- User Since
- Aug 3 2017, 1:55 PM (80 w, 5 d)
can you edit /usr/libexec/vyos/system/on-dhcp-event.sh
Sun, Feb 17
@thinkl33t can you please also provide a "faulty" /etc/hosts file?
Sat, Feb 16
Fri, Feb 15
Wed, Feb 13
Latest rolling should autoload the module
br_netfilter should already be compuled as a module. Can you sudo modprobe br_netfilter? To see if it fits your purpose? If so we can autoload it on system bootup
This will be part of a bigger workpackage when the whole firewalling is rewritten. There is yet no ETA.
Your second command does kot specify any output interface whereas the first command speciefies tun0. Especially on ESXi you see almost no difference compared ro a vietual Box.
Tue, Feb 12
Maybe if hostname is empty, we can prepend the mac address to the fqdn which will be stored in /etc/hosts
Something seems to be totally off with set system domain-name and set system domain-search domain
Sun, Feb 10
Interface name is ppp0 but will later be renamed to pppoe0
cpo@BR1# set interfaces ethernet eth1 pppoe 0 ipv6 address autoconf  cpo@BR1# commit [ interfaces ethernet eth1 pppoe 0 ipv6 address autoconf ] cp: cannot create regular file ‘/etc/ppp/ipv6-up.d/50-vyos-pppoe0-autoconf’: No such file or directory sed: can't read /etc/ppp/ipv6-up.d/50-vyos-pppoe0-autoconf: No such file or dire ctory chmod: cannot access ‘/etc/ppp/ipv6-up.d/50-vyos-pppoe0-autoconf’: No such file or directory Warning: IPv6 forwarding is currently enabled. IPv6 address auto-configuration will not be performed unless IPv6 forwarding is disabled.
@fromport how to reproduce? Is this possible with VMWare ESXi? If now, which virtualisation tool to use for testing?
Your given example can thus be enabled via set service dns forwarding domain microsoft.com server x.x.x.x
Okay, a wildcard as in * does not work and is not supported by our underlying pdns-recursor.
@oliveriandrea can you please retest with latest rolling release if it already works?
Implemented in latest rolling and backported to Crux branch for 1.2.1
An easier solution is to wrap the test in ' like use-web='this is your IP'
After some digging this is what I found out with VyOS 1.2.0-epa3:
Sat, Feb 9
Fri, Feb 8
Handled in/with T484, hopefully
Please retest with a new rolling release tomorrow
Patch does not apply cleanly, need to backport it but will do
Tue, Feb 5
Mon, Feb 4
Sun, Feb 3
Ah, there was a similar issue with dhcp last couple of weeks where quotes broke the config (T1129). Can you try using   instead of your whitespace?
Sat, Feb 2
Con you provide a configuration to reproduce the issue?
I can confirm this. 1.2.0-EPA3 does not have thisbissue but 1.2.0 has it.
Thu, Jan 31
Package needs to be build from source. There are already some packages which we build that way like libyang or librtr so not a big deal.
Wed, Jan 30
Sounds more reasonable (enable than disable). Will this affect backwards compatibility or will there be a migrator?
Tue, Jan 29
@danhusan is this your expected behavior?
can you share your DHCP configuration with us for reproducibility?
Mon, Jan 28
IMHO this is a general CLI design issue.
Wed, Jan 23
Nope, I used:
@hagbard I replaced vyos user with another one. Also image corporate setups where RADIUS is used for authing and there are no local users.
Tue, Jan 22
There are no disadvantages in doing so. Any contribution is welcome.
Depending on the task which needs to be executed a script might need to be run as root.
Jan 12 2019
Jan 11 2019
lsmod output from 4.18.6-1 (all 4 NICs working) please. We already have a lsmod output of the other versions.
Please place your code snippets inside a Code section as mentioned above, this makes it easier to read.
Jan 10 2019
No reply from the vendor so far
Jan 9 2019
No issue known but it eases reproducibility
@alexandrestein can you share your complete dns forwarding config node please?
Jan 8 2019
The provides Dockerfile lists all packages which are needed to compile VyOS on a Debian jessie host. If you do not want ro install all this on your host simply use the provided Docker image and you are ready to go.
Jan 7 2019
Thanks. An lsmod from rc5 would be nice, too.
Jan 6 2019
Can you share the dmesg output from RC5 please?
ISO is still building. You are right, a NIC is a NIC, but a NIC consists of a MAC and a PHY which does the PHYsical interface. you can have the same MAC part multiple times but with different PHY ICs. Lets wait for the ISO to compile.
According to the datasheet https://f.ipc2u.de/files/add/doc/445/3I380D-D90-Datasheet.pdf I see no PHY that is used on this board - nevertheless I saw that we do not ship every avialable PHY driver, also drivers present in 1.2.0-rc6 are no longer present like CONFIG_BCM7XXX_PHY. I will provide you with an updated ISO for testing.
Looks like a general issue here. Do you still have the old Buster ISO with Kernel 4.18 that you can install on the target HW?
- (K)ASLR is enabled with https://github.com/vyos/vyos-kernel/blob/35c51d3b30f29110aab12ade5f11f928c68951ec/arch/x86/configs/x86_64_vyos_defconfig#L405
vyos@vyos:~$ show system kernel-messages | grep "Execute Disable" NX (Execute Disable) protection: active
- RELRO there's some info in the Debian Wiki but it reports permission denied: https://wiki.debian.org/Hardening