Happened across this one while trying to find support for defining client classes in Kea in order to pass different PXE boot files depending on client architecture. The following has an example of how this is achieved in kea.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jun 12 2024
Jun 11 2024
Can you please retest with the latest ISO as additional fixes got added to the code.
Just to notice: This task focuses on container part of multi arch support. I can take a look at multiarch pieces outside docker support, but it will demand a deeper knowledge of vyos build system and the vyos goal on multiarch (Or for now, arm) support.
Hey, is this feature currently being worked on? If not then I wouldn't mind working on support for it (I've also created a basic wpa2-enterprise option for client mode)
@a.apostoliuk this one should be resolved in the current rolling release, if you're able to check it out?
I have https://github.com/vyos/vyos-1x/pull/3616 and https://github.com/vyos/vyos-1x/pull/3637 as works in progress.
@lclements0 Add a simple set of commands to reproduce.
Jun 10 2024
I can probably help with this in August when I'll have access to one of these appliances again.
Approaching implementation of ZeroTier from a different angle in:
https://vyos.dev/T6455
PR https://github.com/vyos/vyos-1x/pull/3621
set nat cgnat log-allocation set nat cgnat pool external ext-01 external-port-range '1024-65535' set nat cgnat pool external ext-01 per-user-limit port '2000' set nat cgnat pool external ext-01 range 192.168.122.222/32 set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int-01' set nat cgnat rule 10 translation pool 'ext-01'
check logs:
Jun 10 14:10:02 r4 sudo[9057]: vyos : TTY=pts/0 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/sh -c ' /usr/libexec/vyos/conf_mode/nat_cgnat.py' Jun 10 14:10:02 r4 sudo[9057]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1003) Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.0, external host: 192.168.122.222, Port range: 1024-3023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.1, external host: 192.168.122.222, Port range: 3024-5023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.2, external host: 192.168.122.222, Port range: 5024-7023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.3, external host: 192.168.122.222, Port range: 7024-9023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.4, external host: 192.168.122.222, Port range: 9024-11023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.5, external host: 192.168.122.222, Port range: 11024-13023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.6, external host: 192.168.122.222, Port range: 13024-15023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.7, external host: 192.168.122.222, Port range: 15024-17023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.8, external host: 192.168.122.222, Port range: 17024-19023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.9, external host: 192.168.122.222, Port range: 19024-21023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.10, external host: 192.168.122.222, Port range: 21024-23023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.11, external host: 192.168.122.222, Port range: 23024-25023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.12, external host: 192.168.122.222, Port range: 25024-27023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.13, external host: 192.168.122.222, Port range: 27024-29023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.14, external host: 192.168.122.222, Port range: 29024-31023 Jun 10 14:10:03 r4 cgnat[9059]: Internal host: 100.64.0.15, external host: 192.168.122.222, Port range: 31024-33023 Jun 10 14:10:03 r4 sudo[9057]: pam_unix(sudo:session): session closed for user root
Accel-ppp does not work with VPP
vyos@vyos:~$ dpkg -l | grep vyos-1x ii vyos-1x 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data ii vyos-1x-vmware 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data for VMware vyos@vyos:~$
Updated task description to denote two issues (Bug 1 and Bug 2) with show tech-support report.
Jun 9 2024
@blueish - thanks! Yes, apt-mirror works now - but will it continue to work with the new storage too?
BTW, good to see "deb-src" - but only a few source packages are in there. I think it would be great to have corresponding source for all these *.deb packages in the Debian source package format, then anyone who wants to contribute will be able to use dpkg-buildpackage to rebuild them.
Please share the output of dpkg -l | grep vyos-1x
vyos@vyos# show vpn ipsec | commands set esp-group vpn lifetime '3600' set esp-group vpn pfs 'enable' set esp-group vpn proposal 10 encryption 'aes128gcm128' set esp-group vpn proposal 10 hash 'sha256' set ike-group vpn key-exchange 'ikev2' set ike-group vpn lifetime '7200' set ike-group vpn proposal 10 dh-group '14' set ike-group vpn proposal 10 encryption 'aes128gcm128' set ike-group vpn proposal 10 hash 'sha256' set interface 'eth0' set options virtual-ip set remote-access connection support authentication client-mode 'eap-mschapv2' set remote-access connection support authentication local-id 'ipsec.somedomain' set remote-access connection support authentication local-users username test password 'test' set remote-access connection support authentication server-mode 'x509' set remote-access connection support authentication x509 ca-certificate 'isrgrootx1' set remote-access connection support authentication x509 ca-certificate 'lets-encrypt-r3' set remote-access connection support authentication x509 certificate 'vpn2' set remote-access connection support description 'support remote access' set remote-access connection support esp-group 'vpn' set remote-access connection support ike-group 'vpn' set remote-access connection support local-address 'ip on eth0' set remote-access connection support pool 'support' set remote-access pool support name-server '1.1.1.1' set remote-access pool support name-server '9.9.9.9' set remote-access pool support prefix '192.168.120.64/27' [edit] vyos@vyos#
Please share your full ipsec configuration
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote ipsec.somedomain Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 154, in <module> cert = load_certificate(pki['certificate'][cert_name]['certificate']) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^ KeyError: 'certificate' vyos@vyos:~$ show ver Version: VyOS 1.5-rolling-202406060020 Release train: current Release flavor: generic
Reporter action missing - running this setup in production so does not feel like a bug.