The quickfix is to add a space for your paths so something that looks like /usr/local/bin if cloudflare blocks that you just add a space after the first / and the WAF is bypassed.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 22 2023
Sep 22 2023
GitHub <noreply@github.com> committed rVYOSONEX1f6b7168af0d: Merge pull request #2299 from vyos/mergify/bp/sagitta/pr-2294 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX7253377e754e: Merge pull request #2298 from jestabro/disk-by-id (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX7e16cea1897e: Merge pull request #2292 from vyos/mergify/bp/sagitta/pr-2289 (authored by c-po).
Sep 21 2023
Sep 21 2023
indrajitr updated the task description for T5574: Support per-service cache management for dynamic dns providers.
Viacheslav moved T5576: Add bgp remove-private-as all option from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T5576: Add bgp remove-private-as all option from Open to Finished on the VyOS 1.5 Circinus board.
n.fort changed the status of T5594: VRRP - Error if using IPv6 Link Local as hello source address from In progress to Needs testing.
Apachez added a comment to rVYOSONEXa4aad112042b: frr: T5591: hint about daemons that always run and can't be disabled.
Ehm, that hint already exists at line 2 of that file?
sarthurdev changed the status of T5376: Conntrack FTP helper does not work properly from Open to Confirmed.
sarthurdev changed the status of T5598: unknown parameter 'nf_conntrack_helper' ignored from Open to Confirmed.
This is likely also the issue causing T5376
Viacheslav moved T5590: Firewall "log enable" logs every packet from Open to Finished on the VyOS 1.5 Circinus board.
GitHub <noreply@github.com> committed rVYOSONEXd9d2b2b96b37: frr: T5591: cleanup of daemons file (authored by Apachez).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXefc1f296826c: T5602: Reverse-proxy add option backup for backend server (authored by Viacheslav).
GitHub <noreply@github.com> committed rVYOSONEXcb06343979c0: Merge pull request #2294 from sever-sever/T5602 (authored by c-po).
Sep 20 2023
Sep 20 2023
Great, Thanks!
jestabro triaged T5608: Rewrite add/delete raid member to Python and remove from vyatta-op as Normal priority.
jestabro triaged T5607: Adjust RAID smoketest for non-deterministic SCSI device probing as Normal priority.
GitHub <noreply@github.com> committed rVYOSONEX11edfade9f5b: Merge pull request #2297 from vyos/mergify/bp/sagitta/pr-2296 (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX398fb266101c: openvpn: T5269: add a deprecation warning for shared-secret (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEXf9fd136402e8: Merge pull request #2296 from dmbaturin/T5269-deprecate-shared-secret (authored by c-po).
Oops, sorry about that!
@Apachez It is not FQDN based
Should I ask this to you.
In T5601#160566, @vvinci00 wrote:Hello,
I need to reverse proxy TCP traffic.
the traffic is not HTTP/HTTPS
Apachez added a comment to T5604: List of debian archives is out of date (non-free-firmware is missing).
PR created: https://github.com/vyos/vyos-build/pull/418
Contact our sales or ask forum
It's possible to use VyOS as reverse proxy on TCP traffic (not HTTP)?
if yes, what configuration it's necessary?
if not, do you know any solutions that can help me?
In T5601#160566, @vvinci00 wrote:Hello,
I need to reverse proxy TCP traffic.
the traffic is not HTTP/HTTPS
I need to reverse proxy TCP traffic.
the traffic is not HTTP/HTTPS
dmbaturin closed T5271: Add support for peer-fingerprint to OpenVPN, a subtask of T5269: OpenVPN non-TLS site-to-site mode deprecation, as Resolved.
Viacheslav moved T5241: Support veth interfaces to working with netns from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved T5241: Support veth interfaces to working with netns from Finished to Backlog on the VyOS 1.4 Sagitta board.
