Page MenuHomeVyOS Platform
People Viacheslav

Viacheslav (Viacheslav Hletenko)
Viacheslav

Projects

User Details

User Since
Oct 2 2019, 6:00 PM (61 w, 1 h)

Recent Activity
View All

Today

Viacheslav added a comment to T3105: static-host-mapping writing in one line.

maybe it happened after that commit https://github.com/vyos/vyos-1x/commit/c87ad948999c28c3c9449f98d60b545481ea29d5
because it was work in VyOS 1.3-rolling-202011250217

Wed, Dec 2, 11:30 AM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3105: static-host-mapping writing in one line.
Wed, Dec 2, 10:20 AM · VyOS 1.3 Equuleus
Viacheslav created T3105: static-host-mapping writing in one line.
Wed, Dec 2, 10:18 AM · VyOS 1.3 Equuleus

Yesterday

Viacheslav changed the status of T3093: Add xml for vpn ipsec, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to Needs testing.
Tue, Dec 1, 5:26 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T3093: Add xml for vpn ipsec from Open to Needs testing.
Tue, Dec 1, 5:26 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T1316: Support for IS-IS .

Perhaps replace config (from_re "interface") delete also and route-maps/prefix-lists from FRR configuration.
https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/protocols_isis.py#L121

Tue, Dec 1, 10:47 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2713: VyOS must not change permissions on files in /config/auth.

Before update

Tue, Dec 1, 8:28 AM · VyOS 1.3 Equuleus
Mon, Nov 30
Viacheslav added a comment to T3094: Can not specify multiple deny ports in FW rule.
@c-po It's mean all NOT ports. If you want to drop not 22,23,24,25
Mon, Nov 30, 6:28 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus
Viacheslav closed T3091: Add "tag" for static route as Resolved.
Mon, Nov 30, 3:30 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T1316: Support for IS-IS  from Open to Needs testing.
Mon, Nov 30, 11:03 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3093: Add xml for vpn ipsec.
PR https://github.com/vyos/vyos-1x/pull/626
Mon, Nov 30, 9:03 AM · VyOS 1.3 Equuleus
Sun, Nov 29
Viacheslav claimed T3093: Add xml for vpn ipsec.
Sun, Nov 29, 9:30 AM · VyOS 1.3 Equuleus
Viacheslav created T3093: Add xml for vpn ipsec.
Sun, Nov 29, 9:30 AM · VyOS 1.3 Equuleus
Sat, Nov 28
Viacheslav changed the status of T3091: Add "tag" for static route from Open to Needs testing.
Sat, Nov 28, 4:41 PM · VyOS 1.3 Equuleus
Viacheslav closed T2890: NAT error adding translation address range as Resolved.
Fixed.
Sat, Nov 28, 4:39 PM · VyOS 1.3 Equuleus
Viacheslav closed T2539:  Issues with parsing ip range for source nat translation address as Resolved.
Fixed



set nat source rule 1000 outbound-interface 'eth1'
set nat source rule 1000 source address '203.0.113.1-203.0.113.4'
set nat source rule 1000 translation address '10.0.0.1-10.0.0.4'
vyos@r5# commit
[ nat ]
Warning: IP address 10.0.0.1 does not exist on the system!
Warning: IP address 10.0.0.4 does not exist on the system!
Sat, Nov 28, 4:37 PM · VyConf
Viacheslav changed the status of T3020: The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location" from In progress to Needs testing.
Sat, Nov 28, 4:20 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3091: Add "tag" for static route.
PR https://github.com/vyos/vyatta-cfg-quagga/pull/57
Sat, Nov 28, 4:16 PM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3091: Add "tag" for static route.
Sat, Nov 28, 4:03 PM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3091: Add "tag" for static route.
Sat, Nov 28, 3:07 PM · VyOS 1.3 Equuleus
Viacheslav created T3091: Add "tag" for static route.
Sat, Nov 28, 2:37 PM · VyOS 1.3 Equuleus
Viacheslav created T3090: Move 'adjust-mss' firewall options to the interface section..
Sat, Nov 28, 2:16 PM · VyOS 1.3 Equuleus
Viacheslav closed T2868: Tcp-mss option in policy calls kernel-panic as Resolved.
Sat, Nov 28, 1:14 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2713: VyOS must not change permissions on files in /config/auth.
@jjakob can you check the latest rolling?
Sat, Nov 28, 10:41 AM · VyOS 1.3 Equuleus
Fri, Nov 27
Viacheslav added a comment to T2713: VyOS must not change permissions on files in /config/auth.
PR https://github.com/vyos/vyatta-cfg-system/pull/132
Fri, Nov 27, 3:00 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T2868: Tcp-mss option in policy calls kernel-panic from Open to Needs testing.
Fri, Nov 27, 1:56 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2868: Tcp-mss option in policy calls kernel-panic.
PR https://github.com/vyos/vyatta-cfg-firewall/pull/19
Fri, Nov 27, 1:19 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2713: VyOS must not change permissions on files in /config/auth.
This probably happens at this stage.

https://github.com/vyos/vyatta-cfg-system/blob/current/scripts/install/install-image-existing#L217-L224
Fri, Nov 27, 9:09 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2868: Tcp-mss option in policy calls kernel-panic.
It seems a wrong logic.

We want that option to have an effect on "local" and "forward" directions, so we use table mangle and "PREROUTING" and VYATTA_FW_IN_HOOK hook

Generated rules
Fri, Nov 27, 7:58 AM · VyOS 1.3 Equuleus
Thu, Nov 26
Viacheslav added a comment to T2868: Tcp-mss option in policy calls kernel-panic.
T490
Thu, Nov 26, 6:11 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2061: protocol logs not sent to remote syslog.
@olofl Can you check the latest rolling release? Are all logs sent correctly?
Thu, Nov 26, 4:17 PM · VyOS 1.3 Equuleus
Wed, Nov 25
Viacheslav added a comment to T2061: protocol logs not sent to remote syslog.
PR https://github.com/sever-sever/vyos-build/tree/T2061
Wed, Nov 25, 11:14 AM · VyOS 1.3 Equuleus
Tue, Nov 24
Viacheslav added a comment to T2061: protocol logs not sent to remote syslog.
Another bug that the following configuration doesn't configure vtysh level debug
Tue, Nov 24, 2:33 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2061: protocol logs not sent to remote syslog.
The main reason is frr code for placing log files in a separate file. 

https://github.com/FRRouting/frr/blob/master/tools/etc/rsyslog.d/45-frr.conf
Tue, Nov 24, 11:43 AM · VyOS 1.3 Equuleus
Mon, Nov 23
Viacheslav claimed T3085: IPv6 BGP Neighbor Weight.
Mon, Nov 23, 4:31 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav added a subtask for T2174: Rewrite protocol BGP to new XML/Python style: T3085: IPv6 BGP Neighbor Weight.
Mon, Nov 23, 4:31 PM · VyOS 1.3 Equuleus
Viacheslav added a parent task for T3085: IPv6 BGP Neighbor Weight: T2174: Rewrite protocol BGP to new XML/Python style.
Mon, Nov 23, 4:31 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav assigned T3083: Add feature event-handler to dmbaturin.
Mon, Nov 23, 8:42 AM · VyOS 1.3 Equuleus
Viacheslav created T3083: Add feature event-handler.
Mon, Nov 23, 8:42 AM · VyOS 1.3 Equuleus
Sun, Nov 22
Viacheslav added a comment to T3074: openvpn site-to-site dosn't work.
Device-type tap option works incorrectly



set interfaces openvpn vtun20 device-type 'tap'
set interfaces openvpn vtun20 local-address 10.0.0.0
set interfaces openvpn vtun20 local-host '100.64.0.1'
set interfaces openvpn vtun20 local-port '22222'
set interfaces openvpn vtun20 mode 'site-to-site'
set interfaces openvpn vtun20 remote-address '10.0.0.1'
set interfaces openvpn vtun20 remote-host '100.64.0.2'
set interfaces openvpn vtun20 remote-port '22222'
set interfaces openvpn vtun20 shared-secret-key-file '/config/auth/foo.key'
Sun, Nov 22, 1:51 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T235: Ability to configure manual IP Rules.
@Dataforce @fetzerms 

ip rule "from" already in CLI T439
Sun, Nov 22, 1:26 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T439: local PBR support.
@pasik Can you check if it solves your expectation?
Sun, Nov 22, 12:20 PM · VyOS 1.3 Equuleus
Fri, Nov 20
Viacheslav changed the status of T439: local PBR support from Open to Needs testing.
Fri, Nov 20, 4:19 PM · VyOS 1.3 Equuleus
Thu, Nov 19
Viacheslav added a comment to T439: local PBR support.
PR https://github.com/vyos/vyos-1x/pull/614

Add the ability to use policy local-route
Thu, Nov 19, 6:11 PM · VyOS 1.3 Equuleus
Tue, Nov 17
Viacheslav added a comment to T439: local PBR support.
Propose to use that format
Tue, Nov 17, 3:19 PM · VyOS 1.3 Equuleus
Mon, Nov 16
Viacheslav added a comment to T160: Support NAT64.
Jool can handle 2 times as many packets. 

https://link.springer.com/article/10.1007/s11235-020-00681-x
Mon, Nov 16, 6:03 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3074: openvpn site-to-site dosn't work.
vyos@r4-roll# sudo cat /run/openvpn/vtun30365.conf 
### Autogenerated by interfaces-openvpn.py ###
#
# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
# for individual keyword definition
#
# 
#
Mon, Nov 16, 5:06 PM · VyOS 1.3 Equuleus
Viacheslav created T3074: openvpn site-to-site dosn't work.
Mon, Nov 16, 4:54 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3073: sh nat source translations python error.
Duplicate T2859
Mon, Nov 16, 10:17 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T1316: Support for IS-IS .
PR https://github.com/vyos/vyos-1x/pull/612

Add ISIS routing.
Mon, Nov 16, 9:25 AM · VyOS 1.3 Equuleus
Sun, Nov 15
Viacheslav added a comment to T3070: Firewall going OOM, possible related to nftables migration.
Possible reason - ipset should be converted to nft list set
Sun, Nov 15, 1:09 PM · VyOS 1.3 Equuleus
Fri, Nov 13
Viacheslav added a comment to T3068: Automatic generation of IPv6 link local addresses for tunnel interfaces.
T2802
Fri, Nov 13, 7:03 PM
Viacheslav added a comment to T3029: Generated NGINX configuration is wrong for the redirection (http -> https).
@cjeanneret Can you re-check it? And close it if all works fine.
Fri, Nov 13, 6:55 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2550: OpenVPN: IPv4 not working in client mode.
T3060
Fri, Nov 13, 5:59 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3060: OpenVPN not working in vyos-1.3-rolling-20201101 and after.
Fix for "remote-host" on client side

https://github.com/vyos/vyos-1x/pull/606
Fri, Nov 13, 5:48 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3060: OpenVPN not working in vyos-1.3-rolling-20201101 and after.
Server conf



set interfaces openvpn vtun0 encryption cipher 'aes256gcm'
set interfaces openvpn vtun0 encryption disable-ncp
set interfaces openvpn vtun0 hash 'sha512'
set interfaces openvpn vtun0 local-host '100.64.0.1'
set interfaces openvpn vtun0 local-port '1194'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 openvpn-option 'tls-version-min 1.3'
set interfaces openvpn vtun0 openvpn-option 'comp-lzo no'
set interfaces openvpn vtun0 persistent-tunnel
set interfaces openvpn vtun0 protocol 'tcp-passive'
set interfaces openvpn vtun0 server client client1 ip '10.10.3.2'
set interfaces openvpn vtun0 server client client1 subnet '10.10.3.0/29'
set interfaces openvpn vtun0 server client client1 subnet '10.20.0.0/16'
set interfaces openvpn vtun0 server subnet '10.10.3.0/29'
set interfaces openvpn vtun0 server topology 'subnet'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/central.crt'
set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn/dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/central.key'
Fri, Nov 13, 5:30 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3060: OpenVPN not working in vyos-1.3-rolling-20201101 and after.
In the new version client configuration
Fri, Nov 13, 1:41 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3060: OpenVPN not working in vyos-1.3-rolling-20201101 and after.
Fri, Nov 13, 1:40 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3060: OpenVPN not working in vyos-1.3-rolling-20201101 and after.
@Zer0t3ch Can you share your configuration?
Fri, Nov 13, 7:32 AM · VyOS 1.3 Equuleus
Thu, Nov 12
Viacheslav added a comment to T3061: OSPF v2 - Filtered route is added to the routing table as inactive.
Imagine if you use for example BGP and don't have a default route or set it to blackhole.

Then you originate the default route for a neighbor.

Why it should not announce the default route to the neighbor?
Thu, Nov 12, 4:56 PM · Restricted Project, VyOS 1.2 Crux
Viacheslav updated the task description for T1711: Bgp set local-AS number one time.
Thu, Nov 12, 3:49 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3061: OSPF v2 - Filtered route is added to the routing table as inactive.
It's normal behavior, so routes not installed in the routing table.
Thu, Nov 12, 1:58 PM · Restricted Project, VyOS 1.2 Crux
Viacheslav added a comment to T2174: Rewrite protocol BGP to new XML/Python style.
PR https://github.com/vyos/vyos-1x/pull/600
Thu, Nov 12, 11:03 AM · VyOS 1.3 Equuleus
Tue, Nov 10
Viacheslav closed T2103: Abnormal interface names if VIF present as Resolved.
Tue, Nov 10, 9:45 AM · VyOS 1.3 Equuleus
Mon, Nov 9
Viacheslav created T3055: op-mode incorrect naming fo ipsec policy-based tunnels .
Mon, Nov 9, 8:12 PM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3054: unionfs-fuse process never stopped after close terminal in config mode.
Mon, Nov 9, 6:41 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux
Viacheslav created T3054: unionfs-fuse process never stopped after close terminal in config mode.
Mon, Nov 9, 5:52 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux
Thu, Nov 5
Viacheslav added a comment to T2940: Update FRR to 7.4.
Neet to retest, the related task T2100
Thu, Nov 5, 7:17 AM · VyOS 1.3 Equuleus
Tue, Nov 3
Viacheslav added a comment to T2967: Duplicate IPv6 BFD Peers Created.
@trae32566 Are there any updates for this task?
Tue, Nov 3, 9:58 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2387: Create XML scheme for [conf_mode] BGP .
PR https://github.com/vyos/vyos-1x/pull/593

Fix validators for "neighbor update-source"
Tue, Nov 3, 5:51 PM · VyOS 1.3 Equuleus
Viacheslav added a parent task for T1941: Config mismatch with FRR on misconfiguration of V6 peer: T2174: Rewrite protocol BGP to new XML/Python style.
Tue, Nov 3, 5:32 PM · VyOS 1.3 Equuleus
Viacheslav added a subtask for T2174: Rewrite protocol BGP to new XML/Python style: T1941: Config mismatch with FRR on misconfiguration of V6 peer.
Tue, Nov 3, 5:32 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2173: Add the ability to use VRF on VTI interfaces.
It can be work with XFRM interfaces https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN#XFRM-interfaces-in-VRFs
Tue, Nov 3, 3:24 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2850: Add  BGP template for FRR.
PR https://github.com/vyos/vyos-1x/pull/591
Tue, Nov 3, 8:50 AM · VyOS 1.3 Equuleus
Nov 2 2020
Viacheslav added a comment to T1276: dhcp relay + VLAN fails.
@phillipmcmahon Try to check if vlan works correctly without DHCP?

I met several nuances associated with vlans on ESXi.
Nov 2 2020, 6:33 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2387: Create XML scheme for [conf_mode] BGP .
PR https://github.com/vyos/vyos-1x/pull/589
Nov 2 2020, 10:59 AM · VyOS 1.3 Equuleus
Nov 1 2020
Viacheslav created T3037: Bgp afi ipv6-unicast capability dynamic bug.
Nov 1 2020, 3:15 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus
Viacheslav added a comment to T1187: Command show log vpn display wrong information  .
We need some expressions like
Nov 1 2020, 1:49 PM · VyOS 1.3 Equuleus
Viacheslav closed T2193: Display disabled VRRP instances in a `show vrrp` output as Resolved.
I see correct state "disabled"
Nov 1 2020, 1:31 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2639: sort output of show vpn ipsec sa .
PR https://github.com/vyos/vyatta-op-vpn/pull/25
Nov 1 2020, 12:24 PM · VyOS 1.3 Equuleus
Viacheslav closed T3031: Error in Equuleus' help for IPv6 ECMP as Resolved.
Nov 1 2020, 8:45 AM · vyatta-cfg-system
Viacheslav closed T3032: Ability to "set table" in the policy route-map as Resolved.
Nov 1 2020, 8:36 AM · VyOS 1.3 Equuleus
Oct 30 2020
Viacheslav added a comment to T1289: route-map set route-type blackhole.
Like this?
Oct 30 2020, 11:07 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T1518: Removing full OSPF protocol is not possible.
This logic does not allow for the complete removal of the protocol.

https://github.com/vyos/vyatta-cfg-quagga/blob/current/templates/protocols/ospf/passive-interface/node.def#L29-L35
Oct 30 2020, 10:53 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2258: VRF route leaking from BGP.
@Azayaka do you mean import routes to a specific table? T3032

Can you check it with the next rolling release?
Oct 30 2020, 10:28 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T1289: route-map set route-type blackhole.
@rizkidtn Update, please your request. Is the community works for you for blackholing?
Oct 30 2020, 10:24 AM · VyOS 1.3 Equuleus
Viacheslav closed T2790: Add ability to set ipv6 protocol route-map for OSPFv3 as Resolved.
Oct 30 2020, 10:07 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3031: Error in Equuleus' help for IPv6 ECMP.
PR https://github.com/vyos/vyos-1x/pull/588
Oct 30 2020, 9:27 AM · vyatta-cfg-system
Viacheslav claimed T3031: Error in Equuleus' help for IPv6 ECMP.
Oct 30 2020, 9:22 AM · vyatta-cfg-system
Viacheslav changed the status of T3032: Ability to "set table" in the policy route-map from Open to Needs testing.
Oct 30 2020, 9:06 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3032: Ability to "set table" in the policy route-map.
PR https://github.com/vyos/vyatta-cfg-quagga/pull/56
Oct 30 2020, 9:04 AM · VyOS 1.3 Equuleus
Viacheslav created T3032: Ability to "set table" in the policy route-map.
Oct 30 2020, 7:29 AM · VyOS 1.3 Equuleus
Oct 29 2020
Viacheslav added a comment to T3030: Support ERSPAN Tunnel Protocol.
Do you mean that?



set interfaces ethernet eth1 mirror
Oct 29 2020, 4:15 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2387: Create XML scheme for [conf_mode] BGP .
    

  1. Not all interfaces can be used as "update-source"
    2. 




Missed  "vti | dum | lo" etc.

https://github.com/vyos/vyos-1x/blob/current/interface-definitions/protocols-bgp.xml.in#L639
Oct 29 2020, 2:49 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2850: Add  BGP template for FRR.
PR https://github.com/vyos/vyos-1x/pull/587

Fix the FRR template for new bgp implementation.
Oct 29 2020, 12:51 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2587: Cannot enable the interface when the MTU is set to less than 1280.
How to do it?
Oct 29 2020, 6:54 AM · VyOS 1.3 Equuleus
Oct 28 2020
Viacheslav updated the task description for T3027: Unable to update system Signature check FAILED.
Oct 28 2020, 3:55 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T3027: Unable to update system Signature check FAILED from Open to Confirmed.
Oct 28 2020, 1:01 PM · VyOS 1.3 Equuleus
Viacheslav created T3027: Unable to update system Signature check FAILED.
Oct 28 2020, 1:00 PM · VyOS 1.3 Equuleus
Oct 27 2020
Viacheslav closed T2587: Cannot enable the interface when the MTU is set to less than 1280 as Resolved.
Fixed



vyos@r4-roll# run show version
Oct 27 2020, 7:28 PM · VyOS 1.3 Equuleus