In T3640#96973, @Viacheslav wrote:

I think it will be enough to remove the peer and add again.
@hagbard what do you think?
https://github.com/vyos/vyos-1x/blob/d48dddab0509e562209adfb115b0e691b8e47f54/python/vyos/ifconfig/wireguard.py#L197

Wireguard has no link states on the interface, the ip command just does an 'administrative' up down, which won't start a renegotiation. The policy description (remove peer) needs to be removed from the wg interface and re-added, otherwise you need to wait until wg tries to rekey which will then eventually renegotiate the entire connection.
The removal was as far as I recall part of the original vyos code, so it may have been removed at one point, I haven't looked into the code yet.

Sounds good, syslog needs to be set to level debug for kernel facility, so it's per default only visible in the journal logs. Tested with a few tunnels, it's not very noisy, even with 20 tunnels.

output looks then like below and is being logged to ringbuffer as well as systemd-journald:

vyatta-webproxy: 80% done, @cpo grabbed it since I had no time to continue for a while and put it on hold. I removed obsolete options which implies the need of a migration script. Ldap, AD, IP and user/passwd auth works, I removed caches, squidguard, include domain filters (just a list) and so on, but I stopped it now since it's been taken away.

Kernel modules are pre-compiled and can be loaded.

Due to the fact that transparent proxy, which was the default, is being removed for now, there will be in the first version 2 authentication modes, one is by IP address or network (nothing else would be required as long as you have the correct src IP) and LDAP (either anonym or with bind-dn to browse LDAP. I have both mechanisms already working via cli and about to clean up and test right now. If anyone need a special authentication mechanism, please let me know. I also disabled local file caches, since these days most traffic is https anyway, we can take some pressure off of the filesystem (ssd).

The perl scripts didn't create any config line, that's why I'm asking. I have it already implemented and successfully tested with the new python code, but wonder how people were able to use it all by just using the cli. I may need somebody for testing with AD, since I don't have access to any AD environment anymore.

Does anyone know if ldap auth worked at all with the old perl backend? I try to find out how likely I need to migrate cli entries. from what I have seen, ldap auth with anonymous ldap browsing didn't generate any required config for squid.

I agree, a separate DNS would be way easier to maintain if you have a lot of TLDs you need/want to block, since squid has to load it from a list, let's see if anyone is still using that, other wise it would be nicer and easier to scrape that off and implement a nameserver tag node win the cli.

Is there any interest in the following scenarios:

In T563#74302, @c-po wrote:

Please use the new get_config_dict() API calls.

Squid will be used for authentication and controlling name resolution (pointing to a spacial DNS or so?) , no squidguard or caching will be used anymore. It also ran in transparent mode per default, which requires an iptables rules set. I think that feature can be removed, since a transparent proxy has no authentication options anyway.

@c-po https://github.com/vyos/vyos-build/pull/121 will fix it, but I used .142 while the conifg file was from 136, so please review first. I tested it and the system speaker is fully functional again.
You can test it quickly via `echo -ne "\a"', which should make noise. Beep seems to be broken, looks like it can't be used via sudo, something I may can have a look later into.
cheers

echo -ne "\a" should give you a beep sound on the the system speaker too, if you just want to quickly test it. I tested it with deb10 minimal install, works via qemu too.
e.g: qemu-system-x86_64 -smp cpus=3 -soundhw pcspk -m 1024 -enable-kvm -drive file=os.img,media=disk (os disk is a deb10 netinstall).
With capabilities I meant the listed capabilities listed under the input link via sys:

As far as I recall it doesn't initializes is correctly anymore, you can test with beep. The system beep you can set via cli is broken since then.

Fixing up the code, but it will suffer the same issue as in T2835. That build file should be the last thing in the build process, otherwise there is no other way to find out what pkg were installed during the build.

It looks like that the build process messed it up, it did create the version file at the beginning of the build, not at the end. After the file usr/share/vyos/version.json was create, pkg installations took place a few minutes alter, that's why everything in the image is newer than the version file, therefore the command output is absolutely correct. I'll check if I can find out what went wrong during the build, since it appears that only 1.2.6 is affected.

/usr/libexec/vyos/op_mode/version.py:
Built on: Thu 13 Aug 2020 11:57 UTC

Happens also when just using the booted image without install. Investigating.

-1 as well
As an additional tool I think it's ok but other than that there is no reason for that too.

merged.

The code should be in the op-mode script rather than the class.But the PR was merged in, so I suppose it's ok.

@alien Can you please share your config, I can't reproduce it. The op function will be moved into the the ops script out of the ifconfig class, which caused the issue due to restructuring out internal class architecture.

@alien Can you please test the issue with the latest rolling release?

https://github.com/vyos/vyos-1x/commit/5cb0059353e94dc11aa116e4aa8ce0422c4f3534 should fix the issue. The op-mode commands may need to be refactored in general and split into it's own structures.

@syncer https://github.com/vyos/vyos-1x/commit/dad110ce666edae42ac18c59a800bda503589f27 are only CLI modifications (validation to be be precise), no code changes at all which would change the functionality, in my opinion it can be backported as is.

No answer from user.

https://github.com/vyos/vyos-1x/commit/d9fa3fb7d7613cd5d6297115da0dc63462d4cf69
@Dmitry next rolling will have it enabled, let me know if it works for you as intended.

https://github.com/vyos/vyos-1x/commit/a00436d33f9f4352ae22a1e3fec7a71fa4f7ceaa

All right, we stay with squid, however I may drop squidguard but ask in the forum first if that feature would be required by many users.

https://github.com/vyos/vyos-1x/commit/537b2e753bea8f45e33b01e5b1bc094462fb2c04

https://github.com/vyos/vyos-1x/commit/da8b089e48fef03518e2cd119e4bf84cf5630728