- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Sep 15 2022
PR adding libpam-google-authenticator package to VyOS:
https://github.com/vyos/vyos-1x/pull/1541
It seems that we have two constraints here.
Made a fix and now we have:
Let me see if I can fix it.
Doing further testing, it seems adding the explicit-null broke the configuration:
Good news. It seems the patch worked properly. Here we show MPLS labels generated via segment routing for the prefix command:
Sep 14 2022
As I mentioned above, use it before the configuration, it described in the doc
#!/bin/vbash
Interesting article on how and when to match ipsec options: https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions
There is PR https://github.com/vyos/vyos-1x/pull/1516 for T4667 but it brakes all GRE traffic
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1539
Hi all,
Do you have a proposed cli format?
Added a pull request for this fix.
Nope, i use CLI for configuration and script for vrrp (wireguard interface enable/disable)
Sep 13 2022
Fix for 1.3 https://github.com/vyos/vyos-build/pull/261
This is also an issue on the 1.3.x builds due to a similar issue. See https://github.com/jordansissel/fpm/issues/1923
It should be possible in https://github.com/vyos/vyos-1x/pull/1534 T2199
set firewall interface ethXvX
It seems you use some custom scripts for configuration
You have to use
if [ "$(id -g -n)" != 'vyattacfg' ] ; then exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@" fi
before your configuration script
Sep 12 2022
Refactor PR: https://github.com/vyos/vyos-1x/pull/1534
PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534
Should be fixed in https://github.com/vyos/vyatta-cfg-firewall/pull/34
Already renamed:
Sep 11 2022
Sep 10 2022
In T1185#133944, @sdev wrote:A similar syntax change is in progress as part of a larger firewall refactor. It should reach the 1.4 branch in a week or so. It should allow for any valid existing interface name.
In T1185#133941, @roedie wrote:Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
set firewall local interface eth0 name <firewall-filter> set firewall in interface eth0 name <firewall-filter> set firewall out interface eth0 name <firewall-filter> set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.
Or, come to think, some free from of set interfaces unknown <typeyourownname> firewall local name <ruleset> where you can only config stuff that doesn't really depend on an interface.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
First we need to include the "google-authenticator" in our build
Sep 9 2022
/usr/libexec/vyos/op_mode/route.py already exists but without an execution flag
PR https://github.com/vyos/vyos-1x/pull/1531
I am suggesting marking this task as "Resolved" because the driver works by himself and NIC can be used with a proper configuration.
The real check without IPv4 local/remote:
vyos@r14# commit [ interfaces openvpn vtun2 ]