PR for 1.3 https://github.com/vyos/vyos-1x/pull/1391
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jul 5 2022
Jul 5 2022
c-po changed the status of T2683: no dual stack in system static-host-mapping host-name from Backport candidate to In progress.
c-po edited projects for T2654: Multiple names unable to be assigned to the same static mapping, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus (1.3.0).
Sorry just to clarify these are mostly web domains, not DCs, so there is no DNS running on them just HTTP.
Jul 4 2022
Jul 4 2022
I wanted to ask you guys if this is an appropriate change to make. Considering it's on BGP, it's going to be a change in a crucial part but I think this one is probably a good one to make just to reduce ambiguity.
c-po added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
PR for equuleus (upcoming 1.3.2 release https://github.com/vyos/vyos-1x/pull/1390)
c-po moved T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages from Need Triage to Finished on the VyOS 1.4 Sagitta board.
PR https://github.com/vyos/vyos-1x/pull/1389
set service dns forwarding dns64-prefix 2001:db8:aabc::/96
Or probably better:
c-po edited projects for T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
c-po added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
NTP listen option not only supports IPv4/IPv6 addresses but also interface names.
Oh, if you are asking for an example of what the VyOS config setting would look like?
I've been manually adding TAYGA to VyOS (See T160) for my NAT64 capability.
@dsummers Could you provide an example of VyOS configuration and an example of what you add?
Viacheslav changed the status of T4378: Unable to submit wildcard ("*.example.com") A or AAAA records in dns forwarder from Open to Needs testing.
zsdc added a comment to T4508: Problem with values of the same environment in different event handlers.
a.apostoliuk changed the status of T4508: Problem with values of the same environment in different event handlers from Open to In progress.
Yes, I spent quite some time trying to replicate your findings until I noticed that you used if commit_in_progress, so the truth value of a defined object that isn't None or False was trivially true.
Bug of testing
I tested commit_in_progress instead of commit_in_progress()
Viacheslav closed T3600: DHCP Interface static route breaks PBR, a subtask of T3505: Commits do not respect changes in FRR that are not stored in a config, as Resolved.
marekm added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
In T4456#125497, @Viacheslav wrote:@marekm Did you set a proper listen to address for it?
set system ntp listen-address x.x.x.x
Is there any further testing needed by me or someone else will do that?
Viacheslav moved T4501: Syslog-identifier does not work in event handler from Need Triage to Finished on the VyOS 1.4 Sagitta board.
a.apostoliuk closed T4501: Syslog-identifier does not work in event handler, a subtask of T3083: Add feature event-handler, as Resolved.
I tested on VyOS 1.4-rolling-202207030217. The bug was resolved.
Jul 3 2022
Jul 3 2022
Viacheslav changed the status of T4507: IPoE-server add multiplier option for shaper from Open to Needs testing.
I already tested the PR before submitting:
Jul 2 2022
Jul 2 2022
Viacheslav renamed T4502: Consider implementing (NAT/other) flow table offload from Consider implementing NAT flow table offload to Consider implementing (NAT/other) flow table offload.
Viacheslav updated the task description for T2189: Adding a large port-range will take ~ 20 minutes to commit.
Viacheslav added a project to T4505: Function commit_in_progress works incorrect: VyOS 1.3 Equuleus (1.3.2).
Potentially slow validators:
src/validators/interface-address:ipaddrcheck --is-ipv4-host $1 || ipaddrcheck --is-ipv6-host $1
src/validators/ip-address:ipaddrcheck --is-any-single $1
src/validators/ip-cidr:ipaddrcheck --is-any-cidr $1
src/validators/ip-host:ipaddrcheck --is-any-host $1
src/validators/ip-prefix:ipaddrcheck --is-any-net $1
src/validators/ipv4:ipaddrcheck --is-ipv4 $1
src/validators/ipv4-address:ipaddrcheck --is-ipv4-single $1
src/validators/ipv4-host:ipaddrcheck --is-ipv4-host $1
src/validators/ipv4-multicast:ipaddrcheck --is-ipv4-multicast $1 && ipaddrcheck --is-ipv4-single $1
src/validators/ipv4-prefix:ipaddrcheck --is-ipv4-net $1
src/validators/ipv4-range: ipaddrcheck --is-ipv4-single ${strarr[0]}
src/validators/ipv4-range: ipaddrcheck --is-ipv4-single ${strarr[1]}
src/validators/ipv6:ipaddrcheck --is-ipv6 $1
src/validators/ipv6-address:ipaddrcheck --is-ipv6-single $1
src/validators/ipv6-host:ipaddrcheck --is-ipv6-host $1
src/validators/ipv6-multicast:ipaddrcheck --is-ipv6-multicast $1 && ipaddrcheck --is-ipv6-single $1
src/validators/ipv6-prefix:ipaddrcheck --is-ipv6-net $1Inverse match PR: https://github.com/vyos/vyos-1x/pull/1386
Jul 1 2022
Jul 1 2022
If the counters are visible and incrementing when checking with nft list table ip filter then I don't think this is an implementation issue. Wondering if its a problem with the syslog daemon.
Viacheslav changed the status of T1375: Add clear dhcp server lease function from Open to Needs testing.
Viacheslav edited projects for T1375: Add clear dhcp server lease function, added: VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus (1.3.0).
Viacheslav moved T4489: MPLS sysctl not persistent for tunnel interfaces from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
I can't reproduce it in VyOS 1.3.1-S1 and VyOS 1.3-stable-202206240423
vyos@r1:~$ show conf com | match eth1 set interfaces ethernet eth1 address 'dhcp' set interfaces ethernet eth1 mtu '9000'
Viacheslav removed a project from T4451: The DHCPv6 server leases function the display of the hostname: VyOS 1.3 Equuleus.
Viacheslav changed the status of T4501: Syslog-identifier does not work in event handler, a subtask of T3083: Add feature event-handler, from In progress to Needs testing.
Viacheslav changed the status of T4501: Syslog-identifier does not work in event handler from In progress to Needs testing.
@a.apostoliuk Will be fixed in the next rolling release, could you re-test it?
@n.fort Could you create PR for 1.3?
I think it should be here https://github.com/vyos/vyatta-cfg-quagga/blob/d4097690c40f619bc0e78a0d674985f7880a19a3/templates/policy/route-map/node.tag/rule/node.tag/match/peer/node.def#L3-L4
The same behavior for 1.2
It seems some old/depricated pkg ipp2p
vyos@r12# set firewall ipv6-name TEST rule 1 action drop [edit] vyos@r12# set firewall ipv6-name TEST rule 1 p2p all [edit] vyos@r12# commit [ firewall ipv6-name TEST ] ip6tables v1.4.21: Couldn't load match `ipp2p':No such file or directory
Viacheslav added a parent task for T4501: Syslog-identifier does not work in event handler: T3083: Add feature event-handler.
Viacheslav removed a subtask for T4501: Syslog-identifier does not work in event handler: T3083: Add feature event-handler.
Viacheslav removed a parent task for T3083: Add feature event-handler: T4501: Syslog-identifier does not work in event handler.
Viacheslav added a parent task for T3083: Add feature event-handler: T4501: Syslog-identifier does not work in event handler.
Viacheslav changed the status of T4501: Syslog-identifier does not work in event handler from Open to In progress.
Viacheslav added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
@marekm Did you set a proper listen to address for it?
set system ntp listen-address x.x.x.x
c-po closed T2455: No support for the IPv6 VTI, a subtask of T2353: Interface [conf_mode] errors parent task, as Resolved.
Also add IPv6 link local address support to auto generate a link-local address as on any other type of interface.
With recent versions of strongSwan and XFRM interface in VyOS 1.4 this is now possible.
c-po changed the status of T2455: No support for the IPv6 VTI, a subtask of T2353: Interface [conf_mode] errors parent task, from Open to In progress.
Jun 30 2022
Jun 30 2022
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
In T1641#125443, @Viacheslav wrote:@trae32566 Extentd conntrack table and reduce timeouts:
for example
There is no dict if exists only one record in the https://github.com/vyos/vyos-1x/blob/cefc7ce9bfcf7750700e73edbc21864fe8ab0bee/src/op_mode/show_nat_translations.py#L103-L110
So it can't parse correctly
Unknown Object (User) added a comment to T4457: L2TP/IPSec Remote Access VPN does not work as expected in 1.3.1-S1.
Maybe it depends on the version of accel-ppp.
In 1.2.8:
Viacheslav added a comment to T4313: "generate public-key-command" throws unhandled exceptions when it cannot retrieve the key.
Cherry-pick for 1.3 https://github.com/vyos/vyos-1x/pull/1381
In T2455#68732, @dmbaturin wrote:VTI is secretly IPIP, so it doesn't support IPv6. The real issue is that we don't support the IPv6 variant of VTI yet.
Viacheslav added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
@trae32566 Extentd conntrack table and reduce timeouts:
for example
set system sysctl parameter net.netfilter.nf_conntrack_generic_timeout value 60 set system sysctl parameter net.netfilter.nf_conntrack_icmp_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_icmpv6_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_close_wait value 20 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_established value 1800 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_fin_wait value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_recv value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_sent value 60 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_time_wait value 120 set system sysctl parameter net.netfilter.nf_conntrack_udp_timeout_stream value 60
Viacheslav changed the status of T4498: bridge: Add option to enable/disable IGMP/MLD snooping from Open to Needs testing.
@Viacheslav There is already a set interfaces bridge brN igmp node. If the default option is enabled, I think set interfaces bridge brN igmp disable-snooping would sound better.
I prefer to have IGMP snooping disabled as the default option, since improper IGMP snooping causes issues while disabling IGMP snooping doesn't.
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
This seems to be an issue in 1.4 as well, I have the exact same symptoms, and removing the accept-protocol fixes the issue.
Jun 29 2022
Jun 29 2022