Page MenuHomeVyOS Platform

VyOS 1.3 EquuleusProject
ActivePublic

Details

Description

VyOS 1.3 based on Debian 9 Stretch

Recent Activity

Today

c-po added a comment to T2996: Checking digital signature failed on downgrade from rolling to stable..

Disable downgrades in general is a bad idea. We still can leave the user with a broken config on downgrade but prevent it is bad. Imagine a very simple config, that would be downgradable.

Sat, Dec 5, 4:35 PM · VyOS 1.3 Equuleus
Dmitry closed T2744: igmp-proxy issue: Address already in use as Resolved.

successfully tested on the self-build image from crux branch and the latest rolling image

Sat, Dec 5, 1:41 PM · VyOS 1.3 Equuleus
jack9603301 triaged T3116: Support L4 level load balancing as Wishlist priority.
Sat, Dec 5, 12:45 PM · VyOS 1.3 Equuleus
jack9603301 created T3116: Support L4 level load balancing.
Sat, Dec 5, 12:44 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3115: Firewall on L3 VIF bridge interface.

Before that, should we consider completely migrating the vyos firewall implementation?

Sat, Dec 5, 12:28 PM · VyOS 1.3 Equuleus
primoz created T3115: Firewall on L3 VIF bridge interface.
Sat, Dec 5, 12:08 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3089: Migrate port mirroring to vyos-1x and support two-way traffic mirroring.

PR: https://github.com/vyos/vyos-1x/pull/633

Sat, Dec 5, 8:36 AM · VyOS 1.3 Equuleus

Yesterday

c-po claimed T2562: VyOS can't be used as a DHCP server for a DHCP relay.
Fri, Dec 4, 5:49 PM · VyOS 1.3 Equuleus
c-po closed T3100: Migrate DHCP server to get_config_dict() as Resolved.
Fri, Dec 4, 5:48 PM · VyOS 1.3 Equuleus
c-po closed T3112: PPPoE IPv6: remove "enable" node as Resolved.
Fri, Dec 4, 1:18 PM · VyOS 1.3 Equuleus
c-po closed T3112: PPPoE IPv6: remove "enable" node, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.
Fri, Dec 4, 1:18 PM · VyOS 1.3 Equuleus
c-po added a comment to T3112: PPPoE IPv6: remove "enable" node.

yes, specifying "ipv6" has the same effect as "ipv6 enable"

Fri, Dec 4, 1:18 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3112: PPPoE IPv6: remove "enable" node.

Do I only need to execute the following commands when I want to start ipv6?

Fri, Dec 4, 12:42 PM · VyOS 1.3 Equuleus
c-po triaged T3112: PPPoE IPv6: remove "enable" node as Wishlist priority.
Fri, Dec 4, 12:15 PM · VyOS 1.3 Equuleus
c-po claimed T3112: PPPoE IPv6: remove "enable" node.
Fri, Dec 4, 12:15 PM · VyOS 1.3 Equuleus
c-po created T3112: PPPoE IPv6: remove "enable" node.
Fri, Dec 4, 12:15 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2996: Checking digital signature failed on downgrade from rolling to stable..

Not sure that it makes sense to downgrade the image from 1.3 to 1.2.
Because there are also no migration "downgrade" scripts.
I propose to add an additional check and disable downgrade images for "add system image".

Fri, Dec 4, 9:42 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3020: The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location".

Still old format for completion help

Fri, Dec 4, 9:25 AM · VyOS 1.3 Equuleus
Viacheslav created T3110: Broken pipe in show intefaces.
Fri, Dec 4, 8:31 AM · VyOS 1.3 Equuleus
Viacheslav closed T3108: Section Config overlapped match with FRRConfig as Resolved.
Fri, Dec 4, 7:36 AM · VyOS 1.3 Equuleus
dmbaturin created T3109: Add a disable option to the WAN load balancing rules.
Fri, Dec 4, 1:03 AM · VyOS 1.2 Crux, VyOS 1.3 Equuleus

Thu, Dec 3

runar added a comment to T3108: Section Config overlapped match with FRRConfig.

