My fault. Sorry.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Oct 14 2022
We already have task T4720
PR https://github.com/vyos/vyos-1x/pull/1596
vyos@r14:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ----------------- ------- -------- -------------- ---------------- ---------------- ----------- --------------------------------------- OFFICE-B-tunnel-0 up 4s 0B/0B 0/0 192.0.2.2 192.0.2.2 AES_CBC_256/HMAC_SHA2_256_128/MODP_1024 vyos@r14:~$ vyos@r14:~$ vyos@r14:~$ reset vpn ipsec-peer OFFICE-B closing CHILD_SA OFFICE-B-tunnel-0{16} with SPIs cc364877_i (0 bytes) c521f540_o (0 bytes) and TS 192.168.0.0/24 === 10.0.0.0/21 CHILD_SA {16} closed successfully generating QUICK_MODE request 1449430238 [ HASH SA No KE ID ID ] sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (332 bytes) received packet: from 192.0.2.2[500] to 192.0.2.1[500] (332 bytes) parsed QUICK_MODE response 1449430238 [ HASH SA No KE ID ID ] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ CHILD_SA OFFICE-B-tunnel-0{17} established with SPIs cd451e27_i cfb63c3c_o and TS 192.168.0.0/24 === 10.0.0.0/21 generating QUICK_MODE request 1449430238 [ HASH ] sending packet: from 192.0.2.1[500] to 192.0.2.2[500] (76 bytes) connection 'OFFICE-B-tunnel-0' established successfully Peer reset result: success vyos@r14:~$
Put in hopefully the last PR for this here, https://github.com/vyos/vyos-1x/pull/1595
Oct 13 2022
I can't reproduce this bug with the latest rolling
vyos@r14# run show conf com | match bgp set protocols bgp address-family ipv4-unicast redistribute connected set protocols bgp neighbor eth1 interface remote-as '65001' set protocols bgp neighbor eth1 interface v6only peer-group 'SPING' set protocols bgp peer-group SPING address-family ipv4-unicast set protocols bgp peer-group SPING address-family ipv6-unicast set protocols bgp peer-group SPING capability extended-nexthop set protocols bgp peer-group SPING password 'foo' set protocols bgp system-as '65001'
@ernstjo Can you reproduce it again?
Should be fixed
@primoz Could you check it again?
As a workaround, you can try to use the "transition script" to manipulate with interfaces
ISC-DHCP-Server does not support vrf's
https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpd
I can't reproduce it
vyos@r14:~$ show conf com | match "vrf|tele" set interfaces ethernet eth1 vrf 'mgmt' set service monitoring telegraf influxdb authentication organization '[email protected]' set service monitoring telegraf influxdb authentication token 'GuRJc12tIzfjnYdKRAIYbxdWd2aTpOT9PVYNddzDnFV4HkAcD7u7-kndTFXjGuXzJN6TTxmrvPODB4mnFcseDV==' set service monitoring telegraf influxdb port '8086' set service monitoring telegraf influxdb url 'https://foo.local' set service monitoring telegraf prometheus-client set service monitoring telegraf vrf 'mgmt' set vrf name mgmt table '1010' vyos@r14:~$
After reboot, the service telegraf works correctly
vyos@r14:~$ sudo systemctl status telegraf ● telegraf.service - The plugin-driven server agent for reporting metrics into InfluxDB Loaded: loaded (/lib/systemd/system/telegraf.service; disabled; vendor preset: enabled) Drop-In: /etc/systemd/system/telegraf.service.d └─10-override.conf Active: active (running) since Thu 2022-10-13 15:24:23 EEST; 1min 19s ago Docs: https://github.com/influxdata/telegraf Main PID: 1868 (telegraf) Tasks: 10 (limit: 9404) Memory: 54.4M CPU: 2.650s CGroup: /system.slice/telegraf.service └─vrf └─mgmt └─1868 /usr/bin/telegraf --config /run/telegraf/telegraf.conf --config-directory /etc/telegraf/telegraf.d --pidfile /run/telegraf/telegraf.pid
KEA DHCP have some hook limitations https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?#available-hook-libraries
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1593
i dont know if this is good or not, next version of radvd will include options la RFC8781 which are not even though for frrouting, even im opening them a request for such feature but i dont expect it to be available anytime soon.
Oct 12 2022
PR https://github.com/vyos/vyos-1x/pull/1586
vyos@r14# commit [ protocols bgp ] Ebgp-multihop can not be used with directly connected neighbor "eth0"
It is highly desirable to reflect this feature in the documentation
Now it is not clear how to configure and use it
For 1.4 was implemented in T3834
That does not change the behavior. I get five messages on session start from bfdd, bgpd, ospfd processes, and 16 messages from all FRR daemons on session stop.
The only way to get rid of them is 'log syslog emergencies' but this filters important events as well.
@aserkin as workaround try to change facility level
vtysh -c "conf t" -c "log facility local0"
But it can affect to bgp logs
+1 for @Viacheslav proposal.
Any suggestions on the problem, guys?
I see a lot of messages regarding these messages appearing in various scenarios since 2017 or even earlier in FRR community. But did not find any solution actually.
@thetooth There is a new feature failover route where you can set metrics
https://github.com/vyos/vyos-1x/pull/1358
It could be extended to some "load-balancing"
I have used this feature in the past but not anymore due to the issues listed in the regressions task. We are now running pfsense purely for LB since this (mostly) works as advertised. Looking back at this current implementation there are some very useful features that are missing.
Oct 11 2022
PR https://github.com/vyos/vyos-1x/pull/1584
vyos@r14# cat /run/telegraf/telegraf.conf | grep 'inputs.exec' -A 8 [[inputs.exec]] commands = [ "/etc/telegraf/custom_scripts/show_firewall_input_filter.py", "/etc/telegraf/custom_scripts/show_interfaces_input_filter.py", "/etc/telegraf/custom_scripts/vyos_services_input_filter.py" ] timeout = "10s" data_format = "influx" [edit] vyos@r14#
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1583
I believe the ISC DHCP is now officially deprecated and EOLed:
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1582
PR https://github.com/vyos/vyos-1x/pull/1581
vyos@r14:~$ show conntrack table ipv6 Entries not found vyos@r14:~$
In T4729#135230, @pasik wrote:Ah, yeah, that's a valid point for gretap.
Anyway, my point was, it would be good to test if the issue/bug also affects plain 'gre', as behind the scenes 'gre' and 'gretap' are handled and configured differently, even though they might seem as very similar in vyos cli/config.
The bug might affect both, but it would be good to check and verify.
Oct 10 2022
PR https://github.com/vyos/vyos-1x/pull/1579
set service dns dynamic interface eth2 ipv6-enable set service dns dynamic interface eth2 service dynv6 host-name 'xxx.dynv6.net' set service dns dynamic interface eth2 service dynv6 login 'none' set service dns dynamic interface eth2 service dynv6 password 'passWorD' set service dns dynamic interface eth2 service dynv6 protocol 'dyndns2' set service dns dynamic interface eth2 service dynv6 server 'dynv6.com'