In T125#51628, @Dmitry wrote:I propose in this case use set vpn l2tp remote-access outside-address 0.0.0.0. It works in current rolling.
Feed All Stories
Aug 11 2020
Aug 11 2020
jestabro changed the status of T2784: Remove unused arg from host_name.py functions verify and get_config from Open to In progress.
dongjunbo added a comment to T125: Missing PPPoE interfaces in l2tp configuration.
Aug 10 2020
Aug 10 2020
Unknown Object (User) moved T2227: MPLS documentation from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
Good. Things are getting better. Thank you @ronie
Unknown Object (User) added a comment to T2227: MPLS documentation.
In general, Service Providers implement IS-IS, not OSPF, as IGP in the Core. Maybe it is a good idea to develop VYOS support to IS-IS in order to make it more attractive as an immediate solution as P router to SPs.
In this lab OSPF is being used as IGP. Cisco routers are being implemented as PE/LSRs, because VYOS are not able to perform this role yet.
Everything is working from the Control Plane standpoint (VPNv4 addresses are exchanged and redistributed into OSPF).
OSPF reconverges in a strange way, as if the metric/cost were different (lower) over VYOS routers. After reviewing the configurations and activating MPLS LDP correctly between Cisco and VYOS routers, connectivity issues are solved.
Viacheslav updated the task description for T2783: It is not possible to delete an interface in vm.
GitHub <noreply@github.com> committed rVYOSONEXe9b954a9e4d0: Merge pull request #524 from sever-sever/T2779 (authored by c-po).
Viacheslav updated the task description for T2782: Changing timezone, does not restart rsyslog.
Viacheslav added a comment to T2779: LLDP: "show lldp neighbors interface" does not yield any result.
Unknown Object (User) changed the status of T2227: MPLS documentation, a subtask of T915: MPLS Support, from Open to On hold.
Currently the only application of VyOS LDP is as P router (backbone router in an MPLS cloud).
ajgnet added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
Additionally, sometimes the Peer ID and Local ID are not correctly formatted. for example:
Unknown Object (User) added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
It seems a parser issue. We are reviewing the script https://github.com/vyos/vyatta-op-vpn/blob/current/scripts/vyatta-op-vpn.pl
Unknown Object (User) added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
When the configuration provided is reproduced, the problem occurs: show ike sa is "down" while show ipsec sa is "up".
c-po triaged T2767: The interface cannot be disabled for network enabled configuration as High priority.
jack9603301 updated the task description for T2518: Add support for IPv6 NAT (NPTv6).
Viacheslav added a comment to T2760: In a load-balanced multi-wan configuration with DHCP assigned addresses, IPsec "dhcp-interface" does not work.
ref T2747
Viacheslav added a comment to T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.
And script
#!/usr/bin/env bash
c-po renamed T2777: "monitor dhcp" does not output any DHCP related information from "monitor dhcp" does not outpu any DHCP related information to "monitor dhcp" does not output any DHCP related information.
c-po triaged T2778: Migrate "system syslog" to get_config_dict() to support new features as Normal priority.
c-po added a parent task for T2769: Add VRF support for syslog: T2778: Migrate "system syslog" to get_config_dict() to support new features.
Aug 9 2020
Aug 9 2020
c-po claimed T2769: Add VRF support for syslog.
brussell added a comment to T2100: BGP route adverisement wih checks rib.
Sounds good thanks.
c-po added a comment to T2774: Bridge interface randomly disable itself.
Your rolling release is from a time where the interface configuration changed heavily. An entire new concept was added, please retry with one of the latest rollings.
Aug 8 2020
Aug 8 2020
jestabro added a comment to T2100: BGP route adverisement wih checks rib.
FRR 7.4 has been released, and the default behaviour has been changed, commit 62282e8379. @Viacheslav, when we update to this version, I can work with you to update the migration script.
jestabro changed the status of T2612: HTTPS API, changing API key fails but goes through from Confirmed to On hold.
As discussed in above comment, this is understandable behaviour, but will be re-investigated after the move to fastapi, re T2397.
jestabro changed the status of T1974: Allow route-map to set administrative distance from Unknown Status to Resolved.
Addressed in T2568.
This was an early experiment which contributed some ideas towards T2582; closed as superseded by that task.
Unknown Object (User) closed T2716: Shaper-HFSC shapes but does not control latency correctly as Resolved.
I am giving up with HFSC. I have been studying it for a long time, I have tested it in many different ways, without VyOS too. The only thing I have found is that this is is not a problem of VyOS.
Aug 7 2020
Aug 7 2020
Unknown Object (User) created T2773: EIGRP support for VRF.
Unknown Object (User) added a comment to T2772: BGP Route Distinguisher & Route Target Extended Community.
Route Distinguisher & Route Targets are, in general, configured under VRF proccess. Below a sample of how this configurations would looks like:
Unknown Object (User) updated subscribers of T2772: BGP Route Distinguisher & Route Target Extended Community.
Unknown Object (User) created T2772: BGP Route Distinguisher & Route Target Extended Community.
Unknown Object (User) added a comment to T2771: BGP VPNv4 & VPNv6 Address Family Support.
