Page MenuHomeVyOS Platform
Feed All Stories

Yesterday

diekos closed T2896: set ip route 0.0.0.0/0 dhcp-interface eth0 as Resolved.

I saw that the new build was online, so I added the image, rebooted and tried to issue the command again.
Everything seems to work, no error when committing and the route is added.

Thu, Sep 24, 9:06 PM · VyOS 1.3 Equuleus
c-po closed T2923: Configuring DHCPv6-PD without a interface to delegate to raises TypeError as Resolved.
Thu, Sep 24, 7:34 PM · VyOS 1.3 Equuleus
c-po added a comment to T2923: Configuring DHCPv6-PD without a interface to delegate to raises TypeError.

After the fix an error is reported on the CLI:

Thu, Sep 24, 7:31 PM · VyOS 1.3 Equuleus
c-po updated the task description for T2923: Configuring DHCPv6-PD without a interface to delegate to raises TypeError.
Thu, Sep 24, 7:30 PM · VyOS 1.3 Equuleus
c-po claimed T2923: Configuring DHCPv6-PD without a interface to delegate to raises TypeError.
Thu, Sep 24, 7:26 PM · VyOS 1.3 Equuleus
c-po created T2923: Configuring DHCPv6-PD without a interface to delegate to raises TypeError.
Thu, Sep 24, 7:25 PM · VyOS 1.3 Equuleus
jack9603301 updated the task description for T2518: Support NAT for ipv6(NPT).
Thu, Sep 24, 6:06 PM · VyOS 1.3 Equuleus
zsdc created T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check.
Thu, Sep 24, 4:28 PM · VyOS 1.3 Equuleus
c-po changed the status of T2921: Migrate "service dns forwarding" to get_config_dict() for ease of source maintenance from Open to In progress.
Thu, Sep 24, 4:20 PM · VyOS 1.3 Equuleus
c-po created T2921: Migrate "service dns forwarding" to get_config_dict() for ease of source maintenance.
Thu, Sep 24, 4:20 PM · VyOS 1.3 Equuleus
Dmitry updated the task description for T2920: Commit crash when adding the second mGRE tunnel with the same key.
Thu, Sep 24, 2:43 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

Also come back to this question?

Thu, Sep 24, 2:15 PM · VyOS 1.3 Equuleus
Dmitry created T2920: Commit crash when adding the second mGRE tunnel with the same key.
Thu, Sep 24, 12:47 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

In linux kernel version 5.8 and above, you can start symmetric translation of ipv6 address prefix by changing snat to to snat prefix to in the policy (without changing the interface identifier), but this function cannot be used before vyos upgrade 5.9 , This patch is not a back-portable patch, so this feature cannot be used in 4.9. There are now 3 solutions:

Thu, Sep 24, 11:36 AM · VyOS 1.3 Equuleus

Wed, Sep 23

syncer moved T2482: Update PowerDNS recursor to 4.3.1 for CVE-2020-10995 from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Wed, Sep 23, 10:44 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.7)
syncer added a project to T2482: Update PowerDNS recursor to 4.3.1 for CVE-2020-10995: VyOS 1.3 Equuleus.
Wed, Sep 23, 10:44 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.7)
syncer reopened T2482: Update PowerDNS recursor to 4.3.1 for CVE-2020-10995 as "Open".
Wed, Sep 23, 10:43 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.7)
c-po added a comment to T2902: "add system image" fails when appending XX to image name.

So I was super lucky to pick the wrong characters!

Wed, Sep 23, 7:09 PM · VyOS 1.2 Crux (VyOS 1.2.6), VyOS 1.3 Equuleus
Viacheslav added a comment to T2902: "add system image" fails when appending XX to image name.

The problem with that expression
https://github.com/vyos/vyatta-cfg-system/blob/current/scripts/install/install-image-existing#L271

Wed, Sep 23, 6:23 PM · VyOS 1.2 Crux (VyOS 1.2.6), VyOS 1.3 Equuleus
tjh added a comment to T2801: conntrack-tools flooding logs.

