VyOS 1.3 based on Debian 9 Stretch
Details
Details
Description
Today
Today
c-po added a comment to T2996: Checking digital signature failed on downgrade from rolling to stable..
Disable downgrades in general is a bad idea. We still can leave the user with a broken config on downgrade but prevent it is bad. Imagine a very simple config, that would be downgradable.
successfully tested on the self-build image from crux branch and the latest rolling image
jack9603301 added a comment to T3115: Firewall on L3 VIF bridge interface.
Before that, should we consider completely migrating the vyos firewall implementation?
Yesterday
Yesterday
c-po closed T3112: PPPoE IPv6: remove "enable" node, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.
c-po added a comment to T3112: PPPoE IPv6: remove "enable" node.
yes, specifying "ipv6" has the same effect as "ipv6 enable"
jack9603301 added a comment to T3112: PPPoE IPv6: remove "enable" node.
Do I only need to execute the following commands when I want to start ipv6?
Viacheslav added a comment to T2996: Checking digital signature failed on downgrade from rolling to stable..
Not sure that it makes sense to downgrade the image from 1.3 to 1.2.
Because there are also no migration "downgrade" scripts.
I propose to add an additional check and disable downgrade images for "add system image".
Viacheslav added a comment to T3020: The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location".
Still old format for completion help
Thu, Dec 3
Thu, Dec 3
runar added a comment to T3108: Section Config overlapped match with FRRConfig.
To clarify the fault here. the smoketest is looking for the word "Config()" inside all conf_mode scripts without taking into account that this could be part of another name. the patch above modifies the behavior to not mat when a alpha-character is in front of the C in Config.
full regex: [^a-ZA-Z]Config\(\)
Viacheslav added a comment to T3108: Section Config overlapped match with FRRConfig.
PR https://github.com/vyos/vyos-1x/pull/632
fix regex in smoketest.
Dmitry updated subscribers of T3104: LLDP Traceback error.
Thanks, @c-po , works as expected.
vyos@vyos:~$ show lldp neighbors
Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
D - Docsis, T - Telephone, O - OtherViacheslav added a comment to T1316: Support for IS-IS .
c-po changed the status of T3105: static-host-mapping writing in one line from Open to Needs testing.
Wed, Dec 2
Wed, Dec 2
c-po added a comment to T3106: 802.11ax support.
Calculating setting is always the smartest idea. I also have a WIFI6 NIC with me, the problem is it is not supported by Linux 4.19. which we currently are forced to use.
Dmitry added a comment to T3104: LLDP Traceback error.
It seems related to this patch https://github.com/vyos/vyos-1x/commit/b39d623170377b2e99fd7e88b627afea71e4d00c#diff-e4557e4a7b41f0e9328ac0e7d7c0305416f0f1e42d46af27c2135ca976434fce
Appears only if you have 2 or more lldp neighbors.
thadrumr added a comment to T3104: LLDP Traceback error.
set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group address-group kasa address '192.168.2.109'
set firewall group address-group kasa address '192.168.2.110'
set firewall group address-group kasa address '192.168.2.101'
set firewall group address-group kasa address '192.168.2.102'
set firewall group address-group kasa address '192.168.2.103'
set firewall group address-group ring address '192.168.2.105'
set firewall group address-group ring address '192.168.2.113'
set firewall group address-group ring address '192.168.2.195'
set firewall group address-group trusted-sip address '*'
set firewall group address-group trusted-sip address '**'
set firewall group address-group trusted-sip address '**'
set firewall group port-group VOIP description ''
set firewall group port-group VOIP port '5060'
set firewall group port-group VOIP port '10001-20000'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name IOT_IN default-action 'drop'
set firewall name IOT_IN enable-default-log
set firewall name IOT_IN rule 10 action 'accept'
set firewall name IOT_IN rule 10 description 'Allow Kasa to HomeAssistant'
set firewall name IOT_IN rule 10 destination address '10.22.87.143'
