- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
May 27 2024
May 26 2024
Tested as working in: 1.5-rolling-202405240020
This is actually a "wrong" error, or a real error with a wrong fix.
May 25 2024
[email protected]:~$ show configuration commands | match pki set pki ca STAGING-PEM certificate 'MIIFWzCCA0OgAwIBAgIQTfQrldHumzpMLrM7jRBd1jANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQZWFyIFgxMB4XDTIwMDkwNDAwMDAwMFoXDTI1MDkxNTE2MDAwMFowWTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSgwJgYDVQQDEx8oU1RBR0lORykgQXJ0aWZpY2lhbCBBcHJpY290IFIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6TR8+74b46mOE1FUwBrvxzEYLck3iasmKrcQkb+gy/z9Jy7QNIAl0B9pVKp4YU76JwxF5DOZZhi7vK7SbCkK6FbHlyU5BiDYIxbbfvOL/jVGqdsSjNaJQTg3C3XrJja/HA4WCFEMVoT2wDZm8ABC1N+IQe7Q6FEqc8NwmTSnmmRQm4TQvr06DP+zgFK/MNubxWWDSbSKKTH5im5j2fZfg+j/tM1bGaczFWw8/lSnukyn5J2L+NJYnclzkXoh9nMFnyPmVbfyDPOc4Y25aTzVoeBKXa/cZ5MM+WddjdLbiWvm19f1sYn1aRaAIrkppv7kkn83vcth8XCG39qC2ZvaQIDAQABo4IBEDCCAQwwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTecnpI3zHDplDfn4Uj31c3S10uZTAfBgNVHSMEGDAWgBS182Xy/rAKkh/7PH3zRKCsYyXDFDA2BggrBgEFBQcBAQQqMCgwJgYIKwYBBQUHMAKGGmh0dHA6Ly9zdGcteDEuaS5sZW5jci5vcmcvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zdGcteDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCNDLam9yN0EFxxn/3p+ruWO6n/9goCAM5PT6cC6fkjMs4uas6UGXJjr5j7PoTQf3C1vuxiIGRJC6qxV7yc6U0X+w0Mj85sHI5DnQVWN5+D1er7mp13JJA0xbAbHa3Rlczny2Q82XKui8WHuWra0gb2KLpfboYj1Ghgkhr3gau83pC/WQ8HfkwcvSwhIYqTqxoZUq8HIf3M82qS9aKOZE0CEmSyR1zZqQxJUT7emOUapkUN9poJ9zGc+FgRZvdro0XByphWXDaqMYph0DxW/10ig5j4xmmNDjCRmqIKsKoWA52wBTKKXK1na2ty/lW5dhtAxkz5rVZFd4sgS4J0O+zm6d5GRkWsNJ4knotGXl8vtS3X40KXeb3A5+/3p0qaD215Xq8oSNORfB2oI1kQuyEAJ5xvPTdfwRlyRG3lFYodrRg6poUBD/8fNTXMtzydpRgyzUQZh/18F6B/iW6cbiRN9r2Hkh05Om+q0/6w0DdZe+8YrNpfhSObr/1eVZbKGMIYqKmyZbBNu5ysENIK5MPc14mUeKmFjpN840VR5zunoU52lqpLDua/qIM8idk86xGWxx2ml43DO/Ya/tVZVok0mO0TUjzJIfPqyvr455IsIut4RlCR9Iq0EDTve2/ZwCuGhSjpTUFGSiQrR2JK2Evp+o6AETUkBCO1aw0PpQBPDQ==' set pki certificate vyos acme domain-name 'lr5.wue4.mybll.net' set pki certificate vyos acme email '[email protected]' set pki certificate vyos acme url 'https://acme-staging-v02.api.letsencrypt.org/directory'
Is this meant to be possible this way?
New source release, not in Debian yet: https://github.com/acassen/keepalived/releases/tag/v2.3.1
As far as I can tell the test will always error if the remote matches and neither source-interface and source-address are configured differently, including the case where they're both blank (source-interface == None on both tunnels triggers this particular case).
Only recently moved from 1.3 to 1.5 and noticed rollback-soft immediately (great stuff), the completion message was annoying me too.
May 24 2024
PR for 1.5: https://github.com/vyos/vyos-build/pull/638
I've just been picking at this one tonight because it's close to some areas of interest (DMVPNs in VRFs), so hopefully this input is useful and appropriate:
yes, that would be a very good solution/implementation
Is there already something in the works? As for now, there seem to be issues with regdom settings in VyOS 1.5 anyways (see https://vyos.dev/T6320 "Quirks and Workarounds").
Probably the best way will be moving the config to the vrf section (not implemented)
For example:
set vrf name foo service dhcp-server shared-network-name eth1 option default-router '192.168.1.1' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100' set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'
And start several instances, each with its configuration.
you have to adapt a few more things, if absolutely necessary it also works with several VRFs - but it is very ugly...
FYI: The configuration is valid and works. It just fails during boot.
The similar task for redirect T260
I assume that workaround would only work for a single VRF or can one do something like this?
The following can be configured as a quick and dirty workaround:
May 23 2024
I am already working on the PR :)