Page MenuHomeVyOS Platform
Feed All Stories

All Stories
Use Results
Edit Query

Oct 13 2023

n.fort changed the status of T5541: Zone-Based Firewalling in VyOS Sagitta 1.4 from Open to In progress.
Oct 13 2023, 2:10 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
JeffWDH added a comment to T5652: Config migrate to image upgrade does not properly generate home directory.

I had a similar issue going from 1.5-rolling-202309250022 to 1.5-rolling-202310090023.

Oct 13 2023, 12:10 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
a.apostoliuk changed the status of T5254: Modification of any interface setting sets MTU back to default when MTU has been inherited from a bond from In progress to Needs testing.
Oct 13 2023, 9:09 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav created T5654: Migrate policy local-route.
Oct 13 2023, 7:47 AM · VyOS Rolling
GitHub <noreply@github.com> committed rVYOSONEX688bde775690: Merge pull request #2350 from vyos/mergify/bp/sagitta/pr-2349 (authored by c-po).
Oct 13 2023, 5:33 AM
fsbof created T5653: Command to display fingerprint.
Oct 13 2023, 1:31 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
fsbof updated fsbof.
Oct 13 2023, 1:09 AM

Oct 12 2023

jestabro moved T5649: vyos-1x should generate XML cache after building command templates for less cryptic error on typo from Open to Finished on the VyOS 1.4 Sagitta board.
Oct 12 2023, 6:57 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
jestabro closed T5649: vyos-1x should generate XML cache after building command templates for less cryptic error on typo as Resolved.
Oct 12 2023, 6:56 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
GitHub <noreply@github.com> committed rVYOSONEX4c062a3217d0: Merge pull request #2360 from vyos/mergify/bp/sagitta/pr-2358 (authored by jestabro).
Oct 12 2023, 6:56 PM
Apachez added a comment to T5651: chain FW_CONNTRACK incorrectly use accept as action.

Then this task can be set to closed and invalid :-)

Oct 12 2023, 6:54 PM · VyOS 1.5 Circinus
Apachez added a comment to T5498: fsck during boot doesnt work.

PR updated: https://github.com/vyos/vyos-build/pull/435

Oct 12 2023, 6:46 PM · VyOS Rolling, Bugs
sarthurdev closed T5651: chain FW_CONNTRACK incorrectly use accept as action as Invalid.

If you don't use the firewall (statefully at least) then it will go through the FW_CONNTRACK chain and the NAT_CONNTRACK and/or WLB_CONNTRACK chains will be reached, or fall through to the notrack.

Oct 12 2023, 6:29 PM · VyOS 1.5 Circinus
Apachez reopened T5651: chain FW_CONNTRACK incorrectly use accept as action as "Open".

But the NAT_CONNTRACK and WLB_CONNTRACK chains are never evaluted because FW_CONNTRACK always set action to accept?

Oct 12 2023, 6:18 PM · VyOS 1.5 Circinus
gmurphy42 created T5652: Config migrate to image upgrade does not properly generate home directory.
Oct 12 2023, 5:56 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
zsdc changed the status of T5232: Flow-accounting uacctd.service cannot restart correctly from Open to In progress.

PR: https://github.com/vyos/vyos-1x/pull/2361

Oct 12 2023, 5:31 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
zsdc changed the status of T5233: Op-mode flow-accounting netflow with disable-imt errors from Open to In progress.

This should fix the problem: https://github.com/vyos/vyos-1x/pull/2361

Oct 12 2023, 5:30 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
sarthurdev closed T5651: chain FW_CONNTRACK incorrectly use accept as action as Invalid.

That is how the conntrack enabling system works. FW_CONNTRACK verdict is set to accept when it is determined the firewall needs conntracking (state rules, flowtable etc.), same for NAT_/WLB_ chains. If none require conntrack - all chains will be return and it falls down the chain to the final notrack and conntrack is not enabled.

