It looks like set system config-management commit-archive source-address xxx.xxx.153.193 does not affect the git client.
We use the commit-archive to backup our configs into a GitHub repo.
Since a couple of days ago, we have a direct peering with GitHub, resulting in the fact that traffic from the VyOS router towards GitHub will have the IX IP as a source address.
As it's just a IX IP, it's not publicly routable and therefore packets towards it will just end in the void.
So, I've defined a proper routable source address using the commit-archive source-address setting.
Unfortunately, the git client still seems to use the IX IP as the source IP resulting in a connection error.
Error:
alyx@vyos# commit Archiving config... git+https://github.com/xxxx/router-config.git Unable to upload "git+https://xxxx:[email protected]/xxxx/router-config.git/config.boot-vyos.20240819_131648": Cloning into '/tmp/git-commit-archive-7n1zagw1/repository'... fatal: unable to access 'https://github.com/xxxx/router-config.git/': Failed to connect to github.com port 443 after 133838 ms: Couldn't connect to server run-parts: /etc/commit/post-hooks.d/02vyos-commit-archive exited with return code 1 [edit]
When I filter the route, so that traffic towards github is using a different source interface, with a different source IP it works fine.
Using the configured IP address as a source in other tools, like mtr or curl for example (mtr github.com address xxx.xxx.153.193 / curl https://github.com --interface xxx.xxx.153.193 works flawlessly.
Config
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:43' set interfaces ethernet eth0 offload gro set interfaces ethernet eth0 offload gso set interfaces ethernet eth0 offload sg set interfaces ethernet eth0 offload tso set interfaces ethernet eth1 address 'xxx.xxx.167.153/23' set interfaces ethernet eth1 address 'xxxx:xxxx:f2:e1:0:20:950:1/64' set interfaces ethernet eth1 duplex 'auto' set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:80' set interfaces ethernet eth1 mac 'xx:xx:xx:xx:xx:6b' set interfaces ethernet eth1 offload gro set interfaces ethernet eth1 offload gso set interfaces ethernet eth1 offload sg set interfaces ethernet eth1 offload tso set interfaces ethernet eth1 speed 'auto' set interfaces loopback lo address 'xxx.xxx.153.193/32' set interfaces loopback lo address 'xxxx:xxxx:12f::1/128' set interfaces pseudo-ethernet peth0 address 'xxx.xxx.226.69/27' set interfaces pseudo-ethernet peth0 address 'xxxx:xxxx:1:12::2/64' set interfaces pseudo-ethernet peth0 address 'xxx.xxx.226.66/29' set interfaces pseudo-ethernet peth0 source-interface 'eth0' set interfaces pseudo-ethernet peth1 address 'xxx.xxx.153.162/27' set interfaces pseudo-ethernet peth1 address 'xxxx:xxxx:120:acab::1/64' set interfaces pseudo-ethernet peth1 ip adjust-mss '1360' set interfaces pseudo-ethernet peth1 ipv6 adjust-mss '1340' set interfaces pseudo-ethernet peth1 mtu '1400' set interfaces pseudo-ethernet peth1 source-interface 'eth0' set interfaces tunnel tun1 address 'xxx.xxx.153.246/31' set interfaces tunnel tun1 address 'xxxx:xxxx:12f:1::14/127' set interfaces tunnel tun1 enable-multicast set interfaces tunnel tun1 encapsulation 'ip6gre' set interfaces tunnel tun1 ip adjust-mss '1360' set interfaces tunnel tun1 ipv6 adjust-mss '1340' set interfaces tunnel tun1 mtu '1400' set interfaces tunnel tun1 remote 'xxxx:xxxx:d11:4713::228' set interfaces tunnel tun1 source-address 'xxxx:xxxx:1:12::2' set interfaces tunnel tun2 address 'xxx.xxx.153.242/31' set interfaces tunnel tun2 address 'xxxx:xxxx:12f:1::10/127' set interfaces tunnel tun2 enable-multicast set interfaces tunnel tun2 encapsulation 'ip6gre' set interfaces tunnel tun2 ip adjust-mss '1360' set interfaces tunnel tun2 ipv6 adjust-mss '1340' set interfaces tunnel tun2 mtu '1400' set interfaces tunnel tun2 remote 'xxxx:xxxx:4400:2113:5400:05ff:fe0f:e1a6' set interfaces tunnel tun2 source-address 'xxxx:xxxx:1:12::2' [...] set protocols ospf area 0 set protocols ospf interface lo area '0' set protocols ospf interface peth1 area '0' set protocols ospf interface peth1 mtu-ignore set protocols ospf interface tun1 area '0' set protocols ospf interface tun1 cost '100' set protocols ospf interface tun2 area '0' set protocols ospf interface tun2 cost '100' set protocols ospf interface wg100 area '0' set protocols ospf neighbor xxx.xxx.153.190 set protocols ospf parameters router-id 'xxx.xxx.153.193' set protocols ospf redistribute bgp route-map 'OWN-ANYCAST-IN_v4' set protocols ospfv3 area 0 set protocols ospfv3 interface lo area '0' set protocols ospfv3 interface peth1 area '0' set protocols ospfv3 interface tun1 area '0' set protocols ospfv3 interface tun1 cost '100' set protocols ospfv3 interface tun2 area '0' set protocols ospfv3 interface tun2 cost '100' set protocols ospfv3 interface wg100 area '0' set protocols ospfv3 parameters router-id 'xxx.xxx.153.193' set protocols ospfv3 redistribute bgp route-map 'OWN-ANYCAST-IN_v6' set protocols rpki cache rtr.rpki.cloudflare.com port '8282' set protocols rpki cache rtr.rpki.cloudflare.com preference '100' set service lldp set system config-management commit-archive location xxxxxx set system config-management commit-archive source-address 'xxx.xxx.153.193' set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '9600' set system frr snmp bgpd set system frr snmp ospf6d set system frr snmp ospfd set system host-name xxxxxx set system ip multipath layer4-hashing set system ipv6 multipath layer4-hashing set system login user xxxxxx authentication encrypted-password xxxxxx set system login user xxxxxx authentication public-keys [email protected] key xxxxxx set system login user xxxxxx authentication public-keys [email protected] type 'ssh-ed25519' set system name-server 'xxx.xxx.9.9' set system name-server 'xxxx:xxxx:12a::1' set system option http-client xxxxxx 'xxx.xxx.153.193' set system option kernel disable-mitigations set system syslog global facility all level 'info' set system syslog global facility local7 level 'debug' set system time-zone 'UTC'