Page MenuHomeVyOS Platform

Magnum (Marcus Hoff)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 7 2020, 11:36 AM (20 w, 3 d)

Recent Activity

Mon, Oct 26

Magnum created T3018: Unclear behaviour when configuring vif and vif-s interfaces.
Mon, Oct 26, 1:07 PM · VyOS 1.3 Equuleus

Thu, Oct 22

Magnum closed T2906: OpenVPN: tls-auth missing key direction as Resolved.

Tested creation on both server and client.
OpenVPN conf file is contains the key-direction
Server and client can connect correctly.

Thu, Oct 22, 7:10 AM · VyOS 1.3 Equuleus, openvpn

Wed, Oct 21

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Also, while setting up test for T2906:

Wed, Oct 21, 2:02 PM · VyOS 1.3 Equuleus
Magnum claimed T2906: OpenVPN: tls-auth missing key direction.

No problem

Wed, Oct 21, 1:52 PM · VyOS 1.3 Equuleus, openvpn
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

I can see why the smoketests pass. They only check if the interface has been removed from the config - not the system.

Wed, Oct 21, 1:41 PM · VyOS 1.3 Equuleus

Mon, Oct 19

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Just tested with:
https://github.com/vyos/vyos-1x/commit/85cc735b05be109e6daa5403efa4122b8b6e79d2

Mon, Oct 19, 12:28 PM · VyOS 1.3 Equuleus
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

No, I'm running this commit:
https://github.com/vyos/vyos-1x/commit/029f9839c21317ec5959b331eee25da472d08dc1

Mon, Oct 19, 10:50 AM · VyOS 1.3 Equuleus
Magnum reopened T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit, a subtask of T1579: Rewrite all interface types in new XML/Python style, as In progress.
Mon, Oct 19, 10:16 AM · VyOS 1.3 Equuleus
Magnum reopened T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit as "In progress".

I spoke to soon.
The interfaces are very persistant now - when you delete the vtun interface it doesn't get taken down!

Mon, Oct 19, 10:16 AM · VyOS 1.3 Equuleus
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Tested in my lab and it works both during creation and reboot.

Mon, Oct 19, 8:57 AM · VyOS 1.3 Equuleus

Sun, Oct 18

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Well spotted - i hadn't seen that option before.
I'll give it a go and see how it runs.

Sun, Oct 18, 6:32 PM · VyOS 1.3 Equuleus
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

I know, that my specific problem is related to OpenVPN, but are you saying, that this is only relevant for OpenVPN and it's not going to impact other interfaces?

Sun, Oct 18, 3:13 PM · VyOS 1.3 Equuleus

Wed, Oct 14

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.
interfaces {
    ethernet eth2 {
        address 10.201.1.2/30
        description WAN
        hw-id 0c:6b:af:b0:4f:02
    }
    openvpn vtun11 {
        description "CPE MGMT"
        device-type tun
        encryption {
            cipher aes256
        }
        hash sha1
        mode client
        persistent-tunnel
        protocol udp
        remote-host 10.200.200.11
        remote-port 1194
        tls {
            auth-file /config/auth/shared.key
            ca-cert-file /config/auth/ca.crt
            cert-file /config/auth/cpe1-1.crt
            key-file /config/auth/cpe1-1.key
        }
        vrf CPE-MGMT
    }
}
protocols {
    static {
        route 0.0.0.0/0 {
            next-hop 10.201.1.1 {
            }
        }
    }
}
vrf {
    name CPE-MGMT {
        description "CPE MGMT"
        table 112
    }
}
Wed, Oct 14, 7:01 AM · VyOS 1.3 Equuleus

Tue, Oct 13

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

This bug seems to be worse than I thought.
Here's an example:
On reboot an openvpn client inteface will come up outside the vrf. Any routes that get pushed by the server will not get added to the client because it's wants to add the routes inside the vrf of the vtun interface - but the vtun isn't a member.
Heres a log snippet:

Tue, Oct 13, 11:35 AM · VyOS 1.3 Equuleus
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

You're right, if-up.d scripts only get run for the interfaces defined in /etc/network/interfaces.

Tue, Oct 13, 10:29 AM · VyOS 1.3 Equuleus

Wed, Oct 7

Magnum created T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.
Wed, Oct 7, 4:56 PM · VyOS 1.3 Equuleus

Tue, Oct 6

Magnum closed T2957: show openvpn not returning anything as Resolved.
Tue, Oct 6, 3:20 PM · openvpn, VyOS 1.3 Equuleus

Mon, Oct 5

Magnum moved T2957: show openvpn not returning anything from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
Mon, Oct 5, 7:03 AM · openvpn, VyOS 1.3 Equuleus

Sat, Oct 3

Magnum added a comment to T2957: show openvpn not returning anything.

Fix in PR: https://github.com/vyos/vyos-1x/pull/561

Sat, Oct 3, 12:01 PM · openvpn, VyOS 1.3 Equuleus
Magnum created T2957: show openvpn not returning anything.
Sat, Oct 3, 11:53 AM · openvpn, VyOS 1.3 Equuleus

Sep 20 2020

Magnum added a comment to T2908: VRF and bridge membership isn’t mutually exclusive.

First create a vrf and bridge interface and add eth1 to the bridge:

Sep 20 2020, 3:55 PM · VyOS 1.3 Equuleus
Magnum added a comment to T2907: OpenVPN: Option to disable encryption.

PR for vyos-1x: https://github.com/vyos/vyos-1x/pull/547

Sep 20 2020, 3:32 PM · openvpn, VyOS 1.3 Equuleus
Magnum added a comment to T2906: OpenVPN: tls-auth missing key direction.

PR for vyos-1x: https://github.com/vyos/vyos-1x/pull/548

Sep 20 2020, 3:31 PM · VyOS 1.3 Equuleus, openvpn
Magnum created T2908: VRF and bridge membership isn’t mutually exclusive.
Sep 20 2020, 1:17 PM · VyOS 1.3 Equuleus
Magnum created T2907: OpenVPN: Option to disable encryption.
Sep 20 2020, 12:41 PM · openvpn, VyOS 1.3 Equuleus
Magnum created T2906: OpenVPN: tls-auth missing key direction.
Sep 20 2020, 12:37 PM · VyOS 1.3 Equuleus, openvpn