The old implementation used this script and https://github.com/vyos/vyatta-conntrack/blob/current/src/vyatta-conntrack-logging.c for the logging and it seems not impelemted for the current
At least there is not mention of the log
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Apr 18 2024
Apr 18 2024
Viacheslav removed a project from T5153: OpenConnect route restriction via iptables is ignored: VyOS 1.4 Sagitta.
Viacheslav changed the status of T6221: Enabling VRF breaks connectivity from Open to Needs testing.
Viacheslav added a project to T5471: Conntrack logging doesnt seem to be working: VyOS 1.5 Circinus.
Without subtasks, it is going to be dead.
@Apachez It is not clear what you want to fix exactly. Fix all and do all working well could be related to any task.
Viacheslav edited projects for T5673: Enable `CONFIG_DEBUG_INFO_DWARF5` and `CONFIG_DEBUG_INFO_BTF` in the Linux kernel, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav edited projects for T5737: Eigrp #11301 - Configuration failed error type: validation, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav closed T5755: Running set pki ca NAME certificate with a name with spaces breaks the config as Resolved N/A.
Not reproduced on VyOS 1.5-rolling-202404141045
vyos@r-left# set pki ca "my test ca name" certificate 'MIIDnTCCAoWgAwIBAgIUFvyB2rY0V1V6AaIpPWHCftGRwN8wDQYJKoZIhvcNAQELBQAwVzELMAkGA0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yNDA0MTgxMTM3MzZaFw0yOTA0MzZaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggEiMA0GCQEBAQUAA4IBDwAwggEKAoIBAQCKEVxs7gdzmnN4iMinvXN1vdGaT+v3TOnHSXbBkWHnt9YdWmo8UoqFpVqyVM3E8xmoT+3HOXJeWkKArEpMkGo93kWaGo0f25KGEFWbS2ttgNA9cqH9PGa42XTKyTY+5ZoIWaQQzNNiUSaIoslRrMSV4V2yQs90ECxR37ezlV2RAIHEhZ6mizUkMkuSmdjqRolh2tpF1MoisyhspFPXBC6lJ8d0jFZEi1tP3tlQjqVEWPjTvtddy34iOLFeUjBF5cOwfmpVLzWBVLbIxJr5ZHamGeQIabn36Jg1u0+/6p7hb8avqBW4dT0K8UykWVqgjQ4W4rM7AgMBAAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUxEx+IVaoLb7M/SW9AkCVRaXCNTUwDQYJKoZIhvcNAQELBQADggEBAGjV6WiH4Z+hfdANG8oWgY0xsHmUZg8dCjwqO5GMwjBVIuu8GuoZu0JobtLa097behWcgCkwjvKBffuwCu542WbFkxdXzBLZjSAc+K3itegZIuy4jqRO5z6Q0IbPSaFUhR4HhfwejwlyXgjNCFzEMzwoDL2/3PXjWyilkqthYyFcx092tgwiXtnfO9z9Xm/YQHQmRG2VWzLEwucOhV698xnqFgRJk3uKqcDN9KjF+5v32OQ0eis7GHn1aJim5aUee1nnCRFdQO0llNJRwF6fIaICzKLwa7zzMjF7HhRehh5kpwY8omcQX7xYz7GJag4='
Viacheslav edited projects for T5756: L2TP RADIUS backup and weight settings, added: Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav removed projects from T5761: Allow PPPoE interface to be assigned IPv6 address via DHCPv6: VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta.
@dotAndy Is it still relevant?
Can you create a PR?
Viacheslav edited projects for T5810: Add support for RPKI source ip, added: VyOS 1.5 Circinus, Restricted Project; removed VyOS 1.4 Sagitta.
Viacheslav placed T2003: BGP FQDN capability has improper hostname after new image install up for grabs.
Viacheslav changed the status of T1790: OSPF Exchanged Routes marked as invalid when run through a GRE PTMP/PTP OSPF between peers from Open to Needs reporter action.
@SquirePug re-check please with the latest rolling image.
Viacheslav reopened T2003: BGP FQDN capability has improper hostname after new image install as "Needs reporter action".
Viacheslav closed T2003: BGP FQDN capability has improper hostname after new image install as Resolved.
@jmaslak can you check the latest rolling image?
Viacheslav changed the status of T2616: BFD Configuration causes flapping from Needs testing to Needs reporter action.
@kroy can you re-test this case?
Viacheslav added a project to T3393: IPoE does not assign IPv6 PD or WAN address: VyOS 1.5 Circinus.
Viacheslav lowered the priority of T5169: Add CGNAT Carrier-Grade NAT based on nftables from High to Normal.
In T6247#184232, @jmoore wrote:. We need the feature regardless of the state of the repository.
Apr 17 2024
Apr 17 2024
Viacheslav removed a project from T6247: Add CGN "full cone" EIF support per RFC6888 REQ-7: VyOS 1.4 Sagitta.
We do not use iptables and their modules for new features.
Feel free to add PR for nftables or if you know which commands should be for nftables
Viacheslav changed the status of T6246: Add support for server health checks to reverse proxy from Open to In progress.
Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.
It is not related to VRF at all and is related to the policy routing logic:
Reproduced even on 1.3.2
set interfaces ethernet eth1 address '192.168.122.14/24'
Viacheslav triaged T6237: IPSec remote access VPN: ability to set EAP ID of clients as Wishlist priority.
Apr 16 2024
Apr 16 2024
Viacheslav changed the status of T6242: Add an option to disable certificate verification to reverse proxy from Open to Needs testing.
Viacheslav changed the status of T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from In progress to Needs testing.
Viacheslav changed the status of T6123: Limit NTP allow-client config to internal addresses by default from Open to Needs testing.
Viacheslav changed the status of T4915: Minisign verification failure == pass?? from Needs testing to Needs reporter action.
We'll close it if no response
Viacheslav edited projects for T4982: OpenConnect should have TLS 1.0 and TLS 1.1 disabled by default, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.0-epa3), Restricted Project.
Viacheslav closed T5946: TASK [setup-root-partition : Create a fileystem on EFI partition] failing in Docker as Wontfix.
A docker container usually has issues with loop devices:
Use the VM or attach dev
Apr 15 2024
Apr 15 2024
Viacheslav changed the status of T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from Open to In progress.
Viacheslav added a comment to T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
PR https://github.com/vyos/vyos-1x/pull/3313
Add onlink option
set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10
Viacheslav triaged T6242: Add an option to disable certificate verification to reverse proxy as Wishlist priority.
Viacheslav added a comment to T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network.
It is more of a feature request than a bug due to specific kernel routes.
Feature to add onlink option
Viacheslav renamed T5722: Commit failure when trying to add a route in failover if the gateway is not in the same interface network from Failing to add route in failover to Failing to add route in failover if gateway not in the same interface network.
Viacheslav changed the status of T5734: Unhandled exception when trying to configure OpenVPN server without dh-params from Confirmed to In progress.
Read the documentation for the 1.5
The same task https://vyos.dev/T3861
Apr 14 2024
Apr 14 2024
Viacheslav changed the status of T6099: Suppress unsupported interfaces from appearing in messages log by Telegraf from Open to Needs reporter action.
Viacheslav added a comment to T6099: Suppress unsupported interfaces from appearing in messages log by Telegraf .
I don't see those logs:
set service monitoring telegraf influxdb authentication organization 'vyos' set service monitoring telegraf influxdb authentication token 'lxxx=' set service monitoring telegraf influxdb bucket 'vyos' set service monitoring telegraf influxdb url 'http://192.168.122.14'
Viacheslav reassigned T6210: Support configuring sys-nice capability for containers from Viacheslav to theflakes.
Viacheslav edited projects for T3968: Add network type ptp (veth) for containers, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav added a comment to T5986: Container: Error on commit when environment variable value contains \n line break.
The dictionaries process the \n different way
environment.POSTGRES_HOST_AUTH_METHOD.value.
1.5
vyos@r4# commit
[ container ]
{'container_remove': ['c1', 'c2'],
'name': {'test-postgres-master': {'allow_host_networks': {},
'command': 'postgres -c wal_level=replica '
'-c hot_standby=on -c '
'max_wal_senders=10 -c '
'max_replication_slots=10 -c '
'hot_standby_feedback=on',
'environment': {'POSTGRES_HOST_AUTH_METHOD': {'value': 'scram-sha-256\\nhost '
'replication '
'all '
'0.0.0.0/0 '
'md5'},
'POSTGRES_PASSWORD': {'value': 'password'}},
'image': 'postgres:14-alpine',
'memory': '512',
'restart': 'always',
'shared_memory': '64'}},
'network': {'NET01': {'prefix': ['10.0.0.0/24']}},
'registry': {'docker.io': {}, 'quay.io': {}}}Viacheslav added a comment to T5986: Container: Error on commit when environment variable value contains \n line break.
Diff
check --env "POSTGRES_HOST_AUTH_METHOD=. options
1.5
vyos@r4# cat /run/systemd/system/vyos-container-test-postgres-master.service | grep ExecStart -A2
ExecStartPre=/bin/rm -f %t/%n.pid %t/%n.cid
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%n.pid --cidfile %t/%n.cid --cgroups=no-conmon \
--detach --interactive --tty --replace --memory 512m --shm-size 64m --memory-swap 0 --restart always --name test-postgres-master --env "POSTGRES_HOST_AUTH_METHOD=scram-sha-256\nhost replication all 0.0.0.0/0 md5" --env "POSTGRES_PASSWORD=password" --net host postgres:14-alpine postgres -c wal_level=replica -c hot_standby=on -c max_wal_senders=10 -c max_replication_slots=10 -c hot_standby_feedback=onViacheslav removed a project from T5986: Container: Error on commit when environment variable value contains \n line break: VyOS 1.5 Circinus.
Try the latest version
vyos@r4# set container name test-postgres-master environment POSTGRES_HOST_AUTH_METHOD value 'scram-sha-256\nhost replication all 0.0.0.0/0 md5' [edit] vyos@r4# commit [edit] vyos@r4# run show container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 75a7fb610b57 localhost/gobgp-new:1 3 weeks ago Created new fdb74e9700e5 docker.io/library/alpine:3.19 /bin/sh 47 minutes ago Up 47 minutes c1 c05806fdb92c docker.io/library/busybox:latest sh 39 minutes ago Up 39 minutes c2 1b5fc3d4a07b docker.io/library/postgres:14-alpine postgres -c wal_l... 24 seconds ago Up 25 seconds test-postgres-master [edit] vyos@r4# run show ver Version: VyOS 1.5-rolling-202404140022 Release train: current
Viacheslav lowered the priority of T6233: Container configurations on VyOS 1.5 prevent containers from starting from Urgent! to Normal.
Viacheslav added a comment to T6233: Container configurations on VyOS 1.5 prevent containers from starting.
Did you try another image (not hello-world)?
Tested on VyOS 1.5-rolling-202404140022
Viacheslav added a comment to T6239: Would it be possible to implement an additional command/parameter to configure the vlan priority 0-7 on vif or vif-c+vif-s.
Does it work?
vyos@r4:~$ sudo cat /proc/net/vlan/eth2.100.200
eth2.100.200 VID: 200 REORDER_HDR: 1 dev->priv_flags: 81121
total frames received 0
total bytes received 0
Broadcast/Multicast Rcvd 0Apr 13 2024
Apr 13 2024
Viacheslav closed T6238: vyos-build Check pull request title requires the python script as Resolved.
Viacheslav added a comment to T6238: vyos-build Check pull request title requires the python script.
Apr 12 2024
Apr 12 2024
Close it as we have nftables flowtable fastpath which works pretty good.
Reopen if required or if you have other ideas.
Thanks
Viacheslav closed T6218: Container network interface in VRF fails to generate IPv6 link-local address as Resolved.
Looks working
Viacheslav changed the subtype of T260: Redirect traffict between two L3 interfaces from "Task" to "Bug".
Viacheslav changed the subtype of T5657: Add VRF support for zabbix-agent from "Task" to "Feature Request".
Already implemented
vyos@r4# set interfaces macsec macsec0 security static Possible completions: key MACsec static key +> peer MACsec peer name
Viacheslav changed the subtype of T6072: https api cors allow-origin not applied from "Bug" to "Feature Request".
Viacheslav updated subscribers of T6082: BGP doesn't allow the same local AS and remote AS in peer groups.
@cuongdt1994 could you add an example of integration and configuration?
Viacheslav added a comment to T6099: Suppress unsupported interfaces from appearing in messages log by Telegraf .
@Giggum yes you can choose which image will be booted
vyos@r4:~$ set system image default-boot The following images are available: 1: 1.5-rolling-202404120636 (running) (default boot) 2: 1.5-rolling-202404090019 Select an image to set as default:
Viacheslav edited projects for T6099: Suppress unsupported interfaces from appearing in messages log by Telegraf , added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav removed a project from T2818: Add the possibility to passthrough LLDP, LACP, etc.: VyOS 1.4 Sagitta.
The kernel still does not support it without patches
root@r4:/home/vyos# echo "65535" | tee /sys/class/net/br2/bridge/group_fwd_mask 65535 tee: /sys/class/net/br2/bridge/group_fwd_mask: Invalid argument root@r4:/home/vyos#
@tjh Do you still need this package? As it was relevant for ipset/iptables
iprange/stable 1.0.4+ds-2 amd64 optimizing ipsets for iptables
Viacheslav edited projects for T2942: traffic-policy does not classify by VLAN, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta, vyatta-cfg-qos.
Viacheslav removed a project from T3071: Display VLAN mode information on the network interface: VyOS 1.4 Sagitta.
Viacheslav edited projects for T6002: When using git as config-management commit-archive, comment is not used as commit message, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Viacheslav edited projects for T6040: Implement a firewall blacklisting solution, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
@m.korobeinikov It could be a part of the existing op-mode generate interfaces debug-archive
Can you extend this script to include the required options and create a PR?
Viacheslav removed a project from T6226: Add "tcp-requece inspect-delay" to reverse proxy: VyOS 1.4 Sagitta.
Closes it as wontfix
Note "Note that RFC 1701 is mentioned in MikroTik's docs but there is nothing in common between the standard and the actual protocol used."