Implemented as: set service router-advert interface eth0 name-server-lifetime <value> which will be option A
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jun 29 2022
Jun 29 2022
PR https://github.com/vyos/vyos-1x/pull/1379 (without completion help)
Because with a rule like that I accept everything coming from nl from wan to lan, or I would need to add the source nl to every rule. That's why I did it with a deny not coming from nl on top, and then specific rules for the traffic that I want to accept.
jestabro changed the status of T4491: Use empty string for internal name of root node of config_tree, a subtask of T4235: Add config tree diff algorithm, from In progress to Backport candidate.
jestabro changed the status of T4491: Use empty string for internal name of root node of config_tree from In progress to Backport candidate.
Viacheslav changed the subtype of T4493: Incorrect help for "show bgp neighbors" from "Task" to "Bug".
Viacheslav changed the subtype of T4496: ping vrf help does not list VRFs from "Task" to "Feature Request".
If the default option is enabled or 1
Maybe it makes sense to create disable option like:
set interfaces bridge br0 ip disable-multicast-snooping
PR to add the option: https://github.com/vyos/vyos-1x/pull/1378
aderouineau triaged T4492: Incorrect list of neighbors in help for "show bgp vrf VRF neighbors" as Normal priority.
Jun 28 2022
Jun 28 2022
jestabro renamed T4491: Use empty string for internal name of root node of config_tree from Use empty string for internal name of root of config_tree to Use empty string for internal name of root node of config_tree.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py, a subtask of T4235: Add config tree diff algorithm, from Open to On hold.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py, a subtask of T4316: Update save-config/load-config, from Open to On hold.
jestabro changed the status of T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py from Open to On hold.
jestabro updated the task description for T4295: Use config_tree instead of legacy loadFile in vyos-load-config.py.
jestabro changed the status of T4491: Use empty string for internal name of root node of config_tree from Open to In progress.
Viacheslav lowered the priority of T4232: VyOS 1.2 traffic-policy shaper match interface not working from High to Normal.
It is not related to a router bug/feature
Close it
Did you try dns forwarding domain?
set service dns forwarding domain abc.local server 192.0.2.5
Viacheslav changed the status of T4475: route-map does not support ipv6 peer from In progress to Needs testing.
Task for rewriting wan-loadbalancing to XML/Python T4470
fernando added a comment to T4490: BGP- warning message that AFI/SAFI is needed to establish the neighborship.
@Viacheslav thanks
Viacheslav changed the status of T4473: Use container network without network declaration error from Open to In progress.
fernando changed the status of T4490: BGP- warning message that AFI/SAFI is needed to establish the neighborship from Open to In progress.
Viacheslav added a project to T4489: MPLS sysctl not persistent for tunnel interfaces: VyOS 1.3 Equuleus (1.3.2).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1375
Viacheslav moved T4429: Ability to detect external IP address from op-mode from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav added a project to T4429: Ability to detect external IP address from op-mode: VyOS 1.3 Equuleus (1.3.2).
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1374
Will be fixed in the next rolling release
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1372
Viacheslav moved T1375: Add clear dhcp server lease function from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Why don't use action accept for nl and drop all others?
e.khudiyev added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.
In T4457#124584, @NikolayP wrote:The problem seems to be in these lines:
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.1' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14'Replacing "static IP" with 172.25.255.2 makes it work in VyOS 1.3.1
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2'Full corrected config for 1.3.1 from the first post:
set interfaces dummy dum4 address '4.4.4.4/32' set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth1 address '192.168.6.31/24' set service ssh set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec nat-traversal 'enable' set vpn l2tp remote-access authentication local-users username test password 'test' set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2' set vpn l2tp remote-access authentication mode 'local' set vpn l2tp remote-access authentication require 'mschap-v2' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14' set vpn l2tp remote-access idle '1800' set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret' set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'test' set vpn l2tp remote-access ipsec-settings ike-lifetime '3600' set vpn l2tp remote-access ipsec-settings lifetime '3600' set vpn l2tp remote-access outside-address '192.168.6.31'
Viacheslav changed the status of T4489: MPLS sysctl not persistent for tunnel interfaces from Confirmed to In progress.
It seems a wrong priority
Mpls configuration applied before creation tunnel
As a result sysctl parameter for the tunnel interface doesn't exist yet
To reproduce it in one commit:
set interfaces dummy dum1 address '10.5.4.8/24' set interfaces tunnel tun0 address '10.255.0.2/30' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 remote '192.0.2.254' set interfaces tunnel tun0 source-address '192.0.2.1' set protocols mpls interface 'dum1' set protocols mpls interface 'tun0' set protocols mpls ldp discovery transport-ipv4-address '192.0.2.1' set protocols mpls ldp interface 'dum1' set protocols mpls ldp interface 'tun0' set protocols mpls ldp router-id '192.0.2.1'
Jun 27 2022
Jun 27 2022
Hi,
I think this is a BUG, not a feature.
If I enable mpls on an interface, then the proper sysctl flags must be applied and be persistent.
fernando changed the status of T4489: MPLS sysctl not persistent for tunnel interfaces from Open to Confirmed.
it's a common behavior when you want to set sysctl variable and bash-cli is used ( vyos-cli by default when restart the vm set this value in 0 ) . however , it's possible to configure it with this command :
Jun 26 2022
Jun 26 2022
I just tested it on VyOS 1.4-rolling-202206260217, everything seems to work so far!
It would be nice to also have the negate option, something like:
@MrXermon Let's say someone is setting up BGP peering and wants to control import or export of prefixes using prefixlist. With your suggestion, how would you deny certain prefixes and accept all others? Can JunOS solve this directly with prefixlist without using route-map?
Nova_Logic added a comment to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.
Thank you!
n.fort changed the status of T4480: add an ability to configure squid acl safe ports and acl ssl safe ports from Open to In progress.
n.fort added a comment to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.
Nova_Logic updated the task description for T4488: allow manual configuration changes of interfaces created by high-availability with rfc3768-compatibility option .
Viacheslav changed Version from - to VyOS 1.4-rolling-202206260217 on T4487: Create container without downloaded image wrong behavior.
Viacheslav changed the subtype of T4487: Create container without downloaded image wrong behavior from "Feature Request" to "Bug".
Jun 25 2022
Jun 25 2022
sarthurdev changed the status of T4485: OpenVPN: Allow multiple CAs certificates from Open to In progress.
sarthurdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from In progress to Needs testing.
sarthurdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from Open to In progress.
c-po closed T4483: Upgrade fastnetmon to v1.2.2 community edition, a subtask of T2659: Add fastnetmon (DDoS detection) support, as Resolved.
c-po moved T1748: vbash: beautify tab completion output/line breaks from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect from In Progress to Finished on the VyOS 1.4 Sagitta board.
c-po updated the task description for T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect.
c-po moved T4482: dhcp: toggle of "dhcp-options no-default-route" has no effect from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jun 24 2022
Jun 24 2022
sandwichdoge added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..
@Viacheslav As for your other concern, you can filter the actual inbound interface (eth4 in this my case) in mangle-PREROUTING. Maybe you could try packet marking in mangle-PREROUTING, then filter them later in VYOS_FW_FORWARD/VYOS_FW_LOCAL in the filter table?
Something like this: