Based on a bond interface
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
May 19 2020
This PR should hopefully correct this.
Now the protocol is not stable.
Simple XML for the future
https://github.com/sever-sever/vyos-1x/blob/eigrp-conf-mode/interface-definitions/protocols-eigrp.xml.in
In T2474#64078, @c-po wrote:@fetzerms thanks for getting back to us - I also successfully tested it.
I guess there is always room for improvement in the documentation. Maybe you want to contribute a fix for the missleading parts?
OPNSense does maintain a version of wide-dhcpv6-client, but as far as I know, neither Debian or any other linux distribution use this repository as their upstream repository.
@fetzerms thanks for getting back to us - I also successfully tested it.
I was able to build 1.2.5 iso (but there is no git tag for it?) with the docker container. I just misunderstood the documentation and thought that the vyos-build-repo is only the repo for the docker image. But it seems the docker image is just from the docker file and the repository needs to be cloned anyways.
set service dhcpv6-server shared-network-name TEST subnet 2001:db8::/64 prefix-delegation start 2001:db8:1000:: prefix-length '56' set service dhcpv6-server shared-network-name TEST subnet 2001:db8::/64 prefix-delegation start 2001:db8:1000:: stop '2001:db8:2000::'
No one to follow up? I know this problem may be strange, but it does happen to me!
@runar, thanks for clarification! I will change the initial description accordingly.
@MrLenin What makes you say that dhclient is better maintained? The OPNSense people are actively maintaining the project... but that said, I also do not have any preference. It needs to work, and I guess that's the most important part :) The only thing I see missing in dhclient is that you cannot control the IAID etc (or maybe you can and I didn't see it).
Yes it is, we auto publish it if there is a change.
Here is an expanded concept covering a few more areas of the config. It's not as pretty as I'd like, but doing it this way allows for an early translation pass and the result would be a config more or less with everything how it would be if it had been hand entered in VyOS as-is. Tying things to the sla-id also makes consistency checking simpler, can't add a prefix-sla-id block unless a delegation defining it exists, and can't delete the delegation until nothing references its sla-id any longer. I feel this can probably be improved upon, suggestions and criticisms welcome.
May 18 2020
I don't have much preference configuration-wise between the isc and wide clients, but wide-dhcp6-client is not actively developed and is less rfc compliant than dhclient. Not deal breakers for my needs, but the existing vyos scripts already assumed dhclient so I figured it would be a little less work to get things properly integrated once I learned my way around the scripts and even if my changes were not adopted, it would have at least made it easier to keep things synced as time went on.
The dockerhub image is just an environment capable of generating the vyos image, it does not include any of the files needed to generate the image itself. These files are inside the vyos-build repository.
ediing vyos make iso -r crux -d
https://github.com/thomas-mangin/vyos-hacker-toolkit
To clarify the hw-id tag. This is the only way VyOS scripts know what interface to give what name on bootup, as the boot-order of nics could be different on every reboot (potentially) vyos needs a way to identify the "correct" order of the nics when it boots. if you remove the hw-id tag from the interface the configuration script don't know what interface to give the configuration to, so you could potentially get nic-reordering on every single reboot.
In T421#63999, @Azayaka wrote:In T421#63962, @jack9603301 wrote:@c-po What did you want? Configuration of DHCPv6 PD in vyos?? Didn't you update the document? How do you configure it?? I don't quite understand!
Please...This is just embarrassing. This comment might be off-topic, but it looks like our fellow Chinese user @jack9603301 need suggestions on how to use English in a proper manner. (Your current wording style can easily offend people.)
Here are my wording suggestions.
- Avoid double or tripple question marks.
- Avoid rhetorical questions.
- Use "Sorry", "Please", "Could you...", etc. for questions and requests.
- Avoid representing others if you are not entitled. For example, when *you* want some features, do not say "VyOS fans in China" want those features.
I can translated my points to Chinese if it can be better understood.
