@runar Found an issue: show-raid.xml refers to ${vyos_op_scripts_dir}/show_raid.sh file, but that file does not exist.

Yes, it's been fixed a while ago.

@c-po I've rebuilt those newer packages from source (typically by using apt-get source). Due to different libc and all they indeed cannot be installed directly.

Appears to work fine now.

@hagbard If rewrite can be done in a reasonable time (days to a couple of weeks), I think trying to clean up old code is more trouble than it's worth.
With big stuff that cannot be easily rewritten, it may be worthwhile.

@hagbard If you are working on it, by all means, assign it to yourself. We do not have a formal assignment policy, it's more like "I'm working on it" flag for coordination.

@runar The sudo wrapper is mostly due to the fact that the op mode convertor is largely a clone of the conf mode convertor. This also interfers with operator level users' ability to run anything at all, so this is a good point.
We likely need to switch to adding sudo where needed instead, but we need to test which commands break from it when run by non-admin users.

Seems to work fine now, reopen if necessary.

@syncer @higebu Yes, stock quagga is missing many things that ours has. We have no choice other than to integrate the patches by hand.

It was just an error in the help. Someone probably copied it from somewhere else (e.g. the address option of firewall rules) and forgot to edit.

Interesting. Perhaps the config format has changed in newer versions? What do the docs say?

After installing pppd from T677, it seems to work again.

Found the issue. First, renaming is hadled in a pre-up script that was in the ppp package rather than vyatta-ravpn, so it is not included in 1.2.0.

State files are updated properly after keepalived upgrade, no need for this workaround anymore.

When we get to it, we should also get rid of built-in support for a handful of north american wireless providers (which is likely very out of date by now) and add support for custom connection strings etc.

The root cause was here:

Completely dead:

Just verified that install_routes = no has no adverse effect on L2TP/IPsec.

Downgraded packages are in the latest nightly build.

Correction: 5.5, not 5.2.

No amount of messing up with the config in 5.6 fixed this, but when I downgraded strongswan to 5.2 (from stretch-security), it just worked. I'm downgrading it in the repositories.

Should be working now in the code rewritten for pdns, and dnsmasq is gone so issues specific to it will not be a problem anymore.

Should be working now that we've added syslog forwarding to journald.

@aopdal I agree it would be nice to have RFC compatibility, but when it was introduced, it relied upon a kernel hack that never made it into the mainline. If mainline keepalived and kernel do not support it, and we cannot add support for it that can be merged into the mainline, then it's more trouble than it's worth I think.
Cross-vendor VRRP is more of a hypothetical situation than a common setup.

The fault was in XorpConfigParser, whose "set" function behaves as if all nodes were multi nodes, so it was adding a value where none was needed (that's on top of the fact that it didn't properly check if it exists).

The new task should be to make 1.2.0-rc1. :)

I've setup a minimal WLB config and it worked for me.

Serial is, sadly, a hard problem, especially on machines that need it most, i.e. those without any graphical console. Since it's impossible to automatically find out the correct port and speed/parity settings, it will always need some manual configuration I suppose.

I have reservations about actually using it though. The whole point of the vyos-1x package is to stop multiplying submodules and consolidate everything instead. ;)

Without the new sysctl options:

intfwatchd is no more (T669), so if it had any other memory leaks, they are also not a problem now.

Even simpler way to reproduce:

Inserting FQDN seems reasonable, but we need to think carefully when FQDN should come from, and if we use the "system domain-name" option, what should we do if it's not present.