Yes, closing this ...
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Oct 14 2021
@c-po Is it already implemented with commit https://github.com/vyos/vyos-1x/commit/ae2dc55aa68679e828d4bb133fc515172c081d0f ?
Fixed, VyOS 1.4-rolling-202110130217
vyos@r1-roll:~$ show nat source rules Rule Source Translation Outbound Interface ---- ------ ----------- ------------------ 3 192.168.0.0/24 masquerade eth0
Is a double task, it looks like the package is not update upstream.
Maybe, but if the effort is made in order to be able to configure log level, it would be good that it can be set in different levels.
I'm thinking in a mix scenario, where majority of rules may log with info/debug level (for example default accept rules), while other rules may need a warning/error level (some drop rules).
As for me, it should be configured in the global firewall log level, not per rule.
set firewall log-level x
The real bug is it shouldn't allow port-range values as it is not implemented.
Or just add this feature T2798
For this we create text files as the group-config includes (they contain route and other per group config directives, generally around security).
Oct 13 2021
In T3008#78303, @jack9603301 wrote:
If I change the double-quotes to single-quotes for all the rules in that firewall, I get this (no changes detected):
Oct 12 2021
@foxbox Will be fixed in the next rolling release.
Messaged
@BiMW Can you re-check it?
Not reproducible, VyOS 1.4-rolling-202109300217
set service ipoe-server authentication radius dynamic-author key 'ssss' set service ipoe-server authentication radius dynamic-author server '192.168.122.11' set service ipoe-server authentication radius nas-ip-address '192.168.122.11' set service ipoe-server authentication radius server 192.168.122.11 key 'ciscoradiuskey' set service ipoe-server interface eth1 client-subnet '192.0.2.0/24'
@FileGo Can you replace double-quotes with single-quotes?
Fixed
sever@sever:~$ ssh [email protected]
In T3896#107997, @Viacheslav wrote:@SquirePug Can you share more details, which templates and parameters did you edit?
Oct 11 2021
Present in 1.4 and 1.3.0-epa1
set service pppoe-server authentication radius server 192.0.2.1 acct-port Possible completions: <1-65535> Numeric IP port (default: 1813)
@c-po in 1.3.0-epa1 works fine.
What about 1.3.0-epa1?
Re-opened, the same bug in VyOS 1.4-rolling-202109300217
sever@sever:~/docker$ ssh [email protected]
@SquirePug Can you share more details, which templates and parameters did you edit?
Obviously in a perfect world we get "unique" and "stable". I do think giving stability priority makes sense.
@lucasec the reason for switching to the platform UUID instead of building up out own one was that it was not "unique".
Oct 10 2021
I surveyed all the hardware I have to see what kind of UUIDs they report:
Implemented in
The DUID is presented in binary inside /var/lib/dhcpv6/dhcp6c_duid to read it back into ASCII use: hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" "\n"' /var/lib/dhcpv6/dhcp6c_duid
Oct 9 2021
You are right @NikolayP but opening an entire subtree might be a bit of overkill.
Unfortunately reverting back the public key did not lead to any good results either.
Oct 8 2021
not yet , we 've been trying with different CT but it's not solve the main problem . I understand that disabling conntrack is not possible because is used for nat.
Perhaps the command should be changed a bit
MSS is a property of the TCP protocol, not IP: