- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Sep 2 2021
PR for current https://github.com/vyos/vyos-1x/pull/988
Sep 1 2021
PR https://github.com/vyos/vyos-1x/pull/987
Can we cherry-pick this patch to the current branch?
Aug 18 2021
Aug 12 2021
Aug 9 2021
PR for Equuleus https://github.com/vyos/vyos-1x/pull/959
Tested on 1.3-rc5, all works properly
set vpn ipsec esp-group ESP_DEFAULT compression 'disable' set vpn ipsec esp-group ESP_DEFAULT lifetime '3600' set vpn ipsec esp-group ESP_DEFAULT mode 'tunnel' set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19' set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes128' set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256' set vpn ipsec ike-group IKEv2_DEFAULT close-action 'none' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30' set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120' set vpn ipsec ike-group IKEv2_DEFAULT ikev2-reauth 'no' set vpn ipsec ike-group IKEv2_DEFAULT key-exchange 'ikev2' set vpn ipsec ike-group IKEv2_DEFAULT lifetime '10800' set vpn ipsec ike-group IKEv2_DEFAULT mobike 'disable' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 dh-group '19' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 encryption 'aes128' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 hash 'sha256'
Flow served QAT
vyos@R2-QAT# run show system acceleration qat device qat_dev0 flows +------------------------------------------------+ | FW Statistics for Qat Device | +------------------------------------------------+ | Firmware Requests [AE 0]: 60046 | | Firmware Responses[AE 0]: 60046 | +------------------------------------------------+ | Firmware Requests [AE 1]: 112720 | | Firmware Responses[AE 1]: 112720 | +------------------------------------------------+ | Firmware Requests [AE 2]: 219657 | | Firmware Responses[AE 2]: 219657 | +------------------------------------------------+ | Firmware Requests [AE 3]: 60046 | | Firmware Responses[AE 3]: 60046 | +------------------------------------------------+ | Firmware Requests [AE 4]: 112722 | | Firmware Responses[AE 4]: 112722 | +------------------------------------------------+ | Firmware Requests [AE 5]: 219657 | | Firmware Responses[AE 5]: 219657 | +------------------------------------------------+
Interrupts
vyos@R2-QAT# run show system acceleration qat interrupts 140: 44039 0 0 0 0 0 0 0 IR-PCI-MSI 524288-edge qat0-bundle0 141: 0 42358 0 0 0 0 0 0 IR-PCI-MSI 524289-edge qat0-bundle1 142: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524290-edge qat0-bundle2 143: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524291-edge qat0-bundle3 144: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524292-edge qat0-bundle4 145: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524293-edge qat0-bundle5 146: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524294-edge qat0-bundle6 147: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524295-edge qat0-bundle7 148: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524296-edge qat0-bundle8 149: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524297-edge qat0-bundle9 150: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524298-edge qat0-bundle10 151: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524299-edge qat0-bundle11 152: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524300-edge qat0-bundle12 153: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524301-edge qat0-bundle13 154: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524302-edge qat0-bundle14 155: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524303-edge qat0-bundle15 156: 0 0 0 0 0 0 0 0 IR-PCI-MSI 524304-edge qat0-ae-cluster
PR for 1.3 https://github.com/vyos/vyos-1x/pull/957
Aug 6 2021
Hello @maznu , I also prefer the first variant set vpn l2tp remote-access lns host-name example.com I'm sure that we no need to overload l2tp remote-access root noded
Aug 5 2021
It is not critical, please test without this package "libstrongswan-standard-plugins"
All necessary data is already installed.
I have patched packages for 1.2.8. It works on my routers in the virtual environment.
Instruction:
- Upload package to the router
- Unarchiv it
sudo tar -xvf strongswan.tar
- Install packages
sudo dpkg -i *.deb
- Reboot router or reconfigure IPSec
Aug 3 2021
@Viacheslav I believe it is still actual for 1.3 https://github.com/vyos/vyos-1x/blob/equuleus/src/conf_mode/vpn_sstp.py#L60-L78
I saw we changed the PKI model only for 1.4. Implement PKI model for 1.3-epa1 a risky
Jul 29 2021
PR https://github.com/vyos/vyos-1x/pull/945
Also, need to cherry-pick it to Equuleus
Jul 26 2021
I think we need to reopen this task. Sometimes (one per hour) some users and I got similar messages on version 1.3-rc4/rc5
Jun 29 2021
Hello @joeudes , it looks like without enabled ppp-option ipv6 it should not work
set service pppoe-server ppp-options ipv6 allow
@Viacheslav it is reproducible in 1.2.7
vyos@vyos:~$ touch file1 vyos@vyos:~$ touch file2 vyos@vyos:~$ touch file3 vyos@vyos:~$ ls file1 file2 file3 vyos@vyos:~$ reset vpn remote-access user Possible completions: file1 Terminate specified user's current remote access VPN session(s) file2 file3
Jun 25 2021
Jun 16 2021
Jun 3 2021
Please, backport it to 1.3 rolling https://phabricator.vyos.net/rVYOSONEX4b646c1fb31a1a9f9c9d1658734d478fed5f19f1
Jun 2 2021
Extended scripts receive from PPPoE daemon the following variables:
$1 - Interface name $4 - Tunnel GW IP address $5 - Delegated IP address to the client $6 - Calling Station ID (MAC)
For example, how to get received RADIUS attributes
note: In this case, Filter-Id attribute used as an indicator for block user adding to ipset
configure set firewall group address-group blocked commit
Jun 1 2021
PR https://github.com/vyos/vyos-1x/pull/860
To provide the possibility to read RADIUS attribute by script, also need to define radattr=/run/radattr param
May 28 2021
Properly works on the latest 1.4 rolling. Is it possible to backport changes to 1.3?
May 27 2021
PR https://github.com/vyos/vyos-build/pull/166
server "time1.vyos.net" server "time2.vyos.net" server "time3.vyos.net"
May 26 2021
I propose something like
set service pppoe-server extended-scripts on-pre-up <path> set service pppoe-server extended-scripts on-up <path> set service pppoe-server extended-scripts on-down <path> set service pppoe-server extended-scripts on-change <path>
May 18 2021
Tested on 1.4-rolling-202105170417 works correct. Propose to backport this to 1.3
May 14 2021
May 13 2021
May 2 2021
Hi @hard, I think behavior should be another for VM. Did you try to change speed when you connected via serial?
Apr 27 2021
Work as expected on 1.4-rolling-202104260417
vyos@R1:~$ show dhcpv6 server leases IPv6 address State Last communication Lease expiration Remaining Type Pool IAID_DUID ------------------ ------- -------------------- ------------------- ----------- ----------------- ----------- ----------------------------------------------------- 2001:db8:290::/64 active 2021/04/23 14:52:48 prefix delegation VyOS-DHCPv6 00:00:00:00:00:01:00:01:28:15:9b:bd:50:00:00:06:00:00 2001:db8:3456::15b active 2021/04/27 05:07:51 2021/04/27 17:07:51 10:28:27 non-temporary VyOS-DHCPv6 00:00:00:00:00:01:00:01:28:15:9b:bd:50:00:00:06:00:00
Apr 26 2021
Apr 23 2021
Apr 18 2021
Apr 16 2021
Apr 9 2021
Add PR with improvements to documentation https://github.com/vyos/vyos-documentation/pull/503
Thanks. I think the main issue is missing required modules in the generated pppoe server config file
sudo cat /run/accel-pppd/pppoe.conf ### generated by accel_pppoe.py ### [modules] log_syslog pppoe shaper chap-secrets ippool auth_pap auth_chap_md5 auth_mschap_v1 auth_mschap_v2
Required
ipv6pool ipv6_nd ipv6_dhcp
These option enables by the foloowing CLI command::
set service pppoe-server ppp-options ipv6 allow
Apr 8 2021
It looks like the same nature of this issue https://phabricator.vyos.net/T3393
@c-po , could you try to test fast solution
configure set system sysctl custom net.ipv6.conf.default.addr_gen_mode value 0 commit
Apr 7 2021
Mar 17 2021
Works correct for q, but still show backtrace by Ctrl+C
:Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/ppp-server-ctrl.py", line 74, in <module> main() File "/usr/libexec/vyos/op_mode/ppp-server-ctrl.py", line 63, in main print(output) KeyboardInterrupt
Lets change except BrokenPipeError: to except:
Mar 16 2021
@Viacheslav . Ok this is not a problem, because we have a workaround with pseudo ethernet interfaces
set interfaces pseudo-ethernet peth1 source-interface 'eth1' set service pppoe-server interface peth1 set service pppoe-server interface eth1 vlan-id '50' set service pppoe-server interface eth1 svlan 1000 vlan-range '1-4095'
Now all looks good and works properly, but need to add better help value
vyos@vyos# set service pppoe-server interface eth3 vlan-id Possible completions: <text> VLAN monitor for the automatic creation of vlans (user per vlan)
To disable udev link_config redundancy call we need to delete /usr/lib/systemd/network/99-default.link
Mar 15 2021
@dmbaturin please cherry-pick this to equuleus. Successfully tested on VyOS-1.3-RC1
Mar 13 2021
Yes, some time ago, it could produce kernel issues https://www.mail-archive.com/[email protected]/msg218964.html
And I think it will be good to add the possibility to control unit-cache to have the opportunity to influence this.