To clarify the fault here. the smoketest is looking for the word "Config()" inside all conf_mode scripts without taking into account that this could be part of another name. the patch above modifies the behavior to not mat when a alpha-character is in front of the C in Config.
full regex: [^a-ZA-Z]Config\(\)

Thu, Dec 3, 8:01 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3108: Section Config overlapped match with FRRConfig.

PR https://github.com/vyos/vyos-1x/pull/632
fix regex in smoketest.

Thu, Dec 3, 7:07 PM · VyOS 1.3 Equuleus
c-po closed T3105: static-host-mapping writing in one line as Resolved.
Thu, Dec 3, 5:45 PM · VyOS 1.3 Equuleus
Viacheslav created T3108: Section Config overlapped match with FRRConfig.
Thu, Dec 3, 4:49 PM · VyOS 1.3 Equuleus
c-po closed T3104: LLDP Traceback error as Resolved.
Thu, Dec 3, 12:22 PM · VyOS 1.3 Equuleus
Dmitry updated subscribers of T3104: LLDP Traceback error.

Thanks, @c-po , works as expected.

vyos@vyos:~$ show  lldp neighbors 
Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
                  D - Docsis, T - Telephone, O - Other
Thu, Dec 3, 11:58 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T1316: Support for IS-IS .

PR https://github.com/vyos/vyos-1x/pull/630

Thu, Dec 3, 7:35 AM · VyOS 1.3 Equuleus
c-po changed the status of T3105: static-host-mapping writing in one line from Open to Needs testing.
Thu, Dec 3, 6:59 AM · VyOS 1.3 Equuleus
c-po closed T3107: Update Linux Kernel to v4.19.161 as Resolved.
Thu, Dec 3, 6:57 AM · VyOS 1.3 Equuleus
c-po created T3107: Update Linux Kernel to v4.19.161.
Thu, Dec 3, 6:49 AM · VyOS 1.3 Equuleus
c-po claimed T3105: static-host-mapping writing in one line.
Thu, Dec 3, 4:49 AM · VyOS 1.3 Equuleus

Wed, Dec 2

c-po changed the status of T3104: LLDP Traceback error from Confirmed to Needs testing.
Wed, Dec 2, 7:01 PM · VyOS 1.3 Equuleus
c-po added a comment to T3106: 802.11ax support.

Calculating setting is always the smartest idea. I also have a WIFI6 NIC with me, the problem is it is not supported by Linux 4.19. which we currently are forced to use.

Wed, Dec 2, 6:15 PM · VyOS 1.3 Equuleus
Dmitry added a comment to T3104: LLDP Traceback error.

It seems related to this patch https://github.com/vyos/vyos-1x/commit/b39d623170377b2e99fd7e88b627afea71e4d00c#diff-e4557e4a7b41f0e9328ac0e7d7c0305416f0f1e42d46af27c2135ca976434fce
Appears only if you have 2 or more lldp neighbors.

Wed, Dec 2, 1:39 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group address-group kasa address '192.168.2.109'
set firewall group address-group kasa address '192.168.2.110'
set firewall group address-group kasa address '192.168.2.101'
set firewall group address-group kasa address '192.168.2.102'
set firewall group address-group kasa address '192.168.2.103'
set firewall group address-group ring address '192.168.2.105'
set firewall group address-group ring address '192.168.2.113'
set firewall group address-group ring address '192.168.2.195'
set firewall group address-group trusted-sip address '*'
set firewall group address-group trusted-sip address '
**'
set firewall group address-group trusted-sip address '
**'
set firewall group port-group VOIP description ''
set firewall group port-group VOIP port '5060'
set firewall group port-group VOIP port '10001-20000'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name IOT_IN default-action 'drop'
set firewall name IOT_IN enable-default-log
set firewall name IOT_IN rule 10 action 'accept'
set firewall name IOT_IN rule 10 description 'Allow Kasa to HomeAssistant'
set firewall name IOT_IN rule 10 destination address '10.22.87.143'
set firewall name IOT_IN rule 10 source group address-group 'kasa'
set firewall name IOT_IN rule 20 action 'accept'
set firewall name IOT_IN rule 20 description 'Allow HTTPS'
set firewall name IOT_IN rule 20 destination port '443'
set firewall name IOT_IN rule 20 protocol 'tcp'
set firewall name IOT_IN rule 30 action 'accept'
set firewall name IOT_IN rule 30 description 'Allow HTTP'
set firewall name IOT_IN rule 30 destination port '80'
set firewall name IOT_IN rule 30 protocol 'tcp'
set firewall name IOT_IN rule 40 action 'accept'
set firewall name IOT_IN rule 40 description 'Orbit-Behyve'
set firewall name IOT_IN rule 40 destination port '8887'
set firewall name IOT_IN rule 40 protocol 'tcp'
set firewall name IOT_IN rule 50 action 'accept'
set firewall name IOT_IN rule 50 description 'Allow NTP'
set firewall name IOT_IN rule 50 destination port '123'
set firewall name IOT_IN rule 50 protocol 'udp'
set firewall name IOT_IN rule 60 action 'accept'
set firewall name IOT_IN rule 60 description 'Allow DNS'
set firewall name IOT_IN rule 60 destination port '53'
set firewall name IOT_IN rule 60 protocol 'udp'
set firewall name IOT_IN rule 70 action 'accept'
set firewall name IOT_IN rule 70 description 'Ring Allow All'
set firewall name IOT_IN rule 70 protocol 'ip'
set firewall name IOT_IN rule 70 source group address-group 'ring'
set firewall name IOT_IN rule 80 action 'accept'
set firewall name IOT_IN rule 80 description 'MYQ'
set firewall name IOT_IN rule 80 destination port '8883'
set firewall name IOT_IN rule 80 protocol 'tcp'
set firewall name IOT_IN rule 90 action 'accept'
set firewall name IOT_IN rule 90 description 'Allow all from Dude Server'
set firewall name IOT_IN rule 90 protocol 'ip'
set firewall name IOT_IN rule 90 source address '192.168.2.2'
set firewall name IOT_IN rule 100 action 'accept'
set firewall name IOT_IN rule 100 description 'Allow ICMP'
set firewall name IOT_IN rule 100 protocol 'icmp'
set firewall name IOT_IN rule 110 action 'drop'
set firewall name IOT_IN rule 110 description 'Drop Guest to Lan'
set firewall name IOT_IN rule 110 destination address '10.22.87.0/24'
set firewall name IOT_IN rule 110 source
set firewall name WAN_IN default-action 'drop'
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action 'accept'
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established 'enable'
set firewall name WAN_IN rule 10 state related 'enable'
set firewall name WAN_IN rule 20 action 'drop'
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid 'enable'
set firewall name WAN_IN rule 21 action 'accept'
set firewall name WAN_IN rule 21 description 'Allow VOIP'
set firewall name WAN_IN rule 21 log 'disable'
set firewall name WAN_IN rule 21 protocol 'all'
set firewall name WAN_IN rule 21 source group port-group 'VOIP'
set firewall name WAN_IN rule 30 action 'accept'
set firewall name WAN_IN rule 30 destination address '10.22.87.14'
set firewall name WAN_IN rule 30 destination port '5000,16881,9025-9040,8080'
set firewall name WAN_IN rule 30 protocol 'tcp'
set firewall name WAN_IN rule 30 state new 'enable'
set firewall name WAN_IN rule 31 action 'accept'
set firewall name WAN_IN rule 31 destination address '10.22.87.19'
set firewall name WAN_IN rule 31 destination port '1194'
set firewall name WAN_IN rule 31 protocol 'udp'
set firewall name WAN_IN rule 40 action 'accept'
set firewall name WAN_IN rule 40 description 'Allow SIP'
set firewall name WAN_IN rule 40 destination address '10.22.87.7'
set firewall name WAN_IN rule 40 destination port '5060,10000-20000'
set firewall name WAN_IN rule 40 protocol 'udp'
set firewall name WAN_IN rule 40 source group address-group 'trusted-sip'
set firewall name WAN_IN rule 50 action 'accept'
set firewall name WAN_IN rule 50 description 'Allow My Parents LAN IPSec'
set firewall name WAN_IN rule 50 source address '192.168.0.0/24'
set firewall name WAN_IN rule 60 action 'accept'
set firewall name WAN_IN rule 60 description 'Allow Home Assistant'
set firewall name WAN_IN rule 60 destination address '10.22.87.143'
set firewall name WAN_IN rule 60 destination port '8123'
set firewall name WAN_IN rule 60 protocol 'tcp'
set firewall name WAN_IN rule 70 action 'accept'
set firewall name WAN_IN rule 70 description 'Allow Plex Nvidia Shield'
set firewall name WAN_IN rule 70 destination address '10.22.87.115'
set firewall name WAN_IN rule 70 destination port '32400'
set firewall name WAN_IN rule 70 protocol 'tcp'
set firewall name WAN_LOCAL default-action 'drop'
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action 'accept'
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established 'enable'
set firewall name WAN_LOCAL rule 10 state related 'enable'
set firewall name WAN_LOCAL rule 20 action 'drop'
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid 'enable'
set firewall name WAN_LOCAL rule 21 action 'drop'
set firewall name WAN_LOCAL rule 21 description 'Allow limited SSH Attempts'
set firewall name WAN_LOCAL rule 21 destination port '22'
set firewall name WAN_LOCAL rule 21 log 'disable'
set firewall name WAN_LOCAL rule 21 protocol 'tcp'
set firewall name WAN_LOCAL rule 21 recent count '4'
set firewall name WAN_LOCAL rule 21 recent time '60'
set firewall name WAN_LOCAL rule 21 state new 'enable'
set firewall name WAN_LOCAL rule 22 action 'accept'
set firewall name WAN_LOCAL rule 22 description 'Allow New SSH Attemtps'
set firewall name WAN_LOCAL rule 22 destination port '22'
set firewall name WAN_LOCAL rule 22 protocol 'tcp'
set firewall name WAN_LOCAL rule 22 state new 'enable'
set firewall name WAN_LOCAL rule 30 action 'accept'
set firewall name WAN_LOCAL rule 30 description 'Allow ISAKMP'
set firewall name WAN_LOCAL rule 30 destination port '500'
set firewall name WAN_LOCAL rule 30 protocol 'udp'
set firewall name WAN_LOCAL rule 31 action 'accept'
set firewall name WAN_LOCAL rule 31 description 'Allow ESP'
set firewall name WAN_LOCAL rule 31 protocol 'esp'
set firewall name WAN_LOCAL rule 32 action 'accept'
set firewall name WAN_LOCAL rule 32 destination port '4500'
set firewall name WAN_LOCAL rule 32 protocol 'udp'
set firewall name WAN_LOCAL rule 33 action 'accept'
set firewall name WAN_LOCAL rule 33 destination port '1701'
set firewall name WAN_LOCAL rule 33 ipsec match-ipsec
set firewall name WAN_LOCAL rule 33 protocol 'udp'
set firewall name WAN_LOCAL rule 40 action 'accept'
set firewall name WAN_LOCAL rule 40 protocol 'all'
set firewall name WAN_LOCAL rule 40 source address '
**'
set firewall name WAN_LOCAL rule 43 action 'accept'
set firewall name WAN_LOCAL rule 50 action 'accept'
set firewall name WAN_LOCAL rule 50 destination port 'openvpn'
set firewall name WAN_LOCAL rule 50 protocol 'udp'
set firewall name WAN_LOCAL rule 60 action 'accept'
set firewall name WAN_LOCAL rule 60 protocol 'all'
set firewall name WAN_LOCAL rule 60 source address '*.*.*.*'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 address 'dhcpv6'
set interfaces ethernet eth0 description 'Internet'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 firewall in name 'WAN_IN'
set interfaces ethernet eth0 firewall local name 'WAN_LOCAL'
set interfaces ethernet eth0 hw-id '
**'
set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth0 traffic-policy out 'wanshaper'
set interfaces ethernet eth1 address '10.22.87.1/24'
set interfaces ethernet eth1 description 'Lan'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '**'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 address '192.168.2.1/24'
set interfaces ethernet eth2 description 'IOT'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 firewall in name 'IOT_IN'
set interfaces ethernet eth2 hw-id '*'
set interfaces ethernet eth2 speed 'auto'
set interfaces loopback lo
set nat destination rule 10 description 'Port Forward: Plex and Download Station to 10.22.87.14'
set nat destination rule 10 destination port '5000,16881,9025-9040,8080'
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address '10.22.87.14'
set nat destination rule 11 description 'Port Forward: OpenVPN to 10.22.87.19'
set nat destination rule 11 destination port '1194'
set nat destination rule 11 inbound-interface 'eth0'
set nat destination rule 11 protocol 'udp'
set nat destination rule 11 translation address '10.22.87.19'
set nat destination rule 12 description 'Port Forward: SIP and RTP to FreePBX'
set nat destination rule 12 destination port '5060,10000-20000'
set nat destination rule 12 inbound-interface 'eth0'
set nat destination rule 12 protocol 'udp'
set nat destination rule 12 translation address '10.22.87.7'
set nat destination rule 13 description 'Port Forward Home Assistant'
set nat destination rule 13 destination port '8123'
set nat destination rule 13 inbound-interface 'eth0'
set nat destination rule 13 protocol 'tcp'
set nat destination rule 13 translation address '10.22.87.143'
set nat destination rule 14 description 'NAT Reflection: Xpenology Inside'
set nat destination rule 14 destination port '5000'
set nat destination rule 14 inbound-interface 'eth1'
set nat destination rule 14 protocol 'tcp'
set nat destination rule 14 translation address '10.22.87.14'
set nat destination rule 15 description 'Plex Nvidia Shield'
set nat destination rule 15 destination port '32400'
set nat destination rule 15 inbound-interface 'eth0'
set nat destination rule 15 protocol 'tcp'
set nat destination rule 15 translation address '10.22.87.115'
set nat source rule 10 destination address '192.168.0.0/24'
set nat source rule 10 exclude
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.22.87.0/24'
set nat source rule 110 outbound-interface 'eth0'
set nat source rule 110 source address '10.80.1.0/24'
set nat source rule 110 translation address 'masquerade'
set nat source rule 120 destination address '10.22.87.0/24'
set nat source rule 120 outbound-interface 'eth1'
set nat source rule 120 protocol 'tcp'
set nat source rule 120 source address '10.22.87.0/24'
set nat source rule 120 translation address 'masquerade'
set nat source rule 5010 outbound-interface 'eth0'
set nat source rule 5010 translation address 'masquerade'
set protocols static route 172.17.0.0/16 next-hop 10.22.87.14 distance '1'
set service dns dynamic interface eth0 service afraid host-name '
*'
set service dns dynamic interface eth0 service afraid login '
'
set service dns dynamic interface eth0 service afraid password '
'
set service https virtual-host vhost0 listen-address '10.22.87.1'
set service lldp interface all
set service lldp interface eth1
set service lldp legacy-protocols cdp
set service lldp management-address '10.22.87.1'
set service lldp snmp enable
set service router-advert interface eth1 prefix ::/64 valid-lifetime '2592000'
set service snmp community
** authorization 'rw'
set service snmp community
* network '10.22.87.0/24'
set service snmp contact '*'
set service snmp location '
*'
set service snmp trap-target 10.22.87.8
set service snmp trap-target 10.22.87.15 community '
'
set service ssh ciphers 'aes256-ctr'
set service ssh ciphers 'aes128-ctr'
set service ssh ciphers 'aes256-gcm@openssh.com'
set service ssh ciphers 'aes128-gcm@openssh.com'
set service ssh key-exchange 'diffie-hellman-group14-sha256'
set service ssh key-exchange 'diffie-hellman-group16-sha512'
set service ssh key-exchange 'diffie-hellman-group18-sha512'
set service ssh key-exchange 'diffie-hellman-group-exchange-sha256'
set service ssh port '22'
set system config-management commit-revisions '20'
set system host-name 'vyos'
set system login user mlaney authentication encrypted-password '
**'
set system login user mlaney authentication plaintext-password ''
set system login user mlaney full-name 'Me'
set system name-server '1.1.1.1'
set system name-servers-dhcp 'eth0'
set system ntp allow-clients address '10.22.87.0/24'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'America/New_York'
set traffic-policy shaper lanshaper bandwidth '230mbit'
set traffic-policy shaper lanshaper class 2 bandwidth '30%'
set traffic-policy shaper lanshaper class 2 burst '2kb'
set traffic-policy shaper lanshaper class 2 ceiling '100%'
set traffic-policy shaper lanshaper class 2 description 'syn ack bufferbloat'
set traffic-policy shaper lanshaper class 2 match tiny4 ip tcp ack
set traffic-policy shaper lanshaper class 2 match tiny4 ip tcp syn
set traffic-policy shaper lanshaper class 2 match tiny6 ipv6 tcp ack
set traffic-policy shaper lanshaper class 2 match tiny6 ipv6 tcp syn
set traffic-policy shaper lanshaper class 2 queue-type 'fq-codel'
set traffic-policy shaper lanshaper class 10 bandwidth '15%'
set traffic-policy shaper lanshaper class 10 burst '2kb'
set traffic-policy shaper lanshaper class 10 ceiling '100%'
set traffic-policy shaper lanshaper class 10 description 'voip rtp traffic'
set traffic-policy shaper lanshaper class 10 match voip-rtp ip dscp '46'
set traffic-policy shaper lanshaper class 10 queue-type 'fq-codel'
set traffic-policy shaper lanshaper class 20 bandwidth '5%'
set traffic-policy shaper lanshaper class 20 burst '2kb'
set traffic-policy shaper lanshaper class 20 ceiling '100%'
set traffic-policy shaper lanshaper class 20 description 'voip sip traffic'
set traffic-policy shaper lanshaper class 20 match voip-sip ip dscp '24'
set traffic-policy shaper lanshaper class 20 queue-type 'fq-codel'
set traffic-policy shaper lanshaper default bandwidth '50%'
set traffic-policy shaper lanshaper default burst '2kb'
set traffic-policy shaper lanshaper default ceiling '100%'
set traffic-policy shaper lanshaper default queue-type 'fq-codel'
set traffic-policy shaper lanshaper description 'lan output policy'
set traffic-policy shaper wanshaper bandwidth '12mbit'
set traffic-policy shaper wanshaper class 2 bandwidth '30%'
set traffic-policy shaper wanshaper class 2 burst '2kb'
set traffic-policy shaper wanshaper class 2 ceiling '100%'
set traffic-policy shaper wanshaper class 2 description 'syn ack bufferbloat'
