This PR changes the syntax of the trailing version string of the config file (cf. above), as represented during config migration, and the parsing by which configtree splits the config file into the config section proper and the version string.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Feb 19 2020
We could indeed create the VRF as we parse interfaces, and auto-allocate the VRF number, removing this control from the user.
Why do we need to explicitly create the routing table? why not name the routing table entry like the VRFs name? We should try to keep the CLI as minimal as possible. More CLI nodes, more headache.
I have just pinned the VyOS 1.3-rolling branch to the official FRR 7.3 release (https://github.com/vyos/vyos-build-frr/commit/076de23ed1d951aafd48d59f6f7ea410288b5991 - which contains your fix).
A new ISO image will be available shortly (it must be more recent then vyos-1.3-rolling-202002190217-amd64.iso. Please give it a try.
I have tested vyos 1.3-rolling-202002130217 (FRR version 7.4-dev-20200118-04-g9e1ecdbaa-0), it failed.
I tested ubuntu with frr master brnach(60092db3fdead2a72e9368aaaa1e789c741c7ce8) and dev/7.3 (df80bf16869314ec9455fb7e4db63dcf1fdba2c2). It worked.
I tested ubuntu with frr 9e1ecdbaa, It failed.
Feb 18 2020
should for multiple routing tables:
https://andir.github.io/posts/linux-ip-vrf/
http://www.allgoodbits.org/articles/view/24
https://patchwork.ozlabs.org/patch/546171/
firewall { all-ping enable broadcast-ping disable config-trap disable group { network-group Private_IPs { network 10.0.0.0/8 network 127.0.0.0/8 network 172.16.0.0/12 network 192.168.0.0/16 network 168.254.0.0/16 network 169.254.0.0/16 network 192.0.2.0/24 network 224.0.0.0/4 network 240.0.0.0/4 } port-group NetBIOS_TCP { port 135-139 port 445 } port-group NetBIOS_UDP { port 137-138 } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name accept_all { default-action accept } name private_to_public { default-action accept rule 9 { action accept description "Allow admin of Vigor 130" destination { address 192.168.5.2 port 443 } protocol tcp source { address 192.168.3.100 } } rule 10 { action drop description "Stop Local Addresses traversing the WEB" destination { group { network-group Private_IPs } } } rule 20 { action drop description "Block NetBIOS from LAN to WEB" destination { group { port-group NetBIOS_TCP } } protocol tcp } rule 21 { action drop description "Block NetBIOS from LAN to WEB" destination { group { port-group NetBIOS_UDP } } protocol udp } } receive-redirects disable send-redirects enable source-validation disable state-policy { established { action accept } related { action accept } } syn-cookies enable twa-hazards-protection disable } interfaces { ethernet eth0 { address 192.168.3.1/24 duplex auto hw-id 4c:02:89:12:16:ce smp-affinity auto speed auto } ethernet eth1 { address 192.168.1.1/24 duplex auto hw-id 4c:02:89:12:16:cf smp-affinity auto speed auto } ethernet eth2 { address 192.168.4.1/24 duplex auto hw-id 4c:02:89:12:16:d0 smp-affinity auto speed auto } ethernet eth3 { address 192.168.5.1/24 duplex auto hw-id 4c:02:89:12:16:d1 mtu 1508 pppoe 0 { default-route auto mtu 1500 name-server none password ******** user-id [email protected] } smp-affinity auto speed auto } loopback lo { } } nat { source { rule 10 { outbound-interface pppoe0 translation { address masquerade } } } } service { dhcp-server { shared-network-name ETH0_Pool { subnet 192.168.3.0/24 { default-router 192.168.3.1 dns-server 192.168.3.1 lease 86400 range 0 { start 192.168.3.100 stop 192.168.3.199 } static-mapping NB0001 { ip-address 192.168.3.100 mac-address EC:F4:BB:****** } } } shared-network-name ETH1_Pool { subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 192.168.1.1 lease 86400 range 0 { start 192.168.1.100 stop 192.168.1.199 } static-mapping SamsungTV { ip-address 192.168.1.103 mac-address cc:b1:1a:****** } } } shared-network-name ETH2_Pool { subnet 192.168.4.0/24 { default-router 192.168.4.1 dns-server 192.168.4.1 lease 86400 range 0 { start 192.168.4.100 stop 192.168.4.199 } } } } dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 150 listen-address 192.168.1.1 listen-address 192.168.3.1 listen-address 192.168.4.1 name-server 194.72.6.51 name-server 194.74.65.69 } } ssh { listen-address 192.168.3.1 port 22 } } system { config-management { commit-revisions 20 } conntrack { expect-table-size 2048 hash-size 32768 modules { sip { disable } } table-size 262144 } console { device ttyS0 { speed 9600 } } host-name home-r1 login { user stevep { authentication { encrypted-password ******************************************** plaintext-password "" } full-name "Steve Palmer" } user vyos { authentication { encrypted-password ********************************************** plaintext-password "" } } } name-server 8.8.8.8 ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone Europe/London } zone-policy { zone local { default-action drop from private { firewall { name accept_all } } local-zone } zone public { default-action drop description "Public Zone" from private { firewall { name private_to_public } } interface pppoe0 interface eth3 } }
thanks for reporting this. As we always want to maintain config upgrade compatibility could you please share your full config with me so I can reproduce it?
I'd love for this feature to get back into VyOS. I am available for testing if needed.
Feb 17 2020
Feb 16 2020
As in rolling the OpenVPN is rewritten to XML/Python the backport is not easily possible, it must be completely reimplemented in the old Perl code thus we should encourage users to migrate to 1.3 rolling to get better testing.
Closing as no response and can not reproduce.
tested working on latest rolling. No BGP session reset occured.
Thanks for reporting this nasty issue. The fix is applied to rolling release starting with build: vyos-1.3-rolling-202002161021-amd64.iso
Feb 15 2020
There is a faulty delta check in interfaces-bonding.py leading to the fact that physical interfaces are not enslaved. As soon as they are enslaved all works (eth2 and eth3 in my case):
Feb 14 2020
initial patch released calling for a review / comments ( PR from github.com/thomas-mangin/vyos-1x T2028 branch) - show command not migrated yet.
Hello @dongjunbo what are the benefits of ocserv over the other VPN Solutions already in place?