Page MenuHomeVyOS Platform
Files F4222723

240302-ha-r01a-failed2.txt
All Users
Actions

Authored By
matthewr
Mar 2 2024, 6:26 PM
Size
80 KB
Referenced Files
None
Subscribers
None

240302-ha-r01a-failed2.txt
View Options

itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ sh system image
The system currently has the following image(s) installed:
1: 1.3.3 (default boot)
itconsult@ha-r01a:~$ sh conf c | strip-private
set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group network-group internaladdresses network 'xxx.xxx.42.0/24'
set firewall group network-group internaladdresses network 'xxx.xxx.23.0/29'
set firewall group network-group internaladdresses network 'xxx.xxx.203.24/29'
set firewall group network-group internaladdresses network 'xxx.xxx.69.64/29'
set firewall group network-group internaladdresses network 'xxx.xxx.72.64/29'
set firewall group network-group internaladdresses network 'xxx.xxx.4.208/29'
set firewall group network-group outviajt network 'xxx.xxx.23.0/29'
set firewall group network-group outviajt network 'xxx.xxx.4.208/29'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name TO-ROUTER default-action 'drop'
set firewall name TO-ROUTER rule 10 action 'accept'
set firewall name TO-ROUTER rule 10 description 'itconsult Local Traffic'
set firewall name TO-ROUTER rule 10 protocol 'all'
set firewall name TO-ROUTER rule 10 source address 'xxx.xxx.42.0/24'
set firewall name TO-ROUTER rule 20 action 'accept'
set firewall name TO-ROUTER rule 20 description 'Foreshore link subnet'
set firewall name TO-ROUTER rule 20 protocol 'all'
set firewall name TO-ROUTER rule 20 source address 'xxx.xxx.95.24/29'
set firewall name TO-ROUTER rule 21 action 'accept'
set firewall name TO-ROUTER rule 21 description 'Foreshore routed subnet'
set firewall name TO-ROUTER rule 21 protocol 'all'
set firewall name TO-ROUTER rule 21 source address 'xxx.xxx.69.64/29'
set firewall name TO-ROUTER rule 30 action 'accept'
set firewall name TO-ROUTER rule 30 description 'Newtel link subnet'
set firewall name TO-ROUTER rule 30 protocol 'all'
set firewall name TO-ROUTER rule 30 source address 'xxx.xxx.203.32/29'
set firewall name TO-ROUTER rule 31 action 'accept'
set firewall name TO-ROUTER rule 31 description 'Newtel link subnet'
set firewall name TO-ROUTER rule 31 protocol 'all'
set firewall name TO-ROUTER rule 31 source address 'xxx.xxx.203.24/29'
set firewall name TO-ROUTER rule 40 action 'accept'
set firewall name TO-ROUTER rule 40 description 'JT link subnet'
set firewall name TO-ROUTER rule 40 protocol 'all'
set firewall name TO-ROUTER rule 40 source address 'xxx.xxx.4.208/29'
set firewall name TO-ROUTER rule 41 action 'accept'
set firewall name TO-ROUTER rule 41 description 'JT routed subnet'
set firewall name TO-ROUTER rule 41 protocol 'all'
set firewall name TO-ROUTER rule 41 source address 'xxx.xxx.23.0/29'
set firewall name TO-ROUTER rule 42 action 'accept'
set firewall name TO-ROUTER rule 42 description 'JT BGP peers'
set firewall name TO-ROUTER rule 42 protocol 'all'
set firewall name TO-ROUTER rule 42 source address 'xxx.xxx.12.56/31'
set firewall name TO-ROUTER rule 43 action 'accept'
set firewall name TO-ROUTER rule 43 description 'JT BGP peers'
set firewall name TO-ROUTER rule 43 protocol 'all'
set firewall name TO-ROUTER rule 43 source address 'xxx.xxx.102.192/29'
set firewall name TO-ROUTER rule 46 action 'accept'
set firewall name TO-ROUTER rule 46 description 'qr broadband'
set firewall name TO-ROUTER rule 46 protocol 'all'
set firewall name TO-ROUTER rule 46 source address 'xxx.xxx.27.93/32'
set firewall name TO-ROUTER rule 47 action 'accept'
set firewall name TO-ROUTER rule 47 description 'vp-r01a'
set firewall name TO-ROUTER rule 47 protocol 'all'
set firewall name TO-ROUTER rule 47 source address 'xxx.xxx.63.136/32'
set firewall name TO-ROUTER rule 50 action 'accept'
set firewall name TO-ROUTER rule 50 description 'ssh from m70'
set firewall name TO-ROUTER rule 50 destination port 'ssh'
set firewall name TO-ROUTER rule 50 protocol 'tcp'
set firewall name TO-ROUTER rule 50 source address 'xxx.xxx.144.150/32'
set firewall name TO-ROUTER rule 51 action 'accept'
set firewall name TO-ROUTER rule 51 description 'ssh from m72'
set firewall name TO-ROUTER rule 51 destination port 'ssh'
set firewall name TO-ROUTER rule 51 protocol 'tcp'
set firewall name TO-ROUTER rule 51 source address 'xxx.xxx.34.123/32'
set firewall name TO-ROUTER rule 60 action 'accept'
set firewall name TO-ROUTER rule 60 description 'VRRP'
set firewall name TO-ROUTER rule 60 destination address 'xxx.xxx.0.18'
set firewall name TO-ROUTER rule 60 protocol '112'
set firewall name TO-ROUTER rule 70 action 'accept'
set firewall name TO-ROUTER rule 70 description 'IPSEC UDP'
set firewall name TO-ROUTER rule 70 destination port '500,4500,1701'
set firewall name TO-ROUTER rule 70 protocol 'udp'
set firewall name TO-ROUTER rule 80 action 'accept'
set firewall name TO-ROUTER rule 80 description 'IPSEC ESP'
set firewall name TO-ROUTER rule 80 protocol 'esp'
set firewall name TO-ROUTER rule 100 action 'accept'
set firewall name TO-ROUTER rule 100 description 'DHCP'
set firewall name TO-ROUTER rule 100 destination port 'bootps'
set firewall name TO-ROUTER rule 100 protocol 'udp'
set firewall name TO-ROUTER rule 401 action 'accept'
set firewall name TO-ROUTER rule 401 description 'wireguard re lvg-r01'
set firewall name TO-ROUTER rule 401 destination port '51820'
set firewall name TO-ROUTER rule 401 protocol 'udp'
set firewall name TO-ROUTER rule 401 source address 'xxx.xxx.69.0/24'
set firewall name TO-ROUTER rule 402 action 'accept'
set firewall name TO-ROUTER rule 402 description 'wireguard re lvg-r01'
set firewall name TO-ROUTER rule 402 destination port '51820'
set firewall name TO-ROUTER rule 402 protocol 'udp'
set firewall name TO-ROUTER rule 402 source address 'xxx.xxx.70.0/24'
set firewall name TO-ROUTER rule 996 action 'accept'
set firewall name TO-ROUTER rule 996 description 'ICMP Throughout'
set firewall name TO-ROUTER rule 996 protocol 'icmp'
set firewall name TO-ROUTER rule 999 action 'reject'
set firewall name TO-ROUTER rule 999 description 'Block'
set firewall name TO-ROUTER rule 999 log 'disable'
set firewall name TO-ROUTER rule 999 protocol 'all'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set high-availability vrrp group eth0.20-20 advertise-interval '1'
set high-availability vrrp group eth0.20-20 interface 'eth0.20'
set high-availability vrrp group eth0.20-20 priority '150'
set high-availability vrrp group eth0.20-20 virtual-address xxx.xxx.42.170/28
set high-availability vrrp group eth0.20-20 vrid '20'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:24'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth0 vif 20 address 'xxx.xxx.42.168/28'
set interfaces ethernet eth0 vif 20 description 'Hatherley Backbone'
set interfaces ethernet eth0 vif 20 firewall local name 'TO-ROUTER'
set interfaces ethernet eth0 vif 20 ip ospf cost '10'
set interfaces ethernet eth0 vif 20 ip ospf dead-interval '4'
set interfaces ethernet eth0 vif 20 ip ospf hello-interval '1'
set interfaces ethernet eth0 vif 20 ip ospf priority '120'
set interfaces ethernet eth0 vif 20 ip ospf retransmit-interval '5'
set interfaces ethernet eth0 vif 20 ip ospf transmit-delay '1'
set interfaces ethernet eth0 vif 20 policy route 'outviajt'
set interfaces ethernet eth0 vif 122 description 'ONT 509001'
set interfaces loopback lo address 'xxx.xxx.42.250/32'
set interfaces openvpn vtun1 description 'qr-r01a bb - ha-r01a bb'
set interfaces openvpn vtun1 disable
set interfaces openvpn vtun1 encryption cipher 'aes256'
set interfaces openvpn vtun1 firewall local name 'TO-ROUTER'
set interfaces openvpn vtun1 hash 'sha256'
set interfaces openvpn vtun1 ip ospf cost '20'
set interfaces openvpn vtun1 ip ospf dead-interval '4'
set interfaces openvpn vtun1 ip ospf hello-interval '1'
set interfaces openvpn vtun1 ip ospf network 'point-to-point'
set interfaces openvpn vtun1 ip ospf priority '1'
set interfaces openvpn vtun1 ip ospf retransmit-interval '5'
set interfaces openvpn vtun1 ip ospf transmit-delay '1'
set interfaces openvpn vtun1 local-address xxx.xxx.42.146 subnet-mask 'xxx.xxx.255.252'
set interfaces openvpn vtun1 mode 'site-to-site'
set interfaces openvpn vtun1 remote-address 'xxx.xxx.42.145'
set interfaces openvpn vtun1 remote-host 'xxx.xxx.27.93'
set interfaces openvpn vtun1 shared-secret-key-file xxxxxx
set interfaces openvpn vtun2 description 'qr-r01b foreshore - ha-r01a bb'
set interfaces openvpn vtun2 disable
set interfaces openvpn vtun2 encryption cipher 'aes256'
set interfaces openvpn vtun2 firewall local name 'TO-ROUTER'
set interfaces openvpn vtun2 hash 'sha256'
set interfaces openvpn vtun2 ip ospf cost '40'
set interfaces openvpn vtun2 ip ospf dead-interval '4'
set interfaces openvpn vtun2 ip ospf hello-interval '1'
set interfaces openvpn vtun2 ip ospf network 'point-to-point'
set interfaces openvpn vtun2 ip ospf priority '1'
set interfaces openvpn vtun2 ip ospf retransmit-interval '5'
set interfaces openvpn vtun2 ip ospf transmit-delay '1'
set interfaces openvpn vtun2 local-address xxx.xxx.42.150 subnet-mask 'xxx.xxx.255.252'
set interfaces openvpn vtun2 local-port '1195'
set interfaces openvpn vtun2 mode 'site-to-site'
set interfaces openvpn vtun2 remote-address 'xxx.xxx.42.149'
set interfaces openvpn vtun2 remote-host 'xxx.xxx.95.29'
set interfaces openvpn vtun2 remote-port '1195'
set interfaces openvpn vtun2 shared-secret-key-file xxxxxx
set interfaces openvpn vtun5 description 'vp-r01 - broadband'
set interfaces openvpn vtun5 disable
set interfaces openvpn vtun5 encryption cipher 'aes256'
set interfaces openvpn vtun5 firewall local name 'TO-ROUTER'
set interfaces openvpn vtun5 hash 'sha256'
set interfaces openvpn vtun5 ip ospf cost '65'
set interfaces openvpn vtun5 ip ospf dead-interval '4'
set interfaces openvpn vtun5 ip ospf hello-interval '1'
set interfaces openvpn vtun5 ip ospf network 'point-to-point'
set interfaces openvpn vtun5 ip ospf priority '1'
set interfaces openvpn vtun5 ip ospf retransmit-interval '5'
set interfaces openvpn vtun5 ip ospf transmit-delay '1'
set interfaces openvpn vtun5 local-address xxx.xxx.42.241 subnet-mask 'xxx.xxx.255.252'
set interfaces openvpn vtun5 local-port '1198'
set interfaces openvpn vtun5 mode 'site-to-site'
set interfaces openvpn vtun5 remote-address 'xxx.xxx.42.242'
set interfaces openvpn vtun5 remote-host 'xxx.xxx.63.136'
set interfaces openvpn vtun5 remote-port '1198'
set interfaces openvpn vtun5 shared-secret-key-file xxxxxx
set interfaces pppoe pppoe0 authentication password xxxxxx
set interfaces pppoe pppoe0 authentication user xxxxxx
set interfaces pppoe pppoe0 default-route 'none'
set interfaces pppoe pppoe0 firewall local name 'TO-ROUTER'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 no-peer-dns
set interfaces pppoe pppoe0 source-interface 'eth0.122'
set interfaces wireguard wg09 address 'xxx.xxx.136.237/30'
set interfaces wireguard wg09 description 'lvg-r01 via JT Broadband/Airtel'
set interfaces wireguard wg09 ip ospf dead-interval '4'
set interfaces wireguard wg09 ip ospf hello-interval '1'
set interfaces wireguard wg09 ip ospf network 'point-to-point'
set interfaces wireguard wg09 ip ospf priority '1'
set interfaces wireguard wg09 ip ospf retransmit-interval '5'
set interfaces wireguard wg09 ip ospf transmit-delay '1'
set interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 'xxx.xxx.0.0/0'
set interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive '25'
set interfaces wireguard wg09 peer to-lvg-r01 pubkey 'CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo='
set interfaces wireguard wg09 port '51820'
set interfaces wireguard wg09 private-key xxxxxx
set policy as-path-list itconsult rule 10 action 'permit'
set policy as-path-list itconsult rule 10 regex '^$'
set policy prefix-list default-route rule 10 action 'permit'
set policy prefix-list default-route rule 10 prefix 'xxx.xxx.0.0/0'
set policy prefix-list itconsult-aggregated rule 10 action 'permit'
set policy prefix-list itconsult-aggregated rule 10 prefix 'xxx.xxx.42.0/24'
set policy prefix-list rfc1918 rule 10 action 'permit'
set policy prefix-list rfc1918 rule 10 prefix 'xxx.xxx.0.0/8'
set policy prefix-list rfc1918 rule 11 action 'permit'
set policy prefix-list rfc1918 rule 11 ge '9'
set policy prefix-list rfc1918 rule 11 prefix 'xxx.xxx.0.0/8'
set policy prefix-list rfc1918 rule 20 action 'permit'
set policy prefix-list rfc1918 rule 20 prefix 'xxx.xxx.0.0/12'
set policy prefix-list rfc1918 rule 21 action 'permit'
set policy prefix-list rfc1918 rule 21 ge '13'
set policy prefix-list rfc1918 rule 21 prefix 'xxx.xxx.0.0/12'
set policy prefix-list rfc1918 rule 30 action 'permit'
set policy prefix-list rfc1918 rule 30 prefix 'xxx.xxx.0.0/16'
set policy prefix-list rfc1918 rule 31 action 'permit'
set policy prefix-list rfc1918 rule 31 ge '17'
set policy prefix-list rfc1918 rule 31 prefix 'xxx.xxx.0.0/16'
set policy route outviajt rule 10 description 'Internal Traffic'
set policy route outviajt rule 10 destination group network-group 'internaladdresses'
set policy route outviajt rule 10 set table 'main'
set policy route outviajt rule 10 source group network-group 'outviajt'
set policy route outviajt rule 20 description 'Out via JT'
set policy route outviajt rule 20 set table '1'
set policy route outviajt rule 20 source group network-group 'outviajt'
set policy route outviajt rule 30 description 'Normal Traffic'
set policy route outviajt rule 30 set table 'main'
set policy route-map bgp-local-no-export rule 10 action 'permit'
set policy route-map bgp-local-no-export rule 10 set community 'no-export'
set policy route-map bgp-no-advertise rule 10 action 'deny'
set policy route-map static-to-ospf rule 10 action 'permit'
set policy route-map static-to-ospf rule 10 description 'Redistribute default route'
set policy route-map static-to-ospf rule 10 match ip address prefix-list 'default-route'
set policy route-map static-to-ospf rule 20 action 'deny'
set policy route-map static-to-ospf rule 20 description 'Do not resistribute anything else'
set protocols bgp XXXXXX address-family ipv4-unicast aggregate-address xxx.xxx.42.0/24
set protocols bgp XXXXXX address-family ipv4-unicast network xxx.xxx.42.250/32 route-map 'bgp-local-no-export'
set protocols bgp XXXXXX neighbor xxx.xxx.42.213 description 'qr-r01a'
set protocols bgp XXXXXX neighbor xxx.xxx.42.213 peer-group 'ITCONSULT'
set protocols bgp XXXXXX neighbor xxx.xxx.42.214 description 'vp-r01'
set protocols bgp XXXXXX neighbor xxx.xxx.42.214 peer-group 'ITCONSULT'
set protocols bgp XXXXXX neighbor xxx.xxx.42.215 description 'ha-r01b'
set protocols bgp XXXXXX neighbor xxx.xxx.42.215 peer-group 'ITCONSULT'
set protocols bgp XXXXXX neighbor xxx.xxx.42.251 description 'qr-r01b'
set protocols bgp XXXXXX neighbor xxx.xxx.42.251 peer-group 'ITCONSULT'
set protocols bgp XXXXXX parameters log-neighbor-changes
set protocols bgp XXXXXX parameters no-fast-external-failover
set protocols bgp XXXXXX peer-group ITCONSULT remote-as '25040'
set protocols bgp XXXXXX peer-group ITCONSULT update-source 'xxx.xxx.42.250'
set protocols bgp XXXXXX timers holdtime '45'
set protocols bgp XXXXXX timers keepalive '5'
set protocols ospf area 0 area-type normal
set protocols ospf area 0 network 'xxx.xxx.42.160/28'
set protocols ospf area 0 network 'xxx.xxx.42.250/32'
set protocols ospf area 0 network 'xxx.xxx.42.156/30'
set protocols ospf area 0 network 'xxx.xxx.42.200/30'
set protocols ospf area 0 network 'xxx.xxx.42.144/30'
set protocols ospf area 0 network 'xxx.xxx.42.148/30'
set protocols ospf area 0 network 'xxx.xxx.42.240/30'
set protocols ospf area 0 network 'xxx.xxx.136.236/30'
set protocols ospf default-information originate metric '10'
set protocols ospf default-information originate metric-type '1'
set protocols ospf log-adjacency-changes detail
set protocols ospf redistribute static metric-type '2'
set protocols ospf redistribute static route-map 'static-to-ospf'
set protocols static interface-route xxx.xxx.63.136/32 next-hop-interface pppoe0
set protocols static interface-route xxx.xxx.69.0/24 next-hop-interface pppoe0
set protocols static interface-route xxx.xxx.70.0/24 next-hop-interface pppoe0
set protocols static interface-route xxx.xxx.12.56/31 next-hop-interface pppoe0
set protocols static interface-route xxx.xxx.27.93/32 next-hop-interface pppoe0
set protocols static interface-route xxx.xxx.95.29/32 next-hop-interface pppoe0
set protocols static route xxx.xxx.0.0/0 blackhole distance '210'
set protocols static route xxx.xxx.42.0/24 blackhole distance '210'
set protocols static table 1 interface-route xxx.xxx.0.0/0 next-hop-interface pppoe0
set service snmp community [redacted] authorization 'ro'
set service snmp community [redacted] network 'xxx.xxx.42.0/24'
set service ssh port '22'
set system config-management commit-revisions '20'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system domain-name xxxxxx
set system host-name xxxxxx
set system login banner post-login ''
set system login banner pre-login ''
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system name-server 'xxx.xxx.42.9'
set system name-server 'xxx.xxx.42.130'
set system ntp listen-address 'xxx.xxx.42.168'
set system ntp listen-address 'xxx.xxx.42.250'
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system syslog global facility all level 'debug'
set system syslog global facility protocols level 'debug'
set system syslog host xxx.xxx.42.2 facility all level 'debug'
set system time-zone 'GB'
set traffic-policy
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ ls
vyos-1.4.0-epa1-amd64.iso
itconsult@ha-r01a:~$ add system image vyos-1.4.0-epa1-amd64.iso
Checking SHA256 checksums of files on the ISO image... OK.
