If the default option is enabled or 1
Maybe it makes sense to create disable option like:
set interfaces bridge br0 ip disable-multicast-snooping
If the default option is enabled or 1
Maybe it makes sense to create disable option like:
set interfaces bridge br0 ip disable-multicast-snooping
PR to add the option: https://github.com/vyos/vyos-1x/pull/1378
It is not related to a router bug/feature
Close it
Did you try dns forwarding domain?
set service dns forwarding domain abc.local server 192.0.2.5
Task for rewriting wan-loadbalancing to XML/Python T4470
@Viacheslav thanks
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1375
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1374
Will be fixed in the next rolling release
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1372
Why don't use action accept for nl and drop all others?
In T4457#124584, @NikolayP wrote:The problem seems to be in these lines:
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.1' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14'Replacing "static IP" with 172.25.255.2 makes it work in VyOS 1.3.1
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2'Full corrected config for 1.3.1 from the first post:
set interfaces dummy dum4 address '4.4.4.4/32' set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth1 address '192.168.6.31/24' set service ssh set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec nat-traversal 'enable' set vpn l2tp remote-access authentication local-users username test password 'test' set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2' set vpn l2tp remote-access authentication mode 'local' set vpn l2tp remote-access authentication require 'mschap-v2' set vpn l2tp remote-access client-ip-pool start '172.25.255.1' set vpn l2tp remote-access client-ip-pool stop '172.25.255.14' set vpn l2tp remote-access idle '1800' set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret' set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'test' set vpn l2tp remote-access ipsec-settings ike-lifetime '3600' set vpn l2tp remote-access ipsec-settings lifetime '3600' set vpn l2tp remote-access outside-address '192.168.6.31'
It seems a wrong priority
Mpls configuration applied before creation tunnel
As a result sysctl parameter for the tunnel interface doesn't exist yet
To reproduce it in one commit:
set interfaces dummy dum1 address '10.5.4.8/24' set interfaces tunnel tun0 address '10.255.0.2/30' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 remote '192.0.2.254' set interfaces tunnel tun0 source-address '192.0.2.1' set protocols mpls interface 'dum1' set protocols mpls interface 'tun0' set protocols mpls ldp discovery transport-ipv4-address '192.0.2.1' set protocols mpls ldp interface 'dum1' set protocols mpls ldp interface 'tun0' set protocols mpls ldp router-id '192.0.2.1'
Hi,
I think this is a BUG, not a feature.
If I enable mpls on an interface, then the proper sysctl flags must be applied and be persistent.
it's a common behavior when you want to set sysctl variable and bash-cli is used ( vyos-cli by default when restart the vm set this value in 0 ) . however , it's possible to configure it with this command :
I just tested it on VyOS 1.4-rolling-202206260217, everything seems to work so far!
It would be nice to also have the negate option, something like:
@MrXermon Let's say someone is setting up BGP peering and wants to control import or export of prefixes using prefixlist. With your suggestion, how would you deny certain prefixes and accept all others? Can JunOS solve this directly with prefixlist without using route-map?
Thank you!
@Viacheslav As for your other concern, you can filter the actual inbound interface (eth4 in this my case) in mangle-PREROUTING. Maybe you could try packet marking in mangle-PREROUTING, then filter them later in VYOS_FW_FORWARD/VYOS_FW_LOCAL in the filter table?
Something like this:
@Viacheslav I tested your fix in my environment. The inbound filtering worked as expected after the fix. However it did not work correctly for the case we where we want both inbound and outbound firewalls on a single vrf member interface (or any case that has more than 2 directions on the same interface).
In order to keep useful tracing/debugging tooling in a single place, the @jestabro has created the repo:
https://github.com/jestabro/profiling-tools
Since there is no vyatta package yet, you need to either compile it by hand or install it from the apt
as explained before. Some examples to play around with:
# NOTE: I had to downgrade this package to resolve the installation conflict # sudo apt-get install python3-pkg-resources=45.2.0-1 sudo apt-get install python3-pip sudo python3 -m pip install memray PATH+=":/home/vyos/.local/bin"
I have collected the profiling data for the following configurations:
If you are running a small QEMU device and it has run out of the memory, the scenario is following:
- The boot process has failed, the prompt is stuck, bash is not initialized - You reboot the device, it tries to read the config, fails once again as there is no free memory - Config was not loaded, you cannot log in; it is a loop