It will be fixed in T4545
PR https://github.com/vyos/vyos-1x/pull/1426
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jul 25 2022
Jul 24 2022
Jul 23 2022
PR https://github.com/vyos/vyos-1x/pull/1430
vyos@r14:~$ show vrf Name State MAC address Flags Interfaces ------ ------- ----------------- ------------------------ --------------- foo up be:e3:5c:f1:54:99 noarp,master,up,lower_up eth1.50,eth1.55 bar up 1e:7c:94:da:e0:35 noarp,master,up,lower_up n/a vyos@r14:~$
New PR (Notice corrected):
https://github.com/vyos/vyos-1x/pull/1427
I have added a pull request for this:
PR https://github.com/vyos/vyos-1x/pull/1428
vyos@r14:~$ reset vpn ipsec-peer 2001:db8::2 CHILD_SA {21241} closed successfully CHILD_SA {21243} closed successfully CHILD_SA {21245} closed successfully CHILD_SA {21244} closed successfully CHILD_SA {21247} closed successfully CHILD_SA {21246} closed successfully CHILD_SA {21249} closed successfully CHILD_SA {21248} closed successfully closing CHILD_SA peer_2001-db8--2_tunnel_0{21250} with SPIs cab47d6b_i (0 bytes) c3cbba13_o (0 bytes) and TS 2001:db8:1111::/64 === 2001:db8:2222::/64 sending DELETE for ESP CHILD_SA with SPI cab47d6b generating INFORMATIONAL request 14065 [ D ] sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes) received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes) parsed INFORMATIONAL response 14065 [ D ] received DELETE for ESP CHILD_SA with SPI c3cbba13 CHILD_SA closed CHILD_SA {21250} closed successfully establishing CHILD_SA peer_2001-db8--2_tunnel_0{21251} generating CREATE_CHILD_SA request 14066 [ SA No KE TSi TSr ] sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (497 bytes) received packet: from 2001:db8::2[500] to 2001:db8::1[500] (497 bytes) parsed CREATE_CHILD_SA response 14066 [ SA No KE TSi TSr ] selected proposal: ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ CHILD_SA peer_2001-db8--2_tunnel_0{21251} established with SPIs ccaff1e5_i c5a2b674_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64 connection 'peer_2001-db8--2_tunnel_0' established successfully Peer reset result: success vyos@r14:~$
Jul 22 2022
Commit fails b/c of frr-reload output: 200 % Local-AS allowed only for EBGP peers - we should add an appropriate verify() stage I guess.
PR https://github.com/vyos/vyos-1x/pull/1426
An example with only one rule 10 raw output
vyos@r14:~$ /usr/libexec/vyos/op_mode/nat.py show_rules --direction source --raw [ { "rule": { "family": "ip", "table": "nat", "chain": "POSTROUTING", "handle": 114, "comment": "SRC-NAT-10", "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "eth0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "masquerade": null } ] } } ] vyos@r14:~$
PR to new format + IPv6 entries https://github.com/vyos/vyos-1x/pull/1425
Unfortunately not all commands are present when using the bgp <afi> syntax. We should find the remaining ones and then move all to the new syntax - less confusing
@Viacheslav yep that one works...
@aalmenar try the next command
vyos@r14# run reset bgp ipv6 Possible completions: <h:h:h:h:h:h:h:h> IPv6 neighbor to clear 1-4294967295 Reset peers with the AS number all Clear all peers external Reset all external peers peer-group Reset all members of peer-group
@aaliddell I am not too concerned about tayga's maintenance. It have been proved to work well for years, and the package is already a part of the official repository of debian. Actually debian's tayga package includes a few patches: https://salsa.debian.org/debian/tayga/-/tree/debian/master/debian/patches
I just leave it here. We must not return to bug T2189 with this fix.
Jul 21 2022
That's XPN support but GCM-AES-256 was added back in 2018 in https://w1.fi/cgit/hostap/commit/?id=1ff8605775
Put in pull request https://github.com/vyos/vyos-1x/pull/1423
That's what commit 5e510e45f6f9 did :)
As I remember fastnetmon wasn’t rewritten to dict
And requires manual set default value in config dictionary
You can find the latest version of the demo implementation here:
I installed wpa_supplicant version 2.10. But it did not help.
I compared debugs of wpa_supplicant and found the difference
Jul 20 2022
Modyfing file pointed by @Viacheslav , makes ipv6 peer option available.
But while testing config, it's not possible to insert an ipv6 address: validator rejects input.
Validator used: syntax:expression: exec "/opt/vyatta/sbin/vyatta-policy.pl --check-peer-syntax $VAR(@)"; "peer must be either an IP or local"
@daniil Could you re-check it?
It seems wpa_supplicant doesn't support GCM-AES-256
https://w1.fi/wpa_supplicant/devel/dir_4261af1259721e3e39e0d2dd7354b511.html
I have just tested it again. Macsec does not work.
PR with notice:
https://github.com/vyos/vyos-1x/pull/1419
Jul 19 2022
PR for 1.4: https://github.com/vyos/vyos-1x/pull/1418