Page MenuHomeVyOS Platform
Feed Advanced Search

Feb 9 2023

Nova_Logic added a comment to T4376: DNAT with multiwan and policy routing, incoming connections only work on primary interface.

It looks like mine issue with wan load balancing - reply for dnat-ed packets from secondary interfaces was sent by vyos from "primary" https://phabricator.vyos.net/T4587 . Could you dump traffic and check that possibility

Feb 9 2023, 8:37 AM · VyOS 1.4 Sagitta

Oct 21 2022

Nova_Logic added a comment to T4470: Rewrite load-balancing wan to XML/Python.

@thetooth but according to current docs that exactly what is documented in docs: https://docs.vyos.io/en/equuleus/configuration/loadbalancing/index.html

Oct 21 2022, 11:15 AM · VyOS 1.4 Sagitta

Oct 19 2022

Nova_Logic added a comment to T4470: Rewrite load-balancing wan to XML/Python.

so you mean that new WLB implementation(on which I assume we're discussing here) would not mark incoming packets/sessions to allow vyos to DNAT/send replies to correct WAN like pfsense for example does?

Oct 19 2022, 2:36 PM · VyOS 1.4 Sagitta
Nova_Logic added a comment to T4470: Rewrite load-balancing wan to XML/Python.

Also it seems, that’s issue appears on 3 or more wans, as I remember it worked with 2 WAN interfaces

Oct 19 2022, 9:40 AM · VyOS 1.4 Sagitta
Nova_Logic added a comment to T4470: Rewrite load-balancing wan to XML/Python.

The problem is that failover route will not solve multiwan scenarios where you have 2 or more links for incoming traffic, I.e web. Most good infrastructures would have dedicated management uplink, and also multiple WANs for serving client traffic. That approach increases infrastructure security and provide much more cleaner way to define zone policies. But to do that all traffic, especially incoming one must be correctly marked. I’ve tried a lot of ways to configure wlb, but every time vyos had tried to reply from the wrong interface, that’s why I had crated a bug task here

Oct 19 2022, 9:39 AM · VyOS 1.4 Sagitta

Aug 4 2022

Nova_Logic renamed T4587: wan load balance issues with 3 or more WANs from wan load balance issues with 3 WANs to wan load balance issues with 3 or more WANs.
Aug 4 2022, 6:55 PM · VyOS 1.4 Sagitta

Aug 3 2022

Nova_Logic added a comment to T4470: Rewrite load-balancing wan to XML/Python.

also it would be good if WLB function will control main routing table, that would help to avoid a lot of confusion with protocols static configuration& WLB function. Current documentation does not telling anything about how exactly protocols static 0.0.0.0/0 route must be set with WLB.
From what I had tested:
1)WLB creates additional routing tables and setting PBR rules
2)without protocols static route 0.0.0.0 with next-hops to every wlb GW local vyos traffic would not work(as would not work traffic to vyos)

Aug 3 2022, 6:20 PM · VyOS 1.4 Sagitta
Nova_Logic added a comment to T4587: wan load balance issues with 3 or more WANs.

Also I had tried to assign IP addresses directly to wan interfaces to test if it's somehow related to usage of vrrp combined with WLB- it does not work.

Aug 3 2022, 10:52 AM · VyOS 1.4 Sagitta
Nova_Logic updated the task description for T4587: wan load balance issues with 3 or more WANs.
Aug 3 2022, 2:51 AM · VyOS 1.4 Sagitta

Aug 2 2022

Nova_Logic created T4587: wan load balance issues with 3 or more WANs.
Aug 2 2022, 10:03 PM · VyOS 1.4 Sagitta

Jun 26 2022

Nova_Logic added a comment to T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.

Thank you!

Jun 26 2022, 4:16 PM · VyOS 1.4 Sagitta
Nova_Logic updated the task description for T4488: allow manual configuration changes of interfaces created by high-availability with rfc3768-compatibility option .
Jun 26 2022, 3:11 PM · VyOS 1.5 Circinus
Nova_Logic created T4488: allow manual configuration changes of interfaces created by high-availability with rfc3768-compatibility option .
Jun 26 2022, 3:06 PM · VyOS 1.5 Circinus

Jun 24 2022

Nova_Logic created T4481: containers are not starting.
Jun 24 2022, 10:16 PM · VyOS 1.4 Sagitta
Nova_Logic created T4480: add an ability to configure squid acl safe ports and acl ssl safe ports.
Jun 24 2022, 10:13 PM · VyOS 1.4 Sagitta

Jun 16 2022

Nova_Logic created T4468: web-proxy source group cannot start with a number bug.
Jun 16 2022, 7:49 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta