Jessie based VyOS - Crux
Fri, Aug 23
I confirm, this behavior was reproduced. As I saw, problem with outgoing marked packets from server. Maybe for this case need add some option for marking only incoming packets, like
While using NAT, just set mark=%unique for in and out marking
Don't use the same private key in two places at the same time. This means it's not a good idea to copy private keys between computers and use it in two places, and probably also means you shouldn't assign the private key to two interfaces on the same computer at the same time, unless you have a really particular and weird setup and know precisely the implications of it. Doesn't sound like that's the case here. So you're probably best doing a private key per interface.
Thu, Aug 22
Does this mean it'll make it into Crux soon?
Wed, Aug 21
The problem is in FRRouting itself. It can be reproduced in 7.0.1-20190820-04-g047efd6, 7.1-20190820-02-g1ed807a. But in 7.2-dev-20190820-03-g9316c82 everything work as expected.
We should try to find which changes fixed this problem and reapply it to one of the current stable FRR versions or wait for the next stable.
Tue, Aug 20
Mon, Aug 19
Sat, Aug 17
On the fresh version builded today:
Fri, Aug 16
Maybe you could comment on this @zx2c4 ?
I think we should use it as a chance to improve it. The nesting does not do anyone any favors, tcpdump applies to all interface type, so a single level "monitor interface $intf" command is going to be easier to use.
Thu, Aug 15
[e]ach network interface has a private key [...]
Each network interface has a private key and a list of peers
Wed, Aug 14
Tue, Aug 13
Why not use curl which is inside the image?
Mon, Aug 12
Yes, sorry, I was mean about new syntax for rolling release. PR for fixing issue with ARP https://github.com/vyos/vyos-1x/pull/101
@Dmitry, thanks for reply.
Hello @olofl , I think you need show protocols static arp interface eth1.1728 command. You also may read about ARP on https://vyos.readthedocs.io/en/latest/routing/arp.html?highlight=show%20arp
Fri, Aug 9
I don't think it's a good idea, for several reasons.
This sounds like a good improvement!
I second this, I would like to be able to setup different keys for multiple wireguard interfaces too.