User Details
- User Since
- Oct 2 2019, 6:00 PM (138 w, 2 d)
Today
The current salt-minion version 3003.4+ds-1
@maznu Do we need anything else for it?
Thu, May 26
Some debug info:
[email protected]# sudo /opt/vyatta/sbin/wan_lb -v -f /var/run/load-balance/wlb.conf -i /var/run/vyatta/wlb.pid LBDataFactory::process(1): health: LBDataFactory::process(2): interface:eth0 LBDataFactory::process(2): failure-ct:2 LBDataFactory::process(2): success-ct:1 LBDataFactory::process(2): nexthop:dhcp LBDataFactory::process(3): rule:10 LBDataFactory::process(4): type:ping LBTest::init() send raw sock: 5 LBDataFactory::process(4): target:1.1.1.1 LBDataFactory::process(4): resp-time:5000 LBDataFactory::process(3): : LBDataFactory::process(2): : LBDataFactory::process(1): : LBDataFactory::process(2): interface:eth1 LBDataFactory::process(2): failure-ct:2 LBDataFactory::process(2): success-ct:1 LBDataFactory::process(2): nexthop:dhcp LBDataFactory::process(3): rule:10 LBDataFactory::process(4): type:ping LBDataFactory::process(4): target:8.8.8.8 LBDataFactory::process(4): resp-time:5000 LBDataFactory::process(3): : LBDataFactory::process(2): : LBDataFactory::process(1): : LBDataFactory::process(0): : health: interface: eth0 nexthop: dhcp success ct: 1 failure ct: 2 test: 10 target: 1.1.1.1, resp_time: 5000 interface: eth1 nexthop: dhcp success ct: 1 failure ct: 2 test: 10 target: 8.8.8.8, resp_time: 5000
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1335
Wed, May 25
Fri, May 20
FRR match always mean logical AND
Thu, May 19
There is an issue with vrf device for LOCAL direction
Imagine if you have 50 interfaces in one VRF and you want to drop all traffic from one interface for example - eth2 and don't touch other interfaces
You set firewall on eth2 Local - drop all traffic for device vrf and it will be affected to another 49 interfaces as iifname VRF_DEVICE the same
@jjakob could you re-check it with new fix?
Wed, May 18
Tue, May 17
Mon, May 16
Need testing:
set service pppoe-server authentication mode 'radius' set service pppoe-server authentication radius rate-limit attribute 'Mikrotik-Rate-Limit' set service pppoe-server authentication radius rate-limit enable set service pppoe-server authentication radius rate-limit multiplier '0.001' set service pppoe-server authentication radius rate-limit vendor 'Mikrotik' set service pppoe-server authentication radius server 192.0.2.1 key 'foo' set service pppoe-server client-ip-pool start '192.0.2.5' set service pppoe-server client-ip-pool stop '192.0.2.254' set service pppoe-server gateway-address '192.0.2.1' set service pppoe-server interface eth3
Or any live example
Fri, May 13
Thu, May 12
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1324
PR revert previous commit https://github.com/vyos/vyos-1x/pull/1323
Wed, May 11
Tue, May 10
@dmbaturin Do we really need this?
Maybe it will fix it https://github.com/sematext/oxdpus/blob/master/pkg/xdp/prog/xdp.c
I could be wrong
PR for 1.4 https://github.com/vyos/vyos-1x/pull/1321
@zedalert Tested addresses should be different, as I remember it send pings with "interface" option
So targets should be different
Sun, May 8
Duplicate T4359
Fri, May 6
Try to delete sync-group, as you use only one group
Thu, May 5
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1315
In 1.4 it working
set policy route-map FOO rule 10 action 'permit' set policy route-map FOO rule 10 set as-path-prepend 'last-as 2'
Wed, May 4
With such configuration all works fine:
set load-balancing wan interface-health eth4 failure-count '5' set load-balancing wan interface-health eth4 nexthop 'dhcp' set load-balancing wan interface-health eth4 success-count '1' set load-balancing wan interface-health eth4 test 10 target '192.0.2.40' set load-balancing wan interface-health eth5 failure-count '5' set load-balancing wan interface-health eth5 nexthop 'dhcp' set load-balancing wan interface-health eth5 success-count '1' set load-balancing wan interface-health eth5 test 10 target '192.0.2.50' set load-balancing wan interface-health eth6 failure-count '5' set load-balancing wan interface-health eth6 nexthop 'dhcp' set load-balancing wan interface-health eth6 success-count '1' set load-balancing wan interface-health eth6 test 10 target '192.0.2.60' set load-balancing wan rule 10 failover set load-balancing wan rule 10 inbound-interface 'eth7' set load-balancing wan rule 10 interface eth4 set load-balancing wan rule 10 interface eth5 set load-balancing wan rule 10 interface eth6 set load-balancing wan rule 10 protocol 'all' set load-balancing wan sticky-connections
Configuration
# cat /etc/sshguard/sshguard.conf #### REQUIRED CONFIGURATION #### # Full path to backend executable (required, no default) BACKEND="/usr/lib/x86_64-linux-gnu/sshg-fw-nft-sets"
Tue, May 3
Prometheus server pulls information correctly
Could you also provide cat /var/lib/dhcp/dhclient_eth4.leases ?
no-default-route ignore just option routers and don't touch other options like classless-static-routes
Mon, May 2
Apr 28 2022
Apr 27 2022
@RyVolodya could you recheck it?
Try to replace option restart to reload-or-restart and re-configure from scratch, it may help.
https://github.com/vyos/vyos-1x/blob/363ecfa46cdb8402ea71637717863f01b09f428b/src/conf_mode/protocols_nhrp.py#L107
It is not only for dhcp, any service can be affected to this
There are no many check when we remove interface
@fernando Does it work if you "reload" configuration?
Apr 26 2022
Works as expected
@pyaskowski try zone-policy firewall