In T6258#184876, @canoziia wrote:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Today
Today
Viacheslav moved T5833: Not all AFIs compatible with VRF from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
In T6258#184875, @Viacheslav wrote:This sysctl option is deprecated
DEPRECATED PARAMETERS top The base_reachable_time and retrans_time are deprecated. The sysctl command does not allow changing values of these parameters. Users who insist to use deprecated kernel interfaces should push values to /proc file system by other means. For example: echo 256 > /proc/sys/net/ipv6/neigh/eth0/base_reachable_timeI propose to add new option under interface
set interfaces ethernet eth1 ip[v6] base-reachable-time xxx
This sysctl option is deprecated
DEPRECATED PARAMETERS top
Hi everyone, I think I found the simplest configuration that can reproduce this problem. If we set up firewall and use this command(set system sysctl parameter net.ipv6.neigh.eth3/2) in configuration at the same time, an error message will show when startup.
This is an example
set firewall set interfaces ethernet eth0 address 'xxx.xxx.184.32/24' set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:50' set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:ba' set interfaces ethernet eth1 vif 2 set interfaces loopback lo set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.184.1 set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0' set service ntp allow-client xxxxxx '::/0' set service ntp server xxxxx.tld set service ntp server xxxxx.tld set service ntp server xxxxx.tld set service ssh set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '115200' set system host-name xxxxxx set system login user xxxxxx authentication encrypted-password xxxxxx set system sysctl parameter net.ipv6.neigh.eth1/2.base_reachable_time_ms value '14400000' set system syslog global facility all level 'info' set system syslog global facility local7 level 'debug'
If delete the first line (set firewall), system will start normally without error message.
Yesterday
Yesterday
Meanwhile, trying to build 1.4 fails for a different reason - Debian 12 (bookworm) is still where it was, but sagitta-packages.vyos.net gives a 403 error:
So most likely we will have to find another implementation.
I sent a question to ISC regarding https://www.isc.org/blogs/dhcp-client-relay-eom/ and:
natali-rs1985 changed the status of T6234: PPPoE-server pado-delay refactoring from Open to In progress.
Viacheslav triaged T6263: Multicast: Could not commit multicast config with multicast join group using source-address as Normal priority.
Reopen to investigate.
I tested in the latest rolling version and the traceback error is not received anymore and the tunnel ip column shows n/a but with multiple entries.
It still shows the disconnected client and I assume it should not show disconnected clients
Viacheslav closed T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic as Wontfix.
Close it as wontfix due to legacy backend.
In some cases, we can't predict the interface name (if the interface name is over 15 characters) https://vyos.dev/T6222
Viacheslav changed the status of T6233: Container configurations on VyOS 1.5 prevent containers from starting from Open to Needs reporter action.
@sempervictus Any updates or additional context?
Fixed, VyOS 1.5-rolling-202404240023
vyos@r4# run show conf com | match "bri|tun0" set interfaces bridge br0 member interface tun0 set interfaces tunnel tun0 encapsulation 'gretap' set interfaces tunnel tun0 remote '192.168.122.111' set interfaces tunnel tun0 source-address '192.168.122.14' [edit] vyos@r4# delete interfaces tunnel [edit] vyos@r4# commit [ interfaces tunnel tun0 ] Interface "tun0" cannot be deleted as it is a member of bridge "br0"!
Viacheslav changed the subtype of T3915: Create op-mode top-level wrapper for ssh/scp command -VyOS 1.4 from "Bug" to "Feature Request".
Viacheslav renamed T5833: Not all AFIs compatible with VRF from BGP address family flowspec incompatible with VRF to Not all AFIs compatible with VRF.
Viacheslav renamed T5833: Not all AFIs compatible with VRF from BGP Impossible to use address family flowspec with VRF to BGP address family flowspec incompatible with VRF.
c-po moved T6244: Spacing of "Show System Uptime" hard to parse from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
c-po moved T6261: Typo in op_mode connect_disconnect print statement for check_ppp_running from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.7) board.
c-po moved T6261: Typo in op_mode connect_disconnect print statement for check_ppp_running from Finished to 1.3.7 on the VyOS 1.3 Equuleus board.
c-po moved T6261: Typo in op_mode connect_disconnect print statement for check_ppp_running from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po moved T5755: Running set pki ca NAME certificate with a name with spaces breaks the config from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6246: Enable basic haproxy http-check configuration options from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6261: Typo in op_mode connect_disconnect print statement for check_ppp_running from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6252: gre tunnel - doesn't allow configure jumbo frame more than 8024 from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6261: Typo in op_mode connect_disconnect print statement for check_ppp_running from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T6259: PKI: Support RFC822 (email) names in SAN from Need Triage to In Progress on the VyOS 1.5 Circinus board.
c-po moved T6262: Update the boot splash for VyOS 1.5 ISO from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6109: remote syslog do not get all the logs from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6109: remote syslog do not get all the logs from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
c-po added a project to T6109: remote syslog do not get all the logs: VyOS 1.4 Sagitta (1.4.0-epa3).
c-po moved T6217: VRRP contrack-sync script change name of the logger from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved T6217: VRRP contrack-sync script change name of the logger from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
c-po added a project to T6217: VRRP contrack-sync script change name of the logger: VyOS 1.4 Sagitta (1.4.0-epa3).
c-po moved T6255: Static table description should not contain white-space from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
c-po moved T6255: Static table description should not contain white-space from Need Triage to Finished on the VyOS 1.5 Circinus board.
Tue, Apr 23
Tue, Apr 23
Embezzle changed the status of T6255: Static table description should not contain white-space from In progress to Needs testing.
jestabro moved T6260: image-tools: remove failed image directory if 'No space left on device' error from Need Triage to Finished on the VyOS 1.5 Circinus board.
Viacheslav changed the status of T3726: System ntp servers are ignored if provided by DHCP (ISP) from Needs testing to Needs reporter action.
Not actual for 1.5/1.4
@mrlocke Can you re-check the 1.3?
Viacheslav added a comment to T6042: ssh scripts should work with arguments again; they do not anymore.
@doctorpangloss Any updates?
Viacheslav changed the status of T6058: Commit-Archive Save doesn't use https_proxy from Open to Needs reporter action.
@modzilla99 Could you provide an example of set commands to reproduce?
Viacheslav moved T6237: IPSec remote access VPN: ability to set EAP ID of clients from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Tested as working in: VyOS 1.5-rolling-202404230019
In T6258#184716, @Viacheslav wrote:Most likely needs to change priority to 319 for the sysctl
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "ethernet|sysctl" 300 interfaces_virtual-ethernet.py ['interfaces', 'virtual-ethernet'] 318 interfaces_ethernet.py ['interfaces', 'ethernet'] 318 system_sysctl.py ['system', 'sysctl'] 321 interfaces_pseudo-ethernet.py ['interfaces', 'pseudo-ethernet'] vyos@r4:~$
What happens if another value occupies the index?
For example, PPPoE-server and PPP interface can generate thousands of interfaces
Viacheslav changed the status of T6109: remote syslog do not get all the logs from Needs reporter action to Backport candidate.
It was filtered in https://vyos.dev/T2086 to avoid pam_unix mess
Viacheslav placed T1751: DNS server addresses from DHCPv6 are not added to resolv.conf up for grabs.
Viacheslav changed the status of T6217: VRRP contrack-sync script change name of the logger from Open to In progress.
Can't reproduce it, close the task
Viacheslav added a project to T6251: Extend table number limits for policy route-map set table: Restricted Project.
Most likely needs to change priority to 319 for the sysctl
vyos@r4:~$ /usr/libexec/vyos/priority.py | match "ethernet|sysctl" 300 interfaces_virtual-ethernet.py ['interfaces', 'virtual-ethernet'] 318 interfaces_ethernet.py ['interfaces', 'ethernet'] 318 system_sysctl.py ['system', 'sysctl'] 321 interfaces_pseudo-ethernet.py ['interfaces', 'pseudo-ethernet'] vyos@r4:~$
I have asked the OP @canoziia to provide such in the forum.
Extend to <1-65535>
PR https://github.com/vyos/vyos-1x/pull/3353
What do I need to do to get these values?
root@r1-right:/home/vyos# sysctl net.ipv6.neigh.eth3/2.base_reachable_time_ms sysctl: cannot stat /proc/sys/net/ipv6/neigh/eth3.2/base_reachable_time_ms: No such file or directory
I can only refer to whats unfolded on the forum at https://forum.vyos.io/t/how-to-set-net-ipv6-neigh-etha-b-base-reachable-time-in-vyos/14304
jestabro triaged T6260: image-tools: remove failed image directory if 'No space left on device' error as High priority.
Mon, Apr 22
Mon, Apr 22
Embezzle changed the status of T6259: PKI: Support RFC822 (email) names in SAN from Open to In progress.
Giggum updated subscribers of T6123: Limit NTP allow-client config to internal addresses by default.
@Viacheslav or another of the Maintainers:
Could you provide the full set of commands to reproduce?
So the root cause here is that vrf.py runs prior to vrf_vni.py where the first one eliminates all vni configuration within FRR.
The main reason for this weird logic is T5492.