@c-po While I was wrong about the MSS clamp not being applied, the missing clamp-mss-to-pmtu feature and the incorrect MSS limits are both still problems that PR 1557 addresses. I believe we can close this after those issues are addressed.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Dec 14 2022
Dec 13 2022
Dec 12 2022
As I understand it is impossible directly with config option but possible with module omudpspoof
It works. The user connections persist over a reload and configuration changes causes a reload instead of a restart!
Thank you.
Dec 11 2022
@initramfs can we close this?
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
Hi,
same issue on VyOS 1.4-rolling-202212090319
Dec 10 2022
Dec 9 2022
Started a PR for this: https://github.com/vyos/vyos-1x/pull/1702
PR with fix is here: https://github.com/vyos/vyatta-cfg-firewall/pull/35
@klase It is already in the latest rolling release. Could you re-check?
This works,
but if this is the new syntax the cli needs some cleanup.
According to this https://forum.vyos.io/t/vagrant-auth-failure-on-new-vagrant-images/9871/2
This issue is due to T874.
My understanding is that is not changeable, so my proposal is to add the "vagrant insecure key" for the vyos user during the vagrant box creation.
use the next syntax
show bgp ipv4 neighbors x.x.x.x advertised-routes
Dec 8 2022
PR for show/reset functions:
https://github.com/vyos/vyos-1x/pull/1699
fix for 1.4 PR https://github.com/vyos/vyos-1x/pull/1698
vyos@r14# cat /run/accel-pppd/l2tp.conf | grep dae-s dae-server=127.0.0.1:1700,testing123 [edit] vyos@r14#
Dec 7 2022
I can confirm the firewall errors are fixed in the newest rolling VyOS 1.4-rolling-202212070318
Yes they are. 192.168.101.10 - is an ip of vpn remote access subscriber. He's connected to interface l2tp0 (accel-ppp). And i'm just trying to open tcp connection to port 80 on client from peer node.
@aserkin Thanks
Do l2tp clients in the network 192.168.101.x ? And you are trying to connect to some web resource behind l2tp?
The firewall settings does not seem to catch the traffic going out of l2tp* interfaces.
admin@vyos-lns-1:~$ show config commands |grep firewall set firewall interface l2tp* out name 'nodefw' set firewall log-martians 'disable' set firewall name nodefw rule 100 action 'accept' set firewall name nodefw rule 100 protocol 'tcp' set firewall name nodefw rule 100 tcp flags syn set firewall name nodefw rule 100 tcp mss '1300'
Oops. Thank you Nicolas.
Suddenly found myself far behind the current rolling release. Will upgrade first.
I have made the change in my configuration and tested as many configuration changes as I could (I have not tested radius authentication, and other options that are not valid in my setup) and it seems to work with this change without any unwanted side effects.
Dec 6 2022
@dmbaturin It shows only IPv4 routes
Could you also add IPv6?
Should be fixed in T4794
Check please the newest version
@aserkin . Viacheslav commands are present in more recent nighly builds.
Try with one of the latests images.
There's no
set firewall interface
option here:
admin@vyos-lns-1:~$ show version
Version: VyOS 1.4-rolling-202209131208