This might confuse the users as now there is sensitive information again, but a different one.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jul 18 2022
Confirmed to work correctly on version VyOS 1.4-rolling-202207180802.
As I know we have not access by level for now, maybe we should keep shell:priv-lvl=15 by default?
Duplicate T3871
In T4533#126578, @Viacheslav wrote:It is operator level, that shouldn’t have permission for configurations. Only basic diagnostics (op-mode)
This seems to be more inconsistent than it has been before.
It works fine with my environment. With the new image too:
VyOS 1.4-rolling-202207160217
It is operator level, that shouldn’t have permission for configurations. Only basic diagnostics (op-mode)
can you please share your configuration? Using Microsoft NPS as RADIUS backend with this configuration I can not reproduce the issue.
Jul 17 2022
Jul 16 2022
Although this task is closed, I'd like to mention that after this change we are now defining rulesets with "policy route6" and binding them to interfaces with "interfaces ... policy ipv6-route". This seems to be more inconsistent than it has been before. Besides, although such changes are handled in a migration script for static configurations, they break automation scripts and require version specific fixes.
In T3435#115394, @n.fort wrote:Error still present on VyOS 1.4-rolling-202201020317
vyos@vyos:~$ show nat source rules Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_nat_rules.py", line 114, in <module> print(format_nat_rule.format(rule, srcdests[0], tran_addr, interface)) IndexError: list index out of range Rule Source Translation Outbound Interface ---- ------ ----------- ------------------ vyos@vyos:~$ show ver Version: VyOS 1.4-rolling-202201020317 Release train: sagittaNat config in this example:
vyos@vyos:~$ show config comm | grep nat set nat source rule 10 description 'Masquerade to NAT' set nat source rule 10 outbound-interface 'eth0' set nat source rule 10 translation address 'masquerade'
@Viacheslav
Yes, the output of show ip route and sudo ip route are after a reboot.
Jul 15 2022
@a.apostoliuk Could you specify how to reproduce this bug?
Some CLI config examples and/or some pings that indicate the issue.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1416
I tested 1.4-rolling-202207111030 and this seems to be resolved, including showing peers in the help.
Fix smoketest for 1.3 https://github.com/vyos/vyos-1x/pull/1415
PR for 1.4 https://github.com/vyos/vyos-1x/pull/1414
Requires update smoketests
@diekos Is it working after reboot?
Jul 14 2022
Just tested this on VyOS 1.4-rolling-202207111030, with the following commands:
It is different shells in 1.4 and 1.3 for this user config
In 1.3 it seems correct:
vyosuser@r1# echo $SHELL /sbin/radius_shell [edit] vyosuser@r1#
I propose a patch to fix this issue:
Demo QPPB implementation supporting bgp-policy destination mode:
Similar problem in the latest rolling releases (vyos-1.4-rolling-202207111030). Traffic policy (limiter) not set in live configuration.
Jul 13 2022
If I want to use also x.pool.ntp.org how should I use it if it will migrate anything from x.pool.ntp.org?
The similar issue and for the 1.3.1-S1
vyos@vyos# run show version