@Dmitry @c-po is this an other version of strongswan? or is this the strongswan with dmvpn pathes in from vyos repo?

@bmhughes For me an issue was that cpio is missing from the docker image

@bmhughes I tested this on the downloaded lts 1.2.4 iso and it seems to work fine...

Created new Azure image

Updated the link files.

@mb300sd do you know how long it takes for the config to load for you? because the /etc/resolv.conf file is persistent. but on loading the config it should do the 'set system nameserver 2001:470:20::2' and overwrite the resolv.conf file.

@mb300sd i just created this one https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201907022116-amd64.iso did you already test with it?

@mb300sd
could you please retest it with:
https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201907022116-amd64.iso

I was able to reproduce your first issue...

@mb300sd can you share your config maybe?

@mb300sd do you mean after a fresh boot you get:

@mb300sd is the ipv6 address provided via dhcp?

@mb300sd what is the dhcp server you are using?
Could you also please share the content of the files:
/etc/resolv.conf.dhclient-new-eth0 (or other interface if you use an other)
/etc/resolv.conf.dhclient-old-eth0 (or other interface if you use an other)

@c-po @mb300sd found the issue 'Nameservers are not propagated into resolv.conf' (no script in node def) , also the issue with the split ipv6 does not seem to be in host_name.py, will look a bit further for that.

@bmtauer I have made a fix in the rolloing release and also backpurted to crux. so should be in 1.2.2

@etfeet you also get

mdadm: WARNING /dev/sda3 and /dev/sda appear to have very similar superblocks.
      If they are really different, please --zero the superblock on one
      If they are the same or overlap, please remove one from the
      DEVICE list in mdadm.conf.

maybe you can try my post above also then?

@jmlccdmd Strange is the superblock on /dev/sda, without uefi we use sda1 for raid and with uefi sda3.
Could you clear the superblock from sda and sdb and maybe try again?

It looks like the check that determines if 'mdadm --zero-superblock' is needed does not work.
Also ill try to get the config in with update-initramfs so that it does not go to md127.

All items should be fixed.

@joshua we do not use the ssh and the ssh-import-id as the ssh keys need to be set by vyos config.

@yun thanks
@dmbaturin Any idea how we can address this?
@hagbard closed request

@yun What is the exact frr command you tried?
the command you tried manually.

@hagbard that commit sets a kernel route. that is not good.

@Line2 I will look at it!

@Line2 What do you mean?
This is only for dhcp ip renewals or disconnected interfaces.

If you manually partition you need to keep in mind 2 things.
the filesystem label needs to be "persistence" (mkfs.ext4 < device > -L persistence)
and in the root of the filesystem you must create a persistence.conf file containing "/ union"
(echo "/ union" > /persistence.conf) on your partition meat for vyos.

@bjtangseng so changing that remote_ts = 0.0.0.0/0[gre] fixed it right?

@bjtangseng
On the HUB, can you change in /etc/swanctl/swanctl.conf
remote_ts = dynamic[gre] to remote_ts = 0.0.0.0/0[gre]

can you do:
sudo swanctl --list-sas

@bjtangseng, Ah that is the problem. I do not know if there is an option allow any network, have to do some research.

@bjtangseng,
Does your nat address change everytime?

can you put log from hub?
ipsec log

@bjtangseng
I think you replaced the wrong ip in the swanctl.conf

@bjtangseng Can you post the output, than i can maybe look and mod things.

@bjtangseng thanks!

@bjtangseng The spoke, and do not reboot.
make sure hub is up and do changes mentioned in previous post on the spoke (no reboot)
and post the output of:

@bjtangseng
can you please edit your swanctl.conf file and put the local_ts to 115.60.62.155/32[gre] ( local_ts = 115.60.62.155/32[gre] )
after editing swanctl please run:
sudo swanctl -q
then please check if you can connect with:
sudo swanctl -i -c dmvpn -S 100.64.161.96 -R 116.90.86.181 -l 2
or:
sudo swanctl -i -c dmvpn -S 0.0.0.0 -R 116.90.86.181 -l 2

@bjtangseng could you try with IKEv2 on both hub and spoke?
set vpn ipsec ike-group IKE-HUB key-exchange ikev2 for hub
set vpn ipsec ike-group IKE-SPOKE key-exchange ikev2 for spoke.

@bjtangseng This is definitely a NAT issue, if i change the local_ts = dynamic[gre] in /etc/swanctl/swanctl.conf to local_ts = *.*.*.*/32[gre] i can replicate the error you get.

@bjtangseng I do not know if dmvpn was in rc.10.
Can you please try the same in the last roling release?

added the patch! thanks

@m.tremer added the patch, thanks... was under the impression cloud-init added the user as it is stated as default user, but clearly it does not.

Do you also create the iso yourself or dowload it?
In 1.2 we will be using cloud-init and the ec2 init script was removed.

@vtsingaras I merged it in to our repo.
@syncer i see we have no crux branch for pmacct i slacked @dmbaturin

@syncer i added a branch in vyos-build, after testing, do you think we can merge to current/crux and update the live-build package on the build server?

@commo @Raeven I updated the kernel to support the filesystems. But what @syncer mentioned 'win32diskimager' is a better tool for 1.2 as it is hybrid-iso which works if you directly write the iso to usb.

@syncer If we use kernel 4.19 driver version for ethernet is DRV_VERSION "5.1.0-k"
Also cpu should be supported without enabling something i guess.

Will mod the script to update rate on the fly.
vyos@vyos:~$ stty -F /dev/ttyS0 115200 cstopb

@kroy
If you would like to test:
git clone https://github.com/vyos/vyos-build.git
cd vyos-build
git checkout current-uefi
docker build -t vyos-builder .
docker run -it --privileged -v /HOST_PATH_OF_VYOS_BUILD_REPO:/vyos -w="/vyos" vyos-builder bash
./configure
make iso

@kroy what kernel is it now you use? I updated the kernel 4.14.75 and 4.19.0
https://github.com/vyos/vyos-kernel/commit/32f3f5caaec8bff6f372ab22801cfaaa30a766cd

@syncer will check @kroy thanks a bunch!!

@commo How did you prepare the usb drive?
On which os, and what tools did you use?

This was fixed some time ago.
https://github.com/vyos/vyos-strongswan/commit/2cfa2c5f85babbfae11898888d6e8c7ca99cdeb5#diff-ab17f7fac35ebad14feb31b720eba1b0R173

@vtsingaras I see it is merged in upstream, try to merge in vyos asap.

@Watcher7 Ah i see, was confused... tnx

do you mean like:

set protocols static table 10 route 192.168.0.0/24 next-hop 192.168.0.1 interface ethx

If so could you please create a new task for creating new syntax?

@Watcher7 I do not really understand what you mean, can you share your configs or a way to reproduce and elaborate a bit more?

Found that already :)

Haha tnx!

image vyos-1.2.0-rolling+201807301123-amd64.iso

@hagbard and then install the packages on that. (download and install)

@syncer he means the edgOs one :) package i build are only the wire guard tools and kernel module. Those packages are good.

@hagbard http://dev.packages.vyos.net/repositories/current/vyos/pool/main/w/wireguard/
here are the packages

@hagbard I have created the wireguard package https://github.com/vyos/vyos-wireguard