In T6136#180149, @n.fort wrote:And a simple note for your usage @wenzk
Change
set firewall ipv4 name WAN_IN rule 30 icmp
to this:
set firewall ipv4 name WAN_IN rule 30 protocol icmp
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Today
Today
wenzk added a comment to T6136: Configuring a dynamic address group, config script did not check whether the group was created.
Yesterday
Yesterday
c-po added a project to T6127: Ability to view logs for rules with Offload not functional: VyOS 1.5 Circinus.
馃憤
Thanks
Fix to docs pending:
https://github.com/vyos/vyos-documentation/pull/1331
Well that is a fault of the docs; I will add now. Thanks !
@jestabro this is perfect, I am so sorry for creating a false feature request. The doc does not mention it, I should have looked into the server code to check first. My bad, all good now.
curl -k -X POST -Fkey=baz -Fdata='{"op": "exists", "path": ["service","no","such","subpath"]}' https://192.168.122.238/retrieve|jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 340 100 47 100 293 547 3414 --:--:-- --:--:-- --:--:-- 4000 { "success": true, "data": false, }
@penetal does the operation 'exists' not suffice for your needs ?
It looks like the local broken build.
At least it is not reproducible.
You can try to set it on some test VM to be sure if is it an issue with the node or the image itself.
In T6126#180142, @Viacheslav wrote:Can you try the same link as in my example and provide the full output?
n.fort changed the status of T6136: Configuring a dynamic address group, config script did not check whether the group was created from Confirmed to In progress.
n.fort added a comment to T6136: Configuring a dynamic address group, config script did not check whether the group was created.
And a simple note for your usage @wenzk
Change
set firewall ipv4 name WAN_IN rule 30 icmp
to this:
set firewall ipv4 name WAN_IN rule 30 protocol icmp
@Viacheslav I'm not super familiar with git, so hopefully I did everything correctly. Here is the PR:
https://github.com/vyos/vyos-1x/pull/3145
Can you try the same link as in my example and provide the full output?
Viacheslav changed the status of T6121: Extend service config-syn for sections vpn, policy, vrf from Open to Needs testing.
In T6126#180130, @Viacheslav wrote:Could you show show version?
a.apostoliuk changed the status of T6130: [1.3.6->1.4.0-epa2 Migration] BGP "set community" missing, a subtask of T5938: Migration fail root task for 1.4-rc, from Open to In progress.
a.apostoliuk changed the status of T6130: [1.3.6->1.4.0-epa2 Migration] BGP "set community" missing from Open to In progress.
Could you show show version?
Never had this bug with 1.4.0-epa.
vyos@r1-right:~$ show ver Version: VyOS 1.4.0-epa1 Release train: sagitta
Viacheslav triaged T6127: Ability to view logs for rules with Offload not functional as High priority.
Viacheslav triaged T6128: minisign.pub is wrong on https://vyos.net/get/nightly-builds/ as Normal priority.
Viacheslav triaged T6130: [1.3.6->1.4.0-epa2 Migration] BGP "set community" missing as High priority.
Viacheslav closed T3522: policy based routing not working, a subtask of T3505: Commits do not respect changes in FRR that are not stored in a config, as Resolved N/A.
@matthewr Thanks for confirming!
Closing it as resolved now. Feel free to reopen or create a new one if this bug remains again.
Viacheslav triaged T6131: Disabling openvpn interface(s) causes OSPF to fail to load on reboot as High priority.
Viacheslav changed the status of T6136: Configuring a dynamic address group, config script did not check whether the group was created from Open to Confirmed.
Viacheslav triaged T6137: dhcp files and directory permission not correct after image uprgading as Normal priority.
Sun, Mar 17
Sun, Mar 17
Here's the generated configuration from /run/conntrackd/conntrackd.conf:
# Synchronizer settings Sync { Mode FTFW { DisableExternalCache on } Multicast { IPv4_address 225.0.0.50 Group 3780 IPv4_interface 192.168.15.3 Interface bond0.110 SndSocketBuffer 104857600 RcvSocketBuffer 104857600 Checksum on } } Helper { Type rpc inet tcp { QueueNum 3 Policy rpc { ExpectMax 1 ExpectTimeout 300 } } Type rpc inet udp { QueueNum 4 Policy rpc { ExpectMax 1 ExpectTimeout 300 } } Type tns inet tcp { QueueNum 5 Policy tns { ExpectMax 1 ExpectTimeout 300 } } }
penetal updated the task description for T6135: HTTPS API endpoint to check if an empty config exists.
robertoberto closed T6134: AttributeError in vyos_unattended_installer.py When Installing GRUB Configuration as Resolved.
Sun, Mar 17, 3:58 PM 路 Unknown Object (Project)
robertoberto added a comment to T6134: AttributeError in vyos_unattended_installer.py When Installing GRUB Configuration.
Fixed in https://github.com/vyos/vyos-1x/commit/84b520dd580b7725de4c9e62b11ec490cb8d3f4f. The 1.4.0-epa2 build was created before the patch was applied.
Sun, Mar 17, 3:58 PM 路 Unknown Object (Project)
Just in case it helps, after a migration from 1.3 to 1.4.0-epa2, the migrated config ends up as:-
robertoberto created T6134: AttributeError in vyos_unattended_installer.py When Installing GRUB Configuration.
Sun, Mar 17, 3:17 PM 路 Unknown Object (Project)
c-po changed the status of T6133: Add domain-name to commit-archive, a subtask of T4942: Rewrite vyatta-config-mgmt to Python/XML, from Open to In progress.
See T6131 for a report of the VTUN/OSPF issue with a simple lab config, which occurs separately from a migration.
c-po changed the status of T6129: bgp: add route-map option "as-path exclude all" from Open to In progress.
c-po changed the status of T6129: bgp: add route-map option "as-path exclude all", a subtask of T5788: frr: update to 9.1 release, from Open to In progress.
Sat, Mar 16
Sat, Mar 16
We'll update the key and make a post about it soon, sorry for the lengthy mix-up.
robertoberto added a comment to T6128: minisign.pub is wrong on https://vyos.net/get/nightly-builds/.
comments above are for
Bumped into another instance of this issue:
sh curl -k --location --request POST "https://$VYOS_HOST/configure" --form key="$VYOS_KEY" --form data='[{"op":"set","path":["policy", "access-list", "2", "rule", "5", "description", "2024-03-16T14:52:44Z"]}]' {"success": false, "error": "[[policy]] failed\nCommit failed\n", "data": null}
c-po moved T4022: Add package nat-rtsp-dkms from Need Triage to Finished on the VyOS 1.5 Circinus board.
@jestabro I have tested my usecase now and it seems the problem is fixed and the API no longer segfaults. Thank you so much for the fix and the fantastic turn around on this.
Fri, Mar 15
Fri, Mar 15
Should add the ability to view the default action log would be nice as well.
L0crian renamed T6127: Ability to view logs for rules with Offload not functional from Ability to view logs for rules with Offload not available to Ability to view logs for rules with Offload not functional.
n.fort added a comment to T6090: [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity.
PR for 1.5: https://github.com/vyos/vyos-1x/pull/3137
I can download the image and add it from path just fine, e.g this works fine:
daniil renamed T6125: Support 802.1ad (0x88a8) vlan filtering for bridge from Support 802.1ad (0x88a8) for bridge to Support 802.1ad (0x88a8) vlan filtering for bridge.
Apachez added a comment to T6091: [1.3.3->1.4.0-epa1 Migration] NTP "listen-address" config removed.
Proper would be to throw out chrony and use ntpsec instead which supports proper filtering.
Viacheslav edited projects for T6124: Docker equuleus build image doesn't build due to fpm, added: VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus.
matthewr added a comment to T6091: [1.3.3->1.4.0-epa1 Migration] NTP "listen-address" config removed.
Given that Chrony only allows one bind address, versus ntpd which allows multiple, a "wontfix" sounds like the correct answer! :-)
n.fort changed the status of T6090: [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity, a subtask of T5938: Migration fail root task for 1.4-rc, from Open to Confirmed.
n.fort changed the status of T6090: [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity from Open to Confirmed.
Viacheslav changed the status of T6109: remote syslog do not get all the logs from Open to Needs reporter action.
@m.serdienis Add set of configuration commands to reproduce.
The issue is which to choose if there are multiple, thus removing all, chrony will listen on all interfaces.
Viacheslav edited projects for T6108: VTYSH - Slowdown, added: VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus.
Viacheslav triaged T6106: Valid commit error for route-reflector-client option defined in peer-group as High priority.
Viacheslav triaged T6105: Service HTTPS using ACME certificate does not present full chain as Normal priority.
Viacheslav triaged T6091: [1.3.3->1.4.0-epa1 Migration] NTP "listen-address" config removed as Normal priority.
Most likely won't fix
https://chrony-project.org/doc/3.4/chrony.conf.html
Viacheslav triaged T6090: [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity as High priority.
I don't think it is expected to get speed to the node itself.
A router is generally used for forwarding traffic. It is better to use iperf to check the speed between 2 hosts.