The documentation is also correct. Please not that there are two git branches for the documentation, current and equuleus. You send me the VyOS 1.2.2 crux link. I gave you the upcoming VyOS 1.2 equuleus link.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Sep 4 2019
Thanks, I'll try to figure it out. What do you think about openvpn:openvpn?
This is actually a duplicate of T1617.
Thanks! Should update the documentation @ https://vyos.readthedocs.io/en/latest/interfaces/bridging.html
I'm aware, I'm testing it since 1.2 has an unresolvable bug (due to the age of the distribution it's built on) in the isc-dhcp-relay package.
The bahavior has changed, see https://vyos.readthedocs.io/en/equuleus/interfaces/bridging.html and T1556
1.3 rolling is not recommended for users - its pre-alpha.
Just noticed you used VyOS 1.2-rolling-201909040337, this is for 1.3 rolling.
@jdevincentis is this a custom build? Using VyOS 1.2-rolling-201909040337 I can not reproduce the issue with:
Sep 3 2019
I took a look, but was unable to figure out how to finagle VyOS to fix it.
The config generator would need to be adopted https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/interface-openvpn.py and the wrapper script added. I have no time before tomorrow, sorry
And may be change nobody:nogroup to openvpn:openvpn? It's more clear, i think...
How can I help you to fix it? In this article https://community.openvpn.net/openvpn/wiki/UnprivilegedUser looks like it's not so hard...
That will be a complete rewrite, since the interface name is now readable via VYOS_TAGNODE_VALUE, that affects get_config() quite a lot and will reduce the number of code line significantly. The flip side of the coin is, that the current code was running pretty reliable, so I will release small updates while adopting to see if I break anything configure outside of my test environment.
Please test with latest rolling and not a custom build.
When the site looses connection and thus a SIGUSR21 is sent to OpenVPN to restart internally the priviledges have dropped and yes, /sbin/ip can't be called again.
Duplicate: T1628
Or may be you could tell me where I can include this commands? Also I need to setup correct owners for /config/user-data/zabbix/ dir, there is zabbix-proxy DB...
how could I show it to you? Which version have you try to update? I think simple chown in update script could fix it!
Also i think it could be compare with changing of list of users and thous IDs:
Old system list:
Sep 2 2019
Hello @Merijn, do you have possibility provide logs while this issue appear and client try connect to l2tp server?
As example show log tail 100 | strip-private
Here's the sanitized dhcp-server config.
Should be fixed in next rolling release by: https://github.com/vyos/vyatta-cfg/commit/710728ee8eb6def82f9a142468960f6985dcf4e8
On my routers they are definitely missing from /config/dhcpd.leases. I have some static host mappings in the config too. I also confirmed the "on commit set shared-networkname" line is in dhcpd.conf.
Hello @hexes, do you have D-NAT rules for destination port 9786 on external ip? Can you give me advanced info how I can reproduce this?
Also you can masking config with command show ... | strip-private . I need all firewall and nat rules.
ps:/ In my test lab I can't reproduce this issue.
Hello, @jjakob . I cannot reproduce this issue on VyOS 1.2-rolling-201908311322. Can you give more details and configuration commands?
Did you use for ipv4 show dhcp server leases and for ipv6 run show dhcpv6 server leases ?
Sep 1 2019
As a stopgap measure that allows old config to load, I've made the script cap it at 100:
@hagbard not a problem. Looks like we now go the "our own lib" way as pyroute2 has some flaws. DHCP is already fix and I continue improve the script and remove redundant code before it will be extended to support VLAN/bonding.
Aug 31 2019
@c-po sorry was camping in a remote area without cell coverage. What's the way we go then? I'll look tomorrow, eventually Tuesday next week into the dhcp stuff.
Cherry-picked into crux.
@zsdc please follow up on this
@zsdc can you follow up on this
Thanks!!!! I'll test it once it's pulled...