PR for 1.4: https://github.com/vyos/vyos-1x/pull/1418
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jul 27 2022
Jul 20 2022
Jul 19 2022
This is a behavior "by design". The prefix-len option cannot be used for BGP routes. We should add this notice to the CLI.
Check: http://docs.frrouting.org/en/latest/routemap.html#clicmd-match-ip-address-prefix-len-0-32
Jul 18 2022
Jul 8 2022
Jul 7 2022
Jul 4 2022
Jun 10 2022
Jun 2 2022
@m.korobeinikov I believe that I already posted this some time ago, but just in case...
Not all combinations of DPD and close-action are safe. Actually, most of them sooner or later will lead to issues with IPSec. So, I created the next scheme. It is from 2020, so I will not say that nothing was changed from that time, however, it shows well how careful you should be while configuring IPSec. On the scheme, you can see the only safe configuration of the close-action option, depending on how the peer is configured, but the same logic can be applied to DPD.
May 31 2022
May 13 2022
May 5 2022
PR for 1.3: https://github.com/vyos/vyos-build/pull/231
PR for 1.4: https://github.com/vyos/vyos-build/pull/230
May 3 2022
Resolved in https://github.com/vyos/vyos-cloud-init/pull/54
Apr 30 2022
Apr 25 2022
Apr 14 2022
Theoretically, must be fixed in https://github.com/FRRouting/frr/pull/11004
Apr 11 2022
Apr 1 2022
Hi, @dberlin ! Thanks, you are right about the root cause.
I believe that we need to remove the max-size and action-on-max-size from rsyslog.conf. So, leave everything related to rotating logs to logrotate, and to sending logs to rsyslog - UNIX-way. :)
Mar 31 2022
Mar 26 2022
Updated to 22.1 in 1.4.
The current branch now must be compatible with 1.3, and merged to equuleus if there no new incompatibilities will be found during tests.
Mar 24 2022
Updated: we need to update 20.4 to 22.1 because 20.4 cannot extract SSH keys from the Azure Stack Hub data source.
Mar 15 2022
The same issue with set interfaces bonding bond0 arp-monitor interval 'X' option. Also extra conversion between variable types.
Added the fix to the same PR.
Mar 12 2022
Mar 11 2022
Mar 7 2022
Resolved in https://phabricator.vyos.net/T3774, but it will not be backported to 1.2.
Should be fixed in https://github.com/vyos/vyos-1x/pull/1241
Mar 6 2022
Should be fixed by https://github.com/vyos/vyatta-cfg-firewall/pull/32
Mar 2 2022
Feb 18 2022
Feb 16 2022
Feb 4 2022
Feb 3 2022
Jan 26 2022
We confirmed the problem - some serial consoles continue to work well, some are not initialized properly with the --keep-baud option. For example, this can be reproduced in the SOS console in Equinix Metal.
Originally, the problem comes from a systemd service template.
Since it is not completely clear if the option is necessary in one case or another, it seems that the best solution would be to provide the ability to set/remove it from the CLI, so everyone may configure what works best for his hardware.
Jan 13 2022
Dec 30 2021
Suggested fix: https://github.com/vyos/vyatta-op/pull/52
Dec 29 2021
PR to fix the problem: https://github.com/vyos/vyos-1x/pull/1128
It is compatible with both 1.3 and 1.4, so can be cherry-picked from sagitta to equuleus.
Nov 26 2021
Nov 9 2021
Hardcoded version of the fix for 1.4:
https://github.com/vyos/vyos-1x/pull/1068
https://github.com/vyos/vyos-build/pull/201
Nov 3 2021
The problem exists because of the IKEv1 limitation - peer ID is unknown at the authentication stage. Since, both DMVPN and L2TP are configured for any remote peer address, one of them intercepts customers of the other one during authentication because it is not possible to find out which service will be connected after Phase 1.
Technically, the other one is a duplicate, but there are more details already.
Nov 2 2021
After the investigation, we figured out that it is possible to get the prefix and link-local address during the DHCP commit procedure.
The statement
log(info, binary-to-ascii(16, 8, ":", substring(option dhcp6.ia-pd, 24, 17)));
will give us the next info:
dhcpd[1568]: 40:20:1:ca:fe:11:11:ff:ff:0:0:0:0:0:0:0:0
So, a prefix can be extracted. Also, a link-local address may be generated from the MAC address extracted from the DHCP packet structure.
Oct 29 2021
After some investigation, we figured out several ways how to solve or at least mitigate the problem. From my point of view, the optimal for both developers and customers is the next one.
Oct 26 2021
Oct 25 2021
Sep 28 2021
The issue solved in the https://github.com/vyos/vyos-1x/pull/1017
However, the question if netplug script is necessary at all is still opened.
Sep 27 2021
Sep 15 2021
Aug 27 2021
This is a typo in the documentation. In the real system, the facility is called security, but it is deprecated at least from the 2004 year.
The problem that I see in names is that it seems that different systems and software may use slightly different names for facilities. So, could be a good idea to do the two things:
- check existing and add missing facility names in CLI
- in the actual configuration transparently convert facilities to numeric representation to avoid software issues (like deprecated security facility in rsyslog).
Aug 24 2021
Aug 16 2021
Thank you for testing! The change was backported to 1.3 and 1.2.
Aug 11 2021
Hello, @nyamada!
Really appreciated for such a detailed problem analysis! The regex is fixed in the 1.4 version now.
Could you test it, so we can backport changes safely to 1.2 and 1.3?
Jul 29 2021
They should be disabled by default, but there must be the ability to re-enable OIDs back from CLI.
Jul 26 2021
Jun 29 2021
Jun 11 2021
It also works with the current VTI interfaces (sudo ip l set vti1 vrf VRF1).
May 28 2021
@UnicronNL I would like to put default values in the config.boot file, and overwrite them from Cloud-init if a customer provides custom values.