Page MenuHomeVyOS Platform
Feed All Stories

Jun 23 2022

sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..

@Viacheslav I tested your fix in my environment. The inbound filtering worked as expected after the fix. However it did not work correctly for the case we where we want both inbound and outbound firewalls on a single vrf member interface (or any case that has more than 2 directions on the same interface).

Jun 23 2022, 2:57 AM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7)

Jun 22 2022

dongjunbo updated the task description for T4479: generate wireguard client command prompt has some error.
Jun 22 2022, 10:51 AM · VyOS 1.3 Equuleus (1.3.4)
dongjunbo created T4479: generate wireguard client command prompt has some error.
Jun 22 2022, 10:50 AM · VyOS 1.3 Equuleus (1.3.4)
c-po closed T1748: vbash: beautify tab completion output/line breaks as Resolved.
Jun 22 2022, 5:36 AM · VyOS 1.4 Sagitta
yas-nyan updated the task description for T4477: router-advert: support RDNSS lifetime option.
Jun 22 2022, 12:11 AM · VyOS 1.4 Sagitta

Jun 21 2022

v.huti updated subscribers of T4394: Improve VYOS_DEBUG profiling support.

Memray:

In order to keep useful tracing/debugging tooling in a single place, the @jestabro has created the repo:

https://github.com/jestabro/profiling-tools

Since there is no vyatta package yet, you need to either compile it by hand or install it from the apt
as explained before. Some examples to play around with:

# NOTE: I had to downgrade this package to resolve the installation conflict
# sudo apt-get install python3-pkg-resources=45.2.0-1
  sudo apt-get install python3-pip
  sudo python3 -m pip install memray
  PATH+=":/home/vyos/.local/bin"
Jun 21 2022, 10:49 PM · VyOS 1.4 Sagitta, vyatta-cfg
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.

Analysis:

I have collected the profiling data for the following configurations:

Jun 21 2022, 10:48 PM · VyOS 1.4 Sagitta, vyatta-cfg
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.

Gotchas:

If you are running a small QEMU device and it has run out of the memory, the scenario is following:

- The boot process has failed, the prompt is stuck, bash is not initialized
- You reboot the device, it tries to read the config, fails once again as there is no free memory
- Config was not loaded, you cannot log in; it is a loop
Jun 21 2022, 10:47 PM · VyOS 1.4 Sagitta, vyatta-cfg
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.
NOTE: by default, the perf binary is not installed on the ISO image.
Jun 21 2022, 10:45 PM · VyOS 1.4 Sagitta, vyatta-cfg
rob added a comment to T4478: Firewall ipv6 p2p option failed .

https://github.com/vyos/vyatta-cfg-firewall/pull/33

Jun 21 2022, 8:37 PM · VyOS 1.3 Equuleus (1.3.7)
rob created T4478: Firewall ipv6 p2p option failed .
Jun 21 2022, 7:18 PM · VyOS 1.3 Equuleus (1.3.7)
n.fort changed the status of T4475: route-map does not support ipv6 peer from Open to In progress.

PR for 1.4: https://github.com/vyos/vyos-1x/pull/1367

Jun 21 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.4)
n.fort added a project to T4475: route-map does not support ipv6 peer: VyOS 1.4 Sagitta.
Jun 21 2022, 5:43 PM · VyOS 1.3 Equuleus (1.3.4)
n.fort claimed T4475: route-map does not support ipv6 peer.
Jun 21 2022, 3:20 PM · VyOS 1.3 Equuleus (1.3.4)
v.huti added a comment to T4462: FRR operational-data pagination.

TBD: GUI

VyOS users can configure the front-end interface, called vycontroll, to examine the configuration state.
A detailed description can be found at:
https://vycontrol.com/
https://github.com/vycontrol/vycontrol
https://docs.vyos.io/en/equuleus/configuration/service/https.html
https://brezular.com/2021/05/01/vycontrol-web-ui-for-vyos-firewall/

Jun 21 2022, 2:40 PM · VyOS 1.4 Sagitta
v.huti added a comment to T4462: FRR operational-data pagination.

