PR https://github.com/vyos/vyos-1x/pull/1601
set service ssh hostkey-algorithm 'sk-ssh-ed25519@openssh.com' set service ssh hostkey-algorithm 'ssh-rsa'
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Oct 18 2022
Oct 18 2022
Oct 17 2022
Oct 17 2022
Viacheslav updated the task description for T4712: Collaborative Protection Profile cPP for Network Devices root task.
Viacheslav changed the status of T4720: Ability to configure SSH HostKeyAlgorithms, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T4720: Ability to configure SSH HostKeyAlgorithms from Open to In progress.
Added more bgpd/ospfd events to the log. The VRF Id seem to be correct. But the events look curious. After session start the interface is first created in vrf default (vrf default, id:0) followed by bgpd/ospfd events, then accel-ppp process moves it to destination vrf (vrf client, id:5) which is follwed by the bgpd/ospfd errors.
Finally, with more or less than 5000 sessions bgpd accidentally becomes unresponsive and utilizes 200% cpu (8 cores are used on VM). Accel-pppd process having all network destinations unreachable also goes unresponsive a bit later.
After that we have to reboot.
l2tp-session-start-stop.log13 KBDownload
GitHub <noreply@github.com> committed rVYOSONEX414f435d5090: Merge pull request #1600 from jestabro/gql-composite (authored by jestabro).
@CuBiC3D There is a comment of the commit https://github.com/vyos/vyos-1x/commit/373227e717fac82af5ea8d71e611a3df1c59054e
Unknown Object (User) updated the task description for T4734: Feature Request: openvpn: add OTP 2FA support.
Viacheslav added a project to T4752: ICMP redirects not working / not properly configured: VyOS 1.4 Sagitta.
I am finding out, it seems OSPF SR doesn't work properly :(
Unknown Object (User) updated the task description for T4754: Improvement: system login: show configured 2FA OTP key.
Unknown Object (User) claimed T4754: Improvement: system login: show configured 2FA OTP key.
Unknown Object (User) created T4754: Improvement: system login: show configured 2FA OTP key.
Unknown Object (User) changed the subtype of T4751: Feature Request: system login: 2FA OTP key generator in VyOS CLI from "Task" to "Enhancement".
Unknown Object (User) added a comment to T4751: Feature Request: system login: 2FA OTP key generator in VyOS CLI.
Oct 16 2022
Oct 16 2022
Here is ISIS segment routing working:
Basically,
all commercial hooks need to be implemented
syncer raised the priority of T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6) from Wishlist to High.
jestabro renamed T4753: Extend automatic generation of schema to query SystemStatus from Extend automatic generation of shcema to query SystemStatus to Extend automatic generation of schema to query SystemStatus.
jestabro updated the task description for T4753: Extend automatic generation of schema to query SystemStatus.
jestabro triaged T4753: Extend automatic generation of schema to query SystemStatus as Normal priority.
I have been thinking about this over the weekend and looked into your failover implementation, there's nothing wrong with it and should serve most peoples needs. That said I am not too good with python so it was more straight forward to start from scratch.
aderouineau added a comment to T4123: checksum file fails to download from AWS S3 in rolling-release.
I confirm this is still an issue in 1.4-rolling-202207250217 trying to download 1.4-rolling-202210150526:
Oct 15 2022
Oct 15 2022
@SrividyaA
The documentation at https://docs.vyos.io/en/latest/configuration/firewall/zone.html currently contains the following regarding local-zone:
Why does the image has to be added manually and can not be pulled from the registry if not locally available?
Unknown Object (User) claimed T4751: Feature Request: system login: 2FA OTP key generator in VyOS CLI.
Unknown Object (User) created T4751: Feature Request: system login: 2FA OTP key generator in VyOS CLI.
GitHub <noreply@github.com> committed rVYOSONEXec202631ccb8: Merge pull request #1579 from sever-sever/T4743 (authored by Viacheslav).
Cheeze_It changed the status of T4739: ISIS and OSPF segment routing being refactored from In progress to Needs testing.
Oct 14 2022
Oct 14 2022
GitHub <noreply@github.com> committed rVYOSONEX813236e6ca26: Merge pull request #1588 from dmbaturin/pr-title-check (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEX326c43632b94: Merge pull request #1597 from jestabro/http-api-config-dict (authored by jestabro).
Viacheslav changed the status of T4533: Radius clients don’t have simple permissions from Open to Needs testing.
Viacheslav moved T4533: Radius clients don’t have simple permissions from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
GitHub <noreply@github.com> committed rVYOSONEX78f6b2fee6f1: Merge pull request #1598 from sever-sever/T4533 (authored by c-po).
@adaker
Could you describe the check/test procedure, how to test that all works as you expected?
Unknown Object (User) added a comment to T4750: Support of higher level SSH keys (sk-ssh-ed25519).
Ah, yea that is true.
They are enabled by default.
I mean Linux man https://man7.org/linux/man-pages/man5/sshd_config.5.html
HostKeyAlgorithms
Specifies the host key signature algorithms that the server
offers. The default for this option is:Unknown Object (User) added a comment to T4750: Support of higher level SSH keys (sk-ssh-ed25519).
What do you mean by "enable by default"?
The issue is that, right now, we are unable to add these kind of ssh keys because the cli won't let you define the type.
Also, it should be enabled by default (at least in ssh documentation)
Could you check it?
My fault. Sorry.
We already have task T4720
Unknown Object (User) edited a custom field on T4750: Support of higher level SSH keys (sk-ssh-ed25519).
Unknown Object (User) created T4750: Support of higher level SSH keys (sk-ssh-ed25519).
Viacheslav changed the status of T4725: Unable to reset vpn IPsec peer from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX427ea592ae8d: Merge pull request #1595 from Cheeze-It/current (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX783f5e24b1c5: Merge pull request #1596 from sever-sever/T4725 (authored by c-po).
PR https://github.com/vyos/vyos-1x/pull/1596
vyos@r14:~$ show vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
----------------- ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------------
OFFICE-B-tunnel-0 up 4s 0B/0B 0/0 192.0.2.2 192.0.2.2 AES_CBC_256/HMAC_SHA2_256_128/MODP_1024
vyos@r14:~$
vyos@r14:~$
vyos@r14:~$ reset vpn ipsec-peer OFFICE-B
closing CHILD_SA OFFICE-B-tunnel-0{16} with SPIs cc364877_i (0 bytes) c521f540_o (0 bytes) and TS 192.168.0.0/24 === 10.0.0.0/21
CHILD_SA {16} closed successfully
generating QUICK_MODE request 1449430238 [ HASH SA No KE ID ID ]
sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (332 bytes)
received packet: from 192.0.2.2[500] to 192.0.2.1[500] (332 bytes)
parsed QUICK_MODE response 1449430238 [ HASH SA No KE ID ID ]
selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
CHILD_SA OFFICE-B-tunnel-0{17} established with SPIs cd451e27_i cfb63c3c_o and TS 192.168.0.0/24 === 10.0.0.0/21
generating QUICK_MODE request 1449430238 [ HASH ]
sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (76 bytes)
connection 'OFFICE-B-tunnel-0' established successfully
Peer reset result: success
vyos@r14:~$Put in hopefully the last PR for this here, https://github.com/vyos/vyos-1x/pull/1595
Cheeze_It renamed T4739: ISIS and OSPF segment routing being refactored from ISIS segment routing being refactored to ISIS and OSPF segment routing being refactored.
Oct 13 2022
Oct 13 2022
jestabro changed the status of T4749: Use config_dict for conf_mode http-api.py from Open to In progress.
Viacheslav changed the subtype of T2958: DHCP server doesn't work from a live CD from "Task" to "Bug".
Viacheslav edited projects for T3011: router becomes unreachable for few minutes when vti interfaces goes down, added: VyOS 1.4 Sagitta; removed vyos-frr.
Oct 13 2022, 4:02 PM · Restricted Project
Viacheslav added a project to T2113: OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping: VyOS 1.4 Sagitta.
Oct 13 2022, 3:59 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7), openvpn
Viacheslav changed the status of T3965: arm: Extend configure scripts to allow for arm builds from Open to Needs testing.
Viacheslav added a project to T4303: BGP neighbor interface v6only fails to commit: VyOS 1.4 Sagitta.
I can't reproduce this bug with the latest rolling
vyos@r14# run show conf com | match bgp set protocols bgp address-family ipv4-unicast redistribute connected set protocols bgp neighbor eth1 interface remote-as '65001' set protocols bgp neighbor eth1 interface v6only peer-group 'SPING' set protocols bgp peer-group SPING address-family ipv4-unicast set protocols bgp peer-group SPING address-family ipv6-unicast set protocols bgp peer-group SPING capability extended-nexthop set protocols bgp peer-group SPING password 'foo' set protocols bgp system-as '65001'
Viacheslav changed the status of T3721: ARM64: 1.4: Fastnetmon in current is a precompiled custom "blob" and amd64 only. (blocks all arm64 builds) from Open to Needs testing.
Viacheslav added a project to T3652: BGP handshake with cisco router ends in timeout: VyOS 1.4 Sagitta.
@ernstjo Can you reproduce it again?
Viacheslav edited projects for T3625: Configuring and deletting DHCP Server, added: VyOS 1.2 Crux (VyOS 1.2.9); removed VyOS 1.2 Crux.
Viacheslav changed the subtype of T3501: Allow using more than one tuned profile from "Task" to "Feature Request".
Viacheslav moved T4343: Expose powerdns network-timeout for service dns forwarding from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T4274: Extend OpenConnect RADIUS Timeout to Permit 2FA Entry from Open to Finished on the VyOS 1.4 Sagitta board.