Hello @hammersoft , VyOS migrated from xl2tp to accel-ppp. Can you check this issue on latest rolling?
https://phabricator.vyos.net/T834
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Aug 14 2019
Aug 13 2019
Hello Harliff,
We also can add show protocols bfd peer counters and for peer show protocols bfd peer x.x.x.x counters
vyos@vyos-rtr01# run show protocols bfd peer counters | strip-private BFD Peers: peer xxx.xxx.0.4 local-address xxx.xxx.0.1 vrf default Control packet input: 0 packets Control packet output: 988 packets Echo packet input: 0 packets Echo packet output: 0 packets Session up events: 0 Session down events: 0 Zebra notifications: 0
A note when stating to convert physical interfaces.
I've made some hacks to get vyatta-config-sync working with ssh-keys (and working at all).
Why not use curl which is inside the image?
Okay. Please test with latest rolling so we can possibly backport this to crux
Sometimes vif-s used for management and may contain not encapsulated traffic which need prepare with firewall.
Please keep this in mind when rewriting dummy/loopback interfaces: https://phabricator.vyos.net/T1467
I have no experience with Q-in-Q but does it even make sense to apply a firewall to the outer side of a Q-in-Q link? I understand to apply a firewall to the vif-c interface inside vif-s (as this can be trated as any regular vlan interface) but a firewall on the encapsulated interface?
Aug 12 2019
Yes, sorry, I was mean about new syntax for rolling release. PR for fixing issue with ARP https://github.com/vyos/vyos-1x/pull/101
@Dmitry, thanks for reply.
Hello @olofl , I think you need show protocols static arp interface eth1.1728 command. You also may read about ARP on https://vyos.readthedocs.io/en/latest/routing/arp.html?highlight=show%20arp
PR https://github.com/vyos/vyatta-cfg-system/pull/105
Thanks @zsdc for assist.
@c-po
I have some new findings. When I upgrade to a new rolling release (tested with the one from 11.08.2019 and 12.08.2019), I do 'add system image ...', then reboot, then the forwarders are missing in recursor.conf:
Aug 10 2019
Hi Donny,
Not sure if you're still looking into this, but the following script works perfectly for me on the crux branch:
Ok, I feel very noobish, but I can't seem to change it. Any pointers?
Oh thought I did, sorry do not github very often. Let me dive in for a sec.
Thanks :) i see the pull message is updated, but could you also update the commit message to reflect this?
Ah apologies, should be fixed now.
Hi! Thanks for the contribution!
My fix is here: https://github.com/vyos/vyos-vmwaretools-scripts/pull/2
See https://github.com/vyos/vyos-build/pull/58 for what I think is the fix.
Aug 9 2019
I have added two PRs with some fixes and new features. The most valuable changes:
- Fixed the bug, which prevents to change or delete BFD peers with custom options. For example, when any of source address/interface, multihop was used, such peers could not be deleted or changed.
- Added configuration checks, which should prevent adding BFD option to BGP neighbors or peer-groups without corresponding peers configuration in protocols bfd. If BGP and BFD configurations are out of sync, BGP sessions could be very unstable.
- Added configuration check, which should prevent to delete peers from protocols bfd if they are still used in BGP.
- Some other small fixes and changes.
Also, was added several new options:
BFD configuration:
set protocols bfd peer IP echo-mode set protocols bfd peer IP interval echo-interval
BGP configuration:
set protocols bgp ASN neighbor IP bfd check-control-plane-failure
I cannot reproduce this issue on VyOS 1.2.0-rolling+201908050337. @OlegGardash can you try on last rolling release?
I don't think it's a good idea, for several reasons.
This sounds like a good improvement!
Fixed. Should in the next nightly build.
Is this still an issue?
Most of these files are autogenerated and dont need to be saved across reboots.. is it possible to make them in a overlay that does not save to disk? Or another aproach is to just delete them when the device starts (before or when vyatta starts)
I second this, I would like to be able to setup different keys for multiple wireguard interfaces too.
Would we masking snmp community and email addresses in config for privacy?
Aug 8 2019
https://github.com/vyos/vyos-1x/commit/d96cfc8a5b1e9f9a3484a4c4036dddabfc588f5b
While documentation is on its way, below is a very small example on how to use it:
Created PR https://github.com/vyos/vyatta-op/pull/23/commits/20822ca355fcec4a364375edf6330e6b2357a570
Need check. If you any additional info about unmasked config data, please write here
dhcp can be done via systemd or the traditional isc-dhcp client, which way should we go? systemd.networkd does link detection too and stops dhcp if the link is lost and starts it again when the link returns to state up.
@noitcennok stop polluting non relevant threads and stick to your original forum post.
@Dmitry i want to secure my /24 from layer 7 attacks? i already contacted my upstream he said:
@c-po yes, I saw this script. About documentation prefixes is not bad idea, but with XXXXX view more pretty, I think.
@Dmity stripping is done here: https://github.com/vyos/vyatta-op/blob/current/scripts/vyos-strip-config.pl
@Dmitry Do you know ABOUT BGP Communities filtering?
Please open this one as I want to get help from experts.
This is a support request,
closing in favor of forum post
https://forum.vyos.io/t/bgp-communities-filtering/3969/2
In T1567#40707, @rherold wrote:You can add a community via route-map to your outgoing routes.
set policy route-map $YOUR-OUTGOING-MAP rule $RULENUM set community ..
You can add a community via route-map to your outgoing routes.