Pull request: https://github.com/vyos/vyos-1x/pull/1010
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 19 2021
Sep 19 2021
c-po added a project to T3841: dhcp-server: add ping-check option to CLI: VyOS 1.3 Equuleus (1.3.0-epa1).
c-po changed the status of T3841: dhcp-server: add ping-check option to CLI from Open to In progress.
c-po changed the status of T3672: DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output from Open to In progress.
c-po moved T3736: openvpn-option keeps and adds double dashes ''--" from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3740: HTTPs API breaks when the address is IPv6 from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3746: Inform users logging into the system about a pending reboot from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3743: l2tp doesn't work after reboot if outside-address not 0.0.0.0 from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3747: Container Network Naming Bug from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3756: VyOS generates invalid QR code for wireguard clients from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3568: Add XML for firewall conf-mode from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3606: SNMP unknown notification OID from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3636: SSTP / L2TP ipv6 support broken from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3641: Upgrade base system from Debian Buster -> Debian Bullseye from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T1210: About IKEv2 IPSec VPN remote access from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3814: wireguard: commit error showing incorrect peer name from the configured name from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3745: op-mode IPSec show vpn ipse sa sorting from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3773: Delete the "show system integrity" command (to prepare for a re-implementation) from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3757: OSPF: add support to configure the area at an interface level from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3772: VRRP virtual interfaces are not shown in show interfaces from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3776: Rename FRR daemon restart op-mode commands from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3775: Typo in generated Strongswan VPN-config from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3787: Remove deprecated UDP fragmentation offloading option from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3090: Move 'adjust-mss' firewall options to the interface section. from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3739: policy: route-map: add EVPN match support from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3782: Ingress Shaping with IFB No Longer Functional with 1.3 from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3764: Unconfigurable IKE and ESP lifetime from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3765: container: additional op-mode commands from Backlog to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3752: generate pki certificate file xxx doesn't touch file from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3759: [L3VPN] VPNv4/VPNv6 add commands from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3798: bgp: add support for "neighbor <X> local-as replace-as" option from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3789: Add custom validator for base64 encoded CLI data from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3794: MACsec interfaces in down state after create from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3797: show interface errors with vrrp configuration from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3804: cli: Migrate and merge "system name-servers-dhcp" into "system name-server" from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3809: Not possible to add existing ca? from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3812: Vyos and frr route-map config out of sync from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3275: Disable conntrack helpers by default from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3815: pki : the file command 'generate pki wireguard key-pair file' is not working from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3802: Commit fails if ethernet interface doesn't support flow control from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T2947: Nat translation many-many with prefix does not map 1-1. from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0 from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3838: dhcp-server - sync cli for name-servers to other subsystems from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3840: dns forwarding: Cache size should allow values > 10k from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3840: dns forwarding: Cache size should allow values > 10k from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3837: OpenConnect: Fix typo in help property from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
c-po moved T3840: dns forwarding: Cache size should allow values > 10k from Need Triage to 1.3.0-epa1 on the VyOS 1.3 Equuleus board.
c-po moved T3837: OpenConnect: Fix typo in help property from Need Triage to 1.3.0-epa1 on the VyOS 1.3 Equuleus board.
lucasec changed Difficulty level from unknown to easy on T3840: dns forwarding: Cache size should allow values > 10k.
Sep 18 2021
Sep 18 2021
I'm clearly missing something. I cannot make the configuration as shown by @c-po. If I try to add a 2nd static route, it replaces the first.
c-po updated the task description for T3838: dhcp-server - sync cli for name-servers to other subsystems.
c-po changed the status of T3838: dhcp-server - sync cli for name-servers to other subsystems from Open to Confirmed.
The following CLI
[email protected]# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 194.145.150.0/24 { next-hop 1.1.1.1 } static-route 194.145.151.0/24 { router 1.1.1.1 } } }
c-po changed the status of T1968: Allow multiple static routes in dhcp-server from Open to In progress.
c-po added a comment to T2738: Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization.
Enabling debugging gives me:
edofullin added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.
Are there updates on this issue?
c-po added a comment to T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Related/Duplicate issue of T3680
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy added a comment to T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
It's worth adding the no-default-route to the dhcp-options and adding a line like
kroy renamed T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway from Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 gateway to Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy renamed T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway from Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 route to Setting a default IPv6 route while getting IPv4 route via DHCP removes the IPv4 gateway.
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy updated the task description for T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
kroy changed Version from 1.4-rolling- to 1.4-rolling-202109160207 on T3836: Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway.
Sep 17 2021
Sep 17 2021
c-po added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.
Thank you for testing!
UnicronNL changed the status of T3834: [OPENVPN] Support for Two Factor Authentication totp. from Open to In progress.
Something about commands is meddling with strip-private. I'm looking into it.
Now this is quite strange....
$ echo '2001:1578:2fe:fffd::/64' | strip-private xxxx:xxxx:2fe:fffd::/64
erkin changed the status of T3823: strip-private does not filter public IPv6 addresses from Open to In progress.
lucasec added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.
Tested on latest build VyOS 1.4-rolling-202109160217 and confirmed it is adding the remote id attribute by default as expected. Connections establish without issue.
Sep 16 2021
Sep 16 2021
Curl checks come back with:
root@vyos:/tmp# curl 169.254.169.254/latest/meta-data ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname instance-action instance-id instance-type local-hostname local-ipv4 placement/ public-hostname public-ipv4 public-keys/ reservation-id security-groups
sempervictus renamed T3833: Cloud-init not finding data source in OpenStack from Cloud-init not inding data source in OpenStack to Cloud-init not finding data source in OpenStack.
Viacheslav changed the status of T3831: External traffic stops routing when IPSEC tunnel comes up with interface vti0 from Open to Confirmed.
xfrm if_id should not be 0
Sep 15 2021
Sep 15 2021
c-po changed the status of T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified from Open to Needs testing.
c-po added a comment to T3830: ipsec: remote-id no longer included in IKE AUTH if not explicitly specified.
From https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection (1.3 behavior)