雖然你可能沒有意識到,但是你的英語行文很不禮貌,容易冒犯他人。以下是我的幾點建議:
- 避免使用多個問號。
- 避免反問他人。在中文語境下,反問也可以被認為是想吵架。
- 多用 "Sorry", "Please", "Could you..." 這種緩和語氣、表示禮貌的詞彙,特別是在提問或請求他人的時候。
- 不要輕易“代表”他人。
In T2474#63995, @jestabro wrote:You want to fetch the repo before building; cf. the 'Generating the container section':
git clone -b crux --single-branch https://github.com/vyos/vyos-build
@MrLenin Your approach is interesting. I also prefer using wide-dhcpv6-client because it has better control over the id's and allows cleaner configuration (my opinion).
Last time I generate crux I used the docker current to do it ...
(but I could not this time...)
@jestabro I installed new rolling images today and will verify tomorrow.
Isn't the image published on DockerHub supposed to be equal to building it manually?
In T421#63999, @Azayaka wrote:In T421#63962, @jack9603301 wrote:@c-po What did you want? Configuration of DHCPv6 PD in vyos?? Didn't you update the document? How do you configure it?? I don't quite understand!
Please...This is just embarrassing. This comment might be off-topic, but it looks like our fellow Chinese user @jack9603301 need suggestions on how to use English in a proper manner. (Your current wording style can easily offend people.)
Here are my wording suggestions.
- Avoid double or tripple question marks.
- Avoid rhetorical questions.
- Use "Sorry", "Please", "Could you...", etc. for questions and requests.
- Avoid representing others if you are not entitled. For example, when *you* want some features, do not say "VyOS fans in China" want those features.
I can translated my points to Chinese if it can be better understood.
雖然你可能沒有意識到,但是你的英語行文很不禮貌,容易冒犯他人。以下是我的幾點建議:
- 避免使用多個問號。
- 避免反問他人。在中文語境下,反問也可以被認為是想吵架。
- 多用 "Sorry", "Please", "Could you..." 這種緩和語氣、表示禮貌的詞彙,特別是在提問或請求他人的時候。
- 不要輕易“代表”他人。
My take at the client config following the config I had:
I had made a custom image with wide-dhcpv6-client a week ago or so, this is the client config I was running for NA and PD, WAN is eth0 and gets assigned the NA address with the prefix assigned to eth1 with the address <prefix/sla-id>::1 (if ifid is not set it will assign EUI-64 address). The lifetime value was pulled from an example config and I left it as-is while testing.
In T421#63962, @jack9603301 wrote:@c-po What did you want? Configuration of DHCPv6 PD in vyos?? Didn't you update the document? How do you configure it?? I don't quite understand!
@jack9603301 looking for a „service dhcpv6-server“ configuration which hands out the prefixes via ethernet so I can implement the client side.
@fetzerms Have you seen this problem with the fix mentioned above ? If not, I will close.
You want to fetch the repo before building; cf. the 'Generating the container section':
@runar just created this as I can not create a dev env without a phabricator entry. answer in 20 minutes :-)
What repository, and what errors? :)
I found abnormal behavior during label allocation. As I wrote above VyOS generate label for all prefixes presented in routing table. But when we have for example 5 connected routes (four /24 and one /32) on Egress LSR and we start mpls VyOS allocates labels for all routes and neighbor (downstream LSR) receives label=3 (implicit null). But if we have 2 connected routes (one /24 and one /32) then we start mpls, Egress LSR allocates labels for all routes (two in this case), but if we add on Egress LSR one, two or more new connected routes VyOS does not allocate label=3 for this routes and does not send Label Mapping Message to its neighbors for FECs related to new added routes. The software version is 1.3-rolling-202005160117
@c-po What did you want? Configuration of DHCPv6 PD in vyos?? Didn't you update the document? How do you configure it?? I don't quite understand!
I know that this does not cover all use cases but it is a PoC working for some users (not all of course). Next step would be adding this to ethernet based interfaces.
Great, dhcpv6-pd is finally coming true!
Hi, first of all, it's great that at least someone created the first work to add PD support. But for me this first commit is not usable, as my ISP provides internet via a plain ethernet interface. Moreover, I'm using VLANs on my internal network. So, best case, I will connect vyos directly to the modem on an ethernet interface, but my ISP does not use pppoe at all.
Documentationnupdated here https://docs.vyos.io/en/latest/interfaces/pppoe.html#ipv6
In T421#63882, @Azayaka wrote:
May 17 2020
The run code could check the command name against a list of known "need sudo" commands and prepend it automagically so the command looks like normal but is auto-sudo'ed
Enjoy testing
From the Git commit:
set service pppoe-server authentication local-users username test password 'test' set service pppoe-server authentication mode 'local' set service pppoe-server client-ip-pool start '192.168.0.1' set service pppoe-server client-ip-pool stop '192.168.0.10' set service pppoe-server client-ipv6-pool delegate '2001:db8:8003::/48' delegation-prefix '56' set service pppoe-server client-ipv6-pool prefix '2001:db8:8002::/48' mask '64' set service pppoe-server name-server '8.8.8.8' set service pppoe-server name-server '2001:4860:4860::8888' set service pppoe-server interface 'eth1' set service pppoe-server local-ip '10.100.100.1'
After a new reboot, the DHCP nameservers were correctly added to resolv.conf and powerdns recursor.conf. I had system name-server and service dns forwarding name-server set to a static IP. But after deleting these two static nameserver nodes, the DHCP nameservers are missing from both resolv.conf and recursor.conf.
Hi, everyone.
As I understood from my lab VyOS generate label in cisco fashion (for all presented prefixes in routing table). And it is good as for me. But I think it is necessary to be able to filter the FEC for which labels will be generated (for example only for /32 routes, or only for particular routes).
May 16 2020
@Azayaka If I'm correct, the EdgeOs can perfectly do multiple PD at the same time (at least request the prefixes), even on one interface.
In T421#63876, @Azayaka wrote:Damn, I am so embarrassed by @jack9603301. From the avatar to the naive, rude comments... looks like a troll XD.
Another problem of the EdgeRouter-style configuration is that only one PD is possible at a time. Cisco IOS uses the concept of dhcp pool and pd name-tag to deal with multiple PDs (a possible scenario: 2 PDs from 2 different ISPs for redundancy). Not sure if it can be supported by dhclient though.
I prefer the IOS style, and here is an example.
ipv6 dhcp pool POOL-v6 dns-server 2001:4860:4860::8888 interface GigabitEthernet0/0/0 ipv6 address autoconfig default ipv6 enable ipv6 nd ra suppress all ipv6 dhcp client pd ISP-name ipv6 virtual-reassembly in interface Vlan1 ipv6 enable ipv6 address ISP-name ::1/64 ipv6 nd other-config-flag ipv6 nd ra interval 180 ipv6 dhcp server POOL-v6 rapid-commit
Damn, I am so embarrassed by @jack9603301. From the avatar to the naive, rude comments... looks like a troll XD.
After 2 release dhcp interface eth1 and one renew dhcp interface eth1, I now have 2 dhclients running, so there is a bug in the op-mode release/renew code.
4079 ? Ss 0:00 /sbin/dhclient -4 -nw -cf /var/lib/dhcp/dhclient_eth1.conf -pf /var/lib/dhcp/dhclient_eth1.pid -lf /var/lib/dhcp/dhclient_eth1.leases eth1 4305 ? Ss 0:00 /sbin/dhclient -q -nw -cf /var/lib/dhcp/dhclient_eth1.conf -pf /var/lib/dhcp/dhclient_eth1.pid -lf /var/lib/dhcp/dhclient_eth1.leases eth1
Passing passwords via command line arguments is very bad practice. Curl has a -u option, if passed just the user it prompts for the password on stdin. This can simply be passed via shell redirection.
@dmbaturin Maybe just anything that contains systemctl? Surely 100% of those will need it. But that also assumes anything called via /usr/lib/python3/dist-packages/vyos/util.py
Sometimes I wonder if we should just silently wrap every op mode command in sudo, at least those in the families other than show. It's hard to name a command that doesn't need sudo, and everyone (myself included!) has forgotten to add it at least once.
PR510 should add the necessary sudo