I looked into it, but there doesn't seem to be a way to temporarily disable a particular interface in DHCP relay.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Feb 24 2023
Have you try getting same result using VRRP transitions scripts?
Looks like a new nightly rolling update was finally released (vyos-1.4-rolling-202302231931-amd64) 🎉 I just installed it and so far it looks good. I'm no longer getting the 502 errors / segfault. Thanks again!
I can confirm adding this packaged worked, you can now mount with
Feb 23 2023
It looks like I also need to add the exfat-fuse package inorder to get the helpers for mounting filesystems.
The above repos are suitable for testing: basic tests in vm's and a Protecli device look fine. Note that the vyos-1x repo artificially disables the potential config mode reordering in order to confirm tests of vyos-interface-monitor.:
https://github.com/vyos/vyos-1x/commit/02d874e65262cbd53b413b3eef659b8e7d78bf31
Hey @fernando thanks for your comment.
Personally I haven't tried openvpn2.6.0 + ovpn-dco on Debian 12 yet. However, there should be no real difference as ovpn-dco can happily run up to linux-6.1/6.2 as well.
@ordex nice your reply here , we're planning to introduce it in our last upgrade version( we need to upgrade openvpn version to work with opvn-dco ) , Di you try it on Debian 12? My current environment was over Debian 11, if you have any suggestion it will good to know.
PR https://github.com/vyos/vyos-1x/pull/1842
vyos@r14:~$ /usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py test_openvpn_client_interfaces (__main__.TestInterfacesOpenVPN.test_openvpn_client_interfaces) ... ok test_openvpn_client_verify (__main__.TestInterfacesOpenVPN.test_openvpn_client_verify) ... ok test_openvpn_options (__main__.TestInterfacesOpenVPN.test_openvpn_options) ... ok test_openvpn_server_net30_topology (__main__.TestInterfacesOpenVPN.test_openvpn_server_net30_topology) ... ok test_openvpn_server_subnet_topology (__main__.TestInterfacesOpenVPN.test_openvpn_server_subnet_topology) ... ok test_openvpn_server_verify (__main__.TestInterfacesOpenVPN.test_openvpn_server_verify) ... ok test_openvpn_site2site_interfaces_tun (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_interfaces_tun) ... ok test_openvpn_site2site_verify (__main__.TestInterfacesOpenVPN.test_openvpn_site2site_verify) ... ok
secret has been deprecated static key mode (non-TLS) is no longer considered "good and secure enough" for today's requirements. Use TLS mode instead. If deploying a PKI CA is considered "too complicated", using --peer-fingerprint makes TLS mode about as easy as using --secret.
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst
Config VyOS:
set interfaces openvpn vtun5001 local-address 203.0.113.1 set interfaces openvpn vtun5001 mode 'site-to-site' set interfaces openvpn vtun5001 remote-address '192.0.2.5' set interfaces openvpn vtun5001 shared-secret-key 'ovpn_test' set pki openvpn shared-secret ovpn_test key '9caf354e0f313b3a671d01e62ea2b512346a651dd30a9e51d6c45dc1031f1b0931eabdf7a0ddcbe1a147ff882ccce35dcb5e1d4d6ddb5e909ca012a8d8e16fe50dd332005dff9a836a2852f36e84e27bad07993a8094c56fb0553866ef74c6c5cc6ddb8f4673d3ff300c48068b944bd8ba1100d41f91d156bcd2629ff39837ddcb34d93147a4aabc7e6ad95d5800c82c8ab60ba302d6625a3b26fbfe183fd6c06d884be44edde344fd0ac91a33064529e010eba0c0f495fa44519fd98adb97452a27fb3340bc20efadd68c9538aa4a238c9f58f542e3571ec78790fdd03e678e18631b82edb9358a2c55ce581d68b71881cad0d0419d4cc58c13641f84281260' set pki openvpn shared-secret ovpn_test version '1'
Feb 22 2023
In T5022#143112, @syncer wrote:@Viacheslav can you see what auth modes supported by keepalive
also I think we don't need to configure bothset high-availablilty vrrp global notification_email [email protected] set high-availablilty vrrp global notification_email_from [email protected]or that is destination and from ?
Yes @syncer . One option is for source and other for destination.
Feb 21 2023
@Viacheslav can you see what auth modes supported by keepalive
also I think we don't need to configure both
Builds completing. ISO worker on Jenkins should be fixed and pushing new rolling images shortly.
Also bug with ifb interface
vyos@r14# set interfaces input ifb0 [edit] vyos@r14# set interfaces ethernet eth0 redirect 'ifb0'
Thanks @Viacheslav https://github.com/vyos/vyos-1x/pull/1838 fixed it for me.
Cherry-pick for 1.3.3 https://github.com/vyos/vyos-1x/pull/1838
it's fixed already in vyos/vyos-build#293 (although in a different way), just downloaded the newest image and tested it. I'm closing this ticket, apologies for the noise.
The thing is we have default values (for example memory) only for the first container:
################################################## {'name': {'multitool': {'description': 'Network multitool container', 'image': 'wbitt/network-multitool:fedora', 'memory': '512', 'network': {'cntr-net': {}}, 'port': {'http': {'destination': '80', 'protocol': 'tcp', 'source': '80'}}, 'restart': 'on-failure', 'shared_memory': '64'}, 'nrpe': {'allow_host_networks': {}, 'image': 'incitem/almalinux9:nrpe', 'protocol': 'tcp'}, 'radius': {'allow_host_networks': {}, 'image': 'dchidell/radius-web', 'protocol': 'tcp', 'volume': {'clients': {'destination': '/etc/raddb/clients.conf', 'mode': 'rw', 'source': '/config/containers/radius/clients'}, 'users': {'destination': '/etc/raddb/users', 'mode': 'rw', 'source': '/config/containers/radius/users'}}}}, 'network': {'cntr-net': {'description': 'VyOS Container Network', 'prefix': ['172.253.253.0/24']}}, 'registry': ['docker.io', 'quay.io']} ##################################################
@Viacheslav Its working fine on latest vyos image. Thanks for support.
Feb 20 2023
Same problem here, on 1.3:
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1833
Feb 19 2023
@c-po confirmed fixed, thank you.
Feb 18 2023
A 2nd proposal could be: