In T5775#168092, @marvin wrote:Excellent; thanks @GurliGebis! I built 1.4 today and confirmed it's working as expected.
As far as I'm concerned, this issue is now resolved and the ticket can now be closed.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 18 2023
Dec 18 2023
GurliGebis added a comment to T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config.
marvin added a comment to T5775: Migrated Firewall Global State Policy ineffective on latest firewall zone config.
Excellent; thanks @GurliGebis! I built 1.4 today and confirmed it's working as expected.
Yes it should trigger to recreate container but it doesn’t get a dictionary key for recreating
jestabro changed the status of T5751: Adjust new image tools for non-interactive use, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5751: Adjust new image tools for non-interactive use from Unknown Status to Resolved.
jestabro changed the status of T5758: Restore scanning configs when live installing, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5758: Restore scanning configs when live installing from Unknown Status to Resolved.
jestabro changed the status of T5789: image-tools should copy ssh host keys on image update, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5789: image-tools should copy ssh host keys on image update from Unknown Status to Resolved.
jestabro changed the status of T5806: Clear old raid data on new install image, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5806: Clear old raid data on new install image from Unknown Status to Resolved.
jestabro moved T5821: image-tools: restore vrf-aware 'add system image' from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5821: image-tools: restore vrf-aware 'add system image', a subtask of T4516: Rewrite system image manipulation tools in Python, as Resolved.
jestabro changed the status of T5819: Don't echo password on install image, a subtask of T4516: Rewrite system image manipulation tools in Python, from Unknown Status to Resolved.
jestabro changed the status of T5819: Don't echo password on install image from Unknown Status to Resolved.
jestabro moved T5825: image-tools: restore authentication on 'add system image' from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5825: image-tools: restore authentication on 'add system image', a subtask of T5821: image-tools: restore vrf-aware 'add system image', as Resolved.
jestabro moved T5831: show system image should reverse order by addition date from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5831: show system image should reverse order by addition date, a subtask of T5827: image-tools: 'show system image' Command Not in Order, as Resolved.
GitHub <[email protected]> committed rVYOSONEX33225eebde7e: Merge pull request #2654 from vyos/mergify/bp/sagitta/pr-2649 (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX6763c844977d: image-tools: T5831: show system image reverse ordered by date (authored by jestabro).
GitHub <[email protected]> committed rVYOSONEXd3f0d65c54e9: Merge pull request #2653 from vyos/mergify/bp/sagitta/pr-2596 (authored by dmbaturin).
GitHub <[email protected]> committed rVYOSONEXf2cd94167433: Merge pull request #2649 from jestabro/image-version-order (authored by dmbaturin).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXaf7b233a7a10: T5249: Add rollback-soft feature (authored by Viacheslav).
In my case, the container is created and running using IPv4 only. The network it is in has a defined prefix for IPv4 and IPv6. Then, the only thing I try to do is add an IPv6 address to the container. The network it is connected to already has the IPv6 prefix defined. That is when it dies.
Unknown Object (User) added a comment to T5835: UPnP port mapping / rule installation fails.
The mentioned file that missing is located upstream in https://github.com/miniupnp/miniupnp/tree/miniupnpd_2_3_1/miniupnpd/netfilter_nft/scripts
and the upstream configuration options that we think are missing to match vyos chains is https://github.com/miniupnp/miniupnp/blob/miniupnpd_2_3_1/miniupnpd/miniupnpd.conf#L77
Could you point out some documentation/examples on which scripts are missing?
It seems it has never been tested since @jack9603301 implemented it in task T3420. It seems he also didn't test it.
GitHub <[email protected]> committed rVYOSONEXceec796a3d3d: Merge pull request #2652 from vyos/mergify/bp/sagitta/pr-2627 (authored by c-po).
Unknown Object (User) created T5835: UPnP port mapping / rule installation fails.
Adding a new container with both addresses and networks in one commit works fine.
set container name alp01 image 'alpine' set container name alp01 network NET01 address '10.0.0.12' set container name alp01 network NET01 address '2001:db8::12' set container network NET01 prefix '10.0.0.0/24' set container network NET01 prefix '2001:db8::/64'
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX8a17966ed7ed: T4163: Add BGP Monitoring Protocol BMP feature (authored by Viacheslav).
Viacheslav changed the status of T5829: Can't Add IPv6 Address to Containers from Open to In progress.
We don't use /usr/libexec/vyos/validate-value.py anymore
There should be a separates tasks if required.
Viacheslav closed T2234: Controlling whitespace in Jinja templates (template cleanup parent task) as Not Applicable.
There is nothing to do there, all checks for linter Jinja included to vyos-build.
Close it.
Viacheslav closed T2215: Make “default no-ipv4-unicast” the default setting, a subtask of T1148: epa2 BGP peers initiate before config is fully loaded, routes leak., as Wontfix.
It was changed for 1.4/1.5 and won't be changed for 1.3 LTS (old backend)
If someone wants it for 1.3
set protocols bgp 65001 parameters default no-ipv4-unicast
We are using sshguard
set service ssh dynamic-protection
@thomas-mangin Do you have a PoC?
Comparing boot time for now 1.3 and 1.1.8 is not actual
There are 2 different systems :)
Also, some validators were rewritten on 1.2 to Python and for 1.3 to sh, OCAML and so on (python validators could be cause of the issue)
In my internal test VM loads ~40 sec tested in VyOS 1.3.5
We always can improve something, but lets find what we can improve in separate tasks.
Viacheslav added a comment to T1317: OpenVPN configuration fails if it depends on another interface..
@mb300sd could you re-check?
The main issue is synchronization between all routing daemons and zebra, especially with "policy".
So you are getting strange things like a policy configured for zebra but the same policy not exists/applied for other daemons.
It is impossible to integrate it the correct way.
Reopen for 1.5, 2.0 if required and if it will be possible in the future with correct syncing between all daemons.
Viacheslav edited projects for T1253: Feature Request: FRR Flowspec, added: VyOS 1.5 Circinus; removed VyOS 1.3 Equuleus (1.3.6), vyos-frr.
We can't do more due to old backend on the 1.3
If there will be a specific options to improve it should be a separate task
Close it.
Refactored in 1.4/1.5
Let's avoid the firewall migrations for the stable branch.
Viacheslav removed a project from T970: Support matching domain name in firewall rules: VyOS 1.3 Equuleus (1.3.6).
It won't be implemented for 1.3
Configs weren't provided, so closed the task as invalid. Works with internal tetts.
Re-open it or add steps to reproduce.
Viacheslav closed T440: VTI/IPSec with dynamic peer, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Wontfix.
Implemented in 1.4
Wontfix for 1.3 due to old backend.
jestabro changed Difficulty level from easy to normal on T5831: show system image should reverse order by addition date.
/config/dhcp4.leases ownership seem to change when migrating to latest 1.5-rolling-202312171632
Forgot to ever reply to this - I just wanted it added as a standard debian package so that scripts that depend on it can have it available without needing to be installed seperately.
tjh added a comment to T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1.
Think this can be closed - there's no such command in 1.3 is there?
syncer moved T971: authentication public-keys options quoting issue from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T1012: vyos-build configure script should check /etc/issue to avoid confusion from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T1276: dhcp relay + VLAN fails from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2051: Throughput anomalies from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T1289: route-map set route-type blackhole from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2102: Add Vlan on PPPoE server on Fly from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2258: VRF route leaking from BGP from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2719: Standardized op mode script structure from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2628: Make logs more user friendly. from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2771: BGP VPNv4 & VPNv6 Address Family Support from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2772: BGP Route Distinguisher & Route Target Extended Community from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2862: xt_tls / SNI TLS filtering from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T2996: Checking digital signature failed on downgrade from rolling to stable. from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T3045: Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP) from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T3536: Unable to list all available routes from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T3702: Policy: Allow routing by fwmark from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T4079: Source/Destination NAT GROUP from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T4271: bgp: show ipv6 bgp summary doesn't display neighbor information from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T4328: Large MTU on 1.3.1-S1 from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T4402: OpenVPN client-ip-pool option is broken from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T4423: `reset dns forwarding all` can't clear all dns cache from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T4601: dhcp : relay agent IP address issue. from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T4776: NVME storage is not detected properly during installation from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T5192: RNDIS Missing from Kernel from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T5223: tunnel key doesn't clear from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T5270: Make OpenVPN `tls dh-params` optional from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T5271: Add support for peer-fingerprint to OpenVPN from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T5268: OpenVPN: upgrade package to 2.6 series from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer moved T5387: dhcp6c: add a no release option from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.