Page MenuHomeVyOS Platform
Feed All Stories

Wed, May 4

Viacheslav added a comment to T4362: Wan Load Balancing - Can't create routing tables.

With such configuration all works fine:

set load-balancing wan interface-health eth4 failure-count '5'
set load-balancing wan interface-health eth4 nexthop 'dhcp'
set load-balancing wan interface-health eth4 success-count '1'
set load-balancing wan interface-health eth4 test 10 target '192.0.2.40'
set load-balancing wan interface-health eth5 failure-count '5'
set load-balancing wan interface-health eth5 nexthop 'dhcp'
set load-balancing wan interface-health eth5 success-count '1'
set load-balancing wan interface-health eth5 test 10 target '192.0.2.50'
set load-balancing wan interface-health eth6 failure-count '5'
set load-balancing wan interface-health eth6 nexthop 'dhcp'
set load-balancing wan interface-health eth6 success-count '1'
set load-balancing wan interface-health eth6 test 10 target '192.0.2.60'
set load-balancing wan rule 10 failover
set load-balancing wan rule 10 inbound-interface 'eth7'
set load-balancing wan rule 10 interface eth4
set load-balancing wan rule 10 interface eth5
set load-balancing wan rule 10 interface eth6
set load-balancing wan rule 10 protocol 'all'
set load-balancing wan sticky-connections
Wed, May 4, 10:35 AM · VyOS 1.4 Sagitta
aserkin created T4409: route received via Framed-Route radius attribute is installed into default table when terminating connection to VRF.
Wed, May 4, 7:56 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4408: Add sshguard to protect against brut-forces.

Configuration

# cat /etc/sshguard/sshguard.conf 
#### REQUIRED CONFIGURATION ####
# Full path to backend executable (required, no default)
BACKEND="/usr/lib/x86_64-linux-gnu/sshg-fw-nft-sets"
Wed, May 4, 3:19 AM · VyOS 1.4 Sagitta
Viacheslav created T4408: Add sshguard to protect against brut-forces.
Wed, May 4, 3:06 AM · VyOS 1.4 Sagitta

Tue, May 3

blackhole added a comment to T4362: Wan Load Balancing - Can't create routing tables.

If it helps, I am also getting the exact same errors and problems, would love to see this working please

Tue, May 3, 11:57 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4380: Feature Request: ocserv: 2FA OTP key generator in VyOS CLI from In progress to Needs testing.
Tue, May 3, 7:36 PM · VyOS 1.4 Sagitta
zsdc changed the status of T4407: Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3 from Open to Needs testing.

Resolved in https://github.com/vyos/vyos-cloud-init/pull/54

Tue, May 3, 3:55 PM · VyOS 1.3 Equuleus
zsdc created T4407: Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3.
Tue, May 3, 3:45 PM · VyOS 1.3 Equuleus
dmbaturin created T4406: Make an API endpoint for for anonymous host info retrieval (e.g. by a login page).
Tue, May 3, 2:39 PM · VyOS 1.4 Sagitta
dtoux added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.

Also, these routes getting an administrative distance of 1, which is impossible to override. I believe the default route from DHCP normally has 210 which is manageable. So, the quick workaround could be increasing distance of these routes.

Tue, May 3, 2:28 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
dtoux added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
r24:/home/dtoubelis# cat /var/lib/dhcp/dhclient_eth4.leases
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 12:42:00;
  rebind 2 2022/05/03 12:44:26;
  expire 2 2022/05/03 12:45:04;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 12:46:34;
  rebind 2 2022/05/03 12:48:50;
  expire 2 2022/05/03 12:49:28;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 12:51:33;
  rebind 2 2022/05/03 12:53:25;
  expire 2 2022/05/03 12:54:03;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 12:55:54;
  rebind 2 2022/05/03 12:57:57;
  expire 2 2022/05/03 12:58:35;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:00:07;
  rebind 2 2022/05/03 13:02:22;
  expire 2 2022/05/03 13:03:00;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:04:27;
  rebind 2 2022/05/03 13:06:50;
  expire 2 2022/05/03 13:07:28;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:09:19;
  rebind 2 2022/05/03 13:11:14;
  expire 2 2022/05/03 13:11:52;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:13:28;
  rebind 2 2022/05/03 13:15:39;
  expire 2 2022/05/03 13:16:17;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:17:51;
  rebind 2 2022/05/03 13:20:11;
  expire 2 2022/05/03 13:20:49;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:22:48;
  rebind 2 2022/05/03 13:24:51;
  expire 2 2022/05/03 13:25:29;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:27:07;
  rebind 2 2022/05/03 13:29:16;
  expire 2 2022/05/03 13:29:54;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:31:27;
  rebind 2 2022/05/03 13:33:46;
  expire 2 2022/05/03 13:34:24;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:36:05;
  rebind 2 2022/05/03 13:38:15;
  expire 2 2022/05/03 13:38:53;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:40:41;
  rebind 2 2022/05/03 13:42:41;
  expire 2 2022/05/03 13:43:19;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:44:56;
  rebind 2 2022/05/03 13:47:04;
  expire 2 2022/05/03 13:47:42;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:49:31;
  rebind 2 2022/05/03 13:51:41;
  expire 2 2022/05/03 13:52:19;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:53:53;
  rebind 2 2022/05/03 13:56:15;
  expire 2 2022/05/03 13:56:53;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 13:58:37;
  rebind 2 2022/05/03 14:00:41;
  expire 2 2022/05/03 14:01:19;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 14:02:52;
  rebind 2 2022/05/03 14:05:10;
  expire 2 2022/05/03 14:05:48;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 14:07:40;
  rebind 2 2022/05/03 14:09:34;
  expire 2 2022/05/03 14:10:12;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 14:12:06;
  rebind 2 2022/05/03 14:14:07;
  expire 2 2022/05/03 14:14:45;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 14:16:23;
  rebind 2 2022/05/03 14:18:33;
  expire 2 2022/05/03 14:19:11;
}
lease {
  interface "eth4";
  fixed-address 100.123.57.53;
  option subnet-mask 255.192.0.0;
  option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
  option dhcp-lease-time 300;
  option routers 100.64.0.1;
  option dhcp-message-type 5;
  option domain-name-servers 1.1.1.1,8.8.8.8;
  option dhcp-server-identifier 100.64.0.1;
  option interface-mtu 1500;
  option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
  renew 2 2022/05/03 14:20:50;
  rebind 2 2022/05/03 14:23:10;
  expire 2 2022/05/03 14:23:48;
}
Tue, May 3, 2:22 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T4315: Telegraf - Output to prometheus.

Prometheus server pulls information correctly

Tue, May 3, 9:58 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav closed T4395: Extend show vpn debug as Resolved.
Tue, May 3, 7:20 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.

Could you also provide cat /var/lib/dhcp/dhclient_eth4.leases ?
no-default-route ignore just option routers and don't touch other options like classless-static-routes

Tue, May 3, 7:08 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
dtoux added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.

I'm attaching a packet capture for DHCP exchange -

Tue, May 3, 4:44 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
dtoux created T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
Tue, May 3, 4:16 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav changed the status of T4404: Container is not deleted from Open to Needs testing.
Tue, May 3, 1:10 AM · VyOS 1.4 Sagitta
Viacheslav created T4404: Container is not deleted.
Tue, May 3, 12:14 AM · VyOS 1.4 Sagitta

Mon, May 2

Viacheslav added a comment to T4315: Telegraf - Output to prometheus.

PR
https://github.com/vyos/vyos-1x/pull/1310

Mon, May 2, 7:40 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po added a comment to T4385: bgp: peer-group member cannot override remote-as of peer-group.

We also need to verify remote-as in v6only or interface definitions:

Mon, May 2, 6:20 PM · VyOS 1.4 Sagitta
c-po reopened T4385: bgp: peer-group member cannot override remote-as of peer-group as "In progress".
Mon, May 2, 6:19 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4315: Telegraf - Output to prometheus from Open to In progress.
Mon, May 2, 12:51 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
wornet-mwo added a comment to T4403: Charon hangs at 100% CPU when many routes are present.

Done some further research about rt_netlink and charon relationship. As described in the docs of Strongswan the option charon.process_route = no helps and is a good workaround if the destination is always reachable over a known specific interface (i think it can be an issue if wan load-balancing etc. is used).

Mon, May 2, 12:23 PM · vyos-strongswan
wornet-mwo created T4403: Charon hangs at 100% CPU when many routes are present.
Mon, May 2, 10:25 AM · vyos-strongswan
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.

