In T3640#96973, @Viacheslav wrote:I think it will be enough to remove the peer and add again.
@hagbard what do you think?
https://github.com/vyos/vyos-1x/blob/d48dddab0509e562209adfb115b0e691b8e47f54/python/vyos/ifconfig/wireguard.py#L197
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jun 23 2021
Jun 23 2021
Wireguard has no link states on the interface, the ip command just does an 'administrative' up down, which won't start a renegotiation. The policy description (remove peer) needs to be removed from the wg interface and re-added, otherwise you need to wait until wg tries to rekey which will then eventually renegotiate the entire connection.
The removal was as far as I recall part of the original vyos code, so it may have been removed at one point, I haven't looked into the code yet.
Jan 10 2021
Jan 10 2021
hagbard renamed T3202: Enable wireguard debug messages by default from dynamic debug for wireguard to enable wireguard debug messages per default.
Sounds good, syslog needs to be set to level debug for kernel facility, so it's per default only visible in the journal logs. Tested with a few tunnels, it's not very noisy, even with 20 tunnels.
Jan 9 2021
Jan 9 2021
output looks then like below and is being logged to ringbuffer as well as systemd-journald:
hagbard changed Difficulty level from unknown to normal on T3202: Enable wireguard debug messages by default.
hagbard edited projects for T3202: Enable wireguard debug messages by default, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
Dec 24 2020
Dec 24 2020
vyatta-webproxy: 80% done, @cpo grabbed it since I had no time to continue for a while and put it on hold. I removed obsolete options which implies the need of a migration script. Ldap, AD, IP and user/passwd auth works, I removed caches, squidguard, include domain filters (just a list) and so on, but I stopped it now since it's been taken away.
Kernel modules are pre-compiled and can be loaded.
Dec 23 2020
Dec 23 2020
Nov 14 2020
Nov 14 2020
hagbard changed the status of T1288: FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*), a subtask of T1267: FRR: Add interface name for static routes, from On hold to Open.
hagbard changed the status of T1288: FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*) from On hold to Open.
hagbard changed the status of T563: webproxy: migrate 'service webproxy' to get_config_dict() from In progress to On hold.
hagbard changed the status of T1395: Improve boot time for instances with a big count of DHCP servers from On hold to Open.
hagbard changed the status of T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1 from In progress to On hold.
Sep 13 2020
Sep 13 2020
Due to the fact that transparent proxy, which was the default, is being removed for now, there will be in the first version 2 authentication modes, one is by IP address or network (nothing else would be required as long as you have the correct src IP) and LDAP (either anonym or with bind-dn to browse LDAP. I have both mechanisms already working via cli and about to clean up and test right now. If anyone need a special authentication mechanism, please let me know. I also disabled local file caches, since these days most traffic is https anyway, we can take some pressure off of the filesystem (ssd).
Sep 6 2020
Sep 6 2020
The perl scripts didn't create any config line, that's why I'm asking. I have it already implemented and successfully tested with the new python code, but wonder how people were able to use it all by just using the cli. I may need somebody for testing with AD, since I don't have access to any AD environment anymore.
Sep 5 2020
Sep 5 2020
Does anyone know if ldap auth worked at all with the old perl backend? I try to find out how likely I need to migrate cli entries. from what I have seen, ldap auth with anonymous ldap browsing didn't generate any required config for squid.
Sep 4 2020
Sep 4 2020
I agree, a separate DNS would be way easier to maintain if you have a lot of TLDs you need/want to block, since squid has to load it from a list, let's see if anyone is still using that, other wise it would be nicer and easier to scrape that off and implement a nameserver tag node win the cli.
Sep 3 2020
Sep 3 2020
Is there any interest in the following scenarios:
Aug 30 2020
Aug 30 2020
In T563#74302, @c-po wrote:Please use the new get_config_dict() API calls.
Squid will be used for authentication and controlling name resolution (pointing to a spacial DNS or so?) , no squidguard or caching will be used anymore. It also ran in transparent mode per default, which requires an iptables rules set. I think that feature can be removed, since a transparent proxy has no authentication options anyway.
hagbard triaged T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1 as Normal priority.
@c-po https://github.com/vyos/vyos-build/pull/121 will fix it, but I used .142 while the conifg file was from 136, so please review first. I tested it and the system speaker is fully functional again.
You can test it quickly via `echo -ne "\a"', which should make noise. Beep seems to be broken, looks like it can't be used via sudo, something I may can have a look later into.
cheers
Aug 29 2020
Aug 29 2020
echo -ne "\a" should give you a beep sound on the the system speaker too, if you just want to quickly test it. I tested it with deb10 minimal install, works via qemu too.
e.g: qemu-system-x86_64 -smp cpus=3 -soundhw pcspk -m 1024 -enable-kvm -drive file=os.img,media=disk (os disk is a deb10 netinstall).
With capabilities I meant the listed capabilities listed under the input link via sys:
As far as I recall it doesn't initializes is correctly anymore, you can test with beep. The system beep you can set via cli is broken since then.
Aug 28 2020
Aug 28 2020
hagbard changed the status of T2836: show system integrity broken in 1.3 from In progress to Needs testing.
Fixing up the code, but it will suffer the same issue as in T2835. That build file should be the last thing in the build process, otherwise there is no other way to find out what pkg were installed during the build.
hagbard added a comment to T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1.
It looks like that the build process messed it up, it did create the version file at the beginning of the build, not at the end. After the file usr/share/vyos/version.json was create, pkg installations took place a few minutes alter, that's why everything in the image is newer than the version file, therefore the command output is absolutely correct. I'll check if I can find out what went wrong during the build, since it appears that only 1.2.6 is affected.
hagbard added a comment to T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1.
/usr/libexec/vyos/op_mode/version.py:
Built on: Thu 13 Aug 2020 11:57 UTC
hagbard changed the status of T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1 from Confirmed to In progress.
hagbard added a comment to T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1.
Happens also when just using the booted image without install. Investigating.
hagbard changed the status of T2835: "show system-integrity" reports lots of wrong timestamp packages with v1.2.6-epa1 from Open to Confirmed.
Jul 27 2020
Jul 27 2020
-1 as well
As an additional tool I think it's ok but other than that there is no reason for that too.
Apr 7 2020
Apr 7 2020
hagbard changed the status of T2237: l2tp, pptp, pppoe wrong chap-secrets file from In progress to Needs testing.
merged.
Mar 24 2020
Mar 24 2020
The code should be in the op-mode script rather than the class.But the PR was merged in, so I suppose it's ok.
Mar 21 2020
Mar 21 2020
@alien Can you please share your config, I can't reproduce it. The op function will be moved into the the ops script out of the ifconfig class, which caused the issue due to restructuring out internal class architecture.
hagbard changed the status of T2125: show interfaces wireguard wg0 - doesn't work from Needs testing to In progress.
Mar 19 2020
Mar 19 2020
@alien Can you please test the issue with the latest rolling release?
Mar 16 2020
Mar 16 2020
hagbard changed the status of T2125: show interfaces wireguard wg0 - doesn't work from Open to Needs testing.
https://github.com/vyos/vyos-1x/commit/5cb0059353e94dc11aa116e4aa8ce0422c4f3534 should fix the issue. The op-mode commands may need to be refactored in general and split into it's own structures.
hagbard added a comment to T1828: Missing completion helper for "set system syslog host 192.0.2.1 facility all protocol".
@syncer https://github.com/vyos/vyos-1x/commit/dad110ce666edae42ac18c59a800bda503589f27 are only CLI modifications (validation to be be precise), no code changes at all which would change the functionality, in my opinion it can be backported as is.
Mar 2 2020
Mar 2 2020
hagbard moved T2067: pppoe-server: Add possibility set multiple service-name from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus board.
Feb 27 2020
Feb 27 2020
No answer from user.
Feb 24 2020
Feb 24 2020
hagbard changed the status of T2067: pppoe-server: Add possibility set multiple service-name from Needs testing to Backport candidate.
hagbard changed the status of T2067: pppoe-server: Add possibility set multiple service-name from In progress to Needs testing.
https://github.com/vyos/vyos-1x/commit/d9fa3fb7d7613cd5d6297115da0dc63462d4cf69
@Dmitry next rolling will have it enabled, let me know if it works for you as intended.
Feb 23 2020
Feb 23 2020
hagbard changed the status of T2067: pppoe-server: Add possibility set multiple service-name from Open to In progress.
Feb 11 2020
Feb 11 2020
hagbard changed the status of T563: webproxy: migrate 'service webproxy' to get_config_dict() from Confirmed to In progress.
hagbard renamed T563: webproxy: migrate 'service webproxy' to get_config_dict() from Migrate web proxy from squid to apache traffic server to Migrate 'service webproxy' to python/xml.
Feb 8 2020
Feb 8 2020
hagbard placed T1899: Unionfs metadata folder is copied to the active configuration directory up for grabs.
Jan 31 2020
Jan 31 2020
hagbard closed T1768: PPtP - vyos.config rewrite, a subtask of T1764: Use lists instead of whitespace-separated strings in vyos.config , as Resolved.
hagbard moved T1853: wireguard - disable peer doesn't work from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.5) board.
Jan 28 2020
Jan 28 2020
hagbard moved T1956: PPPoE server: support PADO-delay from Need Triage to Backlog on the VyOS 1.2 Crux board.
hagbard changed the status of T1956: PPPoE server: support PADO-delay from Needs testing to Backport candidate.
Jan 26 2020
Jan 26 2020
hagbard lowered the priority of T563: webproxy: migrate 'service webproxy' to get_config_dict() from High to Normal.
hagbard changed the status of T563: webproxy: migrate 'service webproxy' to get_config_dict() from On hold to Confirmed.
All right, we stay with squid, however I may drop squidguard but ask in the forum first if that feature would be required by many users.
hagbard closed T1767: IPoE - vyos.config rewrite, a subtask of T1764: Use lists instead of whitespace-separated strings in vyos.config , as Resolved.
hagbard moved T1765: wireguard - vyos.config rewrite from In Progress to Finished on the VyOS 1.3 Equuleus board.
hagbard moved T1767: IPoE - vyos.config rewrite from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
hagbard changed the status of T1767: IPoE - vyos.config rewrite, a subtask of T1764: Use lists instead of whitespace-separated strings in vyos.config , from Open to In progress.
hagbard closed T1765: wireguard - vyos.config rewrite, a subtask of T1764: Use lists instead of whitespace-separated strings in vyos.config , as Resolved.