Viacheslav closed T5238: interface virtual-etherne - error when it doesn't use a peer , a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
set netns name mgmt
set interfaces virtual-ethernet veth1 address '10.0.0.0/31'
set interfaces virtual-ethernet veth1 peer-name 'veth10'
set interfaces virtual-ethernet veth10 address '10.0.0.1/31'
set interfaces virtual-ethernet veth10 netns 'mgmt'
set interfaces virtual-ethernet veth10 peer-name 'veth1'
Viacheslav closed T5241: Support veth interfaces to working with netns, a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
PR https://github.com/vyos/vyos-1x/pull/2295
set system sysctl parameter net.ipv4.tcp_syncookies value '1' set system sysctl parameter net.ipv4.tcp_timestamps value '1'
dmbaturin updated the task description for T5605: Do not generate keysize option in OpenVPN configs.
Viacheslav changed the status of T5602: For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration from Open to In progress.
Viacheslav renamed T5599: Firewall unexpectedly changes some sysctl options from Firwall unexpectedly changes some sysctl options to Firewall unexpectedly changes some sysctl options.
Viacheslav changed the status of T4502: Consider implementing (NAT/other) flow table offload from Open to Needs testing.
You do not use port 80/443, so it does not have HTTP-HEADER (in theory).
service LB_port_451 {
listen-address 10.1.1.1
mode tcp
port 451Try to change to port 80 and check if it works.
You need another solution/configuration
GitHub <noreply@github.com> committed rVYOSONEXb52cf1b7b3bc: Merge pull request #2293 from sarthurdev/conntrack_flowtable (authored by c-po).
Sep 19 2023
Sep 19 2023
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
Some highly unscientific tests (only did 3 reboots of each to rule out that any uncached data at the host would affect the result since I run this in a VM through VirtualBox 7.0) shows a difference of up to 2.1% improvment when having a config with 200 static routes.
Parent task is completed - Bugs will get their own subtask and linked to this parent if possible.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Finished to In Progress on the VyOS 1.5 Circinus board.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Finished to In Progress on the VyOS 1.4 Sagitta board.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5239: Host name and domain name missing from the FRR configuration from Open to Finished on the VyOS 1.5 Circinus board.
c-po added a project to T5239: Host name and domain name missing from the FRR configuration: VyOS 1.5 Circinus.
This should fix the hostname issue reported to BGP neighbors: https://github.com/vyos/vyos-1x/pull/2289
c-po moved T5596: bgp: add new features from FRR 9 from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved T5588: Add kernel conntrack_bridge module from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T5596: bgp: add new features from FRR 9 from Open to Finished on the VyOS 1.4 Sagitta board.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXe8581998c2bf: init: T5239: configure system hostname prior to FRR startup (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXbdb00d1c781f: utils: T5239: add low-level read from config.boot (authored by jestabro).
c-po committed rVYOSONEX56d3f75de487: utils: T5239: add low-level read from config.boot (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEX483482f16133: Merge pull request #2289 from c-po/t5239-frr (authored by c-po).
In T4502#160404, @Apachez wrote:Perhaps a possible way to detect if the nic supports hardware flowtables or not.
Try to set sudo ethtool -K eth0 hw-tc-offload on.
If the result becomes:
Actual changes: hw-tc-offload: off [requested on] Could not change any device featuresThen it doesnt support hardware flowtables.
Could also verify by reading the capability like so:
$ ethtool -k eth0 | grep hw-tc-offload hw-tc-offload: off [fixed]
Perhaps a possible way to detect if the nic supports hardware flowtables or not.
n.fort renamed T5600: Firewall - Remove or extend constraint on 'interface-name' from Firewall - Remove contraint on 'interface-name' to Firewall - Remove or extend constraint on 'interface-name'.
Some feedback from the #netfilter channel over at libera.chat:
n.fort changed the status of T5600: Firewall - Remove or extend constraint on 'interface-name' from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEX78e07ec57102: Merge pull request #2290 from vyos/mergify/bp/sagitta/pr-2285 (authored by dmbaturin).
Apachez added a comment to T5388: Something is fishy with commit and boot times when more than a few hundred static routes are being used.
I got some funny results which I hope somebody else (with a faster cpu) are able to verify?