- User Since
- Oct 2 2019, 6:00 PM (61 w, 1 h)
maybe it happened after that commit https://github.com/vyos/vyos-1x/commit/c87ad948999c28c3c9449f98d60b545481ea29d5
because it was work in VyOS 1.3-rolling-202011250217
Perhaps replace config (from_re "interface") delete also and route-maps/prefix-lists from FRR configuration.
Mon, Nov 30
@c-po It's mean all NOT ports. If you want to drop not 22,23,24,25
Sun, Nov 29
Sat, Nov 28
set nat source rule 1000 outbound-interface 'eth1' set nat source rule 1000 source address '203.0.113.1-203.0.113.4' set nat source rule 1000 translation address '10.0.0.1-10.0.0.4' vyos@r5# commit [ nat ] Warning: IP address 10.0.0.1 does not exist on the system! Warning: IP address 10.0.0.4 does not exist on the system!
@jjakob can you check the latest rolling?
Fri, Nov 27
This probably happens at this stage.
It seems a wrong logic.
We want that option to have an effect on "local" and "forward" directions, so we use table mangle and "PREROUTING" and VYATTA_FW_IN_HOOK hook
Thu, Nov 26
@olofl Can you check the latest rolling release? Are all logs sent correctly?
Wed, Nov 25
Tue, Nov 24
Another bug that the following configuration doesn't configure vtysh level debug
The main reason is frr code for placing log files in a separate file.
Mon, Nov 23
Sun, Nov 22
Device-type tap option works incorrectly
set interfaces openvpn vtun20 device-type 'tap' set interfaces openvpn vtun20 local-address 10.0.0.0 set interfaces openvpn vtun20 local-host '100.64.0.1' set interfaces openvpn vtun20 local-port '22222' set interfaces openvpn vtun20 mode 'site-to-site' set interfaces openvpn vtun20 remote-address '10.0.0.1' set interfaces openvpn vtun20 remote-host '100.64.0.2' set interfaces openvpn vtun20 remote-port '22222' set interfaces openvpn vtun20 shared-secret-key-file '/config/auth/foo.key'
@pasik Can you check if it solves your expectation?
Fri, Nov 20
Thu, Nov 19
Add the ability to use policy local-route
Tue, Nov 17
Propose to use that format
Mon, Nov 16
Jool can handle 2 times as many packets.
vyos@r4-roll# sudo cat /run/openvpn/vtun30365.conf ### Autogenerated by interfaces-openvpn.py ### # # See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage # for individual keyword definition # # #
Add ISIS routing.
Sun, Nov 15
Possible reason - ipset should be converted to nft list set
Fri, Nov 13
@cjeanneret Can you re-check it? And close it if all works fine.
Fix for "remote-host" on client side
set interfaces openvpn vtun0 encryption cipher 'aes256gcm' set interfaces openvpn vtun0 encryption disable-ncp set interfaces openvpn vtun0 hash 'sha512' set interfaces openvpn vtun0 local-host '100.64.0.1' set interfaces openvpn vtun0 local-port '1194' set interfaces openvpn vtun0 mode 'server' set interfaces openvpn vtun0 openvpn-option 'tls-version-min 1.3' set interfaces openvpn vtun0 openvpn-option 'comp-lzo no' set interfaces openvpn vtun0 persistent-tunnel set interfaces openvpn vtun0 protocol 'tcp-passive' set interfaces openvpn vtun0 server client client1 ip '10.10.3.2' set interfaces openvpn vtun0 server client client1 subnet '10.10.3.0/29' set interfaces openvpn vtun0 server client client1 subnet '10.20.0.0/16' set interfaces openvpn vtun0 server subnet '10.10.3.0/29' set interfaces openvpn vtun0 server topology 'subnet' set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ovpn/ca.crt' set interfaces openvpn vtun0 tls cert-file '/config/auth/ovpn/central.crt' set interfaces openvpn vtun0 tls dh-file '/config/auth/ovpn/dh.pem' set interfaces openvpn vtun0 tls key-file '/config/auth/ovpn/central.key'
In the new version client configuration
@Zer0t3ch Can you share your configuration?
Thu, Nov 12
Imagine if you use for example BGP and don't have a default route or set it to blackhole.
Then you originate the default route for a neighbor.
Why it should not announce the default route to the neighbor?
It's normal behavior, so routes not installed in the routing table.
Tue, Nov 10
Mon, Nov 9
Thu, Nov 5
Neet to retest, the related task T2100
Tue, Nov 3
@trae32566 Are there any updates for this task?
Fix validators for "neighbor update-source"
It can be work with XFRM interfaces https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN#XFRM-interfaces-in-VRFs
Nov 2 2020
@phillipmcmahon Try to check if vlan works correctly without DHCP?
I met several nuances associated with vlans on ESXi.
Nov 1 2020
We need some expressions like
I see correct state "disabled"
Oct 30 2020
This logic does not allow for the complete removal of the protocol.
@rizkidtn Update, please your request. Is the community works for you for blackholing?
Oct 29 2020
Do you mean that?
set interfaces ethernet eth1 mirror
- Not all interfaces can be used as "update-source"
Missed "vti | dum | lo" etc.
Fix the FRR template for new bgp implementation.
How to do it?
Oct 28 2020
Oct 27 2020
vyos@r4-roll# run show version