Removed in https://github.com/vyos/vyatta-cfg-system/pull/65

no popcorn left :)

@c-po I agree. By now I have a way better prototype of that thing than the original. I'll make a task about it.

This action installs the following cronjob:

sudo sh -c 'echo "#!/bin/sh" > /etc/cron.weekly/01vyos-popcon'
sudo sh -c 'echo "/opt/vyatta/bin/vyos-popcon.pl 2>&1 >/var/log/popcon.log" >> /etc/cron.weekly/01vyos-popcon'
sudo sh -c 'chmod +x /etc/cron.weekly/01vyos-popcon'

+1 removal

@dmbaturin @UnicronNL what‘s your opinion?

Thanks @c-po !

VyOS doesn't allow this configuration variant. You get an appropriate message if you try. In EdgeOS it's the same. I don't know if it's possible in Strongswan V5.3.5.

Do we know why it‘s not possible? Is it due to a missing configuration option in VyOS or is it due to non availability in the underlying Linux Components e.g. Strongswan?

Here's a a tutorial for EdgeRouters: https://lochnair.net/2017/03/13/bonding-internet-connections/

@syncer @dmbaturin https://github.com/vyos/vyatta-op/pull/12

I added new pmacct package (https://github.com/vyos/pmacct/tree/current) but now we also need to update vyatta-netflow package.

Any chance to get this fixed in 1.1.8?
We absolutely need ipv6 failover

On VyOS 1.1.7 we have /etc/radiusclient-ng/dictionary.merit which moved to /usr/share/freeradius/dictionary.merit on VyOS 1.2.x.

@higebu thanks for sharing! I was just able to make it work on Azure just last week, yaay :) Thanks though!

Oct 27 17:48:48 AC1 pppd[5482]: RADIUS: Can't read dictionary file /etc/radiusclient-ng/dictionary-ravpn

i think that file not created or created in wrong place with wrong name

Optimize a routers defaults should be targeted to the usecase of a router and not for some special use.
If you want to use a vyos as a VPN concentrator - well then configure if for this case. If the defaults are not optimized for general purpose, then you must tweak it for the "main usecase" as a router.

@MoyHaj Sorry for the late response. The VHD file is here: https://dev.vyos.jp/vyos/dev-images/vyos_azure_image.vhd

@jbeisser cloud init was integrated much later and still require testing
1.2 will be using cloud-init for that purpose

Is there an argument against just using cloud-init for the AMI?

@TomekC @syncer just wondering ... should we maybe add those commands to VyOS CLI?

In T14#8787, @aopdal wrote:

I'm upgrading my vmware cluster with vyos routers and are doing some tests. My production environment is running on 1.1.7.

I'm upgrading my vmware cluster with vyos routers and are doing some tests. My production environment is running on 1.1.7.

Hello @TomekC
you can provide some references?
or even commands?
Thanks!

Thank you for the effort. I always liked the VMWare template installation. I also tried it for VyOS 1.2.x on ESXi 6.5. I followed the WiKi instructions which worked like a charm!

ok, removed 1.1.x

Vote for 1.2.x only.

Removing 1.1.x

Do we leave this for 1.2 or we want to include this with 1.1.8 ?
@c-po @dmbaturin

https://github.com/vyos/build-iso/commit/51b1f8faf84b8071c8413af1baa76d976528c440

An AMI updated by hand was submitted to Amazon for testing.

@UnicronNL can you pickup this from @dmbaturin

@dmbaturin tells that this does not work as expected
so i suggest reopen this task

Hi, can you please share the VHD file as well?

The proposed "maximum-paths" looks to set the maximum number of paths for equal cost routing and not limit the long AS path that causes the noted log entry. I used the following in a production network to work around the issue:

VyOS version 1.1.7 works very well with vmware and with network card vmxnet3, but for high performance on that platform you need do some system tunning.
Have you got any plan to add that performance tunning to default vmware image?

Latest version of OpenVPN is 2.4.4 and has multiple new features.

I tried to get this working on a good known OpenVPN TAP configuration. I can confirm that it's flaky and will require additional debugging.

1. set protocols bgp 262766 maximum-paths ebgp 75

Thanks, I'm looking at it now.

Hello,
I've just sent a pull-request related for this topic.
Please check them when you have time.

Moving this to 1.2 branch
lets implement changes proposed earlier

i still confuse how to patch it, please explain more. thanks

No, I got the patch for this patch, how should I proceed? I have some sessions with this problem.

This is definitely very important. I'm on AT&T UVerse, and I can't plausibly use VyOS for my network without support for DHCPv6-PD. I don't even need auto-configuration of RAs on the LAN ports if that would be difficult, but I at least need the support to request the prefixes in order to get them routed to my internal router.

@syncer this was actually done by @JulesT. Thank you @JulesT.

Also, it doesn't seem to work because vtun0 is not coming up -- but that seems to be related to my specific config.

Well, I'd like to use bonding with round-robin load balancing over two VDSL2 uplinks to same provider with the same latency (my ISP wants a business account for MLPPP).

Run tcpdump on your WAN with filter ICMP to confirm probing goes haywire; should be pretty easy to spot as you employed four different targets.

The only remotely sensible use case I can see is active/standby bonding of L2 VPNs to provide redundant paths. But then again, the real answer to this is distributed switches such as openvswitch.

I've tried to attain this holy grail of combining VPNs to gain a faster more reliable link. Although my environment where multiple consumer WAN links with different specs. Yours seem to be more uniform to account for so you might get away with easier.

BGP configuration is definitely loaded after VTI configuration is loaded.

@syncer, yep, looks like that is the Deb package for https://roy.marples.name/projects/dhcpcd. This is the client that Daniel Corbe and I had recommended be switched to.

Thanks for transfering this.
it looks like good candidate
https://packages.debian.org/jessie/dhcpcd5
@dmbaturin already looked at it last year, but it seems it was without pd support than
Now, however, it looks like they added support for it and we maybe should consider it as main candidate

Looks like it doesn't work. I can't see any traffic on bond0 although it's configured in round-robin mode.

I've copied it and I can set bond-group on the OpenVPN interface. I'll check if it actually works in a minute. (you need to replace "tunnel" in the second string with openvpn).

This also happens with the DHCP server configuration if the DHCP subnet is different than the one used on the LAN interface (when it's configured with VRRP by following the VRRP tutorial on the VyOS wiki).

@higebu already have images with it, because we phase out 1.1.x i think it should be ok

Should we add it to 1.1.8? It's a pretty big change, I'm not sure if it should be in a maintenance rather than a major release.

@higebu can you add it for 1.1.8 (along with all required software like awscli) into 1.1.8 please

@c-po i will agree with your approach
i will ask to keep package versions output