pfsense implements it , however , they explain that it has some limitations :
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Feb 1 2023
There are some limitations
In particular, this is a list (may not be complete) of features that are not available when using ovpn-dco:
accel-ppp doesn't support FQDN for RADIUS https://docs.accel-ppp.org/en/latest/configuration/radius.html#radius
So it is impossible until it is available in the accep-ppp
Jan 31 2023
PR for Equuleus:
https://github.com/vyos/vyos-build/pull/303
PR for Sagitta:
https://github.com/vyos/vyos-build/pull/301
PR for 1.3: https://github.com/vyos/vyos-build/pull/300
Jan 30 2023
Going to close this task as the PR has been merged into vyos-1x, and documentation has been merged also - https://docs.vyos.io/en/latest/configuration/vpn/openconnect.html#configuring-radius-accounting
Will be fixed in the next rolling release
Is it possible to also add some logic to populate boot entries using https://uapi-group.org/specifications/specs/boot_loader_specification/ ? I have been experimenting with systemd-boot, and it's working fine apart from the missing loader files. Those files look something like this:
/usr/lib/live/mount/persistence/loader/entries/1.4-rolling-202210050218-vty.conf
title "VyOS 1.4-rolling-202210050218 (KVM console)" version 1.4-rolling-202210050218 options boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/1.4-rolling-202210050218 console=tty0 linux boot/1.4-rolling-202210050218/vmlinuz initrd boot/1.4-rolling-202210050218/initrd.img
There will be similar files for serial and USB console.
Jan 29 2023
Proposed fix in - https://github.com/vyos/vyos-build/pull/299
Jan 28 2023
Jan 27 2023
Error reporting: PR's
https://github.com/vyos/vyos-1x/pull/1789
https://github.com/vyos/vyos1x-config/pull/12 (merged)
https://github.com/vyos/libvyosconfig/pull/6 (merged)
Backport PR https://github.com/vyos/vyos-cloud-init/pull/60
Fixed in the https://github.com/vyos/vyos-cloud-init/pull/58
Fix for 1.4: https://github.com/vyos/vyos-cloud-init/pull/59
It must be backported to 1.3 now.
If I don't use advertise-all-vni I get an error
This command is only supported under EVPN VRF
Please use
advertise-all-vni
My full bgp config:
Ok I'll re-check with the latest rolling.
r14# show version FRRouting 8.4.2 (r14) on Linux(6.1.6-amd64-vyos). Copyright 1996-2005 Kunihiro Ishiguro, et al.
hmm, very strange.
The Original FRR log
This command is only supported under EVPN VRF
r14# conf t r14(config)# router bgp 65000 r14(config-router)# address-family l2vpn evpn r14(config-router-af)# r14(config-router-af)# vni 100 r14(config-router-af-vni)# r14(config-router-af-vni)# route-target import 65000:100 This command is only supported under EVPN VRF r14(config-router-af-vni)#
In testing this I found that ocserv validates its config on startup and using radius accounting without radius authentication fails to validate and the service will not start. As a result i'm not treating OpenConnect accounting as dependant on the radius as the authentication mode.
Jan 26 2023
migration script modified in current; lower task priority to test error reporting from libvyoconfig.
Yeah, in my case as well, NPTv6 is mostly only useful if it it works with a dynamic (from DHCPv6-PD) prefix, since that's how my ISP provides addresses (AFAIK I'd have to pay for a business connection to get a static prefix, though I haven't actually called and asked myself). I'm tempted to play with hacking something together by building from source myself with some tweaks to auto-update the nat rules when it gets a new PD prefix.
I've created a pull request which add support for this, and yes, it does use raw command.
I know that here we want to avoid "raw options" but I think this is one of the most needed feature and I don't see any other way else to do this. Until a better option is found, I think my PR should do just fine.
Jan 25 2023
Tested in a server/client setup: