Page MenuHomeVyOS Platform
Feed All Stories

Sep 20 2020

Magnum created T2906: OpenVPN: tls-auth missing key direction.
Sep 20 2020, 12:37 PM · VyOS 1.3 Equuleus (1.3.0), openvpn
c-po updated the task description for T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value.
Sep 20 2020, 11:34 AM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2905: Sync CLI nodes between PPPoE and WWAN interface, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, from Open to In progress.
Sep 20 2020, 11:08 AM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2905: Sync CLI nodes between PPPoE and WWAN interface from Open to In progress.
Sep 20 2020, 11:08 AM · VyOS 1.3 Equuleus (1.3.0)
c-po created T2905: Sync CLI nodes between PPPoE and WWAN interface.
Sep 20 2020, 11:08 AM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2904: 802.1ad / Q-in-Q ethertype default not utilized, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, from Open to In progress.
Sep 20 2020, 11:04 AM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2904: 802.1ad / Q-in-Q ethertype default not utilized from Open to In progress.
Sep 20 2020, 11:04 AM · VyOS 1.3 Equuleus (1.3.0)
c-po created T2904: 802.1ad / Q-in-Q ethertype default not utilized.
Sep 20 2020, 11:04 AM · VyOS 1.3 Equuleus (1.3.0)
c-po updated the task description for T2902: "add system image" fails when appending XX to image name.
Sep 20 2020, 8:15 AM · VyOS 1.2 Crux (VyOS 1.2.7)
c-po updated the task description for T2902: "add system image" fails when appending XX to image name.
Sep 20 2020, 8:09 AM · VyOS 1.2 Crux (VyOS 1.2.7)
c-po updated the task description for T2902: "add system image" fails when appending XX to image name.
Sep 20 2020, 7:47 AM · VyOS 1.2 Crux (VyOS 1.2.7)
c-po changed Version from - to 1.3-rolling-202009200118 on T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value.
Sep 20 2020, 7:42 AM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, from Open to In progress.
Sep 20 2020, 7:42 AM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value from Open to In progress.
Sep 20 2020, 7:42 AM · VyOS 1.3 Equuleus (1.3.0)
c-po updated the task description for T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value.
Sep 20 2020, 7:41 AM · VyOS 1.3 Equuleus (1.3.0)
c-po created T2903: Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value.
Sep 20 2020, 7:41 AM · VyOS 1.3 Equuleus (1.3.0)
c-po updated the task description for T2902: "add system image" fails when appending XX to image name.
Sep 20 2020, 7:37 AM · VyOS 1.2 Crux (VyOS 1.2.7)
c-po created T2902: "add system image" fails when appending XX to image name.
Sep 20 2020, 7:36 AM · VyOS 1.2 Crux (VyOS 1.2.7)
jack9603301 added a comment to T2898: Support NDP proxy.

@c-po If I want to be an interface-ethernet.xml.in Add custom configuration actions (such as proxy NDP) with certain extensibility (its configuration can be extended in other places). What should I do?

Sep 20 2020, 3:19 AM · VyOS 1.4 Sagitta
Cheeze_It added a comment to T2898: Support NDP proxy.

@Cheeze_It

I also take into account the specific situation of the ndp proxy, the configuration of this link prompts, the configuration format of the ndp proxy is like this.

