Configuration
# cat /etc/sshguard/sshguard.conf #### REQUIRED CONFIGURATION #### # Full path to backend executable (required, no default) BACKEND="/usr/lib/x86_64-linux-gnu/sshg-fw-nft-sets"
Feed All Stories
May 4 2022
May 4 2022
Viacheslav added a comment to T4408: Add sshguard to protect against brut-forces.
May 3 2022
May 3 2022
blackhole added a comment to T4362: Wan Load Balancing - Can't create routing tables.
If it helps, I am also getting the exact same errors and problems, would love to see this working please
Viacheslav changed the status of T4380: Feature Request: ocserv: 2FA OTP key generator in VyOS CLI from In progress to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX0400f96c003c: Merge pull request #1310 from sever-sever/T4315 (authored by c-po).
zsdc changed the status of T4407: Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3 from Open to Needs testing.
Resolved in https://github.com/vyos/vyos-cloud-init/pull/54
dtoux added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
Also, these routes getting an administrative distance of 1, which is impossible to override. I believe the default route from DHCP normally has 210 which is manageable. So, the quick workaround could be increasing distance of these routes.
dtoux added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
r24:/home/dtoubelis# cat /var/lib/dhcp/dhclient_eth4.leases
lease {
interface "eth4";
fixed-address 100.123.57.53;
option subnet-mask 255.192.0.0;
option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
option dhcp-lease-time 300;
option routers 100.64.0.1;
option dhcp-message-type 5;
option domain-name-servers 1.1.1.1,8.8.8.8;
option dhcp-server-identifier 100.64.0.1;
option interface-mtu 1500;
option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
renew 2 2022/05/03 12:42:00;
rebind 2 2022/05/03 12:44:26;
expire 2 2022/05/03 12:45:04;
}
lease {
interface "eth4";
fixed-address 100.123.57.53;
option subnet-mask 255.192.0.0;
option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
option dhcp-lease-time 300;
option routers 100.64.0.1;
option dhcp-message-type 5;
option domain-name-servers 1.1.1.1,8.8.8.8;
option dhcp-server-identifier 100.64.0.1;
option interface-mtu 1500;
option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
renew 2 2022/05/03 12:46:34;
rebind 2 2022/05/03 12:48:50;
expire 2 2022/05/03 12:49:28;
}
lease {
interface "eth4";
fixed-address 100.123.57.53;
option subnet-mask 255.192.0.0;
option relay-agent-information 1:4:0:0:4:cf:5:4:64:40:0:1:97:8:1:0:14:ed:0:0:14:ed:98:0;
option dhcp-lease-time 300;
option routers 100.64.0.1;
option dhcp-message-type 5;
option domain-name-servers 1.1.1.1,8.8.8.8;
option dhcp-server-identifier 100.64.0.1;
option interface-mtu 1500;
option rfc3442-classless-static-routes 32,192,168,100,1,0,0,0,0,32,34,120,255,244,0,0,0,0,0,100,64,0,1;
renew 2 2022/05/03 12:51:33;
rebind 2 2022/05/03 12:53:25;
expire 2 2022/05/03 12:54:03;
}
...
}Viacheslav added a comment to T4315: Telegraf - Output to prometheus.
Prometheus server pulls information correctly
Viacheslav added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
Could you also provide cat /var/lib/dhcp/dhclient_eth4.leases ?
no-default-route ignore just option routers and don't touch other options like classless-static-routes
https://github.com/vyos/vyos-1x/blob/2c29a3b3b46c7570f4a509f413b208348c0ce647/data/templates/dhcp-client/ipv4.tmpl#L18-L19
dtoux added a comment to T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
Below is a packet capture from DHCP exchange:
It seems that option 121 has more than one route. Could this be causing the abnormal behavior?
May 2 2022
May 2 2022
Viacheslav added a comment to T4315: Telegraf - Output to prometheus.
c-po added a comment to T4385: bgp: peer-group member cannot override remote-as of peer-group.
We also need to verify remote-as in v6only or interface definitions:
c-po reopened T4385: bgp: peer-group member cannot override remote-as of peer-group as "In progress".
wornet-mwo added a comment to T4403: Charon hangs at 100% CPU when many routes are present.
Done some further research about rt_netlink and charon relationship. As described in the docs of Strongswan the option charon.process_route = no helps and is a good workaround if the destination is always reachable over a known specific interface (i think it can be an issue if wan load-balancing etc. is used).
v.huti added a comment to T4394: Improve VYOS_DEBUG profiling support.
There was some effort to introduce profiling into the system before, but nothing was developed.
The ticket was opened to verify that the timing values displayed in /var/log/vyatta are correct.
The vyos-debug flag enables tracing for actions described in the templates.
This will be a step-by-step walkthrough of the system profiling, as I have found this to have a bunch of non-obvious technical nuances that might get you stuck.
May 1 2022
May 1 2022
c-po moved T4363: salt-minion: default mine_interval option is not set from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
GitHub <noreply@github.com> committed rVYOSONEX2c29a3b3b46c: Merge pull request #1284 from c-po/t4363-salt-equuleus (authored by c-po).
dmbaturin renamed T4402: OpenVPN client-ip-pool option is broken from OpenVPN ifconfig-pool option is broken to OpenVPN client-ip-pool option is broken.
c-po closed T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node as Resolved.
c-po moved T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4369: OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
Apr 30 2022
Apr 30 2022
Apr 29 2022
Apr 29 2022
GitHub <noreply@github.com> committed rVYOSONEXc9e362224a72: Merge pull request #1308 from c-po/t4369-openvpn-equuleus (authored by c-po).
c-po moved T4366: geneve: interface is removed on changes to e.g. description from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
c-po moved T4388: dhcp-server: missing constraint on tftp-server-name option from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
n.fort reassigned T4377: generate tech-support archive includes previous archives from n.fort to Unknown Object (User).
Unknown Object (User) added a comment to T4377: generate tech-support archive includes previous archives.
Apr 28 2022
Apr 28 2022
fernando added a comment to T4399: nhrp - add or delete nhrp tunnel restart opennhrp process.
I've tried with a new spoke and I can't seem to register using `reload-or-restart', although it resolved the lost connectivity issues the opennhrp process needs a full restart. however, if you restart opennhrp daemon it causes different issues and usually the spoke loses connection.
## hub
GitHub <noreply@github.com> committed rVYOSONEX2a2bb78fb1dc: Merge pull request #1286 from c-po/t4633-geneve-equuleus (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXaf04f7148972: Merge pull request #1297 from c-po/t4388-dhcp-equuleus (authored by c-po).
fernando changed the status of T4399: nhrp - add or delete nhrp tunnel restart opennhrp process from Open to Needs testing.