Jessie based VyOS - Crux
Details
Details
Description
Yesterday
Yesterday
c-po triaged T1876: IPSec VTI tunnels are deleted after rekey and dangling around as A/D as Unbreak Now! priority.
c-po updated the task description for T1876: IPSec VTI tunnels are deleted after rekey and dangling around as A/D.
Fri, Dec 13
Fri, Dec 13
c-po added a comment to T1832: radvd adding feature DNSSL branch.example.com example.com to existing package.
tagNode has been renamed to dnssl
Thu, Dec 12
Thu, Dec 12
hagbard renamed T1872: Removing serial console port from ESXi VM causes flooded syslog from Removing serial console port from ESXi VM causes flodded syslog to Removing serial console port from ESXi VM causes flooded syslog.
jjakob added a comment to T1872: Removing serial console port from ESXi VM causes flooded syslog.
I'm experiencing the same issue of the service failing to start on 1.3.
The installation was first started with the default config in a VM that had a serial port. Then the installation was transferred to a physical machine without a serial port, and the whole /config directory was manually copied from the old installation on that machine. The result were the same errors in syslog/journal.
I believe the issue is that if the config.boot is manually replaced or edited on disk, the script that would normally be triggered on commit when deleting system console is never triggered, thus the service remains enabled, but there is no system console in the config to delete any more.
c-po updated the task description for T1872: Removing serial console port from ESXi VM causes flooded syslog.
c-po added a comment to T1865: IPSec (IKEv2) connections to AZURE are dying.
Problem was in the wrong IKEv2 definition, set vpn ipsec ike-group IKE-AZURE ikev2-reauth must be yes
Wed, Dec 11
Wed, Dec 11
hagbard moved T1832: radvd adding feature DNSSL branch.example.com example.com to existing package from In Progress to Finished on the VyOS 1.3 Equuleus board.
hagbard changed the status of T1832: radvd adding feature DNSSL branch.example.com example.com to existing package from Needs testing to Backport candidate.
hagbard changed the status of T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config. from Needs testing to Backport pending.
kroy updated subscribers of T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config..
T1846 fixes this
Tue, Dec 10
Tue, Dec 10
hagbard added a comment to T1867: ISO 1.2.4-epa1 not having the latest changes.
Looks like the vyos-1x images was not rebuilt from the crux branch before the new image was built. I manually checked out the crux branch and the commit ins backported in there, rebuilt the packages manually and everything needed is in there and working.
Raeven added a comment to T1867: ISO 1.2.4-epa1 not having the latest changes.
Link to the changelog https://phabricator.vyos.net/maniphest/query/Vx2T4niywHe4/#R
hagbard changed the status of T1853: wireguard - disable peer doesn't work , a subtask of T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config., from Needs testing to Backport candidate.
hagbard changed the status of T1853: wireguard - disable peer doesn't work from Needs testing to Backport candidate.
tested with today rolling release. (https://downloads.vyos.io/rolling/current/amd64/vyos-1.2-rolling-201912100217-amd64.iso)
hagbard changed the status of T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config. from Open to Needs testing.
@kroy please test with the latest rolling if https://phabricator.vyos.net/T1846 solves your issue.
elbuit changed Difficulty level from unknown to normal on T1836: import-conf-mode-commands in vyos-1x/scripts fails to create an xml.
elbuit changed the status of T1836: import-conf-mode-commands in vyos-1x/scripts fails to create an xml from Open to In progress.
Mon, Dec 9
Mon, Dec 9
kroy added a comment to T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config..
Related to T1844, which should correct the original problem in this ticket
kroy added a comment to T1853: wireguard - disable peer doesn't work .
Sun, Dec 8
Sun, Dec 8
c-po updated the task description for T1865: IPSec (IKEv2) connections to AZURE are dying.
c-po updated the task description for T1865: IPSec (IKEv2) connections to AZURE are dying.
c-po changed the status of T1864: Lower IPSec DPD timeout lower limit from 10s -> 2s from Open to In progress.
Fri, Dec 6
Fri, Dec 6
Viacheslav added a comment to T1854: Dynamic DNS configuration cannot be deleted.
@zsdc Maybe Incorrect file location. "ddclient.pid"
c-po changed Difficulty level from unknown to easy on T1856: Support configuring IPSec SA bytes.
kroy added a comment to T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config..
Okay, so this problem just got a LOT more bizarre.
Thu, Dec 5
Thu, Dec 5
dmbaturin added a comment to T1826: Misleading message on "reboot at" command.
The runtime errors are fixed by the above commit.
dmbaturin added a parent task for T1826: Misleading message on "reboot at" command: T1855: Clean up the reboot/poweroff CLI and script.
dmbaturin renamed T1826: Misleading message on "reboot at" command from Missleading message on "reboot at" command to Misleading message on "reboot at" command.
hagbard added a comment to T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config..
@kroy I can't really reproduce it if I disable the peer first when multiple peers are defined on the same wg interface.
Can you please do a touch /tmp/vyos.ifconfig.debug and then run your commands and post it here?
It will show you the commands execute for each step like:
vyos@wg01# set interfaces wireguard wg0 peer wg02 disable [edit] vyos@wg01# commit [ interfaces wireguard wg0 ] DEBUG/wg0 write '1420' > '/sys/class/net/wg0/mtu' DEBUG/wg0 write 'wg0' > '/sys/class/net/wg0/ifalias' DEBUG/wg0 cmd 'wg set wg0 peer G1aA2KkyFyC8xsCUeENvuIW8HC5yDxwi902nR20592Y= remove' DEBUG/wg0 cmd 'wg set wg0 listen-port 12345 fwmark 0 private-key /config/auth/wireguard/default/private.key peer hbwJSCu6SGUKIReNhWxlDIFRNCl5L7PaUSYOo2BF+Rg= preshared-key /dev/null allowed-ips 10.100.100.3/32 endpoint 10.1.1.203:12345 persistent-keepalive 0' DEBUG/wg0 cmd 'ip link set dev wg0 up'
hagbard moved T1853: wireguard - disable peer doesn't work from Need Triage to Finished on the VyOS 1.3 Equuleus board.
hagbard changed the status of T1853: wireguard - disable peer doesn't work , a subtask of T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config., from In progress to Needs testing.
hagbard changed the status of T1853: wireguard - disable peer doesn't work from In progress to Needs testing.
zsdc changed the status of T1854: Dynamic DNS configuration cannot be deleted from Open to Confirmed.
hagbard changed the status of T1853: wireguard - disable peer doesn't work , a subtask of T1851: wireguard - changing the pubkey on an existing peer seems to destroy the running config., from Open to In progress.