| xPakrikx | |
| Sep 10 2022, 3:10 PM |
| F3190035: Screenshot from 2022-09-10 23-07-13.png | |
| Sep 14 2022, 12:47 AM |
When i updated vyos image from 202207220217 to 202209090217 i cannot longer edit my configuration. Always i get "Set failed" or "Delete failed" in configuration mode.
So i reinstalled vyos and i can do first edit and commit with no problem. But when i try edit after first commit i get same result "Set failed" or "Delete failed".
I use VyOS in VMs (vrrp configuration) and this problem is replicable on both VMs. When i boot back to 202207220217 i can edit my config again.
It seems you use some custom scripts for configuration
You have to use
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fibefore your configuration script
Nope, i use CLI for configuration and script for vrrp (wireguard interface enable/disable)
This is my config and scripts if its something wrong with configuration
#!/bin/vbash source /opt/vyatta/etc/functions/script-template configure delete interfaces wireguard wg0 disable commit exit
#!/bin/vbash source /opt/vyatta/etc/functions/script-template configure set interfaces wireguard wg0 disable commit exit
firewall {
name lan-languest {
default-action accept
}
name lan-wan {
default-action accept
}
name languest-lan {
default-action drop
}
name languest-wan {
default-action accept
}
name wan-lan {
default-action drop
}
name wan-languest {
default-action drop
}
state-policy {
established {
action accept
}
invalid {
action drop
}
related {
action accept
}
}
}
high-availability {
vrrp {
group LAN {
address 10.10.10.1/24 {
}
advertise-interval 1
interface eth1
priority 110
vrid 10
}
group LAN-GUEST {
address 10.11.11.1/24 {
}
advertise-interval 1
interface eth2
priority 110
vrid 11
}
sync-group lan-group {
member LAN
member LAN-GUEST
transition-script {
backup /config/scripts/wg-down.sh
master /config/scripts/wg-up.sh
}
}
}
}
interfaces {
ethernet eth0 {
description WAN-PPPoE
}
ethernet eth1 {
address 10.10.10.253/24
description LAN
offload {
gro
gso
sg
tso
}
}
ethernet eth2 {
address 10.11.11.253/24
description LAN-GUEST
offload {
gro
gso
sg
tso
}
}
input ifb0 {
description "pppoe inbound interface"
traffic-policy {
out inbound
}
}
loopback lo {
}
pppoe pppoe0 {
authentication {
password xxxxxxxx
user xxxxxxxx
}
ip {
adjust-mss 1450
}
mtu 1492
no-peer-dns
source-interface eth0
}
wireguard wg0 {
address 10.5.5.2/24
address fd00:10:5:5::2/120
mtu 1300
peer domain.xyz {
address xxx.xxx.xxx.xxx
allowed-ips 0.0.0.0/0
persistent-keepalive 20
port 444
preshared-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
public-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
}
private-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
}
}
nat {
source {
rule 1 {
destination {
address 0.0.0.0/0
}
outbound-interface pppoe0
translation {
address masquerade
}
}
}
}
policy {
local-route {
rule 10 {
set {
table 10
}
source 10.10.10.130
}
}
}
protocols {
static {
route 10.20.20.0/24 {
next-hop 10.5.5.1 {
}
}
route 10.21.21.0/24 {
next-hop 10.5.5.1 {
}
}
route 10.30.30.0/24 {
next-hop 10.5.5.1 {
}
}
route 10.31.31.0/24 {
next-hop 10.5.5.1 {
}
}
table 10 {
route 0.0.0.0/0 {
next-hop 10.5.5.1 {
}
}
}
}
}
service {
dhcp-server {
failover {
name lan-dhcp
remote 10.10.10.254
source-address 10.10.10.253
status secondary
}
hostfile-update
shared-network-name lan {
domain-name lan
domain-search lan
subnet 10.10.10.0/24 {
default-router 10.10.10.1
description lan-subnet
enable-failover
name-server 10.10.10.254
name-server 10.10.10.253
ping-check
range pool01 {
start 10.10.10.210
stop 10.10.10.240
}
static-mapping XX1 {
ip-address 10.10.10.50
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX2 {
ip-address 10.10.10.101
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX3 {
ip-address 10.10.10.120
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX4 {
ip-address 10.10.10.51
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX5 {
ip-address 10.10.10.202
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX6 {
ip-address 10.10.10.20
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX7 {
ip-address 10.10.10.203
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX8 {
ip-address 10.10.10.201
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping XX9 {
ip-address 10.10.10.103
mac-address xx:xx:xx:xx:xx:xx
}
}
}
shared-network-name lan-guest {
ping-check
subnet 10.11.11.0/24 {
default-router 10.11.11.1
enable-failover
name-server 10.11.11.254
name-server 10.11.11.253
ping-check
range pool02 {
start 10.11.11.10
stop 10.11.11.240
}
}
}
}
dns {
forwarding {
allow-from 10.0.0.0/8
authoritative-domain lan {
records {
a XY1 {
address 10.10.10.30
}
a XY2 {
address 10.30.30.2
}
a XY3 {
address 10.10.10.50
}
a XY4 {
address 10.10.10.101
}
a XY5 {
address 10.20.20.150
}
a XY6 {
address 10.10.10.120
}
a XY7 {
address 10.10.10.100
}
a XY8 {
address 10.20.20.2
}
a XY9 {
address 10.20.20.3
}
a XY10 {
address 10.10.10.202
}
a XY11 {
address 10.20.20.5
}
a XY12 {
address 10.10.10.20
}
a XY13 {
address 10.20.20.1
}
a XY14 {
address 10.10.10.31
}
a XY15 {
address 10.30.30.1
}
a XY16 {
address 10.10.10.103
}
a XY17 {
address 10.10.10.1
}
a XY18 {
address 10.10.10.3
}
a XY19 {
address 10.10.10.2
}
a XY20 {
address 10.10.10.254
}
a XY21 {
address 10.10.10.253
}
a XY22 {
address 10.11.11.2
}
cname XZ1 {
target XY1
}
cname XZ2 {
target XY1
}
}
}
listen-address 10.10.10.253
listen-address 10.11.11.253
system
}
}
snmp {
community public {
authorization ro
}
location BA
}
ssh {
listen-address 10.10.10.253
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
domain-name lan
host-name yama02
login {
user admin {
authentication {
encrypted-password $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
}
}
}
name-server 193.17.47.1
name-server 185.43.135.1
name-server 1.1.1.1
name-server 8.8.8.8
ntp {
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
static-host-mapping {
host-name XA1 {
inet 10.10.10.3
}
host-name XA2 {
inet 10.10.10.254
}
host-name XA3 {
inet 10.10.10.253
}
host-name XA4 {
inet 10.11.11.2
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
time-zone Europe/Bratislava
}
traffic-policy {
shaper inbound {
bandwidth 750mbit
default {
bandwidth 100%
burst 15k
queue-type fq-codel
}
description SQM_inbound_rule
}
}
zone-policy {
zone LAN {
default-action drop
from LAN-GUEST {
firewall {
name languest-lan
}
}
from WAN {
firewall {
name wan-lan
}
}
interface eth1
interface wg0
}
zone LAN-GUEST {
default-action drop
from LAN {
firewall {
name lan-languest
}
}
from WAN {
firewall {
name wan-languest
}
}
interface eth2
}
zone WAN {
default-action drop
from LAN {
firewall {
name lan-wan
}
}
from LAN-GUEST {
firewall {
name languest-wan
}
}
interface pppoe0
}
}When i try edit config i get this.
admin@yama02# set interfaces pppoe pppoe0 description "telekom uplink" Set failed [edit] admin@yama02# ru show system image The system currently has the following image(s) installed: 1: 1.4-rolling-202209090217 (default boot) (running image) 2: 1.4-rolling-202207220217 3: 1.4-rolling-202206050217 [edit] admin@yama02#
Both firewalls are running as VMs (Proxmox configs)
agent: 1
balloon: 0
boot: order=scsi0;ide2
cores: 4
cpu: host,flags=+aes
cpuunits: 2048
description:
ide2: none,media=cdrom
memory: 2048
meta: creation-qemu=6.2.0,ctime=1650664693
name: yama02.lan
net0: virtio=72:4C:67:24:7B:5D,bridge=vmbr1
net1: virtio=22:7B:C3:07:71:77,bridge=vmbr0
net2: virtio=56:4C:38:1D:B3:23,bridge=vmbr0,tag=11
numa: 1
onboot: 1
ostype: l26
scsi0: local-lvm01:vm-253-disk-0,discard=on,iothread=1,size=4G
scsihw: virtio-scsi-single
serial0: socket
smbios1: uuid=a7b40860-d622-423b-8588-fa0e5081ff3a
sockets: 1{F3190031}
startup: up=20
vmgenid: 38024cea-e1fd-435f-bece-3b074cc59e03Also i have problem with VyOS 1.4 stability on SFF PC from Aliexpress (Proxmox VE VyOS as VM) with N6005 + 4x 2.5Gbit Intel NICs. After some time VyOS ends up in kernel panic. But other VMs runs just fine. I tried set CPU to kvm64 and disable offload settings, but nothing. Second VyOS is on AMD TR 1920x CPU and no kernel panics. (backups are also disabled for VyOSes). But this is second problem of course. (Screenshot from 2022-09-10 23-07-13.png)
(edit) Ok problem with kernel panic looks related to Proxmox kernel on Intel 11gen cpus
https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699/page-35#post-346943
As I mentioned above, use it before the configuration, it described in the doc
#!/bin/vbash
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi
source /opt/vyatta/etc/functions/script-template
configure
delete interfaces wireguard wg0 disable
commit
exit