Additionally, it only happens after a system image upgrade - it doesn't seem to happen if you reboot again after that.

Wed, Sep 23, 5:19 PM · VyOS 1.2 Crux (VyOS 1.2.7)
Viacheslav added a comment to T2840: "beep-if-fully-booted" beeps too early.

For testing

Wed, Sep 23, 2:55 PM · VyOS 1.3 Equuleus
Viacheslav placed T2868: Tcp-mss option in policy calls kernel-panic up for grabs.
Wed, Sep 23, 2:36 PM · VyOS 1.3 Equuleus
Viacheslav reopened T2868: Tcp-mss option in policy calls kernel-panic as "Open".
Wed, Sep 23, 2:36 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

Hi, everyone, I have been looking for a way to handle the 1-to-1 address peer-to-peer mapping. I contacted the IRC channel of the official community. According to the official information, it seems to be resolved in the 5.8 kernel version, otherwise the patch needs to be backported To 4.19.

Wed, Sep 23, 1:49 PM · VyOS 1.3 Equuleus
Viacheslav closed T2846: ip route doesn't show longer-prefixes as Resolved.
Wed, Sep 23, 1:47 PM · VyOS 1.3 Equuleus
Viacheslav added a project to T2856: equuleus: `show version all` throws broken pipe exception on abort: VyOS 1.2 Crux.
Wed, Sep 23, 1:41 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav added a comment to T2856: equuleus: `show version all` throws broken pipe exception on abort.

PR for crux https://github.com/vyos/vyos-1x/pull/550

Wed, Sep 23, 1:39 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
s.lorente edited the content of Configuration Mode Templates.
Wed, Sep 23, 1:01 PM
s.lorente edited the content of Configuration Mode Templates.
Wed, Sep 23, 12:58 PM
Viacheslav added a comment to T2856: equuleus: `show version all` throws broken pipe exception on abort.

The same bug with crux

Wed, Sep 23, 12:35 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav changed the status of T2856: equuleus: `show version all` throws broken pipe exception on abort from Open to Backport candidate.
Wed, Sep 23, 12:32 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav changed the status of T2906: OpenVPN: tls-auth missing key direction from Open to Needs testing.
Wed, Sep 23, 12:28 PM · VyOS 1.3 Equuleus, openvpn
diekos added a comment to T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.

I will test with the new release and report my results.
Thank you very much!

Wed, Sep 23, 12:24 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T2916: A state of VTI interface in a configuration does not being processing properly from Confirmed to Needs testing.
Wed, Sep 23, 12:22 PM · VyOS 1.3 Equuleus
Viacheslav closed T2868: Tcp-mss option in policy calls kernel-panic as Resolved.
Wed, Sep 23, 12:19 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2868: Tcp-mss option in policy calls kernel-panic.
Wed, Sep 23, 12:18 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.

@diekos Will be fixed in the next rolling release, build after 23 Sep. Check, please.

Wed, Sep 23, 12:07 PM · VyOS 1.3 Equuleus
Viacheslav claimed T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.
Wed, Sep 23, 11:57 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.

PR https://github.com/vyos/vyatta-cfg-system/pull/128

Wed, Sep 23, 11:57 AM · VyOS 1.3 Equuleus
Dmitry created T2919: PPPoE server: Called-Station-Id attribute.
Wed, Sep 23, 11:48 AM · VyOS 1.3 Equuleus
Dmitry created T2918: Accounting interim jitter for pppoe, l2tp, pptp, ipoe.
Wed, Sep 23, 11:41 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2916: A state of VTI interface in a configuration does not being processing properly.

PR for rolling https://github.com/vyos/vyatta-cfg-vpn/pull/39

Wed, Sep 23, 10:54 AM · VyOS 1.3 Equuleus
tjh added a comment to T2801: conntrack-tools flooding logs.

So I just hit this bug again upgrading from 1.2.6-epa1 to 1.2.6.

Wed, Sep 23, 10:00 AM · VyOS 1.2 Crux (VyOS 1.2.7)
Dmitry created T2917: PPPoE server: Preallocate NAS-Port-Id.
Wed, Sep 23, 9:57 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

@c-po The map66 solution last released on July 25th, 2015 does not seem to have been explored. It can work with iptables. I am not sure if it has stopped maintenance. I am considering whether to consider it, but it means that it needs to be compiled, installed and generated , Otherwise vyos cannot install it

Wed, Sep 23, 9:11 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

Thank you for your suggestion. I am considering how to implement peer-to-peer translation without modifying the interface identifier. According to some information on the Internet, the support of ipv6 nat is divided into peer address and non-equivalent address, the standard https://tools.ietf The display of .org/html/rfc6296#page-11 does not indicate that the interface identifier cannot be modified, but only stipulates that the address mapping conforms to the unary linear equation relationship (that is, an address mapping is unique)

Wed, Sep 23, 9:03 AM · VyOS 1.3 Equuleus
c-po added a comment to T2518: Support NAT for ipv6(NPT).

We are not forced to nftables and still use iptables6 if its not supported properly.

Wed, Sep 23, 6:14 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

nftables nat66 seems to be the best solution that can be done now, I am still exploring a better implementation, do you have any suggestions?

Wed, Sep 23, 3:57 AM · VyOS 1.3 Equuleus

Tue, Sep 22

c-po added a comment to T2518: Support NAT for ipv6(NPT).

prefix translation should only be done on equal sized prefixes. This can be easily checked in verify() stage.

Tue, Sep 22, 8:18 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

Well, at present, the nat66 prefix conversion of nftables has not found a way to not change the interface identifier. Maybe other people in the community can provide some suggestions?

Tue, Sep 22, 6:50 PM · VyOS 1.3 Equuleus
c-po added a comment to T2518: Support NAT for ipv6(NPT).

I must disagree, prefix translation means only the prefix is translated and the interface identifier keeps the same. Meaning fc00::1111:2222:3333:4444/64 should be translated to 2001:db8::1111:2222:3333:4444/64.

Tue, Sep 22, 6:46 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

With NFT SNAT prefix translation, the address is not a 1:1 mapping. For example, if we have source prefix 2001:db8:1::/64 and translation prefix of 2001:db8:2::/64, the source address 2001:db8:1::1 will not translate to 2001:db8::2::1. The nftables translation calculates a new address which prevents the 1:1 host address mapping.

Tue, Sep 22, 6:42 PM · VyOS 1.3 Equuleus
diekos added a comment to T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.

I only know some python but that looks like the part that gets the gateway from the lease file.
My simple mind would say that the underscore needs to be replaced with a dot, but I have no idea if it really is that simple.

Tue, Sep 22, 6:41 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.

It looks like this code is to blame.
https://github.com/vyos/vyatta-cfg-system/blob/current/scripts/vyatta-dhcp-helper.pl#L21

Tue, Sep 22, 6:24 PM · VyOS 1.3 Equuleus
JessterSB added a comment to T2518: Support NAT for ipv6(NPT).

Hey guys,

Tue, Sep 22, 5:33 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2915: Lost "proxy-arp-pvlan" option for vlan.

PR https://github.com/vyos/vyos-1x/pull/549

Tue, Sep 22, 4:59 PM · VyOS 1.3 Equuleus
s.lorente added a comment to T2700: Redirecting traffic from PPPoE interface to IFB fails.

https://forum.vyos.io/t/limit-download-and-upload-on-wan-for-every-vlan/5608/51

Tue, Sep 22, 4:58 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
zsdc changed the status of T2916: A state of VTI interface in a configuration does not being processing properly from Open to Confirmed.
Tue, Sep 22, 4:55 PM · VyOS 1.3 Equuleus
zsdc created T2916: A state of VTI interface in a configuration does not being processing properly.
Tue, Sep 22, 4:55 PM · VyOS 1.3 Equuleus
Viacheslav claimed T2915: Lost "proxy-arp-pvlan" option for vlan.
Tue, Sep 22, 4:53 PM · VyOS 1.3 Equuleus
Viacheslav created T2915: Lost "proxy-arp-pvlan" option for vlan.
Tue, Sep 22, 4:33 PM · VyOS 1.3 Equuleus
SrividyaA renamed T2914: OpenVPN: Fix for IPv4 remote-host hostname in client mode: from OpenVPN: Fix for IPv4 remote-host addresses in client mode: to OpenVPN: Fix for IPv4 remote-host hostname in client mode:.
Tue, Sep 22, 12:12 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
SrividyaA created T2914: OpenVPN: Fix for IPv4 remote-host hostname in client mode:.
Tue, Sep 22, 12:11 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav added a comment to T2895: VPN IPsec "leftsubnet" declared 2 times.

PR for rolling https://github.com/vyos/vyatta-cfg-vpn/pull/38

Tue, Sep 22, 11:48 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav claimed T2895: VPN IPsec "leftsubnet" declared 2 times.

It declared 2 times, because there is 2 checks

Tue, Sep 22, 11:19 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav added a comment to T2883: op-mode reset vpn command shows wrong completion.

PR https://github.com/vyos/vyatta-ravpn/pull/16

Tue, Sep 22, 10:39 AM · VyOS 1.2 Crux
Viacheslav added a comment to T2883: op-mode reset vpn command shows wrong completion.

This is the output of this line

Tue, Sep 22, 7:45 AM · VyOS 1.2 Crux
azdle created T2913: Failure to install fpm while building builder docker image.
Tue, Sep 22, 1:53 AM · VyOS 1.2 Crux

Mon, Sep 21

c-po claimed T2912: When setting MTU check for hardware maximum supported MTU size.
Mon, Sep 21, 8:41 PM · VyOS 1.3 Equuleus
c-po created T2912: When setting MTU check for hardware maximum supported MTU size.
Mon, Sep 21, 8:41 PM · VyOS 1.3 Equuleus
c-po closed T2788: adding interface with macsec to bridge failded as Resolved.
Mon, Sep 21, 8:25 PM
Viacheslav added a comment to T2806: ipsec generates false warning on commit when local prefix is sourced from loopback.

@olofl if was an example with grep, I didn't want to show the complete routing table.
If you want to check the route, this commit exactly check 2 tables. Table 254 and table local
In your case it will be 2 checks:

Mon, Sep 21, 6:48 PM
c-po added a comment to T2788: adding interface with macsec to bridge failded.

The problem is that interface eth1 is exclusivly added to macsec1 as its lower interface. Thus you can not add it as a bridge member to br0.

Mon, Sep 21, 4:21 PM
c-po added a parent task for T2088: Increased boot time from 1.2.4 -> 1.3 rolling by 100%: T1230: Improving Boot Time for Large Firewall Configurations.
Mon, Sep 21, 4:13 PM · VyOS 1.3 Equuleus
c-po added a subtask for T1230: Improving Boot Time for Large Firewall Configurations: T2088: Increased boot time from 1.2.4 -> 1.3 rolling by 100%.
Mon, Sep 21, 4:13 PM · VyOS 1.3 Equuleus
c-po claimed T2788: adding interface with macsec to bridge failded.
Mon, Sep 21, 3:29 PM
olofl added a comment to T2806: ipsec generates false warning on commit when local prefix is sourced from loopback.

Notice how my loopback interface with mask /32 does *not* show /32 in route table local.

Mon, Sep 21, 1:22 PM
Viacheslav added a comment to T2806: ipsec generates false warning on commit when local prefix is sourced from loopback.

@olofl it checks ip addresses assigned to the loopback interface which located in the table "local"

Mon, Sep 21, 1:09 PM
SteveP created T2911: new pppoe warnings recently.
Mon, Sep 21, 12:02 PM
mpueschel added a comment to T2861: route-map "set community additive" not working correctly.

Thanks for testing @SrividyaA . As described in the commit you mentioned (https://phabricator.vyos.net/R12:aba26326537cca5b689e5a32f860608d2a9f8510), the additive keyword works correctly when the string is quoted, and it also works for large-communities, even though "additive" is not suggested in the tab completion for large-communities:

Mon, Sep 21, 11:35 AM · VyOS 1.3 Equuleus
olofl added a comment to T2806: ipsec generates false warning on commit when local prefix is sourced from loopback.

@Viacheslav does that PR check for x.x.x.x/32 ? Because the ip route show table local does not contain the netmask /32. While ip route show table 254 actually shows the prefixes with /cidr notation.

Mon, Sep 21, 9:27 AM
Viacheslav added a comment to T2893: Remove broken MSS-clamping old command.

It use different directions

Mon, Sep 21, 7:23 AM
jack9603301 updated the task description for T2898: Support NDP proxy.
Mon, Sep 21, 6:41 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
jack9603301 updated the task description for T2898: Support NDP proxy.
Mon, Sep 21, 5:58 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
jack9603301 updated the task description for T2898: Support NDP proxy.
Mon, Sep 21, 5:58 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus

Sun, Sep 20

c-po triaged T2910: XML: generator should support override of variables as Normal priority.
Sun, Sep 20, 6:50 PM · VyOS 1.3 Equuleus
c-po created T2910: XML: generator should support override of variables.
Sun, Sep 20, 6:48 PM · VyOS 1.3 Equuleus
Magnum added a comment to T2908: VRF and bridge membership isn’t mutually exclusive.

First create a vrf and bridge interface and add eth1 to the bridge:

Sun, Sep 20, 3:55 PM · VyOS 1.3 Equuleus
Magnum added a comment to T2907: OpenVPN: Option to disable encryption.

PR for vyos-1x: https://github.com/vyos/vyos-1x/pull/547

Sun, Sep 20, 3:32 PM · openvpn, VyOS 1.3 Equuleus
Magnum added a comment to T2906: OpenVPN: tls-auth missing key direction.

PR for vyos-1x: https://github.com/vyos/vyos-1x/pull/548

Sun, Sep 20, 3:31 PM · VyOS 1.3 Equuleus, openvpn
c-po added a comment to T2908: VRF and bridge membership isn’t mutually exclusive.

Can you share some config snippets with real set commands? Sounds like a problem with the bridge validator.

Sun, Sep 20, 1:24 PM · VyOS 1.3 Equuleus
c-po added a comment to T2908: VRF and bridge membership isn’t mutually exclusive.
Sun, Sep 20, 1:23 PM · VyOS 1.3 Equuleus
Magnum created T2908: VRF and bridge membership isn’t mutually exclusive.
Sun, Sep 20, 1:17 PM · VyOS 1.3 Equuleus
c-po closed T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value as Resolved.
Sun, Sep 20, 12:49 PM · VyOS 1.3 Equuleus
c-po closed T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.
Sun, Sep 20, 12:49 PM · VyOS 1.3 Equuleus
c-po closed T2904: 802.1ad / Q-in-Q ethertype default not utilized, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.
Sun, Sep 20, 12:49 PM · VyOS 1.3 Equuleus
c-po closed T2904: 802.1ad / Q-in-Q ethertype default not utilized as Resolved.
Sun, Sep 20, 12:49 PM · VyOS 1.3 Equuleus
c-po closed T2905: Sync CLI nodes between PPPoE and WWAN interface, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.
Sun, Sep 20, 12:48 PM · VyOS 1.3 Equuleus
c-po closed T2905: Sync CLI nodes between PPPoE and WWAN interface as Resolved.
Sun, Sep 20, 12:48 PM · VyOS 1.3 Equuleus
Magnum created T2907: OpenVPN: Option to disable encryption.
Sun, Sep 20, 12:41 PM · openvpn, VyOS 1.3 Equuleus