This is present in branches crux and current too, so adding tag for crux.
https://github.com/vyos/vyos-1x/commit/5848a4d6095e6d7bc70e34e0b7b7e2c3d8e3303f
https://github.com/vyos/vyos-1x/commit/6f954ab56768af9a07d8a1dc086f54ddefa58da7
https://github.com/vyos/vyos-1x/commit/5848a4d6095e6d7bc70e34e0b7b7e2c3d8e3303f
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Oct 19 2019
Oct 19 2019
jjakob added a project to T1745: dhcp-server commit fails with "DHCP range stop address x must be greater or equal to the range start address y!" when static mapping has same IP as range stop: VyOS 1.2 Crux.
jjakob added a comment to T1744: Config load fails in ConfigTree with ValueError: Failed to parse config: lexing: empty token.
Via the process of elimination I found the culprit - comments with special characters in them, that at some point in the upgrade cycle got converted into backslash-escped decimal:
description "\197\160" # this was once Š description "\196\140 \196\141" # Č č
\197\160 is C5 A0 which is U+0160, which was the original character.
So old versions allowed these characters in comments and worked fine with them, then at one point an upgrade converted them to backslash decimal UTF-8, which still worked until at some point they started causing the error.
syncer reassigned T1735: Issue in "show vpn ipsec/ike sa" output with ipsec encryption algorithm aes128gcm128/aes256gcm128/chacha etc from UnicronNL to Unknown Object (User).
This works as expected
spectre3500 added a comment to T1062: Cannot connect to a newly created Amazon EC2 instance via SSH.
I'm still having an issue with using build-ami to create an AMI in us-gov-west-1.
hagbard added a comment to T1743: equuleus: remove references to SSH key type "rsa1" deprecated in Debian Buster.
Thanks for your contribution.
jjakob updated the task description for T1743: equuleus: remove references to SSH key type "rsa1" deprecated in Debian Buster.
jjakob changed the status of T1743: equuleus: remove references to SSH key type "rsa1" deprecated in Debian Buster from Open to In progress.
Oct 18 2019
Oct 18 2019
hagbard moved T1581: Add GNU Wget from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.4) board.
hagbard moved T1604: equuleus: buster: vbash: tab completion breaks from Need Triage to Finished on the VyOS 1.3 Equuleus board.
hagbard closed T1604: equuleus: buster: vbash: tab completion breaks, a subtask of T476: Update the base system to Debian 10 (Buster), as Resolved.
Perfect. Thanks a lot guys.
As the AS number is a bgp specific attribute i don't think it's wise to move it out of the bgp hierarchy .
@c-po I can't see the issue here, that seems like normal expected behavior (tabbing gives a list of all possible nodes, even the long ones?)
I agree that if there is a problem, it's for a separate issue and describe what the problem and expected behavior is in more detail there.
fixed in 1.2.3
@c-po what you are describing don't look like a bug.. its more like a feature :) anyways its not related to this issue so please open another ticket on this.
I see no reason to add wget as curl is superior. We should set this to Wontfix
@Harliff Does curl work for you?
Is that still and issue, sorry I lost track a little while I was busy with other stuff.
hagbard changed the status of T1705: High CPU usage by bgpd when snmp is active from Needs testing to Backport candidate.
hagbard moved T1705: High CPU usage by bgpd when snmp is active from In Progress to Backlog on the VyOS 1.2 Crux board.
hagbard moved T1684: Unable to enable IPv6 autoconf on PPPoE from Backlog to Finished on the VyOS 1.2 Crux (VyOS 1.2.3) board.
already added to the documentation: https://vyos.readthedocs.io/en/latest/system/proxy.html
good first implementation thx. can you please also update docs?
hagbard changed the status of T1741: Add system wide proxy setting from In progress to Needs testing.
I have an idea, I can either write it to profile.d, that is exporting http_proxy, https_proxy and ftp_proxy into the shell env, and in the install-image script if the profile files exists, I load it which exposes these variables as well and curl is working with no issue. If removed, that file won't exists and curl works like it did before. If the proxy variables shouldn't be in the user environment, I can write it to a particular file only used by scripts which which would need that information.
curl only accepts ~/.curlrc, so that can become a hassle with multiple home directories on a box.
hagbard moved T1720: support for more 'show ip route' commands from In Progress to Backlog on the VyOS 1.2 Crux board.
We only have curl and wget for outside communication so this should be fine, whereas curl is the preferred way - thus this is more then fine and can be altered if its really required. Keep it simple.
Root cause identified and fixed. Please test @albeu.
That would work but it's only for a single programm you define it. I think it could be enough for the beginning. I still have to check if curlrc is being read when invoked from the perl script, it usually should.
vyos@vyos# set interfaces wireless wlan0
Possible completions:
+ address Address for this interface
> bridge-group Interface bridge group
> capabilities HT and VHT capabilities for your card
channel Wireless radio channel
debug Enable hostapd logging to syslog
description Description for this interface
> dhcpv6-options
DHCPv6 options
disable-broadcast-ssid
Disable broadcast of SSID from access-point
disable-link-detect
Ignore link state changes on this interface
expunge-failing-stations
Disassociate stations based on excessive transmission failures.
> firewall Firewall options
hw-id Media Access Control (MAC) address
> ip IPv4 routing parameters
> ipv6 IPv6 routing parameters
isolate-stations
Isolate stations on the AP so they cannot see each other
mac Media Access Control (MAC) address
max-stations Maximum number of wireless radio stations
mgmt-frame-protection
Management Frame Protection (MFP) according to IEEE 802.11w
mode Wireless radio mode
physical-device
Wireless physical device
> policy Policy route options
redirect Incoming packet redirection destination
reduce-transmit-power
Transmission power reduction in dBm
> security Wireless security settings
ssid Wireless access-point service set identifier (SSID)
> traffic-policy
Traffic-policy for interface
type Wireless device type for this interface [REQUIRED]
+> vif Virtual Local Area Network (VLAN) IDWhy bot simply create /etc/wgetrc? Can curl read that file? If not, /etc/curlrc.
Unknown Object (User) closed T1685: Improvement cli ethernet helper for vif/vif-s/vif-c as Resolved.
Unknown Object (User) added a comment to T1742: NHRP unable to commit..
Unknown Object (User) changed the visibility for T1742: NHRP unable to commit..
Oct 17 2019
Oct 17 2019
The removal makes a little headache. Setting it system wide is not an issue at all, writing and execute in profile.d. Removing it would require to logout and login again to re-read the bash.profile. I may have to rethink that. Also the image download is invoked via a perl script, so http_proxy will be lost anyway.
c-po changed the status of T1401: Copying files with the FTP protocol fails if the password contains special characters from Needs testing to Backport pending.
c-po moved T1737: SNMP tab completion missing from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po moved T1737: SNMP tab completion missing from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.4) board.
c-po edited projects for T1737: SNMP tab completion missing, added: VyOS 1.2 Crux (VyOS 1.2.4), VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
I have that issue for a while here too and just helped myself locally. I'll can take care of that.
Oct 16 2019
Oct 16 2019
Unknown Object (User) added a comment to T1740: Broken OSPFv2 virtual-link authentication.
PR #37
Unknown Object (User) changed the status of T1740: Broken OSPFv2 virtual-link authentication from Open to In progress.
Unknown Object (User) changed the status of T1401: Copying files with the FTP protocol fails if the password contains special characters from Open to Needs testing.
Unknown Object (User) added a comment to T1401: Copying files with the FTP protocol fails if the password contains special characters.
PR #31
The system where I'm seeing this is a VM which use a BNX2 dual port network card via PCI pass-thru. Both ports (eth0 and eth1) are configured in a LACP bond (bond0) with several VIF running on top of it (bond0.10, bond0.20, etc). All VIF are showing this problem.
pritamkharat10221 added a comment to T1735: Issue in "show vpn ipsec/ike sa" output with ipsec encryption algorithm aes128gcm128/aes256gcm128/chacha etc.
I have generated a PR for this fix https://github.com/vyos/vyatta-op-vpn/pull/24.
Please take a look at it.
Hi @albeu the fix is very bad in most of our cases and not really good to address a single issue. Can you give some hints to reproduce the "DHCP won't start on some interfaces"? problem?
c-po added a comment to T1736: Decide on best practice for patching live-team packages for VyOS build system.
When we say building is only supported in our Docker environment - is it even an issue? Just patch it during preparation of the container and we‘re all set.
One might need to differentiate between transparent bump-in-the-wire type squid deployments, and running it as a known proxy (delivered via DHCP and an onboard PAC file). Plus any kind of speedbump captive portal. I know one place specifically uses it to force clients to expose connecting hostname due to the use of the CONNECT command for TLS connections, for passive logging on the wire. Which will get interesting with the emergence of DoH and DoT in mainstream browsers, and enterprise efforts to kill that off.
Oct 15 2019
Oct 15 2019
dmbaturin added a comment to T1736: Decide on best practice for patching live-team packages for VyOS build system.
Myself I'm in favor of maintaining a fork and asking people to install it. We can add a version check to the ./configure script to make sure it stops and tells the user what to do if the version is not patched.
Most enterprises use it still as a cheap authentication method, I'm totally in favor to drop it, not only in vyos. Breaking it off (they generate fitting ssl certs on the fly signed with a private PKI), is questionable as well, since I think https should be end to end encryption, everyone who messes with that idea, well I wouldn't trust them on other items as well.
works with:
Version: VyOS 1.2-rolling-201910110117 Built by: [email protected] Built on: Fri 11 Oct 2019 01:17 UTC Build UUID: 48a11fa6-8c59-4dbb-94a3-215376c09a02 Build Commit ID: 46f9b2ab60e4fa
Can't create an iso right now to test it.
Also, as we are implementing this into the vyos cli, we can only omplement a small subset of the squid functionallity without doing lare efforts on implementing everything.. thats also why i favor to removing this functionallity..
+1
+1
Okay, after working with this for a while, I believe the whole 'vyatta-webproxy` should be a candidate for deletion in equuleus (see T1732).
I will ask on customer survey but i know proxies used in enterprise environments not for caching or blocking but for securing access to public segments
Oct 14 2019
Oct 14 2019
To be fair, that’s what prompted this. The logs go to a different file already.
Because the amount of logs from this system could be enormous, Is it possible to move these logs to another syslog file to not overcroud the main syslog file?
This PR should address those concerns
@c-po can you provide a way to reproduce your issue?
I would rather prefer it to send messages to local syslog and then distribute it to remote hosts. Otherwise we have an async syslog interface.
https://github.com/vyos/vyatta-cfg/pull/19
This fixes the conf mode completion, at least in the bash cli shell.
Oct 14 2019, 7:20 PM · Restricted Project