Oct 12 2023, 5:29 PM · VyOS 1.5 Circinus
Apachez created T5651: chain FW_CONNTRACK incorrectly use accept as action.
Oct 12 2023, 5:05 PM · VyOS 1.5 Circinus
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXea35feb50082: xml: T5649: catch errors from schema validation before generating cache (authored by jestabro).
Oct 12 2023, 5:03 PM
devon committed rVYOSONEXdf6ced3811eb: ldpd: T5648: Fix ldpd template errors.
Oct 12 2023, 5:01 PM
GitHub <noreply@github.com> committed rVYOSONEXc4bea386c662: Merge pull request #2357 from devon-mar/ldpd-template-errors (authored by c-po).
Oct 12 2023, 5:01 PM
jestabro committed rVYOSONEX126a67ade9cd: xml: T5649: catch errors from schema validation before generating cache.
Oct 12 2023, 5:00 PM
GitHub <noreply@github.com> committed rVYOSONEXbf0ade04be9f: Merge pull request #2358 from jestabro/schema-check (authored by c-po).
Oct 12 2023, 5:00 PM
erkin added a subtask for T3356: Script for remote file transfers: T5650: Progressbars suffer from staircasing effect.
Oct 12 2023, 4:40 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
erkin added a parent task for T5650: Progressbars suffer from staircasing effect: T3356: Script for remote file transfers.
Oct 12 2023, 4:40 PM · VyOS 1.4 Sagitta
erkin created T5650: Progressbars suffer from staircasing effect.
Oct 12 2023, 4:40 PM · VyOS 1.4 Sagitta
jestabro committed rVYOSONEXe65117532b48: openvpn: T5634: fix permissions on migration file.
Oct 12 2023, 3:27 PM
a.apostoliuk committed rVYOSONEXaa0282ceb379: bonding: T5254: Fixed changing ethernet when it is a bond member.
Oct 12 2023, 2:36 PM
GitHub <noreply@github.com> committed rVYOSONEXe55f07932349: Merge pull request #2277 from aapostoliuk/T5254-1-sagitta (authored by dmbaturin).
Oct 12 2023, 2:36 PM
JeffWDH added a comment to T5647: Extend failover route functionality to use dynamically assigned interface next hops.

An additional "nice to have" would be a hook that runs on route state change.
Examples:

set protocols failover route 0.0.0.0/0 next-hop 100.100.100.1 hook '/config/scripts/failover-hook-100.100.100.1'
Oct 12 2023, 1:53 PM · VyOS Rolling
jestabro added projects to T5649: vyos-1x should generate XML cache after building command templates for less cryptic error on typo: VyOS 1.5 Circinus, VyOS 1.4 Sagitta.
Oct 12 2023, 1:45 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
jestabro triaged T5649: vyos-1x should generate XML cache after building command templates for less cryptic error on typo as Normal priority.
Oct 12 2023, 1:37 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
jestabro committed rVYOSONEX227e3f2876e5: openvpn: T5634: fix typo.
Oct 12 2023, 1:19 PM
Viacheslav updated the task description for T5647: Extend failover route functionality to use dynamically assigned interface next hops.
Oct 12 2023, 10:54 AM · VyOS Rolling
Viacheslav removed a project from T1237: Static Route Path Monitoring, failover: VyOS 1.3 Equuleus (1.3.3).
Oct 12 2023, 6:31 AM · VyOS 1.4 Sagitta
Viacheslav moved T1237: Static Route Path Monitoring, failover from Open to Finished on the VyOS 1.4 Sagitta board.
Oct 12 2023, 6:31 AM · VyOS 1.4 Sagitta
devon claimed T5648: ldpd neighbour template errors.

PR: https://github.com/vyos/vyos-1x/pull/2357

Oct 12 2023, 5:53 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
devon created T5648: ldpd neighbour template errors.
Oct 12 2023, 5:49 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
jestabro claimed T5644: Firewall groups deletion can break config.
Oct 12 2023, 1:30 AM · VyOS 1.5 Circinus
dmbaturin committed rVYOSONEX941c5adfaca2: openvpn: T5634: Remove support for insecure DES and Blowfish ciphers.
Oct 12 2023, 12:44 AM
GitHub <noreply@github.com> committed rVYOSONEX526f19eaf795: Merge pull request #2353 from dmbaturin/T5634-no-more-blowfish (authored by jestabro).
Oct 12 2023, 12:43 AM

Oct 11 2023

Viacheslav awarded T5647: Extend failover route functionality to use dynamically assigned interface next hops a Like token.
Oct 11 2023, 6:12 PM · VyOS Rolling
JeffWDH created T5647: Extend failover route functionality to use dynamically assigned interface next hops.
Oct 11 2023, 4:58 PM · VyOS Rolling
Viacheslav created T5646: QoS policy limiter broken if class without match.
Oct 11 2023, 3:31 PM · VyOS 1.4 Sagitta (1.4.0-epa2), VyOS 1.5 Circinus
Viacheslav renamed T5645: Add template for PPPoE-server with custom RADIUS attributes for QoS policy and firewall from Add template for PPPoE server with custom RADIUS attributes for QoS policy and firewall to Add template for PPPoE-server with custom RADIUS attributes for QoS policy and firewall.
Oct 11 2023, 3:12 PM · VyOS Rolling
Viacheslav created T5645: Add template for PPPoE-server with custom RADIUS attributes for QoS policy and firewall.
Oct 11 2023, 3:09 PM · VyOS Rolling
jestabro closed T2612: HTTPS API, changing API key fails but goes through as Unknown Status.
Oct 11 2023, 3:06 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
GitHub <noreply@github.com> committed rVYOSONEX759c2d8afd09: Merge pull request #2354 from vyos/mergify/bp/sagitta/pr-2352 (authored by jestabro).
Oct 11 2023, 3:06 PM
n.fort changed the status of T5644: Firewall groups deletion can break config from Open to Confirmed.
Oct 11 2023, 10:22 AM · VyOS 1.5 Circinus
n.fort created T5644: Firewall groups deletion can break config.
Oct 11 2023, 10:20 AM · VyOS 1.5 Circinus
a.apostoliuk changed the status of T5642: op cmd: generate tech-support archive: does not work from Open to In progress.
Oct 11 2023, 8:33 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX575f5ab52bf3: T5165: Implement policy local-route source and destination port (authored by Viacheslav).
Oct 11 2023, 6:40 AM
Viacheslav changed the status of T5165: Policy local-route ability set protocol and port from Open to Needs testing.
Oct 11 2023, 6:37 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav committed rVYOSONEXff4373307467: T5165: Implement policy local-route source and destination port.
Oct 11 2023, 6:37 AM
GitHub <noreply@github.com> committed rVYOSONEXf51c3b07daf2: Merge pull request #2342 from sever-sever/T5165 (authored by Viacheslav).
Oct 11 2023, 6:37 AM

Oct 10 2023

jestabro moved T2612: HTTPS API, changing API key fails but goes through from Backlog to Backport Candidates on the VyOS 1.4 Sagitta board.
Oct 10 2023, 6:39 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
jestabro moved T2612: HTTPS API, changing API key fails but goes through from Open to Finished on the VyOS 1.5 Circinus board.
Oct 10 2023, 6:39 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
n.fort changed the status of T5643: NAT - Allow interface groups on nat rules from Confirmed to In progress.
Oct 10 2023, 6:18 PM · VyOS 1.5 Circinus
n.fort added a comment to T5643: NAT - Allow interface groups on nat rules.

PR: https://github.com/vyos/vyos-1x/pull/2355

Oct 10 2023, 6:18 PM · VyOS 1.5 Circinus
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX9c7a4b43278e: http-api: T2612: reload server within configsession for api self-config (authored by jestabro).
Oct 10 2023, 6:12 PM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX09adc91eda58: http-api: T2612: send response before reconfiguring api server (authored by jestabro).
Oct 10 2023, 6:12 PM
jestabro committed rVYOSONEX93d2ea7d635c: http-api: T2612: reload server within configsession for api self-config.
Oct 10 2023, 6:11 PM
jestabro committed rVYOSONEX7d597a6dca15: http-api: T2612: send response before reconfiguring api server.
Oct 10 2023, 6:11 PM
GitHub <noreply@github.com> committed rVYOSONEXf48727eee9cb: Merge pull request #2352 from jestabro/api-self-config (authored by dmbaturin).
Oct 10 2023, 6:11 PM
Viacheslav added a comment to T5471: Conntrack logging doesnt seem to be working.

show conntrack statistics shows only sudo conntrack -S command
This won't show any logs

Oct 10 2023, 10:49 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.2), VyOS Rolling
Viacheslav added a comment to T5497: Add ability to resequence rule numbers for firewall.
In T5497#161764, @Apachez wrote:

I assume this will end up in config mode aswell before this task can be set to resolved?

Simply because this is a few more steps:

  • Use the command
  • Copy the output
  • Delete current firewall
  • Paste command output
  • Commit

than this:

  • Use the command
  • Commit
Oct 10 2023, 10:41 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
n.fort changed the status of T5643: NAT - Allow interface groups on nat rules from Open to Confirmed.
Oct 10 2023, 10:40 AM · VyOS 1.5 Circinus
n.fort created T5643: NAT - Allow interface groups on nat rules.
Oct 10 2023, 10:40 AM · VyOS 1.5 Circinus
n.fort closed T5014: Destination NAT - Add Load Balancing capabilities as Resolved.
Oct 10 2023, 10:37 AM · VyOS 1.4 Sagitta
Apachez added a comment to T5497: Add ability to resequence rule numbers for firewall.

I assume this will end up in config mode aswell before this task can be set to resolved?

Oct 10 2023, 10:33 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
n.fort added a comment to T5564: Both show firewall group and show firewall summary fails.

Once PR https://github.com/vyos/vyos-1x/pull/2344 is merged, counters and logs for default action should be available once again.

Oct 10 2023, 10:08 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
n.fort added a comment to T5497: Add ability to resequence rule numbers for firewall.

It's an op-mode command, so it does not changes configuration. User may get something different from what he expected, so at least on this very first attempt of re-generating and re-ordering firewall rules, it's done in op-mode command with no impact on running configuration.

Oct 10 2023, 10:00 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
SrividyaA created T5642: op cmd: generate tech-support archive: does not work.
Oct 10 2023, 7:35 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
Apachez added a comment to T5497: Add ability to resequence rule numbers for firewall.

The syntax seems to have changed from "produce" to "generate" during this task?

Oct 10 2023, 5:46 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
Apachez attached a referenced file: F3877170: T5549_Lynis_audit_system_231010.txt.gz.
Oct 10 2023, 5:40 AM · Invalid
Apachez added a comment to T5549: Result of system audit by Lynis.

Updated scan performed on VyOS 1.5-rolling-202310090023 (see attached file).

Oct 10 2023, 5:39 AM · Invalid
Apachez added a comment to T5471: Conntrack logging doesnt seem to be working.

show conntrack statistics still fails in VyOS 1.5-rolling-202310090023:

Oct 10 2023, 5:28 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.2), VyOS Rolling
Apachez closed T5479: Helper leftovers found in nftables (firewall) even with all helpers disabled as Resolved.

Seems to be fixed in VyOS 1.5-rolling-202310090023:

Oct 10 2023, 5:25 AM · VyOS 1.4 Sagitta
Apachez assigned T5559: Selective proxy-arp/proxy-ndp when doing SNAT/DNAT to Viacheslav.
Oct 10 2023, 5:18 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Apachez added a comment to T5564: Both show firewall group and show firewall summary fails.

Problem remains with "N/D" is being used in show firewall groups instead of "None".

Oct 10 2023, 5:15 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
Apachez closed T5489: Change to BBR as TCP congestion control, or at least make it an config option as Resolved.

Verified in VyOS 1.5-rolling-202310090023:

Oct 10 2023, 5:03 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Apachez closed T5436: vyos-preconfig-bootup.script is missing as Resolved.

Verified in VyOS 1.5-rolling-202310090023:

Oct 10 2023, 4:59 AM · VyOS 1.4 Sagitta
Apachez closed T5589: Nonstripped binaries exists in VyOS as Resolved.

Works as expected:

Oct 10 2023, 4:28 AM · VyOS 1.5 Circinus
jestabro committed rVYOSONEX9ceba9ede21f: conf-mode: T5412: remove refs to vyos module for use by addon packages.
Oct 10 2023, 2:11 AM

Oct 9 2023

jestabro added a comment to T2612: HTTPS API, changing API key fails but goes through.

PR:
https://github.com/vyos/vyos-1x/pull/2352

Oct 9 2023, 4:39 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
dmbaturin renamed T5634: Remove support for Blowfish and DES from OpenVPN from Remove support for Blowfish from OpenVPN to Remove support for Blowfish and DES from OpenVPN.
Oct 9 2023, 3:45 PM · VyOS 1.4 Sagitta
Unknown Object (User) updated the task description for T5619: Update the Intel ixgbe driver due to issues with Intel X533.
Oct 9 2023, 6:33 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
jestabro added a comment to T2612: HTTPS API, changing API key fails but goes through.

Final testing before PR, the following corrects behavior when configuring the http-api using the http-api, for example:

Oct 9 2023, 1:26 AM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Apachez added a comment to T5498: fsck during boot doesnt work.

PR created: https://github.com/vyos/vyos-build/pull/435

Oct 9 2023, 12:26 AM · VyOS Rolling, Bugs

Oct 8 2023

Apachez added a comment to T5498: fsck during boot doesnt work.

As @twan mentioned previously...

Oct 8 2023, 11:59 PM · VyOS Rolling, Bugs
Apachez created T5641: Enable compression of kernel modules.
Oct 8 2023, 10:37 PM
Apachez added a comment to T5498: fsck during boot doesnt work.

Turns out that packages/linux-kernel/arch/x86/configs/vyos_defconfig doesnt include xz as option for initrd:

Oct 8 2023, 10:26 PM · VyOS Rolling, Bugs
Apachez created T5640: Missing compression algorithms in kernel config regarding initrd.
Oct 8 2023, 10:25 PM · VyOS Rolling
Apachez added a comment to T5498: fsck during boot doesnt work.

Will attempt to:

Oct 8 2023, 8:39 PM · VyOS Rolling, Bugs
Apachez claimed T5498: fsck during boot doesnt work.
Oct 8 2023, 8:36 PM · VyOS Rolling, Bugs
Apachez claimed T5489: Change to BBR as TCP congestion control, or at least make it an config option.
Oct 8 2023, 8:35 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
dex added a comment to T5096: Change 'accept' firewall rule action from 'return' to 'accept'.

I see, looks like a way more streamlined approach. Thank you for the information and the quick response!

Oct 8 2023, 6:54 PM · VyOS 1.4 Sagitta
Apachez added a comment to T5096: Change 'accept' firewall rule action from 'return' to 'accept'.

A new firewall frontend engine was implemented in VyOS 1.4-rolling-202308040557.

Oct 8 2023, 6:45 PM · VyOS 1.4 Sagitta
dex added a comment to T5096: Change 'accept' firewall rule action from 'return' to 'accept'.

Good to hear that this was implemented, thank you! Could you elaborate in which release this feature will be available?

Oct 8 2023, 6:40 PM · VyOS 1.4 Sagitta
First
Prev
Next