Thu, Sep 15
PR adding libpam-google-authenticator package to VyOS:
It seems that we have two constraints here.
Made a fix and now we have:
Let me see if I can fix it.
Doing further testing, it seems adding the explicit-null broke the configuration:
Good news. It seems the patch worked properly. Here we show MPLS labels generated via segment routing for the prefix command:
Wed, Sep 14
As I mentioned above, use it before the configuration, it described in the doc
Interesting article on how and when to match ipsec options: https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions
There is PR https://github.com/vyos/vyos-1x/pull/1516 but it brakes all GRE traffic
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1539
Do you have a proposed cli format?
Added a pull request for this fix.
Nope, i use CLI for configuration and script for vrrp (wireguard interface enable/disable)
Tue, Sep 13
Fix for 1.3 https://github.com/vyos/vyos-build/pull/261
This is also an issue on the 1.3.x builds due to a similar issue. See https://github.com/jordansissel/fpm/issues/1923
It should be possible in https://github.com/vyos/vyos-1x/pull/1534
set firewall interface ethXvX
It seems you use some custom scripts for configuration
You have to use
if [ "$(id -g -n)" != 'vyattacfg' ] ; then exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) [email protected]" fi
before your configuration script
Mon, Sep 12
Refactor PR: https://github.com/vyos/vyos-1x/pull/1534
PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534
Should be fixed in https://github.com/vyos/vyatta-cfg-firewall/pull/34
Sun, Sep 11
Sat, Sep 10
A similar syntax change is in progress as part of a larger firewall refactor. It should reach the 1.4 branch in a week or so. It should allow for any valid existing interface name.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:set firewall local interface eth0 name <firewall-filter> set firewall in interface eth0 name <firewall-filter> set firewall out interface eth0 name <firewall-filter> set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>
The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.
Or, come to think, some free from of set interfaces unknown <typeyourownname> firewall local name <ruleset> where you can only config stuff that doesn't really depend on an interface.
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
First we need to include the "google-authenticator" in our build
Fri, Sep 9
/usr/libexec/vyos/op_mode/route.py already exists but without an execution flag
I am suggesting marking this task as "Resolved" because the driver works by himself and NIC can be used with a proper configuration.
The real check without IPv4 local/remote:
[email protected]# commit [ interfaces openvpn vtun2 ]