Page MenuHomeVyOS Platform

lbv2rus (Boris Leonov)
User

Projects

User does not belong to any projects.

User Details

User Since
Nov 6 2017, 10:06 PM (154 w, 4 d)

Recent Activity

Tue, Oct 20

lbv2rus added a comment to T1721: Recursive Next Hop not updated for static routes.

Simple R1&R2
R2 will have low priority in HA and other ip-adresses in the same subnet

high-availability {
    vrrp {
        group eth0-1 {
            advertise-interval 1
            interface eth0
            priority 150
            virtual-address IA.IA.IA.IA/I
            vrid 1
        }
        group eth1-101 {
            advertise-interval 1
            interface eth1
            priority 150
            virtual-address LA.LA.LA.LA/L
            vrid 101
        }
        sync-group G1 {
            member eth0-1
            member eth1-101
        }
    }
}
interfaces {
    ethernet eth0 {
        address I.I.I.I/I
        description "Internet Interface"
        duplex auto
        smp-affinity auto
        speed auto
    }
    ethernet eth1 {
        address L.L.L.L/L
        description "LAN Interface"
        duplex auto
        ip {
            ospf {
                cost 10
                dead-interval 40
                hello-interval 10
                priority 1
                retransmit-interval 5
                transmit-delay 1
            }
        }
        policy {
            route PROXY-ROUTING
        }
        smp-affinity auto
        speed auto        
    }
    loopback lo {
    }
    vti vti0 {
        address YA.YA.YA.YA/30
        description "Tunnel to R3"
    }
    vti vti1 {
        address YB.YB.YB.YB/30
        description "Tunnel to R4"
    }
}
nat {
    source {
        rule 1 {
            description "Default"
            outbound-interface eth0
            translation {
                address masquerade
            }
        }
    }
}
policy {
    access-list 10 {
        rule 1 {
            action permit
            source {
                inverse-mask 0.255.255.255
                network 10.0.0.0
            }
        }
        rule 2 {
            action deny
            source {
                any
            }
        }
    }
    route PROXY-ROUTING {
        rule 10 {
            description "Local Network to Main Table"
            destination {
                address 10.0.0.0/8
            }
            protocol all
            set {
                table main
            }
        }
        rule 99 {
            description "Users to Proxy"
            protocol all
            set {
                table 100
            }
        }
    }
}
protocols {
    ospf {
        access-list 10 {
            export connected
        }
        area 0 {
            authentication md5
            network L.L.L.L/X
            network YA.YA.YA.YA/30
			network YB.YB.YB.YB/30
        }
        parameters {
            abr-type cisco
            router-id L.L.L.L
        }
        passive-interface default
        passive-interface-exclude vti0
        passive-interface-exclude vti1
        redistribute {
            connected {
                metric-type 2
            }
            static {
                metric-type 2
            }
        }
    }
    static {
        route 0.0.0.0/0 {
            next-hop I.I.I.I {
            }
        }
        table 100 {
            route 0.0.0.0/0 {
                next-hop LZ.LZ.LZ.lZ {
                }
            }
        }
    }
}
vpn {
    ipsec {
        esp-group ESP1-NR {
            compression disable
            lifetime 1800
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group IKE1-NR {
            close-action none
            dead-peer-detection {
                action restart
                interval 30
                timeout 120
            }
            ikev2-reauth no
            key-exchange ikev1
            lifetime 3600
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface eth0
        }
        nat-networks {
            allowed-network 10.0.0.0/8 {
            }
            allowed-network 172.16.0.0/12 {
            }
            allowed-network 192.168.0.0/16 {
            }
        }
        options {
            disable-route-autoinstall
        }
        site-to-site {
            peer A.A.A.A {
                authentication {
                    mode rsa
                    rsa-key-name R3-RSA-KEY
                }
                connection-type initiate
                default-esp-group ESP1-NR
                description "Tunnel to R3"
                ike-group IKE1-NR
                ikev2-reauth inherit
                local-address L.L.L.L
                vti {
                    bind vti0
                    esp-group ESP1-NR
                }
            }
            peer B.B.B.B {
                authentication {
                    mode rsa
                    rsa-key-name R2-RSA-KEY
                }
                connection-type initiate
                default-esp-group ESP1-NR
                description "Tunnel to R4"
                ike-group IKE1-NR
                ikev2-reauth inherit
                local-address L.L.L.L
                vti {
                    bind vti1
                    esp-group ESP1-NR
                }
            }
        }
    }
}
Tue, Oct 20, 3:04 PM · VyOS 1.3 Equuleus
lbv2rus added a comment to T1721: Recursive Next Hop not updated for static routes.

I cannot check rolling release, but on latest 1.2.6 problem is solved.

Tue, Oct 20, 11:49 AM · VyOS 1.3 Equuleus

Oct 18 2019

lbv2rus closed T1380: OpenVPN Interfaces does not work in WAN Load Balancing as Resolved.

fixed in 1.2.3

Oct 18 2019, 8:54 PM · VyOS 1.2 Crux (VyOS 1.2.3)

Oct 10 2019

lbv2rus created T1721: Recursive Next Hop not updated for static routes.
Oct 10 2019, 4:38 PM · VyOS 1.3 Equuleus

Oct 1 2019

lbv2rus created T1707: DHCP static mapping and exclude address not working.
Oct 1 2019, 10:54 PM · VyOS 1.2 Crux (VyOS 1.2.4), VyOS 1.3 Equuleus

May 14 2019

lbv2rus created T1380: OpenVPN Interfaces does not work in WAN Load Balancing.
May 14 2019, 2:31 PM · VyOS 1.2 Crux (VyOS 1.2.3)

Apr 23 2019

lbv2rus added a comment to T1297: Add GARP settings to VRRP/keepalived.

It will be good to have ability to configure followed GARP settings for individual VRRP groups or, at least for keepalived daemon overall, becouse in some situation switches can filter multiple ARP-packets, that is generated on transition.
In the process of migration to 1.2.1 we have discovered, that some GARP packets (we have 6 VRRP-groups on Interner interface) was filtered with ARP-spoofing filter by our ISP.
Problem was solved with VRRP-migration scripts, that execute some additional arping in ARP-Reply mode.

Apr 23 2019, 3:35 PM · VyOS 1.3 Equuleus
lbv2rus updated the task description for T1350: VRRP transition script will be executed once only.
Apr 23 2019, 3:28 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus
lbv2rus created T1350: VRRP transition script will be executed once only.
Apr 23 2019, 3:27 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus

Feb 7 2019

lbv2rus added a comment to T1218: Static routes not being applied in 1.2 Release.
In T1218#32229, @kroy wrote:

@lbv2rus

Yeah, it wasn't really a workable solution for me either and I too had to roll back. But it would be good to confirm that is the problem.

Feb 7 2019, 4:15 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)

Feb 6 2019

lbv2rus added a comment to T1218: Static routes not being applied in 1.2 Release.
In T1218#32227, @kroy wrote:

@lbv2rus There might actually be a few problems here. We might have hacked out that it's the interface-route with the custom routing table that's causing the problem.

Removing that should bring back static routes.

Feb 6 2019, 4:56 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
lbv2rus added a comment to T1218: Static routes not being applied in 1.2 Release.

I can confirm, that fresh installed instance of 1.2 do not add static routes, include default route.
After deleting all "protocols static" section and recreating it manualy, only default route is added.
But, after reboot no default route is set.

Feb 6 2019, 3:04 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)

Jan 29 2019

lbv2rus added a comment to T586: Cannot add ethernet vif-s vif-c interface to bridge-group.

Hi.
Sorry for bad english.

Jan 29 2019, 9:20 PM · VyOS 1.3 Equuleus

Nov 6 2017

lbv2rus created T445: iptables error with policy routing.
Nov 6 2017, 10:20 PM · VyOS 1.3 Equuleus