Page MenuHomeVyOS Platform
Feed All Stories

May 30 2024

GitHub <[email protected]> committed rVYOSONEX9859440abcad: Merge pull request #3552 from c-po/ipsec-profile (authored by c-po).
May 30 2024, 2:35 PM
c-po committed rVYOSONEXe6fe6e50a5c8: op-mode: ipsec: T6407: fix profile generation.
May 30 2024, 2:35 PM
c-po changed the status of T6424: ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate from Open to Confirmed.
May 30 2024, 2:35 PM · VyOS 1.4 Sagitta (1.4.1)
c-po changed the status of T6424: ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate, a subtask of T6407: Generate ipsec profile error, from Open to Confirmed.
May 30 2024, 2:35 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po claimed T6424: ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate.
May 30 2024, 2:34 PM · VyOS 1.4 Sagitta (1.4.1)
c-po created T6424: ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate.
May 30 2024, 2:34 PM · VyOS 1.4 Sagitta (1.4.1)
c-po updated the task description for T6423: Require command definition nodes that have an owner to also have a priority.
May 30 2024, 2:31 PM · VyOS 1.4 Sagitta (1.4.1)
c-po created T6423: Require command definition nodes that have an owner to also have a priority.
May 30 2024, 2:29 PM · VyOS 1.4 Sagitta (1.4.1)
haimg claimed T6422: Ability to configure multiple NS records in the authoritative DNS server configuration.
May 30 2024, 1:27 PM · VyOS 1.5 Circinus
haimg changed Difficulty level from unknown to normal on T6422: Ability to configure multiple NS records in the authoritative DNS server configuration.
May 30 2024, 1:27 PM · VyOS 1.5 Circinus
haimg created T6422: Ability to configure multiple NS records in the authoritative DNS server configuration.
May 30 2024, 1:26 PM · VyOS 1.5 Circinus
pavel-altair added a comment to T6417: Common storage location for accounts for different VPNs.
set resource-group username-group <my-users> username user01 password '09078081'
set resource-group username-group <my-users> username user02 password 'fmndskl82'

set service pppoe-server authentication local-users username-group 'my-users'
set vpn l2tp remote-access authentication local-users username-group 'my-users'
set vpn sstp authentication local-users username-group 'my-users'
set vpn openconnect authentication local-users username-group 'my-users'

Looks like what I was talking about

May 30 2024, 12:32 PM · VyOS 1.5 Circinus
GitHub <[email protected]> committed rVYOSONEX94ee1d8f1f7f: Merge pull request #3555 from vyos/mergify/bp/sagitta/pr-3546 (authored by c-po).
May 30 2024, 12:18 PM
GitHub <[email protected]> committed rVYOSONEX8facd624f778: Merge pull request #3554 from vyos/mergify/bp/sagitta/pr-3547 (authored by c-po).
May 30 2024, 12:16 PM
GitHub <[email protected]> committed rVYOSONEX8d5016311095: Merge pull request #3553 from vyos/mergify/bp/sagitta/pr-3551 (authored by c-po).
May 30 2024, 12:16 PM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX5cfca2850ddb: reverse-proxy: T6419: build full CA chain for frontend SSL certificate (authored by c-po).
May 30 2024, 11:48 AM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXaa3970cd922e: reverse-proxy: T5231: remove frontend ca-certificate code path (authored by c-po).
May 30 2024, 11:48 AM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX2ae179831686: reverse-proxy: T6419: build full CA chain when verifying backend server (authored by c-po).
May 30 2024, 11:48 AM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX8754f486acf6: reverse-proxy: T5231: better mark v4v6 listen any address (authored by c-po).
May 30 2024, 11:48 AM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX16235b2037af: op-mode: T5231: add command to restart reverse-proxy (authored by c-po).
May 30 2024, 11:48 AM
c-po committed rVYOSONEXa2f0b25452c6: reverse-proxy: T5231: better mark v4v6 listen any address.
May 30 2024, 11:47 AM
c-po committed rVYOSONEX2980eb0ad527: op-mode: T5231: add command to restart reverse-proxy.
May 30 2024, 11:47 AM
c-po committed rVYOSONEX6000c47f0685: reverse-proxy: T5231: remove frontend ca-certificate code path.
May 30 2024, 11:47 AM
GitHub <[email protected]> committed rVYOSONEX5978273c679b: Merge pull request #3546 from c-po/haproxy (authored by c-po).
May 30 2024, 11:47 AM
c-po committed rVYOSONEX4b189a76c0a9: reverse-proxy: T6419: build full CA chain for frontend SSL certificate.
May 30 2024, 11:47 AM
c-po committed rVYOSONEXd83a6e5c5dc7: reverse-proxy: T6419: build full CA chain when verifying backend server.
May 30 2024, 11:47 AM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX11a45cfda5e4: container: T6406: fix NameError: name 'vyos' is not defined (authored by c-po).
May 30 2024, 11:45 AM
c-po committed rVYOSONEX8439f8a43e93: container: T6406: fix NameError: name 'vyos' is not defined.
May 30 2024, 11:44 AM
GitHub <[email protected]> committed rVYOSONEX138be55a8e85: Merge pull request #3547 from c-po/container-fixes (authored by c-po).
May 30 2024, 11:44 AM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX013ed1d6ff63: vyos.ifconfig: T6421: verify /etc/hostname exists before reading (authored by c-po).
May 30 2024, 11:43 AM
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX2a6c25416ccc: hostname: T6421: enforce explicit CLI priority for host-name and domain-name (authored by c-po).
May 30 2024, 11:43 AM
c-po committed rVYOSONEXcf07a55d183b: vyos.ifconfig: T6421: verify /etc/hostname exists before reading.
May 30 2024, 11:41 AM
c-po committed rVYOSONEX96d0e23a32a0: hostname: T6421: enforce explicit CLI priority for host-name and domain-name.
May 30 2024, 11:41 AM
GitHub <[email protected]> committed rVYOSONEX1d49c9a1e1b8: Merge pull request #3551 from c-po/hostname-priority (authored by c-po).
May 30 2024, 11:41 AM
Viacheslav added a comment to T6417: Common storage location for accounts for different VPNs.

Need a general place to store accounts for VPN; whether it is a local radius server or chap-secrets file(this option seems simpler and more correct) is not so important.
A separate radius server is another point of failure and a separate infrastructure object. Wants to have a boxed solution where everything is available at once

May 30 2024, 10:07 AM · VyOS 1.5 Circinus
GitHub <[email protected]> committed rVYOSONEXc5fb6aecdc1f: Merge pull request #3550 from vyos/T6420-contributor-link-update-sagitta (authored by c-po).
May 30 2024, 9:30 AM
c-po moved T6407: Generate ipsec profile error from Open to Finished on the VyOS 1.5 Circinus board.
May 30 2024, 9:29 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po added a comment to T6407: Generate ipsec profile error.

https://github.com/vyos/vyos-1x/pull/3552

May 30 2024, 9:28 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po added a comment to T6407: Generate ipsec profile error.

Apple IOS now recognizes multiple CAs inside the profile

May 30 2024, 9:26 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po added a comment to T6407: Generate ipsec profile error.

With this change all CAs in the list are rendered into the template.

May 30 2024, 9:05 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po added a project to T6407: Generate ipsec profile error: VyOS 1.4 Sagitta (1.4.0-GA).
May 30 2024, 8:13 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
pavel-altair added a comment to T6417: Common storage location for accounts for different VPNs.

It is not clear why it should be ignored? If they should be ignored they must not be in the CLI at all.
Why not use RADIUS authentication for it?

Do I get it wrong? Local RADIUS server seems like overhead here. Are we talking about the local “chap-secrets” file that can be reused by other daemons or RADIUS?
Clarify please the feature request.

Need a general place to store accounts for VPN; whether it is a local radius server or chap-secrets file(this option seems simpler and more correct) is not so important.
A separate radius server is another point of failure and a separate infrastructure object. Wants to have a boxed solution where everything is available at once

May 30 2024, 7:49 AM · VyOS 1.5 Circinus
Viacheslav triaged T6419: reverse-proxy: full CA chain is not build when verifying backend server as Normal priority.
May 30 2024, 7:47 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Viacheslav triaged T6413: BGP conditional route advertisement does not work as expected as Normal priority.
May 30 2024, 7:46 AM · Restricted Project, VyOS 1.4 Sagitta (1.4.0)
c-po updated the task description for T6421: host-name has no explicit priority to be set on system boot.
May 30 2024, 7:31 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-GA)
c-po changed the status of T6421: host-name has no explicit priority to be set on system boot from Open to In progress.
May 30 2024, 7:30 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-GA)
c-po created T6421: host-name has no explicit priority to be set on system boot.
May 30 2024, 7:30 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-GA)
GitHub <[email protected]> committed rVYOSONEX6d0f56a98502: T6420: updated contributor doc link (authored by Vijayakumar A <[email protected]>).
May 30 2024, 7:28 AM
Viacheslav committed rVYOSONEXdcaeb33ffb6d: T6415: Enable repo-sync workflow to be triggered manually.
May 30 2024, 6:54 AM
GitHub <[email protected]> committed rVYOSONEXa2407a3ff8ce: Merge pull request #3549 from sever-sever/T6415-dispatch (authored by Vijayakumar A <[email protected]>).
May 30 2024, 6:54 AM
Vijayakumar created T6420: change back contributor doc location to current .
May 30 2024, 6:41 AM · VyOS 1.4 Sagitta
Vijayakumar added a comment to T6416: Run smoke tests before merging .

ok, sure

May 30 2024, 6:33 AM · GitHub Infrastructure
GitHub <[email protected]> committed rVYOSONEX516167fd43aa: Merge pull request #3545 from vyos/mergify/bp/sagitta/pr-3532 (authored by c-po).
May 30 2024, 6:31 AM
Viacheslav added a comment to T6418: reverse-proxy: backend http-check CLI option not honored.

