Page MenuHomeVyOS Platform
Feed All Stories

Jan 15 2022

Unknown Object (User) closed T4150: VRRP with conntrack-sync does not work as Resolved.

Re-tested in VyOS 1.4-rolling-202201140317
Now it works, thank you!

Jan 15 2022, 12:45 AM · VyOS 1.4 Sagitta

Jan 14 2022

fernando renamed T4185: [VPN-IPSEC] not boot config after reboot from [VPN-IPSEC] no boot config after reboot to [VPN-IPSEC] not boot config after reboot.
Jan 14 2022, 9:50 PM · VyOS 1.3 Equuleus (1.3.6)
fernando created T4185: [VPN-IPSEC] not boot config after reboot.
Jan 14 2022, 9:44 PM · VyOS 1.3 Equuleus (1.3.6)
Viacheslav changed the status of T4172: Patch ndppd to not read route table if there are no auto prefixes from Open to In progress.
Jan 14 2022, 9:14 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4183: IPv6 link-local address not accepted as wireguard peer from Open to In progress.
Jan 14 2022, 9:01 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4183: IPv6 link-local address not accepted as wireguard peer.

PR https://github.com/vyos/vyos-1x/pull/1169

Jan 14 2022, 9:01 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4182: Show vrrp if vrrp not configured bug as Resolved.
Jan 14 2022, 8:23 PM · VyOS 1.4 Sagitta
Viacheslav closed T4179: Add op-mode CLI for show high-availability virtual-server as Resolved.
Jan 14 2022, 8:22 PM · VyOS 1.4 Sagitta
Viacheslav closed T4177: Strip-private doesn't work for service monitoring as Resolved.
Jan 14 2022, 8:22 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a comment to T4150: VRRP with conntrack-sync does not work.

@NikolayP Could you re-test it?

Jan 14 2022, 8:19 PM · VyOS 1.4 Sagitta
Viacheslav added a subtask for T2199: Rewrite firewall in new XML/Python style: T3762: Support network and address groups for policy ipv6-route.
Jan 14 2022, 8:18 PM · VyOS 1.4 Sagitta
Viacheslav added a parent task for T3762: Support network and address groups for policy ipv6-route: T2199: Rewrite firewall in new XML/Python style.
Jan 14 2022, 8:18 PM · VyOS 1.4 Sagitta
Viacheslav closed T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID as Resolved.
Jan 14 2022, 8:11 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav edited projects for T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus (1.3.0).
Jan 14 2022, 8:09 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.

Some detail here T1280

Jan 14 2022, 2:25 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
johannrichard added a comment to T2199: Rewrite firewall in new XML/Python style.

@sdev: in your original commit for this task, recent rules are somehow semi-discarded (the time/counter condition will not be written out; however, the action will be written out) because of an apparent problem with nftables in this area.

Jan 14 2022, 10:10 AM · VyOS 1.4 Sagitta
Unknown Object (User) updated the task description for T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Jan 14 2022, 10:01 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Unknown Object (User) renamed T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses from NTP allow-clients address requires a reboot to NTP allow-clients address doesn't work.
Jan 14 2022, 9:55 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Unknown Object (User) updated the task description for T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Jan 14 2022, 4:42 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Unknown Object (User) created T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses.
Jan 14 2022, 4:35 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
odhnera added a comment to T4183: IPv6 link-local address not accepted as wireguard peer.

Thanks; I just tested commenting out line 5 of that file, and it successfully works around the issue, allowing me to set a link-local IPv6 address as my endpoint. The wireguard connection itself also works, and I can pass traffic.

Jan 14 2022, 1:08 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4183: IPv6 link-local address not accepted as wireguard peer.

@odhnera Try to comment or delete the validation string and restart vyos-configd service

Jan 14 2022, 12:15 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Jan 13 2022

odhnera added a comment to T4183: IPv6 link-local address not accepted as wireguard peer.

Getting link-local addresses to work would probably be very low-priority, but I did run into an extremely niche case where I wanted to do that. It's not the type of situation that would happen in a production environment, but I was running VyOS on a computer tethered via ethernet to an Android-based phone, and I wanted to connect to a wireguard peer running on the phone. Modern version of Android randomize the IPv4 address of their tethered interface on each reboot, but their link-local IPv6 address remains the same, making it more convenient to use it.

