set protocols bgp address-family l2vpn-evpn vni 100070 route-target both 70:100070
Should return an error, as this is not implemented.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Feb 15 2023
Feb 15 2023
I was wrong. NOT 6 CHILSD_SAs on one tunnel.
6 IKE SAs on one configured tunnel.
I met 2 issues after the last commit.
My config:
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from Finished to 1.3.3 on the VyOS 1.3 Equuleus board.
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from 1.3.3 to Finished on the VyOS 1.3 Equuleus board.
Viacheslav edited projects for T5009: op-mode command: restart dhcp relay-agent not working, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus.
a.apostoliuk changed the status of T4985: reset vpn ipsec-peer command with peer name does not work from In progress to Needs testing.
Viacheslav triaged T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set as High priority.
Awesome, I am glad to hear the provided info was helpful! Thank you for the quick investigation and explanation.
Feb 14 2023
Feb 14 2023
GitHub <noreply@github.com> committed rVYOSONEXbf99fd112254: Merge pull request #1818 from c-po/equuleus (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEX9538a74382ff: Merge pull request #1820 from nicolas-fort/T5009-restart-relay (authored by dmbaturin).
jestabro changed the status of T5006: Http api segfault with concurrent requests from Open to In progress.
Again, thanks for the detailed reproducer; that made investigation straightforward. This appears to be simply an 'async' issue for FastAPI, the underlying web framework for vyos-http-api. FastAPI is very good at managing red/blue issues automatically, but in this case we need to explicitly annotate the endpoint method with async: an explicit lock does not appear necessary, though I will need to confirm. I'll provide a PR shortly. Thanks again !
n.fort changed the status of T5009: op-mode command: restart dhcp relay-agent not working from Confirmed to In progress.
n.fort added a comment to T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces.
Thanks Keving: https://vyos.dev/T5009
n.fort changed the status of T5009: op-mode command: restart dhcp relay-agent not working from Open to Confirmed.
Error still present in 1.4: https://vyos.dev/T5004
kevin.roberts.sealingtech added a comment to T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces.
FYI When I was troubleshooting I used:
n.fort added a comment to T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces.
In Both version, restarting relay service solved the issue:
GitHub <noreply@github.com> committed rVYOSONEXbfbc88defa84: Merge pull request #1819 from aapostoliuk/T4985-sagitta (authored by c-po).
zsdc changed the status of T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set from Confirmed to In progress.
PR with a fix: https://github.com/vyos/vyatta-cfg/pull/61
n.fort changed Version from VyOS LTS 1.3.2 to VyOS LTS 1.3.2 - vyos-1.4-rolling-202302140317 on T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces.
n.fort changed the status of T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces from Open to Confirmed.
n.fort added a comment to T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces.
I can confirm this behavior, which occurs when changing IP address on listening interface (where dhcp-discover is captured).
Issue present in 1.3.2 .
It's also present in latest vyos-1.4-rolling-202302140317, regardless if old interface syntax is used, or if new upstream-interfces plus listen-interface commands are used.
@ammmze Thanks for the detailed report; allow me to investigate.
anon3fe35 added a comment to T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536.
Here's the commands I ran for node-exporter:
https://github.com/FRRouting/frr/pull/12364
riw777 merged commit 91b6db4 into FRRouting:master Feb 14, 2023
a.apostoliuk moved T4968: VPN IPsec check dpd and close action for empty values from Open to Finished on the VyOS 1.4 Sagitta board.
a.apostoliuk changed the status of T4968: VPN IPsec check dpd and close action for empty values from Open to Needs testing.
a.apostoliuk changed the status of T4985: reset vpn ipsec-peer command with peer name does not work from Open to In progress.
You can either run both address-families through one tunnel
Is there any kind of ETA on this? It hasn't moved in a few months, and it is preventing me from being able to upgrade. I understand this probably isn't a huge priority, but an ETA would be nice.
Feb 13 2023
Feb 13 2023
kevin.roberts.sealingtech added a comment to T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces.
In T5004#142577, @n.fort wrote:Can you provide this configuration on both setups:
show config comm | grep relay # And route to relay server show ip route <relay_server>
n.fort added a comment to T5004: DHCP-Relay potential bug. Static configurations of DHCP-Relay Interfaces.
Can you provide this configuration on both setups:
GitHub <noreply@github.com> committed rVYOSONEX3d12327f39b9: Merge pull request #1816 from aapostoliuk/T4968-sagitta (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX5e56daaff4ec: Merge pull request #1813 from sever-sever/T4971-eq (authored by c-po).
n.fort changed the status of T4153: Monitor bandwidth-test initiate not working from Unknown Status to Resolved.
Then lets close it
n.fort added a comment to T4376: DNAT with multiwan and policy routing, incoming connections only work on primary interface.
I have prepared a configuration example using one of the latest 1.4 images, where more features were introduced.
Scenario and requirements:
- One vyos router
- 3 Uplinks to internet (eth0, eth1 and eth2). Static IP used on three links
- 2 VLANs
- vif 2: + New Connections from vif-2 routed through WAN-2 + Server on vif 2 should accept ssh connections from internet, through dnat on 3 WAN interfaces (outside port 122)
- vif 4: + NewConnections from vif-24routed through WAN-2 + Server on vif 4 should accept ssh connections from internet, through dnat on 3 WAN interfaces (outside port 222)
GitHub <noreply@github.com> committed rVYOSONEX9c481b00cae8: Merge pull request #1812 from sever-sever/T1993-eq (authored by dmbaturin).
GitHub <noreply@github.com> committed rVYOSONEXe7d80294ca5a: Merge pull request #1815 from c-po/equuleus (authored by dmbaturin).
Don't see any issue with 1.3
vyos@r1:~$ monitor bandwidth-test initiate 192.168.122.14 ------------------------------------------------------------ Client connecting to 192.168.122.14, TCP port 5001 TCP window size: 85.0 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.122.11 port 58042 connected with 192.168.122.14 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 6.37 GBytes 5.47 Gbits/sec vyos@r1:~$ vyos@r1:~$ show version
a.apostoliuk changed the status of T4993: Can't delete conntrack ignore rule from In progress to Needs testing.
Everything works on version 1.4
a.apostoliuk closed T4905: Convert show nhrp tunnel to tabulate format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
a.apostoliuk moved T4905: Convert show nhrp tunnel to tabulate format from Open to Finished on the VyOS 1.4 Sagitta board.
a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format from In progress to Needs testing.
Alfa80 awarded T4991: Restore path level information to compare output a Like token.
In T4774#142529, @c-po wrote:Please note the WireGuard crypto Key routing concept: https://www.wireguard.com/#cryptokey-routing
Keys should not be re-used
Please note the WireGuard crypto Key routing concept: https://www.wireguard.com/#cryptokey-routing
trae32566 updated subscribers of T4774: Disallow duplicate pubkey on peers of a wireguard interface.
Everything just worked fine.
service {
+ pppoe-server {
+ authentication {
+ mode radius
+ radius {
+ server 172.31.255.2 {
+ key 123456
+ }
+ }
+ }
+ interface eth1 {
+ }
+ }
}sarthurdev moved T5003: Upgrade base system to Debian 12 "Bookworm" from Open to In Progress on the VyOS 1.4 Sagitta board.
sarthurdev changed the status of T5003: Upgrade base system to Debian 12 "Bookworm" from Open to In progress.
Feb 12 2023
Feb 12 2023
Viacheslav changed the status of T4990: Commit results may not be properly saved if power is cut immediately after a successful commit from Open to Needs testing.
Sorry about the trouble - fixed in next rolling release.
Viacheslav changed the status of T4998: pppoe username validation too restrictive (regression) from Open to In progress.
Viacheslav changed the status of T5001: Replace links to the phabricator site from Open to In progress.