@bernhardschmidt my PR for this made it into current rolling, which rather than just widening the table range, allows using 'set vrf' instead of 'set table' to policy route directly to VRFs with out-of-range RT IDs.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 1 2024
Aug 1 2024
jestabro renamed T6627: nat64 config mode script configures state outside of canonical functions, preventing running under configd from nat64 config mode script verfiies state outside of canonical functions, preventing running under configd to nat64 config mode script configures state outside of canonical functions, preventing running under configd.
jestabro updated the task description for T6627: nat64 config mode script configures state outside of canonical functions, preventing running under configd.
GitHub <noreply@github.com> committed rVYOSONEX08bf14aaac20: Merge pull request #3925 from vyos/mergify/bp/circinus/pr-3747 (authored by dmbaturin).
talmakion changed the status of T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses from In progress to Needs testing.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXcf1f11c53368: T6486: T6379: Rewrite generate openvpn client-config (authored by Viacheslav).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX408d1814d140: T6486: T6379: Rewrite generate openvpn client-config (authored by Viacheslav).
Viacheslav changed the status of T6611: Request Shoretel Server Option in DHCP from Open to In progress.
GitHub <noreply@github.com> committed rVYOSONEXc6e611b7a47c: Merge pull request #3922 from vyos/mergify/bp/circinus/pr-3903 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX962ead698e19: Merge pull request #3221 from lucasec/t5873 (authored by c-po).
Viacheslav changed the status of T3334: Changing serial settings from a serial console ends session abruptly from Open to Needs testing.
How much RAM does this server have?
Do you have an example of the log when it fails? Which exact messages do you see?
Request to drop privileges https://support.zabbix.com/browse/ZBXNEXT-9380
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX1171e3d359cc: T6617: T6618: vpn ipsec remote-access: fix profile generators (authored by lucasec).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXca12e0bc07ea: T6617: T6618: vpn ipsec remote-access: fix profile generators (authored by lucasec).
c-po moved T6618: ipsec: remote access VPN: "generate ipsec profile windows-remote-access" broken from Open to Finished on the VyOS 1.5 Circinus board.
GitHub <noreply@github.com> committed rVYOSONEXb12cd41000bf: Merge pull request #3903 from lucasec/ipsec-remote-access-profile (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXe61a175838f2: Merge pull request #3914 from vyos/mergify/bp/sagitta/pr-3874 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXb05bc1e2c0a4: Merge pull request #3918 from vyos/mergify/bp/sagitta/pr-3915 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX96624c22a41a: Merge pull request #3917 from vyos/mergify/bp/circinus/pr-3915 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXcab6560949ac: Merge pull request #3919 from sever-sever/T5657 (authored by c-po).
Jul 31 2024
Jul 31 2024
GitHub <noreply@github.com> committed rVYOSONEX7ab67d1be17e: Merge pull request #3907 from vyos/mergify/bp/sagitta/pr-3715 (authored by fett0 <50275740+fett0@users.noreply.github.com>).
fernando changed the status of T6555: Add server-bridge options to OpenVPN server from Confirmed to In progress.
There are issues with cgroups when enabling VRF
$ git diff diff --git a/data/templates/zabbix-agent/10-override.conf.j2 b/data/templates/zabbix-agent/10-override.conf.j2 index 7c296e8fd..0acf775be 100644 --- a/data/templates/zabbix-agent/10-override.conf.j2 +++ b/data/templates/zabbix-agent/10-override.conf.j2 @@ -1,3 +1,4 @@ +{% set zabbix_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} [Unit] After= After=vyos-router.service @@ -7,7 +8,9 @@ ConditionPathExists=/run/zabbix/zabbix-agent2.conf [Service] EnvironmentFile= ExecStart= -ExecStart=/usr/sbin/zabbix_agent2 --config /run/zabbix/zabbix-agent2.conf --foreground +ExecStart={{ zabbix_command }}/usr/sbin/zabbix_agent2 --config /run/zabbix/zabbix-agent2.conf --foreground +CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BPF CAP_DAC_OVERRIDE CAP_FOWNER +AmbientCapabilities=CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BPF CAP_DAC_OVERRIDE CAP_FOWNER WorkingDirectory= WorkingDirectory=/run/zabbix Restart=always diff --git a/interface-definitions/service_monitoring_zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in index 3754e9145..e44b31312 100644 --- a/interface-definitions/service_monitoring_zabbix-agent.xml.in +++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in @@ -185,6 +185,7 @@ </properties> <defaultValue>3</defaultValue> </leafNode> + #include <include/interface/vrf.xml.i> </children> </node> </children>
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXc823d7c84d4d: ipsec: T6148: Removed unused imports (#3915) (authored by aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXd213e3f09ad3: ipsec: T6148: Removed unused imports (#3915) (authored by aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>).
GitHub <noreply@github.com> committed rVYOSONEXcb1834742f4e: ipsec: T6148: Removed unused imports (#3915) (authored by aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>).
GitHub <noreply@github.com> committed rVYOSONEX9bc2680e12ac: ipsec: T6148: Fixed reset command by adding init after terminating (#3763)… (authored by mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>).
Viacheslav triaged T6624: service suricata address-groups cannot be used in each other as Low priority.
GitHub <noreply@github.com> committed rVYOSONEXcdfa92e5c0c8: Merge pull request #3908 from vyos/mergify/bp/circinus/pr-3763 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXb4229c839f23: Merge pull request #3910 from vyos/mergify/bp/sagitta/pr-3698 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXc332e96cd1f3: Merge pull request #3913 from vyos/mergify/bp/sagitta/pr-3753 (authored by c-po).
I was hoping some combination of the newer QAT driver 4.24 and newer kernel in the latest rolling releases might fix this... but seemingly not.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX19faa3129a59: smoketest: T6592: remove unused "import os" (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX10bf3c852783: Merge pull request #3906 from vyos/mergify/bp/circinus/pr-3715 (authored by c-po).
I finally managed to give 1.5 a run and the first thing I did was check this. Perfect! Thank you everyone,
Jul 30 2024
Jul 30 2024
GitHub <noreply@github.com> committed rVYOSONEX0dc248a587d6: Merge pull request #3902 from vyos/c-po-patch-1 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXe9211ae7bd85: T6572: stop repo sync for circinus (authored by Vijayakumar A <36878324+kumvijaya@users.noreply.github.com>).
GitHub <noreply@github.com> committed rVYOSONEXdf15c8990c11: Merge pull request #3912 from kumvijaya/circinus (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXfb07945a9d52: T6539: add logging options to load-balancer reverse-proxy (authored by jvoss).
GitHub <noreply@github.com> committed rVYOSONEX40dd6b7ca9c6: Merge pull request #3911 from vyos/mergify/bp/circinus/pr-3698 (authored by c-po).
c-po moved T6610: Missing minisign pub key from image from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.1) board.
GitHub <noreply@github.com> committed rVYOSONEX80c45befaaad: Merge pull request #3747 from sever-sever/T6486 (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXdb6f10654df7: system: op-mode: T3334: allow delayed getty restart when configuring serial… (authored by Andrew Topp <andrewt@telekinetica.net>).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX1ce6c77eb37c: system: op-mode: T3334: replace some print() statements with Warning() (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX1f7a775f0b67: system: op-mode: T3334: replace some print() statements with Warning() (authored by c-po).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX9d8609c97650: system: op-mode: T3334: allow delayed getty restart when configuring serial… (authored by Andrew Topp <andrewt@telekinetica.net>).
c-po committed rVYOSONEXbc9049ebd765: system: op-mode: T3334: allow delayed getty restart when configuring serial… (authored by Andrew Topp <andrewt@telekinetica.net>).
GitHub <noreply@github.com> committed rVYOSONEX33f2fd502810: Merge pull request #3698 from talmakion/bugfix/T3334 (authored by c-po).
c-po moved T6603: vrf: nftables conntrack ct_iface_map contains multiple identical entries from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav edited projects for T5153: OpenConnect route restriction via iptables is ignored, added: VyOS Rolling; removed VyOS 1.3 Equuleus (1.3.8).
Viacheslav changed the status of T6231: Vendor Drivers for NVidia (Mellanox) Adapters from Open to Needs testing.
Can someone test/check if it works as expected?
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXe3ff9b518ac9: ipsec: T6148: Fixed reset command by adding init after terminating (#3763) (authored by aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX9be079ac855b: ipsec: T6148: Fixed reset command by adding init after terminating (#3763) (authored by aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>).
a.apostoliuk moved T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down from Open to Finished on the VyOS 1.5 Circinus board.
n.fort changed the status of T5680: Allow selecting mac-groups in bridge firewall from Confirmed to In progress.
Viacheslav moved T6313: Add "NAT" to "generate" command for rule resequence from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav added a project to T6313: Add "NAT" to "generate" command for rule resequence: VyOS 1.4 Sagitta (1.4.1).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXb04cabbaf15d: T6313: Add "NAT" to "generate" command for rule resequence (authored by khramshinr <khramshinr@gmail.com>).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX014bf70b494b: T6313: Add "NAT" to "generate" command for rule resequence (authored by khramshinr <khramshinr@gmail.com>).
Viacheslav changed the status of T6313: Add "NAT" to "generate" command for rule resequence from Open to Needs testing.
My opinion is largely based on my recent use-case for this, the GRE-match ethertype fields. I remember grumbling a couple of times about needing to convert bases to decimal in the past, but it's been too long to remember specifically what I was configuring at the time.
GitHub <noreply@github.com> committed rVYOSONEX0dc8b5899e05: Merge pull request #3904 from vyos/mergify/bp/circinus/pr-3883 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXa81d270b166d: T6572: trigger remote pr only for circinus pr merge (#3899) (authored by Vijayakumar A <36878324+kumvijaya@users.noreply.github.com>).
I have a related question too.