pfsense implements it , however , they explain that it has some limitations :
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 1 2023
Feb 1 2023
There are some limitations
In particular, this is a list (may not be complete) of features that are not available when using ovpn-dco:
Viacheslav changed the status of T4737: FRRouting/zebra 7.5.1 does not redistribute routes to other protocols from In progress to Needs testing.
Viacheslav added a comment to T4972: Support FQDN and IPv6 addresses for RADIUS servers in accel-ppp-backed protocols.
accel-ppp doesn't support FQDN for RADIUS https://docs.accel-ppp.org/en/latest/configuration/radius.html#radius
So it is impossible until it is available in the accep-ppp
Jan 31 2023
Jan 31 2023
PR for Equuleus:
https://github.com/vyos/vyos-build/pull/303
jestabro moved T4970: pin OCaml pcre package to avoid JIT support from Need Triage to Finished on the VyOS 1.4 Sagitta board.
PR for Sagitta:
https://github.com/vyos/vyos-build/pull/301
jestabro added a project to T4970: pin OCaml pcre package to avoid JIT support: VyOS 1.3 Equuleus (1.3.3).
zsdc changed the status of T4737: FRRouting/zebra 7.5.1 does not redistribute routes to other protocols from Confirmed to In progress.
PR for 1.3: https://github.com/vyos/vyos-build/pull/300
Viacheslav moved T4958: Add OpenConnect RADIUS Accounting support from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jan 30 2023
Jan 30 2023
Going to close this task as the PR has been merged into vyos-1x, and documentation has been merged also - https://docs.vyos.io/en/latest/configuration/vpn/openconnect.html#configuring-radius-accounting
Viacheslav changed the status of T4964: FRR bgp address-family l2vpn-evpn route-target export/import not working from In progress to Needs testing.
Will be fixed in the next rolling release
Viacheslav changed the status of T4959: Add container registry authentication config for containers from Open to In progress.
Viacheslav changed the status of T4966: UDEV deadlock on interface name shuffle from Open to Needs testing.
Viacheslav changed the status of T4916: Rewrite IPsec authentication from In progress to Needs testing.
Is it possible to also add some logic to populate boot entries using https://uapi-group.org/specifications/specs/boot_loader_specification/ ? I have been experimenting with systemd-boot, and it's working fine apart from the missing loader files. Those files look something like this:
/usr/lib/live/mount/persistence/loader/entries/1.4-rolling-202210050218-vty.conf
title "VyOS 1.4-rolling-202210050218 (KVM console)" version 1.4-rolling-202210050218 options boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/1.4-rolling-202210050218 console=tty0 linux boot/1.4-rolling-202210050218/vmlinuz initrd boot/1.4-rolling-202210050218/initrd.img
There will be similar files for serial and USB console.
Jan 29 2023
Jan 29 2023
Proposed fix in - https://github.com/vyos/vyos-build/pull/299
Jan 28 2023
Jan 28 2023
florin renamed T4965: empty description in firewall group causes configuration error on migration from empty description in firewall group causes configuration error to empty description in firewall group causes configuration error on migration.
Alfa80 awarded T4962: Fix typo in regex in vyos.config_mgmt compare function a Love token.
Jan 27 2023
Jan 27 2023
jestabro added a comment to T4961: Uncaught configtree error allows ntp migration 1-to-2 to fail silentlly on config.boot.default.
Error reporting: PR's
https://github.com/vyos/vyos-1x/pull/1789
https://github.com/vyos/vyos1x-config/pull/12 (merged)
https://github.com/vyos/libvyosconfig/pull/6 (merged)
zsdc moved T4954: DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init from Need Triage to Backport Candidates on the VyOS 1.4 Sagitta board.
Backport PR https://github.com/vyos/vyos-cloud-init/pull/60
zsdc moved T4960: Bugs in `cc_vyos.py` code (Cloud-Init) from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Fixed in the https://github.com/vyos/vyos-cloud-init/pull/58
zsdc changed the status of T4954: DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init from Open to Backport pending.
Fix for 1.4: https://github.com/vyos/vyos-cloud-init/pull/59
It must be backported to 1.3 now.
daniil added a comment to T4964: FRR bgp address-family l2vpn-evpn route-target export/import not working.
