Has any progress on this been made? I am still having this issue on 1.4-rolling-202205250217.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
May 31 2022
May 30 2022
PR for op-mode importing existing PKI files into config: https://github.com/vyos/vyos-1x/pull/1343
May 29 2022
This vm started out with 4G of memory and 2CPUs; I doubled quickly everything when I hit the out of memory error the first time, but that didn't help. I can quickly install the latest rolling and test
Yes, you error with "root" user is a known issue: T4281.
Reset added in T4442
Currently dealing with some minor FRR issues:
I've debugged this further, by breaking up my configuration into various sections (system, interfaces, firewall,nat,service,vpn etc) and running them on a new VM.
Still not much luck here. But I've let the boot run a bit longer, and notice the following:
May 28 2022
@fernando Could you try to set sysctl mark?
sysctl -w net.ipv4.conf.eth0.src_valid_mark=1 sysctl -w net.ipv4.conf.eth1.src_valid_mark=1
PR https://github.com/vyos/vyos-1x/pull/1340
set service event-handler event first filter pattern '.*ssh2.*' set service event-handler event first script arguments '192.0.2.5' set service event-handler event first script environment interface value 'eth0' set service event-handler event first script path '/config/scripts/hello.sh'
The current salt-minion version 3003.4+ds-1
@maznu Do we need anything else for it?
Okay, thats the only rule where I was using a port-group combined with protocol all; the others that use protocol all dont have a port or port group in the rule, so they are okay?
May 27 2022
PR for 1.4 Sagitta branch https://github.com/vyos/vyos-1x/pull/1337
Works on my setup
In T1230#123939, @panachoi wrote:1.4 rolling does not help me, so there must be something "wrong" with my configuration. I've attached the private config, it would be awesome if someone might find what's broken.
private.cfg127 KBDownload
For a better analysis, can you share your firewall and nat config without hidden data? You can send it to my email: [email protected]
PR for 1.3 equuleus branch https://github.com/vyos/vyos-1x/pull/1336
1.4 rolling does not help me, so there must be something "wrong" with my configuration. I've attached the private config, it would be awesome if someone might find what's broken.
May 26 2022
@panachoi , for me moving to 1.4 rolling release did the trick. Boot times went from > 10 mins in 1.2 to 2-3 minutes in 1.4. Hope that helps
Some debug info:
@panachoi If you can share the anonymized config that works in 1.2.8 that would be useful. I'd expect migrating to 1.4 to see a decent improvement in firewall load times.
I'm still having issues moving past anything higher than 1.2.8. Booting 1.2.8 looks thusly:
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1335
I'm trying to think what could have a 110 minute timer and the only think I can think of is the DHCP lease time:
May 26 05:58:49 rtr dhclient-script-vyos[7261]: No changes to apply via vyos-hostsd-client May 26 05:58:49 rtr dhclient[7216]: bound to 72.81.238.169 -- renewal in 3075 seconds.
I just caught it again. Same logs line up with my continuous ping.
May 25 2022
PR pending approval https://github.com/vyos/vyos-1x/pull/1332
PR fixing exposed errors:
https://github.com/vyos/vyos-1x/pull/1331
May 24 2022
I removed my comment as my issue was not a bug AFAIK, but rather a miss-configuration and operation.
May 23 2022
Yeah I discovered the same in forums:
I was not aware that the nft implementation changes the kind of how groups are used.
We have implemented a blacklisting approach which heavily relates on using ipset because no one wants to have hundred thousand of addresses in the config file.
So I think this is essential, at least for us.