PR with the fix: https://github.com/vyos/vyos-build/pull/350
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
May 12 2023
In T5186#148559, @c-po wrote:Reverted Kernel back to 5.4.234 for upcoming 1.3.3. release.
I've create a pull request for this task at https://github.com/vyos/vyos-1x/pull/2002
Reverted Kernel back to 5.4.234 for upcoming 1.3.3. release.
May 11 2023
Backport for 1.3.3 https://github.com/vyos/vyos-1x/pull/2001
@c-po I guess it should be v5.4.234
In T4362#148361, @masterit wrote:one issue.
the migration scripts don't take into account older load balancing configs.if the test > rule > type > ping isn't explicitly set then the rule defaults to the next hop address and ignores the rule entirely.
the default rule seems to be the next hop address for the interface.
set default check type ping https://github.com/vyos/vyos-1x/pull/1998
This issue was tested in two version which are
1.4-rolling-202212080318
1.4-rolling-202209130217
Veth is not ready to work together with netns
As Interface moves entirely to logical stack and with the next commit will be recreated and try to move to netns again. As it doesn't see veth interface which moved to another logical stack, it tryes to recreate this interface.
We should either fix it or revert the previous commit.
May 10 2023
PR:
https://github.com/vyos/vyos-1x/pull/1997
This will remain in draft until corresponding PR fro vyos1x-config is merged.
Add kernel module https://github.com/vyos/vyos-build/pull/348
PR for L2TP https://github.com/vyos/vyos-1x/pull/1988
Not working. The same errors
May 9 2023
one issue.
the migration scripts don't take into account older load balancing configs.
Fixed with rewriting to systemd unit vyos-wan-load-balance.service
In T5213#148346, @joshua.hanley wrote:@Viacheslav Thanks for the prompt response. Not sure if the change will also cover L2TP as well. For example:
set vpn l2tp remote-access authentication radius accounting-interim-interval '60'
Sometimes it stuck for ~1.5 minutes after deleting.
vyos@r14# delete load-balancing [edit] vyos@r14# commit
@Viacheslav Thanks for the prompt response. Not sure if the change will also cover L2TP as well. For example:
PR https://github.com/vyos/vyos-1x/pull/1986
set service pppoe-server authentication mode 'radius' set service pppoe-server authentication radius accounting-interim-interval '60' set service pppoe-server authentication radius server 203.0.113.1 key '123' set service pppoe-server client-ip-pool name POOL-01 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL-01 subnet '192.0.2.0/24' set service pppoe-server interface eth1
In T5186#148294, @rh7819 wrote:this is cause by
tcindex classifier is removed by upstream kernel, so
08:04:48 DEBUG - filter add dev eth1 parent 11: protocol ip prio 1 handle 128 tcindex classid 11:a
fails.
We use FRR as the backend and it uses logical AND for match entries
this is cause by
May 8 2023
PR https://github.com/vyos/vyos-1x/pull/1984
set high-availability disable set high-availability vrrp group GRP01 address 192.0.2.47/32 set high-availability vrrp group GRP01 interface 'eth1' set high-availability vrrp group GRP01 vrid '10'
It doesn't like protocol tcp
vyos@r14# sudo tc filter replace dev eth1 parent 1: protocol all u32 match ip protocol tcp 0xff action police rate 300000000 burst 15k flowid 1:a Illegal "match" [edit] vyos@r14#
But it works with protocol 6
vyos@r14# sudo tc filter replace dev eth1 parent 1: protocol all u32 match ip protocol 6 0xff action police rate 300000000 burst 15k flowid 1:a [edit] vyos@r14#
And next fail:
ardware UUID: 4d6f4d29-1ae8-446f-8d2b-3decd9da64c7
On 1.4-rolling-202305080742, speed limit and protocol detection still not worked out correctly too.
In T3655#143947, @fernando wrote:it doesn't seem the same problem as here, this logic that was applied over this version was vrf not on the table . Could you share full configuration ? there is some point over vrfs / vrf default /leaking that are not clear. So I can replicate the scenery and we see what is going on .
In T5116#147654, @Viacheslav wrote:I think the only solution is to use network namespaces
https://docs.strongswan.org/docs/5.9/howtos/nameSpaces.html