conntrack implementation changed form 1.3 -> 1.4 by a rewrite. Can you please tell us which version of VyOS you are using?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jul 2 2021
Jul 1 2021
Looks good on 1.4-rolling-202107010537 and 1.3-beta-202106301443:
Should be addresses using the new vyos smoketest shim from 1.4 branch.
Please share your configuration.
Jun 30 2021
Hi ruben
All of my neighbors are connected with me via wireguard interfaces (a different interface for every peering). I have no physical direct link with any peer.
All neighbors using IPv4 or ULA IPv6 addresses are working properly.
Please share your entire setup then somwe are able to help out.
i was referring to the FRR command as deprecated, not the corresponding VyOS command. The VyOS command is not even available in the last version of VyOS... I was able to try it only via vtysh...
please stop the idea of "deprecated" command. VyOS commands are in no relation to FRR commands.
If (and when) the FRR syntax changes, we will ensure it will still work by either migrating the VyOS CLI configuration dynamically on upgrade or by adjusting to the FRR configuration "under the hood" with our Jinja2 template.
It seems that what I thought is true:
as I wrote on slack, from my point of view it is a kernel problem. It seems that the conntrack in the kernel detects the packets eben if they come in on an input interface in default and so
the nat code won'T match cause for conntrack the outgoing interface is still eth0 which is in vrf OOBM instead pppoe0.
Hi ruben,
Jun 29 2021
upgraded to 1.4-rolling-202106290839 but still not working for my setup...
Is it worked in 1.3/1.2?
Hello @joeudes , it looks like without enabled ppp-option ipv6 it should not work
set service pppoe-server ppp-options ipv6 allow
the new build is already available. I am unsure if this works or is even supported by FRR.
Please consult FRR manual and try configuring this manually from vtysh.
@Viacheslav it is reproducible in 1.2.7
vyos@vyos:~$ touch file1 vyos@vyos:~$ touch file2 vyos@vyos:~$ touch file3 vyos@vyos:~$ ls file1 file2 file3 vyos@vyos:~$ reset vpn remote-access user Possible completions: file1 Terminate specified user's current remote access VPN session(s) file2 file3
looking at your configuration I see you set the neighbor using the interface name.
But in that case how does FFR know which IP address to connect to initiate a BGP session? Works in passive mode only?
PR is in: https://github.com/vyos/vyos-1x/pull/901
Bug confirmed and fixed,
I haven't access to the Cisco one because that is configured by another provider:
Should I hold out any hope for this to be implemented? Still willing to help test and do whatever I can to get this in.
I should soon have a PR ready for this, including an update to IPSec config to show how to port existing configs to use PKI.
I like the design!
Jun 28 2021
In T3657#97243, @c-po wrote:I wonder why you use ebgp multihop wirh link local addresses?
I used it only for testing (but this command increment ttl in two).
even if FRR manual states the deprecation notice, we have our own layer of abstraction and will deal with it once it is required.
For the time beeing, I just checked the commands (using tab completion).
In T3657#97243, @c-po wrote:Also FRR manual states:
When you connect to a BGP peer over an IPv6 link-local address, you have to specify the IFNAME of the interface used for the connection. T
Please try set protocols bgp neighbor <addr> interface eth1
For 1.2.7 it adds unexpected multicast group per "save"
Configs for reproduce:
I wonder why you use ebgp multihop wirh link local addresses?
To reproduce (VyOS 1.3-beta-202106271614):
Verified working in GNS3 on 1.3.0-rc4. Note that /var/lib/dhcpv6/dhcp6c_duid is not used if send client-id is configured.
Parent Task: https://phabricator.vyos.net/T2816
I add an extra commentary , it is config on FRR:
As requested the config{F1499926}
I have tried one more scenario:
Hi, any updates on this?
Doesn't work, VyOS 1.4-rolling-202106271939
Jun 27 2021
What would be the "full set" up supported characters? If I remember correctly this regex is inherited from VyOS 1.1
Please share your Cisco and VyOS config, and also the Cisco router Model/Version