I would like to contribute with a PR about this. At the same, time I would need some guidance on identifying the conditions requiring the onlink option to be added.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Nov 16 2023
As I undestand it is possible now to create multiple auth ID's
vyos@r4# set vpn ipsec authentication psk FOO id Possible completions: <text> ID used for authentication
Not sure about other options.
Tested in VyOS 1.4-rolling-202311100309 (AES)
Tested in VyOS 1.4-rolling-202311100309 (3DES)
In VyOS 1.3.4
Configs:
I have a similar setup where I have two VyOS VMs used as VPN routers with some firewalling enabled. Since I use OSPF for dynamic routing I am not able to synchronize the sessions between both routers so in case one VPN router fails the other one can't take over flawlessly. Having conntrack-sync configuration separated from VRRP would be a great benefit.
I tested in VyOS 1.4-rolling-202311100309
https://github.com/vyos/vyos-1x/pull/2492
for equuleus
Tested in VyOS 1.4-rolling-202311100309
Tried with single quotes: ''
This can be done in other areas such as firewall rules already:
Nov 15 2023
PR https://github.com/vyos/vyos-1x/pull/2491
vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth1v10v4 10.10.10.10/24 00:00:5e:00:01:0a foo 1500 u/u eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D eth4 - 52:54:00:2c:51:09 default 1500 A/D eth5 - 52:54:00:f3:1d:e8 default 1500 A/D lo 127.0.0.1/8 00:00:00:00:00:00 default 65536 u/u ::1/128
looks great from my perspective (I've just updated our nodes. Tested on Community Edition client on windows and Connect V3 client on windows and Tunnelblick on Mac all working as expected. (I tested with; 1.5-rolling-202311150738).
nice work!
Created a related feature request but for VRRP here
https://vyos.dev/T5745
to keep track of this request on git
https://github.com/vyos/vyos-1x/pull/1960
Fix was merged into 1.4 and 1.5.
I had entered the command as you have suggested and I think it's working somehow.
This is still an issue in 1.5. I tried importing a cert signed by my own CA and got the same error.
PR for 1.5
https://github.com/vyos/vyos-1x/pull/2483