The new firewall implementation makes this no longer relevant.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Feb 15 2024
Jan 9 2024
Dec 17 2023
Oct 21 2023
Aug 31 2023
Aug 25 2023
Jul 12 2023
Aug 29 2022
Mar 2 2022
In T1019#26665, @runar wrote:Hmm, please enligthen me. Google BBR is a new way to handle congesition instead of the traditional way tcp deals with it. This functionallity needs to be enabled in the end host systems starting the tcp session to have any impact on troughput and congestion control.. as vyos is a router and are not responsible to start tcp sessions on behalf of any end system, what is the benefit of adding this functionallity?
Nov 11 2021
Nov 6 2021
Oct 23 2021
This bug has been raised for 2 years and has not been closed yet. Is it because it has not been resolved?
Sep 29 2021
Sep 10 2021
Aug 31 2021
Jul 29 2021
Jun 20 2021
May 29 2021
Apr 13 2021
Mar 14 2021
Feb 25 2021
Oct 14 2020
Just my thoughts - there are situations where rp_filter is not sufficient, and it was not clear to me how to do this cleanly with the zone firewall, so I ended up hacking a few iptables commands in rc.local instead.
Oct 11 2020
Aug 3 2020
Jul 30 2020
Jul 26 2020
Jul 11 2020
I need to modify the file(/etc/swanctl/swanctl.conf) manually, from emote_ts = dynamic[gre] to remote_ts = 0.0.0.0/0[gre].
I test that issue on 1.2.5. but not work
Jul 2 2020
May 26 2020
You can consider submitting a PR request in a rolling branch that has requested a merge.
May 13 2020
Apr 23 2020
I'm still seeing this in VyOS 1.3-rolling-202004170117
Mar 16 2020
Mar 3 2020
Feb 21 2020
Pull Request: https://github.com/vyos/ppp-upstream/pull/2
Feb 20 2020
I send a pull request to fix it:
Jan 16 2020
We took other steps that allows us to take the image back to a manageable size, and this task lost its immediate relevance.
Jan 12 2020
I think we can close this task.
Nothing like that has happened in the last few months.
Dec 24 2019
This is confusing. While NTP used to work (listen on all interfaces) without any listen-address set, now it doesn't. This means any old config without listen-address set will now have a non-working NTP without any warning. There was no migration script to migrate the old behavior to the new. ntp should have a mandatory listen-address if this new behavior is kept.
Dec 15 2019
Hello!
Please also add "single-session" to
set service pppoe-server ppp-options
Dec 12 2019
Do you know what the outcome of this old task was?
Nov 13 2019
Nov 10 2019
While "interface ignore wildcard" configured, we got:
ntpq -c lpeer remote refid st t when poll reach delay offset jitter ============================================================================== 10.255.0.1 .INIT. 16 u - 64 0 0.000 0.000 0.000
show system ntp allow-clients { address 192.168.100.0/24 } server 10.255.0.1 { prefer }
Oct 28 2019
Oct 27 2019
Oct 22 2019
Sep 27 2019
Yes, this _was_ still a problem but the workaround solves the issue for
me. I've been able to upgrade the 1.1.8 instances to 1.2.3 after adding
this extra interface route.
Sep 16 2019
You are absolutely right. Was a stressful morning sorting this out, thanks for the response.
Yes definitely just ran into this myself. I think i had the opposite problem of OP. I have only ipsec VTI on the router, but whenever a reset vpn ipsec-peer command was run, the peer IP was being added as default route for table 220. Furthermore, this was being respected as the default route for the system (I'm not sure how route priority works with tables, but i'm guessing table 220 has preference over table main?)
Sep 2 2019
Aug 26 2019
Aug 21 2019
@UnicronNL , no need to apply the patch, it is already applied to the codebase. this issue needs to be something else
In T1070#41443, @runar wrote:@UnicronNL could you apply my patch to the codebase?
@UnicronNL could you apply my patch to the codebase?
I an confirm as well this is happening in 1.2.2. Is there anyway to cronjob a restart of the process to re-establish connectivity to the hub as a workaround?
Aug 19 2019
Aug 18 2019
@dmbaturin ok, will address that in the next rewrite
@alkersan Looks good, thanks!
Aug 17 2019
Aug 16 2019
Jul 21 2019
Jul 19 2019
xe-daemon.service is missing, please add it
Jul 12 2019
@bmtauer is this still a problem for you?
Jul 7 2019
that commit should be reworded to have the task id in front.
Jul 6 2019
Jul 1 2019
Hi Guys,
Jun 16 2019
Jun 1 2019
@dmbaturin is there any reason the IPv6 peer-group is under address-family ipv6-unicast and the IPv4 peer-group is not? Seems this one was missed during migration?
May 21 2019
May 14 2019
@syncer @dmbaturin - I'm experiencing this on upgrade from 1.1.8 to 1.2.1, is this expected behaviour that you have to chown it?
Apr 29 2019
Apr 21 2019
Attempt two of the fix, so disregard everything in above attempt.
I want to set this ticket back to "Needs testing" or even "Open", I have downloaded and tested vyos-rolling-2019-04-16 and it seems it is not properly fixed.
Apr 18 2019
Apr 9 2019
This requires fix, since workaround not fully acceptable
Apr 8 2019
Hi all,