Bellow a sample of how BGP VPNv4 and VPNv6 AF configuration looks like:
Unknown Object (User) created T2771: BGP VPNv4 & VPNv6 Address Family Support.
ajgnet added a comment to T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.
Sure thing. Note my configuration contains some table maps that I have set up to route VPN traffic, and certain source IPs through specific interfaces. But there is no effect on the load-balancer when these sections are removed. Thank you.
Unknown Object (User) added a comment to T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.
Could you please provide full configuration or at least protocol section configuration?
jack9603301 added a comment to T2518: Add support for IPv6 NAT (NPTv6).
GNS3 virtualization network verification passed
thomas-mangin added a comment to T2623: Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”.
I will have a look as this was not supported by vyatta and therefore not added to the code when converted to python
thomas-mangin added a comment to T2768: Define a high level HTTP API.
Coming with a syntax which is not ultimately going to be as complex as the cli may be an impossible challenge. Changing the API to include in the XML what is path vs payload may indeed lead to indeed a better API tho. The example given use the word create in the path when REST would use POST.
zsdc created T2769: Add VRF support for syslog.
Aug 6 2020
Aug 6 2020
SrividyaA added a comment to T2623: Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”.
The commit fails when the local-ip option is included only with the 6RD prefix options (without 6RD option, 6in4 tunnel is created). In the tunnel.py script, local value is not defined as result stack trace is received
runar added a comment to T2766: vyos-build: build-config: arm64 is not a valid architecture.
runar closed T2765: vyatta-cfg-system: arm: vyatta-cfg-system is dependent on a amd64 only package as Resolved.
PR Merged
Container fixed, closing this ticket
The CI is now extended to build arm containers by default. they are also exported to dockerhub. closing this ticket
jestabro added a comment to T2688: add xml definition to router.
Discussion updated in PR 513.
https://github.com/vyos/vyos-1x/pull/513
c-po added a comment to T2764: Increase maximum number of NAT rules.
This will be a oneliner in the new XML implementation. Just send PR
jack9603301 updated the task description for T2723: Support tcptraceroute.
c-po added a comment to T2677: Proposal for clearer DHCPv6-PD configuration options.
Reading the UBNT source code I see:
jack9603301 added a comment to T2723: Support tcptraceroute.
c-po added a comment to T2763: New SNMP resource request - SNMP over TCP.
I find the above mentioned syntax to clumsy:
Viacheslav added a comment to T2763: New SNMP resource request - SNMP over TCP.
@srgabrieltelecon create please Pull Request.
Aug 5 2020
Aug 5 2020
Unknown Object (User) added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
I´ve used the version of the software: VyOS 1.3-rolling-202007300117.
As I´ve used GRE tunnels it does not simulates the same scenario reported, which uses pure IPsec. I will configure IPsec tunnels over physical interfaces and log the results here again.
ajgnet added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
I suspect this could be related to displaying a peer with a hostname that contains a dash, such as, "abc-peer12.dyndns.org." Or, possibly a string matching error getting thrown off by "AES_GCM_16_128/MODP_2048"
ajgnet added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
The IKE SA appears down in your second example?
Unknown Object (User) added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
vyos@HUB-2# sh vpn
ipsec {
esp-group MyESPGroup {
proposal 1 {
encryption aes256
hash md5
}
}
ike-group MyIKEGroup {
proposal 1 {
dh-group 2
encryption aes256
hash md5
}
}
ipsec-interfaces {
interface eth0.100
}
site-to-site {
peer 169.254.100.1 {
authentication {
mode pre-shared-secret
pre-shared-secret MYSECRETKEY
}
default-esp-group MyESPGroup
ike-group MyIKEGroup
local-address 169.254.100.6
tunnel 20 {
protocol gre
}
}
}}
[edit]
Unknown Object (User) added a comment to T2748: "show vpn ike sa" shows state "down" when tunnel is up.
I´ve configured a simple P-2P IPsec/GRE Tunnel and the command shows IKE and IPsec SAs UP:
jack9603301 added a comment to T2723: Support tcptraceroute.
Dependency and VRF support for tcptraceroute6 will be submitted in the next few days
jack9603301 changed the status of T2723: Support tcptraceroute, a subtask of T2714: A collection of utilities supporting IPv6 or ipv4, from Needs testing to In progress.
thomas-mangin added a comment to T2759: validate-value prints error messages from validators that fail even if overall validation succeeds.
I would have expected the output generated to be an OR of the validators or regexes and allow the output if any would have passed it
c-po edited a custom field on T2762: VRF: when SSHd is VRF bound all commands are executed in VRF context.
Aug 4 2020
Aug 4 2020
c-po renamed T2651: Generate CLI abstraction for options passed to CURL and SSH client from Generate CLI abstraction for options passed to CURL to Generate CLI abstraction for options passed to CURL and SSH client.
Viacheslav added a comment to T2759: validate-value prints error messages from validators that fail even if overall validation succeeds.
Before adding "<defaultValue>" it was working but not now.
Viacheslav closed T2637: Vlan is not removed from the system, a subtask of T2353: Interface [conf_mode] errors parent task, as Resolved.