Done!
What would you like to name this image? [1.4.0-epa1]:
OK. This image will be named: 1.4.0-epa1
Installing "1.4.0-epa1" image.
Copying new release files...
Would you like to save the current configuration
directory and config file? (Yes/No) [Yes]:
Copying current configuration...
Would you like to save the SSH host keys from your
current configuration? (Yes/No) [Yes]:
Copying SSH keys...
Running post-install script...
Setting up grub configuration...
Done.
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ reboot
Are you sure you want to reboot this system? [y/N] y
Using username "itconsult".
[email protected]'s password:
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ ls -l /tmp
total 52
-rw-rw-r-- 1 root vyattacfg 42354 Mar 2 17:06 boot-config-trace
drwx------ 3 root root 60 Mar 2 17:06 systemd-private-16aa0d9940714369ba776deeda229eaf-chrony.service-1WcbcN
drwx------ 3 root root 60 Mar 2 17:05 systemd-private-16aa0d9940714369ba776deeda229eaf-haveged.service-0vD1rs
drwx------ 3 root root 60 Mar 2 17:05 systemd-private-16aa0d9940714369ba776deeda229eaf-systemd-logind.service-gc6rXC
-rw-r--r-- 1 root vyattacfg 868 Mar 2 17:06 vyos-configd-script-stdout
-rw-rw-r-- 1 root vyattacfg 2 Mar 2 17:06 vyos-config-status
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ cat /tmp/boot-config-trace
Traceback (most recent call last):
File "/usr/libexec/vyos/vyos-boot-config-loader.py", line 144, in <module>
commit_out = session.commit()
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 187, in commit
out = self.__run_command([COMMIT])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command
raise ConfigSessionError(output)
vyos.configsession.ConfigSessionError: Processing the Priority Queue
Entering the _commit_check_cfg_node
Executing the "system domain-name itconsult.net" ...
Elapsed 0.020 sec:
Executing the "system host-name ha-r01a" ...
Elapsed 0.005 sec:
Elapsed 0.026 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "system domain-name itconsult.net" ...
[ system domain-name itconsult.net ]
sudo: unable to resolve host ha-r01a: System error
Elapsed 1.221 sec:
Executing the "system host-name ha-r01a" ...
Elapsed 0.127 sec:
Elapsed 1.348 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "system time-zone GB" ...
Elapsed 0.511 sec:
Elapsed 0.511 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "system time-zone GB" ...
Elapsed 0.074 sec:
Elapsed 0.074 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "policy as-path-list itconsult rule 10" ...
Elapsed 0.053 sec:
Executing the "policy as-path-list itconsult rule 10 action permit" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list default-route" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list default-route rule 10" ...
Elapsed 0.009 sec:
Executing the "policy prefix-list default-route rule 10 action permit" ...
Elapsed 0.006 sec:
Executing the "policy prefix-list default-route rule 10 prefix 0.0.0.0/0" ...
Elapsed 0.011 sec:
Executing the "policy prefix-list itconsult-aggregated" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list itconsult-aggregated rule 10" ...
Elapsed 0.009 sec:
Executing the "policy prefix-list itconsult-aggregated rule 10 action permit" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list itconsult-aggregated rule 10 prefix 193.201.42.0/24" ...
Elapsed 0.011 sec:
Executing the "policy prefix-list rfc1918" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list rfc1918 rule 10" ...
Elapsed 0.009 sec:
Executing the "policy prefix-list rfc1918 rule 10 action permit" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list rfc1918 rule 10 prefix 10.0.0.0/8" ...
Elapsed 0.011 sec:
Executing the "policy prefix-list rfc1918 rule 11" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 11 action permit" ...
Elapsed 0.006 sec:
Executing the "policy prefix-list rfc1918 rule 11 ge 9" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 11 prefix 10.0.0.0/8" ...
Elapsed 0.013 sec:
Executing the "policy prefix-list rfc1918 rule 20" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 20 action permit" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list rfc1918 rule 20 prefix 172.16.0.0/12" ...
Elapsed 0.012 sec:
Executing the "policy prefix-list rfc1918 rule 21" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 21 action permit" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list rfc1918 rule 21 ge 13" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 21 prefix 172.16.0.0/12" ...
Elapsed 0.012 sec:
Executing the "policy prefix-list rfc1918 rule 30" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 30 action permit" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list rfc1918 rule 30 prefix 192.168.0.0/16" ...
Elapsed 0.012 sec:
Executing the "policy prefix-list rfc1918 rule 31" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 31 action permit" ...
Elapsed 0.005 sec:
Executing the "policy prefix-list rfc1918 rule 31 ge 17" ...
Elapsed 0.010 sec:
Executing the "policy prefix-list rfc1918 rule 31 prefix 192.168.0.0/16" ...
Elapsed 0.012 sec:
Executing the "policy route-map bgp-local-no-export" ...
Elapsed 0.005 sec:
Executing the "policy route-map bgp-local-no-export rule 10" ...
Elapsed 0.010 sec:
Executing the "policy route-map bgp-local-no-export rule 10 action permit" ...
Elapsed 0.005 sec:
Executing the "policy route-map bgp-no-advertise" ...
Elapsed 0.005 sec:
Executing the "policy route-map bgp-no-advertise rule 10" ...
Elapsed 0.009 sec:
Executing the "policy route-map bgp-no-advertise rule 10 action deny" ...
Elapsed 0.005 sec:
Executing the "policy route-map static-to-ospf" ...
Elapsed 0.005 sec:
Executing the "policy route-map static-to-ospf rule 10" ...
Elapsed 0.010 sec:
Executing the "policy route-map static-to-ospf rule 10 action permit" ...
Elapsed 0.005 sec:
Executing the "policy route-map static-to-ospf rule 10 description Redistribute default route" ...
Elapsed 0.005 sec:
Executing the "policy route-map static-to-ospf rule 20" ...
Elapsed 0.010 sec:
Executing the "policy route-map static-to-ospf rule 20 action deny" ...
Elapsed 0.005 sec:
Executing the "policy route-map static-to-ospf rule 20 description Do not resistribute anything else" ...
Elapsed 0.005 sec:
Elapsed 0.417 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "policy" ...
Elapsed 2.405 sec:
Elapsed 2.405 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "policy route outviajt" ...
Elapsed 0.008 sec:
Executing the "policy route outviajt interface eth0.20" ...
Elapsed 0.011 sec:
Executing the "policy route outviajt rule 10" ...
Elapsed 0.009 sec:
Executing the "policy route outviajt rule 10 description Internal Traffic" ...
Elapsed 0.005 sec:
Executing the "policy route outviajt rule 10 set table main" ...
Elapsed 0.009 sec:
Executing the "policy route outviajt rule 20" ...
Elapsed 0.009 sec:
Executing the "policy route outviajt rule 20 description Out via JT" ...
Elapsed 0.005 sec:
Executing the "policy route outviajt rule 20 set table 1" ...
Elapsed 0.009 sec:
Executing the "policy route outviajt rule 30" ...
Elapsed 0.009 sec:
Executing the "policy route outviajt rule 30 description Normal Traffic" ...
Elapsed 0.005 sec:
Executing the "policy route outviajt rule 30 set table main" ...
Elapsed 0.009 sec:
Elapsed 0.093 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "policy route outviajt" ...
Elapsed 0.152 sec:
Elapsed 0.152 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Elapsed 0.000 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "system conntrack" ...
Elapsed 0.251 sec:
Elapsed 0.251 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "interfaces loopback lo" ...
Elapsed 0.006 sec:
Executing the "interfaces loopback lo address 193.201.42.250/32" ...
Elapsed 0.018 sec:
Elapsed 0.024 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "interfaces loopback lo" ...
Elapsed 0.227 sec:
Elapsed 0.227 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Elapsed 0.000 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "pki" ...
Elapsed 0.071 sec:
Elapsed 0.071 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "interfaces ethernet eth0" ...
Elapsed 0.005 sec:
Executing the "interfaces ethernet eth0 duplex auto" ...
Elapsed 0.005 sec:
Executing the "interfaces ethernet eth0 hw-id 00:16:3e:e0:be:24" ...
Elapsed 0.019 sec:
Executing the "interfaces ethernet eth0 speed auto" ...
Elapsed 0.005 sec:
Executing the "interfaces ethernet eth0 vif 20" ...
Elapsed 0.009 sec:
Executing the "interfaces ethernet eth0 vif 20 address 193.201.42.168/28" ...
Elapsed 0.011 sec:
Executing the "interfaces ethernet eth0 vif 20 description Hatherley Backbone" ...
Elapsed 0.005 sec:
Executing the "interfaces ethernet eth0 vif 122" ...
Elapsed 0.009 sec:
Executing the "interfaces ethernet eth0 vif 122 description ONT 509001" ...
Elapsed 0.005 sec:
Elapsed 0.076 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "interfaces ethernet eth0" ...
Elapsed 0.914 sec:
Elapsed 0.914 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "firewall global-options all-ping enable" ...
Elapsed 0.010 sec:
Executing the "firewall global-options broadcast-ping disable" ...
Elapsed 0.011 sec:
Executing the "firewall global-options ipv6-receive-redirects disable" ...
Elapsed 0.012 sec:
Executing the "firewall global-options ipv6-src-route disable" ...
Elapsed 0.010 sec:
Executing the "firewall global-options ip-src-route disable" ...
Elapsed 0.012 sec:
Executing the "firewall global-options log-martians enable" ...
Elapsed 0.011 sec:
Executing the "firewall global-options receive-redirects disable" ...
Elapsed 0.012 sec:
Executing the "firewall global-options send-redirects enable" ...
Elapsed 0.009 sec:
Executing the "firewall global-options source-validation disable" ...
Elapsed 0.011 sec:
Executing the "firewall global-options syn-cookies enable" ...
Elapsed 0.013 sec:
Executing the "firewall global-options twa-hazards-protection disable" ...
Elapsed 0.010 sec:
Executing the "firewall group network-group internaladdresses" ...
Elapsed 0.011 sec:
Executing the "firewall group network-group internaladdresses network 193.201.42.0/24" ...
Elapsed 0.029 sec:
Executing the "firewall group network-group internaladdresses network 212.9.23.0/29" ...
Elapsed 0.025 sec:
Executing the "firewall group network-group internaladdresses network 213.133.203.24/29" ...
Elapsed 0.035 sec:
Executing the "firewall group network-group internaladdresses network 213.167.69.64/29" ...
Elapsed 0.026 sec:
Executing the "firewall group network-group internaladdresses network 213.167.72.64/29" ...
Elapsed 0.025 sec:
Executing the "firewall group network-group internaladdresses network 212.9.4.208/29" ...
Elapsed 0.025 sec:
Executing the "firewall group network-group outviajt" ...
Elapsed 0.011 sec:
Executing the "firewall group network-group outviajt network 212.9.23.0/29" ...
Elapsed 0.019 sec:
Executing the "firewall group network-group outviajt network 212.9.4.208/29" ...
Elapsed 0.015 sec:
Executing the "firewall ipv4 input filter default-action accept" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 input filter rule 5" ...
Elapsed 0.009 sec:
Executing the "firewall ipv4 input filter rule 5 action jump" ...
Elapsed 0.004 sec:
Executing the "firewall ipv4 input filter rule 5 inbound-interface name eth0.20" ...
Elapsed 0.066 sec:
Executing the "firewall ipv4 input filter rule 10" ...
Elapsed 0.009 sec:
Executing the "firewall ipv4 input filter rule 10 action jump" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 input filter rule 10 inbound-interface name pppoe0" ...
Elapsed 0.053 sec:
Executing the "firewall ipv4 input filter rule 15" ...
Elapsed 0.009 sec:
Executing the "firewall ipv4 input filter rule 15 action jump" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 input filter rule 15 inbound-interface name vtun1" ...
Elapsed 0.058 sec:
Executing the "firewall ipv4 input filter rule 20" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 input filter rule 20 action jump" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 input filter rule 20 inbound-interface name vtun2" ...
Elapsed 0.056 sec:
Executing the "firewall ipv4 input filter rule 25" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 input filter rule 25 action jump" ...
Elapsed 0.014 sec:
Executing the "firewall ipv4 input filter rule 25 inbound-interface name vtun5" ...
Elapsed 0.055 sec:
Executing the "firewall ipv4 name TO-ROUTER" ...
Elapsed 0.006 sec:
Executing the "firewall ipv4 name TO-ROUTER default-action drop" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 10" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 10 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 10 description itconsult Local Traffic" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 10 protocol all" ...
Elapsed 0.057 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 10 source address 193.201.42.0/24" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 20" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 20 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 20 description Foreshore link subnet" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 20 protocol all" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 20 source address 213.167.95.24/29" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 21" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 21 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 21 description Foreshore routed subnet" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 21 protocol all" ...
Elapsed 0.056 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 21 source address 213.167.69.64/29" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 30" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 30 action return" ...
Elapsed 0.006 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 30 description Newtel link subnet" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 30 protocol all" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 30 source address 213.133.203.32/29" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 31" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 31 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 31 description Newtel link subnet" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 31 protocol all" ...
Elapsed 0.060 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 31 source address 213.133.203.24/29" ...
Elapsed 0.034 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 40" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 40 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 40 description JT link subnet" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 40 protocol all" ...
Elapsed 0.067 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 40 source address 212.9.4.208/29" ...
Elapsed 0.033 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 41" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 41 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 41 description JT routed subnet" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 41 protocol all" ...
Elapsed 0.055 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 41 source address 212.9.23.0/29" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 42" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 42 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 42 description JT BGP peers" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 42 protocol all" ...
Elapsed 0.055 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 42 source address 212.9.12.56/31" ...
Elapsed 0.033 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 43" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 43 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 43 description JT BGP peers" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 43 protocol all" ...
Elapsed 0.066 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 43 source address 87.244.102.192/29" ...
Elapsed 0.033 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 46" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 46 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 46 description qr broadband" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 46 protocol all" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 46 source address 212.9.27.93/32" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 47" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 47 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 47 description vp-r01a" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 47 protocol all" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 47 source address 107.191.63.136/32" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 50" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 50 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 50 description ssh from m70" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 50 destination port ssh" ...
Elapsed 0.087 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 50 protocol tcp" ...
Elapsed 0.055 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 50 source address 139.162.144.150/32" ...
Elapsed 0.031 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 51" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 51 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 51 description ssh from m72" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 51 destination port ssh" ...
Elapsed 0.079 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 51 protocol tcp" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 51 source address 45.63.34.123/32" ...
Elapsed 0.032 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 60" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 60 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 60 description VRRP" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 60 destination address 224.0.0.18" ...
Elapsed 0.038 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 60 protocol 112" ...
Elapsed 0.059 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 70" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 70 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 70 description IPSEC UDP" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 70 destination port 500,4500,1701" ...
Elapsed 0.083 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 70 protocol udp" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 80" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 80 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 80 description IPSEC ESP" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 80 protocol esp" ...
Elapsed 0.059 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 100" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 100 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 100 description DHCP" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 100 destination port bootps" ...
Elapsed 0.079 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 100 protocol udp" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 401" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 401 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 401 description wireguard re lvg-r01" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 401 destination port 51820" ...
Elapsed 0.079 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 401 protocol udp" ...
Elapsed 0.055 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 401 source address 185.16.69.0/24" ...
Elapsed 0.033 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 402" ...
Elapsed 0.011 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 402 action return" ...
Elapsed 0.006 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 402 description wireguard re lvg-r01" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 402 destination port 51820" ...
Elapsed 0.084 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 402 protocol udp" ...
Elapsed 0.055 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 402 source address 185.16.70.0/24" ...
Elapsed 0.030 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 996" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 996 action return" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 996 description ICMP Throughout" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 996 protocol icmp" ...
Elapsed 0.054 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 999" ...
Elapsed 0.010 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 999 action reject" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 999 description Block" ...
Elapsed 0.005 sec:
Executing the "firewall ipv4 name TO-ROUTER rule 999 protocol all" ...
Elapsed 0.059 sec:
Elapsed 3.434 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "firewall" ...
Elapsed 0.613 sec:
Elapsed 0.613 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "interfaces pppoe pppoe0" ...
Elapsed 0.006 sec:
Executing the "interfaces pppoe pppoe0 authentication password cxzqbhz3" ...
Elapsed 0.005 sec:
Executing the "interfaces pppoe pppoe0 authentication username mrichardson8" ...
Elapsed 0.005 sec:
Executing the "interfaces pppoe pppoe0 mtu 1492" ...
Elapsed 0.010 sec:
Executing the "interfaces pppoe pppoe0 source-interface eth0.122" ...
Elapsed 0.010 sec:
Elapsed 0.038 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "interfaces pppoe pppoe0" ...
Elapsed 0.117 sec:
Elapsed 0.117 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "interfaces wireguard wg09" ...
Elapsed 0.005 sec:
Executing the "interfaces wireguard wg09 address 10.193.136.237/30" ...
Elapsed 0.011 sec:
Executing the "interfaces wireguard wg09 description lvg-r01 via JT Broadband/Airtel" ...
Elapsed 0.005 sec:
Executing the "interfaces wireguard wg09 peer to-lvg-r01" ...
Elapsed 0.004 sec:
Executing the "interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 0.0.0.0/0" ...
Elapsed 0.025 sec:
Executing the "interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive 25" ...
Elapsed 0.009 sec:
Executing the "interfaces wireguard wg09 peer to-lvg-r01 public-key [redacted]" ...
Elapsed 0.097 sec:
Executing the "interfaces wireguard wg09 port 51820" ...
Elapsed 0.013 sec:
Executing the "interfaces wireguard wg09 private-key [redacted]" ...
Elapsed 0.067 sec:
Elapsed 0.240 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "interfaces wireguard wg09" ...
Elapsed 1.833 sec:
Elapsed 1.833 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "system name-server 193.201.42.9" ...
Elapsed 0.020 sec:
Executing the "system name-server 193.201.42.130" ...
Elapsed 0.016 sec:
Elapsed 0.036 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "system name-server 193.201.42.9" ...
Elapsed 0.148 sec:
Executing the "system name-server 193.201.42.130" ...
Elapsed 0.143 sec:
Executing the "system name-server 193.201.42.9" ...
Elapsed 0.138 sec:
Executing the "system name-server 193.201.42.130" ...
Elapsed 0.125 sec:
Elapsed 0.557 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "system syslog global facility all" ...
Elapsed 0.005 sec:
Executing the "system syslog global facility all level debug" ...
Elapsed 0.005 sec:
Executing the "system syslog global facility local7" ...
Elapsed 0.005 sec:
Executing the "system syslog global facility local7 level debug" ...
Elapsed 0.005 sec:
Executing the "system syslog host 193.201.42.2" ...
Elapsed 0.014 sec:
Executing the "system syslog host 193.201.42.2 facility all" ...
Elapsed 0.006 sec:
Executing the "system syslog host 193.201.42.2 facility all level debug" ...
Elapsed 0.005 sec:
Elapsed 0.048 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "system syslog" ...
Elapsed 0.972 sec:
Elapsed 0.972 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "system login user itconsult" ...
Elapsed 0.005 sec:
Executing the "system login user itconsult authentication encrypted-password [redacted]" ...
Elapsed 0.005 sec:
Elapsed 0.011 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "system login banner" ...
Elapsed 0.024 sec:
Executing the "system login" ...
Elapsed 2.818 sec:
Elapsed 2.843 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "system config-management commit-revisions 20" ...
Elapsed 0.011 sec:
Elapsed 0.012 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "system config-management" ...
Elapsed 0.029 sec:
Elapsed 0.029 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "interfaces openvpn vtun2" ...
Elapsed 0.006 sec:
Executing the "interfaces openvpn vtun2 description qr-r01b foreshore - ha-r01a bb" ...
Elapsed 0.006 sec:
Executing the "interfaces openvpn vtun2 encryption cipher aes256" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun2 hash sha256" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun2 local-address 193.201.42.150" ...
Elapsed 0.012 sec:
Executing the "interfaces openvpn vtun2 local-address 193.201.42.150 subnet-mask 255.255.255.252" ...
Elapsed 0.012 sec:
Executing the "interfaces openvpn vtun2 local-port 1195" ...
Elapsed 0.010 sec:
Executing the "interfaces openvpn vtun2 mode site-to-site" ...
Elapsed 0.006 sec:
Executing the "interfaces openvpn vtun2 remote-address 193.201.42.149" ...
Elapsed 0.013 sec:
Executing the "interfaces openvpn vtun2 remote-port 1195" ...
Elapsed 0.010 sec:
Elapsed 0.089 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "interfaces openvpn vtun2" ...
Elapsed 0.078 sec:
Elapsed 0.078 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "interfaces openvpn vtun1" ...
Elapsed 0.006 sec:
Executing the "interfaces openvpn vtun1 description qr-r01a bb - ha-r01a bb" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun1 encryption cipher aes256" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun1 hash sha256" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun1 local-address 193.201.42.146" ...
Elapsed 0.013 sec:
Executing the "interfaces openvpn vtun1 local-address 193.201.42.146 subnet-mask 255.255.255.252" ...
Elapsed 0.012 sec:
Executing the "interfaces openvpn vtun1 mode site-to-site" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun1 remote-address 193.201.42.145" ...
Elapsed 0.012 sec:
Elapsed 0.066 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "interfaces openvpn vtun1" ...
Elapsed 0.063 sec:
Elapsed 0.063 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "interfaces openvpn vtun5" ...
Elapsed 0.006 sec:
Executing the "interfaces openvpn vtun5 description vp-r01 - broadband" ...
Elapsed 0.006 sec:
Executing the "interfaces openvpn vtun5 encryption cipher aes256" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun5 hash sha256" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun5 local-address 193.201.42.241" ...
Elapsed 0.012 sec:
Executing the "interfaces openvpn vtun5 local-address 193.201.42.241 subnet-mask 255.255.255.252" ...
Elapsed 0.012 sec:
Executing the "interfaces openvpn vtun5 local-port 1198" ...
Elapsed 0.010 sec:
Executing the "interfaces openvpn vtun5 mode site-to-site" ...
Elapsed 0.005 sec:
Executing the "interfaces openvpn vtun5 remote-address 193.201.42.242" ...
Elapsed 0.012 sec:
Executing the "interfaces openvpn vtun5 remote-port 1198" ...
Elapsed 0.010 sec:
Elapsed 0.088 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "interfaces openvpn vtun5" ...
Elapsed 0.062 sec:
Elapsed 0.062 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "protocols static route 0.0.0.0/0" ...
Elapsed 0.013 sec:
Executing the "protocols static route 0.0.0.0/0 blackhole distance 210" ...
Elapsed 0.010 sec:
Executing the "protocols static route 107.191.63.136/32" ...
Elapsed 0.012 sec:
Executing the "protocols static route 107.191.63.136/32 interface pppoe0" ...
Elapsed 0.010 sec:
Executing the "protocols static route 185.16.69.0/24" ...
Elapsed 0.012 sec:
Executing the "protocols static route 185.16.69.0/24 interface pppoe0" ...
Elapsed 0.010 sec:
Executing the "protocols static route 185.16.70.0/24" ...
Elapsed 0.012 sec:
Executing the "protocols static route 185.16.70.0/24 interface pppoe0" ...
Elapsed 0.010 sec:
Executing the "protocols static route 193.201.42.0/24" ...
Elapsed 0.012 sec:
Executing the "protocols static route 193.201.42.0/24 blackhole distance 210" ...
Elapsed 0.010 sec:
Executing the "protocols static route 212.9.12.56/31" ...
Elapsed 0.012 sec:
Executing the "protocols static route 212.9.12.56/31 interface pppoe0" ...
Elapsed 0.010 sec:
Executing the "protocols static route 212.9.27.93/32" ...
Elapsed 0.012 sec:
Executing the "protocols static route 212.9.27.93/32 interface pppoe0" ...
Elapsed 0.010 sec:
Executing the "protocols static route 213.167.95.29/32" ...
Elapsed 0.012 sec:
Executing the "protocols static route 213.167.95.29/32 interface pppoe0" ...
Elapsed 0.010 sec:
Executing the "protocols static table 1" ...
Elapsed 0.010 sec:
Executing the "protocols static table 1 route 0.0.0.0/0" ...
Elapsed 0.013 sec:
Executing the "protocols static table 1 route 0.0.0.0/0 interface pppoe0" ...
Elapsed 0.011 sec:
Elapsed 0.222 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "protocols static" ...
Elapsed 1.125 sec:
Elapsed 1.125 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "protocols ospf area 0" ...
Elapsed 0.013 sec:
Executing the "protocols ospf area 0 network 193.201.42.160/28" ...
Elapsed 0.012 sec:
Executing the "protocols ospf area 0 network 193.201.42.250/32" ...
Elapsed 0.011 sec:
Executing the "protocols ospf area 0 network 193.201.42.156/30" ...
Elapsed 0.011 sec:
Executing the "protocols ospf area 0 network 193.201.42.200/30" ...
Elapsed 0.011 sec:
Executing the "protocols ospf area 0 network 193.201.42.144/30" ...
