User Details
User Details
- User Since
- Oct 2 2019, 6:00 PM (156 w, 2 d)
Yesterday
Yesterday
Viacheslav edited projects for T4721: Static IPv6 Route Tags Missing, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
Viacheslav changed the subtype of T4721: Static IPv6 Route Tags Missing from "Bug" to "Feature Request".
Thu, Sep 29
Thu, Sep 29
Viacheslav closed T4715: Auto logout user after a period of inactivity, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.
Viacheslav added a comment to T4708: 'show nat destination rules' throwing an error.
@narey83 Could you re-check it with the latest rolling (start since vyos-1.4-rolling-202209290218-amd64.iso)?
Viacheslav added a comment to T4713: [email protected]:~$ show nat destination rules | doesn't work.
@icyfire0573 Could you re-check it?
Should be fixed in vyos-1.4-rolling-202209290218-amd64.iso
Viacheslav updated subscribers of T2196: Dynamic ipv4 interface list.
Viacheslav added a comment to T4710: show openvpn server occasionally returns IndexError: list index out of range.
I can't reproduce it, VyOS 1.4-rolling-202209290218
[email protected]:~$ show openvpn server
Wed, Sep 28
Wed, Sep 28
Viacheslav added a comment to T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp).
Viacheslav added a comment to T4718: Listen-address is not commit if the ip address is on the interface with vrf.
Maybe something wrong with this check https://github.com/vyos/vyos-1x/blob/f5a50135f07ac4ec8ed431a757b9c56e607d2132/src/conf_mode/dhcp_server.py#L265-L271
Viacheslav added a comment to T4713: [email protected]:~$ show nat destination rules | doesn't work.
Maybe incorrect parsing of port ranges
rule 120 {
description "Playstation - 172.16.136.96"
destination {
port 1935,3074,3478,3479,3480
}Tue, Sep 27
Tue, Sep 27
Viacheslav changed the status of T4716: SSH ability to configure RekeyLimit, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T4716: SSH ability to configure RekeyLimit from Open to In progress.
Viacheslav closed T4711: Ability to terminate user TTY and PTS sessions, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, as Resolved.
Viacheslav closed T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp) as Resolved.
Viacheslav changed the status of T4711: Ability to terminate user TTY and PTS sessions, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T4711: Ability to terminate user TTY and PTS sessions from Open to In progress.
Viacheslav added a comment to T4711: Ability to terminate user TTY and PTS sessions.
Viacheslav changed the status of T4657: op-mode scripts with type hints in `return` do not work from In progress to Needs testing.
Viacheslav added a comment to T4708: 'show nat destination rules' throwing an error.
Should be fixed in the commit https://github.com/vyos/vyos-1x/pull/1552/files#diff-9e98077e1229d7a89e26efdc517896728265a8669e8824aaf92611b113fa3516L47
T4605
Try the latest rolling
Viacheslav added a comment to T4715: Auto logout user after a period of inactivity.
Viacheslav changed the status of T4715: Auto logout user after a period of inactivity, a subtask of T4712: Collaborative Protection Profile cPP for Network Devices root task, from Open to In progress.
Viacheslav changed the status of T4715: Auto logout user after a period of inactivity from Open to In progress.
Viacheslav updated the task description for T4715: Auto logout user after a period of inactivity.
Viacheslav updated the task description for T4715: Auto logout user after a period of inactivity.
Viacheslav added a comment to T4713: [email protected]:~$ show nat destination rules | doesn't work.
Should be fixed in the commit https://github.com/vyos/vyos-1x/pull/1552/files#diff-9e98077e1229d7a89e26efdc517896728265a8669e8824aaf92611b113fa3516L47
Try the latest rolling
Viacheslav changed the status of T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp) from In progress to Needs testing.
Viacheslav moved T4693: ISIS segment routing was broken... from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Mon, Sep 26
Mon, Sep 26
Sun, Sep 25
Sun, Sep 25
Viacheslav changed the status of T4680: Telegraf prometheus-client listen-address invalid format from In progress to Needs testing.
Viacheslav added a comment to T4708: 'show nat destination rules' throwing an error.
Sent steps to reproduce it or “show conf com | match nat”
Viacheslav added a comment to T4710: show openvpn server occasionally returns IndexError: list index out of range.
Sent steps to reproduce it or “show conf com | match openvpn ”
Mon, Sep 19
Mon, Sep 19
Viacheslav added a project to T4704: Allow to set metric (MED) to rtt with rtt,+rtt or -rtt: VyOS 1.4 Sagitta.
Fri, Sep 16
Fri, Sep 16
Viacheslav added a comment to T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp).
PR https://github.com/vyos/vyos-1x/pull/1545
set service ids ddos-protection direction 'in' set service ids ddos-protection listen-interface 'eth1' set service ids ddos-protection mode mirror set service ids ddos-protection threshold general fps '1000' set service ids ddos-protection threshold general mbps '200' set service ids ddos-protection threshold general pps '150000' set service ids ddos-protection threshold tcp fps '25' set service ids ddos-protection threshold tcp mbps '55' set service ids ddos-protection threshold tcp pps '155' set service ids ddos-protection threshold udp fps '100' set service ids ddos-protection threshold udp mbps '100' set service ids ddos-protection threshold udp pps '100' set service ids ddos-protection threshold icmp fps '200' set service ids ddos-protection threshold icmp mbps '210' set service ids ddos-protection threshold icmp pps '2040'
Expected fastnermon config entries:
# General threshold ban_for_flows = on threshold_flows = 1000 ban_for_bandwidth = on threshold_mbps = 200 ban_for_pps = on threshold_pps = 150000
Viacheslav changed the status of T3896: Extend ocserv support to allow for per-group configs from Open to Needs testing.
Viacheslav changed the status of T4697: policy route: Generating ConfigError failes when tcp flag is missing on set tcp-mss rule commit from Open to In progress.
Thu, Sep 15
Thu, Sep 15
Wed, Sep 14
Wed, Sep 14
Viacheslav changed the status of T4680: Telegraf prometheus-client listen-address invalid format from Open to In progress.
Viacheslav changed the status of T4685: Interface does not exist on boot when used as inbound-interface for local policy route from Open to Needs testing.
Viacheslav changed the status of T4695: Add 'es' and 'jp106' keymap option keyboard-layout from In progress to Needs testing.
Viacheslav added a comment to T4687: Canot change configuration after image update from 202207220217 to 202209090217.
As I mentioned above, use it before the configuration, it described in the doc
#!/bin/vbash
Viacheslav changed the status of T4693: ISIS segment routing was broken... from Open to Needs testing.
Viacheslav added a comment to T4694: Allow VyOS Firewall to Match Outbound IPSec Traffic.
There is PR https://github.com/vyos/vyos-1x/pull/1516 but it brakes all GRE traffic
Viacheslav added a comment to T4695: Add 'es' and 'jp106' keymap option keyboard-layout.
Viacheslav changed the status of T4695: Add 'es' and 'jp106' keymap option keyboard-layout from Open to In progress.
Viacheslav renamed T4695: Add 'es' and 'jp106' keymap option keyboard-layout from Add 'es' and 'jp106' keymap to Add 'es' and 'jp106' keymap option keyboard-layout.
Viacheslav added a comment to T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1539
Tue, Sep 13
Tue, Sep 13
Viacheslav added a comment to T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups.
It should be possible in https://github.com/vyos/vyos-1x/pull/1534
set firewall interface ethXvX
Viacheslav added a comment to T4687: Canot change configuration after image update from 202207220217 to 202209090217.
It seems you use some custom scripts for configuration
You have to use
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) [email protected]"
fibefore your configuration script
Fri, Sep 9
Fri, Sep 9
Viacheslav added a comment to T4684: Rewrite show ip route by protocol to vyos.opmode format.
/usr/libexec/vyos/op_mode/route.py already exists but without an execution flag
PR https://github.com/vyos/vyos-1x/pull/1531
Viacheslav changed the status of T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address from Open to In progress.
The real check without IPv4 local/remote:
[email protected]# commit [ interfaces openvpn vtun2 ]
Viacheslav changed the status of T4672: RADIUS server disable does not work from Open to Needs testing.
Thu, Sep 8
Thu, Sep 8
Viacheslav changed Version from VyOS 1.3.1-S1,VyOS 1.3.2 to VyOS 1.3.1-S1, VyOS 1.3.2, VyOS 1.4-rolling-202209070217 on T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address.
Wed, Sep 7
Wed, Sep 7
Viacheslav updated the task description for T4676: IPoE server with mac authentication generates a wrong dictionary.
Viacheslav added a comment to T4617: VRF specification is needed for telegraf prometheus-client listen-address <address> .
@aserkin Could you create a PR?
Tue, Sep 6
Tue, Sep 6
Viacheslav changed the status of T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp) from Open to In progress.
Viacheslav added a comment to T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp).
As we have threshold it seems require migration threshold => threshold general
[email protected]# set service ids ddos-protection threshold Possible completions: fps Flows per second mbps Megabits per second pps Packets per second
Viacheslav closed T4597: Check bind port before assign service HTTPS API and openconnect as Resolved.
Mon, Sep 5
Mon, Sep 5
Viacheslav added a comment to T3476: Update availability check.
PR https://github.com/vyos/vyos-1x/pull/1521
set system update-check auto-check set system update-check url 'http://192.168.122.14:8080/download/image-version.json'
Viacheslav added a comment to T4668: Adding/removing members from bond doesn't work/results in incorrect interface state.
It seems can't pass smoketest
05:47:04 DEBUG - ====================================================================== 05:47:04 DEBUG - FAIL: test_add_multiple_ip_addresses (__main__.BondingInterfaceTest) 05:47:04 DEBUG - ---------------------------------------------------------------------- 05:47:04 DEBUG - Traceback (most recent call last): 05:47:04 DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_interfaces_test.py", line 109, in tearDown 05:47:04 DEBUG - self.assertFalse(process_named_running(daemon)) 05:47:04 DEBUG - AssertionError: 8769 is not false 05:47:04 DEBUG - 05:47:04 DEBUG - ------------------
Viacheslav closed T4655: Firewall in 1.4 sets the default action 'accept' instead of 'drop' as Resolved.
Sat, Sep 3
Sat, Sep 3
Viacheslav changed the status of T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584 from Open to Needs testing.
Fri, Sep 2
Fri, Sep 2
Viacheslav changed the status of T4665: Keepalived cannot use same VRID for VRRPv2 and VRRPv3 from In progress to Needs testing.
Viacheslav added a comment to T3900: Integrate Firewall logic and implementation found on MikroTik RouterOS v6/v7.
@daryll-swer For your use case, you can use your tables/chains (not standard names like RAW/MANGLE INPUT/OUTPUT etc.), that won't be cleared by the VyOS firewall CLI
nft add table MYRAW
nft -- add chain ip MYRAW my_chain '{ type filter hook prerouting priority raw; policy accept; }'
nft add rule ip MYRAW my_chain ip saddr 192.0.2.5 counter dropViacheslav edited projects for T4668: Adding/removing members from bond doesn't work/results in incorrect interface state, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).
Viacheslav added a comment to T3476: Update availability check.
An example of dict that we can use
{
"images": {
"rolling": {
"latest": {
"arch": "amd64",
"flavors": ["azure"],
"image": "vyos-rolling-latest.iso",
"latest": True,
"lts": False,
"release_date": "2022-09-02",
"release_train": "sagitta",
"version": "1.4-rolling-202209020217"
},
"1.4-rolling-202209020217": {
"arch": "amd64",
"flavors": ["generic"],
"image": "vyos-1.4-rolling-202209020217-amd64.iso",
"latest": True,
"lts": False,
"release_date": "2022-09-02",
"release_train": "sagitta",
"version": "1.4-rolling-202209020217"
},
"1.4-rolling-202208291850": {
"arch": "amd64",
"flavors": ["openstack"],
"image": "vyos-1.4-rolling-202208291850-amd64.iso",
"latest": False,
"lts": False,
"release_date": "2022-08-29",
"release_train": "sagitta",
"version": "1.4-rolling-20220829850"
}
},
"lts": {
"latest": {
"arch": "amd64",
"flavors": ["generic"],
"image": "vyos-1.3-x.iso",
"latest": True,
"lts": True,
"release_date": "2022-xx-xx",
"release_train": "equuleus",
"version": "1.3-stable-202208230511"
}
}
}
}Viacheslav changed the subtype of T4668: Adding/removing members from bond doesn't work/results in incorrect interface state from "Task" to "Bug".
Viacheslav added a comment to T4658: Rename DPD action `hold` to `trap`.
Could be a part of T4118
Thu, Sep 1
Thu, Sep 1
Viacheslav added a comment to T4663: Interface pseudo-ethernet does not change mode.
1.3 is not affected by this bug
Viacheslav changed the status of T4665: Keepalived cannot use same VRID for VRRPv2 and VRRPv3 from Open to In progress.