Page MenuHomeVyOS Platform
Feed All Stories

Nov 15 2021

Viacheslav added a comment to T3960: FRR Misconfig when using multiple VRF VNI.

Zebra configuration:

root@r11-roll:/home/vyos# cat foo.txt 
!
frr version 7.5.1-20210619-12-g3f8a74e70
frr defaults traditional
hostname r11-roll
log syslog
log facility local7
service integrated-vtysh-config
!
vrf blue
 vni 2000
 exit-vrf
!
vrf red
 vni 3000
 exit-vrf
!
line vty
!
end
Nov 15 2021, 10:08 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T2044: RPKI doesn't boot properly.

Still reproducible VyOS 1.3-beta-202111150443
After reboot

Nov 15 2021, 9:01 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3988: Feature Request: IPsec Multiple local/remote prefix for the tunnel.

For 1.4 it was implemented in T645
IPSec was completely rewritten in 1.4

Nov 15 2021, 8:23 AM · VyOS 1.3 Equuleus (1.3.0-epa3)
Viacheslav closed T645: Allow multiple prefixes in ipsec tunnel, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Nov 15 2021, 8:22 AM · VyOS 1.4 Sagitta
Viacheslav closed T645: Allow multiple prefixes in ipsec tunnel as Resolved.
Nov 15 2021, 8:22 AM · VyOS 1.4 Sagitta
Viacheslav closed T3934: Openconnect VPN broken: ocserv-worker general protection fault on client connect as Resolved.

Fixed VyOS 1.3-beta-202111150443

Nov 15 2021, 7:56 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used.

Duplicate T1292

Nov 15 2021, 5:55 AM · VyOS 1.3 Equuleus

Nov 14 2021

syncer reassigned T3946: Automatically resize the root partition if the drive has extra space from syncer to dmbaturin.
Nov 14 2021, 10:27 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
c-po closed T3974: route-map commit fails if interface does not exist as Resolved.
Nov 14 2021, 7:26 PM · VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus (1.3.0)

Nov 13 2021

marc_s created T3990: WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot).
Nov 13 2021, 1:17 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0-epa3)
n.fort created T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used.
Nov 13 2021, 11:27 AM · VyOS 1.3 Equuleus
NikolayP renamed T3988: Feature Request: IPsec Multiple local/remote prefix for the tunnel from Feature Request: IPsec Multiple local prefix for the tunnel to Feature Request: IPsec Multiple local/remote prefix for the tunnel.
Nov 13 2021, 6:33 AM · VyOS 1.3 Equuleus (1.3.0-epa3)
NikolayP created T3988: Feature Request: IPsec Multiple local/remote prefix for the tunnel.
Nov 13 2021, 6:27 AM · VyOS 1.3 Equuleus (1.3.0-epa3)

Nov 12 2021

RyVolodya created T3987: An error occurs after stopping snmpd in frr.
Nov 12 2021, 10:38 PM · VyOS 1.4 Sagitta, VyOS 1.2 Crux, VyOS 1.3 Equuleus
jestabro added a comment to T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception.

This brings up an interesting issue: validate_value.ml could easily be modified to print warnings, while maintaining T2759 (namely, only print fatal errors if _all_ validators fail for a given setting), however, is this reasonable behaviour ? One would think that a 'validator' is either pass or fail, and if it is just giving a warning, it is no longer a validator.

Nov 12 2021, 7:20 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
jestabro claimed T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception.

I will take a look; thanks for the report !

Nov 12 2021, 4:12 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
Viacheslav added a comment to T3983: show pki certificate Doesnt show x509 certificates.

Note, the host was upgraded from 1.2.8

Nov 12 2021, 12:30 PM · VyOS 1.4 Sagitta
unity added a comment to T3946: Automatically resize the root partition if the drive has extra space.

PRs 1069 and 1070 will be merged

Nov 12 2021, 10:04 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
afics added a comment to T2251: VRF communication breaks when utilizing zone-based firewalling.

Adding set zone-policy zone SERVER interface SERVER to the presented test case should solve the issue. This is because the traffic needs to pass both eth1 and its associated VRF "master" interface, in this case TEST.

Nov 12 2021, 9:19 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
unity changed the status of T3946: Automatically resize the root partition if the drive has extra space from Open to In progress.
Nov 12 2021, 8:34 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav added a comment to T3986: Incorrect description for vpn ipsec site-to-site authentication and connection.

PR https://github.com/vyos/vyos-1x/pull/1071

Nov 12 2021, 8:28 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T3986: Incorrect description for vpn ipsec site-to-site authentication and connection from Open to In progress.
Nov 12 2021, 8:20 AM · VyOS 1.4 Sagitta
ross211 added a comment to T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception.

From what I understand this looks to be due to https://github.com/vyos/vyos-utils/blob/master/src/validate_value.ml catching both stdout and stderr output from the validators and only printing the captured output if the validator exit status is 0 so there isn't a way to print warnings unless it always prints the output or handling for a special 'warning' exit code was added.

Nov 12 2021, 7:19 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Nov 11 2021

Dmitry closed T1058: hw-id is ignored when naming interfaces as Resolved.

This issue should be fixed after these changes https://phabricator.vyos.net/T1970 (udevadm settle)
Tested on EdgeCore SAF51015I with generic ISOs.

Nov 11 2021, 6:42 PM · VyOS 1.3 Equuleus (1.3.0)
Dmitry closed T1349: L2TP remote-access vpn terminated and not showing as connected as Resolved.

Does not possible to reproduce this behavior on 1.3-epa3.

Nov 11 2021, 6:35 PM · VyOS 1.3 Equuleus (1.3.0), test
Viacheslav created T3986: Incorrect description for vpn ipsec site-to-site authentication and connection.
Nov 11 2021, 6:31 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3985: vpn IPSec site-to-site continues to work if certificates are deleted.

Certificates can be wound there:

loaded certificate from '/etc/swanctl/x509/R1.pem'
loaded certificate from '/etc/swanctl/x509ca/CA.pem'
loaded RSA key from '/etc/swanctl/private/x509_R1.pem'
Nov 11 2021, 6:17 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T3985: vpn IPSec site-to-site continues to work if certificates are deleted from Open to Confirmed.
Nov 11 2021, 6:16 PM · VyOS 1.4 Sagitta
Viacheslav created T3985: vpn IPSec site-to-site continues to work if certificates are deleted.
Nov 11 2021, 6:16 PM · VyOS 1.4 Sagitta
UnicronNL changed the status of T1869: Install and Boot from RAID Doesn't Work from Confirmed to On hold.
Nov 11 2021, 2:39 PM · VyOS 1.3 Equuleus (1.3.0)
dmbaturin edited projects for T1759: Replacing Vyatta::Interface perl, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 11 2021, 2:38 PM · VyOS 1.4 Sagitta
erkin changed the status of T1634: Commit fails when changing policy route "set table" and adding the table at the same time, results in config deadlock from Open to In progress.
Nov 11 2021, 2:31 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.2 Crux (VyOS 1.2.9)
UnicronNL merged task T1208: 'install images' fails on removable storage into T1155: VyOS don't install on USB Stick .
Nov 11 2021, 2:29 PM · VyOS 1.3 Equuleus (1.3.0)
UnicronNL merged task T2865: System hangs at boot after mounting config into T1155: VyOS don't install on USB Stick .
Nov 11 2021, 2:29 PM · VyOS 1.3 Equuleus (1.3.0)
UnicronNL merged tasks T2865: System hangs at boot after mounting config, T1208: 'install images' fails on removable storage into T1155: VyOS don't install on USB Stick .
Nov 11 2021, 2:29 PM · VyOS 1.3 Equuleus (1.3.0)
dmbaturin closed T914: Extend list_interfaces.py to support multiple interface types, a subtask of T913: Rewrite dhcprelay service in XML/Python, as Resolved.
Nov 11 2021, 2:24 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc4)
dmbaturin closed T914: Extend list_interfaces.py to support multiple interface types as Resolved.
Nov 11 2021, 2:24 PM · VyOS 1.3 Equuleus (1.3.0)
dmbaturin closed T688: Move component versions used for config migration purposes into vyos-1x as Resolved.
Nov 11 2021, 2:23 PM · VyOS 1.3 Equuleus (1.3.0), test
dmbaturin reassigned T1058: hw-id is ignored when naming interfaces from UnicronNL to Dmitry.
Nov 11 2021, 2:20 PM · VyOS 1.3 Equuleus (1.3.0)
evgbondarenko removed a member for Sentrium: oleksandr.mamenko.
Nov 11 2021, 2:16 PM
evgbondarenko removed a member for Sentrium: Tanya.
Nov 11 2021, 2:15 PM
evgbondarenko added a member for Sentrium: unity.
Nov 11 2021, 2:12 PM
Viacheslav created T3984: Ability to disable all logs.
Nov 11 2021, 1:20 PM · VyOS 1.4 Sagitta
ross211 added a comment to T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception.

This doesn't seem to help, whatever is calling the validator script seems to hide the output unless the exit status is non-zero.

Nov 11 2021, 12:40 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
Viacheslav created T3983: show pki certificate Doesnt show x509 certificates.
Nov 11 2021, 11:03 AM · VyOS 1.4 Sagitta

Nov 10 2021

c-po added a comment to T3981: VRF support for flow-accounting.

https://github.com/pmacct/pmacct/blob/master/QUICKSTART#L603-L621

Nov 10 2021, 7:49 PM · VyOS 1.4 Sagitta
c-po moved T3974: route-map commit fails if interface does not exist from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Nov 10 2021, 7:44 PM · VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus (1.3.0)
c-po moved T3974: route-map commit fails if interface does not exist from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.9) board.
Nov 10 2021, 7:44 PM · VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus (1.3.0)
c-po closed T3982: DHCP server commit fails if static-mapping contains + or . as Resolved.
Nov 10 2021, 6:39 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po renamed T3982: DHCP server commit fails if static-mapping contains + or . from DHCP server commit fails if static-mapping contains + to DHCP server commit fails if static-mapping contains + or ..
Nov 10 2021, 6:26 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po claimed T3982: DHCP server commit fails if static-mapping contains + or ..
Nov 10 2021, 6:20 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po created T3982: DHCP server commit fails if static-mapping contains + or ..
Nov 10 2021, 6:19 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
Viacheslav added a comment to T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception.

Try to restart vyos-configd after changing script file

Nov 10 2021, 3:17 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
anthr76 added a comment to T3979: vyos-hostd unable to hostfile-update.

A simple re-prdoucer is

Nov 10 2021, 3:10 PM · VyOS 1.4 Sagitta
eyesfire2 created T3981: VRF support for flow-accounting.
Nov 10 2021, 2:53 PM · VyOS 1.4 Sagitta
ross211 created T3980: vrrp transition-script validator makes warning fatal and also causes a python NameError exception.
Nov 10 2021, 2:35 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
anthr76 added a comment to T3979: vyos-hostd unable to hostfile-update.

Indeed, this looks like the commit

Nov 10 2021, 12:38 PM · VyOS 1.4 Sagitta
UnicronNL closed T3834: [OPENVPN] Support for Two Factor Authentication totp. as Resolved.
Nov 10 2021, 9:23 AM · VyOS 1.4 Sagitta
UnicronNL closed T3966: OpenVPN fix the smoketests as Resolved.
Nov 10 2021, 9:22 AM · VyOS 1.4 Sagitta
Viacheslav added a project to T3979: vyos-hostd unable to hostfile-update: VyOS 1.4 Sagitta.
Nov 10 2021, 7:31 AM · VyOS 1.4 Sagitta
Viacheslav updated subscribers of T3979: vyos-hostd unable to hostfile-update.

@anastrophe Describe please how to reproduce it?
Can be related to this commit d9b1c3df T2683

Nov 10 2021, 7:30 AM · VyOS 1.4 Sagitta
anthr76 created T3979: vyos-hostd unable to hostfile-update.
Nov 10 2021, 4:15 AM · VyOS 1.4 Sagitta

Nov 9 2021

zsdc changed the status of T3774: atop logs are not limited in size from Confirmed to In progress.

Hardcoded version of the fix for 1.4:
https://github.com/vyos/vyos-1x/pull/1068
https://github.com/vyos/vyos-build/pull/201

Nov 9 2021, 5:02 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
Viacheslav created T3978: containers add network without declaring prefix raise ConfigError.
Nov 9 2021, 4:43 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3934: Openconnect VPN broken: ocserv-worker general protection fault on client connect.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997981

Nov 9 2021, 4:32 PM · VyOS 1.3 Equuleus (1.3.0)
erkin closed T3962: Image cannot be built without open-vm-tools as Resolved.
Nov 9 2021, 2:02 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
dmbaturin reassigned T3962: Image cannot be built without open-vm-tools from dmbaturin to erkin.
Nov 9 2021, 1:46 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
erkin closed T2088: Increased boot time from 1.2.4 -> 1.3 rolling by 100%, a subtask of T1230: Improving Boot Time for Large Firewall Configurations, as Resolved.
Nov 9 2021, 1:35 PM · VyOS 1.3 Equuleus (1.3.0)
erkin closed T2088: Increased boot time from 1.2.4 -> 1.3 rolling by 100% as Resolved.

I did a quick test with 1.3.0-epa3 and this config loads in about 6 minutes in my VM (2 GB memory, 1 core at 1,6 GHz) at boot, some WireGuard config errors notwithstanding. After all the performance improvements, I think we can consider this resolved at this point.

Nov 9 2021, 1:35 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3976: Missing prefix-list and access-list option from ipv6 route-map.

FRR doesn't support it.

Nov 9 2021, 10:27 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0-epa3)
Viacheslav updated subscribers of T3947: Route based IPSec VPN: Child_SA is not establishing when the peer connection-type are initiate/respond combination.
Nov 9 2021, 8:17 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T3947: Route based IPSec VPN: Child_SA is not establishing when the peer connection-type are initiate/respond combination from Open to Confirmed.
Nov 9 2021, 7:48 AM · VyOS 1.4 Sagitta
dmbaturin closed T2136: XML command definition convertor doesn't disallow tag nodes with multi flag on as Resolved.
Nov 9 2021, 5:12 AM · VyOS 1.3 Equuleus (1.3.0)
dmbaturin edited projects for T2081: Support Ethernet over IP (EoIP) , added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 5:09 AM · VyOS 1.4 Sagitta
dmbaturin assigned T1925: DMVPN is always listed as down in "show vpn ipsec sa" to Viacheslav.
Nov 9 2021, 5:06 AM · VyOS 1.3 Equuleus (1.3.0)
dmbaturin removed a project from T1877: Feature Request: Allow NAT to use network and address groups: VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 5:06 AM · VyOS 1.4 Sagitta
dmbaturin assigned T1810: Commit to add new l2tp local user shouldn't disconnect all current l2tp sessions to Dmitry.
Nov 9 2021, 5:05 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
dmbaturin edited projects for T1771: Recover from failed boots/upgrades automatically, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 5:05 AM · VyOS 1.4 Sagitta
dmbaturin renamed T1761: Disallow saving when there are non-committed changes in the session from Bgp instance not found after save/reboot to Disallow saving when there are non-committed changes in the session.
Nov 9 2021, 5:05 AM · VyOS 1.3 Equuleus (1.3.0), test
dmbaturin edited projects for T1748: vbash: beautify tab completion output/line breaks, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 5:01 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T1669: Stacking routers, for centralized management, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 5:01 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T1619: Migrate user home directories on image update, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 5:00 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T1549: ipsec ikev2 multi usergroup roadwarrior configuration, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 5:00 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T1437: First boot configuration support, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:58 AM · VyOS 1.4 Sagitta
dmbaturin closed T1361: VRRP Starts After FRR, Creating Inconsistent Routes - as Resolved.
Nov 9 2021, 4:58 AM · VyOS 1.2 Crux (VyOS 1.2.4)
dmbaturin edited projects for T990: Make DNAT/SNAT a valid state in firewall rules. , added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:54 AM · VyOS 1.4 Sagitta, test
dmbaturin edited projects for T1000: Broken 6rd tunnel implementation, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:54 AM · VyOS 1.4 Sagitta, test
dmbaturin edited projects for T985: Migrated clustering from heartbeat to corosync+pacemaker, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:54 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T788: Nightly builds are not signed, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:50 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T579: Better DHCPv6 relay-agent desired, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:50 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T486: Static IPv6 default route via OSPFv3-learned loopback is not activated, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:50 AM · VyOS 1.4 Sagitta, test
dmbaturin removed a project from T139: Commit archive backends: VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:49 AM · VyOS 1.4 Sagitta
dmbaturin edited projects for T94: commit archive to AWS S3 , added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.0).
Nov 9 2021, 4:48 AM · VyOS 1.4 Sagitta

Nov 8 2021

olofl added a comment to T3977: dhcp-relay-agent uses "physical" IP instead of vrrp IP.

Just want to know, did you try rfc3768-compatibility?

It probably works that way.
Unfortunately that breaks other parts of our setup.

Nov 8 2021, 6:02 PM · VyOS 1.3 Equuleus
c-po added a comment to T3913: VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2.

Duplicate T3655

Nov 8 2021, 6:01 PM · VyOS 1.3 Equuleus (1.3.0)
danhusan added a comment to T3913: VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2.

Tested against 1.3.0-EPA3, same problem.

Nov 8 2021, 5:46 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav added a comment to T3977: dhcp-relay-agent uses "physical" IP instead of vrrp IP.

I don't see any option like "source address"
https://manpages.debian.org/testing/isc-dhcp-relay/dhcrelay.8.en.html

Nov 8 2021, 4:15 PM · VyOS 1.3 Equuleus
olofl updated the task description for T3977: dhcp-relay-agent uses "physical" IP instead of vrrp IP.
Nov 8 2021, 3:27 PM · VyOS 1.3 Equuleus
olofl created T3977: dhcp-relay-agent uses "physical" IP instead of vrrp IP.
Nov 8 2021, 3:20 PM · VyOS 1.3 Equuleus
Viacheslav changed the subtype of T3976: Missing prefix-list and access-list option from ipv6 route-map from "Task" to "Feature Request".
Nov 8 2021, 9:24 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0-epa3)