May be an upstream bug, possible fixed in https://github.com/acassen/keepalived/commit/2f1024d382783742df0e5c3dd705596f958b77b5
and https://github.com/acassen/keepalived/commit/5681838ac21de25b935632c5ec41569f79b48c19
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Oct 21 2021
Oct 21 2021
Oct 20 2021
Oct 20 2021
Viacheslav moved T3918: DHCPv6 prefix delegation incorrect verify error from Need Triage to Finished on the VyOS 1.4 Sagitta board.
To disable shared-network at least one shared network should be working. The second can be disabled without issues.
Viacheslav changed the status of T3918: DHCPv6 prefix delegation incorrect verify error from Open to In progress.
Oct 19 2021
Oct 19 2021
Viacheslav changed the status of T3916: Add additional Linux capabilities to container configuration, a subtask of T3676: Container option to add Linux capabilities, from Open to In progress.
Viacheslav changed the status of T3916: Add additional Linux capabilities to container configuration from Open to In progress.
An interesting thing that I get the error with that configuration:
Viacheslav updated the task description for T3914: VRRP rfc3768-compatibility doesn't work with unicast peers.
Viacheslav updated the task description for T3914: VRRP rfc3768-compatibility doesn't work with unicast peers.
Viacheslav added a comment to T3771: DHCPv6 server prefix delegation - dynamically add route to delegated prefix via requesting router.
As an option it is possible this workaround:
Install tshark and use this script https://george.mibloving.net/nivex/d6rm/raw/commit/701d49cce3a308aed0c3d89d47be7601178ea4c4/d6rm.py
All subnets that share the same physical network should be declared within a shared-network declaration
Oct 18 22:24:01 r1-roll dhcpd[4985]: Interface eth2 matches multiple shared networks
Oct 18 2021
Oct 18 2021
@mickvav You can use ". Can you re-check it?
Tested on node VyOS 1.4-rolling-202110130217
Oct 17 2021
Oct 17 2021
Viacheslav added a comment to T3895: VYOS firewall rules do not adhere to time schedule unless placed in UTC mode..
As I know, iptables works only in UTC time. And any workaround with recalculate Datetime will be affected incorrect behavior.
As for me we shouldn’t allow to downgrade images. So there are no “downgrade migration scripts”. Each downgrade - good point to get a brick.
At least we should generate a warning.
Viacheslav added a comment to T3396: syslog can't be configured with an ipv6 literal destination in 1.2.x.
PR for "crux": https://github.com/vyos/vyos-1x/pull/1029
Oct 15 2021
Oct 15 2021
Viacheslav closed T3613: Selectors for route-based IPsec tunnel (vti), a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Viacheslav changed the status of T3832: Allow to set DHCP client-id in hexadecimal format from In progress to Needs testing.
Viacheslav moved T3676: Container option to add Linux capabilities from Need Triage to Finished on the VyOS 1.4 Sagitta board.
@artooro Will be available in the next rolling release
Let us know, if you want some other capabilities
Viacheslav changed the status of T3676: Container option to add Linux capabilities from Open to In progress.
Viacheslav moved T3692: VyOS build failing due to repo.saltstack.com from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved T3693: ISIS Route redistribution ipv6 support missing from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Maybe be added to gether with T1229
Viacheslav moved T3702: Policy: Allow routing by fwmark from Need Triage to Finished on the VyOS 1.4 Sagitta board.
@maznu Can you create a PR?
Initial bug was Fixed, VyOS 1.4-rolling-202110130217
vyos@r1-roll# compare
[edit container]
+name dns02 {
+ image ubuntu:focal
+ network dnsnet {
+ address 10.0.72.253
+ }
+}
+network dnsnet {
+ prefix 10.0.72.0/24
+}
-network net01 {
- prefix 10.0.72.0/24
-}Oct 14 2021
Oct 14 2021
Viacheslav added a comment to T3801: containers: do not use podman CLI to create container networks.
@c-po Is it already implemented with commit https://github.com/vyos/vyos-1x/commit/ae2dc55aa68679e828d4bb133fc515172c081d0f ?
Fixed, VyOS 1.4-rolling-202110130217
vyos@r1-roll:~$ show nat source rules Rule Source Translation Outbound Interface ---- ------ ----------- ------------------ 3 192.168.0.0/24 masquerade eth0
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Viacheslav updated the task description for T3810: webproxy squidguard rules don't work properly after rewriting to python. .
As for me, it should be configured in the global firewall log level, not per rule.
set firewall log-level x
Viacheslav changed the status of T3832: Allow to set DHCP client-id in hexadecimal format from Open to In progress.
Viacheslav reassigned T3865: loadkey command help text missing escape sequence from Viacheslav to chaya2z.
Viacheslav changed the status of T3865: loadkey command help text missing escape sequence from Open to In progress.
Viacheslav moved T3763: wireguard checks if port already binding from Need Triage to Finished on the VyOS 1.4 Sagitta board.
The real bug is it shouldn't allow port-range values as it is not implemented.
Or just add this feature T2798
Oct 12 2021
Oct 12 2021
Viacheslav moved T3868: Regex and/or wildcard not accepted with large-community-list from Need Triage to Finished on the VyOS 1.4 Sagitta board.
@foxbox Will be fixed in the next rolling release.
Viacheslav changed the status of T3868: Regex and/or wildcard not accepted with large-community-list from Open to In progress.
Viacheslav moved T3881: Wrong description for container section restart from Need Triage to Finished on the VyOS 1.4 Sagitta board.
@BiMW Can you re-check it?
Viacheslav closed T3701: ipoe server fails to start when configuring radius dynamic-author on ipoe as Resolved.
Not reproducible, VyOS 1.4-rolling-202109300217
set service ipoe-server authentication radius dynamic-author key 'ssss' set service ipoe-server authentication radius dynamic-author server '192.168.122.11' set service ipoe-server authentication radius nas-ip-address '192.168.122.11' set service ipoe-server authentication radius server 192.168.122.11 key 'ciscoradiuskey' set service ipoe-server interface eth1 client-subnet '192.0.2.0/24'
Viacheslav added a comment to T3902: Firewall does not load on boot, address-group not found, even though it exists.
@FileGo Can you replace double-quotes with single-quotes?
Viacheslav closed T3216: Removal of restricted-shell broke configure mode for RADIUS users, a subtask of T671: Identify and remove dead code, as Resolved.
Viacheslav closed T3216: Removal of restricted-shell broke configure mode for RADIUS users as Resolved.
Fixed
sever@sever:~$ ssh [email protected]
Viacheslav added a project to T3896: Extend ocserv support to allow for per-group configs: VyOS 1.4 Sagitta.
Oct 11 2021
Oct 11 2021
Viacheslav closed T2607: Support for pppoe-server radius mode auth and config radius accouting port as Resolved.
Present in 1.4 and 1.3.0-epa1
set service pppoe-server authentication radius server 192.0.2.1 acct-port Possible completions: <1-65535> Numeric IP port (default: 1813)
@c-po in 1.3.0-epa1 works fine.
Re-opened, the same bug in VyOS 1.4-rolling-202109300217
sever@sever:~/docker$ ssh [email protected]
@SquirePug Can you share more details, which templates and parameters did you edit?
Oct 8 2021
Oct 8 2021
Viacheslav changed the subtype of T3897: Dynamic DNS doesn't work with IPv6 addresses from "Bug" to "Feature Request".
Viacheslav renamed T3897: Dynamic DNS doesn't work with IPv6 addresses from Dynamic DNS doesn't work with IPv6 addresses bug. to Dynamic DNS doesn't work with IPv6 addresses.
Viacheslav changed the status of T3892: BGP Route Reflects to all neighbors when one neighbor has route-reflect-client from Open to Needs testing.
@RyVolodya can you check a new image and close this task if it was fixed?
Oct 7 2021
Oct 7 2021
Viacheslav added a comment to T3892: BGP Route Reflects to all neighbors when one neighbor has route-reflect-client.
@francis It is not clear. Can you provide an example of configuration? What do you get and what do you expect?
Oct 5 2021
Oct 5 2021
Oct 4 2021
Oct 4 2021
The same bug described there T2845
Not sure why we should check the primary ip address, but to fix it possible to change:
if is_subnet_connected(subnet, primary=False)
It was described there T3610 and requires more tests.
Oct 1 2021
Oct 1 2021
Sep 30 2021
Sep 30 2021
Sep 29 2021
Sep 29 2021
Viacheslav changed the subtype of T3873: Zone based Firewall - Filter traffic in same zone from "Task" to "Feature Request".
Sep 28 2021
Sep 28 2021
Viacheslav closed T3853: nat66 rules gets deleted on reboot in 1.4-rolling-202109240217 as Resolved.
Sep 27 2021
Sep 27 2021
Viacheslav changed the status of T690: Allow OpenVPN servers to push routes with custom metric values from Open to Needs testing.
Viacheslav changed the status of T3853: nat66 rules gets deleted on reboot in 1.4-rolling-202109240217 from Confirmed to Needs testing.
@danielpo Will be fixed in the next rolling release.
Viacheslav added a comment to T3853: nat66 rules gets deleted on reboot in 1.4-rolling-202109240217.
PR https://github.com/vyos/vyos-1x/pull/1016
Change priority for nat66
Not all clients support the gateway option (get issues in mac and windows):
Mac
tun_prop_route_error: route destinations other than vpn_gateway or net_gateway are not supported
set interfaces openvpn vtun20 openvpn-option '--push dhcp-option DNS 203.0.113.1'
generated config:
--push dhcp-option DNS 203.0.113.1
expected configuration:
push dhcp-option "DNS 203.0.113.1"