Page MenuHomeVyOS Platform
Feed Advanced Search

Jul 2 2021

raphielscape added a comment to T3648: op-mode: nat rules broken.

Source NAT Rules went Out of Range in VyOS 1.4-rolling-202107010320

Jul 2 2021, 1:11 PM · VyOS 1.4 Sagitta

Jun 27 2021

raphielscape added a comment to T2869: Intel ethernet driver defaults sub-optimal.

For RPS, we maybe can adapt https://github.com/bhuanand/rps-rfs-configuration to VyOS?

Jun 27 2021, 12:03 AM

Jun 25 2021

raphielscape created T3648: op-mode: nat rules broken.
Jun 25 2021, 8:48 AM · VyOS 1.4 Sagitta

Jun 23 2021

raphielscape added a comment to T3640: Allow resetting Wireguard interface.

Wireguard has no link states on the interface, the ip command just does an 'administrative' up down, which won't start a renegotiation. The policy description (remove peer) needs to be removed from the wg interface and re-added, otherwise you need to wait until wg tries to rekey which will then eventually renegotiate the entire connection.
The removal was as far as I recall part of the original vyos code, so it may have been removed at one point, I haven't looked into the code yet.

For NAT, try setting persistent-keepalive, that is supposed to keep the NAT entry active, even if you have no traffic for the tunnel.

Jun 23 2021, 3:14 PM
raphielscape added a comment to T3640: Allow resetting Wireguard interface.
In T3640#96876, @c-po wrote:

If your host is behind NAT, could it possibly be that the NAT translation entry expired?

Does the following work:

ip link set dev wg0 down; ip link set dev wg0 up

Jun 23 2021, 6:23 AM

Jun 22 2021

raphielscape added a comment to T3640: Allow resetting Wireguard interface.

We don't use any configuration file for it, so I think we can't use wg-quick
We use "wg set"

$ sudo wg set --help
Usage: wg set <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...] ]...
Jun 22 2021, 3:37 PM

Jun 21 2021

raphielscape added a comment to T3640: Allow resetting Wireguard interface.

Is it helps in your case?

set interfaces wireguard wg0 disable 
commit
del interfaces wireguard wg0 disable 
commit

There is no any native command for reset wireguard interface in Linux (as I know). Also, we don't use any daemons which we can restart to "re-establish" session.
Is one host behind nat?

Jun 21 2021, 3:46 PM

Jun 20 2021

raphielscape created T3640: Allow resetting Wireguard interface.
Jun 20 2021, 2:03 PM

Apr 26 2021

raphielscape created T3501: Allow using more than one tuned profile.
Apr 26 2021, 9:02 PM · VyOS Rolling

Mar 30 2021

raphielscape added a comment to T3439: Commit-archive location not working for scp.

I tried using ssh-keyscan and it's still didn't work for me and it still having the same curl error 60

Mar 30 2021, 1:09 AM · VyOS 1.4 Sagitta

Mar 15 2021

raphielscape added a comment to T3409: Add back TCP-MSS Clamp to PMTU.
In T3409#89863, @runar wrote:
Mar 15 2021, 11:20 AM · VyOS 1.4 Sagitta
raphielscape updated the task description for T3409: Add back TCP-MSS Clamp to PMTU.
Mar 15 2021, 4:50 AM · VyOS 1.4 Sagitta
raphielscape created T3409: Add back TCP-MSS Clamp to PMTU.
Mar 15 2021, 3:48 AM · VyOS 1.4 Sagitta