Elapsed 0.011 sec:
Executing the "protocols ospf area 0 network 193.201.42.148/30" ...
Elapsed 0.011 sec:
Executing the "protocols ospf area 0 network 193.201.42.240/30" ...
Elapsed 0.011 sec:
Executing the "protocols ospf area 0 network 10.193.136.236/30" ...
Elapsed 0.011 sec:
Executing the "protocols ospf default-information originate metric 10" ...
Elapsed 0.009 sec:
Executing the "protocols ospf default-information originate metric-type 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface eth0.20" ...
Elapsed 0.010 sec:
Executing the "protocols ospf interface eth0.20 cost 10" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface eth0.20 dead-interval 4" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface eth0.20 hello-interval 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface eth0.20 priority 120" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface eth0.20 retransmit-interval 5" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface eth0.20 transmit-delay 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun1" ...
Elapsed 0.010 sec:
Executing the "protocols ospf interface vtun1 cost 20" ...
Elapsed 0.010 sec:
Executing the "protocols ospf interface vtun1 dead-interval 4" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun1 hello-interval 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun1 network point-to-point" ...
Elapsed 0.005 sec:
Executing the "protocols ospf interface vtun1 priority 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun1 retransmit-interval 5" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun1 transmit-delay 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun2" ...
Elapsed 0.010 sec:
Executing the "protocols ospf interface vtun2 cost 40" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun2 dead-interval 4" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun2 hello-interval 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun2 network point-to-point" ...
Elapsed 0.005 sec:
Executing the "protocols ospf interface vtun2 priority 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun2 retransmit-interval 5" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun2 transmit-delay 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun5" ...
Elapsed 0.010 sec:
Executing the "protocols ospf interface vtun5 cost 65" ...
Elapsed 0.011 sec:
Executing the "protocols ospf interface vtun5 dead-interval 4" ...
Elapsed 0.010 sec:
Executing the "protocols ospf interface vtun5 hello-interval 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun5 network point-to-point" ...
Elapsed 0.005 sec:
Executing the "protocols ospf interface vtun5 priority 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun5 retransmit-interval 5" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface vtun5 transmit-delay 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface wg09" ...
Elapsed 0.010 sec:
Executing the "protocols ospf interface wg09 dead-interval 4" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface wg09 hello-interval 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface wg09 network point-to-point" ...
Elapsed 0.005 sec:
Executing the "protocols ospf interface wg09 priority 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface wg09 retransmit-interval 5" ...
Elapsed 0.009 sec:
Executing the "protocols ospf interface wg09 transmit-delay 1" ...
Elapsed 0.009 sec:
Executing the "protocols ospf redistribute static metric-type 2" ...
Elapsed 0.009 sec:
Executing the "protocols ospf redistribute static route-map static-to-ospf" ...
Elapsed 0.005 sec:
Elapsed 0.500 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "protocols ospf" ...
Elapsed 0.026 sec:
Elapsed 0.026 sec: _commit_exec_cfg_node
[[protocols ospf]] failed
Entering the _commit_check_cfg_node
Executing the "high-availability vrrp group eth0.20-20 address 193.201.42.170/28" ...
Elapsed 0.018 sec:
Executing the "high-availability vrrp group eth0.20-20 advertise-interval 1" ...
Elapsed 0.009 sec:
Executing the "high-availability vrrp group eth0.20-20 interface eth0.20" ...
Elapsed 0.010 sec:
Executing the "high-availability vrrp group eth0.20-20 priority 150" ...
Elapsed 0.010 sec:
Executing the "high-availability vrrp group eth0.20-20 vrid 20" ...
Elapsed 0.009 sec:
Elapsed 0.058 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "high-availability" ...
Elapsed 1.003 sec:
Elapsed 1.003 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "protocols bgp address-family ipv4-unicast aggregate-address 193.201.42.0/24" ...
Elapsed 0.011 sec:
Executing the "protocols bgp address-family ipv4-unicast network 193.201.42.250/32" ...
Elapsed 0.016 sec:
Executing the "protocols bgp address-family ipv4-unicast network 193.201.42.250/32 route-map bgp-local-no-export" ...
Elapsed 0.005 sec:
Executing the "protocols bgp neighbor 193.201.42.213" ...
Elapsed 0.016 sec:
Executing the "protocols bgp neighbor 193.201.42.213 description qr-r01a" ...
Elapsed 0.005 sec:
Executing the "protocols bgp neighbor 193.201.42.214" ...
Elapsed 0.018 sec:
Executing the "protocols bgp neighbor 193.201.42.214 description vp-r01" ...
Elapsed 0.004 sec:
Executing the "protocols bgp neighbor 193.201.42.215" ...
Elapsed 0.015 sec:
Executing the "protocols bgp neighbor 193.201.42.215 description ha-r01b" ...
Elapsed 0.004 sec:
Executing the "protocols bgp neighbor 193.201.42.251" ...
Elapsed 0.015 sec:
Executing the "protocols bgp neighbor 193.201.42.251 description qr-r01b" ...
Elapsed 0.005 sec:
Executing the "protocols bgp peer-group ITCONSULT" ...
Elapsed 0.004 sec:
Executing the "protocols bgp peer-group ITCONSULT remote-as 25040" ...
Elapsed 0.009 sec:
Executing the "protocols bgp peer-group ITCONSULT update-source 193.201.42.250" ...
Elapsed 0.016 sec:
Executing the "protocols bgp system-as 25040" ...
Elapsed 0.009 sec:
Executing the "protocols bgp timers holdtime 45" ...
Elapsed 0.009 sec:
Executing the "protocols bgp timers keepalive 5" ...
Elapsed 0.009 sec:
Elapsed 0.179 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "protocols bgp" ...
Elapsed 1.879 sec:
Elapsed 1.879 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "service ntp allow-client address 0.0.0.0/0" ...
Elapsed 0.012 sec:
Executing the "service ntp allow-client address ::/0" ...
Elapsed 0.011 sec:
Executing the "service ntp server 193.201.42.81" ...
Elapsed 0.013 sec:
Executing the "service ntp server 193.201.42.87" ...
Elapsed 0.013 sec:
Executing the "service ntp server 193.201.42.97" ...
Elapsed 0.013 sec:
Executing the "service ntp server 193.201.42.103" ...
Elapsed 0.013 sec:
Elapsed 0.078 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "service ntp" ...
Elapsed 1.324 sec:
Elapsed 1.324 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Elapsed 0.000 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "qos" ...
Elapsed 0.094 sec:
Elapsed 0.094 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "service snmp community [redacted]" ...
Elapsed 0.005 sec:
Executing the "service snmp community [redacted] authorization ro" ...
Elapsed 0.005 sec:
Executing the "service snmp community [redacted] network 193.201.42.0/24" ...
Elapsed 0.011 sec:
Elapsed 0.022 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "service snmp" ...
Elapsed 3.349 sec:
Elapsed 3.349 sec: _commit_exec_cfg_node
Entering the _commit_check_cfg_node
Executing the "service ssh port 22" ...
Elapsed 0.010 sec:
Elapsed 0.010 sec: _commit_check_cfg_node
Entering the _commit_exec_cfg_node
Executing the "service ssh" ...
Elapsed 1.090 sec:
Elapsed 1.090 sec: _commit_exec_cfg_node
Elapsed 28.818 sec: Commit execute priority tree
Commit failed
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ cat /tmp/vyos-configd-script-stdout
WARNING: changing speed/duplex setting on "eth0" is unsupported!
DEPRECATION WARNING: OpenVPN shared-secret support will be removed in
future VyOS versions. Please migrate your site-to-site tunnels to TLS.
You can use self-signed certificates with peer fingerprint
verification, consult the documentation for details.
DEPRECATION WARNING: OpenVPN shared-secret support will be removed in
future VyOS versions. Please migrate your site-to-site tunnels to TLS.
You can use self-signed certificates with peer fingerprint
verification, consult the documentation for details.
DEPRECATION WARNING: OpenVPN shared-secret support will be removed in
future VyOS versions. Please migrate your site-to-site tunnels to TLS.
You can use self-signed certificates with peer fingerprint
verification, consult the documentation for details.
Interface "vtun1" does not exist!