set traffic-policy shaper wanshaper class 2 match tiny4 ip tcp ack
set traffic-policy shaper wanshaper class 2 match tiny4 ip tcp syn
set traffic-policy shaper wanshaper class 2 match tiny6 ipv6 tcp ack
set traffic-policy shaper wanshaper class 2 match tiny6 ipv6 tcp syn
set traffic-policy shaper wanshaper class 2 queue-type 'fq-codel'
set traffic-policy shaper wanshaper class 10 bandwidth '15%'
set traffic-policy shaper wanshaper class 10 burst '2kb'
set traffic-policy shaper wanshaper class 10 ceiling '100%'
set traffic-policy shaper wanshaper class 10 description 'voip rtp traffic'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling1 ip destination address '166.216.153.132/32'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling2 ip destination address '166.216.150.131/32'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling3 ip destination address '107.225.52.51/32'
set traffic-policy shaper wanshaper class 10 match workvpn3 ip destination address '**'
set traffic-policy shaper wanshaper class 10 match workvpn1 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match work1 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match vnet01 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match vnet02 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match voip-rtp ip dscp '46'
set traffic-policy shaper wanshaper class 10 queue-type 'fq-codel'
set traffic-policy shaper wanshaper class 20 bandwidth '5%'
set traffic-policy shaper wanshaper class 20 burst '2kb'
set traffic-policy shaper wanshaper class 20 ceiling '100%'
set traffic-policy shaper wanshaper class 20 description 'voip sip traffic'
set traffic-policy shaper wanshaper class 20 match voip-sip ip dscp '24'
set traffic-policy shaper wanshaper class 20 queue-type 'fq-codel'
set traffic-policy shaper wanshaper default bandwidth '50%'
set traffic-policy shaper wanshaper default burst '2kb'
set traffic-policy shaper wanshaper default ceiling '100%'
set traffic-policy shaper wanshaper default queue-type 'fq-codel'
set traffic-policy shaper wanshaper description 'wan output policy'
set vpn ipsec esp-group home-esp compression 'disable'
set vpn ipsec esp-group home-esp lifetime '3600'
set vpn ipsec esp-group home-esp mode 'tunnel'
set vpn ipsec esp-group home-esp pfs 'enable'
set vpn ipsec esp-group home-esp proposal 1 encryption 'aes256'
set vpn ipsec esp-group home-esp proposal 1 hash 'sha256'
set vpn ipsec ike-group home-ike close-action 'none'
set vpn ipsec ike-group home-ike dead-peer-detection action 'hold'
set vpn ipsec ike-group home-ike dead-peer-detection interval '120'
set vpn ipsec ike-group home-ike dead-peer-detection timeout '120'
set vpn ipsec ike-group home-ike ikev2-reauth 'no'
set vpn ipsec ike-group home-ike key-exchange 'ikev2'
set vpn ipsec ike-group home-ike lifetime '3600'
set vpn ipsec ike-group home-ike proposal 1 dh-group '21'
set vpn ipsec ike-group home-ike proposal 1 encryption 'aes256'
set vpn ipsec ike-group home-ike proposal 1 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec site-to-site peer *.*.*.* authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer *.*.*.* authentication pre-shared-secret 'mysupersecretpasswored'
set vpn ipsec site-to-site peer *.*.*.* connection-type 'initiate'
set vpn ipsec site-to-site peer *.*.*.* ike-group 'home-ike'
set vpn ipsec site-to-site peer *.*.*.* ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer *.*.*.* local-address '***'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 allow-public-networks 'disable'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 esp-group 'home-esp'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 local prefix '10.22.87.0/24'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 remote prefix '192.168.0.0/24'

Wed, Dec 2, 1:28 PM · VyOS 1.3 Equuleus
Dmitry changed the status of T3104: LLDP Traceback error from Open to Confirmed.

Ok, with cisco device and added vif 1 I can reproduce this issue

vyos@vyos# run show lldp neighbors 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/lldp_op.py", line 121, in <module>
    config_text = tmpl.render(parse_data(neighbors))
  File "/usr/libexec/vyos/op_mode/lldp_op.py", line 50, in parse_data
    for local_if, values in data.items():
AttributeError: 'list' object has no attribute 'items'
Wed, Dec 2, 1:22 PM · VyOS 1.3 Equuleus
Dmitry added a comment to T3104: LLDP Traceback error.

I still can't reproduce this issue.

vyos@vyos:~$ show configuration commands | match lldp
set service lldp interface eth1
set service lldp legacy-protocols cdp
set service lldp management-address '192.168.255.31'
set service lldp snmp enable
vyos@vyos:~$ show lldp neighbors 
Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
                  D - Docsis, T - Telephone, O - Other
Wed, Dec 2, 12:54 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

It looks like the issue is CDP. If I remove the CDP piece of the config then it works.

Wed, Dec 2, 12:53 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

I just upgraded to the absolute latest rolling release that came out early this morning and it has the same issue.

Wed, Dec 2, 12:49 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3106: 802.11ax support.

As far as I know, you only need to work in the vyos-1x code base

Wed, Dec 2, 12:43 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

I just tried the show lldp neighbors again and it doesn't work but sudo lldpcli show neighbors works

Wed, Dec 2, 12:34 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

mlaney@vyos:~$ sudo lldpcli show neighbors

LLDP neighbors:

Interface: eth1, via: CDPv2, RID: 1, Time: 0 day, 08:19:01

Chassis:     
  ChassisID:    local Cisco-Sw1.local
  SysName:      Cisco-Sw1.local
  SysDescr:     cisco WS-C2960S-48LPS-L running on
                Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(2)E9, RELEASE SOFTWARE (fc4)
                Technical Support: http://www.cisco.com/techsupport
                Copyright (c) 1986-2018 by Cisco Systems, Inc.
                Compiled Sat 08-Sep-18 14:56 by prod_rel_team
  MgmtIP:       10.22.87.254
  Capability:   Bridge, on
Port:        
  PortID:       ifname GigabitEthernet1/0/9
  PortDescr:    GigabitEthernet1/0/9
  TTL:          180

Interface: eth1, via: CDPv2, RID: 1, Time: 0 day, 08:18:47

Chassis:     
  ChassisID:    local Cisco-Sw1.local
  SysName:      Cisco-Sw1.local
  SysDescr:     cisco WS-C2960S-48LPS-L running on
                Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(2)E9, RELEASE SOFTWARE (fc4)
                Technical Support: http://www.cisco.com/techsupport
                Copyright (c) 1986-2018 by Cisco Systems, Inc.
                Compiled Sat 08-Sep-18 14:56 by prod_rel_team
Wed, Dec 2, 12:33 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

Here is my lldp config. ETH0 is WAN ETH1 is lan that is why only eth1 has lldp enabled.

Wed, Dec 2, 12:31 PM · VyOS 1.3 Equuleus
akvadrako created T3106: 802.11ax support.
Wed, Dec 2, 12:31 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3105: static-host-mapping writing in one line.

maybe it happened after that commit https://github.com/vyos/vyos-1x/commit/c87ad948999c28c3c9449f98d60b545481ea29d5
because it was work in VyOS 1.3-rolling-202011250217

Wed, Dec 2, 11:30 AM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3105: static-host-mapping writing in one line.
Wed, Dec 2, 10:20 AM · VyOS 1.3 Equuleus
Viacheslav created T3105: static-host-mapping writing in one line.
Wed, Dec 2, 10:18 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T973: Create Prometheus Exporter for VyOS .

Hi, guys, I found an interesting script in frrouter's github repo. In fact, this is purely because someone wrote a script and submitted the following bug report:

Wed, Dec 2, 9:48 AM · VyOS 1.3 Equuleus
Dmitry added a comment to T3104: LLDP Traceback error.

@thadrumr please provide your lldp configuration. show configuration commands | match lldp
I can't reproduce this issue in lab with the latest rolling. Provide please detailed reproducing steps, also will be helpful to get an output

sudo lldpcli show neighbors
Wed, Dec 2, 7:20 AM · VyOS 1.3 Equuleus