PR's:
https://github.com/vyos/vyatta-op/pull/59
https://github.com/vyos/vyos-1x/pull/1916
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Mar 28 2023
ipsec statusall will not show any details in the latest rolling release as the ipsec.conf backend is deprecated, and swanctl.conf is being used now. Strongswan 5.9.8-5 package is installed and also charon daemon is replaced with the charon-systemd in this version.
Looks like a PAM configuration issue:
I think it is good to implement a append kernel boot parameter in configuration file. Like mitigations=off to help old platforms to perform well.
Mar 27 2023
Fix pushed to current:
f8522f323
and updated on test server.
Looks good on 1.4-rolling-202303271007:
The site-to-site mode shows that tunnel not configured
Config:
set interfaces openvpn vtun52 description 'Site-to-Site' set interfaces openvpn vtun52 local-address xxx.xxx.0.1 set interfaces openvpn vtun52 local-port '1152' set interfaces openvpn vtun52 mode 'site-to-site' set interfaces openvpn vtun52 persistent-tunnel set interfaces openvpn vtun52 protocol 'udp' set interfaces openvpn vtun52 remote-address 'xxx.xxx.0.2' set interfaces openvpn vtun52 remote-host 'xxx.xxx.41.117' set interfaces openvpn vtun52 remote-port '1152' set interfaces openvpn vtun52 shared-secret-key 's2s'
interface:
vyos@vyos:~$ show int openvpn Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- vtun52 10.52.0.1/32 u/u Site-to-Site
Output show openvpn
vyos@vyos:~$ show openvpn site-to-site No OpenVPN interfaces configured vyos@vyos:~$
Most of the match rules results in:
The required patch is not included in builds and they have the same bug.
Version: VyOS 1.3-stable-202303270442 Release train: equuleus
Mar 26 2023
Mar 25 2023
Mar 24 2023
This sort of config should absolutely persist across both reboots and upgrades!.
it will be option b) it will be persistent accross reboots but not accross upgrades as only files in /config will be migrated to the new image version.
We could also alter the path to /config/user-data/ or make /etc/keepalived/conf.d/ a symlink to /config/user-data/ so that those files will be migrated during an upgrade.
PR for 1.4:
https://github.com/vyos/vyos-1x/pull/1911
PR for 1.3:
https://github.com/vyos/vyos-1x/pull/1912
Mar 23 2023
Mar 22 2023
Added initial implementation here: