Query: All Stories

	Include stories about projects I am a member of.

@alainlamar as you seem to be the VyOS Wireless expert, you know why we have VLAN support on it?

sorry, but their licensing model incompatible with what we do.

ZeroTier was added to the Ubiquiti EdgeRouter (which runs a vyatta fork) as a demo. Relevant to this thread:
https://blog.kruyt.org/zerotier-on-edgerouter-p2/

Yes, this _was_ still a problem but the workaround solves the issue for
me. I've been able to upgrade the 1.1.8 instances to 1.2.3 after adding
this extra interface route.

Been pretty busy lately, but ran a quick test tonight. Wireguard keys are properly moved in my VM.

I have rebuilt the router and this appears to be working as expected now. Marking as resolved.

I've tested it and can't reproduce. There are a few issues in the debian files and autoreconf, but other than that everything seems to work just fine.

There is no such thing like separate identities. You can either decrypt a package or you can't, that's about it. You basically have to hand out more public keys, you have to maintain more keys. As I mentioned before I only see currently disadvantages so far. However the user can chose what way to go and multiple options are always good. If it helps you, well that's nice to hear.

In T1572#42883, @hagbard wrote:

It's not so much the implementation as I wrote before, it just doesn't seem beneficial. It gets implemented anyway, but I try to understand why a user would like to use that. The private key is by the way no identity and also won't interfere with multiple VPN peers if you are using only one pk. On IP:12345 arrives an encrypted packet, it is simply decrypted using your pk. If it works it's given to your kernel netlink interface as far as I recall and routed there, so no verification of the private key anywhere. If it can't be decrypted, it's discarded. If you have multiple wg interfaces, your 'crypto routing' either allows the traffic to the peer or discards it if it doesn't fit, the private key has nothing to do with that, since the public key of your peer is used to encrypt it. Summary, I still cna't see any benefit having that, which doesn't mean that I won't implement it.

This feature is currently in the 1.2 rolling release.

It would be awsome if the feature could also be made available in the next VyOS 1.2.x version.
Because it likely takes a lot more time until version 1.3 gets released.

PR https://github.com/vyos/vyos-1x/pull/137, using vyos-hostsd-client instead of typical adding record to /etc/hosts

Can confirm. All my routing tables now have 0.0.0.0/0, no matter what the device is. This is just in 1.2.3.

Seems that it s merged an in 1.2.3 it looks in the moment good for me:

reproduced on 1.2-rolling-201909100338

Unfortunately we have multiple commands like this.

Exist interesting moment when LLDPD communicate with cisco ios, after 1 min 55 second LLDPD in VyOS forget cisco device, but cisco device send LLDP (with ethertype encapsulated in vlan 1 0x8100). However LLDPD in VyOS remember mikrotik and other VyOS router, which directly connected, and which also transmit LLDP. I was try using and new version LLDPD which build for myself, but same result.
After adding vlan 1 on directly connected interface with cisco device LLDPD in VyOS, R1 don't forget it.

That's fixed the problem we had, but we've encountered some other strangeness.

At this point I've moved all my ASAs to VyOS, and all my tunnels to Wireguard. Unfortunately I cannot test this setup anymore.

Do you still have that problem?
Did you see EwaldvanGeffen's message?
Do you have any comment on it?

Thank you, @c-po, I'll go deploy it now, then! :-)

ISO rebuild triggered

All Stories
Use Results
Edit Query
Hide Query

Sep 28 2019

Sep 27 2019

Sep 26 2019

Sep 25 2019

Sep 24 2019

Sep 23 2019