration of vlan node for loca authenticated users.
Sep 22 2022, 6:02 PM
c-po committed rVYOSONEXe1d3fd0b29a1: xml: T4698: validating a range must be explicitly enabled in the validator.
Sep 22 2022, 6:02 PM
n.fort added a comment to T4699: Firewall - Add jump action - Add return action.

PR for Jump: https://github.com/vyos/vyos-1x/pull/1553

Sep 22 2022, 4:20 PM · VyOS 1.4 Sagitta
goodNETnick <pknet@ya.ru> committed rVYOSONEX19500ad11f95: system login: T874: add libpam-google-authenticator package to provide 2FA….
Sep 22 2022, 2:22 PM
GitHub <noreply@github.com> committed rVYOSONEX4115503de153: Merge pull request #1541 from goodNETnick/ggl_auth (authored by c-po).
Sep 22 2022, 2:22 PM
sarthurdev committed rVYOSONEXc72d6bc68c71: nat: T4605: Fix op-mode NAT table name.
Sep 22 2022, 2:03 PM
GitHub <noreply@github.com> committed rVYOSONEXb19a70c1cc38: Merge pull request #1554 from sarthurdev/nat_refactor (authored by c-po).
Sep 22 2022, 2:03 PM
Unknown Object (User) added a comment to T874: Support for Two Factor Authentication for CLI access via Google Authenticator/OTP.

PR with feature request:
https://github.com/vyos/vyos-1x/pull/1555

Sep 22 2022, 12:26 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
dmbaturin published a new version of 1.3.1.
Sep 22 2022, 12:13 PM
dmbaturin deleted 1.3.3.
Sep 22 2022, 11:55 AM
dmbaturin renamed 1.3.3 from 1.3.1 to 1.3.3.
Sep 22 2022, 10:59 AM
dmbaturin edited the content of 1.3.1.
Sep 22 2022, 10:58 AM
dmbaturin renamed 1.3.3 from 1.3.3 to 1.3.1.
Sep 22 2022, 10:56 AM
v.huti added a comment to T4180: Support for QoS Policy Propagation via BGP (QPPB).

DEMO
===============================================

To demonstrate the feature let's look at the following topology

topo.png (447×900 px, 87 KB)

qppb_artifacts.tar.gz34 MBDownload


qppb_demo_m2.gns3project1 GBDownload

Sep 22 2022, 10:54 AM · VyOS Rolling
jack9603301 added a comment to T4706: NAT and NAT66 issues.

@sdev @Netboy3 I'll test if the new implementation is done and if the bug is fixed I'll close this PR, thanks

Sep 22 2022, 10:47 AM · VyOS 1.4 Sagitta
dmbaturin edited the content of 1.3.3.
Sep 22 2022, 10:19 AM
dmbaturin edited the content of 1.3.3.
Sep 22 2022, 10:19 AM
dmbaturin created 1.3.3.
Sep 22 2022, 10:12 AM
Viacheslav committed rVYOSONEXa8e73794ec42: update-check: T3476: Allow update-check for VyOS images.
Sep 22 2022, 6:00 AM
GitHub <noreply@github.com> committed rVYOSONEXcd1875cb1521: Merge pull request #1521 from sever-sever/T3476 (authored by c-po).
Sep 22 2022, 6:00 AM
sarthurdev committed rVYOSONEX448d4f6db9cf: nat: T4605: Refactor NAT to use python module for parsing rules.
Sep 22 2022, 5:58 AM
sarthurdev committed rVYOSONEXe6ba98a85ca7: nat66: T4605: Refactor NAT66 to use python module for parsing rules.
Sep 22 2022, 5:58 AM
sarthurdev committed rVYOSONEXc6bbe051574a: nat: T4605: Refactor static NAT to use python module for parsing rules.
Sep 22 2022, 5:58 AM
GitHub <noreply@github.com> committed rVYOSONEX7ba1f6444d1b: Merge pull request #1552 from sarthurdev/nat_refactor (authored by c-po).
Sep 22 2022, 5:58 AM
GitHub <noreply@github.com> committed rVYOSONEXf3e6fb5aab6f: telegraf: T4680: fix prometheus client listen-address invalid format (authored by ServerForge).
Sep 22 2022, 5:57 AM
Netboy3 added a comment to T4706: NAT and NAT66 issues.

@jack9603301 I've tested your updated PR and it seems to work well now. Thank you for the quick response.
@sdev I've tested your PR and it seems to also fix both issues. I did not test anything beyond DNAT port only in both ip and ip6 families.

Sep 22 2022, 2:51 AM · VyOS 1.4 Sagitta

Sep 21 2022

n.fort committed rVYOSONEX2a4f007bc3f3: T4699: Firewall: Add return action, since jump action was added recently.
Sep 21 2022, 6:24 PM
GitHub <noreply@github.com> committed rVYOSONEX2921b6fbcdde: Merge pull request #1553 from nicolas-fort/return-action (authored by c-po).
Sep 21 2022, 6:24 PM
n.fort renamed T4699: Firewall - Add jump action - Add return action from Firewall - Add jump action to Firewall - Add jump action - Add return action.
Sep 21 2022, 5:45 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEXb004cad76803: dhcpv6-pd: T2821: bugfix Jinja2 template - missing conditional if.
Sep 21 2022, 5:35 PM
c-po committed rVYOSONEX52ab8172f9cf: dhcpv6-pd: T2821: bugfix Jinja2 template - missing conditional if.
Sep 21 2022, 5:31 PM
c-po closed T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node, a subtask of T4678: Rewrite service ipoe-server to get_config_dict, as Resolved.
Sep 21 2022, 4:56 PM · VyOS 1.4 Sagitta
c-po closed T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node as Resolved.
Sep 21 2022, 4:56 PM · VyOS 1.4 Sagitta
c-po updated the task description for T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node.
Sep 21 2022, 4:56 PM · VyOS 1.4 Sagitta
c-po closed T4678: Rewrite service ipoe-server to get_config_dict as Resolved.
Sep 21 2022, 4:56 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX05df2a5f021f: ipoe: T4678: T4703: rewrite to get_config_dict().
Sep 21 2022, 4:47 PM
sarthurdev added a comment to T4706: NAT and NAT66 issues.

Included a fix for this in NAT refactor: https://github.com/vyos/vyos-1x/pull/1552

Sep 21 2022, 4:12 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4605: Firewall change default table names.

PR for NAT included with refactor: https://github.com/vyos/vyos-1x/pull/1552

Sep 21 2022, 4:12 PM · VyOS 1.4 Sagitta
c-po added a subtask for T4678: Rewrite service ipoe-server to get_config_dict: T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node.
Sep 21 2022, 2:35 PM · VyOS 1.4 Sagitta
c-po added a parent task for T4703: accel-ppp: combine vlan-id and vlan-range into single CLI node: T4678: Rewrite service ipoe-server to get_config_dict.
Sep 21 2022, 2:35 PM · VyOS 1.4 Sagitta
c-po changed the status of T4678: Rewrite service ipoe-server to get_config_dict from Open to In progress.
Sep 21 2022, 2:35 PM · VyOS 1.4 Sagitta
Netboy3 added a comment to T4706: NAT and NAT66 issues.

@jack9603301, your PR solves the NAT66 issue - thank you. However, the change you made to nat.py to try to solve the NAT44 issue is not complete and seem to also require a template change. I'll post additional details in the PR.

Sep 21 2022, 2:33 PM · VyOS 1.4 Sagitta
c-po claimed T4678: Rewrite service ipoe-server to get_config_dict.
Sep 21 2022, 2:28 PM · VyOS 1.4 Sagitta
narey83 created T4708: 'show nat destination rules' throwing an error.
Sep 21 2022, 12:51 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4699: Firewall - Add jump action - Add return action.

Since jump action was added, It would be good to also add "return" action

Sep 21 2022, 12:39 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T4706: NAT and NAT66 issues.

PR: https://github.com/vyos/vyos-1x/pull/1550

Sep 21 2022, 12:39 PM · VyOS 1.4 Sagitta
Cheeze_It added a comment to T4707: Enable OSPF segment routing.

Initial PR here, https://github.com/vyos/vyos-1x/pull/1551.

Sep 21 2022, 12:33 AM · VyOS 1.4 Sagitta

Sep 20 2022

Cheeze_It changed the status of T4707: Enable OSPF segment routing from Open to In progress.
Sep 20 2022, 11:42 PM · VyOS 1.4 Sagitta
Cheeze_It created T4707: Enable OSPF segment routing.
Sep 20 2022, 11:42 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEX87d54b805f6f: xml: firewall: T2199: improve interface help string.
Sep 20 2022, 8:52 PM
c-po committed rVYOSONEX9ad4cb12ebfc: xml: ipsec: T1210: add valueHelp and constraint for remote-access connection….
Sep 20 2022, 6:43 PM
c-po committed rVYOSONEXbd2fc1900bfc: xml: ipsec: T3093: add valueHelp and constraint for profile name.
Sep 20 2022, 6:43 PM
c-po committed rVYOSONEX2eb0ddc54ea8: ipsec: T4118: bugfix migration of IKEv2 road-warrior "id" CLI option.
Sep 20 2022, 6:43 PM
Cheeze_It closed T4693: ISIS segment routing was broken... as Resolved.
Sep 20 2022, 5:38 PM · VyOS 1.4 Sagitta
Cheeze_It added a comment to T4693: ISIS segment routing was broken....

It seems we have working ISIS segment routing:

Sep 20 2022, 5:32 PM · VyOS 1.4 Sagitta
Cheeze_It triaged T4693: ISIS segment routing was broken... as Normal priority.
Sep 20 2022, 4:25 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T4706: NAT and NAT66 issues.

@Netboy3 Let me modify the template to support

Sep 20 2022, 7:26 AM · VyOS 1.4 Sagitta

Sep 19 2022

Viacheslav added a project to T4704: Allow to set metric (MED) to rtt with rtt,+rtt or -rtt: VyOS 1.4 Sagitta.
Sep 19 2022, 10:57 PM · VyOS 1.4 Sagitta
Netboy3 added a comment to T4706: NAT and NAT66 issues.

Why would you enforce an address? It is perfectly OK to have port-only DNAT66 without any destination address such as:
nft add rule ip6 nat PREROUTING iifname eth1 counter tcp dport 443 dnat to :3000
Problem is that the test logic breaks on this and spits out a wrong statement to NFT that barfs on it.

Sep 19 2022, 8:55 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T4706: NAT and NAT66 issues.

Maybe we should add check to NAT66 to enforce the given address

Sep 19 2022, 7:32 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4706: NAT and NAT66 issues from Open to Confirmed.
Sep 19 2022, 6:34 PM · VyOS 1.4 Sagitta
n.fort claimed T4706: NAT and NAT66 issues.
Sep 19 2022, 6:34 PM · VyOS 1.4 Sagitta
n.fort created T4706: NAT and NAT66 issues.
Sep 19 2022, 6:33 PM · VyOS 1.4 Sagitta
c-po committed rVYOSONEXe9c233d65cff: ipsec: T4118: bugfix config migrator 9-to-10.
Sep 19 2022, 6:30 PM
n.fort changed the status of T4699: Firewall - Add jump action - Add return action from In progress to Needs testing.
Sep 19 2022, 11:02 AM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX842d79f986c2: smoketest: T4118: Fix smoketest for NHRP.
Sep 19 2022, 10:14 AM
GitHub <noreply@github.com> committed rVYOSONEXfdfe3dabcbff: Merge pull request #1549 from sever-sever/T4118-smoketest (authored by c-po).
Sep 19 2022, 10:14 AM
mike-pisman created T4705: Add Thunderbolt networking and interfaces supported in the config environment.
Sep 19 2022, 3:30 AM · VyOS Rolling

Sep 18 2022

jmarmorato added a comment to T4694: Allow VyOS Firewall to Match Outbound IPSec Traffic.

@n.fort Maybe set firewall name <name> rule <rule> ipsec match-gre? This feels a bit hacky though... Almost like match should be its own block and contain ipsec, none, or gre

Sep 18 2022, 10:06 PM · VyOS 1.4 Sagitta (1.4.0-GA)
Cheeze_It committed rVYOSONEX6ce3b50be62a: Update protocols_isis.py.
Sep 18 2022, 7:35 PM
GitHub <noreply@github.com> committed rVYOSONEX877047b9d36f: Merge pull request #1543 from Cheeze-It/current (authored by c-po).
Sep 18 2022, 7:35 PM
roedie claimed T4639: Crowdsec in VyOS (Blocking only).
Sep 18 2022, 5:57 PM · VyOS Rolling
First
Prev
Next