Page MenuHomeVyOS Platform
Feed All Stories

Mon, Jul 19

c-po merged task T3687: IS-IS is missing IPv6 support into T3576: ISIS does not support IPV6.
Mon, Jul 19, 5:59 PM · VyOS 1.3 Equuleus
c-po added a comment to T3687: IS-IS is missing IPv6 support.

This is already available in VyOS 1.4

Mon, Jul 19, 5:57 PM · VyOS 1.3 Equuleus
Cheeze_It added a comment to T3687: IS-IS is missing IPv6 support.

@Scoopta, thank you. That's good. I *think* know how the logic should go. Shouldn't be difficult but I'll consult with @Viacheslav and @c-po on how we should tackle it. It shouldn't be hard, but I want to make sure I properly do it :)

Mon, Jul 19, 5:40 PM · VyOS 1.3 Equuleus
Cheeze_It updated subscribers of T3687: IS-IS is missing IPv6 support.

@Viacheslav, @c-po, the ISIS FRR Jinja2 template is significantly different between 1.3 and 1.4. Should I try to make the change on 1.3 and then merge? Or should I make it on 1.4 and we'll find a way to merge it back into 1.3?

Mon, Jul 19, 5:39 PM · VyOS 1.3 Equuleus
Scoopta added a comment to T3687: IS-IS is missing IPv6 support.

@Cheeze_It Yes, I actually patched my version of vyos already. Just have to add

ipv6 router isis {{ process }}

to the frr isis template file

Mon, Jul 19, 5:17 PM · VyOS 1.3 Equuleus
sdev updated the task description for T3642: PKI configuration.
Mon, Jul 19, 5:17 PM · VyOS 1.4 Sagitta
sdev added a comment to T3642: PKI configuration.

PKI Wireguard PR: https://github.com/vyos/vyos-1x/pull/929

Mon, Jul 19, 5:17 PM · VyOS 1.4 Sagitta
Cheeze_It added a comment to T3687: IS-IS is missing IPv6 support.

@Viacheslav, @Scoopta, I take it for default originate on IPv6 there's a requirement to have "ipv6 router isis" added on the interface? I'm thinking yes. If it's a yes (which I'm thinking it is) then I believe this should be fairly easy to add. I'll give it a check guys.

Mon, Jul 19, 5:03 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3687: IS-IS is missing IPv6 support.

@Scoopta Provide please example of configuration with every task.
If it a possible example of frr, for what you get and what you expected.

Mon, Jul 19, 4:51 PM · VyOS 1.3 Equuleus
Viacheslav updated subscribers of T3687: IS-IS is missing IPv6 support.
Mon, Jul 19, 4:45 PM · VyOS 1.3 Equuleus
fernando updated subscribers of T3655: NAT Problem with VRF.

thanks for your comment , we are testing first with @rherold , I understand that your case is similar but it's not the same (you have an explicit route-leaking between default vrf and vrf X ). So we also need to test it and try to sure the version solved it .

Mon, Jul 19, 3:30 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3689: static ipv6 route doesn't deleted in some cases.

PR for 1.3 https://github.com/vyos/vyatta-cfg-quagga/pull/84

Mon, Jul 19, 2:48 PM · Ready for Crux (1.2.x), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus
tjjh89017 updated subscribers of T3655: NAT Problem with VRF.

@zsdc
please take a look on this
it might be some similar issue in this patch?
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=0fb4d21956f4a9af225594a46857ccf29bd747bc

Mon, Jul 19, 2:29 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3676: Container option to add Linux capabilities.

Can you send more examples how it looks like in podman cli?
Which parameters do you set, and how to check if it is successfully applied?

Mon, Jul 19, 9:35 AM · VyOS 1.4 Sagitta

Sun, Jul 18

c-po merged T3684: Bridge doesn't show stp states / macs into T3667: brctl is damaged.
Sun, Jul 18, 2:02 PM · VyOS 1.4 Sagitta
c-po merged task T3684: Bridge doesn't show stp states / macs into T3667: brctl is damaged.
Sun, Jul 18, 2:02 PM · VyOS 1.4 Sagitta
c-po added a comment to T3684: Bridge doesn't show stp states / macs .

Can you please try running this test on a more recent VyOS version?

Sun, Jul 18, 2:01 PM · VyOS 1.4 Sagitta

Sat, Jul 17

yun added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

I have made a second attempt of the PR: https://github.com/vyos/vyos-1x/pull/928
The original checks are back, but it's only checked if no alternative authentication methods are configured.

