PR for equuleus https://github.com/vyos/vyos-1x/pull/994
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Sep 3 2021
@dmbaturin Can we close it?
@fetzerms Can you check it in 1.4?
For example:
set policy local-route rule 10 fwmark '42' set policy local-route rule 10 set table '100'
Sep 2 2021
+1
1.3 still use 2.17 version
Sep 1 2021
It is really somehow was in the old backend
[email protected]:~$ ${vyatta_bindir}/vyatta-show-interfaces.pl --intf=eth1 eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond1 state UP group default qlen 1000 link/ether 52:54:00:c1:05:04 brd ff:ff:ff:ff:ff:ff Last clear: Wed Sep 01 18:29:34 EEST 2021 Description: FOO
Not reproducible in 1.2.8 / 1.3-beta-202108300342
@tracyb Can you re-check it in 1.3.0-rc6?
Aug 31 2021
@trystan will be fixed in the next 1.3-beta release.
PR for 1.3 https://github.com/vyos/vyos-1x/pull/985
Sure.
PR for crux https://github.com/vyos/vyatta-cfg-system/pull/166
Aug 30 2021
Add key to successful commit.
set interfaces tunnel tun1 parameters ip key '1'
Not reproducible.
I close the task.
Reopen it if necessary. Describe step by step with an example of config how to reproduce it.
Thanks.
PR for 1.3 https://github.com/vyos/vyos-build/pull/184
Fixed in VyOS 1.3-beta-202108300342
Aug 29 2021
In T3782#102239, @trystan wrote:
Possible bug after this commit https://github.com/vyos/vyos-1x/pull/621/commits/ede2972be4c49962a04b1addb9df6ce58f2d9f42
As it works in vyos-1.3-rolling-202011 before that commit.
1.3 fixed in T3779
The issue may be with OpenVPN/dynamic interfaces only, without the option "persist".
In that case, if no connectivity between interfaces it tried to re-add the interface "down/up" vtunX with a new SNMP index. And it will be in the loop until connectivity will be restored with the remote site.
Difference between 1.2 and 1.3
1.3 don't have option qdisc ingress ffff: dev eth0 parent ffff:fff1 ----------------
How about CLI set system syslog atop file 5
That means save the latest 5 files.
PR https://github.com/vyos/vyos-1x/pull/981
[email protected]# set interfaces ethernet eth0 ipv6 address eui64 2001:db8::/64 [edit] [email protected]# commit ru[edit] [email protected]# run show int Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 192.168.122.14/24 u/u 2001:db8::5054:ff:fe5d:4609/64
Aug 24 2021
Similar task T3360
Aug 18 2021
Network re-creates every time after reboot and gets configuration from "container network" section.
https://github.com/vyos/vyatta-cfg/blob/242f5685159f615ff79312041d3dde2063e5579a/scripts/init/vyos-router#L273-L277
So there is podman decide how to name this network.
From conf mode I get error VyOS 1.4-rolling-202108130117
vyos@vyos-oobm# loadkey vyos scp://[email protected]:/etc/ssh/ssh_host_rsa_key.pub Global symbol "$generate" requires explicit package name (did you forget to declare "my $generate"?) at /opt/vyatta/sbin/vyatta-load-user-key.pl line 162. Execution of /opt/vyatta/sbin/vyatta-load-user-key.pl aborted due to compilation errors. [edit] vyos@vyos-oobm#
I close the task, because it can't be reproducible in 1.3.0-rc5
Re-open it, if necessary with described step by step how to reproduce it.
Or open a new one.
from vyos.xml import defaults doesn't work for 1.3 correctly, for some reason it gets 2 isis process with same name "FOO"
https://github.com/sever-sever/vyos-1x/commit/7b0a33618bfa1d1ef99b9744ed1ded49a2c832af
[email protected]# compare [edit protocols] +isis FOO { + interface tun0 { + } + net 49.0001.0000.0011.0001.00 +} [edit] [email protected]# commit [ protocols isis FOO ] {'FOO': {'interface': {'tun0': {}}, 'net': '49.0001.0000.0011.0001.00'}, 'lsp_mtu': '1497'} Only one isis process can be defined
Aug 17 2021
Not reproducible, tested on "1.3-beta-202108151336"
- Bug, values on interfaces are overwritten after firewall global parameters.
By default:
[email protected]# sudo sysctl -a | grep "\.rp_filter" net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 0 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.vtun10.rp_filter = 0
Set value for the interface eth2 value "loose"
[email protected]# set interfaces ethernet eth2 ip source-validation 'loose' [edit] [email protected]# commit [email protected]# sudo sysctl -a | grep "\.rp_filter" net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 2 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.vtun10.rp_filter = 0
@Merijn Any updates?
@c-po Can we close it?
Not more actual for 1.3, as it used isc-dhcp-client/isc-dhcp-relay/isc-dhcp-server 4.4.1-2
I can't find in logs something like bad udp checksums
Do we need to set this option configurable?
We have an option --disable-syslog so for enable logging it should be --enable-syslog
SA only with hub, output correct
vyos@spoke1:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------ ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- dmvpn up 16m24s 2K/2K 24/23 192.0.2.1 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 vyos@spoke1:~$ vyos@spoke1:~$ vyos@spoke1:~$ sudo swanctl -l dmvpn-NHRPVPN-tun100: #1, ESTABLISHED, IKEv1, 2bc867b1ca327379_i* c85b15462b657b03_r local '100.64.1.11' @ 100.64.1.11[500] remote '192.0.2.1' @ 192.0.2.1[500] AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 established 1001s ago, rekeying in 2400s dmvpn: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-256/HMAC_SHA1_96/MODP_1024 installed 1001s ago, rekeying in 505s, expires in 979s in cb2b55ee, 3044 bytes, 24 packets, 91s ago out cb3647d6, 2474 bytes, 23 packets, 91s ago local 100.64.1.11/32[gre] remote 192.0.2.1/32[gre] vyos@spoke1:~$
Tested on VyOS 1.3.0-rc5
Not reproducible update from 1.2.4 to 1.3-rc5
1.2.4 config
set interfaces ethernet eth1 bond-group bond0 set interfaces ethernet eth1 bond-group bond0 set interfaces bonding bond0 vif 29 address '192.168.159.167/31' set interfaces bonding bond0 vif 29 address 'fd12:45:fff:29::2/126' set interfaces bonding bond0 vif 29 description 'Point to Point - DMZ' set interfaces bonding bond0 vif 29 ip ospf dead-interval '20' set interfaces bonding bond0 vif 29 ip ospf hello-interval '10' set interfaces bonding bond0 vif 29 ip ospf priority '220' set interfaces bonding bond0 vif 29 ip ospf retransmit-interval '5' set interfaces bonding bond0 vif 29 ip ospf transmit-delay '1' set interfaces bonding bond0 vif 29 ipv6 dup-addr-detect-transmits '1' set interfaces bonding bond0 vif 29 ipv6 ospfv3 cost '1' set interfaces bonding bond0 vif 29 ipv6 ospfv3 dead-interval '20' set interfaces bonding bond0 vif 29 ipv6 ospfv3 hello-interval '10' set interfaces bonding bond0 vif 29 ipv6 ospfv3 instance-id '0' set interfaces bonding bond0 vif 29 ipv6 ospfv3 priority '220' set interfaces bonding bond0 vif 29 ipv6 ospfv3 retransmit-interval '5' set interfaces bonding bond0 vif 29 ipv6 ospfv3 transmit-delay '1' set interfaces bonding bond0 vif 29 mtu '1500' set interfaces loopback lo address 'fd12:45::14/128' set policy route-map OSPF-Filter description 'This route map will apply to outgoing routes sent via OSPF' set policy route-map OSPF-Filter rule 10 action 'permit' set policy route-map OSPF-Filter rule 10 description 'Only permit loopback interface' set policy route-map OSPF-Filter rule 10 match interface 'lo' set policy route-map OSPF-Filter rule 100 action 'deny' set policy route-map OSPF-Filter rule 100 description 'Default deny' set protocols ospfv3 area 0.0.0.0 interface 'lo' set protocols ospfv3 area 0.0.0.0 interface 'bond0.29' set protocols ospfv3 area 0.0.0.0 range fd12:45:fff:29::/126 set protocols ospfv3 parameters router-id '192.168.159.241' set protocols ospfv3 redistribute connected route-map 'OSPF-Filter'
Large-community and large-community-list it is different functions.
It seems all works fine
@darkdragon-001 It will be available in the next rolling release, can you test it?
Aug 16 2021
PR for current https://github.com/vyos/vyos-1x/pull/974
Fixed, 1.3-beta-202108151336
[email protected]# run show conf com | match openvpn set interfaces openvpn vtun10 encryption cipher 'aes256' set interfaces openvpn vtun10 hash 'sha512' set interfaces openvpn vtun10 local-host '192.168.122.14' set interfaces openvpn vtun10 local-port '1194' set interfaces openvpn vtun10 mode 'server' set interfaces openvpn vtun10 persistent-tunnel set interfaces openvpn vtun10 protocol 'udp' set interfaces openvpn vtun10 server client client1 ip '10.10.0.10' set interfaces openvpn vtun10 server domain-name 'vyos.net' set interfaces openvpn vtun10 server max-connections '250' set interfaces openvpn vtun10 server name-server '172.16.254.30' set interfaces openvpn vtun10 server subnet '10.10.0.0/24' set interfaces openvpn vtun10 server topology 'subnet' set interfaces openvpn vtun10 tls ca-cert-file '/config/auth/ca.crt' set interfaces openvpn vtun10 tls cert-file '/config/auth/central.crt' set interfaces openvpn vtun10 tls dh-file '/config/auth/dh.pem' set interfaces openvpn vtun10 tls key-file '/config/auth/central.key' set interfaces openvpn vtun10 tls tls-version-min '1.0' set interfaces openvpn vtun10 use-lzo-compression [edit] [email protected]# [email protected]# set interfaces openvpn vtun10 authentication username foo [edit] [email protected]# commit
Not sure that it is a good idea for this format.
The syntax between versions (1.3/1.4 bgd/isisd) is changed. With every syntax change you should also change and section "service https API ... bgp"
My point API must have a full access to all configuration options.
Aug 14 2021
@c-po It makes sense
Need to try.