FRR Debugging


Recently, I had to triage/debug a bunch of issues that involved running a legacy build of frr.
This involved:

  • Triaging issue down to the place when it was introduced. Otherwise, verifying that feature was never working at all.
  • Comparing the execution flow between legacy/master versions to identify the divergence
  • Building & running multiple (legacy/master) frr versions in parallel
  • Doing deep analysis within gdb
Jun 21 2022, 2:38 PM · VyOS 1.4 Sagitta
v.huti added a comment to T4462: FRR operational-data pagination.

Since the last update, I have simplified the CLI interface:

1. I have removed the global iterator and incapsulated the iteration state into the vty structure.
   This way, each vtysh client has its private iteration state for the following requests.
   It should be possible to query multiple data nodes simultaneously and asynchronously.
Jun 21 2022, 2:27 PM · VyOS 1.4 Sagitta
yas-nyan renamed T4477: router-advert: support RDNSS lifetime option from router-advert: support RDNSS lifettime option to router-advert: support RDNSS lifetime option.
Jun 21 2022, 1:38 PM · VyOS 1.4 Sagitta
yas-nyan renamed T4477: router-advert: support RDNSS lifetime option from router-advert: support advertising specific routes to router-advert: support RDNSS lifettime option.
Jun 21 2022, 1:37 PM · VyOS 1.4 Sagitta
yas-nyan created T4477: router-advert: support RDNSS lifetime option.
Jun 21 2022, 1:29 PM · VyOS 1.4 Sagitta
danhusan created T4476: Next steps after installation is not communicated properly to new users.
Jun 21 2022, 12:31 PM · VyOS 1.3 Equuleus ( 1.3.1)
aderouineau created T4475: route-map does not support ipv6 peer.
Jun 21 2022, 2:00 AM · VyOS 1.3 Equuleus (1.3.4)

Jun 20 2022

aalmenar created T4474: Adding more than 1 prefix-list is ignored.
Jun 20 2022, 8:04 PM
c-po closed T1856: Support configuring IPSec SA bytes, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Jun 20 2022, 7:39 PM · VyOS 1.4 Sagitta
c-po closed T1856: Support configuring IPSec SA bytes as Resolved.
Jun 20 2022, 7:39 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.0)
c-po added a comment to T1748: vbash: beautify tab completion output/line breaks.
Jun 20 2022, 7:14 PM · VyOS 1.4 Sagitta
c-po moved T1748: vbash: beautify tab completion output/line breaks from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jun 20 2022, 7:03 PM · VyOS 1.4 Sagitta
c-po claimed T1748: vbash: beautify tab completion output/line breaks.
Jun 20 2022, 6:47 PM · VyOS 1.4 Sagitta
danhusan added a comment to T4466: intel i225-v nic does not detect link after boot.
Jun 20 2022, 3:15 PM · VyOS 1.3 Equuleus
florin added a comment to T4466: intel i225-v nic does not detect link after boot.

https://drive.google.com/file/d/1-5G8UPZfw0UJalLJKPVkzoA6AKC5k7Lm/view?usp=sharing

Jun 20 2022, 2:34 PM · VyOS 1.3 Equuleus
danhusan added a comment to T4466: intel i225-v nic does not detect link after boot.

Wow, well done! You don't happen to have an ISO you could share?

Jun 20 2022, 1:29 PM · VyOS 1.3 Equuleus
florin added a comment to T4466: intel i225-v nic does not detect link after boot.
vyos@gw:~$ show version
Jun 20 2022, 9:36 AM · VyOS 1.3 Equuleus
florin added a comment to T4466: intel i225-v nic does not detect link after boot.

yes, I had to do a bit of hacking - i.e. use the 1.4 kernel configs and patches, removed the wirguard-modules package, install the backports open-vm-tools version.
I committed those changes in my fork:
https://github.com/vyos/vyos-build/compare/equuleus...fvlaicu:equuleus

Jun 20 2022, 8:40 AM · VyOS 1.3 Equuleus
danhusan added a comment to T4466: intel i225-v nic does not detect link after boot.

Did you then end up with a fully working nic, bridging included?

Jun 20 2022, 8:05 AM · VyOS 1.3 Equuleus

Jun 19 2022

Viacheslav created T4473: Use container network without network declaration error.
Jun 19 2022, 2:11 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4451: The DHCPv6 server leases function the display of the hostname.

We don't have such option client-hostname in dhcpdv6.leases

Jun 19 2022, 12:21 PM · VyOS 1.5 Circinus
Viacheslav added a comment to T4472: Alternative validators.

PR https://github.com/vyos/vyos-1x/pull/1365

Jun 19 2022, 11:15 AM · VyOS 1.4 Sagitta
Viacheslav updated the task description for T4472: Alternative validators.
Jun 19 2022, 10:07 AM · VyOS 1.4 Sagitta
Viacheslav created T4472: Alternative validators.
Jun 19 2022, 9:46 AM · VyOS 1.4 Sagitta
sccfit created T4471: Explicit declare root domain in static-host-mapping.
Jun 19 2022, 3:29 AM · VyOS 1.4 Sagitta

Jun 18 2022

Viacheslav changed the subtype of T4470: Rewrite load-balancing wan to XML/Python from "Bug" to "Feature Request".
Jun 18 2022, 2:52 PM · VyOS 1.4 Sagitta
Viacheslav created T4470: Rewrite load-balancing wan to XML/Python.
Jun 18 2022, 2:52 PM · VyOS 1.4 Sagitta
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.197 / 5.10.121 to Update Linux Kernel to v5.4.197 / 5.10.123.
Jun 18 2022, 6:05 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po closed T4467: Validator Does Not Accept Signed Numbers as Resolved.
Jun 18 2022, 6:04 AM · VyOS 1.4 Sagitta
c-po added a comment to T4467: Validator Does Not Accept Signed Numbers.

Tested and works correct. Thanks @jestabro

Jun 18 2022, 6:04 AM · VyOS 1.4 Sagitta
dongjunbo updated the task description for T4469: Build Azure image by follow offical build instruction Error .
Jun 18 2022, 3:05 AM
dongjunbo created T4469: Build Azure image by follow offical build instruction Error .
Jun 18 2022, 3:05 AM
jestabro claimed T4467: Validator Does Not Accept Signed Numbers.
Jun 18 2022, 12:59 AM · VyOS 1.4 Sagitta
jestabro added a comment to T4467: Validator Does Not Accept Signed Numbers.

PR: https://github.com/vyos/vyos-utils/pull/4
Adding the additional validator to policy.xml.in allows the smoketest (above) to pass.

Jun 18 2022, 12:55 AM · VyOS 1.4 Sagitta

Jun 17 2022

jestabro added a comment to T4467: Validator Does Not Accept Signed Numbers.

One approach is linked below; to be discussed before PR.
https://github.com/vyos/vyos-utils/compare/master...jestabro:increment-decrement?expand=1

Jun 17 2022, 5:31 PM · VyOS 1.4 Sagitta
blackhole added a comment to T4362: Wan Load Balancing - Can't create routing tables.

I hope it can be found. I have been banging my head against the wall with this issue :( and it's hurting.

