The root cause of this problem is that OpenVPN when the deamon is started and in tries to connect to the server, yet did not create the vtun11 interface on the system. Thus all calls to the ifconfig python library will fail big time.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Oct 18 2020
Oct 18 2020
c-po added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.
I updated pr. so far, tinc VPN cli will automatically generate the local node key file, such as the following code:
Isn't anyone implementing this feature right now?
Oct 17 2020
Oct 17 2020
c-po changed the status of T2985: Add glue code to create bridge interface on demand, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, from In progress to Needs testing.
c-po changed the status of T2985: Add glue code to create bridge interface on demand from In progress to Needs testing.
c-po closed T2991: Update WireGuard to 1.0.20200908, a subtask of T2990: Update Linux Kernel to v4.19.152, as Resolved.
tom.siewert added a comment to T2987: VxLAN not working properly after upgrading to latest October build and with a new installation.
My last comment was wrong, here are the outputs for bridge fdb show dev vxlan122:
Viacheslav added a comment to T2987: VxLAN not working properly after upgrading to latest October build and with a new installation.
I can't reproduce it with VyOS 1.3-rolling-202010170146 and other october releases
tom.siewert added a comment to T2987: VxLAN not working properly after upgrading to latest October build and with a new installation.
source-interface cannot be used as the routers are not in the same multicast group, neither can communicate via multicast
tom.siewert added a comment to T2987: VxLAN not working properly after upgrading to latest October build and with a new installation.
In T2987#77730, @Viacheslav wrote:@tom.siewert
What will be if you delete the source-address on "October" node?
Viacheslav added a comment to T2987: VxLAN not working properly after upgrading to latest October build and with a new installation.
@tom.siewert
What will be if you delete the source-address on "October" node?
UnicronNL changed the status of T2834: Config rollback function is broken due lack access to the config.boot from Confirmed to Needs testing.
Oct 17 2020, 1:27 PM · Restricted Project
We should avoid having a constellation of exporters, but favour having a single one. I feel like starting and stopping those would be pretty icky.
Oct 17 2020, 12:57 PM · Restricted Project
Viacheslav added a comment to T752: Add an option to disable IPv4 forwarding on specific interface only.
Must this command be executed from docker now?
c-po edited projects for T2792: Failed to run `sudo make qemu` with vyos-build container due to the change of packer, added: VyOS 1.3 Equuleus; removed vyos-build.
This will break builds in out Docker environment where we ship a packer version. See T2792 and https://github.com/vyos/vyos-build/commit/e2dd9db8a2539b6d13c98d89e18872336cf8f974
jack9603301 updated the task description for T2986: Unable to build qemu image due to misconfigured Packer.
c-po changed Version from - to 1.3-rolling-202010081758 on T2985: Add glue code to create bridge interface on demand.
c-po changed the status of T2985: Add glue code to create bridge interface on demand from Open to In progress.
c-po changed the status of T2985: Add glue code to create bridge interface on demand, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, from Open to In progress.
Also very interested in this. Ready and willing to test.
@Cheeze_It thanks, works fine.
Unknown Object (User) changed the status of T2984: (igb, ixgbe) HW queues applied only for the first 2 interfaces from In progress to Needs testing.
Unknown Object (User) changed the status of T2984: (igb, ixgbe) HW queues applied only for the first 2 interfaces from Open to In progress.
Unknown Object (User) created T2984: (igb, ixgbe) HW queues applied only for the first 2 interfaces .
Oct 16 2020
Oct 16 2020
Unknown Object (User) changed the status of T2978: IPoE service does not work on shared mode from Confirmed to Needs testing.
Cheeze_It changed the status of T2981: MPLS LDP neighbor session clear capability from Open to Needs testing.
That would be a workaround only - see IPv6 syntax above. Using the refactored interface handling (T2653) makes this a low-hanging fruit.
I'll be giving those a test once T2981 is done. I'll report back here with results :)
PR is added here...
Unknown Object (User) created T2983: Add support to DHCP server include an extended config.
Quite interesting, support, in fact some information can not be captured from SNMP very well
owensresearch awarded T2257: BGP does not work with VRF a Heartbreak token.
Viacheslav added a comment to T752: Add an option to disable IPv4 forwarding on specific interface only.
How about this?
@D0peX That's correct? I updated pr
Thank you Viacheslav
Viacheslav changed the status of T2907: OpenVPN: Option to disable encryption from Open to Needs testing.
@c-po @dmbaturin It can be safely cherry-picked to the "crux".
I tested this on 1.2.6-s1, it works.
@trae32566 Will be added in the next rolling release.
Check, please.
The possible reason, that it can't get the lease file, because that directory not present in the LiveCD
lease_file = "/config/dhcpd.leases"
That sounds great to me! I actually like that more.
Proposed cli
One of them
It was fixed in the rolling T2573
https://phabricator.vyos.net/rVYOSONEXf812c5d1ce01efa8323bfb797c57f68f474665bb
Oct 15 2020
Oct 15 2020
c-po renamed T2980: FRR bfdd crash due to invalid length from FRR bfdd crash due to invlid length to FRR bfdd crash due to invalid length.
@Robot82
It will be by default in the new BGP implementation.
https://github.com/vyos/vyos-1x/blob/current/data/templates/frr/bgp.frr.tmpl#L5
Proposed CLI
reset mpls ldp neighbor x.x.x.x
Cheeze_It changed Is it a breaking change? from none to compatible on T2981: MPLS LDP neighbor session clear capability.
awesome, thanks!
trae32566 awarded T2980: FRR bfdd crash due to invalid length a Like token.
Unknown Object (User) added a comment to T2971: Provide a CLI solution for Ingress Shaping when there is SNAT.
Also submitted PR for FRR 7.3 series https://github.com/FRRouting/frr/pull/7318
OK, thank you. I will test this. This should probably be made as default.
@runar The preliminary integration of tinc is basically completed, please see
Unknown Object (User) added a comment to T2978: IPoE service does not work on shared mode.
Yes, both clients configured as DHCP clients.
Client 1 - eth0 - 50:00:00:06:00:00
Client 2 - eth0 - 50:00:00:07:00:00
This has come up multiple times before, see https://phabricator.vyos.net/T1698 for the solution.
I can confirm.
It happens after update procedure.
Viacheslav added a comment to T2834: Config rollback function is broken due lack access to the config.boot.
If I do a clean install of 1.2.6-s1 from iso, the rollback works fine.
If deploy from a qcow2 image, I see a similar error.
Oct 15 2020, 6:15 AM · Restricted Project
Oct 14 2020
Oct 14 2020
soxrok2212 added a comment to T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing.
I should add that building the package on arm64 hardware (pi3/4) works fine. Building in the docker container fails.
marekm added a comment to T2060: source-validation will be configured at different locations and could lead to massive confusion.
Just my thoughts - there are situations where rp_filter is not sufficient, and it was not clear to me how to do this cleanly with the zone firewall, so I ended up hacking a few iptables commands in rc.local instead.
runar added a comment to T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing.
the issue is verified by soxrok2122 by using a stock ubuntu 20 host with the stock vyos/vyos-build:current-arm64 docker image
runar reopened T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing, a subtask of T476: Update the base system to Debian 10 (Buster), as Open.
runar reopened T1663: T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing as "Open".
I'm reopening this issue as this seams to still be an issue. reported by user soxrok2212 on slack (#vyos-on-arm64)
It seems Client1 and Client2 only DHCP-clients.
Could you share also Client1 and Client2 configuration? Would be nice adding this lab setup to the docs
Unknown Object (User) changed the status of T2978: IPoE service does not work on shared mode from Open to Confirmed.
Unknown Object (User) created T2978: IPoE service does not work on shared mode.
Unknown Object (User) closed T2972: PPPoE server rate limiter allows max 65535 kbps to be set as Resolved.
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.
interfaces {
ethernet eth2 {
address 10.201.1.2/30
description WAN
hw-id 0c:6b:af:b0:4f:02
}
openvpn vtun11 {
description "CPE MGMT"
device-type tun
encryption {
cipher aes256
}
hash sha1
mode client
persistent-tunnel
protocol udp
remote-host 10.200.200.11
remote-port 1194
tls {
auth-file /config/auth/shared.key
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/cpe1-1.crt
key-file /config/auth/cpe1-1.key
}
vrf CPE-MGMT
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 10.201.1.1 {
}
}
}
}
vrf {
name CPE-MGMT {
description "CPE MGMT"
table 112
}
}