@LBegnaud if I read the source correct the command set vpn ipsec options disable-route-autoinstall is what you are looking for, it was implemented in T71.

This could be used as base for testing:

No feedback received, considering this as resolved. please reopen if issue reappears.

Please test again with the rolling release from 2019-09-14. Thanks for reporting the issue.

Why can I not delete the default key? If I wan‘t to drop WireGuard on a device I also wan’t to remove that key.

OpenVPN now runs as user openvpn with the above helper script. Please also test this new implementation, it will be in the rolling ISO which is building right now.

Persistent tunnel is a configuration option set interfaces openvpn vtun10 persistent-tunnel

Huh? Which perl script?

As the bonding interface has been completely rewritten this should not be an issue as I do not touch underlaying interface MAC addresses

Why not specify the keys or the key file location via CLI like other VPN implementations do it?

You could use quoting like mentioned in T1129.

Rewrite was tested using:

I like the openvpn:openvpn ownership idea

The documentation is also correct. Please not that there are two git branches for the documentation, current and equuleus. You send me the VyOS 1.2.2 crux link. I gave you the upcoming VyOS 1.2 equuleus link.

This is actually a duplicate of T1617.

The bahavior has changed, see https://vyos.readthedocs.io/en/equuleus/interfaces/bridging.html and T1556

1.3 rolling is not recommended for users - its pre-alpha.

@jdevincentis is this a custom build? Using VyOS 1.2-rolling-201909040337 I can not reproduce the issue with:

The config generator would need to be adopted https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/interface-openvpn.py and the wrapper script added. I have no time before tomorrow, sorry

Please test with latest rolling and not a custom build.

When the site looses connection and thus a SIGUSR21 is sent to OpenVPN to restart internally the priviledges have dropped and yes, /sbin/ip can't be called again.

Should be fixed in next rolling release by: https://github.com/vyos/vyatta-cfg/commit/710728ee8eb6def82f9a142468960f6985dcf4e8

@hagbard not a problem. Looks like we now go the "our own lib" way as pyroute2 has some flaws. DHCP is already fix and I continue improve the script and remove redundant code before it will be extended to support VLAN/bonding.

DHCP + DHCPv6 working now in bridge interface.

This is "as intended" b/c ping is an op-mode command.

https://github.com/vyos/vyos-1x/commit/71f7a947539963112c61fef2a5f278d524d71198

@hagbard during some tests with the bridge interface (https://github.com/vyos/vyos-1x/commit/71f7a947539963112c61fef2a5f278d524d71198) I noticed the following:

Pyroute2 states:

One of the major issues with IPDB is its memory footprint. It proved not to be suitable for environments with thousands of routes or neighbours. Being a design issue, it could not be fixed, so a new module was started, NDB, that aims to replace IPDB. IPDB is still more feature rich, but NDB is already more fast and stable.

backported to crux