@GurliGebis definately
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Nov 19 2023
kea-dhcp will only be the server, not the DHCP client that you use here, I am unaware of a Kea based DHCP client.
This has happened 2-3 times since my last comment. I'll keep this open until kea-dhcp is merged and then check if this bug remains.
Nov 18 2023
Can this get backported to 1.4?
I agree, even if its "odd" at first sight I like that all interfaces are named ethX within VyOS and then its a matter to map each to physical interface by hw-id (which is done automagically during first install but can be remapped if wanted).
I am against this change, why not use eth0 everywhere? If it's a WAN or LAN port should be user decidable. Please use udev rules to rename those interfaces to eth0...ethXX
ahh.. looking at it now it looks like the new upstream DTB uses lanX for all "lan" switchports..
Enumaration order and names are specified here:
DSA switch ports: https://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/mediatek/mt7986a-bananapi-bpi-r3.dts#L408-L459
CPU Ethernet ports: https://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/mediatek/mt7986a-bananapi-bpi-r3.dts#L171-L198
@Apachez no, they are not mapped by hw-id, all mapping of DSA ports are done by the DTB file (Hardware Device Tree) loaded into the kernel. also the enumeration order of cpu ethX interfaces are specified by the DTB file
Does all the interfaces at bananapi represent a hw-id which can be used to map to the ethX syntax of VyOS?
Nov 17 2023
Hey @fernando - yes, I tested it with two routers in a test environment, with the following setup: https://docs.vyos.io/en/latest/configuration/vpn/site2site_ipsec.html
Do you tested it ? using our current rolling-release
This is on a virtio interface:
Simple reproducer - doesn't need to be an upgrade, just apply this to 1.4
Nov 16 2023
Things to note that I'm not sure if they play a part:
Re-Opening. this need to be extended to bridge firewall
>>> from vyos.ifconfig import Interface >>> Interface('tun0').get_mac() '192.0.2.1'
I would like to contribute with a PR about this. At the same, time I would need some guidance on identifying the conditions requiring the onlink option to be added.
As I undestand it is possible now to create multiple auth ID's
vyos@r4# set vpn ipsec authentication psk FOO id Possible completions: <text> ID used for authentication
Not sure about other options.
Tested in VyOS 1.4-rolling-202311100309 (AES)
Tested in VyOS 1.4-rolling-202311100309 (3DES)
In VyOS 1.3.4
Configs:
I have a similar setup where I have two VyOS VMs used as VPN routers with some firewalling enabled. Since I use OSPF for dynamic routing I am not able to synchronize the sessions between both routers so in case one VPN router fails the other one can't take over flawlessly. Having conntrack-sync configuration separated from VRRP would be a great benefit.
I tested in VyOS 1.4-rolling-202311100309
https://github.com/vyos/vyos-1x/pull/2492
for equuleus
Tested in VyOS 1.4-rolling-202311100309
Tried with single quotes: ''
This can be done in other areas such as firewall rules already:
Nov 15 2023
PR https://github.com/vyos/vyos-1x/pull/2491
vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth1v10v4 10.10.10.10/24 00:00:5e:00:01:0a foo 1500 u/u eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D eth4 - 52:54:00:2c:51:09 default 1500 A/D eth5 - 52:54:00:f3:1d:e8 default 1500 A/D lo 127.0.0.1/8 00:00:00:00:00:00 default 65536 u/u ::1/128