@n.fort Maybe set firewall name <name> rule <rule> ipsec match-gre? This feels a bit hacky though... Almost like match should be its own block and contain ipsec, none, or gre
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Sep 19 2022
Sep 18 2022
Sep 17 2022
It works for me (tm)
PR for VyOS 1.3.3 https://github.com/vyos/vyos-1x/pull/1548
Sep 16 2022
PR https://github.com/vyos/vyos-1x/pull/1545
PR https://github.com/vyos/vyatta-cfg-system/pull/185
set service ids ddos-protection direction 'in' set service ids ddos-protection listen-interface 'eth1' set service ids ddos-protection mode mirror set service ids ddos-protection threshold general fps '1000' set service ids ddos-protection threshold general mbps '200' set service ids ddos-protection threshold general pps '150000' set service ids ddos-protection threshold tcp fps '25' set service ids ddos-protection threshold tcp mbps '55' set service ids ddos-protection threshold tcp pps '155' set service ids ddos-protection threshold udp fps '100' set service ids ddos-protection threshold udp mbps '100' set service ids ddos-protection threshold udp pps '100' set service ids ddos-protection threshold icmp fps '200' set service ids ddos-protection threshold icmp mbps '210' set service ids ddos-protection threshold icmp pps '2040'
Expected fastnermon config entries:
# General threshold ban_for_flows = on threshold_flows = 1000 ban_for_bandwidth = on threshold_mbps = 200 ban_for_pps = on threshold_pps = 150000
Added a new pull request to make ISIS segment routing work again.
Sep 15 2022
Dear Sir
Will it work with 1.4 ?
BR
Vishvas
Jool is still being maintained for bugfixes etc. and it has all the features we're looking for, then it sounds fairly ideal. If no new features are being added to it, it's less likely to break in future releases too
I re-reviewed this PR and the following commit from @c-po
Ok now its working. Thanks. My bad.
Changes on the FRR side:
- Convert xdp helper library to an optional plugin + bgp hook
- Minor fixes + cleanups
- Figured out most of the permission problems
Changes on the XDP side:
- Convert mappings from legacy iproute format to the latest libbpf one
- New mappings improve debugging experience by implementing pretty-printing for XDP map dumping
- Added an xdp-loader for xdp-tools repo
PR adding libpam-google-authenticator package to VyOS:
https://github.com/vyos/vyos-1x/pull/1541
It seems that we have two constraints here.
Made a fix and now we have:
Let me see if I can fix it.
Doing further testing, it seems adding the explicit-null broke the configuration:
Good news. It seems the patch worked properly. Here we show MPLS labels generated via segment routing for the prefix command:
Sep 14 2022
As I mentioned above, use it before the configuration, it described in the doc
#!/bin/vbash
Interesting article on how and when to match ipsec options: https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions
There is PR https://github.com/vyos/vyos-1x/pull/1516 for T4667 but it brakes all GRE traffic
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1539
Hi all,
Do you have a proposed cli format?
Added a pull request for this fix.
Nope, i use CLI for configuration and script for vrrp (wireguard interface enable/disable)
Sep 13 2022
Fix for 1.3 https://github.com/vyos/vyos-build/pull/261
This is also an issue on the 1.3.x builds due to a similar issue. See https://github.com/jordansissel/fpm/issues/1923