Sat, Jul 17, 11:05 PM · VyOS 1.3 Equuleus
c-po changed the status of T3684: Bridge doesn't show stp states / macs from Open to Confirmed.
Sat, Jul 17, 10:05 PM · VyOS 1.4 Sagitta
c-po added a comment to T3684: Bridge doesn't show stp states / macs .

brctl is a deprecated package and superseeded by iproute2. Commands will be adjusted, thanks for reporting.

Sat, Jul 17, 10:05 PM · VyOS 1.4 Sagitta
c-po claimed T3684: Bridge doesn't show stp states / macs .
Sat, Jul 17, 10:04 PM · VyOS 1.4 Sagitta
yun added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

As I suspected, it check if the ConfigSession properly errors if "tls cert-file" and "tls key-file" are defined (for server):

Sat, Jul 17, 9:19 PM · VyOS 1.3 Equuleus
tjjh89017 added a comment to T3655: NAT Problem with VRF.

something like this in 1.4 nft
https://www.spinics.net/lists/netfilter/msg58240.html

Sat, Jul 17, 7:44 PM · VyOS 1.3 Equuleus
tjjh89017 added a comment to T3655: NAT Problem with VRF.

It seems 1.4-rolling has this bug also
i setup vrf wg with all wireguard clients (with private ip)
and setup vrf leak to vrf default
NAT didn't work on it.
it will send un-NAT packet to eth0

Sat, Jul 17, 7:22 PM · VyOS 1.3 Equuleus
c-po added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

You can find the test here: https://github.com/vyos/vyos-1x/blob/current/smoketest/scripts/cli/test_interfaces_openvpn.py

Sat, Jul 17, 6:50 PM · VyOS 1.3 Equuleus
yun added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

Hmm. Can you point me to the smoketest that failed? I will investigate. Maybe it actually tests if the strict check are in place, because now cert-file and key-file are optional, but it should keep working if you configure it.

Sat, Jul 17, 5:56 PM · VyOS 1.3 Equuleus
c-po added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

Unfortunately I had to revert this PR as it broke the smoketests and also triggered the following OpenVPN error:

Sat, Jul 17, 5:20 PM · VyOS 1.3 Equuleus
c-po renamed T3318: Update Linux Kernel to v5.4.135 / 5.10.53 from Update Linux Kernel to v5.4.131 / 5.10.49 to Update Linux Kernel to v5.4.132 / 5.10.50.
Sat, Jul 17, 7:16 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
Scoopta added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

I'm not sure, I haven't tried it. Thing is if I add

set interfaces openvpn vtun2 local-address fe80::1

Sat, Jul 17, 6:07 AM · Restricted Project, VyOS 1.3 Equuleus
Viacheslav added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

My config which breaks

set interfaces openvpn vtun2 device-type tap
set interfaces openvpn vtun2 mode site-to-site
Sat, Jul 17, 4:40 AM · Restricted Project, VyOS 1.3 Equuleus
Scoopta added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

My config which breaks

Sat, Jul 17, 2:57 AM · Restricted Project, VyOS 1.3 Equuleus

Fri, Jul 16

Viacheslav changed Version from VyOS 1.3.0-rc5 to VyOS 1.3.0-rc5, 1.2.8 on T3689: static ipv6 route doesn't deleted in some cases.
Fri, Jul 16, 8:30 PM · Ready for Crux (1.2.x), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus
Viacheslav removed a subtask for T3182: Main blocker Task for FRR 7.4/7.5 series update: T3689: static ipv6 route doesn't deleted in some cases.
Fri, Jul 16, 8:11 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
Viacheslav removed a parent task for T3689: static ipv6 route doesn't deleted in some cases: T3182: Main blocker Task for FRR 7.4/7.5 series update.
Fri, Jul 16, 8:10 PM · Ready for Crux (1.2.x), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus
Viacheslav updated the task description for T3689: static ipv6 route doesn't deleted in some cases.
Fri, Jul 16, 8:07 PM · Ready for Crux (1.2.x), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus
Viacheslav updated the task description for T3689: static ipv6 route doesn't deleted in some cases.
Fri, Jul 16, 8:05 PM · Ready for Crux (1.2.x), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus
Viacheslav added a comment to T3685: IPv6 PBR doesn't allow setting of an egress interface.

For first we have to solve this bug T3689

Fri, Jul 16, 7:55 PM · VyOS 1.3 Equuleus
Viacheslav created T3689: static ipv6 route doesn't deleted in some cases.
Fri, Jul 16, 7:53 PM · Ready for Crux (1.2.x), VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus
Viacheslav added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

In my test configuration all works fine.

set interfaces bridge br0 address '10.0.0.1/30'
set interfaces bridge br0 member interface vtun0
set interfaces openvpn vtun0 device-type 'tap'
set interfaces openvpn vtun0 encryption cipher 'aes128'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 server subnet '192.168.1.0/24'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/openvpn/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/openvpn/central.crt'
set interfaces openvpn vtun0 tls dh-file '/config/auth/openvpn/dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/openvpn/central.key'
Fri, Jul 16, 5:43 PM · Restricted Project, VyOS 1.3 Equuleus
sdev updated the task description for T3642: PKI configuration.
Fri, Jul 16, 5:39 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3688: Fail to save configuration via scp/sftp.

It looks like was the same bug T1866

Fri, Jul 16, 4:26 PM · Restricted Project, VyOS 1.3 Equuleus
ramaxlo added a comment to T3688: Fail to save configuration via scp/sftp.

Have tried 1.3.0-rc5, the issue remains.

Fri, Jul 16, 3:07 PM · Restricted Project, VyOS 1.3 Equuleus
Viacheslav added a project to T3688: Fail to save configuration via scp/sftp: VyOS 1.3 Equuleus.
Fri, Jul 16, 2:43 PM · Restricted Project, VyOS 1.3 Equuleus
ramaxlo created T3688: Fail to save configuration via scp/sftp.
Fri, Jul 16, 12:30 PM · Restricted Project, VyOS 1.3 Equuleus
Viacheslav added a comment to T3686: Bridging OpenVPN tap with no local-address breaks.

@Scoopta Can you share commands on how to reproduce it?
It will be easier for developers to reproduce this bug.

Fri, Jul 16, 9:23 AM · Restricted Project, VyOS 1.3 Equuleus
Viacheslav changed the subtype of T3687: IS-IS is missing IPv6 support from "Bug" to "Feature Request".
Fri, Jul 16, 9:20 AM · VyOS 1.3 Equuleus
Scoopta created T3687: IS-IS is missing IPv6 support.
Fri, Jul 16, 6:47 AM · VyOS 1.3 Equuleus
Scoopta created T3686: Bridging OpenVPN tap with no local-address breaks.
Fri, Jul 16, 6:03 AM · Restricted Project, VyOS 1.3 Equuleus
Scoopta updated the task description for T3685: IPv6 PBR doesn't allow setting of an egress interface.
Fri, Jul 16, 5:04 AM · VyOS 1.3 Equuleus
Scoopta updated the task description for T3685: IPv6 PBR doesn't allow setting of an egress interface.
Fri, Jul 16, 5:02 AM · VyOS 1.3 Equuleus
Scoopta created T3685: IPv6 PBR doesn't allow setting of an egress interface.
Fri, Jul 16, 5:02 AM · VyOS 1.3 Equuleus

Thu, Jul 15

fernando triaged T3684: Bridge doesn't show stp states / macs as Low priority.
Thu, Jul 15, 9:57 PM · VyOS 1.4 Sagitta
Viacheslav closed T3512: set protocols static table creates wrong frr config as Invalid.

I can't reproduce it.
Re-open the task if you get this issue again.

Thu, Jul 15, 9:37 PM · VyOS 1.3 Equuleus
Viacheslav added a subtask for T3619: Performance Degradation 1.2 --> 1.3 | High ksoftirqd CPU usage: T2051: Throughput anomalies.
Thu, Jul 15, 9:28 PM · VyOS 1.3 Equuleus
Viacheslav added a parent task for T2051: Throughput anomalies: T3619: Performance Degradation 1.2 --> 1.3 | High ksoftirqd CPU usage.
Thu, Jul 15, 9:28 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
Viacheslav added a comment to T3017: bridge will lose the tuntap member after reboots.

@jingyun Can you describe more details?

Thu, Jul 15, 8:50 PM · VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
Viacheslav added a comment to T3683: VXLAN not accept ipv6 and source-interface options and mtu bug.

PR https://github.com/vyos/vyos-1x/pull/925

Thu, Jul 15, 7:56 PM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3683: VXLAN not accept ipv6 and source-interface options and mtu bug.
Thu, Jul 15, 7:06 PM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3683: VXLAN not accept ipv6 and source-interface options and mtu bug.
Thu, Jul 15, 5:38 PM · VyOS 1.3 Equuleus
Viacheslav created T3683: VXLAN not accept ipv6 and source-interface options and mtu bug.
Thu, Jul 15, 11:54 AM · VyOS 1.3 Equuleus

Wed, Jul 14

yun added a comment to T3682: Remove running dhclient from ether-resume.py.

I submitted a PR for review: https://github.com/vyos/vyos-1x/pull/923

Wed, Jul 14, 11:35 PM · VyOS 1.3 Equuleus
yun added a comment to T3682: Remove running dhclient from ether-resume.py.

It's funny, I remember that dhcp was already removed from ether-resume.py and I checked the git history, and it was.
Related issue and discussion about netplug vs ether-resume dhclient (buried deep in the beginning) https://phabricator.vyos.net/T1028

Wed, Jul 14, 10:59 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3662: Container configuration upgrade destroys system.

note: Record the process of upgrading from 1.4-rolling-202107010537 to 1.4-rolling-202107122017

Wed, Jul 14, 7:00 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T3662: Container configuration upgrade destroys system.

PR: https://github.com/vyos/vyos-1x/pull/922

Wed, Jul 14, 6:56 PM · VyOS 1.4 Sagitta
stepler added a comment to T3680: Static routes with dhcp-interface are flaky.

PR https://github.com/vyos/vyos-1x/pull/921

Wed, Jul 14, 5:56 PM · VyOS 1.4 Sagitta
stepler changed Difficulty level from unknown to normal on T3680: Static routes with dhcp-interface are flaky.
Wed, Jul 14, 5:56 PM · VyOS 1.4 Sagitta
yun added a comment to T3681: The VMware Tools resume script did not run successfully in this virtual machine..

PR: https://github.com/vyos/vyos-1x/pull/920

Wed, Jul 14, 4:08 PM · VyOS 1.3 Equuleus
yun created T3682: Remove running dhclient from ether-resume.py.
Wed, Jul 14, 4:02 PM · VyOS 1.3 Equuleus
yun triaged T3681: The VMware Tools resume script did not run successfully in this virtual machine. as Normal priority.
Wed, Jul 14, 3:21 PM · VyOS 1.3 Equuleus
artooro added a comment to T3670: Option to disable HTTP port 80 redirect.

Thanks @jestabro this seems like a good place to start learning VyOS internals, will give it a go when I have some off time and submit a pull request.

Wed, Jul 14, 3:04 PM · VyOS 1.4 Sagitta
jestabro added a comment to T3670: Option to disable HTTP port 80 redirect.

@artooro This sounds reasonable, and I don't imagine a problem, though I have yet to try it; if you would like to submit a pull request with fix, I will review.

Wed, Jul 14, 2:47 PM · VyOS 1.4 Sagitta
stepler changed the status of T3680: Static routes with dhcp-interface are flaky from Open to In progress.
Wed, Jul 14, 12:22 PM · VyOS 1.4 Sagitta

Tue, Jul 13

c-po added a comment to T3680: Static routes with dhcp-interface are flaky.

Most likely related to T3505

Tue, Jul 13, 9:06 PM · VyOS 1.4 Sagitta
stepler updated the task description for T3680: Static routes with dhcp-interface are flaky.
Tue, Jul 13, 6:35 PM · VyOS 1.4 Sagitta
stepler created T3680: Static routes with dhcp-interface are flaky.
Tue, Jul 13, 6:32 PM · VyOS 1.4 Sagitta
erkin closed T3679: Point the unexpected exception message link to the new rolling release location as Resolved.
Tue, Jul 13, 5:43 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
erkin changed the status of T3679: Point the unexpected exception message link to the new rolling release location from Open to In progress.
Tue, Jul 13, 4:27 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
dmbaturin created T3679: Point the unexpected exception message link to the new rolling release location.
Tue, Jul 13, 4:11 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
sdev added a comment to T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.

This error occurs because the ipsec module blindly updates the l2tp module after a commit change to ensure any l2tp via ipsec config is then refreshed also.

Tue, Jul 13, 4:01 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T2816: Rewrite IPsec scripts with the new XML/Python approach: T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.
Tue, Jul 13, 3:54 PM · VyOS 1.4 Sagitta
Viacheslav added a parent task for T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration: T2816: Rewrite IPsec scripts with the new XML/Python approach.
Tue, Jul 13, 3:54 PM · VyOS 1.4 Sagitta
stepler added a comment to T3505: Commits do not respect changes in FRR that are not stored in a config.

Workaround for missing DHCP default route:

Tue, Jul 13, 3:32 PM · VyOS 1.4 Sagitta
SrividyaA added a comment to T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.

Parent task: https://phabricator.vyos.net/T2816

Tue, Jul 13, 3:29 PM · VyOS 1.4 Sagitta
SrividyaA renamed T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration from VyoOS 1.4: Invalid error message while deleting ipsec vpn configuration to VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.
Tue, Jul 13, 3:26 PM · VyOS 1.4 Sagitta
SrividyaA created T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.
Tue, Jul 13, 3:26 PM · VyOS 1.4 Sagitta
dmbaturin added a comment to T3663: Use inotify file watching where applicable.

Other instances:

Tue, Jul 13, 1:30 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
Viacheslav added a comment to T3671: Webproxy not functional in 1.2.8 update.

More details https://github.com/vyos/vyatta-webproxy/pull/17

Tue, Jul 13, 10:50 AM · VyOS 1.2 Crux (VyOS 1.2.9)
olofl created T3677: "sipcalc" not included in 1.3.
Tue, Jul 13, 8:08 AM · Restricted Project, VyOS 1.3 Equuleus

Mon, Jul 12

yun added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

PR submitted: https://github.com/vyos/vyos-1x/pull/917

Mon, Jul 12, 10:50 PM · VyOS 1.3 Equuleus
trystan added a comment to T3671: Webproxy not functional in 1.2.8 update.
trystan@vyeos# commit
[ service webproxy ]
Restarting squid (via systemctl): squid.service.
Mon, Jul 12, 8:09 PM · VyOS 1.2 Crux (VyOS 1.2.9)
c-po added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

thanks for your detailed bisection of this issue. You mind submitting a GitHub PullRequest as per https://docs.vyos.io/en/equuleus/contributing/development.html?

Mon, Jul 12, 6:56 PM · VyOS 1.3 Equuleus
c-po renamed T3318: Update Linux Kernel to v5.4.135 / 5.10.53 from Update Linux Kernel to v5.4.129 / 5.10.47 to Update Linux Kernel to v5.4.131 / 5.10.49.
Mon, Jul 12, 4:45 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po closed T3661: [vrf} route-leaking missing command as Invalid.
Mon, Jul 12, 4:41 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3671: Webproxy not functional in 1.2.8 update.

@trystan Can you download this pkg to vyos /tmp and install it? It should fix this issue

Mon, Jul 12, 3:40 PM · VyOS 1.2 Crux (VyOS 1.2.9)
yun added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

The workaround stopped working after the OpenVPN configuration checks moved from Perl to Python. As this still applies to VyOS 1.3 this issue should be reopened, I can also create a new issue if that is preferred.

Mon, Jul 12, 3:20 PM · VyOS 1.3 Equuleus
SrividyaA added a comment to T3656: IPSec 1.4 : "show vpn ike sa" does not show the correct default ike version.

@sdev It still shows the ikev2 as the default version in the output.
I agree with your point that strongswan has changed the default version. A quote from their documentation: "Since 5.0.0 both protocols are handled by Charon and connections marked with ike will use IKEv2 when initiating, but accept any protocol version when responding."

Mon, Jul 12, 2:43 PM · VyOS 1.4 Sagitta
fernando added a comment to T3661: [vrf} route-leaking missing command.

good lab, thanks for your time! I want to leave a comment , I used the syntax that you recommend and it worked well ( VyOS 1.3.0-rc5):

Mon, Jul 12, 1:55 PM · VyOS 1.3 Equuleus
fernando added a comment to T3661: [vrf} route-leaking missing command.
Mon, Jul 12, 1:34 PM · VyOS 1.3 Equuleus

Sun, Jul 11

artooro created T3676: Container option to add Linux capabilities.
Sun, Jul 11, 3:44 PM · VyOS 1.4 Sagitta
c-po added a comment to T3661: [vrf} route-leaking missing command.

I did a short lab test using the following topology based on my assumptions what you wan't to do:

Sun, Jul 11, 1:54 PM · VyOS 1.3 Equuleus