PR https://github.com/vyos/vyos-1x/pull/1131
vyos@r11-roll:~$ show firewall group Possible completions: <Enter> Execute the current command FOO Show firewall group FOO2 NETV6 PORTGRP
PR https://github.com/vyos/vyos-1x/pull/1131
vyos@r11-roll:~$ show firewall group Possible completions: <Enter> Execute the current command FOO Show firewall group FOO2 NETV6 PORTGRP
In 1.3 it looks like just ipset -L:
vyos@r4:~$ show firewall group Name : FOO2 Type : address References : none Members : 203.0.113.3
Can you please add output from VyOS 1.3 as reference?
Duplicate of T4130
Maybe fixed in T4128
To reproduce it should be zone-policy firewall rules, for example:
Comparing the old iptables firewall it will look like this:
Error still present on VyOS 1.4-rolling-202201020317
keepalived was upgraded to include the above mentioned commits.
I was able to test and get a screenshot of the exact error eapol spits out when using certstore as well.
@egoistdream Just check when this feature was merged. It was implemented in FRR 24th of November, but the latest FRR release was 9th of November
https://frrouting.org/release/8.1/
Checked in 1.3-rolling-202201030317, health-check works
Still the same on vyos-1.4-rolling-202201020317-amd64.iso
It can't be implemented in 1.3, as it doesn't use swanctl.conf for peers configuration
I didn't find this option for ipsec.conf
PR https://github.com/vyos/vyos-1x/pull/1129
set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 local prefix '172.16.0.0/24' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 priority '100' set vpn ipsec site-to-site peer 192.0.2.14 tunnel 0 remote prefix '10.0.0.0/24'
I want to leave a comment , it's also common that customers don't know that PVST is enabled by default (and send bpdu peer VLANS), So it's possible to mitigate it also using nf rules , below leave a example:
How about starting with a simple interface and allowing to set interface for binding address?
set high-availability vrrp group foo address 203.0.113.1 interface ethX Possible completions: > ethN Interfcae used to assign virtual address > eth0 > eth1 > eth2
This sounds like a "peer-link" or "heartbeat-link" between two VyOS boxes. I have yet no idea how the CLI could look like, maybe you have one?
Suggested fix: https://github.com/vyos/vyatta-op/pull/52
Problem (2) with multiple IPv6 remotes fixed.
During multiple tests on my testlab I found two (or three) possible bugs:
1.)
vyos-cli does not prevent to mix IPv4 and IPv6 remotes. Mixing them is not possible with vxlan.
PR to fix the problem: https://github.com/vyos/vyos-1x/pull/1128
It is compatible with both 1.3 and 1.4, so can be cherry-picked from sagitta to equuleus.
This is a mutability issue: since under vyos-configd the script is loaded as module, global variables persist, however:
The error is received when the input for minutes is provided in three digits.
@insignia96 Will be present in the next rolling release.
Configuration tested on 1.3 and 1.4 version.
Re-opened as this task regarding dhcp-server, not dhcp-client
PR started:
https://github.com/vyos/vyos-1x/pull/1127
Fixed VyOS 1.3.0:
vyos@r4# run show conf com | match dhcp set interfaces ethernet eth2 vif 35 address 'dhcp' [edit] vyos@r4# run show int Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 192.168.122.14/24 u/u WAN eth1 203.0.113.14/24 u/u Lan 192.0.2.14/24 eth2 - u/u eth2.35 10.0.2.10/24 u/u
To reproduce:
set interfaces ethernet eth2 vif 35 set interfaces pppoe pppoe0 authentication password 'MYPASSWORD' set interfaces pppoe pppoe0 authentication user 'MYUSER' set interfaces pppoe pppoe0 default-route 'force' set interfaces pppoe pppoe0 mtu '1492' set interfaces pppoe pppoe0 redirect 'ifb0' set interfaces pppoe pppoe0 source-interface 'eth2.35' set interfaces pppoe pppoe0 traffic-policy out 'OUT2' set interfaces input ifb0
Commit:
vyos@r11-roll# commit [ interfaces pppoe pppoe0 redirect ifb0 ] Cannot find device "pppoe0" tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.
Fixed in eceaa3a7
Test version:
VyOS 1.4-rolling-202112290317
Result: