User Details
- User Since
- Oct 2 2019, 6:00 PM (251 w, 2 d)
Yesterday
Could you close the task?
Thanks
Thu, Jul 25
Can you close the task if it is finished?
Does it work?
Exclude was before and it migrated to disable
https://github.com/vyos/vyos-1x/blob/645f24908c9b338adc56ecc83f8c44d0b0206550/src/migration-scripts/ospf/0-to-1#L35-L39
Wed, Jul 24
Tue, Jul 23
Needs to think.
I think there should be an exclude-section or exclude
set service config-sync section service dhcp-server
Fri, Jul 19
Thu, Jul 18
Tue, Jul 16
Mon, Jul 15
libdhcp_ddns_tuning.so is available as a premium hook library from ISC
https://kea.readthedocs.io/en/latest/arm/hooks.html#hooks-ddns-tuning
Fri, Jul 12
@fernando Any idea for CLI?
Thu, Jul 11
Tue, Jul 9
Any idea for CLI?
Mon, Jul 8
Fri, Jul 5
Add PR on accell-ppp repo or patch in the vyos-build via PR https://github.com/vyos/vyos-build/tree/current/packages/linux-kernel/patches/accel-ppp
There are no other options for review.
Thu, Jul 4
@SrividyaA Does it work for site-to-site ciphers option?
Wed, Jul 3
@marekm Can you add the PR to the accel-ppp repo? I guess it will be better to fix it in upstream.
https://github.com/accel-ppp/accel-ppp
Tue, Jul 2
Some info
To make hardware offloading works, the NIC should be programmable to load forwarding rules like flowtable and this is what switchdev doing
@SamLue will be available in the next rolling release, can you check when it will be available?
There are some nuances with it, until we do not have a route from to default VRF to the peer it won't work
set vrf bind-to-all set vrf name first table '123'
We are not going to implement it.
Should fix it https://github.com/vyos/vyos-1x/pull/3747
PR https://github.com/vyos/vyos-1x/pull/3747
Also it should fix T6379
Mon, Jul 1
We do not use iptables, we use nftables.
Check the rules with sudo nft list ruleset
What exactly does not work?
@adestis Can you add an example of the expected configuration if use-lzo-compression is configured and not configured?
https://github.com/vyos/vyos-1x/blob/e270712f7ebd76e4e1be598766d999cef4f05e26/src/op_mode/generate_ovpn_client_file.py#L57
Fri, Jun 28
The correct pass options without "
set interfaces openvpn vtun20 encryption ncp-ciphers 'aes256' set interfaces openvpn vtun20 hash 'sha512' set interfaces openvpn vtun20 mode 'server' set interfaces openvpn vtun20 openvpn-option 'push keepalive 1 10' set interfaces openvpn vtun20 server subnet '10.10.2.0/24' set interfaces openvpn vtun20 server topology 'subnet' set interfaces openvpn vtun20 tls ca-certificate 'ca' set interfaces openvpn vtun20 tls certificate 'cert' set interfaces openvpn vtun20 tls dh-params 'dh'
This could be achieved with conntrack ignore
set system conntrack ignore ipv4 rule 10 destination address '100.64.0.0/28'
vyos-vm-images has been archived
Provide the set of commands to reproduce
Still bug, the original config in the top of the task
vyos@r4# run show conf com | match "nat " set nat source rule 100 destination port '5000-8000' set nat source rule 100 outbound-interface name 'eth0' set nat source rule 100 protocol 'tcp' set nat source rule 100 source address '10.0.0.0/24' set nat source rule 100 translation address 'masquerade' [edit] vyos@r4# [edit] vyos@r4# run show nat source rules Rule Source Destination Proto Out-Int Translation ------ ----------- ----------------------------- ------- --------- ------------- 100 10.0.0.0/24 0.0.0.0/0 IP eth0 masquerade sport any dport {'range': [5000, 8000]} [edit] vyos@r4# [edit] vyos@r4# [edit] vyos@r4# run show ver Version: VyOS 1.5-rolling-202406260020 Release train: current Release flavor: generic
We have ENV OCAML_VERSION 4.14.2 for both, @dmbaturin. Can we close it, or will you do an update to 5.0?
Not actual
vyos@r4:~$ show version all | match conntrack ii conntrack 1:1.4.7-1+b2 amd64 Program to modify the conntrack tables ii conntrackd 1:1.4.7-1+b2 amd64 Connection tracking daemon ii libnetfilter-conntrack3:amd64 1.0.9-1 amd64 Netfilter netlink-conntrack library vyos@r4:~$ vyos@r4:~$ show version Version: VyOS 1.5-rolling-202406260020 Release train: current Release flavor: generic
Try native nft commands for offload and check what it says.
# cat /tmp/offload.nft
Thu, Jun 27
Do you have a firewall?
If not, it is expected error
Which exectly config it generates?
Based on this code should work https://github.com/vyos/vyos-1x/blob/b3b1d59d86af510c454da446f013b514389f5c7f/src/conf_mode/interfaces_openvpn.py#L683