User Details
User Details
- User Since
- Oct 2 2019, 6:00 PM (208 w, 3 d)
Fri, Sep 29
Fri, Sep 29
Viacheslav added a comment to T5518: Add MLD protocol support.
Could be a cause of this bug https://forum.vyos.io/t/igmp-proxy-not-working-in-1-4-since-around-7-sept
Viacheslav changed the status of T5621: Show uncommited "commands" (compare | commands) from Resolved to Invalid.
Viacheslav added a comment to T5165: Policy local-route ability set protocol and port.
PR migration https://github.com/vyos/vyos-1x/pull/2325
Viacheslav updated the task description for T5623: Add tunnel over Socks5 proxy .
Viacheslav changed the status of T5261: Add aws gateway load-balance -tunnel-handler gwlbtun from In progress to Needs testing.
Viacheslav changed the subtype of T5620: "Deactivate" certain config snippets from "Task" to "Feature Request".
Wed, Sep 27
Wed, Sep 27
Viacheslav added a comment to T5165: Policy local-route ability set protocol and port.
Add option protocol, PR https://github.com/vyos/vyos-1x/pull/2313
set policy local-route rule 100 destination '192.0.2.12' set policy local-route rule 100 protocol 'tcp' set policy local-route rule 100 set table '100'
Fixed
Tue, Sep 26
Tue, Sep 26
Viacheslav added a comment to T5586: Disable by default SNMP for Keepalived VRRP.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/2310
Viacheslav added a comment to T5497: Add ability to resequence rule numbers for firewall.
Viacheslav added a comment to T5616: Firewall mark - Add capabilities for matching firewall mark.
We have fwmark for policy local-route
But it is only for match mark and routing decision
vyos@vyos-lns# set policy local-route rule 100 Possible completions: + destination Destination address or prefix fwmark Match fwmark value inbound-interface Inbound Interface > set Packet modifications + source Source address or prefix
Sat, Sep 23
Sat, Sep 23
Viacheslav changed the edit policy for T5613: VyOS in container bugs.
Viacheslav added a parent task for T2115: VyOS Docker container not load config: T5613: VyOS in container bugs.
Viacheslav added a subtask for T5613: VyOS in container bugs: T2115: VyOS Docker container not load config.
Viacheslav updated the task description for T5613: VyOS in container bugs.
Viacheslav changed the status of T5604: List of debian archives is out of date (non-free-firmware is missing) from Open to Needs testing.
Fri, Sep 22
Fri, Sep 22
Viacheslav added a comment to T5497: Add ability to resequence rule numbers for firewall.
Op-mode command reduce
PR https://github.com/vyos/vyos-1x/pull/2302
vyos@r4:~$ show conf com | match firew set firewall ipv4 input filter default-action 'accept' set firewall ipv4 input filter rule 1 action 'accept' set firewall ipv4 input filter rule 1 description 'Allow loopback' set firewall ipv4 input filter rule 1 inbound-interface interface-name 'lo' set firewall ipv4 input filter rule 1 source address '127.0.0.0/8' set firewall ipv4 input filter rule 2 action 'accept' set firewall ipv4 input filter rule 2 description 'Allow established/related' set firewall ipv4 input filter rule 2 state established 'enable' set firewall ipv4 input filter rule 2 state related 'enable' set firewall ipv4 input filter rule 60 action 'accept' set firewall ipv4 input filter rule 60 description 'Allow SSH from trusted networks' set firewall ipv4 input filter rule 60 destination port '22' set firewall ipv4 input filter rule 60 protocol 'tcp' set firewall ipv4 input filter rule 10000 action 'drop' set firewall ipv4 input filter rule 10000 description 'Drop everything else' vyos@r4:~$ vyos@r4:~$ produce firewall rule-resequence start 10 step 10
Thu, Sep 21
Thu, Sep 21
Viacheslav moved T5576: Add bgp remove-private-as all option from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T5576: Add bgp remove-private-as all option from Need Triage to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved T5590: Firewall "log enable" logs every packet from Need Triage to Finished on the VyOS 1.5 Circinus board.
Wed, Sep 20
Wed, Sep 20
Viacheslav added a comment to T5601: TCP reverse-Roxy based on FQDN.
@Apachez It is not FQDN based
Contact our sales or ask forum
Viacheslav added a comment to T5601: TCP reverse-Roxy based on FQDN.
Viacheslav moved T5241: Support veth interfaces to working with netns from Need Triage to Finished on the VyOS 1.5 Circinus board.
Viacheslav moved T5241: Support veth interfaces to working with netns from Finished to Backlog on the VyOS 1.4 Sagitta board.
Viacheslav closed T5238: interface virtual-etherne - error when it doesn't use a peer , a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
Viacheslav added a comment to T5241: Support veth interfaces to working with netns.
set netns name mgmt
set interfaces virtual-ethernet veth1 address '10.0.0.0/31'
set interfaces virtual-ethernet veth1 peer-name 'veth10'
set interfaces virtual-ethernet veth10 address '10.0.0.1/31'
set interfaces virtual-ethernet veth10 netns 'mgmt'
set interfaces virtual-ethernet veth10 peer-name 'veth1'
Viacheslav closed T5241: Support veth interfaces to working with netns, a subtask of T3829: Support separated TCP/IP stack via "ip netns", as Resolved.
Viacheslav added a comment to T5217: Add firewall SYNPROXY .
PR https://github.com/vyos/vyos-1x/pull/2295
set system sysctl parameter net.ipv4.tcp_syncookies value '1' set system sysctl parameter net.ipv4.tcp_timestamps value '1'
Viacheslav changed the status of T5602: For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration from Open to In progress.
Viacheslav renamed T5599: Firewall unexpectedly changes some sysctl options from Firwall unexpectedly changes some sysctl options to Firewall unexpectedly changes some sysctl options.
Viacheslav changed the status of T4502: Consider implementing (NAT/other) flow table offload from Open to Needs testing.
Viacheslav added a comment to T5601: TCP reverse-Roxy based on FQDN.
You do not use port 80/443, so it does not have HTTP-HEADER (in theory).
service LB_port_451 {
listen-address 10.1.1.1
mode tcp
port 451Try to change to port 80 and check if it works.
You need another solution/configuration
Tue, Sep 19
Tue, Sep 19
Viacheslav updated the task description for T5599: Firewall unexpectedly changes some sysctl options.
Viacheslav added a comment to T5217: Add firewall SYNPROXY .
First tests unsecseful
vyos@r4# sudo nft list ruleset
table ip vyos_synproxy {
chain PRE {
type filter hook prerouting priority raw; policy accept;
tcp dport 22 tcp flags syn counter packets 1 bytes 60 notrack
}Viacheslav changed the status of T5588: Add kernel conntrack_bridge module from Open to In progress.
Viacheslav changed the status of T5591: Cleanup of FRR daemons-file and various FRR fixes from Open to In progress.
Viacheslav changed the status of T5590: Firewall "log enable" logs every packet from In progress to Needs testing.
Mon, Sep 18
Mon, Sep 18
Viacheslav moved T5586: Disable by default SNMP for Keepalived VRRP from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a comment to T5586: Disable by default SNMP for Keepalived VRRP.
Viacheslav triaged T5594: VRRP - Error if using IPv6 Link Local as hello source address as High priority.
Viacheslav added a comment to T2472: Ability to configure EIGRP protocol.
r4# show version FRRouting 9.0.1 (r4) on Linux(6.1.53-amd64-vyos)
Still has bugs
For example with redistribute
r4# conf t r4(config)# router eigrp 65001 r4(config-router)# redistribute connected % Configuration failed.
Viacheslav added a comment to T5554: Disable sudo for PAM RADIUS.
Viacheslav added a comment to T5573: Fix ddclient cache entries.
Cannot pass the smoketest:
DEBUG - ====================================================================== DEBUG - FAIL: test_01_dyndns_service_standard (__main__.TestServiceDDNS.test_01_dyndns_service_standard) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 82, in test_01_dyndns_service_standard DEBUG - self.assertIn(f'use=if', ddclient_conf) DEBUG - AssertionError: 'use=if' not found in '### Autogenerated by dns_dynamic.py ###\ndaemon=300\nsyslog=yes\nssl=yes\npid=/run/ddclient/ddclient.pid\ncache=/run/ddclient/ddclient.cache\nweb=googledomains use=no \n # Web service dynamic DNS configuration for cloudflare: [cloudflare, test.ddns.vyos.io]\nusev4=ifv4, \\\nifv4=eth0, \\\nprotocol=cloudflare, \\\nzone=vyos.io, \\\npassword=paSS_@4ord \\\ntest.ddns.vyos.io' DEBUG - DEBUG - ---------------------------------------------------------------------- DEBUG - Ran 4 tests in 11.489s DEBUG - DEBUG - FAILED (failures=1)
Fri, Sep 15
Fri, Sep 15
Viacheslav moved T5586: Disable by default SNMP for Keepalived VRRP from Need Triage to Finished on the VyOS 1.5 Circinus board.
Fixed
Viacheslav changed the status of T5586: Disable by default SNMP for Keepalived VRRP from Open to In progress.
Viacheslav added a comment to T5586: Disable by default SNMP for Keepalived VRRP.
Viacheslav renamed T5586: Disable by default SNMP for Keepalived VRRP from Disable be default SNMP for Keepalived VRRP to Disable by default SNMP for Keepalived VRRP.
Viacheslav changed the status of T5579: Log firewall - Wrong command after firewall refactor, a subtask of T5160: Firewall refactor, from In progress to Needs testing.
Viacheslav changed the status of T5579: Log firewall - Wrong command after firewall refactor from In progress to Needs testing.
Viacheslav changed the status of T5574: Support per-service cache management for dynamic dns providers from Open to Needs testing.
Viacheslav changed the status of T5585: Fix file access mode for dynamic dns configuration from Open to Needs testing.
Thu, Sep 14
Thu, Sep 14
Wed, Sep 13
Wed, Sep 13
Viacheslav changed the status of T5576: Add bgp remove-private-as all option from Open to In progress.
Viacheslav edited projects for T5578: "ikev2-reauth" description contains outdated information, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus.
Viacheslav added a comment to T5576: Add bgp remove-private-as all option.
PR for 1.3.x https://github.com/vyos/vyatta-cfg-quagga/pull/102
Tue, Sep 12
Tue, Sep 12
Mon, Sep 11
Mon, Sep 11
Viacheslav moved T5564: Both show firewall group and show firewall summary fails from Need Triage to Backport Candidates on the VyOS 1.5 Circinus board.
Viacheslav added a project to T5564: Both show firewall group and show firewall summary fails: VyOS 1.4 Sagitta.
Viacheslav added a comment to T5564: Both show firewall group and show firewall summary fails.
Sun, Sep 10
Sun, Sep 10
Viacheslav added a comment to T5559: Selective proxy-arp/proxy-ndp when doing SNAT/DNAT.
PR https://github.com/vyos/vyos-1x/pull/2240
set protocols static proxy-arp 192.0.2.1 interface eth0 set protocols static proxy-arp 192.0.2.1 interface eth1 set protocols static proxy-ndp 2001:db8::1 interface eth1
Viacheslav changed the status of T5564: Both show firewall group and show firewall summary fails from Open to Needs testing.
Viacheslav added a comment to T5559: Selective proxy-arp/proxy-ndp when doing SNAT/DNAT.
I guess we should use the current ip neighbor xxx instead of ol arp. I hope it does the same.
sudo ip neighbor add proxy 192.0.2.1 dev eth0
Viacheslav closed T5565: Builds as vyos-999-timestamp instead of vyos-1.4-rolling-timestamp as Resolved.
Viacheslav added a comment to T5564: Both show firewall group and show firewall summary fails.
Sat, Sep 9
Sat, Sep 9
Viacheslav moved T4426: Add arpwatch to the image from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav changed the status of T4754: Improvement: system login: show configured 2FA OTP key, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to Needs testing.
Viacheslav changed the status of T4754: Improvement: system login: show configured 2FA OTP key from Open to Needs testing.
Viacheslav added a comment to T5562: Smoketests fail for vyos:current (test_netns.py).
Viacheslav changed the status of T5554: Disable sudo for PAM RADIUS, a subtask of T3191: PAM RADIUS freezing when accounting does not configured on RADIUS server, from Open to In progress.