Jan 13 2022, 11:57 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4183: IPv6 link-local address not accepted as wireguard peer.

Link-local addresses with %ethX are not accepted in any protocols/peers/etc. A few services are allowed to set them as listen like ssh/dns at the moment.
Is there a real use case why you need it on wireguard interfaces?

Jan 13 2022, 11:23 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the subtype of T4183: IPv6 link-local address not accepted as wireguard peer from "Bug" to "Feature Request".
Jan 13 2022, 11:19 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T4025: OpenVPN server with TAP interface, client didn’t see network.

It generates by openvpn, maybe something new in the new OpenVPN version
So I see only one option - add mode server-bridge

Jan 13 2022, 11:02 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, openvpn
odhnera created T4183: IPv6 link-local address not accepted as wireguard peer.
Jan 13 2022, 10:05 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav assigned T4181: Firewall ipv6-network-group - incorrect description on helper to fernando.
Jan 13 2022, 8:34 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4178: policy based routing tcp flags issue from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1167

Jan 13 2022, 8:29 PM · VyOS 1.4 Sagitta
Viacheslav closed T4109: Extend high-availability/keepalived for support virtual-server lb as Resolved.
Jan 13 2022, 8:28 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4182: Show vrrp if vrrp not configured bug.

PR https://github.com/vyos/vyos-1x/pull/1166

Jan 13 2022, 8:20 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4182: Show vrrp if vrrp not configured bug from Open to In progress.
Jan 13 2022, 7:51 PM · VyOS 1.4 Sagitta
jack9603301 added a comment to T2898: Support NDP proxy.

@hensur I'm glad you reimplemented this feature. Come on

Jan 13 2022, 7:44 PM · VyOS 1.4 Sagitta
jack9603301 added a project to T2898: Support NDP proxy: VyOS 1.4 Sagitta.
Jan 13 2022, 7:43 PM · VyOS 1.4 Sagitta
jack9603301 removed a project from T2898: Support NDP proxy: VyOS 1.4 Sagitta.
Jan 13 2022, 7:43 PM · VyOS 1.4 Sagitta
Viacheslav created T4182: Show vrrp if vrrp not configured bug.
Jan 13 2022, 7:42 PM · VyOS 1.4 Sagitta
jack9603301 assigned T2898: Support NDP proxy to hensur.
Jan 13 2022, 7:41 PM · VyOS 1.4 Sagitta
jack9603301 changed the status of T2898: Support NDP proxy, a subtask of T2518: Support NAT for ipv6(NPT), from Open to In progress.
Jan 13 2022, 7:41 PM · VyOS 1.4 Sagitta
jack9603301 changed the status of T2898: Support NDP proxy, a subtask of T3089: Migrate port mirroring to vyos-1x and support two-way traffic mirroring, from Open to In progress.
Jan 13 2022, 7:41 PM · VyOS 1.3 Equuleus (1.3.0)
jack9603301 changed the status of T2898: Support NDP proxy from Open to In progress.
Jan 13 2022, 7:40 PM · VyOS 1.4 Sagitta
fernando added a comment to T4181: Firewall ipv6-network-group - incorrect description on helper .

PR: https://github.com/vyos/vyos-1x/pull/1168/

Jan 13 2022, 7:22 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4179: Add op-mode CLI for show high-availability virtual-server from Open to In progress.
Jan 13 2022, 7:15 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4179: Add op-mode CLI for show high-availability virtual-server.

PR https://github.com/vyos/vyos-1x/pull/1164

Jan 13 2022, 7:15 PM · VyOS 1.4 Sagitta
fernando created T4181: Firewall ipv6-network-group - incorrect description on helper .
Jan 13 2022, 6:54 PM · VyOS 1.4 Sagitta
johannrichard added a comment to T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases .

See comment in T4164: is working now.

Jan 13 2022, 4:52 PM · VyOS 1.4 Sagitta
johannrichard added a comment to T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails.

See comment in T4164: my config runs through easily now.

Jan 13 2022, 4:52 PM · VyOS 1.4 Sagitta
johannrichard added a comment to T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf`.

@sdev this (and the other fixes) look promising: after upgrading to the latest rolling release from 13.1.2022, both the example provided in the ticket as well as my config (a copy of my production setup with rules covering PBR, empty groups, references to "defines" in PBR rules) ran through easily. My production config created no errors when loading the config after the update.

Jan 13 2022, 4:49 PM · VyOS 1.4 Sagitta
zsdc created T4180: Support for QoS Policy Propagation via BGP (QPPB).
Jan 13 2022, 2:51 PM · VyOS 1.4 Sagitta
Viacheslav created T4179: Add op-mode CLI for show high-availability virtual-server.
Jan 13 2022, 1:42 PM · VyOS 1.4 Sagitta
Viacheslav closed T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0 as Resolved.
Jan 13 2022, 1:26 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
sarthurdev changed the status of T4178: policy based routing tcp flags issue from Open to In progress.

Thanks for the report, working on the fix now.

Jan 13 2022, 11:55 AM · VyOS 1.4 Sagitta
mTx87 added a project to T4178: policy based routing tcp flags issue: VyOS 1.4 Sagitta.
Jan 13 2022, 11:50 AM · VyOS 1.4 Sagitta
mTx87 created T4178: policy based routing tcp flags issue.
Jan 13 2022, 11:49 AM · VyOS 1.4 Sagitta
johannrichard added a comment to T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf`.
In T4164#116547, @mTx87 wrote:

seems like policy based routing not working.

Jan 13 2022, 11:38 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4177: Strip-private doesn't work for service monitoring.

PR https://github.com/vyos/vyos-1x/pull/1163

Jan 13 2022, 9:53 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
mTx87 added a comment to T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf`.

moved my comment to a new bug request to keep this one here clean.

Jan 13 2022, 9:41 AM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4177: Strip-private doesn't work for service monitoring from Open to In progress.
Jan 13 2022, 9:38 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav closed T4175: BGP configuration failed as Resolved.

T3741

Jan 13 2022, 9:18 AM · VyOS 1.4 Sagitta
hexes added a comment to T4025: OpenVPN server with TAP interface, client didn’t see network.

Any updates? No one?

Jan 13 2022, 3:56 AM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, openvpn
Viacheslav updated subscribers of T4177: Strip-private doesn't work for service monitoring.
Jan 13 2022, 1:17 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav created T4177: Strip-private doesn't work for service monitoring.
Jan 13 2022, 1:16 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
Viacheslav added a comment to T3872: Add configurable telegraf monitoring service.

PR https://github.com/vyos/vyos-1x/pull/1162

Jan 13 2022, 1:12 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Jan 12 2022

nikeshhajari created T4176: VyOS CLI command: show openvpn server/client does not display output.
Jan 12 2022, 9:05 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
mTx87 added a comment to T4175: BGP configuration failed.

but wasn't necessary on VyOS 1.4-rolling-202109280217
so I guess changes to FRR that are the cause right?

Jan 12 2022, 8:18 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4175: BGP configuration failed.

Add neighbors to their proper afi:

Jan 12 2022, 7:43 PM · VyOS 1.4 Sagitta
Viacheslav moved T4161: Policy route-map - Incorrect value help for local preference from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jan 12 2022, 7:40 PM · VyOS 1.4 Sagitta
Viacheslav moved T4162: VPN ipsec ike-group - Incorrect value help for ikev2-reauth from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jan 12 2022, 7:39 PM · VyOS 1.4 Sagitta
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.169 / 5.10.89 to Update Linux Kernel to v5.4.171 / 5.10.91.
Jan 12 2022, 5:52 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T3872: Add configurable telegraf monitoring service.
  • Incorrect custom scripts data if used tunX interfaces
    • Allow inputs.ethtool only on Ethernet interfaces, by default it tries to get statistics from each interface, template
Jan 12 19:37:30 r11-roll telegraf[7703]: 2022-01-12T17:37:30Z E! [inputs.ethtool] Error in plugin: dum0 stats: operation not supported
Jan 12 19:37:30 r11-roll telegraf[7703]: 2022-01-12T17:37:30Z E! [inputs.ethtool] Error in plugin: gretap0 driver: operation not supported
Jan 12 19:37:30 r11-roll telegraf[7703]: 2022-01-12T17:37:30Z E! [inputs.ethtool] Error in plugin: gre0 driver: operation not supported
Jan 12 19:37:30 r11-roll telegraf[7703]: 2022-01-12T17:37:30Z E! [inputs.ethtool] Error in plugin: erspan0 driver: operation not supported
Jan 12 2022, 5:49 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav placed T3872: Add configurable telegraf monitoring service up for grabs.
Jan 12 2022, 5:25 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav added a comment to T3872: Add configurable telegraf monitoring service.

