squeeby (Chris Rigby)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Jun 2 2016, 12:52 PM (107 w, 4 h)
Availability
Available

Recent Activity

Apr 1 2018

squeeby added a comment to T590: openvpn config using openvpn config file.

I agree with the above, this is actually how I'm dealing with custom options with dhcpd at the moment, however the same can't be done with openvpn as the functionality to include files doesn't exist within openvpn's config format, whereas it does with dhcpd.

Apr 1 2018, 4:41 PM · VyConf

Mar 31 2018

squeeby added a comment to T590: openvpn config using openvpn config file.

Not just for inputting alot of commands, but making it possible to simply specifiy an opevnpn config instead of having to re-implement every possible openvpn setting using the VyOS syntax would be a huge benefit.
Not to mention the automation aspects.. copy config, load it. done.

Mar 31 2018, 8:57 PM · VyConf

Jan 7 2018

squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

I'm using ntop-ng + nprobe.

Jan 7 2018, 1:28 PM · VyOS 1.2.x (VyOS 1.2.0-rc1)

Jan 5 2018

squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

Looks good!

Jan 5 2018, 3:20 PM · VyOS 1.2.x (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

This appears to operate as expected.

Jan 5 2018, 2:58 PM · VyOS 1.2.x (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

So by reverting, the file /opt/vyatta/sbin/vyatta-netflow.pl contains:

328 sub acct_add_nflog_target {
329     my ($intf) = @_;
330
331     my ($table_chain) = acct_get_table_chain();
332     while (my ($chain, $table) = each(%$table_chain)) {
333         my $cmd = "iptables -t $table -I $chain 1 -i $intf -j NFLOG" ." --nflog-group 2";
334         if (defined $nflog_range) {
335             $cmd .= " --nflog-range $nflog_range";
336         }
337         if (defined $nflog_threshold) {
338             $cmd .= " --nflog-threshold $nflog_threshold";
339         }
340         my $ret = system($cmd);
341         if ($ret >> 8) {
342             die "Error: [$cmd] failed - $?\n";
343         }
344     }
345 }
Jan 5 2018, 2:18 PM · VyOS 1.2.x (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

Do you know how I can restore the previous version so I can see if it was this package that changed it?

Jan 5 2018, 1:59 PM · VyOS 1.2.x (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

I applied your patch but now iptables has reverted to using the ULOG target instead of NFLOG:

squeeb@gw1# commit
[ system flow-accounting interface eth2 ]
iptables: No chain/target/match by that name.
Error: [iptables -t raw -I VYATTA_CT_PREROUTING_HOOK 1 -i eth2 -j ULOG --ulog-nlgroup 2 --ulog-cprange 64 --ulog-qthreshold 10] failed - 256
Jan 5 2018, 7:50 AM · VyOS 1.2.x (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

Changing the following lines to the excerpt below in /opt/vyatta/sbin/vyatta-netflow.pl seems to work:

Jan 5 2018, 1:51 AM · VyOS 1.2.x (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.
# show system flow-accounting
 interface pppoe0
 interface eth2.2
 interface eth2.3
 sflow {
     agent-address 192.168.64.1
     sampling-rate 10
     server 192.168.64.10 {
         port 2055
     }
 }
Jan 5 2018, 1:38 AM · VyOS 1.2.x (VyOS 1.2.0-rc1)

Nov 16 2017

squeeby added a comment to T456: lldpd is broken on 1.1.8.

Another workaround is the following:

Nov 16 2017, 11:10 PM · VyOS 1.1.x (1.1.9)