VyOS 1.4.x
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jan 18 2023
VyOS config 1.3.2 :
######### Router 01: master #########
Jan 17 2023
I've testing this command , it works as we expected . At this point I think we should add PR in 1.4 with new section :
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1762
it seems the issue is related no-preemt and interfaces bond , based on keepalived documentation :
Error seems to be present only when bonding interface is configured.
The old script uses too much CPU and RAM, and can even crash on big conntrack tables.
1.3 and 1.4 NAT code should not be mixed. Also 1.4 makes use of the generic op-mode framework which is not present in 1.3 thus a backport is not possible.
Files have been dropped in upstream package libsnmp-base for bullseye version. MIBs moved to vyos-1x repo
updated actual PR https://github.com/vyos/vyos-1x/pull/1761
Jan 16 2023
I believe this change had an unintended side effect:
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1759
Jan 15 2023
Unfortunately this is not a trivial task as WG does the DNS lookup only once on tunnel creation and not subsequently. A 3rd party script would be required to do that.
- Change Summary
Jan 13 2023
We should backport it to 1.3
Jan 12 2023
Jan 11 2023
@jestabro I've created the backport PR just now.
@roedie , thanks.
Will push the backport for 1.3 as well.
So there are 2 options
- Live it as it is, it works as before (but maybe it is a legacy way)
- Return the strongswan.service and use it in all required places (conf-mode, op-mode, dmvpn scripts, etc). So old ipsec/starter must not be overlapped with strongswan.service restarts
Jan 10 2023
I found that if IPSEC lifetime is large(28800) then this problem occurs.
If lifetime eq 1800 sec, everything works.
After return strongswan.starer https://github.com/vyos/vyos-1x/commit/f5f43c6639957f95177bb77d2b569e16d4dab9dc
all looks good now, service can be restored without issues