- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jul 14 2021
Thanks @jestabro this seems like a good place to start learning VyOS internals, will give it a go when I have some off time and submit a pull request.
@artooro This sounds reasonable, and I don't imagine a problem, though I have yet to try it; if you would like to submit a pull request with fix, I will review.
Jul 13 2021
Most likely related to T3505
This error occurs because the ipsec module blindly updates the l2tp module after a commit change to ensure any l2tp via ipsec config is then refreshed also.
Workaround for missing DHCP default route:
Parent task: https://phabricator.vyos.net/T2816
Other instances:
More details https://github.com/vyos/vyatta-webproxy/pull/17
Jul 12 2021
PR submitted: https://github.com/vyos/vyos-1x/pull/917
trystan@vyeos# commit [ service webproxy ] Restarting squid (via systemctl): squid.service.
thanks for your detailed bisection of this issue. You mind submitting a GitHub PullRequest as per https://docs.vyos.io/en/equuleus/contributing/development.html?
The workaround stopped working after the OpenVPN configuration checks moved from Perl to Python. As this still applies to VyOS 1.3 this issue should be reopened, I can also create a new issue if that is preferred.
@sdev It still shows the ikev2 as the default version in the output.
I agree with your point that strongswan has changed the default version. A quote from their documentation: "Since 5.0.0 both protocols are handled by Charon and connections marked with ike will use IKEv2 when initiating, but accept any protocol version when responding."
good lab, thanks for your time! I want to leave a comment , I used the syntax that you recommend and it worked well ( VyOS 1.3.0-rc5):
Jul 11 2021
I did a short lab test using the following topology based on my assumptions what you wan't to do using VyOS 1.3.0-rc5:
@Viacheslav but that sounds more of a decent FRR bug. We could still consider adding EIGRP support for 1.4
Backported fix from T3637
Jul 10 2021
oh good grief this is an old problem.. Just found a reference here while researching: https://community.ui.com/questions/DHCP-Failover-Configuration-Multiple-VLAN-interfaces/da7a0f03-2c4e-4d9f-9924-c2297db177db
I can confirm this on the latest rolling versions, seems to be a problem with the IPSec rewrite/move to swanctl.conf.
This seems to work now.
Jul 9 2021
It is a feature request.
So we don't have a "large-comm-list" for set in our CLI. It is incorrect to compare "large-community" with "large-comm-list"
The option "delete" is preset only for the "lists"
I can't reproduce it in 1.3-rc5
set interfaces wireguard wg0 address '10.1.0.3/24' set interfaces wireguard wg0 address 'cafe:c01d:c01a::2/64' set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-192.0.2.1' set interfaces wireguard wg0 ipv6 ospfv3 cost '24' set interfaces wireguard wg0 ipv6 ospfv3 dead-interval '40' set interfaces wireguard wg0 ipv6 ospfv3 hello-interval '10' set interfaces wireguard wg0 ipv6 ospfv3 instance-id '0' set interfaces wireguard wg0 ipv6 ospfv3 priority '1' set interfaces wireguard wg0 ipv6 ospfv3 retransmit-interval '5' set interfaces wireguard wg0 ipv6 ospfv3 transmit-delay '1' set interfaces wireguard wg0 peer PEER01 address '192.0.2.1' set interfaces wireguard wg0 peer PEER01 allowed-ips '0.0.0.0/0' set interfaces wireguard wg0 peer PEER01 allowed-ips '10.0.3.0/24' set interfaces wireguard wg0 peer PEER01 allowed-ips '::/0' set interfaces wireguard wg0 peer PEER01 port '12345' set interfaces wireguard wg0 peer PEER01 pubkey 'Cpqy8=' set interfaces wireguard wg0 port '54321' set protocols ospf area 0 network '10.1.0.0/24' set protocols ospf passive-interface 'default' set protocols ospf passive-interface-exclude 'wg0' set protocols ospfv3 area 0 interface 'wg0'
In the latest rolling release all works fine without any changes
vyos@r1-roll:~$ show version
The issue seems still present in Vyos 1.3.0-rc5
Jul 8 2021
It seems there were changes in squid , but not in our code.
It is not used /var/log/frr anymore T2061
Please backport this to 1.3. Thanks.
trae@cr01a-vyos# show system config-management commit-archive { location sftp://cr01a-vyos.int:<somePassword>@stor01z-rh8.int.trae32566.org:/int/cr01a-vyos source-address lo } commit-revisions 10000
Jul 7 2021
vpn rsa-keys migrated: https://github.com/vyos/vyos-1x/pull/912
@trae32566 I can't replicate this. Can you post your config?
This is still broken on the most recent rolling release:
trae@cr01a-vyos# commit Using source address lo Archiving config... sftp://stor01z-rh8.int.trae32566.org:/int/cr01a-vyos Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python3/dist-packages/vyos/remote.py", line 315, in upload upload_sftp(local_path, url.hostname, url.path, username, password, port, source, progressbar) File "/usr/lib/python3/dist-packages/vyos/remote.py", line 190, in upload_sftp transfer_sftp('upload', *args, **kwargs) File "/usr/lib/python3/dist-packages/vyos/remote.py", line 162, in transfer_sftp sock.connect((hostname, port)) OSError: [Errno 22] Invalid argument [edit protocols bgp]
Jul 6 2021
@sdev , Thank you. I will test and confirm, once the new rolling version is released.
Thanks for the confirmation
Jul 5 2021
Hi @c-po i've been testing the added command.
yes , but when you use 'set protocols static route 10.0.0.0/8 next-hop 1.1.1.1 next-hop-vrf red' it doesn't install the prefix in the default table :