Jun 17 2022, 1:56 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T4362: Wan Load Balancing - Can't create routing tables.

load-balancing wan completely broken with nexthop dhcp for 1.4 (it happens after first reboot or renew)
The script gets empty values there https://github.com/vyos/vyatta-wanloadbalance/blob/a831f22d4c34bf947b0335e55573280b75c2bde0/src/lbdecision.cc#L180
So ip route replace table is never executed
Why does it get an empty value?
It parse lease file https://github.com/vyos/vyatta-wanloadbalance/blob/a831f22d4c34bf947b0335e55573280b75c2bde0/src/lbdata.cc#L335-L341
option new_routers and in 1.4 the file looks as

Jun 17 2022, 1:43 PM · VyOS 1.4 Sagitta
Viacheslav closed T4209: Firewall incorrect handler for recent count and time as Resolved.
Jun 17 2022, 10:02 AM · VyOS 1.4 Sagitta

Jun 16 2022

fernando closed T4352: wan-load balance - priority traffic rule doesn't work as Resolved.

i've checked this issues, it seems to be solved . I think that it was solved for another task. I used the following vyos version :

Jun 16 2022, 10:30 PM · VyOS 1.4 Sagitta
florin added a comment to T4466: intel i225-v nic does not detect link after boot.

I'm also trying to get this up and running. The latest 5.4 kernel fixes this issue, but other issues remain, like bridging not working.
Instead of backporting the driver, I ended up backporting the lataest 5.10 kernel to the 1.3 branch.

Jun 16 2022, 8:44 PM · VyOS 1.3 Equuleus
v.huti added a comment to T4462: FRR operational-data pagination.

Ongoing activity:

1. Stabilization
-  I have seen a corner case that would crash inside the northbound callbacks.
-  I can see some validation failure logs, although the resulting output seems good for me.
-  Daniil was concerned about memory leaks associated with iteration state.
   After additional research - this is not a problem, but I can imagine cases where we would
   fail to handle a malformed XPath and leak resources on the stuck unwinding
   I need to do some testing with Valgrind.
2. Scale testing
3. Async support for multiple vtysh clients. The current demo assumes that there is only one client.
   I want to map the iteration state to the vtysh client/socket so multiple requests may be executed in parallel
4. A debugging instruction
   I have used some complicated debugging flow when merging the feature.
   This should be useful for other (non-C) devs.
5. Finishing the documentation
6. advanced XPath filtering support?
Jun 16 2022, 1:50 PM · VyOS 1.4 Sagitta
v.huti added a comment to T4462: FRR operational-data pagination.

Recently, I had a conversation with the VMware team lead - Pushpasis Sarkar.
He has described the ongoing development and explained the use case they are interested in.
From the conversation:

1. The latest proposal draft: 
   Page 72-73 `Retrieve Operational Data - Retrieving Containers and Leaf members`
   Page 84-85 `Retrieve Operational Data - Retrieving Large List elements` + comments
   Page 86 `Retrieve Operational Data - Retrieving Containers and Leaf members` + comments.
Jun 16 2022, 1:29 PM · VyOS 1.4 Sagitta
v.huti updated the task description for T4462: FRR operational-data pagination.
Jun 16 2022, 12:39 PM · VyOS 1.4 Sagitta
angelnu added a comment to T1311: WAN load-balancing can't flush connections when conntrack-sync is enabled.

I have also hit this into the latest rolling version:

Jun 16 2022, 10:39 AM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project, VyOS 1.3 Equuleus (1.3.7), test
Viacheslav moved T4468: web-proxy source group cannot start with a number bug from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jun 16 2022, 9:11 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T4468: web-proxy source group cannot start with a number bug.

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1364

Jun 16 2022, 9:11 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a project to T4468: web-proxy source group cannot start with a number bug: VyOS 1.3 Equuleus (1.3.2).
Jun 16 2022, 8:57 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T3813: Some custom sysctl parameters can't be applied bug.

I think it should check this parameter per commit and it is a bug with validation as we don't have a tunnel interface yet
But after commit it will be valid value

Jun 16 2022, 8:50 AM · VyOS 1.3 Equuleus (1.3.6), VyOS 1.4 Sagitta
Viacheslav added a comment to T4468: web-proxy source group cannot start with a number bug.

PR https://github.com/vyos/vyos-1x/pull/1363

vyos@r14# set service webproxy url-filtering squidguard source-group fdsf-dg
[edit]
vyos@r14#
Jun 16 2022, 8:41 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav changed the status of T4468: web-proxy source group cannot start with a number bug from Open to In progress.
Jun 16 2022, 8:37 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a comment to T4468: web-proxy source group cannot start with a number bug.

It seems issue with this validator https://github.com/vyos/vyos-1x/blob/1978946312a36f4913e1e5ea7754668b1c653d09/interface-definitions/service_webproxy.xml.in#L487

Jun 16 2022, 8:08 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Nova_Logic created T4468: web-proxy source group cannot start with a number bug.
Jun 16 2022, 7:49 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
c-po triaged T4467: Validator Does Not Accept Signed Numbers as Normal priority.
Jun 16 2022, 7:06 AM · VyOS 1.4 Sagitta
c-po added a comment to T4467: Validator Does Not Accept Signed Numbers.

route-maps support a relative adjustment of the metric (https://github.com/vyos/vyos-1x/blob/current/interface-definitions/policy.xml.in#L1402-L1417)

Jun 16 2022, 7:06 AM · VyOS 1.4 Sagitta
Viacheslav added a comment to T3070: Firewall going OOM, possible related to nftables migration.

@kroy Are you still having trouble with it?

Jun 16 2022, 6:45 AM · VyOS 1.3 Equuleus (1.3.4)
trae32566 created T4467: Validator Does Not Accept Signed Numbers.
Jun 16 2022, 6:44 AM · VyOS 1.4 Sagitta
danhusan created T4466: intel i225-v nic does not detect link after boot.
Jun 16 2022, 6:43 AM · VyOS 1.3 Equuleus
Viacheslav closed T4246: Failed to delete vrrp transition-script as Invalid.
Jun 16 2022, 6:43 AM · VyOS 1.3 Equuleus (1.3.0)
Viacheslav closed T3866: Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax as Resolved.
Jun 16 2022, 6:41 AM · VyOS 1.3 Equuleus (1.3.0)

Jun 15 2022

sarthurdev changed the status of T4435: Policy route and firewall - error when using undefined group from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1362

Jun 15 2022, 9:15 PM · VyOS 1.4 Sagitta
Viacheslav closed T513: Docs for devs: How to use Python, XML et al instead of Bash and Perl for VyOS configuration as Resolved N/A.
Jun 15 2022, 3:28 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T515: Complete the documentation on the suggested Python / XML config framework, a subtask of T513: Docs for devs: How to use Python, XML et al instead of Bash and Perl for VyOS configuration, as Resolved N/A.
Jun 15 2022, 3:28 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T515: Complete the documentation on the suggested Python / XML config framework as Resolved N/A.
Jun 15 2022, 3:28 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T514: Concentration and streamlining of Python / XML config framework documentation, a subtask of T513: Docs for devs: How to use Python, XML et al instead of Bash and Perl for VyOS configuration, as Resolved N/A.
Jun 15 2022, 3:27 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T514: Concentration and streamlining of Python / XML config framework documentation as Resolved N/A.
Jun 15 2022, 3:27 PM · VyOS 1.3 Equuleus (1.3.0), Restricted Project
Viacheslav closed T1890: Metatask: rewrite flow-accounting to XML and Python, a subtask of T3355: Remove all remaining legacy Vyatta code, as Resolved.
Jun 15 2022, 3:21 PM · VyOS 1.4 Sagitta
Viacheslav closed T1890: Metatask: rewrite flow-accounting to XML and Python as Resolved.
Jun 15 2022, 3:21 PM · VyOS 1.3 Equuleus (1.3.0)
n.fort closed T4450: Route-map - Extend options for ip|ipv6 address match as Resolved.
Jun 15 2022, 3:03 PM · VyOS 1.4 Sagitta
n.fort closed T4449: Route-map - Extend options for ip next-hop match as Resolved.
Jun 15 2022, 3:03 PM · VyOS 1.4 Sagitta
n.fort closed T990: Make DNAT/SNAT a valid state in firewall rules. as Resolved.
Jun 15 2022, 3:02 PM · VyOS 1.4 Sagitta, test
sarthurdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from In progress to Needs testing.
Jun 15 2022, 1:33 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4147: New Firewall Implementation - proposed changes on group implementation.

