Page MenuHomePhabricator

VyOS-1.2.0-GAGoal
ActivePublic

Members

  • This project does not have any members.

Details

Description

Crux Release

Recent Activity

Thu, Feb 14

hagbard claimed T258: Can not configure wan load-balancing on vyos-1.2.
Thu, Feb 14, 5:51 PM · VyOS 1.2 Crux (VyOS 1.2.1)

Wed, Feb 13

zsdc added a comment to T258: Can not configure wan load-balancing on vyos-1.2.

Need to reopen this task.
Version: 1.2.0-LTS.
Running configuration:

vyos@test-01# show 
 interfaces {
     ethernet eth0 {
         address 192.168.55.18/30
         duplex auto
         hw-id 08:00:27:95:bb:f6
         smp-affinity auto
         speed auto
     }
     ethernet eth1 {
         address 192.168.56.3/24
         duplex auto
         hw-id 08:00:27:8e:d6:fb
         smp-affinity auto
         speed auto
     }
     ethernet eth2 {
         duplex auto
         hw-id 08:00:27:8c:27:04
         smp-affinity auto
         speed auto
     }
     loopback lo {
     }
 }
 service {
     ssh {
     }
 }
 system {
     config-management {
         commit-revisions 100
     }
     console {
         device ttyS0 {
             speed 9600
         }
     }
     host-name test-01
     login {
         user vyos {
             authentication {
                 encrypted-password $6$7X4XbQJ2xVMZ8$NmISPmyC1f88cIfcKig01pkjePNTVeeWwULrHgich6wB0A1TH/b31Jywpsde8Mv4/B8Qa5CxFM.rlXmfOQT0Z0
                 plaintext-password ""
             }
             level admin
         }
     }
     name-server 1.1.1.1
     ntp {
         server 0.pool.ntp.org {
         }
         server 1.pool.ntp.org {
         }
         server 2.pool.ntp.org {
         }
     }
     syslog {
         global {
             facility all {
                 level info
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone UTC
 }
Wed, Feb 13, 6:02 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t Please test the latest rolling which has openvpn2.4 installed.

Wed, Feb 13, 4:20 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Mon, Feb 11

yun added a comment to T1001: show config commands - breaks when using backslashes in values.

Just to add extra info to this ticket, I had a openvpn-option that i wanted to add but it contained a single quote. I was not able to do this (in version 1.8.x this worked).

Mon, Feb 11, 12:32 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc10)
yun added a comment to T894: DHCP not renewed after switching network.

I was not able to test sooner. But i confirmed it works properly with rolling release vyos-1.2.0-rolling+201902060337-amd64.

Mon, Feb 11, 12:20 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)

Fri, Feb 8

c-po changed the status of T171: Unable to delete a firewall fule from Open to Needs testing.
Fri, Feb 8, 6:37 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
c-po added a comment to T171: Unable to delete a firewall fule.

Handled in/with T484, hopefully

Fri, Feb 8, 6:36 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
c-po reopened T171: Unable to delete a firewall fule as Open by committing Restricted Diffusion Commit.
Fri, Feb 8, 6:27 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
syncer closed T739: flow-accounting stops as Resolved.
Fri, Feb 8, 12:07 AM · VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA, pmacct
syncer edited projects for T739: flow-accounting stops, added: VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA); removed VyOS 1.2 Crux (VyOS 1.2.0-EPA3).
Fri, Feb 8, 12:06 AM · VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA, pmacct
syncer changed the status of T685: Python environment lacks definition of vyos_libexec_dir when calling os.system(), a subtask of T652: Rewrite service snmp in new style XML interface definition, from Open to In progress.
Fri, Feb 8, 12:03 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Thu, Feb 7

hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t Can you please test?

Thu, Feb 7, 11:46 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
syncer closed T961: Does not seem to work with 4 port XL710 Intel NIC's. I believe needs drivers as Resolved.
Thu, Feb 7, 11:29 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
syncer edited projects for T961: Does not seem to work with 4 port XL710 Intel NIC's. I believe needs drivers, added: VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA; removed VyOS 1.2 Crux (VyOS 1.2.0-EPA3).
Thu, Feb 7, 11:29 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
syncer moved T977: Permission denied error when performing config rollback on a machine upgraded from VyOS 1.1.x from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-GA) board.
Thu, Feb 7, 11:26 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA
syncer edited projects for T977: Permission denied error when performing config rollback on a machine upgraded from VyOS 1.1.x, added: VyOS 1.2 Crux (VyOS 1.2.0-GA); removed VyOS 1.2 Crux (VyOS 1.2.0-EPA3).
Thu, Feb 7, 11:26 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA
syncer moved T977: Permission denied error when performing config rollback on a machine upgraded from VyOS 1.1.x from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-EPA3) board.
Thu, Feb 7, 11:26 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA
syncer closed T977: Permission denied error when performing config rollback on a machine upgraded from VyOS 1.1.x as Resolved.
Thu, Feb 7, 11:26 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA
syncer edited projects for T1169: LLDP potentially broken, added: VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux (VyOS 1.2.0-GA).
Thu, Feb 7, 11:20 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Tue, Feb 5

syncer closed T567: support for Nutanix AHV as Resolved.
Tue, Feb 5, 2:31 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA), Nutanix
syncer closed T1077: show: vpn ike sa & vpn debug don't show all tunnels setup as Resolved.
Tue, Feb 5, 2:26 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA
syncer closed T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups as Resolved.
Tue, Feb 5, 2:14 PM · VyOS 1.2 Crux (VyOS 1.2.2)
syncer edited projects for T1051: Update openvpn to support TLS 1.2, added: VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux (VyOS 1.2.0-GA).
Tue, Feb 5, 2:13 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Mon, Feb 4

rps added a comment to T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups.

My fault for not having the time to test this as one of the users who has a need for RFC compliant VRRP. The use of + for interface matching is less than ideal but if we do so we should take care to recommend that use of 802.1Q VLAN sub-interfaces not make use of the parent (untagged) interface else traffic matching will not be obvious.

Mon, Feb 4, 8:35 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Sat, Feb 2

dsummers added a comment to T1051: Update openvpn to support TLS 1.2.

Does this mean it can now listen on "outer" transport IPv6 addresses now that it is using 2.4.0 (even if it is just a special "option" and not yet in the VyOS CLI?

Sat, Feb 2, 5:54 AM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Fri, Feb 1

dmbaturin added a comment to T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups.

@jmlccdmd Ok, I'll re-test with in/out then.

Fri, Feb 1, 2:13 AM · VyOS 1.2 Crux (VyOS 1.2.2)

Thu, Jan 31

hagbard changed the status of T1051: Update openvpn to support TLS 1.2 from Open to Needs testing.

@thinkl33t Would you mind testing your use case with https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201901312041-amd64.iso or later? This iso is using the bpo package of openvpn (2.4.0).

Thu, Jan 31, 8:14 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t http://dev.packages.vyos.net/repositories/current/vyos/pool/main/o/openvpn/openvpn_2.4.0-6+deb9u1~bpo8+1_amd64.deb

Thu, Jan 31, 7:41 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Wed, Jan 30

hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@c-po imported and test against latest rolling, I couldn't find any issue with 2.4.
Can you please set it up in ci? I'll take it from there once set up.

Wed, Jan 30, 8:15 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@c-po it only affects clients which enforce tls 1.0 or 1.1, at least what I have tested. The perl code needs quite some rework, so I think I split the task into getting a newer release of openvpn into the build. Newer versions have tls 1.0 and 1.1 disabled per default from what I have read, so I think it might be more a changelog announcement that with the new version only tls 1.2 is automatically supported and you have the option to enable weak ciphers via opt .... or so. I'm not too sure yet, I think I have to wait a little on the response once the newer version is in rolling and the feedback I receive.

Wed, Jan 30, 6:06 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
jmlccdmd added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

I confirm that in yesterday's rolling image, the problem is corrected.

Wed, Jan 30, 2:18 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
jmlccdmd reopened T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups as "Open".

I reopen this bug.

Wed, Jan 30, 1:24 PM · VyOS 1.2 Crux (VyOS 1.2.2)
c-po added a comment to T1051: Update openvpn to support TLS 1.2.

Sounds more reasonable (enable than disable). Will this affect backwards compatibility or will there be a migrator?

Wed, Jan 30, 5:18 AM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Tue, Jan 29

hagbard added a comment to T1051: Update openvpn to support TLS 1.2.
In T1051#27092, @c-po wrote:

set interfaces openvpn vtun0 disable-weak-tls-ciphers

Tue, Jan 29, 6:32 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
jmlccdmd changed the status of T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups from Resolved to Wontfix.

On my systems, the problem persist with today's rolling release.

Tue, Jan 29, 5:21 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Mon, Jan 28

bmtauer added a comment to T1157: Static route not reachable through VRRP address.

Unfortunately I still see the problem when the blackhole routes are set with a distance of 240 and the 0.0.0.0 route is distance 1.

Mon, Jan 28, 8:40 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@syncer Currently we ship in the iso openvpn from, we could use it from bpo which would be 2.4 (2.6 is the latest), or we replace it with a self-compiled 2.6, or do you just want cpo's solution implemented?

Mon, Jan 28, 4:48 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Sun, Jan 27

syncer closed T1043: Creating VXLAN missing commit validation for group + link as Resolved.
Sun, Jan 27, 5:44 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-EPA3)
syncer closed T1074: Update lldp to version 1.0.2 as Resolved.
Sun, Jan 27, 5:42 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-EPA3)
syncer added a comment to T1051: Update openvpn to support TLS 1.2.

@hagbard can you please bump version of openvpn

Sun, Jan 27, 5:41 AM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
syncer assigned T1051: Update openvpn to support TLS 1.2 to hagbard.
Sun, Jan 27, 5:41 AM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
syncer closed T1172: vyatta_update_sysctl.pl does not support options that have multiple values as Resolved.
Sun, Jan 27, 4:17 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
syncer edited projects for T1172: vyatta_update_sysctl.pl does not support options that have multiple values, added: VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA; removed VyOS 1.2 Crux (VyOS 1.2.0-EPA3).
Sun, Jan 27, 4:17 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
syncer moved T1177: Unable to modify or delete task-scheduler tasks from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-GA) board.
Sun, Jan 27, 4:14 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
syncer edited projects for T1177: Unable to modify or delete task-scheduler tasks, added: VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA; removed VyOS 1.2 Crux.
Sun, Jan 27, 4:14 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
syncer moved T1191: Ethernet interface with dhcp does not re-enable correctly after disable. from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-GA) board.
Sun, Jan 27, 4:13 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
syncer edited projects for T1191: Ethernet interface with dhcp does not re-enable correctly after disable., added: VyOS 1.2 Crux (VyOS 1.2.0-GA), VyOS-1.2.0-GA; removed VyOS 1.2 Crux.
Sun, Jan 27, 4:13 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
dmbaturin changed the status of T1198: Extra hyphen in suggested image name on upgrade from Open to On hold.

Since this is a trivial cosmetic issue, we are about to freeze 1.2.0, and the installer is due for a rework in 1.3.0, I'm going to ignore this for now.

Sun, Jan 27, 12:59 AM · VyOS 1.3 Equuleus
syncer assigned T1198: Extra hyphen in suggested image name on upgrade to dmbaturin.
Sun, Jan 27, 12:42 AM · VyOS 1.3 Equuleus
syncer moved T1186: Setup DMVPN cannot work from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-GA) board.
Sun, Jan 27, 12:28 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)