As I said, this happens with any config that includes route maps
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 13 2023
Apr 13 2023
Unknown Object (User) added a comment to T5155: restart bgp daemon throws route-map error.
jestabro changed the status of T2612: HTTPS API, changing API key fails but goes through from On hold to Open.
Self-configuration of the http-api calls a service restart from the config mode script: some re-configuration should be possible without restart; the remaining should provide an explanatory 'success' response. Move to high-priority to address.
jestabro edited projects for T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups, added: VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).
jestabro edited projects for T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).
jestabro edited projects for T3022: Allow to provide custom TLS certificates for the HTTP virtual hosts, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).
This is available in Sagitta thanks to the PKI subsystem; backport depends on backport of that subsystem.
Thanks for clarifying. Yes , I also saw the possibility of extending role based IAM to add on-premise image (that could be interesting for VyOS).
Could you share configuration ? where attached RM and BGP settings:
We can add guidelines about running vyos on LXC/LXD in the documentation
Must run in physical NIC pass-through mode
It is recommended to execute the container in privileged mode
This is currently only an initial implementation!
jestabro edited projects for T2554: Failsafe reboot timer, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.3).
This should be implemented under the rewrite of system-image-tools:
https://vyos.dev/T4516
This has not been seen subsequently. Close unless recurrence.
jestabro raised the priority of T4320: Remove legacy version files in vyatta-cfg-system/cfg-version from Wishlist to Normal.
Discussed, and ready to be implemented shortly.
jestabro edited projects for T4146: Nginx should not listen on port 80, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).
jestabro edited projects for T2289: Denest cerbot certificate configuration from service https, added: VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).
Related to T3651.
jestabro edited projects for T3651: Move certbot request to op-mode, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).
This will be integrated with the PKI subsystem, using the ideas there.
Unknown Object (User) added a comment to T425: AWS CloudWatch monitoring scripts.
- In order to apply SSM auto-configuration of the CloudWatch agent, an SSM agent must be installed that installs the CloudWatch agent with the necessary configuration. Currently, there is no SSM agent inside VyOS AWS images, and I haven't heard anything about willingness to include it.
- The amazon-cloudwatch-agent package has only one dependency, libc6. Therefore, it does not need the aws-cli to be configured or set up at all.
- Granting access to the CloudWatch service from an EC2 instance is done by applying the corresponding IAM role to the instance. While it is possible to do this via manual credential input, it is an unwanted practice inside AWS.
- The possible scenario of sending data to CloudWatch out of AWS is unique and requires another Phorge task, I think.
@unity when you need AWS credential , will they be automatically deployed from SSM or will we have to add those credentials in the virtual machine? ? shouldn't aws-cli be integrated?
Unknown Object (User) updated the task description for T5155: restart bgp daemon throws route-map error.
Unknown Object (User) created T5155: restart bgp daemon throws route-map error.
GitHub <noreply@github.com> committed rVYOSONEX0439599a8e31: Merge pull request #1943 from c-po/t5150-frr (authored by dmbaturin).
jestabro moved T3608: Standardize warnings from configure scripts from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Viacheslav moved T4939: VRRP command no-preempt not work as expected from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Viacheslav moved T4939: VRRP command no-preempt not work as expected from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T4727: Add RADIUS rate limit support to PPTP server from Open to Finished on the VyOS 1.4 Sagitta board.
marc_s added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
@Viacheslav confirmed working.
@Viacheslav Confirmed fixed, thank you.
mkorobeinikov <92354771+mkorobeinikov@users.noreply.github.com> committed rVYOSONEXf14de93cdb1d: T5137: refactoring the tech-support command.
GitHub <noreply@github.com> committed rVYOSONEX477f00bd7d95: Merge pull request #1930 from mkorobeinikov/current (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX0cadfa1e1dea: Merge pull request #1935 from indrajitr/pdns-round3 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX65278fa76c07: Merge pull request #1952 from sever-sever/T4727 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX94a6fb73d248: Merge pull request #1954 from sever-sever/T5152-eq (authored by c-po).
Apr 12 2023
Apr 12 2023
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEX56a762fc6c21: T4939: backport VRRP startup delay.
fett0 <fernando.gmaidana@gmail.com> committed rVYOSONEX930a2276811d: T4939: fixed template VRRP startup delay.
GitHub <noreply@github.com> committed rVYOSONEX30263ab26b8a: Merge pull request #1951 from fett0/T4939 (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEX4d5bc8259053: Merge branch 'vyos:current' into current (authored by Cheeze-It <16260577+Cheeze-It@users.noreply.github.com>).
GitHub <noreply@github.com> committed rVYOSONEXf0c274a2187a: Merge pull request #1904 from Cheeze-It/current (authored by c-po).
Unknown Object (User) added a comment to T425: AWS CloudWatch monitoring scripts.
I've created the PR https://github.com/vyos/vyos-documentation/pull/987 as a temporary explanation for users on how to preserve CloudWatch Agent configuration in a semi-automated way, using the SSM Parameter Store.
The firewall for ocserv is handled by https://gitlab.com/openconnect/ocserv/-/blob/master/src/ocserv-fw and uses iptables by default
Supporting (draft) PR and minor fixes linked in PR:
https://github.com/vyos/vyos-1x/pull/1768
@Harliff Could you re-check?
Viacheslav moved T5152: Telegraf agent hostname isn't qualified from Open to Finished on the VyOS 1.4 Sagitta board.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1954
In T5153#146789, @Viacheslav wrote:Could you send sudo nft list ruleset ?
PeppyH updated the task description for T5153: OpenConnect route restriction via iptables is ignored.
Apr 11 2023
Apr 11 2023
GitHub <noreply@github.com> committed rVYOSONEXc04976f3ccfb: Merge pull request #1953 from sever-sever/T4727-curr (authored by c-po).
Viacheslav edited projects for T5152: Telegraf agent hostname isn't qualified, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1952
PR for 1.4 fix https://github.com/vyos/vyos-1x/pull/1953
Viacheslav changed the subtype of T4727: Add RADIUS rate limit support to PPTP server from "Task" to "Feature Request".
Viacheslav changed the status of T5152: Telegraf agent hostname isn't qualified from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX14582acd1c7d: Merge pull request #1950 from sever-sever/T5152 (authored by c-po).
For 1.4 rate-limit in the wrong place
set vpn pptp remote-access authentication rate-limit
Expected in the radius section:
set vpn pptp remote-access authentication radius rate-limit
Yes, I forgot to add this task. I'll make the PR
@n.fort Could you add PR for 1.3?
@fernando Could you add PR for 1.3?
Viacheslav changed the status of T5152: Telegraf agent hostname isn't qualified from Open to In progress.
Viacheslav added projects to T5153: OpenConnect route restriction via iptables is ignored: VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta.
Could you send sudo nft list ruleset ?
In T4891#139693, @RyVolodya wrote:I reproduced this configuration. Version VyOS 1.4-rolling-202212270317 - BFD works fine.
Configuration:
set interfaces ethernet eth0 address '10.221.3.18/30' set interfaces ethernet eth0 mtu '9000' set interfaces ethernet eth0 offload gro set interfaces ethernet eth0 offload gso set interfaces ethernet eth0 offload sg set interfaces ethernet eth0 offload tsoBFD peer status:
BFD Peers: peer 10.221.3.17 vrf default ID: 2428685750 Remote ID: 2382320760 Active mode Status: up Uptime: 30 minute(s), 19 second(s) Diagnostics: ok Remote diagnostics: ok Peer Type: configured RTT min/avg/max: 0/0/0 usec Local timers: Detect-multiplier: 5 Receive interval: 100ms Transmission interval: 100ms Echo receive interval: 50ms Echo transmission interval: disabled Remote timers: Detect-multiplier: 5 Receive interval: 100ms Transmission interval: 100ms Echo receive interval: 50ms [edit]Try upgrading the VyOS to the latest version.
Apr 10 2023
Apr 10 2023
Viacheslav changed the status of T5012: Control network configuration from Cloud-Init config from In progress to Needs testing.
Fixed in T5047
Viacheslav changed the status of T5065: Mixing `destination port xxx` and `destination group port-group yyy` in firewall rules doesn't work, but can be commited from In progress to Needs testing.