Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Dec 7 2022

aserkin added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).

The firewall settings does not seem to catch the traffic going out of l2tp* interfaces.

admin@vyos-lns-1:~$ show config commands |grep firewall
set firewall interface l2tp* out name 'nodefw'
set firewall log-martians 'disable'
set firewall name nodefw rule 100 action 'accept'
set firewall name nodefw rule 100 protocol 'tcp'
set firewall name nodefw rule 100 tcp flags syn
set firewall name nodefw rule 100 tcp mss '1300'
Dec 7 2022, 10:44 AM · VyOS 1.4 Sagitta
aserkin added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).

Oops. Thank you Nicolas.
Suddenly found myself far behind the current rolling release. Will upgrade first.

Dec 7 2022, 8:39 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4861: Openconnect restart on adding users - Aborts all active connections from Open to In progress.
Dec 7 2022, 8:18 AM · VyOS 1.4 Sagitta
klase added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.

I have made the change in my configuration and tested as many configuration changes as I could (I have not tested radius authentication, and other options that are not valid in my setup) and it seems to work with this change without any unwanted side effects.

Dec 7 2022, 8:03 AM · VyOS 1.4 Sagitta

Dec 6 2022

Viacheslav added a comment to T4837: Expose "show ip route summary" in the op mode API.

@dmbaturin It shows only IPv4 routes
Could you also add IPv6?

Dec 6 2022, 11:51 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4864: `show firewall` command errors.

Should be fixed in T4794
Check please the newest version

Dec 6 2022, 10:55 PM · VyOS 1.4 Sagitta
dcplaya created T4864: `show firewall` command errors.
Dec 6 2022, 6:51 PM · VyOS 1.4 Sagitta
n.fort added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).

@aserkin . Viacheslav commands are present in more recent nighly builds.
Try with one of the latests images.

Dec 6 2022, 6:26 PM · VyOS 1.4 Sagitta
aserkin added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).

There's no

set firewall interface

option here:
admin@vyos-lns-1:~$ show version
Version: VyOS 1.4-rolling-202209131208

Dec 6 2022, 5:52 PM · VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4861: Openconnect restart on adding users - Aborts all active connections from "Task" to "Feature Request".
Dec 6 2022, 5:05 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4861: Openconnect restart on adding users - Aborts all active connections.

@klase could you make some changes?

sudo nano -c +253 /usr/libexec/vyos/conf_mode/vpn_openconnect.py

and change

call('systemctl restart ocserv.service')

to:

call('systemctl reload-or-restart ocserv.service')
Dec 6 2022, 5:04 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).

Does it do the same?

set firewall interface l2tp* out name 'FOO'
set firewall name FOO rule 10 action 'accept'
set firewall name FOO rule 10 protocol 'tcp'
set firewall name FOO rule 10 tcp flags syn
set firewall name FOO rule 10 tcp mss '1300'

nft

table ip vyos_filter {
	chain VYOS_FW_FORWARD {
		type filter hook forward priority filter; policy accept;
		oifname "l2tp*" counter packets 0 bytes 0 jump NAME_FOO
		jump VYOS_POST_FW
	}
...
	chain NAME_FOO {
		tcp flags & syn == syn tcp option maxseg size 1300 counter packets 0 bytes 0 return comment "FOO-10"
		counter packets 0 bytes 0 drop comment "FOO default-action drop"
	}
}
Dec 6 2022, 2:42 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3499: Podman is not compatible with nat rules.

CNI Plugins compatible with nftables https://github.com/greenpau/cni-plugins/

Dec 6 2022, 2:29 PM · VyOS 1.4 Sagitta
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Dec 6 2022, 1:02 PM · VyOS 1.4 Sagitta
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Dec 6 2022, 1:02 PM · VyOS 1.4 Sagitta
aserkin updated the task description for T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Dec 6 2022, 1:01 PM · VyOS 1.4 Sagitta
aserkin created T4863: need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting).
Dec 6 2022, 1:01 PM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4862: webproxy domain-block does not work from Open to In progress.
Dec 6 2022, 10:15 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
a.apostoliuk created T4862: webproxy domain-block does not work.
Dec 6 2022, 10:15 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
Viacheslav edited projects for T4853: OpenVPN: unable to commit changes when the interface is down/unknown state, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Dec 6 2022, 9:06 AM · VyOS Rolling, Bugs
klase created T4861: Openconnect restart on adding users - Aborts all active connections.
Dec 6 2022, 9:02 AM · VyOS 1.4 Sagitta

Dec 5 2022

fernando closed T4854: BGP-route reflector allows to apply route-maps as Resolved.
Dec 5 2022, 2:31 PM · VyOS 1.4 Sagitta
Viacheslav closed T4860: Openconnect server incorrect unconfigured check as Resolved.
Dec 5 2022, 12:47 PM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX7ce6ad448691: T4860: Verify if mode in openconnect ocserv dict.
Dec 5 2022, 12:23 PM
GitHub <noreply@github.com> committed rVYOSONEXec6aaf72378d: Merge pull request #1693 from sever-sever/T4860 (authored by c-po).
Dec 5 2022, 12:23 PM
Viacheslav changed the status of T4848: Minor bug in OpenConnect server with default route from In progress to Needs testing.

@klase will be fixed in the next rolling release

Dec 5 2022, 11:14 AM · VyOS 1.4 Sagitta
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEXe4befa498740: T4854: route reflector allows to apply route-maps.
Dec 5 2022, 9:58 AM
GitHub <noreply@github.com> committed rVYOSONEX26723840edb0: Merge pull request #1690 from fett0/T4854 (authored by c-po).
Dec 5 2022, 9:58 AM
Viacheslav closed T4804: PPPoE server incorrect unconfigured check as Resolved.
Dec 5 2022, 9:39 AM · VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEX8572e3d6e0d7: T4848: Fix for default route vpn openconnect.
Dec 5 2022, 9:04 AM
GitHub <noreply@github.com> committed rVYOSONEX9b40b4c047f3: Merge pull request #1692 from sever-sever/T4848 (authored by c-po).
Dec 5 2022, 9:04 AM
Viacheslav committed rVYOSONEXc229abf2a7db: T4804: Fix check for PPPoE server local-users.
Dec 5 2022, 9:00 AM
GitHub <noreply@github.com> committed rVYOSONEX31566f8195b7: Merge pull request #1686 from sever-sever/T4804 (authored by c-po).
Dec 5 2022, 9:00 AM

Dec 4 2022

Viacheslav added a comment to T4860: Openconnect server incorrect unconfigured check.

PR https://github.com/vyos/vyos-1x/pull/1693

Dec 4 2022, 1:38 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4860: Openconnect server incorrect unconfigured check from Open to In progress.
Dec 4 2022, 1:12 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4848: Minor bug in OpenConnect server with default route from Open to In progress.
Dec 4 2022, 11:12 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4848: Minor bug in OpenConnect server with default route.

PR https://github.com/vyos/vyos-1x/pull/1692

Dec 4 2022, 11:12 AM · VyOS 1.4 Sagitta
Viacheslav created T4860: Openconnect server incorrect unconfigured check.
Dec 4 2022, 10:06 AM · VyOS 1.4 Sagitta
Viacheslav closed T4825: interfaces veth/veth-pairs -standalone used, a subtask of T4686: Provides support for veth, as Resolved.
Dec 4 2022, 9:20 AM · VyOS 1.4 Sagitta
Viacheslav closed T4825: interfaces veth/veth-pairs -standalone used as Resolved.
Dec 4 2022, 9:20 AM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
Viacheslav closed T4805: PPPoE server does not restart service if pool was changed as Resolved.
Dec 4 2022, 9:12 AM · VyOS 1.4 Sagitta

Dec 3 2022

sarthurdev committed rVYOSONEXf916f40ee9a7: firewall: T478: Fix firewall group circular dependency check.
Dec 3 2022, 2:27 PM
GitHub <noreply@github.com> committed rVYOSONEX1804f1cb1a90: Merge pull request #1691 from sarthurdev/T478 (authored by c-po).
Dec 3 2022, 2:27 PM
sarthurdev added a comment to T478: Firewall address group (multi and nesting).

PR to fix recursion check: https://github.com/vyos/vyos-1x/pull/1691

Dec 3 2022, 11:43 AM · VyOS 1.4 Sagitta
c-po claimed T4792: Add SSTP VPN client.
Dec 3 2022, 7:56 AM · VyOS 1.4 Sagitta
Alfa80 awarded T4792: Add SSTP VPN client a Love token.
Dec 3 2022, 6:14 AM · VyOS 1.4 Sagitta
Viacheslav moved T4858: L3VPN- Route Distinguisher notations from Open to Finished on the VyOS 1.4 Sagitta board.
Dec 3 2022, 2:06 AM · VyOS 1.4 Sagitta

Dec 2 2022

fernando changed the status of T4854: BGP-route reflector allows to apply route-maps from Confirmed to In progress.
Dec 2 2022, 9:44 PM · VyOS 1.4 Sagitta
fernando added a comment to T4854: BGP-route reflector allows to apply route-maps.

PR https://github.com/vyos/vyos-1x/pull/1690

Dec 2 2022, 9:44 PM · VyOS 1.4 Sagitta
fernando closed T4858: L3VPN- Route Distinguisher notations as Resolved.
Dec 2 2022, 8:22 PM · VyOS 1.4 Sagitta
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEXfdeb731f831f: T4858: Fix l3vpn Route Distinguisher validator.
Dec 2 2022, 7:04 PM
GitHub <noreply@github.com> committed rVYOSONEX71aecaa50fb2: Merge pull request #1688 from fett0/T4858 (authored by c-po).
Dec 2 2022, 7:04 PM
Viacheslav committed rVYOSONEX63c18aefa85f: T4805: Restart pppoe-server if client pool was changed.
Dec 2 2022, 7:01 PM
GitHub <noreply@github.com> committed rVYOSONEX3ef14453e068: Merge pull request #1685 from sever-sever/T4805 (authored by c-po).
Dec 2 2022, 7:01 PM
Viacheslav committed rVYOSONEX94f345340f69: T4825: Verify if you are trying to add a new vethX to exists pair.
Dec 2 2022, 7:00 PM
GitHub <noreply@github.com> committed rVYOSONEX1c792052d435: Merge pull request #1687 from sever-sever/T4825 (authored by c-po).
Dec 2 2022, 7:00 PM
jestabro closed T4820: Support for inter-config-mode script dependencies as Resolved.
Dec 2 2022, 6:37 PM · VyOS 1.4 Sagitta
jestabro closed T4859: Correct calling of config mode script dependencies from http-api.py, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.
Dec 2 2022, 6:36 PM · VyOS 1.4 Sagitta
jestabro closed T4859: Correct calling of config mode script dependencies from http-api.py as Resolved.
Dec 2 2022, 6:36 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEX579e9294075d: http-api: T4859: correct calling of script dependencies from http-api.py.
Dec 2 2022, 6:36 PM
GitHub <noreply@github.com> committed rVYOSONEX8cdc6aea127c: Merge pull request #1689 from jestabro/config-script-dependency (authored by jestabro).
Dec 2 2022, 6:36 PM
fernando added a comment to T4858: L3VPN- Route Distinguisher notations .

PR : https://github.com/vyos/vyos-1x/pull/1688

Dec 2 2022, 6:10 PM · VyOS 1.4 Sagitta
fernando changed the status of T4858: L3VPN- Route Distinguisher notations from Open to In progress.
Dec 2 2022, 6:09 PM · VyOS 1.4 Sagitta
jestabro updated the task description for T4820: Support for inter-config-mode script dependencies.
Dec 2 2022, 5:30 PM · VyOS 1.4 Sagitta
jestabro added a parent task for T4859: Correct calling of config mode script dependencies from http-api.py: T4820: Support for inter-config-mode script dependencies.
Dec 2 2022, 5:21 PM · VyOS 1.4 Sagitta
jestabro added a subtask for T4820: Support for inter-config-mode script dependencies: T4859: Correct calling of config mode script dependencies from http-api.py.
Dec 2 2022, 5:21 PM · VyOS 1.4 Sagitta
jestabro triaged T4859: Correct calling of config mode script dependencies from http-api.py as Normal priority.
Dec 2 2022, 5:21 PM · VyOS 1.4 Sagitta
fernando claimed T4858: L3VPN- Route Distinguisher notations .
Dec 2 2022, 5:03 PM · VyOS 1.4 Sagitta
n.fort changed the status of T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?) from Unknown Status to Resolved.
Dec 2 2022, 4:19 PM · VyOS 1.3 Equuleus (1.3.3)
n.fort closed T1024: Policy Based Routing by DSCP as Resolved.
Dec 2 2022, 4:14 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
n.fort claimed T4839: Dynamic Firewall groups.
Dec 2 2022, 4:12 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort closed T4830: nat66 - Error in port translation rules as Resolved.
Dec 2 2022, 4:09 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4857: SNMP - Implement FRR SNMP recommendations.

We can do it the same way

vyos@r1# set service snmp oid-enable 
Possible completions:
   route-table          Enable routing table OIDs (ipCidrRouteTable inetCidrRouteTable)

so by default they should be disabled

Dec 2 2022, 3:14 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4825: interfaces veth/veth-pairs -standalone used.

PR https://github.com/vyos/vyos-1x/pull/1687

Dec 2 2022, 2:34 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
fernando created T4858: L3VPN- Route Distinguisher notations .
Dec 2 2022, 2:32 PM · VyOS 1.4 Sagitta
n.fort added a project to T2998: SNMP v3 oid "exclude" option doesn't work: VyOS 1.4 Sagitta.
Dec 2 2022, 2:26 PM · VyOS 1.4 Sagitta (1.4.0-epa2), VyOS 1.3 Equuleus (1.3.7)
n.fort added a comment to T2998: SNMP v3 oid "exclude" option doesn't work.

Error also present in vyos-1.4-rolling-202212020318

Dec 2 2022, 2:25 PM · VyOS 1.4 Sagitta (1.4.0-epa2), VyOS 1.3 Equuleus (1.3.7)
n.fort changed the status of T4857: SNMP - Implement FRR SNMP recommendations from Open to Confirmed.
Dec 2 2022, 1:38 PM · VyOS 1.4 Sagitta
n.fort created T4857: SNMP - Implement FRR SNMP recommendations.
Dec 2 2022, 1:37 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4825: interfaces veth/veth-pairs -standalone used.

Verify if you are trying to add a new vethX to exists pair (veth12 link to veth0 should be RaiseConfigerror)

set interfaces virtual-ethernet veth0 peer-name 'veth1'
set interfaces virtual-ethernet veth1 peer-name 'veth0'
set interfaces virtual-ethernet veth12 peer-name 'veth0'
commit

commit

vyos@r1# commit
[ interfaces virtual-ethernet veth12 ]
{'ifname': 'veth12',
 'other_interfaces': {'veth0': {'peer_name': 'veth1'},
                      'veth1': {'peer_name': 'veth0'},
                      'veth12': {'peer_name': 'veth0'}},
 'peer_name': 'veth0'}
VyOS had an issue completing a command.
Dec 2 2022, 1:03 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
Viacheslav added a comment to T4804: PPPoE server incorrect unconfigured check.

PR https://github.com/vyos/vyos-1x/pull/1686

Dec 2 2022, 12:09 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4767: replace sh to Python (generate_ipsec_debug_archive.sh) from In progress to Needs testing.
Dec 2 2022, 9:46 AM
c-po committed rVYOSONEXc2a5957a942c: op-mode: T4767: drop sudo calls.
Dec 2 2022, 8:45 AM
Unknown Object (User) committed rVYOSONEX4245fd8fb105: T4767: Rewrite generate ipsec archive to python.
Dec 2 2022, 8:41 AM
GitHub <noreply@github.com> committed rVYOSONEXaec5295551ef: Merge pull request #1646 from mkorobeinikov/4767py (authored by c-po).
Dec 2 2022, 8:41 AM

Dec 1 2022

Viacheslav claimed T4848: Minor bug in OpenConnect server with default route.
Dec 1 2022, 10:38 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4856: DHCP-client exit hook for IPsec is incorrect.
Dec 1 2022, 4:47 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4856: DHCP-client exit hook for IPsec is incorrect.
Dec 1 2022, 4:47 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4856: DHCP-client exit hook for IPsec is incorrect.
Dec 1 2022, 4:46 PM · VyOS 1.4 Sagitta
Viacheslav created T4856: DHCP-client exit hook for IPsec is incorrect.
Dec 1 2022, 4:34 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4805: PPPoE server does not restart service if pool was changed.

PR https://github.com/vyos/vyos-1x/pull/1685

Dec 1 2022, 4:16 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEXe96e629fab39: ci: T4748: add hyphen and underscore for subject name.
Dec 1 2022, 2:37 PM
jestabro claimed T4770: Rewrite OpenVPN op-mode to vyos.opmode format.
Dec 1 2022, 2:27 PM · VyOS 1.4 Sagitta
dmbaturin created T4855: Trying to create more than one tunnel of the same type to the same address causes unhandled exception.
Dec 1 2022, 1:55 PM · VyOS 1.3 Equuleus (1.3.4)
jestabro closed T4847: Correct calling of config mode script dependencies from pki.py, a subtask of T4820: Support for inter-config-mode script dependencies, as Resolved.
Dec 1 2022, 1:26 PM · VyOS 1.4 Sagitta
jestabro closed T4847: Correct calling of config mode script dependencies from pki.py as Resolved.
Dec 1 2022, 1:26 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEX40bd9294ddcd: conf-mode: T4820: add support for tagnode argument.
Dec 1 2022, 1:20 PM
jestabro committed rVYOSONEXa90f537a5f88: conf-mode: T4820: add full type hints.
Dec 1 2022, 1:20 PM
jestabro committed rVYOSONEXa0c97e33f59a: pki: T4847: fix typos.
Dec 1 2022, 1:20 PM
jestabro committed rVYOSONEX2ef945cbb00f: pki: T4847: add config-mode script dependencies.
Dec 1 2022, 1:20 PM
First
Prev
Next