https://manpages.debian.org/buster/ndppd/ndppd.conf.5.en.html

Sep 20 2020, 12:22 AM · VyOS 1.4 Sagitta

Sep 19 2020

eronlloyd updated eronlloyd.
Sep 19 2020, 11:26 PM
eronlloyd updated eronlloyd.
Sep 19 2020, 11:26 PM
c-po closed T2901: Update Linux Kernel to v4.19.146 as Resolved.
Sep 19 2020, 8:40 PM · VyOS 1.3 Equuleus (1.3.0)
c-po created T2901: Update Linux Kernel to v4.19.146.
Sep 19 2020, 8:38 PM · VyOS 1.3 Equuleus (1.3.0)
c-po closed T2900: DNS forwarding: invalid warning is shown for "system name-server" or "system name-servers-dhcp" even if present as Resolved.
Sep 19 2020, 8:36 PM · VyOS 1.3 Equuleus (1.3.0)
c-po updated the task description for T2900: DNS forwarding: invalid warning is shown for "system name-server" or "system name-servers-dhcp" even if present.
Sep 19 2020, 8:34 PM · VyOS 1.3 Equuleus (1.3.0)
c-po updated the task description for T2900: DNS forwarding: invalid warning is shown for "system name-server" or "system name-servers-dhcp" even if present.
Sep 19 2020, 8:26 PM · VyOS 1.3 Equuleus (1.3.0)
c-po created T2900: DNS forwarding: invalid warning is shown for "system name-server" or "system name-servers-dhcp" even if present.
Sep 19 2020, 8:25 PM · VyOS 1.3 Equuleus (1.3.0)
c-po added a comment to T2875: WiFi interface configured as station can not be added to bridge.

Interesting post: https://serverfault.com/questions/152363/bridging-wlan0-to-eth0

Sep 19 2020, 8:14 PM · VyOS 1.3 Equuleus (1.3.0)
c-po renamed T2875: WiFi interface configured as station can not be added to bridge from Cannot add WiFi interface to Bridge to WiFi interface configured as station can not be added to bridge.
Sep 19 2020, 8:08 PM · VyOS 1.3 Equuleus (1.3.0)
c-po closed T2894: bond: lacp: member interfaces get removed once bond interface has vlans configured as Resolved.
Sep 19 2020, 7:12 PM · VyOS 1.3 Equuleus (1.3.0)
c-po added a comment to T2894: bond: lacp: member interfaces get removed once bond interface has vlans configured.

Resolved via https://github.com/vyos/vyos-1x/commit/d1c9ee33f25e45cea0d01f9685f99c960ed4d7f8

Sep 19 2020, 7:12 PM · VyOS 1.3 Equuleus (1.3.0)
rob created T2899: remote syslog server migration error on update.
Sep 19 2020, 6:54 PM · Restricted Project
jack9603301 moved T2898: Support NDP proxy from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
Sep 19 2020, 6:12 PM · VyOS 1.4 Sagitta
jack9603301 moved T2518: Support NAT for ipv6(NPT) from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
Sep 19 2020, 6:12 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

I also take into account the specific situation of the ndp proxy, the configuration of this link prompts, the configuration format of the ndp proxy is like this.

Sep 19 2020, 6:06 PM · VyOS 1.4 Sagitta
jack9603301 updated the task description for T2898: Support NDP proxy.
Sep 19 2020, 5:51 PM · VyOS 1.4 Sagitta
jack9603301 updated the task description for T2898: Support NDP proxy.
Sep 19 2020, 5:51 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

No arp proxy option is found in the configuration path, ndp proxy can manage multiple address rules under one interface

vyos@vyos# set interfaces ethernet eth0 ip 
Possible completions:
   arp-cache-timeout
                ARP cache entry timeout in seconds
   disable-arp-filter
                Disable ARP filter on this interface
   enable-arp-accept
                Enable ARP accept on this interface
   enable-arp-announce
                Enable ARP announce on this interface
   enable-arp-ignore
                Enable ARP ignore on this interface
   enable-proxy-arp
                Enable proxy-arp on this interface
 > ospf         Open Shortest Path First (OSPF) parameters
   proxy-arp-pvlan
                Enable private VLAN proxy ARP on this interface
 > rip          Routing Information Protocol (RIP)
   source-validation
                Policy for source validation by reversed path, as specified in RFC3704
Sep 19 2020, 5:46 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

Although I intended to think that it is easier to write scripts under the protocol, but from an intuitive point of view, it seems that this path is also a good choice (users can use the same command line as the arp proxy to configure) I have written it A sample, then only need to decide how to modify the cli

Sep 19 2020, 5:24 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

set interfaces ethernet eth0 ip proxy-arp

The more suitable position may be set protocol ndp-proxy

I...really would like to not put it under "protocols" but to put it under the interface. It's *much* easier and more intuitive to see it under the interface/sub-interface than to see it in its' own stanza under "protocol" node.

Also, I'd argue it would be reasonable to separate ARP proxy and NDP proxy. That way one can pick and choose. Of course ARP proxy can't work without an IP address configured. NDP proxy can't be configured without an IPv6 address configured (those could be used as checks against configuring it on an empty interface).

Sep 19 2020, 5:21 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

If possible, give your suggested cli path for my reference

Sep 19 2020, 5:18 PM · VyOS 1.4 Sagitta
Cheeze_It added a comment to T2898: Support NDP proxy.

set interfaces ethernet eth0 ip proxy-arp

The more suitable position may be set protocol ndp-proxy

Sep 19 2020, 5:00 PM · VyOS 1.4 Sagitta
c-po changed the status of T2894: bond: lacp: member interfaces get removed once bond interface has vlans configured from Open to In progress.
Sep 19 2020, 2:34 PM · VyOS 1.3 Equuleus (1.3.0)
jack9603301 updated the task description for T2898: Support NDP proxy.
Sep 19 2020, 1:34 PM · VyOS 1.4 Sagitta
jack9603301 changed the status of T2898: Support NDP proxy, a subtask of T2518: Support NAT for ipv6(NPT), from Open to In progress.
Sep 19 2020, 9:39 AM · VyOS 1.4 Sagitta
jack9603301 changed the status of T2898: Support NDP proxy from Open to In progress.
Sep 19 2020, 9:39 AM · VyOS 1.4 Sagitta
jack9603301 updated the task description for T2898: Support NDP proxy.
Sep 19 2020, 7:21 AM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

I can't find how to enable ipv6 connection tracking. Recompiling and modifying the linux kernel switch does not seem to see the module loaded. I think the current nat66 has completed 90%, and only need to implement ndp proxy to make it work normally.

Sep 19 2020, 7:20 AM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

set interfaces ethernet eth0 ip proxy-arp

Sep 19 2020, 7:17 AM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

I think we do need it, we can’t let users manage all IP manually unless we implement stateful NAT66

Sep 19 2020, 7:15 AM · VyOS 1.4 Sagitta
c-po added a comment to T2898: Support NDP proxy.

set interfaces ethernet eth0 ip proxy-arp. Isn‘t the Kernel sysctl interface enough? Do we really need a daemon?

Sep 19 2020, 6:57 AM · VyOS 1.4 Sagitta
jack9603301 triaged T2898: Support NDP proxy as Normal priority.
Sep 19 2020, 6:41 AM · VyOS 1.4 Sagitta
jack9603301 claimed T2898: Support NDP proxy.
Sep 19 2020, 6:40 AM · VyOS 1.4 Sagitta
jack9603301 updated the task description for T2898: Support NDP proxy.
Sep 19 2020, 6:30 AM · VyOS 1.4 Sagitta
jack9603301 added a project to T2898: Support NDP proxy: VyOS 1.2 Crux.
Sep 19 2020, 6:29 AM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

Beeing stateless or statefull both should work. We can add a CLI node for the proxy.ndp option like we have for proxy arp on ipv4, no big deal.

Sep 19 2020, 5:29 AM · VyOS 1.4 Sagitta
jack9603301 created T2898: Support NDP proxy.
Sep 19 2020, 3:59 AM · VyOS 1.4 Sagitta

Sep 18 2020

syncer changed the subtype of T2713: VyOS must not change permissions on files in /config/auth from "Task" to "Bug".
Sep 18 2020, 8:13 PM · VyOS 1.3 Equuleus (1.3.0)
syncer archived VyOS 1.2 Crux (VyOS 1.2.6).
Sep 18 2020, 7:58 PM
Unknown Object (User) created T2897: Remove cluster command.
Sep 18 2020, 7:49 PM · VyOS 1.4 Sagitta
diekos updated the task description for T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.
Sep 18 2020, 6:56 PM · VyOS 1.3 Equuleus (1.3.0)
diekos created T2896: set ip route 0.0.0.0/0 dhcp-interface eth0.
Sep 18 2020, 6:55 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T2806: ipsec generates false warning on commit when local prefix is sourced from loopback.

