- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Feb 18 2023
When internal hosts are behind NAT, this is working as expected, because of conntrack.
Without a hash, it can be useless.
For example, the client initiates a TCP session:
- SYN is forwarded from the client to 10.0.0.7
- 10.0.0.7 responds with SYN/ACK to the client
- client sends ACK, which is forwarded to 10.0.0.2
Feb 17 2023
I cannot attach the rest of the artifacts due to size limits.
Publishing them on git instead: https://github.com/volodymyrhuti/QPPB_docs
========================================================================================================= The QoS Policy Propagation via BGP feature allows you to classify packets by IP precedence based on the Border Gateway Protocol (BGP) community lists, BGP autonomous system paths, access lists, thus helping to classify based on the destination instead of source address.
PR https://github.com/vyos/vyos-1x/pull/1827
set service pppoe-server authentication mode 'noauth' set service pppoe-server client-ip-pool name foo gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name foo subnet '192.0.2.0/24' set service pppoe-server interface eth1
Check
vyos@r14# cat /run/accel-pppd/pppoe.conf | grep "\[auth" -A 2 [auth] noauth=1
Thanks for clarification @b-
This isn’t specific to WANs at all, no! I am using it for a WAN, so some of my comments reflect that, but really this is just a generic hook for any DHCP interface.
@b- Im not sure 100% sure whats happening, as I am not a developer... I saw your code samples and PR in git...
Feb 16 2023
@mas90 Will be present in the next rolling release.
Could you check when it will available? After 20230215
PR https://github.com/vyos/vyos-1x/pull/1825
set system option keyboard-layout uk
Excellent! I'll check it out and report back. Thank you!
Feb 15 2023
@ammmze That PR is merged, so will be in the next rolling. Kindly let me know of any remaining or other issues you see. I'll add autocannon to my common tests; thanks again for that tip.
In T4971#142523, @fernandolcx wrote:service { + pppoe-server { + authentication { + mode radius + radius { + server 172.31.255.2 { + key 123456 + } + } + } + interface eth1 { + } + } }when I commit, throws me:
Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/service_pppoe-server.py", line 114, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/service_pppoe-server.py", line 60, in verify verify_accel_ppp_base_service(pppoe) File "/usr/lib/python3/dist-packages/vyos/configverify.py", line 424, in verify_accel_ppp_base_service for _, v in config['client_ip_pool']['name'].items(): KeyError: 'client_ip_pool'
Some debugging, the authentication with user vyosunpriv
set protocols bgp address-family l2vpn-evpn vni 100070 route-target both 70:100070
Should return an error, as this is not implemented.
I was wrong. NOT 6 CHILSD_SAs on one tunnel.
6 IKE SAs on one configured tunnel.
I met 2 issues after the last commit.
My config:
Awesome, I am glad to hear the provided info was helpful! Thank you for the quick investigation and explanation.
Feb 14 2023
Again, thanks for the detailed reproducer; that made investigation straightforward. This appears to be simply an 'async' issue for FastAPI, the underlying web framework for vyos-http-api. FastAPI is very good at managing red/blue issues automatically, but in this case we need to explicitly annotate the endpoint method with async: an explicit lock does not appear necessary, though I will need to confirm. I'll provide a PR shortly. Thanks again !
Thanks Keving: https://vyos.dev/T5009
Error still present in 1.4: https://vyos.dev/T5004
FYI When I was troubleshooting I used:
In Both version, restarting relay service solved the issue:
PR with a fix: https://github.com/vyos/vyatta-cfg/pull/61
I can confirm this behavior, which occurs when changing IP address on listening interface (where dhcp-discover is captured).
Issue present in 1.3.2 .
It's also present in latest vyos-1.4-rolling-202302140317, regardless if old interface syntax is used, or if new upstream-interfces plus listen-interface commands are used.
@ammmze Thanks for the detailed report; allow me to investigate.
Here's the commands I ran for node-exporter:
https://github.com/FRRouting/frr/pull/12364
riw777 merged commit 91b6db4 into FRRouting:master Feb 14, 2023
You can either run both address-families through one tunnel
Is there any kind of ETA on this? It hasn't moved in a few months, and it is preventing me from being able to upgrade. I understand this probably isn't a huge priority, but an ETA would be nice.
Feb 13 2023
In T5004#142577, @n.fort wrote:Can you provide this configuration on both setups:
show config comm | grep relay # And route to relay server show ip route <relay_server>
Can you provide this configuration on both setups: