The thing is that adding this as op-mode only doesnt really solve anything.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Today
Also NAT-rules are in the need of a resequence feature in the config-mode:
I dont think this is resolved.
When/If doing so it would be great if the docs would suggest for alternative methods to achieve the same thing.
Yesterday
It can be handy to have the option to have it disabled (or you can just in bash-mode do "apt-get remove intel-microcode --purge" if you dont want it after install) but it should be enabled by default due to security reasons.
Wed, May 8
Tue, May 7
Shouldnt this be adjusted in more files and places?
Sun, May 5
@peter, did you try various offloading settings for the NIC being used with reboots in between?
Sat, May 4
NETNS was removed from the 1.4 series the other day so hopefully that feature can be worked on for 1.5 since its needed:
Wed, May 1
For added service when typing just:
You would still be limited to not be able to use " as part of your password.
Tue, Apr 30
Sun, Apr 28
Sat, Apr 27
Probably related: https://vyos.dev/T5388
Fri, Apr 26
Perhaps those changes should be within the firewall context?
Thu, Apr 25
Im thinking since sysctl can be changed after the system have completed its boot shouldnt the "system sysctl" be runned among the last tasks according to "/usr/libexec/vyos/priority.py", which would also fix this issue ?
Note that "base_reachable_time_ms" is still valid while "base_reachable_time" is obsolete.
Wed, Apr 24
I sent a question to ISC regarding https://www.isc.org/blogs/dhcp-client-relay-eom/ and:
Tue, Apr 23
I have asked the OP @canoziia to provide such in the forum.
I can only refer to whats unfolded on the forum at https://forum.vyos.io/t/how-to-set-net-ipv6-neigh-etha-b-base-reachable-time-in-vyos/14304
Mon, Apr 22
Sun, Apr 21
Perhaps Im missing something here but where is Option82 information included (injected into the DCHP-request reaching the DHCP-server)?
Sat, Apr 20
Here is a post from an OPNsense forum administrator in august 2023 (dunno if the below is still valid for OPNsense):
When evaluating proper replacement (other than choosing the best one for the task) another thing to consider is, if possible, to select something that not everybody else uses in terms of if/when a vuln is found in that softrware then not ALL vendors are affected at once.
Thu, Apr 18
It would be handy if the GARP announcement wouldnt be a separate list but rather picked up from any DNAT or SNAT rules.
Probably related:
Sun, Apr 14
How is this supposed to work?
Will a migrationsscript be included so that users who used the default of:
Will a migrationsscript be included so that users who used the default of:
Sat, Apr 13
You can do the QoS priority on the VyOS by matching the traffic based on VLAN ID and then set the DSCP (TOS) using "set-dscp" according to the manuals below:
You mean you want QoS based on VLAN which is named 802.1p ?
Thu, Apr 11
Wed, Apr 10
In T6221#182954, @fetzerms wrote:I only created a vrf (but did not assign it to anything else). Is that intend to break connectivity?
Apr 10 2024
Thats common with other vendors aswell.
Removed assignee for now in case somebody else wants to fix this?
Removed assignee for now in case somebody else wants to fix this?
Removed assignee for now in case somebody else wants to fix this?
Removed assignee for now in case somebody else wants to fix this?
Apr 1 2024
Personally I dont think its a good idea to be able to use VyOS as a jumphost towards victims of scanning.
Mar 30 2024
I think the wrapping should be left for the output to select since you can either be in a regular serialconsole of 80x25 or some highresmode which brings more characters per line or even through SSH with a 4k monitor which will be plenty of lines.
Since descriptions can be very long I assume there will be a linewrap at the end?
Mar 25 2024
Sure but if the function "port auto-power-down" is mapped to the ethtool function of disabling EEE then it should be safe?
Mar 24 2024
Reopened with status "Known issue" due to revert by PR 3177.
To clearify:
Mar 23 2024
In T6162#180827, @ErnyTech wrote:In T6162#180826, @Apachez wrote:Wouldnt it be better if the same commit goes to Intel to be included with the out-of-tree driver which generally have better featuresupport than the in-tree driver which seems to be somewhat crippled?
That is that this commit goes into upstream to both Linux kernel and Intel out-of-tree driver (in case the later is missing this support)?
This is up to Intel as far as I know
Wouldnt it be better if the same commit goes to Intel to be included with the out-of-tree driver which generally have better featuresupport than the in-tree driver which seems to be somewhat crippled?
Mar 22 2024
Wouldnt PPPoE always assign IP dynamically?
Comparing to other vendors setting the password either in cleartext or as a salted hash (where when saved in config file its always saved as a salted hash - but it will accept a cleartext edition too if you wish that for whatever reason) through the CLI is the standard in NOS.
