- User Since
- Jun 14 2016, 12:46 AM (74 w, 6 d)
Aug 21 2017
@NceAirport Are you connecting two vyos using a gre or vyos to other vendor?
Do these devices have a public ip address on their interfaces or an internal ip with direct routed link(no nat in the middle)?
How can we try to reproduce the issue?
Jul 24 2017
Jul 20 2017
@ekim Technically the dhcp lease should not affect on the network traffic at all, the renew should be transparent if the IP stays the same.
I believe that since the issue appears after a minute and the lease is 1 hour then it should be fine and probably not the cause for the issue.
Jul 19 2017
Can you verify using tcpdump or other means how long the dhcp lease is?
Jul 18 2017
@EwaldvanGeffen it's not clear to me if and what is implemented.
Can you please describe what is implemented and in what version?
Apr 23 2017
Has anyone tried to do something with the howtoforge: https://www.howtoforge.com/tutorial/opendataplane-with-open-fast-path-on-ubuntu/
Dec 21 2016
Which is an example of how would WLB work with a custom script.
@EwaldvanGeffen apply this rule on what? a WLB?
the WLB from what I understood required an interface per gateway while PBR allows me to route the traffic towards any of the gateways which can be the next-hop ie 10.0.0.100/24 or 10.0.0.101/24.
This is what I remember from vyatta and I haven't digged into the subject since I have a huge gap ahead as far as I can see.
@EwaldvanGeffen WLB has a difference from PBR and what is required a PBR.
The code is not something I was looking for but an example of implementation in the configuration.
Then I will be able to look at the code and understand what might be applied to PBR compared to WLB.
Dec 20 2016
@EwaldvanGeffen Can you help with giving an example of implementing this?
Like with a tiny ping that returns a status code?
(I do not know what WLB is...)
@EwaldvanGeffen technically we can simplify it into a form of a script that monitors the service using http or another tcp\udp based and would flag the avaliability of the service.
The marking and forwarding rule can be automativally bypassed if the service is flagged as down.
Anyone interested working with me on this?
It's basically a simple conditional PBR.. and since WCCP is "OK" for tiny routers for beafy machines such VYOS have I believe that it would be a piece of cake to cook this up.
Dec 4 2016
Tried to compile on sqeeze and got errors so it will only meet .1.2.0.
There was a missing package "bc".
so "apt-get install -y bc" resolved the issue.
Dec 2 2016
Nov 19 2016
@mickvav The userspace software is not something that we need in the build.
I have just built it since it's in the packages\repo.
The important thing is the module and the libraries to build them.
I will try to disable the userspace software build and move on from there.
Nov 18 2016
It took faster then expected with a help from a friend so:
In order to speed up the build process I want us to work on the VYOS development docker container.
Once we will have this I and others can do things much faster.
I will try to share my build node for debian in two days and then we can move forward from this one step forward towards simple kernel compilation for VYOS in a docker container.
After we will have this we can simply buidl the NDPI modules(which are being used in zeroshell....).
Nov 16 2016
OK I have just seen that Mikrotik routers have p2p block and it's an iptables level concept.
I have compiled the module for debian but needs some help from others.
Waiting for others to help.
Oct 19 2016
@hmkias I think that some kind of a daemon would be required to "coordinate" between the squid machine to the VYOS.
I had an idea about it in the past but never had the chance to actually implement it with vyatta.
However I have seen that in ZEROSHELL there is a very nice feature which test for proxy IP level availability.
How complex would it be to make a condition to the policy based on a lock file?
Sep 26 2016
@EwaldvanGeffen The main point is that the basic and working extra modules should be usable to the public since it gives anyone that want's to enhance the existing code.
The main example is blocking windows updates, if you have the sources you can see it's being blocked based couple simple things:
domain name in plain HTTP
domain name in SNI of SSL
@mickvav I do not need it personally since it works for me fine on other systems but I would like to put my efforts in order to have others have some benefit from my work.
I will take a look at the ipt-netflow-code work and with time I will probably practice it.
@mickvav I learned the debian packaging and produced more then one or these for Squid-Cache but everytime I am sitting on the build it's from 0.
To deploy most of my compiled softwares I am using a tar.xz which can be deployed ontop of the existing system as a 'module' and I found it much simpler for me to work with simple bash scripts then the debian packaging.
Without someone helping me to repackage over and over couple times of packages then it's not being pulled into the box but merely passing from one side to the other...
@dmbaturin gave me couple tips and cleared things for me.
I will try to finish couple things here before we\I can dive into the subject.
Sep 23 2016
It can be disabled as will.
It works or not like any other external module which doesn't require kernel changes.( the specific ve21loring version)