A feature request was made with a change in behavior:
https://phabricator.vyos.net/T4005
(Feature Request: IPsec IKEv1 + IKEv2 for one peer)
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Nov 20 2021
Nov 20 2021
Unknown Object (User) added a comment to T4004: IPsec ike-group parameters are not saved correctly (after reboot).
Unknown Object (User) added a comment to T4005: Feature Request: IPsec IKEv1 + IKEv2 for one peer.
pool request:
https://github.com/vyos/vyatta-cfg-vpn/pull/51
Create an Ike-group without a command "key-exchange" (like in VyOS 1.4):
I think this is what it would look like in service dhcp server. I left some comments to explain my thinking a bit, and I tried to make it as flexible as possible (for example the way match options are strings, so future DHCP options can be supported as soon as ISC supports them):
failover {
name INT
remote 192.168.15.4
source-address 192.168.15.3
status primary
}
shared-network-name INT {
description "Internal connection to ir01"
class CLIENT_MAP {
rule 10 {
action permit # This is equivalent to dhcpd's allow/deny members of
match option "agent.circuit_id" value "Vlan200" # This could match any option (ex: dhcp-client-identifier)
}
}
class GUEST_MAP {
rule 10 {
action permit
match option "agent.circuit_id" value "Vlan240"
}
}
subnet 192.168.1.0/24 {
class CLIENT_MAP
default-router 192.168.1.1
domain-name int.trae32566.org
domain-search int.trae32566.org
domain-search ipa.trae32566.org
domain-search trae32566.org
enable-failover
name-server 192.168.255.1
name-server 192.168.15.10
name-server 192.168.31.3
ntp-server 192.168.255.2
ntp-server 192.168.15.11
ntp-server 192.168.31.4
range CLIENTS {
start 192.168.1.2
stop 192.168.1.240
}
server-identifier 192.168.15.2
static-mapping QUEST {
ip-address 192.168.1.17
mac-address 80:f3:ef:11:e7:e7
}
}
subnet 192.168.6.0/24 {
class GUEST_MAP
default-router 192.168.6.1
enable-failover
name-server 1.1.1.1
name-server 1.0.0.1
name-server 8.8.8.8
ntp-server 50.205.57.38
ntp-server 64.225.34.103
ntp-server 129.250.35.251
server-identifier 192.168.15.2
range GUESTS {
start 192.168.6.2
stop 192.168.6.254
}
}
subnet 192.168.15.0/29 { # This tells it indirectly to use the interface eth2, which is on this subnet (is there a better way?)
default-router 192.168.15.1
enable-failover
range DUMMY {
start 192.168.15.2
stop 192.168.15.7
}
}
}Nov 19 2021
Nov 19 2021
jestabro moved T4003: API for "show interfaces ethernet" does not include the interface description from Need Triage to Finished on the VyOS 1.3 Equuleus board.
jestabro changed the status of T4003: API for "show interfaces ethernet" does not include the interface description from Unknown Status to Resolved.
jestabro triaged T4003: API for "show interfaces ethernet" does not include the interface description as Normal priority.
jestabro closed T4003: API for "show interfaces ethernet" does not include the interface description as Unknown Status.
I would not call this a bug as this is produced on intention.
GitHub <noreply@github.com> committed rVYOSONEXd618bbab8ffb: Merge pull request #1075 from srividya0208/T3998 (authored by c-po).
Submitted this PR: https://github.com/vyos/vyos-1x/pull/1075
c-po closed T4011: ethernet: deleting interface should place interface in admin down state as Resolved.
c-po moved T4010: DMVPN generates incorrect configuration life_time for swanctl.conf from Open to Backlog on the VyOS 1.4 Sagitta board.
c-po moved T4011: ethernet: deleting interface should place interface in admin down state from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4011: ethernet: deleting interface should place interface in admin down state from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po edited projects for T3318: Update Linux Kernel to v5.4.208 / 5.10.142, added: VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa3).
c-po renamed T3318: Update Linux Kernel to v5.4.208 / 5.10.142 from Update Linux Kernel to v5.4.155 / 5.10.75 to Update Linux Kernel to v5.4.160 / 5.10.80.
I wish I understood this subsystem better as I'd love to get it fixed. I'm going to take a closer look tomorrow
Nov 18 2021
Nov 18 2021
jestabro added a comment to T4003: API for "show interfaces ethernet" does not include the interface description.
One detail towards a resolution: if the vyos-http-api-server is started manually (without systemd) then the output is not truncated. If one wants to try this, one should configure 'set service https api' (to update Nginx config appropriately); then 'systemctl stop vyos-http-api'; then, as root:
Viacheslav changed the status of T4010: DMVPN generates incorrect configuration life_time for swanctl.conf from Open to In progress.
Shows which options moved to the new name in swanctl
Viacheslav updated the task description for T4010: DMVPN generates incorrect configuration life_time for swanctl.conf.
Viacheslav changed the status of T4006: Add additional Linux capabilities to container configuration from Open to Needs testing.
Re-tested working on
GitHub <noreply@github.com> committed rVYOSONEXce28a28b5bda: Merge pull request #1073 from anthr76/container-cap (authored by c-po).
c-po moved T3795: WWAN: issues with non connected interface / no signal from Backlog to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T4008: dhcp: change client retry interval form 300 -> 60 seconds from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T3962: Image cannot be built without open-vm-tools from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po moved T3795: WWAN: issues with non connected interface / no signal from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4008: dhcp: change client retry interval form 300 -> 60 seconds from Open to Finished on the VyOS 1.4 Sagitta board.
c-po added a project to T3795: WWAN: issues with non connected interface / no signal: VyOS 1.4 Sagitta.
c-po moved T3995: OpenVPN: do not stop/start service on configuration change from Backlog to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
jestabro changed the status of T4003: API for "show interfaces ethernet" does not include the interface description from Open to Confirmed.
Thanks, I've confirmed the issue; I should have it resolved soon
tlcarpenter added a comment to T4003: API for "show interfaces ethernet" does not include the interface description.
I notice my example of the API only focused on one interface (eth0), where the CLI (and the title showed all interfaces). Doesn't change the fact that in either case the API doesn't return data for the description.
GitHub <noreply@github.com> committed rVYOSONEX28493c64f162: Merge pull request #1052 from sever-sever/T3643-equ (authored by dmbaturin).
erkin changed the status of T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T3710: Upgrade the kernel in 1.3 to 5.10, from Needs testing to In progress.
erkin changed the status of T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T2198: Rewrite NAT in new XML/Python style, from Needs testing to In progress.
erkin changed the status of T1083: Implement persistent/random address and port mapping options for NAT rules from Needs testing to In progress.
anthr76 updated the task description for T4006: Add additional Linux capabilities to container configuration.
Viacheslav added a comment to T4004: IPsec ike-group parameters are not saved correctly (after reboot).
I don't think that it is a bug.
If you don't set any value, it gets default value ikev1
https://github.com/vyos/vyatta-cfg-vpn/blob/d2d4361bffaa0b99c85c7fbf46ddd760ae6512f0/templates/vpn/ipsec/ike-group/node.tag/key-exchange/node.def#L3
Unknown Object (User) created T4005: Feature Request: IPsec IKEv1 + IKEv2 for one peer.
Unknown Object (User) created T4004: IPsec ike-group parameters are not saved correctly (after reboot).
Nov 17 2021
Nov 17 2021
c-po moved T3996: SNMP service error in log from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
dmbaturin renamed T1083: Implement persistent/random address and port mapping options for NAT rules from Implement "--persistent" option to NAT rules to Implement persistent/random address and port mapping options for NAT rules.
dmbaturin added a comment to T1083: Implement persistent/random address and port mapping options for NAT rules.
Since we had to revert to the old NAT implementation due to kernel issues, this had to be back-back-ported to the old Perl code as well.
dmbaturin reopened T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T3710: Upgrade the kernel in 1.3 to 5.10, as Needs testing.
dmbaturin reopened T1083: Implement persistent/random address and port mapping options for NAT rules, a subtask of T2198: Rewrite NAT in new XML/Python style, as Needs testing.
dmbaturin reopened T1083: Implement persistent/random address and port mapping options for NAT rules as "Needs testing".
c-po moved T3350: OpenVPN config file generation broken from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T3350: OpenVPN config file generation broken from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.
c-po committed rVYOSONEX50a1b4a11701: OpenVPN: T3350: Changed custom options for OpenVPN processing (authored by zsdc).
Unknown Object (User) created T4002: firewall group network-group long names restriction incorrect behavior.