- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Mar 26 2021
Mar 25 2021
(20:28) vyos_bld 3dd4a86280b8:~ # cat key.txt [Interface] PrivateKey = abcdefghijklmnopqrstuvwxyz1234567890=+ Address = YOUR_VPN_PRIVATE_IP/24 DNS = 1.1.1.1, 1.0.0.1
It was a broken image.
equuleus: https://github.com/vyos/vyos-1x/pull/788
bug fix PR: https://github.com/vyos/vyos-1x/pull/787
I will give it a try once the image is out. The latest right now is still showing 2021-03-23.
I put in a PR for this:
Draft PR linked below; it is a draft pending the addition of a supporting package (vyos-http-api-tools). All data validation for application/json requests is done implicitly using Pydantic models/validators; for multipart forms requests, all explicit validation has been moved out of the endpoint function bodies and into the middleware --- this is a pedantic block of code, but allows consolidation and review of all manual checks. An OpenAPI 3.0.2 schema is automatically generated and presented at server-name/docs (Swagger) and server-name/redoc (ReDoc version; slightly more pleasing to the eye).
Mar 24 2021
Works fine for me as well, thanks.
Everything looks fine on a 1.3 ISO I just built from source:
Something's wrong with the filesystem; symlinks have been replaced by directories at the root:
Actually there is nothing that stops us from adding rules to netfilter referencing an interface that doesn't exist yet so this could be done at the time of interface and VRRP configuration rather than dynamically.
The problem with "ip" path
It gets DHCP address and removes it
Possible reason https://phabricator.vyos.net/rVYOSONEXff6afe62e801e570f6478decf2b4a813a5c0ee94
Need to check. T3300 T3392
Mar 23 2021
This is an interesting use-case and will not work as of now.
Please try with the next rolling release - issue should be fixed
PR for saving configurations to /run/frr/{daemon}.conf
https://github.com/vyos/vyos-1x/pull/784
We have two problems here
- the execution here is yet not possible with vyos-configd
- also wihthout configd the routes are not always applied into FRR - still investigating
I can confirm:
In T3350#90321, @Viacheslav wrote:Another solution it include "user" defined file for options
An example CLIset interfaces openvpn vtun10 openvpn-option-include '/config/openvpn/included.conf'diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 79288e40..bcc88c09 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -288,3 +288,8 @@ compat-names {% endfor %} {% endfor %} {% endif %} + +# Include file for configuration options +{% if openvpn_option_include is defined and openvpn_option_include is not none %} +config {{ openvpn_option_include }} +{% endif %} diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index effbdd67..2cba59af 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -314,6 +314,14 @@ <multi/> </properties> </leafNode> + <leafNode name="openvpn-option-include"> + <properties> + <help>Additional OpenVPN file configuration. You must + use the syntax of openvpn.conf in this file. Using this + without proper knowledge may result in a crashed OpenVPN server. + Check system log to look for errors.</help> + </properties> + </leafNode> <leafNode name="persistent-tunnel">
Yes, I made mistake when adding the command to the ticket and I corrected it now. It should read:
Something wrong in your configuration
Fixed in the latest version:1.4-rolling-202103230217
I'm not really sure what the issue is. I can narrow it down to this:
Can you share more examples/configs?
How can we reproduce it?
@Asteroza With Vyos, any service should be turned off by default unless it is explicitly configured by the user
This affects downstream clients as well
There are genuine use cases, especially for small/home networks. But UPnP is a literal minefield of problems, and on top of that has had some serious security issues in the past due to fundamental design. If you were going to do this, I would want it off by default.
@Viacheslav The issue persists in vyos-1.3.0-rc2-amd64.iso
Mar 22 2021
The root of the problem here is changed place for custom options and the ability to configure options that should be applied differently, depending on the place. In other words, "Additional OpenVPN options" becomes "Additional OpenVPN options. You must use the syntax of openvpn.conf in this text-field", but actually these variants are not fully equal and cannot be converted directly.
@francis try please vyos-1.3.0-rc2-amd64.iso
https://community.vyos.net/get/snapshots/
Another solution it include "user" defined file for options
An example CLI
set interfaces openvpn vtun10 openvpn-option-include '/config/openvpn/included.conf'
@c-po, you cherry-picked the wrong commit: equuleus needs the fix from current, not crux.
In T3418#90244, @c-po wrote:The first error is related to T2759 and can be ignored.
For the second one, can you please provide your full BGP config by pasting the content of show configuration commands | match bgp\|policy
Post the migration of the script from /opt/vyatta/bin/vyos-strip-config.pl to /usr/libexec/vyos/strip-private.py, the strip-private seems to be not working when the ipv6 address is configured to an interface.
Mar 21 2021
@jack9603301 It is not a matter of different codes, but rather what python libraries have been provided so far: the focus has been on abstracting the config session, in several directions, and previously there had not been a use case for reading config settings from op mode.