Incorrect custom scripts data if used 'tun' interface
https://github.com/vyos/vyos-1x/blob/current/src/etc/telegraf/custom_scripts/show_interfaces_input_filter.py

Jan 12 2022, 5:25 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav moved T4152: NHRP shortcut-target holding-time does not work from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
Jan 12 2022, 5:20 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav closed T4152: NHRP shortcut-target holding-time does not work as Resolved.
Jan 12 2022, 5:20 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
sarthurdev changed the status of T2199: Rewrite firewall in new XML/Python style from Open to Needs testing.
Jan 12 2022, 5:11 PM · VyOS 1.4 Sagitta
Viacheslav closed T4168: IPsec VPN is impossible to restart when DMVPN is configured as Resolved.
Jan 12 2022, 4:48 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav edited projects for T4168: IPsec VPN is impossible to restart when DMVPN is configured, added: VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Jan 12 2022, 4:48 PM · VyOS 1.3 Equuleus ( 1.3.1)
mTx87 created T4175: BGP configuration failed.
Jan 12 2022, 4:47 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T3872: Add configurable telegraf monitoring service from Open to Needs testing.
Jan 12 2022, 4:38 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Unknown Object (User) closed T4167: DMVPN apply wrong param on the first configuration as Resolved.
Jan 12 2022, 4:38 PM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav changed the status of T4173: Wan Load Balancing - Error on firewall NAT rules from In progress to Needs testing.
Jan 12 2022, 4:38 PM · VyOS 1.4 Sagitta
Viacheslav changed the status of T4173: Wan Load Balancing - Error on firewall NAT rules from Open to In progress.
Jan 12 2022, 4:37 PM · VyOS 1.4 Sagitta
Viacheslav moved T4152: NHRP shortcut-target holding-time does not work from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jan 12 2022, 4:30 PM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta
Viacheslav changed the status of T4168: IPsec VPN is impossible to restart when DMVPN is configured from Open to In progress.
Jan 12 2022, 4:04 PM · VyOS 1.3 Equuleus ( 1.3.1)
Viacheslav added a comment to T4168: IPsec VPN is impossible to restart when DMVPN is configured.

PR https://github.com/vyos/vyatta-op-vpn/pull/32

Jan 12 2022, 4:04 PM · VyOS 1.3 Equuleus ( 1.3.1)
n.fort closed T4161: Policy route-map - Incorrect value help for local preference as Resolved.
Jan 12 2022, 1:46 PM · VyOS 1.4 Sagitta
n.fort closed T4162: VPN ipsec ike-group - Incorrect value help for ikev2-reauth as Resolved.
Jan 12 2022, 1:45 PM · VyOS 1.4 Sagitta
fernando added a comment to T4144: Firewall address-group - Improve error messages.

yes, you are right:

Jan 12 2022, 1:38 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4160: Firewall - Error in rules that matches everything except something from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1161

Jan 12 2022, 12:32 PM · VyOS 1.4 Sagitta
Viacheslav closed T4174: Validation fails when entering port range with upper port 65535, a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.
Jan 12 2022, 11:29 AM · VyOS 1.4 Sagitta
Viacheslav closed T4174: Validation fails when entering port range with upper port 65535 as Resolved.
Jan 12 2022, 11:29 AM · VyOS 1.4 Sagitta
sarthurdev moved T4131: Show firewall group incorrect format members from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:14 AM · VyOS 1.4 Sagitta
sarthurdev moved T4137: Firewall group configuration allows to set incorrect port range and invalid port from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:14 AM · VyOS 1.4 Sagitta
sarthurdev moved T4144: Firewall address-group - Improve error messages from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4148: Firewall - Error messages not that clear as it were in old firewall from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4160: Firewall - Error in rules that matches everything except something from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
sarthurdev moved T4164: PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf` from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 12 2022, 10:13 AM · VyOS 1.4 Sagitta
Unknown Object (User) changed the status of T4167: DMVPN apply wrong param on the first configuration from In progress to Needs testing.
Jan 12 2022, 6:38 AM · VyOS 1.3 Equuleus (1.3.0)
Unknown Object (User) added a comment to T4100: Firewall increase maximum number of rules.

PR:
https://github.com/vyos/vyatta-cfg-firewall/pull/29/commits

Jan 12 2022, 5:46 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta