Page MenuHomeVyOS Platform
Feed Advanced Search

Sep 18 2021

c-po changed the status of T1968: Allow multiple static routes in dhcp-server from Open to In progress.
Sep 18 2021, 7:08 PM · VyOS 1.4 Sagitta
c-po closed T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0 as Resolved.
Sep 18 2021, 1:22 PM · VyOS 1.4 Sagitta
masimo added a comment to T1968: Allow multiple static routes in dhcp-server.

I'm also hitting this issue in 1.4-rolling-202109160217
This task has been kicking around for a while now. What needs to be done to get the code from @ruliane or @elbandi into the rolling build?

Sep 18 2021, 11:19 AM · VyOS 1.4 Sagitta
c-po added a comment to T2738: Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization.

Enabling debugging gives me:

Sep 18 2021, 9:35 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0-epa1)
edofullin added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

Are there updates on this issue?

Sep 18 2021, 8:27 AM · VyOS 1.4 Sagitta
c-po added a comment to T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.

Related/Duplicate issue of T3680

Sep 18 2021, 6:46 AM · VyOS 1.4 Sagitta
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:30 AM · VyOS 1.4 Sagitta
kroy added a comment to T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.

It's worth adding the no-default-route to the dhcp-options and adding a line like

Sep 18 2021, 5:29 AM · VyOS 1.4 Sagitta
kroy renamed T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway from Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 gateway to Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:27 AM · VyOS 1.4 Sagitta
kroy renamed T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway from Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 route to Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:27 AM · VyOS 1.4 Sagitta
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:24 AM · VyOS 1.4 Sagitta
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:24 AM · VyOS 1.4 Sagitta
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:23 AM · VyOS 1.4 Sagitta
kroy changed Version from 1.4-rolling- to 1.4-rolling-202109160207 on T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:22 AM · VyOS 1.4 Sagitta
kroy created T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 18 2021, 5:20 AM · VyOS 1.4 Sagitta

Sep 17 2021

c-po closed T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified as Resolved.
Sep 17 2021, 6:56 PM · VyOS 1.4 Sagitta
c-po added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.

Thank you for testing!

Sep 17 2021, 6:56 PM · VyOS 1.4 Sagitta
UnicronNL changed the status of T3834: [OPENVPN] Support for Two Factor Authentication totp. from Open to In progress.
Sep 17 2021, 11:05 AM · VyOS 1.4 Sagitta
erkin added a comment to T3823: strip-private does not filter public IPv6 addresses.

Something about commands is meddling with strip-private. I'm looking into it.

Sep 17 2021, 8:10 AM · VyOS 1.4 Sagitta
erkin added a comment to T3823: strip-private does not filter public IPv6 addresses.

Now this is quite strange....

$ echo '2001:1578:2fe:fffd::/64' | strip-private
xxxx:xxxx:2fe:fffd::/64
Sep 17 2021, 8:07 AM · VyOS 1.4 Sagitta
erkin changed the status of T3823: strip-private does not filter public IPv6 addresses from Open to In progress.
Sep 17 2021, 8:04 AM · VyOS 1.4 Sagitta
lucasec added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.

Tested on latest build VyOS 1.4-rolling-202109160217 and confirmed it is adding the remote id attribute by default as expected. Connections establish without issue.

Sep 17 2021, 4:02 AM · VyOS 1.4 Sagitta
c-po claimed T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0.
Sep 17 2021, 3:35 AM · VyOS 1.4 Sagitta

Sep 16 2021

sempervictus added a comment to T3833: Cloud-init not finding data source in OpenStack.

Curl checks come back with:

root@vyos:/tmp# curl 169.254.169.254/latest/meta-data
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
reservation-id
security-groups
Sep 16 2021, 4:01 PM · VyOS 1.4 Sagitta
sempervictus renamed T3833: Cloud-init not finding data source in OpenStack from Cloud-init not inding data source in OpenStack to Cloud-init not finding data source in OpenStack.
Sep 16 2021, 3:59 PM · VyOS 1.4 Sagitta
sempervictus created T3833: Cloud-init not finding data source in OpenStack.
Sep 16 2021, 3:53 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0 from Open to Confirmed.

xfrm if_id should not be 0

Sep 16 2021, 1:17 PM · VyOS 1.4 Sagitta

Sep 15 2021

c-po changed the status of T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified from Open to Needs testing.
Sep 15 2021, 5:41 PM · VyOS 1.4 Sagitta
c-po added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.

From https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection (1.3 behavior)

Sep 15 2021, 5:37 PM · VyOS 1.4 Sagitta
zsdc created T3832: Allow to set DHCP client-id in hexadecimal format.
Sep 15 2021, 3:27 PM · VyOS 1.4 Sagitta
Unknown Object (User) updated the task description for T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0.
Sep 15 2021, 9:13 AM · VyOS 1.4 Sagitta
Unknown Object (User) updated the task description for T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0.
Sep 15 2021, 9:12 AM · VyOS 1.4 Sagitta
Unknown Object (User) created T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0.
Sep 15 2021, 8:43 AM · VyOS 1.4 Sagitta
lucasec assigned T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified to c-po.
Sep 15 2021, 5:57 AM · VyOS 1.4 Sagitta
lucasec created T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.
Sep 15 2021, 5:57 AM · VyOS 1.4 Sagitta

Sep 14 2021

sarthurdev added a comment to T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta.

Good shout, fixed in following PR: https://github.com/vyos/vyos-1x/pull/1005

Sep 14 2021, 9:05 AM · VyOS 1.4 Sagitta
Viacheslav removed a project from T3702: Policy: Allow routing by fwmark: VyOS 1.2 Crux.
Sep 14 2021, 8:09 AM · VyOS 1.3 Equuleus (1.3.5), VyOS 1.4 Sagitta
Viacheslav added a comment to T3823: strip-private does not filter public IPv6 addresses.

This line doesn't match ipv6 addresses https://github.com/vyos/vyos-1x/blob/f86b7314d025fd0cf11c2d91638ed3cc7c4fa507/src/helpers/strip-private.py#L66

Sep 14 2021, 7:19 AM · VyOS 1.4 Sagitta
lucasec added a comment to T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta.

Booted my host with 1.4-rolling-202109140217 and confirmed pfs enabled is now generating the expected swanctl.conf file to match the old behavior. If I don't report back in exactly an hour from now that my tunnels died, we can assume the fix works.

Sep 14 2021, 5:03 AM · VyOS 1.4 Sagitta

Sep 13 2021

c-po changed the status of T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta from Open to Needs testing.
Sep 13 2021, 8:28 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3829: Support separated TCP/IP stack via "ip netns".

To start the proposed CLI:
Needs to be discussed.

Sep 13 2021, 7:34 PM · VyOS 1.4 Sagitta
Viacheslav created T3829: Support separated TCP/IP stack via "ip netns".
Sep 13 2021, 6:21 PM · VyOS 1.4 Sagitta
c-po updated the task description for T3318: Update Linux Kernel to v5.4.208 / 5.10.142.
Sep 13 2021, 6:15 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
stepler added a comment to T3824: Ethernet offload options are not populated in new installs.

1.3-beta-202109120646 doesn't have any commits from T3821:

Sep 13 2021, 1:38 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7)
Viacheslav added a subtask for T2199: Rewrite firewall in new XML/Python style: T478: Firewall address group (multi and nesting).
Sep 13 2021, 1:14 PM · VyOS 1.4 Sagitta
Viacheslav added a parent task for T478: Firewall address group (multi and nesting): T2199: Rewrite firewall in new XML/Python style.
Sep 13 2021, 1:14 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta.

PR: https://github.com/vyos/vyos-1x/pull/1004

Sep 13 2021, 12:52 PM · VyOS 1.4 Sagitta
dmbaturin added a comment to T3824: Ethernet offload options are not populated in new installs.

Migration scripts are meant for adjusting old configs for a new configuration syntax version. I feel that using that mechanism for fresh installs is wrong and we should move that logic to a different place, ideally to the script that inserts MAC addresses in the config—I forgot which script it is.

Sep 13 2021, 9:49 AM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7)
Viacheslav changed the status of T3810: webproxy squidguard rules don't work properly after rewriting to python. from Open to Needs testing.
Sep 13 2021, 7:56 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
lucasec assigned T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta to c-po.
Sep 13 2021, 7:20 AM · VyOS 1.4 Sagitta
lucasec created T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta.
Sep 13 2021, 7:20 AM · VyOS 1.4 Sagitta
c-po added a comment to T3821: Add latest versions to default config files.

Ot feels thos change broke more then it fixed. Can we revert it?

Sep 13 2021, 4:56 AM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta
c-po added a comment to T3824: Ethernet offload options are not populated in new installs.

This is because of T3821

Sep 13 2021, 4:56 AM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7)

Sep 12 2021

c-po claimed T3826: PKI: op-mode - do input validation when listing certificates.
Sep 12 2021, 6:23 PM · VyOS 1.4 Sagitta
c-po created T3826: PKI: op-mode - do input validation when listing certificates.
Sep 12 2021, 6:23 PM · VyOS 1.4 Sagitta
stepler added a comment to T3821: Add latest versions to default config files.

Note the version string should be different in 1.3:

Sep 12 2021, 2:30 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta
stepler created T3824: Ethernet offload options are not populated in new installs.
Sep 12 2021, 2:20 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7)
c-po created T3823: strip-private does not filter public IPv6 addresses.
Sep 12 2021, 7:14 AM · VyOS 1.4 Sagitta

Sep 11 2021

erkin closed T3275: Disable conntrack helpers by default as Resolved.

Backport to 1.3 is complete. See T3821 for further discussion.

Sep 11 2021, 7:50 PM · VyOS 1.5 Circinus
erkin changed the status of T3821: Add latest versions to default config files from Open to In progress.
Sep 11 2021, 7:50 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta
lucasec added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.

FYI, if your OpenVPN config relies on cert files or anything you uploaded into the config directory, you may need to change the owner to the openvpn user or widen file permissions. Oddly this only seems to affect equuleus, not sagitta (OpenVPN seems fine reading files owned by "root" out of "/config/auth").

Sep 11 2021, 8:58 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po removed a project from T3734: Move EVPN VRF up in FRR config: VyOS 1.3 Equuleus.
Sep 11 2021, 8:51 AM · VyOS 1.4 Sagitta
c-po closed T3402: Add VyOS programming library for operational level commands as Resolved.
Sep 11 2021, 8:51 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
dmbaturin edited projects for T915: MPLS Support, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
Sep 11 2021, 1:53 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

Sep 10 2021

c-po added a comment to T3818: BGP export route-map only works after bgpd restart.

Okay, trying to reproduce this. In the meantime, can you please check the behavior with vtysh as restarting bgpd is actually a bad idea.
My gut tells me this might be an FRR issue.

Sep 10 2021, 8:45 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3810: webproxy squidguard rules don't work properly after rewriting to python. .

PR https://github.com/vyos/vyos-1x/pull/1000

Sep 10 2021, 4:07 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po closed T3802: Commit fails if ethernet interface doesn't support flow control as Resolved.
Sep 10 2021, 3:02 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po added a project to T3802: Commit fails if ethernet interface doesn't support flow control: VyOS 1.4 Sagitta.
Sep 10 2021, 2:46 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
dmbaturin removed a project from T3289: No description for node "service" conf-mode: VyOS 1.3 Equuleus.
Sep 10 2021, 2:41 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
dmbaturin removed a project from T2927: isc-dhcpd release and expiry events never execute: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
dmbaturin removed a project from T3304: No way to use ipv4 address as next-hop in route-map: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3301: Wrong format and valueHelp for policy as-path-list regex: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
dmbaturin removed a project from T3395: WAN load-balancing fails with nexthop dhcp: VyOS 1.3 Equuleus.
Sep 10 2021, 2:38 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
dmbaturin removed a project from T3623: Fix for dummy interface option in the operational command "clear interfaces dummy": VyOS 1.3 Equuleus.
Sep 10 2021, 2:38 PM · VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3349: Ethernet: "disable" flag is not honored after a reboot for VIF interfaces: VyOS 1.3 Equuleus.
Sep 10 2021, 2:38 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
ernstjo added a comment to T3818: BGP export route-map only works after bgpd restart.

Yes, sure. Here the whole configure (subnets, ips and asns replaced with xxx):

Sep 10 2021, 2:06 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Sep 10 2021, 1:37 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Sep 10 2021, 12:55 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po claimed T3818: BGP export route-map only works after bgpd restart.
Sep 10 2021, 12:25 PM · VyOS 1.4 Sagitta
c-po added a comment to T3818: BGP export route-map only works after bgpd restart.

Can you please share your entire config and what to type to reproduce it? Happy to have a look later on.

Sep 10 2021, 12:24 PM · VyOS 1.4 Sagitta
ernstjo added a comment to T3818: BGP export route-map only works after bgpd restart.

Tried with latest version, issue still exist. I have that issue since July, some update broke export roue-maps. I have that error message "The route-map 'xxx' does not exist." since then.

Sep 10 2021, 11:46 AM · VyOS 1.4 Sagitta
c-po added a comment to T3818: BGP export route-map only works after bgpd restart.

Can you please retrst with the latest 1.4? the was a bug related to route-maps in bgpd

Sep 10 2021, 11:02 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3818: BGP export route-map only works after bgpd restart.
Sep 10 2021, 10:00 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T2738: Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization.

Not reproducible in 1.2.8

Sep 10 2021, 9:32 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0-epa1)
c-po changed Issue type from feature to upgrade on T3819: Upgrade Salt Stack 3002.3 -> 3003 release train.
Sep 10 2021, 8:51 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po moved T3819: Upgrade Salt Stack 3002.3 -> 3003 release train from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Sep 10 2021, 8:48 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po closed T3819: Upgrade Salt Stack 3002.3 -> 3003 release train as Resolved.
Sep 10 2021, 8:48 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po moved T3819: Upgrade Salt Stack 3002.3 -> 3003 release train from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
Sep 10 2021, 8:48 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po moved T3819: Upgrade Salt Stack 3002.3 -> 3003 release train from Need Triage to 1.3.0-epa1 on the VyOS 1.3 Equuleus board.
Sep 10 2021, 8:48 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po added a project to T3819: Upgrade Salt Stack 3002.3 -> 3003 release train: VyOS 1.4 Sagitta.
Sep 10 2021, 8:13 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
ernstjo created T3818: BGP export route-map only works after bgpd restart.
Sep 10 2021, 7:54 AM · VyOS 1.4 Sagitta
amxj9 added a comment to T3805: OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface.

Change works as expected for me. Thank you!

Sep 10 2021, 7:51 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
Viacheslav added a project to T2738: Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization: VyOS 1.4 Sagitta.
Sep 10 2021, 7:20 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0-epa1)
c-po added a comment to T915: MPLS Support.

Setting this to resolved as implementation is almost complete. Please file individual tasks for bugs so we can properly track them in the 1.3 release cycle.

Sep 10 2021, 6:57 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
c-po closed T915: MPLS Support as Resolved.
Sep 10 2021, 6:56 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
dmbaturin edited projects for T1083: Implement persistent/random address and port mapping options for NAT rules, added: VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.
Sep 10 2021, 6:32 AM · VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus (1.3.0), test, VyOS 1.4 Sagitta

Sep 9 2021

c-po added a comment to T3812: Vyos and frr route-map config out of sync.

Will be fixed in tomorrows rolling - thanks for reporting this.

Sep 9 2021, 3:33 PM · VyOS 1.4 Sagitta
c-po closed T3812: Vyos and frr route-map config out of sync as Resolved.
Sep 9 2021, 3:31 PM · VyOS 1.4 Sagitta
Viacheslav renamed T3810: webproxy squidguard rules don't work properly after rewriting to python. from webproxy squidguard rules doesn't work properly to webproxy squidguard rules don't work properly after rewriting to python. .
Sep 9 2021, 3:10 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
c-po changed the status of T3812: Vyos and frr route-map config out of sync from Open to Confirmed.
Sep 9 2021, 3:09 PM · VyOS 1.4 Sagitta