Accel-ppp does not work with VPP
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jun 10 2024
vyos@vyos:~$ dpkg -l | grep vyos-1x ii vyos-1x 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data ii vyos-1x-vmware 1.5dev0-1669-g77cb661d8 amd64 VyOS configuration scripts and data for VMware vyos@vyos:~$
Updated task description to denote two issues (Bug 1 and Bug 2) with show tech-support report.
Jun 9 2024
@blueish - thanks! Yes, apt-mirror works now - but will it continue to work with the new storage too?
BTW, good to see "deb-src" - but only a few source packages are in there. I think it would be great to have corresponding source for all these *.deb packages in the Debian source package format, then anyone who wants to contribute will be able to use dpkg-buildpackage to rebuild them.
Please share the output of dpkg -l | grep vyos-1x
vyos@vyos# show vpn ipsec | commands set esp-group vpn lifetime '3600' set esp-group vpn pfs 'enable' set esp-group vpn proposal 10 encryption 'aes128gcm128' set esp-group vpn proposal 10 hash 'sha256' set ike-group vpn key-exchange 'ikev2' set ike-group vpn lifetime '7200' set ike-group vpn proposal 10 dh-group '14' set ike-group vpn proposal 10 encryption 'aes128gcm128' set ike-group vpn proposal 10 hash 'sha256' set interface 'eth0' set options virtual-ip set remote-access connection support authentication client-mode 'eap-mschapv2' set remote-access connection support authentication local-id 'ipsec.somedomain' set remote-access connection support authentication local-users username test password 'test' set remote-access connection support authentication server-mode 'x509' set remote-access connection support authentication x509 ca-certificate 'isrgrootx1' set remote-access connection support authentication x509 ca-certificate 'lets-encrypt-r3' set remote-access connection support authentication x509 certificate 'vpn2' set remote-access connection support description 'support remote access' set remote-access connection support esp-group 'vpn' set remote-access connection support ike-group 'vpn' set remote-access connection support local-address 'ip on eth0' set remote-access connection support pool 'support' set remote-access pool support name-server '1.1.1.1' set remote-access pool support name-server '9.9.9.9' set remote-access pool support prefix '192.168.120.64/27' [edit] vyos@vyos#
Please share your full ipsec configuration
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote ipsec.somedomain Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 154, in <module> cert = load_certificate(pki['certificate'][cert_name]['certificate']) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^ KeyError: 'certificate' vyos@vyos:~$ show ver Version: VyOS 1.5-rolling-202406060020 Release train: current Release flavor: generic
Reporter action missing - running this setup in production so does not feel like a bug.
This was merged Thu May 30 16:35:43 2024 +0200 and your image is from 2024-05-30.
Good afternoon I heard that the solution based on nftables is no longer new, but you took it as a basis.
At the same time, I heard that VyOS added support for VPP. Maybe it makes sense to use two implementations?
I don’t want to offend you in any way, I appreciate everything you do.
https://s3-docs.fd.io/vpp/22.06/cli-reference/clis/clicmd_src_plugins_nat_det44.html
I may have figured something out in https://vyos.dev/T4694.
It looks like outbound encap can be matched via routing expressions:
PR created: https://github.com/vyos/vyos-1x/pull/3601
Jun 8 2024
Created a PR with a fix
Added an example how to reproduce it
Currently I'm not sure, might be related to changes from T4519
please , Could you share configuration on how to replicate it ? it's also here the guideline about report a bug :
The suggested change as in matching number of "x" with number of characters in each octet/hextet in the IPv4/IPv6 address will be less anonymizing than todays method.
@blueish want to do a docs article for this?
If you can use the APT then you can create mirror as well - the same way APT talks to the repository. There is no need for additional protocols like rsync.
Draft PR Added: https://github.com/vyos/vyos-1x/pull/3599