Mar 12 2021
Mar 11 2021
Fresh SNMP Daemon has some option which might be helpful
https://manpages.debian.org/unstable/snmpd/snmpd.conf.5.en.html
ifmib_max_num_ifaces NUM
Configured SNMP also add impact
top - 12:51:59 up 3:25, 2 users, load average: 1.35, 0.70, 0.28 Tasks: 214 total, 2 running, 210 sleeping, 2 stopped, 0 zombie %Cpu0 : 0.0 us, 0.0 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.3 si, 0.0 st %Cpu1 : 22.6 us, 77.4 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st %Cpu2 : 0.0 us, 0.3 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st %Cpu3 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st MiB Mem : 9972.9 total, 6710.1 free, 2044.5 used, 1218.3 buff/cache MiB Swap: 0.0 total, 0.0 free, 0.0 used. 7195.8 avail Mem
Mar 10 2021
@jack9603301 it looks like this issue related to your patch https://github.com/vyos/vyatta-cfg-qos/commit/6391325271be489d29f0b7aa2982952068c6a53c
T3089
Mar 9 2021
Also, add some overhead netplug
top - 19:14:34 up 26 min, 1 user, load average: 10.29, 13.17, 8.57 Tasks: 568 total, 5 running, 228 sleeping, 0 stopped, 335 zombie %Cpu0 : 5.0 us, 10.6 sy, 0.0 ni, 84.4 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st %Cpu1 : 9.8 us, 15.2 sy, 0.0 ni, 75.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st %Cpu2 : 40.7 us, 3.0 sy, 0.0 ni, 56.2 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st %Cpu3 : 9.6 us, 86.4 sy, 0.0 ni, 4.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st MiB Mem : 3870.9 total, 1375.2 free, 1499.9 used, 995.8 buff/cache MiB Swap: 0.0 total, 0.0 free, 0.0 used. 1716.8 avail Mem
Mar 8 2021
Related task https://phabricator.vyos.net/T2362
A maybe better solution in this case to create interfaces like bridge and interfaces with an option which block adding link-local address.
@marcomuskus as a temporary solution try to use CLI sysctl param
configure set system sysctl custom net.ipv6.conf.default.addr_gen_mode value 0 commit
Mar 7 2021
@Viacheslav , thanks for improving, now it works properly. I found one interesting moment, it looks like we cant configure via CLI listen to PPPoE clients on interfaces eth1 and eth1.50 or eth1.something at the same time.
vyos@vyos# run show configuration commands | match "pppoe-server interface" set service pppoe-server interface eth1 vlan-id '50' set service pppoe-server interface eth1.1000 vlan-range '1-4095' [edit] vyos@vyos# set service pppoe-server interface eth1
Also does not display other interfaces under the end node
vyos@RTR1# run show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 xxx.xxx.36.246/24 u/u lo 127.0.0.1/8 u/u ::1/128 tun0 2001:470:xxxx:xxx::2/64 u/u HE.NET IPv6 Tunnel [edit] vyos@RTR1# run show interfaces tunnel Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- [edit] vyos@RTR1# run show interfaces ethernet Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- [edit] vyos@RTR1#
Mar 6 2021
For VXLAN multicast this is a real bug.
Mar 5 2021
@c-po , yes now it works. Maybe we need to define ttl=16 as the default value?
Mar 4 2021
@c-po does not work on 1.4-rolling-202103040218
vyos@vyos# sudo ip -d link show dev vxlan241 7: vxlan241: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br241 state UNKNOWN mode DEFAULT group default qlen 1000 link/ether fe:08:e3:3c:d4:ab brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 68 maxmtu 65535 vxlan id 241 group 239.0.0.241 dev eth0 srcport 0 0 dstport 8472 tos inherit ttl auto ageing 300 udpcsum noudp6zerocsumtx noudp6zerocsumrx
On the middle router in traffic dump I see TTL=1
18:59:29.029090 IP (tos 0x0, ttl 1, id 24806, offset 0, flags [none], proto UDP (17), length 100) 10.1.2.2.52948 > 239.0.0.241.8472: OTV, flags [I] (0x08), overlay 0, instance 241
There is a bug exactly with client-ip-pool range, config generated with the mistake
[ip-pool] gw-ip-address=10.1.1.1 10.1.1.100-10.1.1.111
but expected
10.1.1.100-111
Mar 1 2021
Yes, sure. It will work only if one vlan-id defined, e.g. if you configure a couple vlan-id you will get wrong syntax"
set service pppoe-server interface eth1 vlan-id '50' set service pppoe-server interface eth1 vlan-id '60'
In generated config
vlan-mon=eth1,50,60 interface=eth1.50,60
Expected:
vlan-mon=eth1,50,60 interface=eth1.50 interface=eth1.60
Feb 28 2021
Good job! I think there exists one remark. If we set set service pppoe-server interface eth1 vlan-id '50' that means you want to listen to pppoe client on eth1.50, but in config you have
vlan-mon=eth1,50 interface=re:eth1\.\d+
e.g. eth1\.\d+ mean all vlans in eth1, even eth1.50.50.50 will fit for this regular expression
I propose do not to use a regular expression for vlan-id, as an example:
- set service pppoe-server interface eth1 vlan-id '50'
vlan-mon=eth1,50 interface=eth1.50
Yes, agree it works by show interfaces vrrp, but behavior in 1.2.x also displayed VIP by command show interfaces
I think this is a bug and need to fix it.
Feb 26 2021
Tested in the lab the following simple topology on 1.2.6-S1 and 1.3-beta, behavior the same and GARP works by default.
VyOS1 config
set high-availability vrrp group eth1 hello-source-address '100.64.0.1' set high-availability vrrp group eth1 interface 'eth1' set high-availability vrrp group eth1 peer-address '100.64.0.2' set high-availability vrrp group eth1 rfc3768-compatibility set high-availability vrrp group eth1 virtual-address '100.64.0.50/24' set high-availability vrrp group eth1 vrid '1' set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 hw-id '50:00:00:01:00:00' set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth1 address '100.64.0.1/24' set interfaces ethernet eth1 duplex 'auto' set interfaces ethernet eth1 hw-id '50:00:00:01:00:01' set interfaces ethernet eth1 speed 'auto'
VyOS2 config
set high-availability vrrp group eth1 hello-source-address '100.64.0.2' set high-availability vrrp group eth1 interface 'eth1' set high-availability vrrp group eth1 peer-address '100.64.0.1' set high-availability vrrp group eth1 virtual-address '100.64.0.50/24' set high-availability vrrp group eth1 vrid '1' set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 hw-id '50:00:00:02:00:00' set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth1 address '100.64.0.2/24' set interfaces ethernet eth1 duplex 'auto' set interfaces ethernet eth1 hw-id '50:00:00:02:00:01' set interfaces ethernet eth1 speed 'auto'
In traffic dump on VyOS3 we can see traffic when BACKUP node switched to MASTER state
14:02:34.152959 50:00:00:02:00:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 100.64.0.50 (ff:ff:ff:ff:ff:ff) tell 100.64.0.50, length 28 14:02:34.153042 50:00:00:02:00:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 100.64.0.50 (ff:ff:ff:ff:ff:ff) tell 100.64.0.50, length 28 14:02:34.153086 50:00:00:02:00:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 100.64.0.50 (ff:ff:ff:ff:ff:ff) tell 100.64.0.50, length 28 14:02:34.153090 50:00:00:02:00:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 100.64.0.50 (ff:ff:ff:ff:ff:ff) tell 100.64.0.50, length 28 14:02:34.153092 50:00:00:02:00:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 100.64.0.50 (ff:ff:ff:ff:ff:ff) tell 100.64.0.50, length 28 14:02:34.153467 50:00:00:02:00:01 > 50:00:00:01:00:01, ethertype IPv4 (0x0800), length 54: 100.64.0.2 > 100.64.0.1: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 20 14:02:35.153544 50:00:00:02:00:01 > 50:00:00:01:00:01, ethertype IPv4 (0x0800), length 54: 100.64.0.2 > 100.64.0.1: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 20 14:02:36.154117 50:00:00:02:00:01 > 50:00:00:01:00:01, ethertype IPv4 (0x0800), length 54: 100.64.0.2 > 100.64.0.1: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 20 14:02:37.154233 50:00:00:02:00:01 > 50:00:00:01:00:01, ethertype IPv4 (0x0800), length 54: 100.64.0.2 > 100.64.0.1: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 20 14:02:38.154470 50:00:00:02:00:01 > 50:00:00:01:00:01, ethertype IPv4 (0x0800), length 54: 100.64.0.2 > 100.64.0.1: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 20
The same behavior with rfc3768-compatibility option.
I think we don't need to change behavior because it should be suitable for all cases.
Feb 25 2021
Feb 24 2021
@c-po , it works properly
Welcome to VyOS 1.4-rolling-202102240218 (sagitta)!
Feb 23 2021
PR https://github.com/vyos/vyos-build/pull/147
Output on the local stand
Welcome to VyOS 1.4 (sagitta)!