I have updated to V1.2.0-rolling+201804200337. After that the configuration node 'service dns forwarding' has disappeared from the config tree.
I reconfigured this and the 'listen on'-part is ok now. Thanks for fixing this one Christian.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Apr 20 2018
Apr 19 2018
I just tried. The config tree looks like before:
Apr 3 2018
This Tasks seems to be resolved since kernel 4.14, as the xen netfront bug in kernel is fixed in this version (https://patchwork.kernel.org/patch/9338979/).
I tested with latest nightly on AWS. No packetloss anymore with AES!
Feb 8 2018
I also tried without edit mode like this with same result:
I just tested on VyOS 999.201802080337 with same result:
Nov 27 2017
vyos@vyos-test# ls -al /run total 56 drwxr-xr-x 25 root root 900 Nov 27 21:29 . drwxr-xr-x 1 root root 4096 Nov 24 20:22 .. drwxr-xr-x 2 root root 40 Nov 24 20:23 agentx -rw-r--r-- 1 root root 5 Nov 24 20:22 atd.pid drwxr-xr-x 2 root root 80 Nov 24 20:22 blkid srwxrwx--- 1 root root 0 Nov 27 21:29 charon.ctl -rw-r--r-- 1 root root 6 Nov 27 21:29 charon.pid srwxrwx--- 1 root root 0 Nov 27 21:29 charon.vici -rw-r--r-- 1 root root 5 Nov 24 20:22 crond.pid
that's exactly how i tested before. All other vpn config was done before and is running fine (commit and saved). As soon as i change (set or delete) something at 'vpn ipsec logging log-level' oder vpn ipsec logging log-modes' I get this message:
yes that's the version I tested on
thanks @c-po.
I don't know what other information could be relevant. It's an instance on AWS. Nothing special before. The log-modes are set after the error messages. I can say that. Look at this here:
Nov 26 2017
Nov 19 2017
Thanks Brandon for your findings. IPSec with dynamic peer is no problem in VyOS. We use some of that with x.509 auth. Only VTI with dynamic peer is not allowed by VyOS. Do you know more about VTI and dynamic peer with strongswan on other linux installations (not VyOS)? Is it possible there?
Oct 30 2017
VyOS doesn't allow this configuration variant. You get an appropriate message if you try. In EdgeOS it's the same. I don't know if it's possible in Strongswan V5.3.5.
Sep 4 2017
no problem:
Jul 28 2017
Hi Jules
is your fix already in 'vyos-999.201707272138-amd64.iso'? I get in this version:
Jul 27 2017
I can support this idea. It's quite usual on other routers or firewalls to have global objects, you define once and use it in firewall, nat, policy routing...