A feature request was made with a change in behavior:
https://phabricator.vyos.net/T4005
(Feature Request: IPsec IKEv1 + IKEv2 for one peer)
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Nov 20 2021
Nov 20 2021
Unknown Object (User) closed T4004: IPsec ike-group parameters are not saved correctly (after reboot) as Resolved.
Unknown Object (User) added a comment to T4004: IPsec ike-group parameters are not saved correctly (after reboot).
Unknown Object (User) added a comment to T4005: Feature Request: IPsec IKEv1 + IKEv2 for one peer.
pool request:
https://github.com/vyos/vyatta-cfg-vpn/pull/51
Create an Ike-group without a command "key-exchange" (like in VyOS 1.4):
I think this is what it would look like in service dhcp server. I left some comments to explain my thinking a bit, and I tried to make it as flexible as possible (for example the way match options are strings, so future DHCP options can be supported as soon as ISC supports them):
failover {
name INT
remote 192.168.15.4
source-address 192.168.15.3
status primary
}
shared-network-name INT {
description "Internal connection to ir01"
class CLIENT_MAP {
rule 10 {
action permit # This is equivalent to dhcpd's allow/deny members of
match option "agent.circuit_id" value "Vlan200" # This could match any option (ex: dhcp-client-identifier)
}
}
class GUEST_MAP {
rule 10 {
action permit
match option "agent.circuit_id" value "Vlan240"
}
}
subnet 192.168.1.0/24 {
class CLIENT_MAP
default-router 192.168.1.1
domain-name int.trae32566.org
domain-search int.trae32566.org
domain-search ipa.trae32566.org
domain-search trae32566.org
enable-failover
name-server 192.168.255.1
name-server 192.168.15.10
name-server 192.168.31.3
ntp-server 192.168.255.2
ntp-server 192.168.15.11
ntp-server 192.168.31.4
range CLIENTS {
start 192.168.1.2
stop 192.168.1.240
}
server-identifier 192.168.15.2
static-mapping QUEST {
ip-address 192.168.1.17
mac-address 80:f3:ef:11:e7:e7
}
}
subnet 192.168.6.0/24 {
class GUEST_MAP
default-router 192.168.6.1
enable-failover
name-server 1.1.1.1
name-server 1.0.0.1
name-server 8.8.8.8
ntp-server 50.205.57.38
ntp-server 64.225.34.103
ntp-server 129.250.35.251
server-identifier 192.168.15.2
range GUESTS {
start 192.168.6.2
stop 192.168.6.254
}
}
subnet 192.168.15.0/29 { # This tells it indirectly to use the interface eth2, which is on this subnet (is there a better way?)
default-router 192.168.15.1
enable-failover
range DUMMY {
start 192.168.15.2
stop 192.168.15.7
}
}
}Nov 19 2021
Nov 19 2021
jestabro moved T4003: API for "show interfaces ethernet" does not include the interface description from Need Triage to Finished on the VyOS 1.3 Equuleus board.
jestabro triaged T4003: API for "show interfaces ethernet" does not include the interface description as Normal priority.
jestabro changed the status of T4003: API for "show interfaces ethernet" does not include the interface description from Confirmed to Backport pending.
I would not call this a bug as this is produced on intention.
Submitted this PR: https://github.com/vyos/vyos-1x/pull/1075
c-po closed T4011: ethernet: deleting interface should place interface in admin down state as Resolved.
c-po moved T4010: DMVPN generates incorrect configuration life_time for swanctl.conf from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
c-po moved T4011: ethernet: deleting interface should place interface in admin down state from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4011: ethernet: deleting interface should place interface in admin down state from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po edited projects for T3318: Update Linux Kernel to v5.4.208 / 5.10.142, added: VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa3).
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.155 / 5.10.75 to Update Linux Kernel to v5.4.160 / 5.10.80.
I wish I understood this subsystem better as I'd love to get it fixed. I'm going to take a closer look tomorrow
Nov 18 2021
Nov 18 2021
jestabro added a comment to T4003: API for "show interfaces ethernet" does not include the interface description.
One detail towards a resolution: if the vyos-http-api-server is started manually (without systemd) then the output is not truncated. If one wants to try this, one should configure 'set service https api' (to update Nginx config appropriately); then 'systemctl stop vyos-http-api'; then, as root:
Viacheslav changed the status of T4010: DMVPN generates incorrect configuration life_time for swanctl.conf from Open to In progress.
Shows which options moved to the new name in swanctl
Viacheslav updated the task description for T4010: DMVPN generates incorrect configuration life_time for swanctl.conf.
Viacheslav changed the status of T4006: Add additional Linux capabilities to container configuration from Open to Needs testing.
Re-tested working on
c-po moved T3795: WWAN: issues with non connected interface / no signal from Backlog to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T4008: dhcp: change client retry interval form 300 -> 60 seconds from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T3962: Image cannot be built without open-vm-tools from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T3795: WWAN: issues with non connected interface / no signal from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4008: dhcp: change client retry interval form 300 -> 60 seconds from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po added a project to T3795: WWAN: issues with non connected interface / no signal: VyOS 1.4 Sagitta.
c-po moved T3995: OpenVPN: do not stop/start service on configuration change from Backlog to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
jestabro changed the status of T4003: API for "show interfaces ethernet" does not include the interface description from Open to Confirmed.
Thanks, I've confirmed the issue; I should have it resolved soon
tlcarpenter added a comment to T4003: API for "show interfaces ethernet" does not include the interface description.
I notice my example of the API only focused on one interface (eth0), where the CLI (and the title showed all interfaces). Doesn't change the fact that in either case the API doesn't return data for the description.
erkin changed the status of T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T3710: Upgrade the kernel in 1.3 to 5.10, from Needs testing to In progress.
erkin changed the status of T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T2198: Rewrite NAT in new XML/Python style, from Needs testing to In progress.
erkin changed the status of T1083: Implement persistent/random address and port mapping options for NAT rules from Needs testing to In progress.
anthr76 updated the task description for T4006: Add additional Linux capabilities to container configuration.
Viacheslav added a comment to T4004: IPsec ike-group parameters are not saved correctly (after reboot).
I don't think that it is a bug.
If you don't set any value, it gets default value ikev1
https://github.com/vyos/vyatta-cfg-vpn/blob/d2d4361bffaa0b99c85c7fbf46ddd760ae6512f0/templates/vpn/ipsec/ike-group/node.tag/key-exchange/node.def#L3
Unknown Object (User) created T4005: Feature Request: IPsec IKEv1 + IKEv2 for one peer.
Unknown Object (User) created T4004: IPsec ike-group parameters are not saved correctly (after reboot).
Nov 17 2021
Nov 17 2021
c-po moved T3996: SNMP service error in log from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3997: Add CAP_NET_RAW capability from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3996: SNMP service error in log from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
dmbaturin renamed T1083: Implement persistent/random address and port mapping options for NAT rules from Implement "--persistent" option to NAT rules to Implement persistent/random address and port mapping options for NAT rules.
dmbaturin added a comment to T1083: Implement persistent/random address and port mapping options for NAT rules.
Since we had to revert to the old NAT implementation due to kernel issues, this had to be back-back-ported to the old Perl code as well.
dmbaturin reopened T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T3710: Upgrade the kernel in 1.3 to 5.10, as Needs testing.
dmbaturin reopened T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T2198: Rewrite NAT in new XML/Python style, as Needs testing.
dmbaturin reopened T1083: Implement persistent/random address and port mapping options for NAT rules as "Needs testing".
c-po moved T3350: OpenVPN config file generation broken from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3350: OpenVPN config file generation broken from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
Unknown Object (User) created T4002: firewall group network-group long names restriction incorrect behavior.
Unknown Object (User) created T4001: Feature Request: IPsec transport mode. VyOS can not use local-subnet or remote-subnet when using transport mode.
Nov 16 2021
Nov 16 2021
{
"lldp": {
"interface": [
{
"eth0": {
"via": "LLDP",
"rid": "5",
"age": "0 day, 00:00:16",
"chassis": {
"id": {
"type": "mac",
"value": "3c:61:04:5b:68:c0"
},
"descr": "Juniper Networks, Inc. ex2200-c-12t-2g , version 11.4R7.5 Build date: 2013-03-01 09:18:42 UTC ",
"capability": [
{
"type": "Bridge",
"enabled": true
},
{
"type": "Router",
"enabled": true
}
]
},
"port": {
"id": {
"type": "local",
"value": "521"
},
"descr": "ge-0/0/9.0",
"ttl": "120"
},
"unknown-tlvs": {
"unknown-tlv": {
"oui": "00,90,69",
"subtype": "1",
"len": "12",
"value": "47,50,30,32,31,33,33,36,30,36,39,36"
}
}
}
}
]
}
}@daniil Can you provide the output of json format?
unity added a comment to T3946: Automatically resize the root partition if the drive has extra space.
New PR was created https://github.com/vyos/vyos-1x/pull/1072
bjw-s closed T3997: Add CAP_NET_RAW capability, a subtask of T3676: Container option to add Linux capabilities, as Invalid.
Nevermind, this was added through T3916.
When i remove from /etc/snmp/snmpd.conf ,('::1', '161') in agentaddress it solve the issue....
show system ipv6 disable
show service snmp
community public {
authorization ro
network 11.11.11.0/24
}
contact [email protected]
listen-address 11.11.11.251 {
port 161
}
location ru-brnNov 16 16:23:27 r1-brn systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE Nov 16 16:23:27 r1-brn systemd[1]: snmpd.service: Failed with result 'exit-code'.
c-po added a project to T2279: Router resolves as 127.0.1.1 when using Router's Recursive DNS: VyOS 1.4 Sagitta.
fortinj1354 awarded T2279: Router resolves as 127.0.1.1 when using Router's Recursive DNS a Like token.
Nov 15 2021
Nov 15 2021
c-po moved T3995: OpenVPN: do not stop/start service on configuration change from Need Triage to Backlog on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T3724: Allow setting host-name in l2tp section of accel-ppp from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T3869: Rewrite vyatta_net_name/vyatta_interface_rescan in Python from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3982: DHCP server commit fails if static-mapping contains + or . from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3994: VRF: unable to delete vrf when name contains numbers, hyphen or underscore from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3995: OpenVPN: do not stop/start service on configuration change from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Nov 15 21:23:22 LR1 systemd[1]: Reloading OpenVPN connection to vtun1. Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: event_wait : Interrupted system call (code=4) Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: Closing TUN/TAP interface Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: net_addr_ptp_v4_del: 10.255.1.1 dev vtun1 Nov 15 21:23:22 LR1 systemd[1]: Reloaded OpenVPN connection to vtun1. Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: SIGHUP[hard,] received, process restarting Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: WARNING: file '/run/openvpn/vtun1_shared.key' is group or others accessible Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: Restart pause, 5 second(s)