Source NAT Rules went Out of Range in VyOS 1.4-rolling-202107010320
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jul 2 2021
Jun 27 2021
For RPS, we maybe can adapt https://github.com/bhuanand/rps-rfs-configuration to VyOS?
Jun 25 2021
Jun 23 2021
In T3640#96937, @hagbard wrote:Wireguard has no link states on the interface, the ip command just does an 'administrative' up down, which won't start a renegotiation. The policy description (remove peer) needs to be removed from the wg interface and re-added, otherwise you need to wait until wg tries to rekey which will then eventually renegotiate the entire connection.
The removal was as far as I recall part of the original vyos code, so it may have been removed at one point, I haven't looked into the code yet.For NAT, try setting persistent-keepalive, that is supposed to keep the NAT entry active, even if you have no traffic for the tunnel.
In T3640#96876, @c-po wrote:If your host is behind NAT, could it possibly be that the NAT translation entry expired?
Does the following work:
ip link set dev wg0 down; ip link set dev wg0 up
Jun 22 2021
In T3640#96771, @Viacheslav wrote:We don't use any configuration file for it, so I think we can't use wg-quick
We use "wg set"$ sudo wg set --help Usage: wg set <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...] ]...
Jun 21 2021
In T3640#96759, @Viacheslav wrote:Is it helps in your case?
set interfaces wireguard wg0 disable commit del interfaces wireguard wg0 disable commitThere is no any native command for reset wireguard interface in Linux (as I know). Also, we don't use any daemons which we can restart to "re-establish" session.
Is one host behind nat?
Jun 20 2021
Apr 26 2021
Mar 30 2021
I tried using ssh-keyscan and it's still didn't work for me and it still having the same curl error 60
Mar 15 2021
In T3409#89863, @runar wrote: