- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jun 14 2024
I can now reproduce the issue. The reason I was unable to reproduce this was I missed out that you use an ACME certificate
There is another incompatibility:
The first step in support this is to build the kernel modules thunderbolt and thunderbolt-net.
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote ipsec.somedomain Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 153, in <module> cert_data = load_certificate(pki['certificate'][cert_name]['certificate']) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^ KeyError: 'certificate' vyos@vyos:~$ show ver | match Version: Version: VyOS 1.5-rolling-202406130020 vyos@vyos:~$
While I think the mismatch between PBR-addressable RTs and VRF RTs is a bit odd, the PR's been rejected and could be addressed differently in any case. In the meantime, VRFs with RTs 100-200 are targetable by PBR.
Jun 13 2024
here we can add some prevention to raise error, to avoid that someone uses in EBGP a profile to IBGP, because, the problem is under FRR which syntax brakes the frr-cli.
You are correct, it was a misconfiguration, but there is no way to remove the error.
You need to remove the whole BGP in order to correct the mistake.
How did you manage to revert the error?
This is not the latest image. Please use 1.5-rolling-202406130020
There is no need for set pki letsencrypt or set pki acme as a PEM wil always be provided and we have a common PEM framework.
I've tested it, the problem here is because you change a wrong local role , in your configuration is a rs-client ( IBGP relationship) but when you move to rs-server ( only works with EBGP , this attribute reflect EBGP routes to bgp router clients ) , so, that it's reason why you are not allowed to change :
VyOS :
vyos@vyos# run show configuration commands | match bgp set protocols bgp neighbor 10.88.88.255 address-family ipv4-unicast set protocols bgp neighbor 10.88.88.255 peer-group 'FAST' set protocols bgp peer-group FAST capability dynamic set protocols bgp peer-group FAST graceful-restart 'enable' set protocols bgp peer-group FAST local-role rs-client set protocols bgp peer-group FAST password 'F@st123!' set protocols bgp peer-group FAST remote-as '211186' set protocols bgp peer-group FAST update-source '10.88.88.2' set protocols bgp system-as '211186' [edit] vyos@vyos# delete protocols bgp peer-group FAST local-role rs-client [edit] vyos@vyos# commit [edit]
Have to pospone it untill upgrade FRRouting to version 10.1
The only reason I see why this can happen is that the config.boot format can be unexpected. But this should not happen anymore, because now Cloud-init always runs migrations before doing any work, which should always add required metadata if the original file is a valid VyOS config.
I tend to say that this is not necessary and very dangerous. These modules can easily destroy the VyOS filesystem when used improperly.
I think this one would be fixed by my PR for https://vyos.dev/T6045
@bernhardschmidt Are you able to share the relevant pieces of your VXLAN and VRF config as well?
Personally I thing there should be a difference between setting PKI manually like set pki certificate and set pki ca vs whatever the command is to utilize letsencrypt or acme or whatever they might be called automatically through VyOS (lets say set pki letsencrypt and set pki acme etc).
Jun 12 2024
documentation : https://github.com/vyos/vyos-documentation/pull/1479
Documenting what I've found regarding Bug #2:
confirmed working
please excuse the comment. i ended up on the wrong issue due to a fat finger
Sure thing!
I would have put it on my list. @Fabse if you get stuck or need some support just slack me.
Sure @Viacheslav! I'll try to add the PR. Also thanks for the documentation @nvollmar :)
@nvollmar Do you want to claim the task?
Relevant telegraf documentation: https://github.com/influxdata/telegraf/blob/release-1.31/plugins/outputs/loki/README.md
PR for 1.5: https://github.com/vyos/vyos-build/pull/654
It will be easy to add; you need to generate a new CLI like with "prometheus-client" for example https://github.com/vyos/vyos-1x/blob/03d8c16a12d182a2fb2ab9f7acec5d8cb83937ba/interface-definitions/service_monitoring_telegraf.xml.in#L188-L250
And add template changes https://github.com/vyos/vyos-1x/blob/03d8c16a12d182a2fb2ab9f7acec5d8cb83937ba/data/templates/telegraf/telegraf.j2#L45-L58
For 1.5-rolling-202406120020 it doesnt work even without having a vrf:
vyos@vyos-a# run update geoip Downloaded GeoIP database Error: GeoIP failed to update firewall [edit] vyos@vyos-a#
Unfortunately there is no explaining logging (at least I didn't found any).
Looking into this a bit more. This request is to enable VyOS as a LAC - l2tp v2 client support against an LNS server, for which VyOS already has support. Most LAC's are presented to LNSs as PPPoE connections they are authenticated as LAC clients to an LNS. But there are cases such Andrews & Arnold who allow the l2tp tunnel to come from anywhere.
Upstream bug https://github.com/FRRouting/frr/issues/16013 fixed in https://github.com/FRRouting/frr/pull/16023
Care to elaborate some on that "data integrity issues" claim since you will have integrity changed by all sort of writes (atomic or not)?
There are 2 usecases of option82 when it comes to DHCP:
@aidan-gibson You can build current with the microcode packages included by passing the following to the build script:
In upgrade process