set firewall name IOT_IN rule 10 source group address-group 'kasa'
set firewall name IOT_IN rule 20 action 'accept'
set firewall name IOT_IN rule 20 description 'Allow HTTPS'
set firewall name IOT_IN rule 20 destination port '443'
set firewall name IOT_IN rule 20 protocol 'tcp'
set firewall name IOT_IN rule 30 action 'accept'
set firewall name IOT_IN rule 30 description 'Allow HTTP'
set firewall name IOT_IN rule 30 destination port '80'
set firewall name IOT_IN rule 30 protocol 'tcp'
set firewall name IOT_IN rule 40 action 'accept'
set firewall name IOT_IN rule 40 description 'Orbit-Behyve'
set firewall name IOT_IN rule 40 destination port '8887'
set firewall name IOT_IN rule 40 protocol 'tcp'
set firewall name IOT_IN rule 50 action 'accept'
set firewall name IOT_IN rule 50 description 'Allow NTP'
set firewall name IOT_IN rule 50 destination port '123'
set firewall name IOT_IN rule 50 protocol 'udp'
set firewall name IOT_IN rule 60 action 'accept'
set firewall name IOT_IN rule 60 description 'Allow DNS'
set firewall name IOT_IN rule 60 destination port '53'
set firewall name IOT_IN rule 60 protocol 'udp'
set firewall name IOT_IN rule 70 action 'accept'
set firewall name IOT_IN rule 70 description 'Ring Allow All'
set firewall name IOT_IN rule 70 protocol 'ip'
set firewall name IOT_IN rule 70 source group address-group 'ring'
set firewall name IOT_IN rule 80 action 'accept'
set firewall name IOT_IN rule 80 description 'MYQ'
set firewall name IOT_IN rule 80 destination port '8883'
set firewall name IOT_IN rule 80 protocol 'tcp'
set firewall name IOT_IN rule 90 action 'accept'
set firewall name IOT_IN rule 90 description 'Allow all from Dude Server'
set firewall name IOT_IN rule 90 protocol 'ip'
set firewall name IOT_IN rule 90 source address '192.168.2.2'
set firewall name IOT_IN rule 100 action 'accept'
set firewall name IOT_IN rule 100 description 'Allow ICMP'
set firewall name IOT_IN rule 100 protocol 'icmp'
set firewall name IOT_IN rule 110 action 'drop'
set firewall name IOT_IN rule 110 description 'Drop Guest to Lan'
set firewall name IOT_IN rule 110 destination address '10.22.87.0/24'
set firewall name IOT_IN rule 110 source
set firewall name WAN_IN default-action 'drop'
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action 'accept'
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established 'enable'
set firewall name WAN_IN rule 10 state related 'enable'
set firewall name WAN_IN rule 20 action 'drop'
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid 'enable'
set firewall name WAN_IN rule 21 action 'accept'
set firewall name WAN_IN rule 21 description 'Allow VOIP'
set firewall name WAN_IN rule 21 log 'disable'
set firewall name WAN_IN rule 21 protocol 'all'
set firewall name WAN_IN rule 21 source group port-group 'VOIP'
set firewall name WAN_IN rule 30 action 'accept'
set firewall name WAN_IN rule 30 destination address '10.22.87.14'
set firewall name WAN_IN rule 30 destination port '5000,16881,9025-9040,8080'
set firewall name WAN_IN rule 30 protocol 'tcp'
set firewall name WAN_IN rule 30 state new 'enable'
set firewall name WAN_IN rule 31 action 'accept'
set firewall name WAN_IN rule 31 destination address '10.22.87.19'
set firewall name WAN_IN rule 31 destination port '1194'
set firewall name WAN_IN rule 31 protocol 'udp'
set firewall name WAN_IN rule 40 action 'accept'
set firewall name WAN_IN rule 40 description 'Allow SIP'
set firewall name WAN_IN rule 40 destination address '10.22.87.7'
set firewall name WAN_IN rule 40 destination port '5060,10000-20000'
set firewall name WAN_IN rule 40 protocol 'udp'
set firewall name WAN_IN rule 40 source group address-group 'trusted-sip'
set firewall name WAN_IN rule 50 action 'accept'
set firewall name WAN_IN rule 50 description 'Allow My Parents LAN IPSec'
set firewall name WAN_IN rule 50 source address '192.168.0.0/24'
set firewall name WAN_IN rule 60 action 'accept'
set firewall name WAN_IN rule 60 description 'Allow Home Assistant'
set firewall name WAN_IN rule 60 destination address '10.22.87.143'
set firewall name WAN_IN rule 60 destination port '8123'
set firewall name WAN_IN rule 60 protocol 'tcp'
set firewall name WAN_IN rule 70 action 'accept'
set firewall name WAN_IN rule 70 description 'Allow Plex Nvidia Shield'
set firewall name WAN_IN rule 70 destination address '10.22.87.115'
set firewall name WAN_IN rule 70 destination port '32400'
set firewall name WAN_IN rule 70 protocol 'tcp'
set firewall name WAN_LOCAL default-action 'drop'
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action 'accept'
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established 'enable'
set firewall name WAN_LOCAL rule 10 state related 'enable'
set firewall name WAN_LOCAL rule 20 action 'drop'
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid 'enable'
set firewall name WAN_LOCAL rule 21 action 'drop'
set firewall name WAN_LOCAL rule 21 description 'Allow limited SSH Attempts'
set firewall name WAN_LOCAL rule 21 destination port '22'
set firewall name WAN_LOCAL rule 21 log 'disable'
set firewall name WAN_LOCAL rule 21 protocol 'tcp'
set firewall name WAN_LOCAL rule 21 recent count '4'
set firewall name WAN_LOCAL rule 21 recent time '60'
set firewall name WAN_LOCAL rule 21 state new 'enable'
set firewall name WAN_LOCAL rule 22 action 'accept'
set firewall name WAN_LOCAL rule 22 description 'Allow New SSH Attemtps'
set firewall name WAN_LOCAL rule 22 destination port '22'
set firewall name WAN_LOCAL rule 22 protocol 'tcp'
set firewall name WAN_LOCAL rule 22 state new 'enable'
set firewall name WAN_LOCAL rule 30 action 'accept'
set firewall name WAN_LOCAL rule 30 description 'Allow ISAKMP'
set firewall name WAN_LOCAL rule 30 destination port '500'
set firewall name WAN_LOCAL rule 30 protocol 'udp'
set firewall name WAN_LOCAL rule 31 action 'accept'
set firewall name WAN_LOCAL rule 31 description 'Allow ESP'
set firewall name WAN_LOCAL rule 31 protocol 'esp'
set firewall name WAN_LOCAL rule 32 action 'accept'
set firewall name WAN_LOCAL rule 32 destination port '4500'
set firewall name WAN_LOCAL rule 32 protocol 'udp'
set firewall name WAN_LOCAL rule 33 action 'accept'
set firewall name WAN_LOCAL rule 33 destination port '1701'
set firewall name WAN_LOCAL rule 33 ipsec match-ipsec
set firewall name WAN_LOCAL rule 33 protocol 'udp'
set firewall name WAN_LOCAL rule 40 action 'accept'
set firewall name WAN_LOCAL rule 40 protocol 'all'
set firewall name WAN_LOCAL rule 40 source address '**'
set firewall name WAN_LOCAL rule 43 action 'accept'
set firewall name WAN_LOCAL rule 50 action 'accept'
set firewall name WAN_LOCAL rule 50 destination port 'openvpn'
set firewall name WAN_LOCAL rule 50 protocol 'udp'
set firewall name WAN_LOCAL rule 60 action 'accept'
set firewall name WAN_LOCAL rule 60 protocol 'all'
set firewall name WAN_LOCAL rule 60 source address '*.*.*.*'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 address 'dhcpv6'
set interfaces ethernet eth0 description 'Internet'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 firewall in name 'WAN_IN'
set interfaces ethernet eth0 firewall local name 'WAN_LOCAL'
set interfaces ethernet eth0 hw-id '**'
set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth0 traffic-policy out 'wanshaper'
set interfaces ethernet eth1 address '10.22.87.1/24'
set interfaces ethernet eth1 description 'Lan'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '**'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 address '192.168.2.1/24'
set interfaces ethernet eth2 description 'IOT'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 firewall in name 'IOT_IN'
set interfaces ethernet eth2 hw-id '*'
set interfaces ethernet eth2 speed 'auto'
set interfaces loopback lo
set nat destination rule 10 description 'Port Forward: Plex and Download Station to 10.22.87.14'
set nat destination rule 10 destination port '5000,16881,9025-9040,8080'
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address '10.22.87.14'
set nat destination rule 11 description 'Port Forward: OpenVPN to 10.22.87.19'
set nat destination rule 11 destination port '1194'
set nat destination rule 11 inbound-interface 'eth0'
set nat destination rule 11 protocol 'udp'
set nat destination rule 11 translation address '10.22.87.19'
set nat destination rule 12 description 'Port Forward: SIP and RTP to FreePBX'
set nat destination rule 12 destination port '5060,10000-20000'
set nat destination rule 12 inbound-interface 'eth0'
set nat destination rule 12 protocol 'udp'
set nat destination rule 12 translation address '10.22.87.7'
set nat destination rule 13 description 'Port Forward Home Assistant'
set nat destination rule 13 destination port '8123'
set nat destination rule 13 inbound-interface 'eth0'
set nat destination rule 13 protocol 'tcp'
set nat destination rule 13 translation address '10.22.87.143'
set nat destination rule 14 description 'NAT Reflection: Xpenology Inside'
set nat destination rule 14 destination port '5000'
set nat destination rule 14 inbound-interface 'eth1'
set nat destination rule 14 protocol 'tcp'
set nat destination rule 14 translation address '10.22.87.14'
set nat destination rule 15 description 'Plex Nvidia Shield'
set nat destination rule 15 destination port '32400'
set nat destination rule 15 inbound-interface 'eth0'
set nat destination rule 15 protocol 'tcp'
set nat destination rule 15 translation address '10.22.87.115'
set nat source rule 10 destination address '192.168.0.0/24'
set nat source rule 10 exclude
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.22.87.0/24'
set nat source rule 110 outbound-interface 'eth0'
set nat source rule 110 source address '10.80.1.0/24'
set nat source rule 110 translation address 'masquerade'
set nat source rule 120 destination address '10.22.87.0/24'
set nat source rule 120 outbound-interface 'eth1'
set nat source rule 120 protocol 'tcp'
set nat source rule 120 source address '10.22.87.0/24'
set nat source rule 120 translation address 'masquerade'
set nat source rule 5010 outbound-interface 'eth0'
set nat source rule 5010 translation address 'masquerade'
set protocols static route 172.17.0.0/16 next-hop 10.22.87.14 distance '1'
set service dns dynamic interface eth0 service afraid host-name '*'
set service dns dynamic interface eth0 service afraid login ''
set service dns dynamic interface eth0 service afraid password ''
set service https virtual-host vhost0 listen-address '10.22.87.1'
set service lldp interface all
set service lldp interface eth1
set service lldp legacy-protocols cdp
set service lldp management-address '10.22.87.1'
set service lldp snmp enable
set service router-advert interface eth1 prefix ::/64 valid-lifetime '2592000'
set service snmp community ** authorization 'rw'
set service snmp community * network '10.22.87.0/24'
set service snmp contact '*'
set service snmp location '*'
set service snmp trap-target 10.22.87.8
set service snmp trap-target 10.22.87.15 community ''
set service ssh ciphers 'aes256-ctr'
set service ssh ciphers 'aes128-ctr'
set service ssh ciphers 'aes256-gcm@openssh.com'
set service ssh ciphers 'aes128-gcm@openssh.com'
set service ssh key-exchange 'diffie-hellman-group14-sha256'
set service ssh key-exchange 'diffie-hellman-group16-sha512'
set service ssh key-exchange 'diffie-hellman-group18-sha512'
set service ssh key-exchange 'diffie-hellman-group-exchange-sha256'
set service ssh port '22'
set system config-management commit-revisions '20'
set system host-name 'vyos'
set system login user mlaney authentication encrypted-password '**'
set system login user mlaney authentication plaintext-password ''
set system login user mlaney full-name 'Me'
set system name-server '1.1.1.1'
set system name-servers-dhcp 'eth0'
set system ntp allow-clients address '10.22.87.0/24'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'America/New_York'
set traffic-policy shaper lanshaper bandwidth '230mbit'
set traffic-policy shaper lanshaper class 2 bandwidth '30%'
set traffic-policy shaper lanshaper class 2 burst '2kb'
set traffic-policy shaper lanshaper class 2 ceiling '100%'
set traffic-policy shaper lanshaper class 2 description 'syn ack bufferbloat'
set traffic-policy shaper lanshaper class 2 match tiny4 ip tcp ack
set traffic-policy shaper lanshaper class 2 match tiny4 ip tcp syn
set traffic-policy shaper lanshaper class 2 match tiny6 ipv6 tcp ack
set traffic-policy shaper lanshaper class 2 match tiny6 ipv6 tcp syn
set traffic-policy shaper lanshaper class 2 queue-type 'fq-codel'
set traffic-policy shaper lanshaper class 10 bandwidth '15%'
set traffic-policy shaper lanshaper class 10 burst '2kb'
set traffic-policy shaper lanshaper class 10 ceiling '100%'
set traffic-policy shaper lanshaper class 10 description 'voip rtp traffic'
set traffic-policy shaper lanshaper class 10 match voip-rtp ip dscp '46'
set traffic-policy shaper lanshaper class 10 queue-type 'fq-codel'
set traffic-policy shaper lanshaper class 20 bandwidth '5%'
set traffic-policy shaper lanshaper class 20 burst '2kb'
set traffic-policy shaper lanshaper class 20 ceiling '100%'
set traffic-policy shaper lanshaper class 20 description 'voip sip traffic'
set traffic-policy shaper lanshaper class 20 match voip-sip ip dscp '24'
set traffic-policy shaper lanshaper class 20 queue-type 'fq-codel'
set traffic-policy shaper lanshaper default bandwidth '50%'
set traffic-policy shaper lanshaper default burst '2kb'
set traffic-policy shaper lanshaper default ceiling '100%'
set traffic-policy shaper lanshaper default queue-type 'fq-codel'
set traffic-policy shaper lanshaper description 'lan output policy'
set traffic-policy shaper wanshaper bandwidth '12mbit'
set traffic-policy shaper wanshaper class 2 bandwidth '30%'
set traffic-policy shaper wanshaper class 2 burst '2kb'
set traffic-policy shaper wanshaper class 2 ceiling '100%'
set traffic-policy shaper wanshaper class 2 description 'syn ack bufferbloat'
set traffic-policy shaper wanshaper class 2 match tiny4 ip tcp ack
set traffic-policy shaper wanshaper class 2 match tiny4 ip tcp syn
set traffic-policy shaper wanshaper class 2 match tiny6 ipv6 tcp ack
set traffic-policy shaper wanshaper class 2 match tiny6 ipv6 tcp syn
set traffic-policy shaper wanshaper class 2 queue-type 'fq-codel'
set traffic-policy shaper wanshaper class 10 bandwidth '15%'
set traffic-policy shaper wanshaper class 10 burst '2kb'
set traffic-policy shaper wanshaper class 10 ceiling '100%'
set traffic-policy shaper wanshaper class 10 description 'voip rtp traffic'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling1 ip destination address '166.216.153.132/32'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling2 ip destination address '166.216.150.131/32'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling3 ip destination address '107.225.52.51/32'
set traffic-policy shaper wanshaper class 10 match workvpn3 ip destination address '**'
set traffic-policy shaper wanshaper class 10 match workvpn1 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match work1 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match vnet01 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match vnet02 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match voip-rtp ip dscp '46'
set traffic-policy shaper wanshaper class 10 queue-type 'fq-codel'
set traffic-policy shaper wanshaper class 20 bandwidth '5%'
set traffic-policy shaper wanshaper class 20 burst '2kb'
set traffic-policy shaper wanshaper class 20 ceiling '100%'
set traffic-policy shaper wanshaper class 20 description 'voip sip traffic'
set traffic-policy shaper wanshaper class 20 match voip-sip ip dscp '24'
set traffic-policy shaper wanshaper class 20 queue-type 'fq-codel'
set traffic-policy shaper wanshaper default bandwidth '50%'
set traffic-policy shaper wanshaper default burst '2kb'
set traffic-policy shaper wanshaper default ceiling '100%'
set traffic-policy shaper wanshaper default queue-type 'fq-codel'
set traffic-policy shaper wanshaper description 'wan output policy'
set vpn ipsec esp-group home-esp compression 'disable'
set vpn ipsec esp-group home-esp lifetime '3600'
set vpn ipsec esp-group home-esp mode 'tunnel'
set vpn ipsec esp-group home-esp pfs 'enable'
set vpn ipsec esp-group home-esp proposal 1 encryption 'aes256'
set vpn ipsec esp-group home-esp proposal 1 hash 'sha256'
set vpn ipsec ike-group home-ike close-action 'none'
set vpn ipsec ike-group home-ike dead-peer-detection action 'hold'
set vpn ipsec ike-group home-ike dead-peer-detection interval '120'
set vpn ipsec ike-group home-ike dead-peer-detection timeout '120'
set vpn ipsec ike-group home-ike ikev2-reauth 'no'
set vpn ipsec ike-group home-ike key-exchange 'ikev2'
set vpn ipsec ike-group home-ike lifetime '3600'
set vpn ipsec ike-group home-ike proposal 1 dh-group '21'
set vpn ipsec ike-group home-ike proposal 1 encryption 'aes256'
set vpn ipsec ike-group home-ike proposal 1 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec site-to-site peer *.*.*.* authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer *.*.*.* authentication pre-shared-secret 'mysupersecretpasswored'
set vpn ipsec site-to-site peer *.*.*.* connection-type 'initiate'
set vpn ipsec site-to-site peer *.*.*.* ike-group 'home-ike'
set vpn ipsec site-to-site peer *.*.*.* ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer *.*.*.* local-address '***'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 allow-public-networks 'disable'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 esp-group 'home-esp'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 local prefix '10.22.87.0/24'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 remote prefix '192.168.0.0/24'
Ok, with cisco device and added vif 1 I can reproduce this issue
vyos@vyos# run show lldp neighbors
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/lldp_op.py", line 121, in <module>
config_text = tmpl.render(parse_data(neighbors))
File "/usr/libexec/vyos/op_mode/lldp_op.py", line 50, in parse_data
for local_if, values in data.items():
AttributeError: 'list' object has no attribute 'items'Dmitry added a comment to T3104: LLDP Traceback error.
I still can't reproduce this issue.
vyos@vyos:~$ show configuration commands | match lldp
set service lldp interface eth1
set service lldp legacy-protocols cdp
set service lldp management-address '192.168.255.31'
set service lldp snmp enable
vyos@vyos:~$ show lldp neighbors
Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
D - Docsis, T - Telephone, O - Otherthadrumr added a comment to T3104: LLDP Traceback error.
It looks like the issue is CDP. If I remove the CDP piece of the config then it works.
thadrumr added a comment to T3104: LLDP Traceback error.
I just upgraded to the absolute latest rolling release that came out early this morning and it has the same issue.
jack9603301 added a comment to T3106: 802.11ax support.
As far as I know, you only need to work in the vyos-1x code base
thadrumr added a comment to T3104: LLDP Traceback error.
I just tried the show lldp neighbors again and it doesn't work but sudo lldpcli show neighbors works
thadrumr added a comment to T3104: LLDP Traceback error.
mlaney@vyos:~$ sudo lldpcli show neighbors
LLDP neighbors:
Interface: eth1, via: CDPv2, RID: 1, Time: 0 day, 08:19:01
Chassis:
ChassisID: local Cisco-Sw1.local
SysName: Cisco-Sw1.local
SysDescr: cisco WS-C2960S-48LPS-L running on
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(2)E9, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sat 08-Sep-18 14:56 by prod_rel_team
MgmtIP: 10.22.87.254
Capability: Bridge, on
Port:
PortID: ifname GigabitEthernet1/0/9
PortDescr: GigabitEthernet1/0/9
TTL: 180Interface: eth1, via: CDPv2, RID: 1, Time: 0 day, 08:18:47
Chassis:
ChassisID: local Cisco-Sw1.local
SysName: Cisco-Sw1.local
SysDescr: cisco WS-C2960S-48LPS-L running on
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(2)E9, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sat 08-Sep-18 14:56 by prod_rel_teamthadrumr added a comment to T3104: LLDP Traceback error.
Here is my lldp config. ETH0 is WAN ETH1 is lan that is why only eth1 has lldp enabled.
Viacheslav added a comment to T3105: static-host-mapping writing in one line.
maybe it happened after that commit https://github.com/vyos/vyos-1x/commit/c87ad948999c28c3c9449f98d60b545481ea29d5
because it was work in VyOS 1.3-rolling-202011250217
Viacheslav updated the task description for T3105: static-host-mapping writing in one line.
jack9603301 added a comment to T973: Create Prometheus Exporter for VyOS .
Hi, guys, I found an interesting script in frrouter's github repo. In fact, this is purely because someone wrote a script and submitted the following bug report:
Dmitry added a comment to T3104: LLDP Traceback error.
@thadrumr please provide your lldp configuration. show configuration commands | match lldp
I can't reproduce this issue in lab with the latest rolling. Provide please detailed reproducing steps, also will be helpful to get an output
sudo lldpcli show neighbors