The old implementation used this script and https://github.com/vyos/vyatta-conntrack/blob/current/src/vyatta-conntrack-logging.c for the logging and it seems not impelemted for the current
At least there is not mention of the log
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Apr 18 2024
Without subtasks, it is going to be dead.
@Apachez It is not clear what you want to fix exactly. Fix all and do all working well could be related to any task.
Not reproduced on VyOS 1.5-rolling-202404141045
vyos@r-left# set pki ca "my test ca name" certificate 'MIIDnTCCAoWgAwIBAgIUFvyB2rY0V1V6AaIpPWHCftGRwN8wDQYJKoZIhvcNAQELBQAwVzELMAkGA0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yNDA0MTgxMTM3MzZaFw0yOTA0MzZaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggEiMA0GCQEBAQUAA4IBDwAwggEKAoIBAQCKEVxs7gdzmnN4iMinvXN1vdGaT+v3TOnHSXbBkWHnt9YdWmo8UoqFpVqyVM3E8xmoT+3HOXJeWkKArEpMkGo93kWaGo0f25KGEFWbS2ttgNA9cqH9PGa42XTKyTY+5ZoIWaQQzNNiUSaIoslRrMSV4V2yQs90ECxR37ezlV2RAIHEhZ6mizUkMkuSmdjqRolh2tpF1MoisyhspFPXBC6lJ8d0jFZEi1tP3tlQjqVEWPjTvtddy34iOLFeUjBF5cOwfmpVLzWBVLbIxJr5ZHamGeQIabn36Jg1u0+/6p7hb8avqBW4dT0K8UykWVqgjQ4W4rM7AgMBAAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUxEx+IVaoLb7M/SW9AkCVRaXCNTUwDQYJKoZIhvcNAQELBQADggEBAGjV6WiH4Z+hfdANG8oWgY0xsHmUZg8dCjwqO5GMwjBVIuu8GuoZu0JobtLa097behWcgCkwjvKBffuwCu542WbFkxdXzBLZjSAc+K3itegZIuy4jqRO5z6Q0IbPSaFUhR4HhfwejwlyXgjNCFzEMzwoDL2/3PXjWyilkqthYyFcx092tgwiXtnfO9z9Xm/YQHQmRG2VWzLEwucOhV698xnqFgRJk3uKqcDN9KjF+5v32OQ0eis7GHn1aJim5aUee1nnCRFdQO0llNJRwF6fIaICzKLwa7zzMjF7HhRehh5kpwY8omcQX7xYz7GJag4='
@dotAndy Is it still relevant?
Can you create a PR?
@SquirePug re-check please with the latest rolling image.
@jmaslak can you check the latest rolling image?
@kroy can you re-test this case?
In T6247#184232, @jmoore wrote:. We need the feature regardless of the state of the repository.
Apr 17 2024
We do not use iptables and their modules for new features.
Feel free to add PR for nftables or if you know which commands should be for nftables
Needs the original file with OpenVPN addresses/statistics which are parsed /run/openvpn/{interface}.status
Without it, it will be difficult to do something.
It is not related to VRF at all and is related to the policy routing logic:
Reproduced even on 1.3.2
set interfaces ethernet eth1 address '192.168.122.14/24'
Apr 16 2024
We'll close it if no response
A docker container usually has issues with loop devices:
Use the VM or attach dev
Apr 15 2024
PR https://github.com/vyos/vyos-1x/pull/3313
Add onlink option
set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10
It is more of a feature request than a bug due to specific kernel routes.
Feature to add onlink option
Read the documentation for the 1.5
The same task https://vyos.dev/T3861
Apr 14 2024
I don't see those logs:
set service monitoring telegraf influxdb authentication organization 'vyos' set service monitoring telegraf influxdb authentication token 'lxxx=' set service monitoring telegraf influxdb bucket 'vyos' set service monitoring telegraf influxdb url 'http://192.168.122.14'
The dictionaries process the \n different way
environment.POSTGRES_HOST_AUTH_METHOD.value.
1.5
vyos@r4# commit [ container ] {'container_remove': ['c1', 'c2'], 'name': {'test-postgres-master': {'allow_host_networks': {}, 'command': 'postgres -c wal_level=replica ' '-c hot_standby=on -c ' 'max_wal_senders=10 -c ' 'max_replication_slots=10 -c ' 'hot_standby_feedback=on', 'environment': {'POSTGRES_HOST_AUTH_METHOD': {'value': 'scram-sha-256\\nhost ' 'replication ' 'all ' '0.0.0.0/0 ' 'md5'}, 'POSTGRES_PASSWORD': {'value': 'password'}}, 'image': 'postgres:14-alpine', 'memory': '512', 'restart': 'always', 'shared_memory': '64'}}, 'network': {'NET01': {'prefix': ['10.0.0.0/24']}}, 'registry': {'docker.io': {}, 'quay.io': {}}}
Diff
check --env "POSTGRES_HOST_AUTH_METHOD=. options
1.5
vyos@r4# cat /run/systemd/system/vyos-container-test-postgres-master.service | grep ExecStart -A2 ExecStartPre=/bin/rm -f %t/%n.pid %t/%n.cid ExecStart=/usr/bin/podman run \ --conmon-pidfile %t/%n.pid --cidfile %t/%n.cid --cgroups=no-conmon \ --detach --interactive --tty --replace --memory 512m --shm-size 64m --memory-swap 0 --restart always --name test-postgres-master --env "POSTGRES_HOST_AUTH_METHOD=scram-sha-256\nhost replication all 0.0.0.0/0 md5" --env "POSTGRES_PASSWORD=password" --net host postgres:14-alpine postgres -c wal_level=replica -c hot_standby=on -c max_wal_senders=10 -c max_replication_slots=10 -c hot_standby_feedback=on
Try the latest version
vyos@r4# set container name test-postgres-master environment POSTGRES_HOST_AUTH_METHOD value 'scram-sha-256\nhost replication all 0.0.0.0/0 md5' [edit] vyos@r4# commit [edit] vyos@r4# run show container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 75a7fb610b57 localhost/gobgp-new:1 3 weeks ago Created new fdb74e9700e5 docker.io/library/alpine:3.19 /bin/sh 47 minutes ago Up 47 minutes c1 c05806fdb92c docker.io/library/busybox:latest sh 39 minutes ago Up 39 minutes c2 1b5fc3d4a07b docker.io/library/postgres:14-alpine postgres -c wal_l... 24 seconds ago Up 25 seconds test-postgres-master [edit] vyos@r4# run show ver Version: VyOS 1.5-rolling-202404140022 Release train: current
Did you try another image (not hello-world)?
Tested on VyOS 1.5-rolling-202404140022
Does it work?
vyos@r4:~$ sudo cat /proc/net/vlan/eth2.100.200 eth2.100.200 VID: 200 REORDER_HDR: 1 dev->priv_flags: 81121 total frames received 0 total bytes received 0 Broadcast/Multicast Rcvd 0
Apr 13 2024
Apr 12 2024
Close it as we have nftables flowtable fastpath which works pretty good.
Reopen if required or if you have other ideas.
Thanks
Looks working
Already implemented
vyos@r4# set interfaces macsec macsec0 security static Possible completions: key MACsec static key +> peer MACsec peer name
@cuongdt1994 could you add an example of integration and configuration?
@Giggum yes you can choose which image will be booted
vyos@r4:~$ set system image default-boot The following images are available: 1: 1.5-rolling-202404120636 (running) (default boot) 2: 1.5-rolling-202404090019 Select an image to set as default:
The kernel still does not support it without patches
root@r4:/home/vyos# echo "65535" | tee /sys/class/net/br2/bridge/group_fwd_mask 65535 tee: /sys/class/net/br2/bridge/group_fwd_mask: Invalid argument root@r4:/home/vyos#
@tjh Do you still need this package? As it was relevant for ipset/iptables
iprange/stable 1.0.4+ds-2 amd64 optimizing ipsets for iptables
@m.korobeinikov It could be a part of the existing op-mode generate interfaces debug-archive
Can you extend this script to include the required options and create a PR?
Closes it as wontfix
Note "Note that RFC 1701 is mentioned in MikroTik's docs but there is nothing in common between the standard and the actual protocol used."