It looks like this issue is already present in 1.3-rolling-202010270217, before the OpenVPN rewrite to get_config_dict():
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Nov 23 2020
Nov 23 2020
c-po added a comment to T3081: get_config_dict() does not honor whitespaces in the CLI values field.
[ interfaces openvpn vtun0 ]
{'auth_user_pass_file': '/run/openvpn/vtun0.pw',
'daemon_group': 'openvpn',
'daemon_user': 'openvpn',
'device_type': 'tun',
'encryption': {'cipher': 'aes256gcm'},
'ifname': 'vtun0',
'keep_alive': {'failure_count': '3', 'interval': '10'},
'mode': 'server',
'openvpn_option': ['tls-auth /config/auth/ovpn_test_site2site.key 0'],
'protocol': 'udp',
'server': {'name_server': ['10.53.53.53', '10.53.53.54'],
'push_route': ['0.0.0.0/0'],
'subnet': ['10.7.178.0/24'],
'topology': 'net30'},
'tls': {'ca_cert_file': '/config/auth/ovpn_test_ca.pem',
'cert_file': '/config/auth/ovpn_test_server.pem',
'dh_file': '/config/auth/ovpn_test_dh.pem',
'key_file': '/config/auth/ovpn_test_server.key'},
'use_lzo_compression': {}}c-po added a comment to T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02.
We will deal with the compat-names warning once starting on VyOS 1.4 ;)
c-po closed T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02, a subtask of T3060: OpenVPN virtual interface not coming up after upgrade, as Resolved.
c-po closed T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02 as Resolved.
Work with latest rolling release:
Put in a PR for refactor of LDP template, MPLS python handler, addition of global MPLS parameters (via Linux kernel config changes), and separation of MPLS interfaces from LDP interfaces. *PLEASE* know I did do testing but I want more people to test as well. I have uploaded the package file for this PR here so that people can test my work.
jestabro changed the status of T3082: multi_to_list must distinguish between values and defaults, a subtask of T2956: Add support for list of defaultValues, from Open to Confirmed.
jestabro changed the status of T3082: multi_to_list must distinguish between values and defaults, a subtask of T3081: get_config_dict() does not honor whitespaces in the CLI values field, from Open to Confirmed.
jestabro changed the status of T3082: multi_to_list must distinguish between values and defaults from Open to Confirmed.
jestabro closed T3081: get_config_dict() does not honor whitespaces in the CLI values field as Resolved.
See subtask T3082 for origin and details of this issue.
jestabro updated the task description for T3082: multi_to_list must distinguish between values and defaults.
Nov 22 2020
Nov 22 2020
@Viacheslav Thanks a lot, I'll give it a go, hopefully sometime next week.
@bbs2web, oh don't you worry. I've had my eyes on it after I get LDP done. I'm almost done with it too.
Layer 2 mpls functions were merged in to the kernel on the 3rd of October, this should hopefully allow BGP signalled VPLS and static LDP pseudowire tunnels. Support still appears to be missing in FRR and it will probably be a while until VyOS is based on this newer kernel, but hoorray!
Device-type tap option works incorrectly
set interfaces openvpn vtun20 device-type 'tap' set interfaces openvpn vtun20 local-address 10.0.0.0 set interfaces openvpn vtun20 local-host '100.64.0.1' set interfaces openvpn vtun20 local-port '22222' set interfaces openvpn vtun20 mode 'site-to-site' set interfaces openvpn vtun20 remote-address '10.0.0.1' set interfaces openvpn vtun20 remote-host '100.64.0.2' set interfaces openvpn vtun20 remote-port '22222' set interfaces openvpn vtun20 shared-secret-key-file '/config/auth/foo.key'
@Dataforce @fetzerms
ip rule "from" already in CLI T439
Okay, then I can merge this service into NAT66
That we can deal with later on when it‘s needed
@pasik Can you check if it solves your expectation?
I can consider migrating to the implementation of nat66, but I'm not sure if there is a case where the nat66 feature does not need to be enabled, but NDP proxy needs to be enabled
I still have the opinion that NDP proxy should be automatically configured when configuring nat66 as by then all interfaces and directions of the translation are known and the user must not configure any additional daemon.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02, a subtask of T3060: OpenVPN virtual interface not coming up after upgrade, from In progress to Needs testing.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02, a subtask of T3081: get_config_dict() does not honor whitespaces in the CLI values field, from In progress to Needs testing.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02 from In progress to Needs testing.
c-po updated the task description for T3081: get_config_dict() does not honor whitespaces in the CLI values field.
c-po updated subscribers of T3081: get_config_dict() does not honor whitespaces in the CLI values field.
c-po updated the task description for T3081: get_config_dict() does not honor whitespaces in the CLI values field.
c-po changed the status of T3081: get_config_dict() does not honor whitespaces in the CLI values field from Open to Confirmed.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02, a subtask of T3060: OpenVPN virtual interface not coming up after upgrade, from Open to In progress.
c-po changed the status of T3080: OpenVPN failing silently for a number of reasons in rolling post Nov/02 from Open to In progress.
Nov 21 2020
Nov 21 2020
syncer moved T3035: Allow IPv4 over IPv6 IPsec and vice versa from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved T3035: Allow IPv4 over IPv6 IPsec and vice versa from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.
syncer changed the status of T3035: Allow IPv4 over IPv6 IPsec and vice versa from Open to Needs testing.
syncer changed the subtype of T3035: Allow IPv4 over IPv6 IPsec and vice versa from "Task" to "Enhancement".
Thanks, works now.
@danielpo thanks foe the config. A new rolling containig a fix for this issue was just published. A smoketest will be added today to ensure this wont happen again.
jack9603301 moved T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge from In Progress to Finished on the VyOS 1.3 Equuleus board.
jack9603301 closed T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX9b8e3d83e9cf: bridge: T3079: bugfix on VLAN 1 is deleted in VLAN-aware bridges (authored by jack9603301).
jack9603301 added a comment to T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge.
jack9603301 changed Is it a breaking change? from none to compatible on T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge.
jack9603301 moved T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
jack9603301 changed the status of T3079: Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge from Open to In progress.
Nov 20 2020
Nov 20 2020
authentication {
password xxxx
username xxxxx
}
device-type tun
encryption {
cipher aes256
}
firewall {
in {
ipv6-name DENYv6_IN
name DENY_IN
}
local {
ipv6-name DENYv6_IN
name DENY_IN
}
}
hash sha256
mode client
openvpn-option "key-direction 1"
openvpn-option route-nopull
persistent-tunnel
protocol tcp-active
remote-host 1.2.3.4
remote-host 1.2.3.5
remote-port 1195
tls {
ca-cert-file /config/auth/cert.ca
auth-file /config/auth/tls-auth
tls-version-min 1.2
}c-po changed the status of T3078: CLI cleanup: rename "system options" -> "system option" from Open to In progress.
Please show us your config
Now this error appear when trying the latest image:
@dmbaturin @artooro Come on, remember not to forget NAT46
@c-po I am thinking, although it is not possible to incorporate NAT66, whether we can prioritize how to improve and incorporate NDP Proxy
GitHub <noreply@github.com> committed rVYOSONEX8bc6775a692e: Merge pull request #614 from sever-sever/T439 (authored by c-po).
c-po closed T3077: WireGuard: automatically create link-local IPv6 adresses, a subtask of T2653: "set interfaces" Python handler code improvements - next iteration, as Resolved.