PR: https://github.com/vyos/vyos-1x/pull/1361

Jun 15 2022, 1:32 PM · VyOS 1.4 Sagitta
Viacheslav added a comment to T1375: Add clear dhcp server lease function.

PR https://github.com/vyos/vyos-1x/pull/1360

Jun 15 2022, 12:40 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta
Viacheslav added a project to T1375: Add clear dhcp server lease function: VyOS 1.4 Sagitta.
Jun 15 2022, 1:20 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta

Jun 14 2022

n.fort added a comment to T4460: nhrp not starting due to missing cisco-authentication value.

Since in previous version set protocols nhrp tunnel tun0 cisco-authentication "" was allowed, a migration script is required. Otherwise, when upgrading, configuration fails.

Jun 14 2022, 2:54 PM · VyOS 1.4 Sagitta (1.4.0-epa1), Restricted Project
Viacheslav moved T4380: Feature Request: ocserv: 2FA OTP key generator in VyOS CLI from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jun 14 2022, 1:05 PM · VyOS 1.4 Sagitta
Viacheslav moved T4420: Feature Request: ocserv: show configured 2FA OTP key from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jun 14 2022, 1:04 PM · VyOS 1.4 Sagitta
Viacheslav added a project to T4420: Feature Request: ocserv: show configured 2FA OTP key: VyOS 1.4 Sagitta.
Jun 14 2022, 1:04 PM · VyOS 1.4 Sagitta

Jun 13 2022

Viacheslav added a comment to T1237: Static Route Path Monitoring, failover.

PR https://github.com/vyos/vyos-1x/pull/1358

set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 check target '192.168.100.1'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 check timeout '10'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 check type 'icmp'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 interface 'eth1'
set protocols failover route 203.0.113.1/32 next-hop 192.168.100.1 metric '2'
Jun 13 2022, 4:56 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from Open to In progress.

Working on moving groups to named set as part of a refactor in some firewall code.

Jun 13 2022, 12:11 PM · VyOS 1.4 Sagitta

Jun 12 2022

panachoi added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

Thanks for the pointer, but I think it should still be considered a "bug" that you can no longer use an empty group (I'm just going to assume that this would apply to any kind of group, but most are probably using this for host/network groups, as this is where it would be most useful). Judging from the comments in T4147, I'm clearly not the only one who was taking advantage of managing sets outside of the system. Alas, my boot times for 1.4 (what this discussion is about) are not really valid, as my configuration didn't really get migrated from 1.3.1->1.4, or better said, it doesn't actually commit, and I actually ended up with a mostly empty firewall config on boot, which is perhaps why its booting so quickly now.

Jun 12 2022, 7:09 AM · VyOS 1.3 Equuleus (1.3.6)
Unknown Object (User) closed T4380: Feature Request: ocserv: 2FA OTP key generator in VyOS CLI as Resolved.

Tested with VyOS 1.4-rolling-202206100921
Works as expected
Described in the documentation

Jun 12 2022, 5:16 AM · VyOS 1.4 Sagitta
Unknown Object (User) closed T4420: Feature Request: ocserv: show configured 2FA OTP key as Resolved.

Tested in VyOS 1.4-rolling-202206100921

Jun 12 2022, 5:04 AM · VyOS 1.4 Sagitta
Unknown Object (User) added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.

The problem seems to be in these lines:

Jun 12 2022, 3:56 AM · VyOS 1.3 Equuleus ( 1.3.1)

Jun 11 2022

n.fort renamed T4435: Policy route and firewall - error when using undefined group from Policy route without defined port-group error to Policy route and firewall - error when using undefined group.
Jun 11 2022, 11:19 AM · VyOS 1.4 Sagitta