Let's check and table "local"
PR for rolling https://github.com/vyos/vyatta-cfg-vpn/pull/37

Sep 18 2020, 6:21 PM · VyOS 1.2 Crux (VyOS 1.2.8)
Viacheslav created T2895: VPN IPsec "leftsubnet" declared 2 times.
Sep 18 2020, 6:09 PM · VyOS 1.3 Equuleus (1.3.0-epa1)
Cheeze_It added a comment to T1316: Support for IS-IS .

@Viacheslav, I am unsure if you're able to finish the template and/or work on it more but if you guys ever choose to complete it and add it into rolling then I can test it out in my lab.

Sep 18 2020, 5:32 PM · VyOS 1.3 Equuleus (1.3.0)
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).
In T2518#75586, @c-po wrote:

Beeing stateless or statefull both should work. We can add a CLI node for the proxy.ndp option like we have for proxy arp on ipv4, no big deal.

Sep 18 2020, 2:56 PM · VyOS 1.4 Sagitta
c-po added a comment to T2518: Support NAT for ipv6(NPT).

Beeing stateless or statefull both should work. We can add a CLI node for the proxy.ndp option like we have for proxy arp on ipv4, no big deal.

Sep 18 2020, 2:49 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

This is a milestone, which means we have to decide whether to use stateful or stateless

Sep 18 2020, 1:58 PM · VyOS 1.4 Sagitta
JessterSB added a comment to T2518: Support NAT for ipv6(NPT).

I worked with @jack9603301 and discovered [1] that stateless NAT66 depends on IPv6 neighbor proxy, otherwise VyOS will not respond to IPv6 neighbor discovery broadcasts.

Sep 18 2020, 1:55 PM · VyOS 1.4 Sagitta
SrividyaA added a comment to T2861: route-map "set community additive" not working correctly.

Tested in LTS 1.2.5 and latest rolling release, where it is not allowing to add the AA:NN along with Additive

Sep 18 2020, 1:13 PM · VyOS 1.3 Equuleus (1.3.0)
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

It is confirmed that there is a bug in the implementation, but no solution has been found yet. In the nat66 rule, the prefix translation is indeed performed in the expected behavior, but the upstream device cannot return the data packet from the specific prefix. If the community has a good solution, please let me know

Sep 18 2020, 11:45 AM · VyOS 1.4 Sagitta
jack9603301 changed the status of T2518: Support NAT for ipv6(NPT) from On hold to In progress.
Sep 18 2020, 10:50 AM · VyOS 1.4 Sagitta
Unknown Object (User) added a parent task for T1251: IKEv2 Agile VPN Support: T2816: Rewrite IPsec scripts with the new XML/Python approach.
Sep 18 2020, 10:41 AM · VyOS 1.3 Equuleus (1.3.0)
Unknown Object (User) added a subtask for T2816: Rewrite IPsec scripts with the new XML/Python approach: T1251: IKEv2 Agile VPN Support.
Sep 18 2020, 10:41 AM · VyOS 1.4 Sagitta
Unknown Object (User) closed T945: Unable to change configuration after changing it from script (vbash + script-template) as Resolved.

Marked as resolved

Sep 18 2020, 8:48 AM · VyOS 1.3 Equuleus (1.3.0-epa1)

Sep 17 2020

c-po triaged T2894: bond: lacp: member interfaces get removed once bond interface has vlans configured as Unbreak Now! priority.
Sep 17 2020, 7:28 PM · VyOS 1.3 Equuleus (1.3.0)
c-po created T2894: bond: lacp: member interfaces get removed once bond interface has vlans configured.
Sep 17 2020, 7:28 PM · VyOS 1.3 Equuleus (1.3.0)
Unknown Object (User) changed the status of T2891: Support to change ring-buffers from CLI from Open to Needs testing.

Thanks, let's merge it only after 1.2.6 release

Sep 17 2020, 5:55 PM · Unknown Object (Project), VyOS 1.2 Crux (VyOS 1.2.7)
c-po added a comment to T2891: Support to change ring-buffers from CLI.

No objection as its a minor enhancement

Sep 17 2020, 5:23 PM · Unknown Object (Project), VyOS 1.2 Crux (VyOS 1.2.7)
Unknown Object (User) added a comment to T2891: Support to change ring-buffers from CLI.

Can we add this implementation for crux in the old style?
https://github.com/DmitriyEshenko/vyatta-cfg-system/commit/0adc41a62b6d532da7c4b47cb5da920d1ed39664

Sep 17 2020, 12:48 PM · Unknown Object (Project), VyOS 1.2 Crux (VyOS 1.2.7)
Unknown Object (User) added a project to T2891: Support to change ring-buffers from CLI: VyOS 1.2 Crux (VyOS 1.2.7).
Sep 17 2020, 12:46 PM · Unknown Object (Project), VyOS 1.2 Crux (VyOS 1.2.7)
zsdc closed T2888: Cloud-init images refuse to work with network-based datasource such as Ec2 or OpenStack (but do work with OpenStack's config drive) as Invalid.

The main reason for such issues is missing a good one instructions on how to build a proper one image.

Sep 17 2020, 12:21 PM · VyOS 1.3 Equuleus (1.3.0)
Unknown Object (User) created T2893: Remove broken MSS-clamping old command.
Sep 17 2020, 11:46 AM
Unknown Object (User) triaged T2892: Remove command: "set firewall options interface <interface> disable" as Low priority.
Sep 17 2020, 10:41 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).
Sep 17 2020, 5:03 AM · VyOS 1.4 Sagitta
JessterSB added a comment to T2518: Support NAT for ipv6(NPT).

@jack9603301 Here is R1

Sep 17 2020, 3:00 AM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2518: Support NAT for ipv6(NPT).

Please give the configuration of R1 so that I can immediately test your topology in the simulation environment

Sep 17 2020, 2:50 AM · VyOS 1.4 Sagitta

Sep 16 2020

JessterSB added a comment to T2518: Support NAT for ipv6(NPT).

Hey guys, I am testing nat66 from @jack9603301 which @c-po provided the ISO for me today (VyOS 1.3-nat66-202009161808)

Sep 16 2020, 10:50 PM · VyOS 1.4 Sagitta
Unknown Object (User) claimed T2891: Support to change ring-buffers from CLI.
Sep 16 2020, 7:32 PM · Restricted Project, VyOS 1.2 Crux (VyOS 1.2.7)
Unknown Object (User) created T2891: Support to change ring-buffers from CLI.
Sep 16 2020, 7:32 PM · Restricted Project, VyOS 1.2 Crux (VyOS 1.2.7)
kroy added a comment to T2875: WiFi interface configured as station can not be added to bridge.
set interfaces bridge br0 member interface wlan0
Sep 16 2020, 7:17 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T2890: NAT error adding translation address range.

Duplicate T2539

Sep 16 2020, 6:24 PM · VyOS 1.3 Equuleus (1.3.0)
bamu created T2890: NAT error adding translation address range.
Sep 16 2020, 6:18 PM · VyOS 1.3 Equuleus (1.3.0)
c-po closed T2887: WiFi ht40+ channel width is not set in hostaptd.conf as Resolved.
Sep 16 2020, 5:46 PM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2887: WiFi ht40+ channel width is not set in hostaptd.conf from Open to In progress.
Sep 16 2020, 5:34 PM · VyOS 1.3 Equuleus (1.3.0)
c-po closed T2886: RADIUS authentication broken only returns operator level as Resolved.
Sep 16 2020, 4:56 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav created T2889: Service SNMP doesn't start after adding new addresses.
Sep 16 2020, 3:13 PM · VyOS 1.2 Crux
c-po added a comment to T2886: RADIUS authentication broken only returns operator level.

Add a smoketest to check if the required config options are present in the kernel configuration to prevent this in the future.

Sep 16 2020, 3:02 PM · VyOS 1.3 Equuleus (1.3.0)
c-po changed the status of T2886: RADIUS authentication broken only returns operator level from Open to In progress.
Sep 16 2020, 2:59 PM · VyOS 1.3 Equuleus (1.3.0)