SNMP community should stay. If it should be removed it can be handled via dedicates task
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Dec 6 2019
backported 20822ca3 to crux
Works as expected in VyOS 1.2-rolling and 1.3-rolling.
Hello @primoz , seems you right. left|rightnexthop deprecated in strongswan.
This parameter is usually not needed any more because the NETKEY IPsec stack does not require explicit routing entries for the traffic to be tunneled. If left|sourceip is used with IKEv1 then left|rightnexthop must still be set in order for the source routes to work properly.
And in CLI rolling l2tp implementation we need replace outside-nexthop to gw-ip-address.
I pick this up as I did the rewrite of this whole stuff
@Viacheslav thank you for testing!
I have tried multiple times to reproduce this with 1.2-rolling-201912060217 with no luck. It would be great if together with logs you will provide a detailed description of the environment. Because, possible that even CPU cores count or memory size can lead to some condition, in which dhclient-script cannot get proper values from config and add unwanted servers to the resolv.conf.
@zsdc Maybe Incorrect file location. "ddclient.pid"
Okay, so this problem just got a LOT more bizarre.
Dec 5 2019
The runtime errors are fixed by the above commit.
@kroy I can't really reproduce it if I disable the peer first when multiple peers are defined on the same wg interface.
Can you please do a touch /tmp/vyos.ifconfig.debug and then run your commands and post it here?
It will show you the commands execute for each step like:
vyos@wg01# set interfaces wireguard wg0 peer wg02 disable [edit] vyos@wg01# commit [ interfaces wireguard wg0 ] DEBUG/wg0 write '1420' > '/sys/class/net/wg0/mtu' DEBUG/wg0 write 'wg0' > '/sys/class/net/wg0/ifalias' DEBUG/wg0 cmd 'wg set wg0 peer G1aA2KkyFyC8xsCUeENvuIW8HC5yDxwi902nR20592Y= remove' DEBUG/wg0 cmd 'wg set wg0 listen-port 12345 fwmark 0 private-key /config/auth/wireguard/default/private.key peer hbwJSCu6SGUKIReNhWxlDIFRNCl5L7PaUSYOo2BF+Rg= preshared-key /dev/null allowed-ips 10.100.100.3/32 endpoint 10.1.1.203:12345 persistent-keepalive 0' DEBUG/wg0 cmd 'ip link set dev wg0 up'
looks like i had an old version, newer iso doesn't show that issue.
There have been some time since i've managed to work on this now, and in the mean-time the whole ethernet/bridge sertup have been rewritten into python, so i need to restart my work on this implementation , also the bridge membership part is moved around in the cli so information in this ticket is out-of-sync with the current implementation and needs to be rethinked
DEBUG/wg0 cmd 'ip link add dev wg0 type wireguard' DEBUG/wg0 cmd 'ip addr add "10.100.100.1/32" dev "wg0"' DEBUG/wg0 cmd 'ip addr add "2001:db8::1/128" dev "wg0"' DEBUG/wg0 write '1420' > '/sys/class/net/wg0/mtu' DEBUG/wg0 write 'wg0' > '/sys/class/net/wg0/ifalias' DEBUG/wg0 cmd 'wg set wg0 listen-port 12345 fwmark 0 private-key /config/auth/wireguard/default/private.key peer G1aA2KkyFyC8xsCUeENvuIW8HC5yDxwi902nR20592Y= preshared-key /dev/null allowed-ips 0.0.0.0/0,::/0 endpoint 10.1.1.201:12345 persistent-keepalive 0' DEBUG/wg0 cmd 'ip link set dev wg0 up' DEBUG/wg0 read 'unknown' < '/sys/class/net/wg0/operstate' DEBUG/wg0 read 'unknown' < '/sys/class/net/wg0/operstate' [...] Interface wg0 could not be brought up in time ...
What were the steps you used when you upated the pubkey?
When the config was gone, the processes still seemed to be running
Could you provide the log output in a case when DNS servers, received from DHCP appears in resolv.conf? As I understand, it should happen immediately after the boot.
Also, please, check if they are not deleting after the first DHCP lease renewal.
Just a quick note that this issue remains in 1.2.4-epa1
You can via https://github.com/vyos/vyos-1x/commit/dad110ce666edae42ac18c59a800bda503589f27, which just sets the completion help.
For T1845, yes it solves the issue with setting address:port _and_ moves protocol up from facility to host. Do you want me to revert and do 2 commits, which requires then 2 migrations, once for address:port and one to solve the logical issue with protocol. Right now you can set a different protocol for different facilities for the same host.
Wrong logic.
Need to return line 108 code
print (cmd.decode (). split (",", 1) [0])
Bug in latest rolling
Please reopen T1786 in case of further troubles.
I can't so I've reopened this one; I don't have permissions to do this :(
Wha cant the change which adds the completion helper be backported? Git best practice is you should group changes per commit. But in this commit you add the completion helper and also other regexes (BAD!)
I agree. If it works in a way that is consistent with what the command promises, let's use it.
Dec 4 2019
The fix suggested in the pull request did not resolve the issue as a consequence of T1847. With that issue resolved, we can consider this merge.
@christopher.crews07
In you example some mistake (2 times vif-s)
This bug is fixed in latest rolling releases 1.3.
Tested on
[email protected]# run show vers Version: VyOS 1.3-rolling-201912040242
Thanks