Also since dynamic and not static IP is being used it would be handy if the DHCP exchange can be captured using tcpdump and do this both on the 1.3 where this works and on 1.4/1.5 where this doesnt work.
Mar 15 2024
Proper would be to throw out chrony and use ntpsec instead which supports proper filtering.
There do already exists tasks regarding commit and boot times such as: https://vyos.dev/T5388
Mar 14 2024
I wouldnt call 1m37s of commit time for a single line of configchange as "resolved"...
Also probably related: https://forum.vyos.io/t/long-commit-time-for-multiple-vrfs/14053
Is this related to the long commit and boot times when one have more than a handful routes or firewall rules as described in https://vyos.dev/T5388 ?
Mar 7 2024
1.3.3 and rolling from 2020?
While at it, whats the configured response time in nginx?
Mar 6 2024
Is "\" really a valid path for bootfile?
Mar 4 2024
PR created: https://github.com/vyos/vyos-1x/pull/3085
Mar 2 2024
Instead of that sysrq stuff, how does it work if you try these 3 tests?
Mar 1 2024
If the peer reconnects after the first disconnect - does the local VTI interface go "UP" again?
Feb 27 2024
How do one re-open? :-)
Similar task(s):
While at it having a description for a firewall rule within the firewall itself thats longer than 256 is just "wrong" IMHO aka "you are doing it wrong".
Feb 26 2024
In T5619#177706, @ErnyTech wrote:Unfortunately I haven't seen this before, for me this choice of using the out-of-tree driver is extremely wrong!
Most of the community's development is done on the mainline kernel driver (where among other things I'm working on sending patches to improve the ixgbe driver), if there are issues in the mainline driver they should be reported or resolved with a patch to be applied in vyos downstream and then send it to the Intel-wired-lan mailing list.
Please @samip537 can you tell me in a short list what exactly problems you encounter with the mainline Linux driver?
Feb 24 2024
Adding https://forum.vyos.io/t/quick-and-dirty-benchmark-of-cores-vs-mhz/13831/ for reference which also concludes that something is off with the commit and boot times of VyOS.
Feb 19 2024
Its mainly a headsup for maintainers to go through the report and fix whats possible.
Feb 3 2024
Its not clear if its fixed or not:
Jan 28 2024
Jan 27 2024
Same as with https://vyos.dev/T5619.
Jan 23 2024
Related?
Jan 20 2024
Again, notifing upstream (or downstream) is not only about VRRP.
GARP is needed for VRRP but the GARP setting is also needed when doing NAT.
Logrotate just renames the logs so that doesnt bring many writes.
Jan 18 2024
set firewall auto-ruleset ssh-server enable set firewall auto-ruleset ssh-server interface 'eth7 eth8'
Jan 17 2024
Personally I would prefer that the "automagic" firewall ruleset would be done optionally through method described in:
Jan 16 2024
Another good thing is that any logging can be done without spoling the user/pass which otherwise is the case with todays oneliner approach.
Jan 10 2024
Could for example be that set system options logtoram enables the feature while set system options logtoram size 32M sets the desired size where the default is 32M or whatever would be needed as a sane minimum.
Jan 9 2024
On the other hand I would expect someone aka the admin who will configure an enterprise firewall such as VyOS could be called to have at least SOME basic knowledge and also some interest to read the documentation on how to configure the firewall.
Jan 7 2024
How come partprobe fails but not partx?
Jan 6 2024
Having support for vhost is handy when you dont want just to blindly share a single documentroot but have the ability to use multiple at a single host.
Jan 5 2024
Hopefully this can be resolved for VyOS 2.0 in the future...
Hopefully this can be resolved for VyOS 2.0 in the future...
Jan 4 2024
set system options logtoram
Jan 1 2024
Yes but "2602:fcad:2:fffe:5054:ff" is a valid host in your case?
Dec 31 2023
You mean that for SRC_IP you expect it to be "2602:fcad:2:fffe:5054:ff" and not "14d:63f:2602:fcad:2:fffe:5054:ff" ?
Related to the list provided in https://vyos.dev/T5706 ?
Dec 27 2023
Instead of "TEST-NET-X" and "TEST-IP-X" it could use "REPLACED-NET-X" and "REPLACED-IP-X" or such (where X defines the unique item thats being replaced).
Dec 25 2023
I think its a bit odd to completely disable EEE where the solution would be to disable EEE by default but having the config option to adjust for EEE if wanted.
Dec 20 2023
Also while at it, the smoketests regarding UPnP should probably be updated by this task aswell since they claim everything is OK:
Dec 13 2023
Wouldnt this rather be a task for secure60 to add compatability to parse and understand snmp and syslog received from a VyOS device?
Dec 12 2023
"hw-id" should define which physical interface is mapped to which ethX VyOS interface.