Implemented as: set service router-advert interface eth0 name-server-lifetime <value> which will be option A
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jun 29 2022
PR https://github.com/vyos/vyos-1x/pull/1379 (without completion help)
Because with a rule like that I accept everything coming from nl from wan to lan, or I would need to add the source nl to every rule. That's why I did it with a deny not coming from nl on top, and then specific rules for the traffic that I want to accept.
If the default option is enabled or 1
Maybe it makes sense to create disable option like:
set interfaces bridge br0 ip disable-multicast-snooping
PR to add the option: https://github.com/vyos/vyos-1x/pull/1378
Jun 28 2022
It is not related to a router bug/feature
Close it
Did you try dns forwarding domain?
set service dns forwarding domain abc.local server 192.0.2.5
Task for rewriting wan-loadbalancing to XML/Python T4470
@Viacheslav thanks
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1375
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1374
Will be fixed in the next rolling release
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1372
Why don't use action accept for nl and drop all others?
In T4457#124584, @NikolayP wrote:The problem seems to be in these lines:
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.1' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14'Replacing "static IP" with 172.25.255.2 makes it work in VyOS 1.3.1
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2'Full corrected config for 1.3.1 from the first post:
set interfaces dummy dum4 address '4.4.4.4/32' set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth1 address '192.168.6.31/24' set service ssh set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec nat-traversal 'enable' set vpn l2tp remote-access authentication local-users username test password 'test' set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2' set vpn l2tp remote-access authentication mode 'local' set vpn l2tp remote-access authentication require 'mschap-v2' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14' set vpn l2tp remote-access idle '1800' set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret' set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'test' set vpn l2tp remote-access ipsec-settings ike-lifetime '3600' set vpn l2tp remote-access ipsec-settings lifetime '3600' set vpn l2tp remote-access outside-address '192.168.6.31'
It seems a wrong priority
Mpls configuration applied before creation tunnel
As a result sysctl parameter for the tunnel interface doesn't exist yet
To reproduce it in one commit:
set interfaces dummy dum1 address '10.5.4.8/24' set interfaces tunnel tun0 address '10.255.0.2/30' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 remote '192.0.2.254' set interfaces tunnel tun0 source-address '192.0.2.1' set protocols mpls interface 'dum1' set protocols mpls interface 'tun0' set protocols mpls ldp discovery transport-ipv4-address '192.0.2.1' set protocols mpls ldp interface 'dum1' set protocols mpls ldp interface 'tun0' set protocols mpls ldp router-id '192.0.2.1'
Jun 27 2022
Hi,
I think this is a BUG, not a feature.
If I enable mpls on an interface, then the proper sysctl flags must be applied and be persistent.
it's a common behavior when you want to set sysctl variable and bash-cli is used ( vyos-cli by default when restart the vm set this value in 0 ) . however , it's possible to configure it with this command :
Jun 26 2022
I just tested it on VyOS 1.4-rolling-202206260217, everything seems to work so far!
It would be nice to also have the negate option, something like:
@MrXermon Let's say someone is setting up BGP peering and wants to control import or export of prefixes using prefixlist. With your suggestion, how would you deny certain prefixes and accept all others? Can JunOS solve this directly with prefixlist without using route-map?
Thank you!
Jun 25 2022
Jun 24 2022
@Viacheslav As for your other concern, you can filter the actual inbound interface (eth4 in this my case) in mangle-PREROUTING. Maybe you could try packet marking in mangle-PREROUTING, then filter them later in VYOS_FW_FORWARD/VYOS_FW_LOCAL in the filter table?
Something like this: