@hagbard status so far is that i am nearly done with 3 types of setups with minor edits on existing wiki documentation for wireguard as it was not updated to match current commands :)
There is also some clearification on what each segment of the config is to avoid confusion newcomers that want to try it out.
I will add it after work today.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Oct 6 2018
Oct 6 2018
Oct 5 2018
Oct 5 2018
Oct 3 2018
Oct 3 2018
dmbaturin edited projects for T412: Add rsync to the list of squid safe ports, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T411: Squid is not functional due to legacy config statements that are no longer working in Squid3, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T281: Add https support to the load command., added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T434: RADIUS as l2tp vpn authentication mode is broken, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T345: Can't delete vti interface due to incorrect directory name in /proc, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T453: Qos/Match.pm shaper max-length, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T328: review output for show tech-support command, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T394: Add vyos_*dir copies of vyatta_*dir environment variables, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin set Version to 1.1.8 on T272: Add op mode command for generating remote side VPN configs .
dmbaturin edited projects for T146: 'show system image' odd behavior when console is ttyS1, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin closed T122: Control over which users have ssh access, a subtask of T631: Rewrite SSH configuration as XML interface definition, as Resolved.
dmbaturin edited projects for T507: vyatta-cfg-system -> SSH: Failure to correctly alter Ciphers and MACs, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T297: DNS Forwarding server does not allow IPv6 address in name-server, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T488: GRUB can't boot from software RAID, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T414: Remove the telnet service and make sure old configs that use it still load, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T437: System option "Ctrl-Alt-Delete action" broken, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin added a project to T331: VyOS 1.2.x image install on RAID1: VyOS 1.2 Crux (VyOS 1.2.0-rc1).
dmbaturin edited projects for T286: Fix resolv-file configuration problem, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
dmbaturin edited projects for T285: Add flag for DNSmasq to query all dns servers, added: VyOS 1.2 Crux (VyOS 1.2.0-rc1); removed VyOS 1.2 Crux.
Sure, what I need to do?
In T774#20257, @hagbard wrote:Hang on a sec, have a look here:
https://github.com/vyos/vyos-documentation
Oct 2 2018
Oct 2 2018
Hang on a sec, have a look here:
https://github.com/vyos/vyos-documentation
Anyone able to quickly test radius authentication, otherwise I gotta build myself a freeradius first.
Thanks a lot. Let me know if you need anything from me.
dmbaturin moved T835: accel-ppp: pppoe implementation from Backlog to In Progress on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T232: Install fails if hard drive previously contained GPT label from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T652: Rewrite service snmp in new style XML interface definition from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T777: Misleading Help Text for IPSEC Connection Type from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T820: IPSec charon running even without active VPN configuration from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T839: Add options for DHCPD OMAPI from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T692: TFTP server functionality from In Progress to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T696: Rewrite conntrack sync to XML from In Progress to Backlog on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T835: accel-ppp: pppoe implementation from In Progress to Backlog on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
dmbaturin moved T849: Make IPv4 and IPv6 BGP options syntax consistent from In Progress to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.
@hagbard thanks for the awesome implementation of wireguard to vyos.
Oct 1 2018
Oct 1 2018
hagbard changed the status of T833: New PPTP server implementation based on accel-ppp from In progress to On hold.
I asked in the forum if anyone still uses pptp, since windows can now finally ipsec too, I doubt that it is still in use anywhere. I put the pptp implementation on hold and focus on pppoe for the time being.
https://forum.vyos.io/t/pptp-aka-poptop-still-being-used/2518
hagbard changed the status of T833: New PPTP server implementation based on accel-ppp, a subtask of T742: Replace poptop and xl2tpd with accel-ppp, from In progress to On hold.
Sep 30 2018
Sep 30 2018
@dmbaturin can you increase it
Sep 29 2018
Sep 29 2018
shadowyw added a comment to T781: VyOS 1.2 does not work with AWS VPN gateway, but some configuration works fine on VyOS 1.1.8.
In T781#19265, @syncer wrote:But i see traffic counters
have you actually tried to pass traffic ?
Sep 26 2018
Sep 26 2018
1.2 rolling has ISC dhcrelay 4.3.1 from the Debian isc-dhcp-relay 4.3.1-6+deb8u3 package.
Sep 25 2018
Sep 25 2018
VyOS 1.3 is fine for me
I started with it but it's far away from being finished, since I jumped on wireguard first and am currently on pppoe (accel-ppp).
Is there any work being done? If not, I'll move it to VyOS 1.3.x target, since 1.2.0 is about to get a feature freeze.
Is it reproducible in latest 1.2.0?
I guess we should consider it complete by now.
dmbaturin merged Restricted Maniphest Task into T796: Commit error after upgrade from 1.1.8 to 1.2.0-20180824-frr.
dmbaturin closed T628: StrongSwan requires configuration change for proper routing over VTI. as Resolved.
I've tested it and it seemed to work. Closing this, if you see the issue reappear, please reopen.
Yes, should be fixed now. Feel free to reopen if it reappears.
dmbaturin closed T765: vyos.configtree config formatter outputs formerly escaped characters literally as Resolved.
Looks like libvyosconfig is not connected to phabricator so the commit wasn't picked up.
Should work after that commit, please test.
syncer closed T772: Make it possible to pass custom arguments to VRRP transition scripts as Resolved.
syncer changed the status of T849: Make IPv4 and IPv6 BGP options syntax consistent from Open to In progress.
Sep 24 2018
Sep 24 2018
It looks like the commit has fixed this issue.
Sep 23 2018
Sep 23 2018
I think we should take care about this in the VRRP scripts and leave the base system untouched. Meaning, take your proposal and remove
update_sysctl_conf net.ipv4.conf.default.arp_filter 1 \
"reset promiscous arp response"In the vyos-build repository /data/live-build-config/hooks/08-sysconf.chroot needs to be updated to remove:
Sep 22 2018
Sep 22 2018
So I took a step back and started wondering why we have /proc/sys/net/ipv4/conf/default/arp_filter set to 1 to begin with.
Sep 21 2018
Sep 21 2018
Sep 20 2018
Sep 20 2018
If you need config samples for testing I'm happy to provide it. Or tell me when to retest.
syncer changed the status of T835: accel-ppp: pppoe implementation, a subtask of T742: Replace poptop and xl2tpd with accel-ppp, from Open to In progress.
syncer triaged T856: upgrade from 1.1.8 to 1.2.0-rolling breaks OSPF area-type NSSA as Normal priority.
This is due to change from quagga to frr
syntax must be updated
I've now sucessfully labbed your config, and are able to get dmvpn up and running with your ipsec config :
Sep 19 2018
Sep 19 2018
Just to add a quick note:
That is correct,
only server
Sep 19 21:59:29 vyos accel-pptp: accel-ppp version f7074fe7acf69faab1eec87d97e50df20551429f
Sep 19 21:59:47 vyos accel-pptp: eth1: recv [PPPoE PADI 08:00:27:2c:86:02 => ff:ff:ff:ff:ff:ff sid=0000 <Service-Name > <Host-Uniq 320c0000>]
Sep 19 21:59:47 vyos accel-pptp: eth1: send [PPPoE PADO 08:00:27:5e:e4:00 => 08:00:27:2c:86:02 sid=0000 <AC-Name accel-ppp> <Service-Name > <AC-Cookie fd6d0db4854a2b3bd035dbf33d805ede449c128c52364d1a> <Host-Uniq 320c0000>]
Sep 19 21:59:47 vyos accel-pptp: eth1: recv [PPPoE PADR 08:00:27:2c:86:02 => 08:00:27:5e:e4:00 sid=0000 <Service-Name > <Host-Uniq 320c0000> <AC-Cookie fd6d0db4854a2b3bd035dbf33d805ede449c128c52364d1a>]
Sep 19 21:59:47 vyos accel-pptp: eth1: send [PPPoE PADS 08:00:27:5e:e4:00 => 08:00:27:2c:86:02 sid=0001 <AC-Name accel-ppp> <Service-Name > <Host-Uniq 320c0000>]
Sep 19 21:59:47 vyos accel-pptp: eth1:: lcp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: auth_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ccp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ipcp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ipv6cp_layer_init
Sep 19 21:59:47 vyos accel-pptp: eth1:: ppp establishing
Sep 19 21:59:47 vyos accel-pptp: eth1:: lcp_layer_start
Sep 19 21:59:50 vyos accel-pptp: eth1:: fsm timeout 9
Sep 19 21:59:50 vyos accel-pptp: eth1:: lcp_layer_started
Sep 19 21:59:50 vyos accel-pptp: eth1:: auth_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: connect: ppp0 <--> pppoe(08:00:27:2c:86:02)
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ppp connected
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: auth_layer_started
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ccp_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ipcp_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ipv6cp_layer_start
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: test123: authentication succeeded
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: ipcp_layer_started
Sep 19 21:59:50 vyos accel-pptp: ppp0:test123: pppoe: ppp started
Sep 19 21:59:50 vyos charon: 09[KNL] 192.168.0.1 appeared on ppp0
Sep 19 21:59:50 vyos charon: 11[KNL] 192.168.0.1 disappeared from ppp0
Sep 19 21:59:50 vyos charon: 13[KNL] 192.168.0.1 appeared on ppp0
Sep 19 21:59:50 vyos charon: 15[KNL] interface ppp0 activated
Sep 19 21:59:50 vyos systemd-sysctl[2614]: Overwriting earlier assignment of net/core/rmem_max in file '/etc/sysctl.d/99-sysctl.conf'.
Sep 19 21:59:52 vyos ntpd[2135]: Listen normally on 8 ppp0 192.168.0.1 UDP 123
Sep 19 21:59:52 vyos ntpd[2135]: peers refreshed
Sep 18 2018
Sep 18 2018
As requested by @runar:
Sep 17 2018
Sep 17 2018
Getting close to finishing it.
Sep 16 2018
Sep 16 2018
Sep 15 2018
Sep 15 2018
Sep 11 2018
Sep 11 2018
In addition the old patches from https://phabricator.vyos.net/T17 have been re-applied to the net-snmp repository b/c they were lost in translation on the move to Debian Jessie.