If I don't use advertise-all-vni I get an error
This command is only supported under EVPN VRF
Please use
advertise-all-vni
daniil added a comment to T4964: FRR bgp address-family l2vpn-evpn route-target export/import not working.
My full bgp config:
Viacheslav added a comment to T4964: FRR bgp address-family l2vpn-evpn route-target export/import not working.
Ok I'll re-check with the latest rolling.
r14# show version FRRouting 8.4.2 (r14) on Linux(6.1.6-amd64-vyos). Copyright 1996-2005 Kunihiro Ishiguro, et al.
daniil added a comment to T4964: FRR bgp address-family l2vpn-evpn route-target export/import not working.
hmm, very strange.
Viacheslav added a comment to T4964: FRR bgp address-family l2vpn-evpn route-target export/import not working.
The Original FRR log
This command is only supported under EVPN VRF
r14# conf t r14(config)# router bgp 65000 r14(config-router)# address-family l2vpn evpn r14(config-router-af)# r14(config-router-af)# vni 100 r14(config-router-af-vni)# r14(config-router-af-vni)# route-target import 65000:100 This command is only supported under EVPN VRF r14(config-router-af-vni)#
Viacheslav changed the status of T4964: FRR bgp address-family l2vpn-evpn route-target export/import not working from Open to In progress.
Viacheslav moved T4912: Rewrite the IGMP op mode in the new style from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav changed the status of T4963: vyos.ethtool: improve/fix driver name detection from In progress to Needs testing.
Zen3515 renamed T4959: Add container registry authentication config for containers from Container registry authentication to Add container registry authentication config for containers.
Zen3515 renamed T4959: Add container registry authentication config for containers from Add a way to pull private registry for containers to Container registry authentication.
a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format from Open to In progress.
In testing this I found that ocserv validates its config on startup and using radius accounting without radius authentication fails to validate and the service will not start. As a result i'm not treating OpenConnect accounting as dependant on the radius as the authentication mode.
Jan 26 2023
Jan 26 2023
MartB changed the status of T4963: vyos.ethtool: improve/fix driver name detection from Open to In progress.
jestabro updated the task description for T4961: Uncaught configtree error allows ntp migration 1-to-2 to fail silentlly on config.boot.default.
n.fort changed the status of T4939: VRRP command no-preempt not work as expected from Confirmed to Needs testing.
jestabro lowered the priority of T4961: Uncaught configtree error allows ntp migration 1-to-2 to fail silentlly on config.boot.default from High to Normal.
migration script modified in current; lower task priority to test error reporting from libvyoconfig.
Yeah, in my case as well, NPTv6 is mostly only useful if it it works with a dynamic (from DHCPv6-PD) prefix, since that's how my ISP provides addresses (AFAIK I'd have to pay for a business connection to get a static prefix, though I haven't actually called and asked myself). I'm tempted to play with hacking something together by building from source myself with some tweaks to auto-update the nat rules when it gets a new PD prefix.
erkin closed T4912: Rewrite the IGMP op mode in the new style, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Zen3515 updated the task description for T4959: Add container registry authentication config for containers.
I've created a pull request which add support for this, and yes, it does use raw command.
I know that here we want to avoid "raw options" but I think this is one of the most needed feature and I don't see any other way else to do this. Until a better option is found, I think my PR should do just fine.
Viacheslav changed the status of T4958: Add OpenConnect RADIUS Accounting support from Open to In progress.
Viacheslav changed the status of T4951: Add an op mode exception for cases when operations fail due to insufficient system resources from Open to Needs testing.
Viacheslav changed the status of T4956: 'show hardware cpu' issue on arm64 from Open to Needs testing.
a.apostoliuk changed the status of T4955: Openconnect radiusclient.conf generating with extra authserver from Open to In progress.
jestabro closed T4957: config-mgmt should not attempt to archive config at boot, a subtask of T4942: Rewrite vyatta-config-mgmt to Python/XML, as Resolved.
Jan 25 2023
Jan 25 2023
SrividyaA added a comment to T4853: OpenVPN: unable to commit changes when the interface is down/unknown state.
Tested in a server/client setup:
Viacheslav changed the status of T1297: Add GARP settings to VRRP/keepalived from On hold to Needs testing.
Viacheslav changed the status of T4815: Fix various name server config issues from Open to Needs testing.