Could you provide config from several items?
How many nodes do we need to reproduce it?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Nov 21 2022
Nov 20 2022
1.3 backport https://github.com/vyos/vyos-1x/pull/1670
ipsec site-to-site peer <name> - it is just a connection name and is not related to the IP address
I'll take a look at TS
vyos@r14# set policy route-map FOO rule 100 action permit [edit] vyos@r14# set policy route-map FOO rule 50 action 'deny' [edit] vyos@r14# set policy route-map FOO rule 50 continue '100' [edit] vyos@r14# [edit] vyos@r14# commit [ policy ] rule 50 "continue" cannot be used with action deny!
Pull request: https://github.com/vyos/vyos-build/pull/286
Nov 19 2022
Thanks
Don’t think that there should be a migration
As new keys were added several days ago.
@Viacheslav Works!
It works as expected now on 1.4-rolling-202211190627, but my system failed to boot with the old key types in the config, so I had to remove them before switching to the new image. Thanks for the quick fix!
Nov 18 2022
as we talked , this behavior is the same on vyos1.3.x/frr7.5.x . the main difference is that on vyos-cli doesn't add this command .
In T973#137840, @elico wrote:@Viacheslav I want to test this, what should be done?
@Arc771 Thanks, Could you check it in the next rolling release after 20221118?
@DerEnderKeks Could you check it in the next rolling release after 20221118?
@Viacheslav I want to test this, what should be done?
set policy route-map MAP-ISP1-AS1001-EXPORT rule 50 action 'deny' set policy route-map MAP-ISP1-AS1001-EXPORT rule 50 continue '100'
Nov 17 2022
I guess it was implemented in the T4750
Should be easy to fix
@marc_s thanks for testing !
Added file:// parser to vyos.remote.download and used that to simplify the code, no need to check if it's local now.
Nov 16 2022
Now as linux-cp available we can consider adding support
thank you
Hello sir,
Nov 15 2022
Pull request: https://github.com/vyos/vyatta-cfg-system/pull/189
We figured out the problem. So for OSPF segment routing to work we need to enable opaque LSA capabilities. So by default VyOS doesn't have opaque LSAs (type 9, type 10, type 11) enabled. So after checking the configuration for the OSPF FRR template I noticed that the actual command to enable opaque LSAs is broken because it's not in the OSPF FRR template. Once we fix that, we'll have working OSPF segment routing.
First of all, sorry for my late reply. I was on vacation and stayed away from IT for a bit ;)
Nov 14 2022
PR https://github.com/vyos/vyos-1x/pull/1657
vyos@r14:~$ show vpn ipsec connections Connection State Type Remote address Local TS Remote TS Proposal ----------------- ----------- ------ ---------------- -------------- ----------- --------------------------------------- OFFICE-B established IKEv1 192.0.2.2 - - AES_CBC/256/HMAC_SHA2_256_128/MODP_1024 OFFICE-B-tunnel-0 up IPsec 192.0.2.2 192.168.0.0/24 10.0.0.0/21 AES_CBC/256/HMAC_SHA2_256_128/MODP_1024 OFFICE-B-tunnel-1 down IPsec 192.0.2.2 192.168.1.0/24 10.0.0.0/21 - OFFICE-B-tunnel-2 down IPsec 192.0.2.2 192.168.2.0/24 10.0.0.0/21 - OFFICE-C down IKEv1 192.0.2.2 - - - OFFICE-C-tunnel-0 down IPsec 192.0.2.2 192.168.5.0/24 10.0.0.0/21 - vyos@r14:~$
@rcit I can assure you were never planned to explicitly disallow embedded IPv4 notation. Moreover, I thought the current validator supports it, even though we didn't have tests for it. I'll take a look!
Created PR to fix this: https://github.com/vyos/vyos-1x/pull/1656
This issue also exists in 1.3 though I didn't backport it.