There was some effort to introduce profiling into the system before, but nothing was developed.
The ticket was opened to verify that the timing values displayed in /var/log/vyatta are correct.
The vyos-debug flag enables tracing for actions described in the templates.
This will be a step-by-step walkthrough of the system profiling, as I have found this to have a bunch of non-obvious technical nuances that might get you stuck.

Mon, May 2, 8:55 AM · vyatta-cfg

Sun, May 1

c-po closed T4353: Add Jinja2 linter to vyos-1x build process as Resolved.
Sun, May 1, 7:12 PM · VyOS 1.4 Sagitta
c-po closed T4363: salt-minion: default mine_interval option is not set as Resolved.
Sun, May 1, 7:11 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.2)
c-po moved T4363: salt-minion: default mine_interval option is not set from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Sun, May 1, 7:11 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.2)
dmbaturin renamed T4402: OpenVPN client-ip-pool option is broken from OpenVPN ifconfig-pool option is broken to OpenVPN client-ip-pool option is broken.
Sun, May 1, 12:13 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
dmbaturin created T4402: OpenVPN client-ip-pool option is broken.
Sun, May 1, 11:56 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
c-po closed T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node as Resolved.
Sun, May 1, 6:20 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po moved T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Sun, May 1, 6:20 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po moved T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Sun, May 1, 6:20 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta

Sat, Apr 30

zsdc created T4401: Networking needs to be reset during config boot (in some environments).
Sat, Apr 30, 7:04 PM · VyOS 1.4 Sagitta

Fri, Apr 29

c-po added a project to T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node: VyOS 1.3 Equuleus (1.3.2).
Fri, Apr 29, 6:07 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po closed T4366: geneve: interface is removed on changes to e.g. description as Resolved.
Fri, Apr 29, 6:02 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.2)
c-po moved T4366: geneve: interface is removed on changes to e.g. description from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Fri, Apr 29, 6:01 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.2)
c-po closed T4388: dhcp-server: missing constraint on tftp-server-name option as Resolved.
Fri, Apr 29, 6:01 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po moved T4388: dhcp-server: missing constraint on tftp-server-name option from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Fri, Apr 29, 6:01 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
n.fort reassigned T4377: generate tech-support archive includes previous archives from n.fort to m.korobeinikov.
Fri, Apr 29, 10:31 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
n.fort claimed T4377: generate tech-support archive includes previous archives.
Fri, Apr 29, 10:19 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
m.korobeinikov added a comment to T4377: generate tech-support archive includes previous archives.

https://github.com/vyos/vyatta-op/pull/53

Fri, Apr 29, 3:23 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Thu, Apr 28

fernando added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.

I've tried with a new spoke and I can't seem to register using `reload-or-restart', although it resolved the lost connectivity issues the opennhrp process needs a full restart. however, if you restart opennhrp daemon it causes different issues and usually the spoke loses connection.

## hub
Thu, Apr 28, 8:57 PM · VyOS 1.4 Sagitta
fernando changed the status of T4399: nhrp - add or delete nhrp tunnel restart opennhrp process from Open to Needs testing.
Thu, Apr 28, 11:51 AM · VyOS 1.4 Sagitta
Viacheslav moved T4400: Container OP mode has delete where show and update should be from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Thu, Apr 28, 9:21 AM · VyOS 1.4 Sagitta
Viacheslav closed T4400: Container OP mode has delete where show and update should be as Resolved.
Thu, Apr 28, 9:21 AM · VyOS 1.4 Sagitta
billsimon added a comment to T4357: Allow free-form setting of DHCPv6 server options.

Thank you, team, for such a quick response to my request. I have not even had the chance to test it yet but trust that this will work perfectly. Again, many thanks!

Thu, Apr 28, 2:26 AM · VyOS 1.4 Sagitta

Wed, Apr 27

fernando added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.

PR: https://github.com/vyos/vyos-1x/pull/1306

Wed, Apr 27, 9:11 PM · VyOS 1.4 Sagitta
fernando claimed T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.
Wed, Apr 27, 8:30 PM · VyOS 1.4 Sagitta
fernando added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.

I did this change as you mentioned and it worked, , example:

Wed, Apr 27, 8:29 PM · VyOS 1.4 Sagitta
c-po closed T4357: Allow free-form setting of DHCPv6 server options as Resolved.
Wed, Apr 27, 7:52 PM · VyOS 1.4 Sagitta
c-po closed T4398: IPSec site-to-site generates unexpected passthrough option as Resolved.
Wed, Apr 27, 7:52 PM · VyOS 1.4 Sagitta
c-po closed T4397: arp: migrate static ARP entry configuration to get_config_dict() and make it VRF aware as Resolved.
Wed, Apr 27, 7:52 PM · VyOS 1.4 Sagitta
c-po moved T4397: arp: migrate static ARP entry configuration to get_config_dict() and make it VRF aware from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Wed, Apr 27, 7:52 PM · VyOS 1.4 Sagitta
c-po renamed T3318: Update Linux Kernel to v5.4.191 / 5.10.113 from Update Linux Kernel to v5.4.188 / 5.10.111 to Update Linux Kernel to v5.4.191 / 5.10.113.
Wed, Apr 27, 7:51 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
scj643 added a comment to T4400: Container OP mode has delete where show and update should be.

PR https://github.com/vyos/vyos-1x/pull/1305

Wed, Apr 27, 5:48 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4113: Incorrect GRUB configuration parsing.

@RyVolodya could you recheck it?

Wed, Apr 27, 5:46 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)
scj643 triaged T4400: Container OP mode has delete where show and update should be as Low priority.
Wed, Apr 27, 5:20 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.

Try to replace option restart to reload-or-restart and re-configure from scratch, it may help.
https://github.com/vyos/vyos-1x/blob/363ecfa46cdb8402ea71637717863f01b09f428b/src/conf_mode/protocols_nhrp.py#L107

Wed, Apr 27, 12:48 PM · VyOS 1.4 Sagitta
fernando added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.

Hub basic setting :

Wed, Apr 27, 12:41 PM · VyOS 1.4 Sagitta
fernando added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.

Yes ,you need to reload the services and it works , here's an basic example with the current configuration :

Wed, Apr 27, 12:38 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T2498: Expected error when deleting vif that has dhcp-server configured.

It is not only for dhcp, any service can be affected to this
There are no many check when we remove interface

Wed, Apr 27, 11:54 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)
SrividyaA claimed T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command.
Wed, Apr 27, 10:50 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.

@fernando Does it work if you "reload" configuration?

Wed, Apr 27, 10:17 AM · VyOS 1.4 Sagitta

Tue, Apr 26

fernando created T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.
Tue, Apr 26, 9:31 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4398: IPSec site-to-site generates unexpected passthrough option.

Works as expected

Tue, Apr 26, 1:44 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4395: Extend show vpn debug .

PR for 1.3
https://github.com/vyos/vyatta-op-vpn/pull/33
https://github.com/vyos/vyos-1x/pull/1303

Tue, Apr 26, 1:03 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
jestabro claimed T4396: HTTP API no response after several days restarted.
Tue, Apr 26, 11:26 AM · VyOS 1.3 Equuleus ( 1.3.1)
jestabro closed T4235: Add config tree diff algorithm as Resolved.
Tue, Apr 26, 11:23 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
Viacheslav added a comment to T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups.

@pyaskowski try zone-policy firewall

Tue, Apr 26, 10:31 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav moved T4395: Extend show vpn debug from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Tue, Apr 26, 10:00 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a project to T4395: Extend show vpn debug : VyOS 1.3 Equuleus (1.3.2).
Tue, Apr 26, 10:00 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav closed T4210: NAT source/destination negated ports throws an error as Resolved.

Fixed VyOS 1.4-rolling-202204260601

set nat source rule 10 destination port '!22,telnet,http,123,1001-1005'

nft:

oifname "eth4" tcp dport != { 22-23, 80, 123, 1001-1005 } counter packets 0 bytes 0 masquerade comment "SRC-NAT-10"
Tue, Apr 26, 9:53 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4210: NAT source/destination negated ports throws an error.

VyOS 1.3.1-S1 is not affected:

table ip nat {
	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
		counter packets 1 bytes 112 jump VYATTA_PRE_DNAT_HOOK
	}
Tue, Apr 26, 7:13 AM · VyOS 1.4 Sagitta
Viacheslav removed a project from T4210: NAT source/destination negated ports throws an error: VyOS 1.3 Equuleus.
Tue, Apr 26, 7:11 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4210: NAT source/destination negated ports throws an error from In progress to Needs testing.
Tue, Apr 26, 6:22 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4156: Adding DHCP Option 13 (bootfile-size) from Open to Needs testing.
Tue, Apr 26, 1:17 AM · VyOS 1.4 Sagitta
Viacheslav added a project to T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command: VyOS 1.4 Sagitta.
Tue, Apr 26, 1:07 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus ( 1.3.1)

Mon, Apr 25

Viacheslav added a comment to T4398: IPSec site-to-site generates unexpected passthrough option.

PR https://github.com/vyos/vyos-1x/pull/1302

Mon, Apr 25, 9:18 PM · VyOS 1.4 Sagitta
c-po claimed T4398: IPSec site-to-site generates unexpected passthrough option.
Mon, Apr 25, 7:17 PM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4398: IPSec site-to-site generates unexpected passthrough option.
Mon, Apr 25, 7:12 PM · VyOS 1.4 Sagitta
Viacheslav created T4398: IPSec site-to-site generates unexpected passthrough option.
Mon, Apr 25, 7:11 PM · VyOS 1.4 Sagitta
c-po closed T4390: op-mode: extend "show log" and "monitor log" with additional daemons/subsystems to read journalctl logs as Resolved.
Mon, Apr 25, 6:39 PM · VyOS 1.4 Sagitta
c-po closed T4391: PPPoE: IPv6 not working after system boot as Resolved.
Mon, Apr 25, 6:39 PM · VyOS 1.4 Sagitta
c-po updated the task description for T4397: arp: migrate static ARP entry configuration to get_config_dict() and make it VRF aware.
Mon, Apr 25, 5:25 PM · VyOS 1.4 Sagitta
c-po changed the status of T4397: arp: migrate static ARP entry configuration to get_config_dict() and make it VRF aware from Open to In progress.
Mon, Apr 25, 5:17 PM · VyOS 1.4 Sagitta
c-po created T4397: arp: migrate static ARP entry configuration to get_config_dict() and make it VRF aware.
Mon, Apr 25, 5:17 PM · VyOS 1.4 Sagitta
pyaskowski added a comment to T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups.

Has there been any movement on this? I've been following for a while since I've noticed the behavior myself and am hoping it can be resolved at some point.

Mon, Apr 25, 4:51 PM · VyOS 1.3 Equuleus (1.3.0)
dongjunbo created T4396: HTTP API no response after several days restarted.
Mon, Apr 25, 4:05 PM · VyOS 1.3 Equuleus ( 1.3.1)
v.huti claimed T4394: Improve VYOS_DEBUG profiling support.
Mon, Apr 25, 2:45 PM · vyatta-cfg
Viacheslav added a comment to T4236: Generate ovpn openvpn client configuration files.

PR https://github.com/vyos/vyos-1x/pull/1301

Mon, Apr 25, 1:30 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4210: NAT source/destination negated ports throws an error.

PR https://github.com/vyos/vyos-1x/pull/1300

Mon, Apr 25, 11:53 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4210: NAT source/destination negated ports throws an error from Open to In progress.
Mon, Apr 25, 11:22 AM · VyOS 1.4 Sagitta
Viacheslav claimed T4210: NAT source/destination negated ports throws an error.
Mon, Apr 25, 11:22 AM · VyOS 1.4 Sagitta
zsdc added a member for Maintainers: v.huti.
Mon, Apr 25, 10:33 AM
Viacheslav added a comment to T4392: Multiline login banner text reports error on commit.

Working fine in VyOS 1.4-rolling-202204250217

Mon, Apr 25, 10:19 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4395: Extend show vpn debug .

PR https://github.com/vyos/vyos-1x/pull/1299

Mon, Apr 25, 9:31 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav changed the status of T4395: Extend show vpn debug from Open to In progress.
Mon, Apr 25, 9:00 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav created T4395: Extend show vpn debug .
Mon, Apr 25, 8:41 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
v.huti updated the task description for T4394: Improve VYOS_DEBUG profiling support.
Mon, Apr 25, 6:50 AM · vyatta-cfg