Added requested config option to Kernel for 1.4
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 30 2023
Apr 30 2023
If I pre-load my zone firewall with the new interface format (pod-$containerName) and upgrade to vyos-1.4-rolling-202304290647, it seems to upgrade seamlessly
Apr 29 2023
Apr 29 2023
@carazzim0 good find, I updated that and now everything appears to be working again!
Viacheslav moved T4971: Radius attribute "Framed-Pool" for PPPoE from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Viacheslav added a project to T4971: Radius attribute "Framed-Pool" for PPPoE: VyOS 1.3 Equuleus (1.3.3).
Wouldn't it make sense to add iptables as a direct dependency then? Looking back at Debian Bullseye, iptables was still a direct dependency to the podman package. But as of Debian Bookworm, iptables is just a suggested package to podman.
root@bullseye:/# apt-cache depends podman | grep iptables Depends: iptables
GitHub <[email protected]> committed rVYOSONEX0ac716ba64a4: Merge pull request #1967 from fett0/T5161 (authored by c-po).
c-po committed rVYOSONEX4c0164755a5d: static: T5161: add BFD monitoring for static IPv6 routes (authored by fett0 <[email protected]>).
c-po committed rVYOSONEXc5af4d398a77: static: T5161: add BFD monitoring for static routes (authored by fett0 <[email protected]>).
In either case when trying to PING or TRACEROUTE from a device on my LAN network I can PING and TRACEROUTE 192.168.254.2.
No iptables installed, and also no vyos-1x-smoketest package.
Apr 28 2023
Apr 28 2023
I was able to reproduce the issue in the lab. In order to avoid an automatic assignment of RD after the interface flap, you could add a dummy or loopback interface to the vrf and define it as router-id in your existing configuration, For example:
I want to describe my issues but I am not able to do so very easily since I don't have ipmi on my router.
I updated one of my servers to the latest rolling:
[email protected]:~$ show version Version: VyOS 1.4-rolling-202304280615 <-- 28.04.2023 Release train: current
can you add some more detials? I just used your above container config and upgraded from a VyOS version that came with CNI to a version with netavark and I do not see that error.
netavark was added 2023-04-02.
Viacheslav added a comment to T5171: Use XML for conf-mode "load-balancing wan" instead of legacy templates.
I made an attempt at integrating openvpn-dco into the build here https://github.com/spion06/vyos-build/tree/ovpn-dco. This works fine for me in my testing so far. The kernel module loaded, verified in the logs that it detected and used the dco tunnel. I'm not super familiar with the build system or what else would need to be done for contributing this. I'm just and end-user who would like to see this feature :)
Apr 27 2023
Apr 27 2023
zsdc changed the status of T5190: Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0 from Open to In progress.
c-po moved T5010: bgp: EVPN route-target not honored from Open to Finished on the VyOS 1.4 Sagitta board.
Your CLI config is valid in general but FRR will refuse it with the error message: This command is only supported under EVPN VRF
GitHub <[email protected]> committed rVYOSONEXc2e8bbc64a5c: Merge pull request #1972 from sever-sever/T5181 (authored by c-po).
Viacheslav edited projects for T5188: Update Intel igc driver for improved 2.5 GbE support, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Dear Jestabro,
i built an updated docker image and a new ISO, i do confirm now IPv6 is working correctly.
GitHub <[email protected]> committed rVYOSONEX5875f9a5e365: Merge pull request #1721 from dmbaturin/T4888-conntrack-sync-op-mode (authored by jestabro).
jestabro changed the status of T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0 from Unknown Status to Resolved.
jestabro changed the status of T5176: http-api: update vyos-http-api-tools for FastAPI security vulnerability, a subtask of T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0, from Unknown Status to Resolved.
jestabro changed the status of T5176: http-api: update vyos-http-api-tools for FastAPI security vulnerability from Unknown Status to Resolved.
GitHub <[email protected]> committed rVYOSONEX2c5307d42e0d: Merge pull request #1969 from jestabro/eq-multipart-parser (authored by dmbaturin).
Ok, if we merge the patch (backported to frr v8.5), this task can be close.
Viacheslav reopened T5181: Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd as "Needs testing".
Viacheslav edited projects for T5186: QoS test cannot pass for 1.3, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.4 Sagitta.
I think the only solution is to use network namespaces
https://docs.strongswan.org/docs/5.9/howtos/nameSpaces.html
Usernames usually take the following format: abc-1234-12
Passwords are a combination of alphanumeric characters.
In T5116#147640, @c-po wrote:Do you know how to tell Linux to use nameservers within a VRF?
What you mean IPSec/OpenVPN "punch a tunnel through a VRF" ? So the underlay should run via a VRF? source-interface binding does not work?
Apr 26 2023
Apr 26 2023
Thanks for opening the task; note that Viacheslav had opened
https://vyos.dev/T5185
as well, and the updates on the now fixed issue can be found there. This task can be merged into that one and closed.
Merged and repos updated, so this will be in the next nightly build. Note that for a local build, one will need an updated Docker image for the update to vyos1x-config.
Do you know how to tell Linux to use nameservers within a VRF?
What you mean IPSec/OpenVPN "punch a tunnel through a VRF" ? So the underlay should run via a VRF? source-interface binding does not work?
c-po moved T5132: Operational command "show isis vrf XXX route | neighbord" aren't working from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5134: Try if netavark networks can be moved to a VRF instance from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5174: vrf: ensure no duplicate VNIs can be created from Open to In Progress on the VyOS 1.4 Sagitta board.
c-po moved T4998: pppoe username validation too restrictive (regression) from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5114: bgp: implement new CLI commands introduced in FRR 8.5 from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T366: SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5170: Relocate ntp config path in config.boot.default from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5075: QoS removes interface mirror/redirect rules from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5178: Fix missed case in multi_to_list conversion from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro changed the status of T5185: Static IPv6 route with blackhole fails from Open to In progress.
This is a simple bug in the recently introduced configtree node name comparison function; fixed and should be in next rolling.
Do you have users/passwords with specsymbols or not utf-8 or some ascii symbols?
hmmm very strange.... here is my configuration (IP addresses removed):
Could you provide l2tp configuration? show conf com | match l2tp
I cannot reproduce it
vyos@r14:~$ vyos@r14:~$ show l2tp-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes --------+----------+--------------+-----+--------+---------------+------------+--------+----------+----------+---------- l2tp0 | alice | 100.64.203.0 | | | 192.168.122.1 | | active | 00:00:10 | 246 B | 208 B vyos@r14:~$ vyos@r14:~$ vyos@r14:~$ show version Version: VyOS 1.4-rolling-202304261027 Release train: current
@Viacheslav It hangs for a while and then eventually the following output: