Query: All Stories

	Include stories about projects I am a member of.

Nov 15 21:23:22 LR1 systemd[1]: Reloading OpenVPN connection to vtun1.
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: event_wait : Interrupted system call (code=4)
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: Closing TUN/TAP interface
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: net_addr_ptp_v4_del: 10.255.1.1 dev vtun1
Nov 15 21:23:22 LR1 systemd[1]: Reloaded OpenVPN connection to vtun1.
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: SIGHUP[hard,] received, process restarting
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: WARNING: file '/run/openvpn/vtun1_shared.key' is group or others accessible
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Nov 15 21:23:22 LR1 openvpn-vtun1[13941]: Restart pause, 5 second(s)

By the way, mikrotik IPoE format doesn't compatible with VyOS

Zebra configuration:

root@r11-roll:/home/vyos# cat foo.txt 
!
frr version 7.5.1-20210619-12-g3f8a74e70
frr defaults traditional
hostname r11-roll
log syslog
log facility local7
service integrated-vtysh-config
!
vrf blue
 vni 2000
 exit-vrf
!
vrf red
 vni 3000
 exit-vrf
!
line vty
!
end

Still reproducible VyOS 1.3-beta-202111150443
After reboot

For 1.4 it was implemented in T645
IPSec was completely rewritten in 1.4

Fixed VyOS 1.3-beta-202111150443

This brings up an interesting issue: validate_value.ml could easily be modified to print warnings, while maintaining T2759 (namely, only print fatal errors if _all_ validators fail for a given setting), however, is this reasonable behaviour ? One would think that a 'validator' is either pass or fail, and if it is just giving a warning, it is no longer a validator.

I will take a look; thanks for the report !

Note, the host was upgraded from 1.2.8

PRs 1069 and 1070 will be merged

Adding set zone-policy zone SERVER interface SERVER to the presented test case should solve the issue. This is because the traffic needs to pass both eth1 and its associated VRF "master" interface, in this case TEST.

From what I understand this looks to be due to https://github.com/vyos/vyos-utils/blob/master/src/validate_value.ml catching both stdout and stderr output from the validators and only printing the captured output if the validator exit status is 0 so there isn't a way to print warnings unless it always prints the output or handling for a special 'warning' exit code was added.

This issue should be fixed after these changes https://phabricator.vyos.net/T1970 (udevadm settle)
Tested on EdgeCore SAF51015I with generic ISOs.

Does not possible to reproduce this behavior on 1.3-epa3.

Certificates can be wound there:

loaded certificate from '/etc/swanctl/x509/R1.pem'
loaded certificate from '/etc/swanctl/x509ca/CA.pem'
loaded RSA key from '/etc/swanctl/private/x509_R1.pem'

This doesn't seem to help, whatever is calling the validator script seems to hide the output unless the exit status is non-zero.

Try to restart vyos-configd after changing script file

A simple re-prdoucer is

Indeed, this looks like the commit

All Stories
Use Results
Edit Query
Hide Query

Nov 15 2021

Nov 14 2021

Nov 13 2021

Nov 12 2021

Nov 11 2021

Nov 10 2021