The similar task T6409

May 30 2024, 5:56 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Viacheslav moved T6402: Invalid variables referenced in reverse proxy validation from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.
May 30 2024, 5:55 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Viacheslav moved T6402: Invalid variables referenced in reverse proxy validation from Open to Finished on the VyOS 1.5 Circinus board.
May 30 2024, 5:55 AM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Vijayakumar committed rVYOSONEX251b756c4f2a: T6416: added smoke-test workflow.
May 30 2024, 5:33 AM
syncer added a comment to T6416: Run smoke tests before merging .

no it's not
hold on with his task for now

May 30 2024, 5:29 AM · GitHub Infrastructure
Vijayakumar committed rVYOSONEXb28eb848b619: T6416: added smoke-test workflow.
May 30 2024, 5:28 AM
Vijayakumar committed rVYOSONEXbf5243c5e699: T6416: added smoke-test workflow.
May 30 2024, 5:22 AM
Vijayakumar added a comment to T6416: Run smoke tests before merging .

Hope we need to run this for smoke test
https://github.com/vyos/vyos-1x?tab=readme-ov-file#tests

May 30 2024, 4:19 AM · GitHub Infrastructure

May 29 2024

Viacheslav added a comment to T6417: Common storage location for accounts for different VPNs.

It is not clear why it should be ignored? If they should be ignored they must not be in the CLI at all.
Why not use RADIUS authentication for it?

May 29 2024, 11:30 PM · VyOS 1.5 Circinus
c-po updated the task description for T6419: reverse-proxy: full CA chain is not build when verifying backend server.
May 29 2024, 9:37 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po moved T6419: reverse-proxy: full CA chain is not build when verifying backend server from Open to Finished on the VyOS 1.5 Circinus board.
May 29 2024, 9:31 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po moved T6419: reverse-proxy: full CA chain is not build when verifying backend server from Need Triage to In Progress on the VyOS 1.4 Sagitta (1.4.0-GA) board.
May 29 2024, 9:30 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po edited projects for T6419: reverse-proxy: full CA chain is not build when verifying backend server, added: VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.
May 29 2024, 9:30 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po added a comment to T6419: reverse-proxy: full CA chain is not build when verifying backend server.

https://github.com/vyos/vyos-1x/pull/3546

May 29 2024, 9:30 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
Embezzle closed T6402: Invalid variables referenced in reverse proxy validation as Resolved.

Tested as working in: VyOS 1.5-rolling-202405280020

May 29 2024, 9:10 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po changed the status of T6419: reverse-proxy: full CA chain is not build when verifying backend server from Open to In progress.
May 29 2024, 8:32 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po created T6419: reverse-proxy: full CA chain is not build when verifying backend server.
May 29 2024, 8:32 PM · VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus
c-po assigned T6418: reverse-proxy: backend http-check CLI option not honored to Viacheslav.
May 29 2024, 8:16 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
c-po created T6418: reverse-proxy: backend http-check CLI option not honored.
May 29 2024, 8:16 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
Vijayakumar added a comment to T6416: Run smoke tests before merging .

For this, need to get details on our existing smoke tests.

May 29 2024, 6:51 PM · GitHub Infrastructure
Vijayakumar closed T6397: Triger action on merge, a subtask of T6309: Check code quality with CodeQL, as Resolved.
May 29 2024, 6:49 PM · GitHub Infrastructure
Vijayakumar closed T6397: Triger action on merge as Resolved.
May 29 2024, 6:49 PM · GitHub Infrastructure
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX33c987bf43ad: nat: T6371: fix op mode display of configured ports when comma separated list… (authored by Giggum).
May 29 2024, 6:29 PM
GitHub <[email protected]> committed rVYOSONEXb7595ee9d328: nat: T6371: fix op mode display of configured ports when comma separated list… (authored by Giggum).
May 29 2024, 6:27 PM
fernando closed T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr as Resolved.
May 29 2024, 5:57 PM · VyOS 1.4 Sagitta (1.4.1)
fernando added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.

@mersl thanks for confirm.

May 29 2024, 5:57 PM · VyOS 1.4 Sagitta (1.4.1)
pavel-altair added a comment to T6417: Common storage location for accounts for different VPNs.

It probably cannot be a universal solution due to specific per-user options.
For example, for opencoonect, you can add otp if you want on a per-user basis and not do it for other users.

vyos@r4# set vpn openconnect authentication local-users username foo 
Possible completions:
   disable              Disable instance
 > otp                  2FA OTP authentication parameters
   password             Password used for authentication

Another case specific client IP address or rate limit

vyos@r4# set vpn sstp authentication local-users username foo 
Possible completions:
   disable              Disable instance
   password             Password for authentication
 > rate-limit           Upload/Download speed limits
   static-ip            Static client IP address (default: *)

Though it could be only for accel-ppp based configuration sstp/l2tp/pptp

specific per-user options can ignored if the protocol does not support them

May 29 2024, 5:43 PM · VyOS 1.5 Circinus
Viacheslav committed rVYOSONEXf3c14280a625: T6415: Fix variables for repo sync.
May 29 2024, 5:14 PM
Restricted Repository Identity closed T6415: Repo sync, a subtask of T6309: Check code quality with CodeQL, as Resolved.
May 29 2024, 5:14 PM · GitHub Infrastructure
Restricted Repository Identity closed T6415: Repo sync as Resolved by committing rVYOSONEXa234384dd060: Merge pull request #3543 from sever-sever/T6415-fix.
May 29 2024, 5:14 PM · GitHub Infrastructure
GitHub <[email protected]> committed rVYOSONEXa234384dd060: Merge pull request #3543 from sever-sever/T6415-fix (authored by c-po).
May 29 2024, 5:14 PM
GitHub <[email protected]> committed rVYOSONEX0bada0f998c5: Merge pull request #3544 from vyos/mergify/bp/sagitta/pr-3541 (authored by c-po).
May 29 2024, 5:14 PM
mersl added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.

just some show commands with test results on my lab

May 29 2024, 5:04 PM · VyOS 1.4 Sagitta (1.4.1)
mersl added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.

very cool! I just rebuild a 1.5-rolling and upgraded my lab router and voila - works as expected ;-)

May 29 2024, 4:41 PM · VyOS 1.4 Sagitta (1.4.1)
Viacheslav triaged T6417: Common storage location for accounts for different VPNs as Wishlist priority.

It probably cannot be a universal solution due to specific per-user options.
For example, for opencoonect, you can add otp if you want on a per-user basis and not do it for other users.

vyos@r4# set vpn openconnect authentication local-users username foo 
Possible completions:
   disable              Disable instance
 > otp                  2FA OTP authentication parameters
   password             Password used for authentication
May 29 2024, 4:19 PM · VyOS 1.5 Circinus
pavel-altair created T6417: Common storage location for accounts for different VPNs.
May 29 2024, 2:57 PM · VyOS 1.5 Circinus
syncer triaged T6416: Run smoke tests before merging as Low priority.
May 29 2024, 2:52 PM · GitHub Infrastructure
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX3bfd91713a5c: openvpn: T6374: only check TLS role for s2s if TLS is configured (authored by dmbaturin).
May 29 2024, 1:59 PM
dmbaturin committed rVYOSONEXf4069582273e: openvpn: T6374: only check TLS role for s2s if TLS is configured.
May 29 2024, 1:57 PM
GitHub <[email protected]> committed rVYOSONEX5b1539d65d97: Merge pull request #3541 from dmbaturin/T6374-openvpn-s2s-tls-validation-fix (authored by c-po).
May 29 2024, 1:57 PM
Viacheslav renamed T6416: Run smoke tests before merging from Run smole tests before merging to Run smoke tests before merging .
May 29 2024, 1:53 PM · GitHub Infrastructure
syncer created T6416: Run smoke tests before merging .
May 29 2024, 12:17 PM · GitHub Infrastructure
Viacheslav committed rVYOSONEX8c67e6a317cc: T6349: Reuse repo sync.
May 29 2024, 12:00 PM
GitHub <[email protected]> committed rVYOSONEX084699fa9910: Merge pull request #3540 from sever-sever/T6415-reuse (authored by dmbaturin).
May 29 2024, 12:00 PM
fernando added a comment to T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr.

we've added this ability to configure the topology on isis :

May 29 2024, 11:16 AM · VyOS 1.4 Sagitta (1.4.1)
fernando changed the subtype of T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr from "Bug" to "Feature Request".
May 29 2024, 11:14 AM · VyOS 1.4 Sagitta (1.4.1)
fernando changed the status of T6332: IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr from Open to Needs testing.
May 29 2024, 11:14 AM · VyOS 1.4 Sagitta (1.4.1)