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ sh conf c | strip-private
set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options ip-src-route 'disable'
set firewall global-options ipv6-receive-redirects 'disable'
set firewall global-options ipv6-src-route 'disable'
set firewall global-options log-martians 'enable'
set firewall global-options receive-redirects 'disable'
set firewall global-options send-redirects 'enable'
set firewall global-options source-validation 'disable'
set firewall global-options syn-cookies 'enable'
set firewall global-options twa-hazards-protection 'disable'
set firewall group network-group internaladdresses network 'xxx.xxx.42.0/24'
set firewall group network-group internaladdresses network 'xxx.xxx.23.0/29'
set firewall group network-group internaladdresses network 'xxx.xxx.203.24/29'
set firewall group network-group internaladdresses network 'xxx.xxx.69.64/29'
set firewall group network-group internaladdresses network 'xxx.xxx.72.64/29'
set firewall group network-group internaladdresses network 'xxx.xxx.4.208/29'
set firewall group network-group outviajt network 'xxx.xxx.23.0/29'
set firewall group network-group outviajt network 'xxx.xxx.4.208/29'
set firewall ipv4 input filter default-action 'accept'
set firewall ipv4 input filter rule 5 action 'jump'
set firewall ipv4 input filter rule 5 inbound-interface name 'eth0.20'
set firewall ipv4 input filter rule 5 jump-target 'TO-ROUTER'
set firewall ipv4 input filter rule 10 action 'jump'
set firewall ipv4 input filter rule 10 inbound-interface name 'pppoe0'
set firewall ipv4 input filter rule 10 jump-target 'TO-ROUTER'
set firewall ipv4 input filter rule 15 action 'jump'
set firewall ipv4 input filter rule 15 inbound-interface name 'vtun1'
set firewall ipv4 input filter rule 15 jump-target 'TO-ROUTER'
set firewall ipv4 input filter rule 20 action 'jump'
set firewall ipv4 input filter rule 20 inbound-interface name 'vtun2'
set firewall ipv4 input filter rule 20 jump-target 'TO-ROUTER'
set firewall ipv4 input filter rule 25 action 'jump'
set firewall ipv4 input filter rule 25 inbound-interface name 'vtun5'
set firewall ipv4 input filter rule 25 jump-target 'TO-ROUTER'
set firewall ipv4 name TO-ROUTER default-action 'drop'
set firewall ipv4 name TO-ROUTER rule 10 action 'return'
set firewall ipv4 name TO-ROUTER rule 10 description 'itconsult Local Traffic'
set firewall ipv4 name TO-ROUTER rule 10 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 10 source address 'xxx.xxx.42.0/24'
set firewall ipv4 name TO-ROUTER rule 20 action 'return'
set firewall ipv4 name TO-ROUTER rule 20 description 'Foreshore link subnet'
set firewall ipv4 name TO-ROUTER rule 20 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 20 source address 'xxx.xxx.95.24/29'
set firewall ipv4 name TO-ROUTER rule 21 action 'return'
set firewall ipv4 name TO-ROUTER rule 21 description 'Foreshore routed subnet'
set firewall ipv4 name TO-ROUTER rule 21 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 21 source address 'xxx.xxx.69.64/29'
set firewall ipv4 name TO-ROUTER rule 30 action 'return'
set firewall ipv4 name TO-ROUTER rule 30 description 'Newtel link subnet'
set firewall ipv4 name TO-ROUTER rule 30 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 30 source address 'xxx.xxx.203.32/29'
set firewall ipv4 name TO-ROUTER rule 31 action 'return'
set firewall ipv4 name TO-ROUTER rule 31 description 'Newtel link subnet'
set firewall ipv4 name TO-ROUTER rule 31 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 31 source address 'xxx.xxx.203.24/29'
set firewall ipv4 name TO-ROUTER rule 40 action 'return'
set firewall ipv4 name TO-ROUTER rule 40 description 'JT link subnet'
set firewall ipv4 name TO-ROUTER rule 40 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 40 source address 'xxx.xxx.4.208/29'
set firewall ipv4 name TO-ROUTER rule 41 action 'return'
set firewall ipv4 name TO-ROUTER rule 41 description 'JT routed subnet'
set firewall ipv4 name TO-ROUTER rule 41 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 41 source address 'xxx.xxx.23.0/29'
set firewall ipv4 name TO-ROUTER rule 42 action 'return'
set firewall ipv4 name TO-ROUTER rule 42 description 'JT BGP peers'
set firewall ipv4 name TO-ROUTER rule 42 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 42 source address 'xxx.xxx.12.56/31'
set firewall ipv4 name TO-ROUTER rule 43 action 'return'
set firewall ipv4 name TO-ROUTER rule 43 description 'JT BGP peers'
set firewall ipv4 name TO-ROUTER rule 43 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 43 source address 'xxx.xxx.102.192/29'
set firewall ipv4 name TO-ROUTER rule 46 action 'return'
set firewall ipv4 name TO-ROUTER rule 46 description 'qr broadband'
set firewall ipv4 name TO-ROUTER rule 46 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 46 source address 'xxx.xxx.27.93/32'
set firewall ipv4 name TO-ROUTER rule 47 action 'return'
set firewall ipv4 name TO-ROUTER rule 47 description 'vp-r01a'
set firewall ipv4 name TO-ROUTER rule 47 protocol 'all'
set firewall ipv4 name TO-ROUTER rule 47 source address 'xxx.xxx.63.136/32'
set firewall ipv4 name TO-ROUTER rule 50 action 'return'
set firewall ipv4 name TO-ROUTER rule 50 description 'ssh from m70'
set firewall ipv4 name TO-ROUTER rule 50 destination port 'ssh'
set firewall ipv4 name TO-ROUTER rule 50 protocol 'tcp'
set firewall ipv4 name TO-ROUTER rule 50 source address 'xxx.xxx.144.150/32'
set firewall ipv4 name TO-ROUTER rule 51 action 'return'
set firewall ipv4 name TO-ROUTER rule 51 description 'ssh from m72'
set firewall ipv4 name TO-ROUTER rule 51 destination port 'ssh'
set firewall ipv4 name TO-ROUTER rule 51 protocol 'tcp'
set firewall ipv4 name TO-ROUTER rule 51 source address 'xxx.xxx.34.123/32'
set firewall ipv4 name TO-ROUTER rule 60 action 'return'
set firewall ipv4 name TO-ROUTER rule 60 description 'VRRP'
set firewall ipv4 name TO-ROUTER rule 60 destination address 'xxx.xxx.0.18'
set firewall ipv4 name TO-ROUTER rule 60 protocol '112'
set firewall ipv4 name TO-ROUTER rule 70 action 'return'
set firewall ipv4 name TO-ROUTER rule 70 description 'IPSEC UDP'
set firewall ipv4 name TO-ROUTER rule 70 destination port '500,4500,1701'
set firewall ipv4 name TO-ROUTER rule 70 protocol 'udp'
set firewall ipv4 name TO-ROUTER rule 80 action 'return'
set firewall ipv4 name TO-ROUTER rule 80 description 'IPSEC ESP'
set firewall ipv4 name TO-ROUTER rule 80 protocol 'esp'
set firewall ipv4 name TO-ROUTER rule 100 action 'return'
set firewall ipv4 name TO-ROUTER rule 100 description 'DHCP'
set firewall ipv4 name TO-ROUTER rule 100 destination port 'bootps'
set firewall ipv4 name TO-ROUTER rule 100 protocol 'udp'
set firewall ipv4 name TO-ROUTER rule 401 action 'return'
set firewall ipv4 name TO-ROUTER rule 401 description 'wireguard re lvg-r01'
set firewall ipv4 name TO-ROUTER rule 401 destination port '51820'
set firewall ipv4 name TO-ROUTER rule 401 protocol 'udp'
set firewall ipv4 name TO-ROUTER rule 401 source address 'xxx.xxx.69.0/24'
set firewall ipv4 name TO-ROUTER rule 402 action 'return'
set firewall ipv4 name TO-ROUTER rule 402 description 'wireguard re lvg-r01'
set firewall ipv4 name TO-ROUTER rule 402 destination port '51820'
set firewall ipv4 name TO-ROUTER rule 402 protocol 'udp'
set firewall ipv4 name TO-ROUTER rule 402 source address 'xxx.xxx.70.0/24'
set firewall ipv4 name TO-ROUTER rule 996 action 'return'
set firewall ipv4 name TO-ROUTER rule 996 description 'ICMP Throughout'
set firewall ipv4 name TO-ROUTER rule 996 protocol 'icmp'
set firewall ipv4 name TO-ROUTER rule 999 action 'reject'
set firewall ipv4 name TO-ROUTER rule 999 description 'Block'
set firewall ipv4 name TO-ROUTER rule 999 protocol 'all'
set high-availability vrrp group eth0.20-20 address xxx.xxx.42.170/28
set high-availability vrrp group eth0.20-20 advertise-interval '1'
set high-availability vrrp group eth0.20-20 interface 'eth0.20'
set high-availability vrrp group eth0.20-20 priority '150'
set high-availability vrrp group eth0.20-20 vrid '20'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:24'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth0 vif 20 address 'xxx.xxx.42.168/28'
set interfaces ethernet eth0 vif 20 description 'Hatherley Backbone'
set interfaces ethernet eth0 vif 122 description 'ONT 509001'
set interfaces loopback lo address 'xxx.xxx.42.250/32'
set interfaces openvpn vtun1 description 'qr-r01a bb - ha-r01a bb'
set interfaces openvpn vtun1 disable
set interfaces openvpn vtun1 encryption cipher 'aes256'
set interfaces openvpn vtun1 hash 'sha256'
set interfaces openvpn vtun1 local-address xxx.xxx.42.146 subnet-mask 'xxx.xxx.255.252'
set interfaces openvpn vtun1 mode 'site-to-site'
set interfaces openvpn vtun1 remote-address 'xxx.xxx.42.145'
set interfaces openvpn vtun1 remote-host 'xxx.xxx.27.93'
set interfaces openvpn vtun1 shared-secret-key 'openvpn_vtun1_shared'
set interfaces openvpn vtun2 description 'qr-r01b foreshore - ha-r01a bb'
set interfaces openvpn vtun2 disable
set interfaces openvpn vtun2 encryption cipher 'aes256'
set interfaces openvpn vtun2 hash 'sha256'
set interfaces openvpn vtun2 local-address xxx.xxx.42.150 subnet-mask 'xxx.xxx.255.252'
set interfaces openvpn vtun2 local-port '1195'
set interfaces openvpn vtun2 mode 'site-to-site'
set interfaces openvpn vtun2 remote-address 'xxx.xxx.42.149'
set interfaces openvpn vtun2 remote-host 'xxx.xxx.95.29'
set interfaces openvpn vtun2 remote-port '1195'
set interfaces openvpn vtun2 shared-secret-key 'openvpn_vtun2_shared'
set interfaces openvpn vtun5 description 'vp-r01 - broadband'
set interfaces openvpn vtun5 disable
set interfaces openvpn vtun5 encryption cipher 'aes256'
set interfaces openvpn vtun5 hash 'sha256'
set interfaces openvpn vtun5 local-address xxx.xxx.42.241 subnet-mask 'xxx.xxx.255.252'
set interfaces openvpn vtun5 local-port '1198'
set interfaces openvpn vtun5 mode 'site-to-site'
set interfaces openvpn vtun5 remote-address 'xxx.xxx.42.242'
set interfaces openvpn vtun5 remote-host 'xxx.xxx.63.136'
set interfaces openvpn vtun5 remote-port '1198'
set interfaces openvpn vtun5 shared-secret-key 'openvpn_vtun5_shared'
set interfaces pppoe pppoe0 authentication password xxxxxx
set interfaces pppoe pppoe0 authentication username xxxxxx
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 no-default-route
set interfaces pppoe pppoe0 no-peer-dns
set interfaces pppoe pppoe0 source-interface 'eth0.122'
set interfaces wireguard wg09 address 'xxx.xxx.136.237/30'
set interfaces wireguard wg09 description 'lvg-r01 via JT Broadband/Airtel'
set interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 'xxx.xxx.0.0/0'
set interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive '25'
set interfaces wireguard wg09 peer to-lvg-r01 public-key 'CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo='
set interfaces wireguard wg09 port '51820'
set interfaces wireguard wg09 private-key xxxxxx
set pki openvpn shared-secret xxxxxx key xxxxxx
set pki openvpn shared-secret xxxxxx version '1'
set pki openvpn shared-secret xxxxxx key xxxxxx
set pki openvpn shared-secret xxxxxx version '1'
set pki openvpn shared-secret xxxxxx key xxxxxx
set pki openvpn shared-secret xxxxxx version '1'
set policy as-path-list itconsult rule 10 action 'permit'
set policy as-path-list itconsult rule 10 regex '^$'
set policy prefix-list default-route rule 10 action 'permit'
set policy prefix-list default-route rule 10 prefix 'xxx.xxx.0.0/0'
set policy prefix-list itconsult-aggregated rule 10 action 'permit'
set policy prefix-list itconsult-aggregated rule 10 prefix 'xxx.xxx.42.0/24'
set policy prefix-list rfc1918 rule 10 action 'permit'
set policy prefix-list rfc1918 rule 10 prefix 'xxx.xxx.0.0/8'
set policy prefix-list rfc1918 rule 11 action 'permit'
set policy prefix-list rfc1918 rule 11 ge '9'
set policy prefix-list rfc1918 rule 11 prefix 'xxx.xxx.0.0/8'
set policy prefix-list rfc1918 rule 20 action 'permit'
set policy prefix-list rfc1918 rule 20 prefix 'xxx.xxx.0.0/12'
set policy prefix-list rfc1918 rule 21 action 'permit'
set policy prefix-list rfc1918 rule 21 ge '13'
set policy prefix-list rfc1918 rule 21 prefix 'xxx.xxx.0.0/12'
set policy prefix-list rfc1918 rule 30 action 'permit'
set policy prefix-list rfc1918 rule 30 prefix 'xxx.xxx.0.0/16'
set policy prefix-list rfc1918 rule 31 action 'permit'
set policy prefix-list rfc1918 rule 31 ge '17'
set policy prefix-list rfc1918 rule 31 prefix 'xxx.xxx.0.0/16'
set policy route outviajt interface 'eth0.20'
set policy route outviajt rule 10 description 'Internal Traffic'
set policy route outviajt rule 10 destination group network-group 'internaladdresses'
set policy route outviajt rule 10 set table 'main'
set policy route outviajt rule 10 source group network-group 'outviajt'
set policy route outviajt rule 20 description 'Out via JT'
set policy route outviajt rule 20 set table '1'
set policy route outviajt rule 20 source group network-group 'outviajt'
set policy route outviajt rule 30 description 'Normal Traffic'
set policy route outviajt rule 30 set table 'main'
set policy route-map bgp-local-no-export rule 10 action 'permit'
set policy route-map bgp-local-no-export rule 10 set
set policy route-map bgp-no-advertise rule 10 action 'deny'
set policy route-map static-to-ospf rule 10 action 'permit'
set policy route-map static-to-ospf rule 10 description 'Redistribute default route'
set policy route-map static-to-ospf rule 10 match ip address prefix-list 'default-route'
set policy route-map static-to-ospf rule 20 action 'deny'
set policy route-map static-to-ospf rule 20 description 'Do not resistribute anything else'
set protocols bgp address-family ipv4-unicast aggregate-address xxx.xxx.42.0/24
set protocols bgp address-family ipv4-unicast network xxx.xxx.42.250/32 route-map 'bgp-local-no-export'
set protocols bgp neighbor xxx.xxx.42.213 address-family ipv4-unicast
set protocols bgp neighbor xxx.xxx.42.213 description 'qr-r01a'
set protocols bgp neighbor xxx.xxx.42.213 peer-group 'ITCONSULT'
set protocols bgp neighbor xxx.xxx.42.214 address-family ipv4-unicast
set protocols bgp neighbor xxx.xxx.42.214 description 'vp-r01'
set protocols bgp neighbor xxx.xxx.42.214 peer-group 'ITCONSULT'
set protocols bgp neighbor xxx.xxx.42.215 address-family ipv4-unicast
set protocols bgp neighbor xxx.xxx.42.215 description 'ha-r01b'
set protocols bgp neighbor xxx.xxx.42.215 peer-group 'ITCONSULT'
set protocols bgp neighbor xxx.xxx.42.251 address-family ipv4-unicast
set protocols bgp neighbor xxx.xxx.42.251 description 'qr-r01b'
set protocols bgp neighbor xxx.xxx.42.251 peer-group 'ITCONSULT'
set protocols bgp parameters log-neighbor-changes
set protocols bgp parameters no-fast-external-failover
set protocols bgp peer-group ITCONSULT remote-as '25040'
set protocols bgp peer-group ITCONSULT update-source 'xxx.xxx.42.250'
set protocols bgp system-as '25040'
set protocols bgp timers holdtime '45'
set protocols bgp timers keepalive '5'
set protocols static route xxx.xxx.0.0/0 blackhole distance '210'
set protocols static route xxx.xxx.63.136/32 interface pppoe0
set protocols static route xxx.xxx.69.0/24 interface pppoe0
set protocols static route xxx.xxx.70.0/24 interface pppoe0
set protocols static route xxx.xxx.42.0/24 blackhole distance '210'
set protocols static route xxx.xxx.42.188/32 next-hop xxx.xxx.42.171
set protocols static route xxx.xxx.12.56/31 interface pppoe0
set protocols static route xxx.xxx.27.93/32 interface pppoe0
set protocols static route xxx.xxx.95.29/32 interface pppoe0
set protocols static table 1 route xxx.xxx.0.0/0 interface pppoe0
set qos policy
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0'
set service ntp allow-client xxxxxx '::/0'
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service snmp community [redacted] authorization 'ro'
set service snmp community [redacted] network 'xxx.xxx.42.0/24'
set service ssh port '22'
set system config-management commit-revisions '20'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system domain-name xxxxxx
set system host-name xxxxxx
set system login banner post-login ''
set system login banner pre-login ''
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system name-server 'xxx.xxx.42.9'
set system name-server 'xxx.xxx.42.130'
set system syslog global facility all level 'debug'
set system syslog global facility local7 level 'debug'
set system syslog host xxx.xxx.42.2 facility all level 'debug'
set system time-zone 'GB'
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$ sh int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------------------------
eth0 - 00:16:3e:e0:be:24 default 1500 u/u
eth0.20 193.201.42.168/28 00:16:3e:e0:be:24 default 1500 u/u Hatherley Backbone
193.201.42.170/28
eth0.122 - 00:16:3e:e0:be:24 default 1500 u/u ONT 509001
lo 127.0.0.1/8 00:00:00:00:00:00 default 65536 u/u
193.201.42.250/32
::1/128
pppoe0 212.9.10.53/32 n/a default 1492 u/u
wg09 10.193.136.237/30 n/a default 1420 u/u lvg-r01 via JT Broadband/Airtel
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$
itconsult@ha-r01a:~$

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
436550
Default Alt Text
240302-ha-r01a-failed2.txt (80 KB)

Event Timeline