itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ conf [edit] itconsult@ha-r01a# set interfaces openvpn vtun2 disable [edit] itconsult@ha-r01a# set interfaces openvpn vtun5 disable [edit] itconsult@ha-r01a# commit [edit] itconsult@ha-r01a# set interfaces openvpn vtun1 disable [edit] itconsult@ha-r01a# commit [edit] itconsult@ha-r01a# save Saving configuration to '/config/config.boot'... Done [edit] itconsult@ha-r01a# exit exit itconsult@ha-r01a:~$ sh ver Version: VyOS 1.3.3 Release train: equuleus Built by: Sentrium S.L. Built on: Mon 29 May 2023 12:55 UTC Build UUID: a302f99b-4d44-4a40-82ba-1a4275902d5e Build commit ID: bc64a3a72244b9 Architecture: x86_64 Boot via: installed image System type: KVM guest Hardware vendor: Red Hat Hardware model: KVM Hardware S/N: Hardware UUID: 4eb3487e-35a2-4d93-b140-b1f9480fe4a5 Copyright: VyOS maintainers and contributors itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ sh system image The system currently has the following image(s) installed: 1: 1.4.0-epa1 2: 1.3.3 (default boot) itconsult@ha-r01a:~$ del system image 1/4 Possible completions: Execute the current command Name of image image to delete itconsult@ha-r01a:~$ del system image 1.4.0-epa1 Are you sure you want to delete the "1.4.0-epa1" image? (Yes/No) [No]: y Deleting the "1.4.0-epa1" image... Done itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ sh conf c | strip-private set firewall all-ping 'enable' set firewall broadcast-ping 'disable' set firewall config-trap 'disable' set firewall group network-group internaladdresses network 'xxx.xxx.42.0/24' set firewall group network-group internaladdresses network 'xxx.xxx.23.0/29' set firewall group network-group internaladdresses network 'xxx.xxx.203.24/29' set firewall group network-group internaladdresses network 'xxx.xxx.69.64/29' set firewall group network-group internaladdresses network 'xxx.xxx.72.64/29' set firewall group network-group internaladdresses network 'xxx.xxx.4.208/29' set firewall group network-group outviajt network 'xxx.xxx.23.0/29' set firewall group network-group outviajt network 'xxx.xxx.4.208/29' set firewall ipv6-receive-redirects 'disable' set firewall ipv6-src-route 'disable' set firewall ip-src-route 'disable' set firewall log-martians 'enable' set firewall name TO-ROUTER default-action 'drop' set firewall name TO-ROUTER rule 10 action 'accept' set firewall name TO-ROUTER rule 10 description 'itconsult Local Traffic' set firewall name TO-ROUTER rule 10 protocol 'all' set firewall name TO-ROUTER rule 10 source address 'xxx.xxx.42.0/24' set firewall name TO-ROUTER rule 20 action 'accept' set firewall name TO-ROUTER rule 20 description 'Foreshore link subnet' set firewall name TO-ROUTER rule 20 protocol 'all' set firewall name TO-ROUTER rule 20 source address 'xxx.xxx.95.24/29' set firewall name TO-ROUTER rule 21 action 'accept' set firewall name TO-ROUTER rule 21 description 'Foreshore routed subnet' set firewall name TO-ROUTER rule 21 protocol 'all' set firewall name TO-ROUTER rule 21 source address 'xxx.xxx.69.64/29' set firewall name TO-ROUTER rule 30 action 'accept' set firewall name TO-ROUTER rule 30 description 'Newtel link subnet' set firewall name TO-ROUTER rule 30 protocol 'all' set firewall name TO-ROUTER rule 30 source address 'xxx.xxx.203.32/29' set firewall name TO-ROUTER rule 31 action 'accept' set firewall name TO-ROUTER rule 31 description 'Newtel link subnet' set firewall name TO-ROUTER rule 31 protocol 'all' set firewall name TO-ROUTER rule 31 source address 'xxx.xxx.203.24/29' set firewall name TO-ROUTER rule 40 action 'accept' set firewall name TO-ROUTER rule 40 description 'JT link subnet' set firewall name TO-ROUTER rule 40 protocol 'all' set firewall name TO-ROUTER rule 40 source address 'xxx.xxx.4.208/29' set firewall name TO-ROUTER rule 41 action 'accept' set firewall name TO-ROUTER rule 41 description 'JT routed subnet' set firewall name TO-ROUTER rule 41 protocol 'all' set firewall name TO-ROUTER rule 41 source address 'xxx.xxx.23.0/29' set firewall name TO-ROUTER rule 42 action 'accept' set firewall name TO-ROUTER rule 42 description 'JT BGP peers' set firewall name TO-ROUTER rule 42 protocol 'all' set firewall name TO-ROUTER rule 42 source address 'xxx.xxx.12.56/31' set firewall name TO-ROUTER rule 43 action 'accept' set firewall name TO-ROUTER rule 43 description 'JT BGP peers' set firewall name TO-ROUTER rule 43 protocol 'all' set firewall name TO-ROUTER rule 43 source address 'xxx.xxx.102.192/29' set firewall name TO-ROUTER rule 46 action 'accept' set firewall name TO-ROUTER rule 46 description 'qr broadband' set firewall name TO-ROUTER rule 46 protocol 'all' set firewall name TO-ROUTER rule 46 source address 'xxx.xxx.27.93/32' set firewall name TO-ROUTER rule 47 action 'accept' set firewall name TO-ROUTER rule 47 description 'vp-r01a' set firewall name TO-ROUTER rule 47 protocol 'all' set firewall name TO-ROUTER rule 47 source address 'xxx.xxx.63.136/32' set firewall name TO-ROUTER rule 50 action 'accept' set firewall name TO-ROUTER rule 50 description 'ssh from m70' set firewall name TO-ROUTER rule 50 destination port 'ssh' set firewall name TO-ROUTER rule 50 protocol 'tcp' set firewall name TO-ROUTER rule 50 source address 'xxx.xxx.144.150/32' set firewall name TO-ROUTER rule 51 action 'accept' set firewall name TO-ROUTER rule 51 description 'ssh from m72' set firewall name TO-ROUTER rule 51 destination port 'ssh' set firewall name TO-ROUTER rule 51 protocol 'tcp' set firewall name TO-ROUTER rule 51 source address 'xxx.xxx.34.123/32' set firewall name TO-ROUTER rule 60 action 'accept' set firewall name TO-ROUTER rule 60 description 'VRRP' set firewall name TO-ROUTER rule 60 destination address 'xxx.xxx.0.18' set firewall name TO-ROUTER rule 60 protocol '112' set firewall name TO-ROUTER rule 70 action 'accept' set firewall name TO-ROUTER rule 70 description 'IPSEC UDP' set firewall name TO-ROUTER rule 70 destination port '500,4500,1701' set firewall name TO-ROUTER rule 70 protocol 'udp' set firewall name TO-ROUTER rule 80 action 'accept' set firewall name TO-ROUTER rule 80 description 'IPSEC ESP' set firewall name TO-ROUTER rule 80 protocol 'esp' set firewall name TO-ROUTER rule 100 action 'accept' set firewall name TO-ROUTER rule 100 description 'DHCP' set firewall name TO-ROUTER rule 100 destination port 'bootps' set firewall name TO-ROUTER rule 100 protocol 'udp' set firewall name TO-ROUTER rule 401 action 'accept' set firewall name TO-ROUTER rule 401 description 'wireguard re lvg-r01' set firewall name TO-ROUTER rule 401 destination port '51820' set firewall name TO-ROUTER rule 401 protocol 'udp' set firewall name TO-ROUTER rule 401 source address 'xxx.xxx.69.0/24' set firewall name TO-ROUTER rule 402 action 'accept' set firewall name TO-ROUTER rule 402 description 'wireguard re lvg-r01' set firewall name TO-ROUTER rule 402 destination port '51820' set firewall name TO-ROUTER rule 402 protocol 'udp' set firewall name TO-ROUTER rule 402 source address 'xxx.xxx.70.0/24' set firewall name TO-ROUTER rule 996 action 'accept' set firewall name TO-ROUTER rule 996 description 'ICMP Throughout' set firewall name TO-ROUTER rule 996 protocol 'icmp' set firewall name TO-ROUTER rule 999 action 'reject' set firewall name TO-ROUTER rule 999 description 'Block' set firewall name TO-ROUTER rule 999 log 'disable' set firewall name TO-ROUTER rule 999 protocol 'all' set firewall receive-redirects 'disable' set firewall send-redirects 'enable' set firewall source-validation 'disable' set firewall syn-cookies 'enable' set firewall twa-hazards-protection 'disable' set high-availability vrrp group eth0.20-20 advertise-interval '1' set high-availability vrrp group eth0.20-20 interface 'eth0.20' set high-availability vrrp group eth0.20-20 priority '150' set high-availability vrrp group eth0.20-20 virtual-address xxx.xxx.42.170/28 set high-availability vrrp group eth0.20-20 vrid '20' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:24' set interfaces ethernet eth0 offload gro set interfaces ethernet eth0 offload gso set interfaces ethernet eth0 offload sg set interfaces ethernet eth0 offload tso set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth0 vif 20 address 'xxx.xxx.42.168/28' set interfaces ethernet eth0 vif 20 description 'Hatherley Backbone' set interfaces ethernet eth0 vif 20 firewall local name 'TO-ROUTER' set interfaces ethernet eth0 vif 20 ip ospf cost '10' set interfaces ethernet eth0 vif 20 ip ospf dead-interval '4' set interfaces ethernet eth0 vif 20 ip ospf hello-interval '1' set interfaces ethernet eth0 vif 20 ip ospf priority '120' set interfaces ethernet eth0 vif 20 ip ospf retransmit-interval '5' set interfaces ethernet eth0 vif 20 ip ospf transmit-delay '1' set interfaces ethernet eth0 vif 20 policy route 'outviajt' set interfaces ethernet eth0 vif 122 description 'ONT 509001' set interfaces loopback lo address 'xxx.xxx.42.250/32' set interfaces openvpn vtun1 description 'qr-r01a bb - ha-r01a bb' set interfaces openvpn vtun1 disable set interfaces openvpn vtun1 encryption cipher 'aes256' set interfaces openvpn vtun1 firewall local name 'TO-ROUTER' set interfaces openvpn vtun1 hash 'sha256' set interfaces openvpn vtun1 ip ospf cost '20' set interfaces openvpn vtun1 ip ospf dead-interval '4' set interfaces openvpn vtun1 ip ospf hello-interval '1' set interfaces openvpn vtun1 ip ospf network 'point-to-point' set interfaces openvpn vtun1 ip ospf priority '1' set interfaces openvpn vtun1 ip ospf retransmit-interval '5' set interfaces openvpn vtun1 ip ospf transmit-delay '1' set interfaces openvpn vtun1 local-address xxx.xxx.42.146 subnet-mask 'xxx.xxx.255.252' set interfaces openvpn vtun1 mode 'site-to-site' set interfaces openvpn vtun1 remote-address 'xxx.xxx.42.145' set interfaces openvpn vtun1 remote-host 'xxx.xxx.27.93' set interfaces openvpn vtun1 shared-secret-key-file xxxxxx set interfaces openvpn vtun2 description 'qr-r01b foreshore - ha-r01a bb' set interfaces openvpn vtun2 disable set interfaces openvpn vtun2 encryption cipher 'aes256' set interfaces openvpn vtun2 firewall local name 'TO-ROUTER' set interfaces openvpn vtun2 hash 'sha256' set interfaces openvpn vtun2 ip ospf cost '40' set interfaces openvpn vtun2 ip ospf dead-interval '4' set interfaces openvpn vtun2 ip ospf hello-interval '1' set interfaces openvpn vtun2 ip ospf network 'point-to-point' set interfaces openvpn vtun2 ip ospf priority '1' set interfaces openvpn vtun2 ip ospf retransmit-interval '5' set interfaces openvpn vtun2 ip ospf transmit-delay '1' set interfaces openvpn vtun2 local-address xxx.xxx.42.150 subnet-mask 'xxx.xxx.255.252' set interfaces openvpn vtun2 local-port '1195' set interfaces openvpn vtun2 mode 'site-to-site' set interfaces openvpn vtun2 remote-address 'xxx.xxx.42.149' set interfaces openvpn vtun2 remote-host 'xxx.xxx.95.29' set interfaces openvpn vtun2 remote-port '1195' set interfaces openvpn vtun2 shared-secret-key-file xxxxxx set interfaces openvpn vtun5 description 'vp-r01 - broadband' set interfaces openvpn vtun5 disable set interfaces openvpn vtun5 encryption cipher 'aes256' set interfaces openvpn vtun5 firewall local name 'TO-ROUTER' set interfaces openvpn vtun5 hash 'sha256' set interfaces openvpn vtun5 ip ospf cost '65' set interfaces openvpn vtun5 ip ospf dead-interval '4' set interfaces openvpn vtun5 ip ospf hello-interval '1' set interfaces openvpn vtun5 ip ospf network 'point-to-point' set interfaces openvpn vtun5 ip ospf priority '1' set interfaces openvpn vtun5 ip ospf retransmit-interval '5' set interfaces openvpn vtun5 ip ospf transmit-delay '1' set interfaces openvpn vtun5 local-address xxx.xxx.42.241 subnet-mask 'xxx.xxx.255.252' set interfaces openvpn vtun5 local-port '1198' set interfaces openvpn vtun5 mode 'site-to-site' set interfaces openvpn vtun5 remote-address 'xxx.xxx.42.242' set interfaces openvpn vtun5 remote-host 'xxx.xxx.63.136' set interfaces openvpn vtun5 remote-port '1198' set interfaces openvpn vtun5 shared-secret-key-file xxxxxx set interfaces pppoe pppoe0 authentication password xxxxxx set interfaces pppoe pppoe0 authentication user xxxxxx set interfaces pppoe pppoe0 default-route 'none' set interfaces pppoe pppoe0 firewall local name 'TO-ROUTER' set interfaces pppoe pppoe0 mtu '1492' set interfaces pppoe pppoe0 no-peer-dns set interfaces pppoe pppoe0 source-interface 'eth0.122' set interfaces wireguard wg09 address 'xxx.xxx.136.237/30' set interfaces wireguard wg09 description 'lvg-r01 via JT Broadband/Airtel' set interfaces wireguard wg09 ip ospf dead-interval '4' set interfaces wireguard wg09 ip ospf hello-interval '1' set interfaces wireguard wg09 ip ospf network 'point-to-point' set interfaces wireguard wg09 ip ospf priority '1' set interfaces wireguard wg09 ip ospf retransmit-interval '5' set interfaces wireguard wg09 ip ospf transmit-delay '1' set interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 'xxx.xxx.0.0/0' set interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive '25' set interfaces wireguard wg09 peer to-lvg-r01 pubkey 'CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo=' set interfaces wireguard wg09 port '51820' set interfaces wireguard wg09 private-key xxxxxx set policy as-path-list itconsult rule 10 action 'permit' set policy as-path-list itconsult rule 10 regex '^$' set policy prefix-list default-route rule 10 action 'permit' set policy prefix-list default-route rule 10 prefix 'xxx.xxx.0.0/0' set policy prefix-list itconsult-aggregated rule 10 action 'permit' set policy prefix-list itconsult-aggregated rule 10 prefix 'xxx.xxx.42.0/24' set policy prefix-list rfc1918 rule 10 action 'permit' set policy prefix-list rfc1918 rule 10 prefix 'xxx.xxx.0.0/8' set policy prefix-list rfc1918 rule 11 action 'permit' set policy prefix-list rfc1918 rule 11 ge '9' set policy prefix-list rfc1918 rule 11 prefix 'xxx.xxx.0.0/8' set policy prefix-list rfc1918 rule 20 action 'permit' set policy prefix-list rfc1918 rule 20 prefix 'xxx.xxx.0.0/12' set policy prefix-list rfc1918 rule 21 action 'permit' set policy prefix-list rfc1918 rule 21 ge '13' set policy prefix-list rfc1918 rule 21 prefix 'xxx.xxx.0.0/12' set policy prefix-list rfc1918 rule 30 action 'permit' set policy prefix-list rfc1918 rule 30 prefix 'xxx.xxx.0.0/16' set policy prefix-list rfc1918 rule 31 action 'permit' set policy prefix-list rfc1918 rule 31 ge '17' set policy prefix-list rfc1918 rule 31 prefix 'xxx.xxx.0.0/16' set policy route outviajt rule 10 description 'Internal Traffic' set policy route outviajt rule 10 destination group network-group 'internaladdresses' set policy route outviajt rule 10 set table 'main' set policy route outviajt rule 10 source group network-group 'outviajt' set policy route outviajt rule 20 description 'Out via JT' set policy route outviajt rule 20 set table '1' set policy route outviajt rule 20 source group network-group 'outviajt' set policy route outviajt rule 30 description 'Normal Traffic' set policy route outviajt rule 30 set table 'main' set policy route-map bgp-local-no-export rule 10 action 'permit' set policy route-map bgp-local-no-export rule 10 set community 'no-export' set policy route-map bgp-no-advertise rule 10 action 'deny' set policy route-map static-to-ospf rule 10 action 'permit' set policy route-map static-to-ospf rule 10 description 'Redistribute default route' set policy route-map static-to-ospf rule 10 match ip address prefix-list 'default-route' set policy route-map static-to-ospf rule 20 action 'deny' set policy route-map static-to-ospf rule 20 description 'Do not resistribute anything else' set protocols bgp XXXXXX address-family ipv4-unicast aggregate-address xxx.xxx.42.0/24 set protocols bgp XXXXXX address-family ipv4-unicast network xxx.xxx.42.250/32 route-map 'bgp-local-no-export' set protocols bgp XXXXXX neighbor xxx.xxx.42.213 description 'qr-r01a' set protocols bgp XXXXXX neighbor xxx.xxx.42.213 peer-group 'ITCONSULT' set protocols bgp XXXXXX neighbor xxx.xxx.42.214 description 'vp-r01' set protocols bgp XXXXXX neighbor xxx.xxx.42.214 peer-group 'ITCONSULT' set protocols bgp XXXXXX neighbor xxx.xxx.42.215 description 'ha-r01b' set protocols bgp XXXXXX neighbor xxx.xxx.42.215 peer-group 'ITCONSULT' set protocols bgp XXXXXX neighbor xxx.xxx.42.251 description 'qr-r01b' set protocols bgp XXXXXX neighbor xxx.xxx.42.251 peer-group 'ITCONSULT' set protocols bgp XXXXXX parameters log-neighbor-changes set protocols bgp XXXXXX parameters no-fast-external-failover set protocols bgp XXXXXX peer-group ITCONSULT remote-as '25040' set protocols bgp XXXXXX peer-group ITCONSULT update-source 'xxx.xxx.42.250' set protocols bgp XXXXXX timers holdtime '45' set protocols bgp XXXXXX timers keepalive '5' set protocols ospf area 0 area-type normal set protocols ospf area 0 network 'xxx.xxx.42.160/28' set protocols ospf area 0 network 'xxx.xxx.42.250/32' set protocols ospf area 0 network 'xxx.xxx.42.156/30' set protocols ospf area 0 network 'xxx.xxx.42.200/30' set protocols ospf area 0 network 'xxx.xxx.42.144/30' set protocols ospf area 0 network 'xxx.xxx.42.148/30' set protocols ospf area 0 network 'xxx.xxx.42.240/30' set protocols ospf area 0 network 'xxx.xxx.136.236/30' set protocols ospf default-information originate metric '10' set protocols ospf default-information originate metric-type '1' set protocols ospf log-adjacency-changes detail set protocols ospf redistribute static metric-type '2' set protocols ospf redistribute static route-map 'static-to-ospf' set protocols static interface-route xxx.xxx.63.136/32 next-hop-interface pppoe0 set protocols static interface-route xxx.xxx.69.0/24 next-hop-interface pppoe0 set protocols static interface-route xxx.xxx.70.0/24 next-hop-interface pppoe0 set protocols static interface-route xxx.xxx.12.56/31 next-hop-interface pppoe0 set protocols static interface-route xxx.xxx.27.93/32 next-hop-interface pppoe0 set protocols static interface-route xxx.xxx.95.29/32 next-hop-interface pppoe0 set protocols static route xxx.xxx.0.0/0 blackhole distance '210' set protocols static route xxx.xxx.42.0/24 blackhole distance '210' set protocols static table 1 interface-route xxx.xxx.0.0/0 next-hop-interface pppoe0 set service snmp community [redacted] authorization 'ro' set service snmp community [redacted] network 'xxx.xxx.42.0/24' set service ssh port '22' set system config-management commit-revisions '20' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system domain-name xxxxxx set system host-name xxxxxx set system login banner post-login '' set system login banner pre-login '' set system login user xxxxxx authentication encrypted-password xxxxxx set system login user xxxxxx authentication plaintext-password xxxxxx set system name-server 'xxx.xxx.42.9' set system name-server 'xxx.xxx.42.130' set system ntp listen-address 'xxx.xxx.42.168' set system ntp listen-address 'xxx.xxx.42.250' set system ntp server xxxxx.tld set system ntp server xxxxx.tld set system ntp server xxxxx.tld set system ntp server xxxxx.tld set system syslog global facility all level 'debug' set system syslog global facility protocols level 'debug' set system syslog host xxx.xxx.42.2 facility all level 'debug' set system time-zone 'GB' set traffic-policy itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ ls vyos-1.4.0-epa1-amd64.iso itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ add system image vyos-1.4.0-epa1-amd64.iso Checking SHA256 checksums of files on the ISO image... OK. Done! What would you like to name this image? [1.4.0-epa1]: OK. This image will be named: 1.4.0-epa1 Installing "1.4.0-epa1" image. Copying new release files... Would you like to save the current configuration directory and config file? (Yes/No) [Yes]: Copying current configuration... Would you like to save the SSH host keys from your current configuration? (Yes/No) [Yes]: Copying SSH keys... Running post-install script... Setting up grub configuration... Done. itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ reboot Are you sure you want to reboot this system? [y/N] y Using username "itconsult". itconsult@eth0-20.ha-r01a.itconsult.net's password: itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ sh ver Version: VyOS 1.4.0-epa1 Release train: sagitta Built by: Sentrium S.L. Built on: Thu 22 Feb 2024 19:17 UTC Build UUID: 97f0c92c-b99d-4bde-a67f-079ca030f2a1 Build commit ID: bcac2eb1f9b49c Architecture: x86_64 Boot via: installed image System type: KVM guest Hardware vendor: Red Hat Hardware model: KVM Hardware S/N: Hardware UUID: 4eb3487e-35a2-4d93-b140-b1f9480fe4a5 Copyright: VyOS maintainers and contributors itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ ls -l /tmp total 52 -rw-rw-r-- 1 root vyattacfg 42354 Mar 9 17:40 boot-config-trace drwx------ 3 root root 60 Mar 9 17:40 systemd-private-5b4074f629bc481c89aa0117d93e5660-chrony.service-zCZ9kJ drwx------ 3 root root 60 Mar 9 17:39 systemd-private-5b4074f629bc481c89aa0117d93e5660-haveged.service-8xHIfd drwx------ 3 root root 60 Mar 9 17:39 systemd-private-5b4074f629bc481c89aa0117d93e5660-systemd-logind.service-33uNxL -rw-r--r-- 1 root vyattacfg 868 Mar 9 17:40 vyos-configd-script-stdout -rw-rw-r-- 1 root vyattacfg 2 Mar 9 17:40 vyos-config-status itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ cat /tmp/vyos-config-status 1 itconsult@ha-r01a:~$ cat /tmp/vyos-configd-script-stdout WARNING: changing speed/duplex setting on "eth0" is unsupported! DEPRECATION WARNING: OpenVPN shared-secret support will be removed in future VyOS versions. Please migrate your site-to-site tunnels to TLS. You can use self-signed certificates with peer fingerprint verification, consult the documentation for details. DEPRECATION WARNING: OpenVPN shared-secret support will be removed in future VyOS versions. Please migrate your site-to-site tunnels to TLS. You can use self-signed certificates with peer fingerprint verification, consult the documentation for details. DEPRECATION WARNING: OpenVPN shared-secret support will be removed in future VyOS versions. Please migrate your site-to-site tunnels to TLS. You can use self-signed certificates with peer fingerprint verification, consult the documentation for details. Interface "vtun1" does not exist! itconsult@ha-r01a:~$ cat /tmp/boot-config-trace Traceback (most recent call last): File "/usr/libexec/vyos/vyos-boot-config-loader.py", line 144, in commit_out = session.commit() ^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 187, in commit out = self.__run_command([COMMIT]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command raise ConfigSessionError(output) vyos.configsession.ConfigSessionError: Processing the Priority Queue Entering the _commit_check_cfg_node Executing the "system domain-name itconsult.net" ... Elapsed 0.018 sec: Executing the "system host-name ha-r01a" ... Elapsed 0.005 sec: Elapsed 0.023 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "system domain-name itconsult.net" ... [ system domain-name itconsult.net ] sudo: unable to resolve host ha-r01a: System error Elapsed 1.228 sec: Executing the "system host-name ha-r01a" ... Elapsed 0.126 sec: Elapsed 1.355 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "system time-zone GB" ... Elapsed 0.521 sec: Elapsed 0.521 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "system time-zone GB" ... Elapsed 0.082 sec: Elapsed 0.082 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "policy as-path-list itconsult rule 10" ... Elapsed 0.052 sec: Executing the "policy as-path-list itconsult rule 10 action permit" ... Elapsed 0.006 sec: Executing the "policy prefix-list default-route" ... Elapsed 0.005 sec: Executing the "policy prefix-list default-route rule 10" ... Elapsed 0.010 sec: Executing the "policy prefix-list default-route rule 10 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list default-route rule 10 prefix 0.0.0.0/0" ... Elapsed 0.012 sec: Executing the "policy prefix-list itconsult-aggregated" ... Elapsed 0.005 sec: Executing the "policy prefix-list itconsult-aggregated rule 10" ... Elapsed 0.010 sec: Executing the "policy prefix-list itconsult-aggregated rule 10 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list itconsult-aggregated rule 10 prefix 193.201.42.0/24" ... Elapsed 0.011 sec: Executing the "policy prefix-list rfc1918" ... Elapsed 0.005 sec: Executing the "policy prefix-list rfc1918 rule 10" ... Elapsed 0.010 sec: Executing the "policy prefix-list rfc1918 rule 10 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list rfc1918 rule 10 prefix 10.0.0.0/8" ... Elapsed 0.012 sec: Executing the "policy prefix-list rfc1918 rule 11" ... Elapsed 0.010 sec: Executing the "policy prefix-list rfc1918 rule 11 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list rfc1918 rule 11 ge 9" ... Elapsed 0.010 sec: Executing the "policy prefix-list rfc1918 rule 11 prefix 10.0.0.0/8" ... Elapsed 0.012 sec: Executing the "policy prefix-list rfc1918 rule 20" ... Elapsed 0.010 sec: Executing the "policy prefix-list rfc1918 rule 20 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list rfc1918 rule 20 prefix 172.16.0.0/12" ... Elapsed 0.011 sec: Executing the "policy prefix-list rfc1918 rule 21" ... Elapsed 0.009 sec: Executing the "policy prefix-list rfc1918 rule 21 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list rfc1918 rule 21 ge 13" ... Elapsed 0.011 sec: Executing the "policy prefix-list rfc1918 rule 21 prefix 172.16.0.0/12" ... Elapsed 0.012 sec: Executing the "policy prefix-list rfc1918 rule 30" ... Elapsed 0.010 sec: Executing the "policy prefix-list rfc1918 rule 30 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list rfc1918 rule 30 prefix 192.168.0.0/16" ... Elapsed 0.012 sec: Executing the "policy prefix-list rfc1918 rule 31" ... Elapsed 0.010 sec: Executing the "policy prefix-list rfc1918 rule 31 action permit" ... Elapsed 0.005 sec: Executing the "policy prefix-list rfc1918 rule 31 ge 17" ... Elapsed 0.010 sec: Executing the "policy prefix-list rfc1918 rule 31 prefix 192.168.0.0/16" ... Elapsed 0.012 sec: Executing the "policy route-map bgp-local-no-export" ... Elapsed 0.005 sec: Executing the "policy route-map bgp-local-no-export rule 10" ... Elapsed 0.009 sec: Executing the "policy route-map bgp-local-no-export rule 10 action permit" ... Elapsed 0.005 sec: Executing the "policy route-map bgp-no-advertise" ... Elapsed 0.005 sec: Executing the "policy route-map bgp-no-advertise rule 10" ... Elapsed 0.009 sec: Executing the "policy route-map bgp-no-advertise rule 10 action deny" ... Elapsed 0.005 sec: Executing the "policy route-map static-to-ospf" ... Elapsed 0.005 sec: Executing the "policy route-map static-to-ospf rule 10" ... Elapsed 0.010 sec: Executing the "policy route-map static-to-ospf rule 10 action permit" ... Elapsed 0.006 sec: Executing the "policy route-map static-to-ospf rule 10 description Redistribute default route" ... Elapsed 0.005 sec: Executing the "policy route-map static-to-ospf rule 20" ... Elapsed 0.010 sec: Executing the "policy route-map static-to-ospf rule 20 action deny" ... Elapsed 0.004 sec: Executing the "policy route-map static-to-ospf rule 20 description Do not resistribute anything else" ... Elapsed 0.004 sec: Elapsed 0.419 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "policy" ... Elapsed 2.389 sec: Elapsed 2.389 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "policy route outviajt" ... Elapsed 0.005 sec: Executing the "policy route outviajt interface eth0.20" ... Elapsed 0.011 sec: Executing the "policy route outviajt rule 10" ... Elapsed 0.010 sec: Executing the "policy route outviajt rule 10 description Internal Traffic" ... Elapsed 0.005 sec: Executing the "policy route outviajt rule 10 set table main" ... Elapsed 0.010 sec: Executing the "policy route outviajt rule 20" ... Elapsed 0.010 sec: Executing the "policy route outviajt rule 20 description Out via JT" ... Elapsed 0.005 sec: Executing the "policy route outviajt rule 20 set table 1" ... Elapsed 0.009 sec: Executing the "policy route outviajt rule 30" ... Elapsed 0.009 sec: Executing the "policy route outviajt rule 30 description Normal Traffic" ... Elapsed 0.005 sec: Executing the "policy route outviajt rule 30 set table main" ... Elapsed 0.009 sec: Elapsed 0.092 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "policy route outviajt" ... Elapsed 0.141 sec: Elapsed 0.141 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Elapsed 0.000 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "system conntrack" ... Elapsed 0.225 sec: Elapsed 0.225 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "interfaces loopback lo" ... Elapsed 0.005 sec: Executing the "interfaces loopback lo address 193.201.42.250/32" ... Elapsed 0.017 sec: Elapsed 0.022 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "interfaces loopback lo" ... Elapsed 0.239 sec: Elapsed 0.240 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Elapsed 0.000 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "pki" ... Elapsed 0.072 sec: Elapsed 0.072 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "interfaces ethernet eth0" ... Elapsed 0.005 sec: Executing the "interfaces ethernet eth0 duplex auto" ... Elapsed 0.005 sec: Executing the "interfaces ethernet eth0 hw-id 00:16:3e:e0:be:24" ... Elapsed 0.019 sec: Executing the "interfaces ethernet eth0 speed auto" ... Elapsed 0.005 sec: Executing the "interfaces ethernet eth0 vif 20" ... Elapsed 0.010 sec: Executing the "interfaces ethernet eth0 vif 20 address 193.201.42.168/28" ... Elapsed 0.012 sec: Executing the "interfaces ethernet eth0 vif 20 description Hatherley Backbone" ... Elapsed 0.005 sec: Executing the "interfaces ethernet eth0 vif 122" ... Elapsed 0.009 sec: Executing the "interfaces ethernet eth0 vif 122 description ONT 509001" ... Elapsed 0.005 sec: Elapsed 0.079 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "interfaces ethernet eth0" ... Elapsed 0.960 sec: Elapsed 0.960 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "firewall global-options all-ping enable" ... Elapsed 0.011 sec: Executing the "firewall global-options broadcast-ping disable" ... Elapsed 0.011 sec: Executing the "firewall global-options ipv6-receive-redirects disable" ... Elapsed 0.011 sec: Executing the "firewall global-options ipv6-src-route disable" ... Elapsed 0.010 sec: Executing the "firewall global-options ip-src-route disable" ... Elapsed 0.009 sec: Executing the "firewall global-options log-martians enable" ... Elapsed 0.012 sec: Executing the "firewall global-options receive-redirects disable" ... Elapsed 0.010 sec: Executing the "firewall global-options send-redirects enable" ... Elapsed 0.009 sec: Executing the "firewall global-options source-validation disable" ... Elapsed 0.012 sec: Executing the "firewall global-options syn-cookies enable" ... Elapsed 0.010 sec: Executing the "firewall global-options twa-hazards-protection disable" ... Elapsed 0.014 sec: Executing the "firewall group network-group internaladdresses" ... Elapsed 0.009 sec: Executing the "firewall group network-group internaladdresses network 193.201.42.0/24" ... Elapsed 0.032 sec: Executing the "firewall group network-group internaladdresses network 212.9.23.0/29" ... Elapsed 0.024 sec: Executing the "firewall group network-group internaladdresses network 213.133.203.24/29" ... Elapsed 0.023 sec: Executing the "firewall group network-group internaladdresses network 213.167.69.64/29" ... Elapsed 0.025 sec: Executing the "firewall group network-group internaladdresses network 213.167.72.64/29" ... Elapsed 0.025 sec: Executing the "firewall group network-group internaladdresses network 212.9.4.208/29" ... Elapsed 0.032 sec: Executing the "firewall group network-group outviajt" ... Elapsed 0.010 sec: Executing the "firewall group network-group outviajt network 212.9.23.0/29" ... Elapsed 0.024 sec: Executing the "firewall group network-group outviajt network 212.9.4.208/29" ... Elapsed 0.027 sec: Executing the "firewall ipv4 input filter default-action accept" ... Elapsed 0.010 sec: Executing the "firewall ipv4 input filter rule 5" ... Elapsed 0.010 sec: Executing the "firewall ipv4 input filter rule 5 action jump" ... Elapsed 0.006 sec: Executing the "firewall ipv4 input filter rule 5 inbound-interface name eth0.20" ... Elapsed 0.065 sec: Executing the "firewall ipv4 input filter rule 10" ... Elapsed 0.010 sec: Executing the "firewall ipv4 input filter rule 10 action jump" ... Elapsed 0.005 sec: Executing the "firewall ipv4 input filter rule 10 inbound-interface name pppoe0" ... Elapsed 0.056 sec: Executing the "firewall ipv4 input filter rule 15" ... Elapsed 0.012 sec: Executing the "firewall ipv4 input filter rule 15 action jump" ... Elapsed 0.005 sec: Executing the "firewall ipv4 input filter rule 15 inbound-interface name vtun1" ... Elapsed 0.052 sec: Executing the "firewall ipv4 input filter rule 20" ... Elapsed 0.010 sec: Executing the "firewall ipv4 input filter rule 20 action jump" ... Elapsed 0.005 sec: Executing the "firewall ipv4 input filter rule 20 inbound-interface name vtun2" ... Elapsed 0.056 sec: Executing the "firewall ipv4 input filter rule 25" ... Elapsed 0.012 sec: Executing the "firewall ipv4 input filter rule 25 action jump" ... Elapsed 0.005 sec: Executing the "firewall ipv4 input filter rule 25 inbound-interface name vtun5" ... Elapsed 0.056 sec: Executing the "firewall ipv4 name TO-ROUTER" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER default-action drop" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 10" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 10 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 10 description itconsult Local Traffic" ... Elapsed 0.004 sec: Executing the "firewall ipv4 name TO-ROUTER rule 10 protocol all" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 10 source address 193.201.42.0/24" ... Elapsed 0.030 sec: Executing the "firewall ipv4 name TO-ROUTER rule 20" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 20 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 20 description Foreshore link subnet" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 20 protocol all" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 20 source address 213.167.95.24/29" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 21" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 21 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 21 description Foreshore routed subnet" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 21 protocol all" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 21 source address 213.167.69.64/29" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 30" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 30 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 30 description Newtel link subnet" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 30 protocol all" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 30 source address 213.133.203.32/29" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 31" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 31 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 31 description Newtel link subnet" ... Elapsed 0.004 sec: Executing the "firewall ipv4 name TO-ROUTER rule 31 protocol all" ... Elapsed 0.055 sec: Executing the "firewall ipv4 name TO-ROUTER rule 31 source address 213.133.203.24/29" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 40" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 40 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 40 description JT link subnet" ... Elapsed 0.004 sec: Executing the "firewall ipv4 name TO-ROUTER rule 40 protocol all" ... Elapsed 0.055 sec: Executing the "firewall ipv4 name TO-ROUTER rule 40 source address 212.9.4.208/29" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 41" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 41 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 41 description JT routed subnet" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 41 protocol all" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 41 source address 212.9.23.0/29" ... Elapsed 0.056 sec: Executing the "firewall ipv4 name TO-ROUTER rule 42" ... Elapsed 0.011 sec: Executing the "firewall ipv4 name TO-ROUTER rule 42 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 42 description JT BGP peers" ... Elapsed 0.004 sec: Executing the "firewall ipv4 name TO-ROUTER rule 42 protocol all" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 42 source address 212.9.12.56/31" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 43" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 43 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 43 description JT BGP peers" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 43 protocol all" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 43 source address 87.244.102.192/29" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 46" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 46 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 46 description qr broadband" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 46 protocol all" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 46 source address 212.9.27.93/32" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 47" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 47 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 47 description vp-r01a" ... Elapsed 0.004 sec: Executing the "firewall ipv4 name TO-ROUTER rule 47 protocol all" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 47 source address 107.191.63.136/32" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 50" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 50 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 50 description ssh from m70" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 50 destination port ssh" ... Elapsed 0.085 sec: Executing the "firewall ipv4 name TO-ROUTER rule 50 protocol tcp" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 50 source address 139.162.144.150/32" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 51" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 51 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 51 description ssh from m72" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 51 destination port ssh" ... Elapsed 0.078 sec: Executing the "firewall ipv4 name TO-ROUTER rule 51 protocol tcp" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 51 source address 45.63.34.123/32" ... Elapsed 0.030 sec: Executing the "firewall ipv4 name TO-ROUTER rule 60" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 60 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 60 description VRRP" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 60 destination address 224.0.0.18" ... Elapsed 0.034 sec: Executing the "firewall ipv4 name TO-ROUTER rule 60 protocol 112" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 70" ... Elapsed 0.010 sec: Executing the "firewall ipv4 name TO-ROUTER rule 70 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 70 description IPSEC UDP" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 70 destination port 500,4500,1701" ... Elapsed 0.077 sec: Executing the "firewall ipv4 name TO-ROUTER rule 70 protocol udp" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 80" ... Elapsed 0.010 sec: Executing the "firewall ipv4 name TO-ROUTER rule 80 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 80 description IPSEC ESP" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 80 protocol esp" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 100" ... Elapsed 0.010 sec: Executing the "firewall ipv4 name TO-ROUTER rule 100 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 100 description DHCP" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 100 destination port bootps" ... Elapsed 0.077 sec: Executing the "firewall ipv4 name TO-ROUTER rule 100 protocol udp" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 401" ... Elapsed 0.010 sec: Executing the "firewall ipv4 name TO-ROUTER rule 401 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 401 description wireguard re lvg-r01" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 401 destination port 51820" ... Elapsed 0.077 sec: Executing the "firewall ipv4 name TO-ROUTER rule 401 protocol udp" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 401 source address 185.16.69.0/24" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 402" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 402 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 402 description wireguard re lvg-r01" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 402 destination port 51820" ... Elapsed 0.077 sec: Executing the "firewall ipv4 name TO-ROUTER rule 402 protocol udp" ... Elapsed 0.053 sec: Executing the "firewall ipv4 name TO-ROUTER rule 402 source address 185.16.70.0/24" ... Elapsed 0.029 sec: Executing the "firewall ipv4 name TO-ROUTER rule 996" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 996 action return" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 996 description ICMP Throughout" ... Elapsed 0.004 sec: Executing the "firewall ipv4 name TO-ROUTER rule 996 protocol icmp" ... Elapsed 0.052 sec: Executing the "firewall ipv4 name TO-ROUTER rule 999" ... Elapsed 0.009 sec: Executing the "firewall ipv4 name TO-ROUTER rule 999 action reject" ... Elapsed 0.005 sec: Executing the "firewall ipv4 name TO-ROUTER rule 999 description Block" ... Elapsed 0.004 sec: Executing the "firewall ipv4 name TO-ROUTER rule 999 protocol all" ... Elapsed 0.052 sec: Elapsed 3.280 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "firewall" ... Elapsed 0.591 sec: Elapsed 0.591 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "interfaces pppoe pppoe0" ... Elapsed 0.005 sec: Executing the "interfaces pppoe pppoe0 authentication password [redacted]" ... Elapsed 0.005 sec: Executing the "interfaces pppoe pppoe0 authentication username mrichardson8" ... Elapsed 0.005 sec: Executing the "interfaces pppoe pppoe0 mtu 1492" ... Elapsed 0.009 sec: Executing the "interfaces pppoe pppoe0 source-interface eth0.122" ... Elapsed 0.009 sec: Elapsed 0.035 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "interfaces pppoe pppoe0" ... Elapsed 0.111 sec: Elapsed 0.111 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "interfaces wireguard wg09" ... Elapsed 0.005 sec: Executing the "interfaces wireguard wg09 address 10.193.136.237/30" ... Elapsed 0.015 sec: Executing the "interfaces wireguard wg09 description lvg-r01 via JT Broadband/Airtel" ... Elapsed 0.005 sec: Executing the "interfaces wireguard wg09 peer to-lvg-r01" ... Elapsed 0.004 sec: Executing the "interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 0.0.0.0/0" ... Elapsed 0.026 sec: Executing the "interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive 25" ... Elapsed 0.009 sec: Executing the "interfaces wireguard wg09 peer to-lvg-r01 public-key [redacted]" ... Elapsed 0.076 sec: Executing the "interfaces wireguard wg09 port 51820" ... Elapsed 0.010 sec: Executing the "interfaces wireguard wg09 private-key [redacted]" ... Elapsed 0.064 sec: Elapsed 0.217 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "interfaces wireguard wg09" ... Elapsed 1.841 sec: Elapsed 1.842 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "system name-server 193.201.42.9" ... Elapsed 0.017 sec: Executing the "system name-server 193.201.42.130" ... Elapsed 0.015 sec: Elapsed 0.033 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "system name-server 193.201.42.9" ... Elapsed 0.150 sec: Executing the "system name-server 193.201.42.130" ... Elapsed 0.135 sec: Executing the "system name-server 193.201.42.9" ... Elapsed 0.121 sec: Executing the "system name-server 193.201.42.130" ... Elapsed 0.131 sec: Elapsed 0.539 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "system syslog global facility all" ... Elapsed 0.005 sec: Executing the "system syslog global facility all level debug" ... Elapsed 0.005 sec: Executing the "system syslog global facility local7" ... Elapsed 0.005 sec: Executing the "system syslog global facility local7 level debug" ... Elapsed 0.005 sec: Executing the "system syslog host 193.201.42.2" ... Elapsed 0.014 sec: Executing the "system syslog host 193.201.42.2 facility all" ... Elapsed 0.005 sec: Executing the "system syslog host 193.201.42.2 facility all level debug" ... Elapsed 0.005 sec: Elapsed 0.046 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "system syslog" ... Elapsed 0.983 sec: Elapsed 0.983 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "system login user itconsult" ... Elapsed 0.006 sec: Executing the "system login user itconsult authentication encrypted-password [redacted]" ... Elapsed 0.005 sec: Elapsed 0.012 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "system login banner" ... Elapsed 0.024 sec: Executing the "system login" ... Elapsed 2.636 sec: Elapsed 2.660 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "system config-management commit-revisions 20" ... Elapsed 0.012 sec: Elapsed 0.012 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "system config-management" ... Elapsed 0.027 sec: Elapsed 0.027 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "interfaces openvpn vtun2" ... Elapsed 0.006 sec: Executing the "interfaces openvpn vtun2 description qr-r01b foreshore - ha-r01a bb" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun2 encryption cipher aes256" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun2 hash sha256" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun2 local-address 193.201.42.150" ... Elapsed 0.013 sec: Executing the "interfaces openvpn vtun2 local-address 193.201.42.150 subnet-mask 255.255.255.252" ... Elapsed 0.014 sec: Executing the "interfaces openvpn vtun2 local-port 1195" ... Elapsed 0.011 sec: Executing the "interfaces openvpn vtun2 mode site-to-site" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun2 remote-address 193.201.42.149" ... Elapsed 0.013 sec: Executing the "interfaces openvpn vtun2 remote-port 1195" ... Elapsed 0.010 sec: Elapsed 0.091 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "interfaces openvpn vtun2" ... Elapsed 0.082 sec: Elapsed 0.082 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "interfaces openvpn vtun1" ... Elapsed 0.006 sec: Executing the "interfaces openvpn vtun1 description qr-r01a bb - ha-r01a bb" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun1 encryption cipher aes256" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun1 hash sha256" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun1 local-address 193.201.42.146" ... Elapsed 0.012 sec: Executing the "interfaces openvpn vtun1 local-address 193.201.42.146 subnet-mask 255.255.255.252" ... Elapsed 0.012 sec: Executing the "interfaces openvpn vtun1 mode site-to-site" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun1 remote-address 193.201.42.145" ... Elapsed 0.012 sec: Elapsed 0.066 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "interfaces openvpn vtun1" ... Elapsed 0.066 sec: Elapsed 0.066 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "interfaces openvpn vtun5" ... Elapsed 0.006 sec: Executing the "interfaces openvpn vtun5 description vp-r01 - broadband" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun5 encryption cipher aes256" ... Elapsed 0.005 sec: Executing the "interfaces openvpn vtun5 hash sha256" ... Elapsed 0.006 sec: Executing the "interfaces openvpn vtun5 local-address 193.201.42.241" ... Elapsed 0.013 sec: Executing the "interfaces openvpn vtun5 local-address 193.201.42.241 subnet-mask 255.255.255.252" ... Elapsed 0.013 sec: Executing the "interfaces openvpn vtun5 local-port 1198" ... Elapsed 0.011 sec: Executing the "interfaces openvpn vtun5 mode site-to-site" ... Elapsed 0.006 sec: Executing the "interfaces openvpn vtun5 remote-address 193.201.42.242" ... Elapsed 0.013 sec: Executing the "interfaces openvpn vtun5 remote-port 1198" ... Elapsed 0.011 sec: Elapsed 0.094 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "interfaces openvpn vtun5" ... Elapsed 0.065 sec: Elapsed 0.065 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "protocols static route 0.0.0.0/0" ... Elapsed 0.013 sec: Executing the "protocols static route 0.0.0.0/0 blackhole distance 210" ... Elapsed 0.010 sec: Executing the "protocols static route 107.191.63.136/32" ... Elapsed 0.012 sec: Executing the "protocols static route 107.191.63.136/32 interface pppoe0" ... Elapsed 0.010 sec: Executing the "protocols static route 185.16.69.0/24" ... Elapsed 0.012 sec: Executing the "protocols static route 185.16.69.0/24 interface pppoe0" ... Elapsed 0.010 sec: Executing the "protocols static route 185.16.70.0/24" ... Elapsed 0.012 sec: Executing the "protocols static route 185.16.70.0/24 interface pppoe0" ... Elapsed 0.010 sec: Executing the "protocols static route 193.201.42.0/24" ... Elapsed 0.012 sec: Executing the "protocols static route 193.201.42.0/24 blackhole distance 210" ... Elapsed 0.010 sec: Executing the "protocols static route 212.9.12.56/31" ... Elapsed 0.012 sec: Executing the "protocols static route 212.9.12.56/31 interface pppoe0" ... Elapsed 0.010 sec: Executing the "protocols static route 212.9.27.93/32" ... Elapsed 0.011 sec: Executing the "protocols static route 212.9.27.93/32 interface pppoe0" ... Elapsed 0.010 sec: Executing the "protocols static route 213.167.95.29/32" ... Elapsed 0.012 sec: Executing the "protocols static route 213.167.95.29/32 interface pppoe0" ... Elapsed 0.012 sec: Executing the "protocols static table 1" ... Elapsed 0.011 sec: Executing the "protocols static table 1 route 0.0.0.0/0" ... Elapsed 0.014 sec: Executing the "protocols static table 1 route 0.0.0.0/0 interface pppoe0" ... Elapsed 0.010 sec: Elapsed 0.223 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "protocols static" ... Elapsed 1.198 sec: Elapsed 1.198 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "protocols ospf area 0" ... Elapsed 0.015 sec: Executing the "protocols ospf area 0 network 193.201.42.160/28" ... Elapsed 0.012 sec: Executing the "protocols ospf area 0 network 193.201.42.250/32" ... Elapsed 0.012 sec: Executing the "protocols ospf area 0 network 193.201.42.156/30" ... Elapsed 0.012 sec: Executing the "protocols ospf area 0 network 193.201.42.200/30" ... Elapsed 0.012 sec: Executing the "protocols ospf area 0 network 193.201.42.144/30" ... Elapsed 0.012 sec: Executing the "protocols ospf area 0 network 193.201.42.148/30" ... Elapsed 0.012 sec: Executing the "protocols ospf area 0 network 193.201.42.240/30" ... Elapsed 0.012 sec: Executing the "protocols ospf area 0 network 10.193.136.236/30" ... Elapsed 0.012 sec: Executing the "protocols ospf default-information originate metric 10" ... Elapsed 0.010 sec: Executing the "protocols ospf default-information originate metric-type 1" ... Elapsed 0.011 sec: Executing the "protocols ospf interface eth0.20" ... Elapsed 0.011 sec: Executing the "protocols ospf interface eth0.20 cost 10" ... Elapsed 0.011 sec: Executing the "protocols ospf interface eth0.20 dead-interval 4" ... Elapsed 0.010 sec: Executing the "protocols ospf interface eth0.20 hello-interval 1" ... Elapsed 0.011 sec: Executing the "protocols ospf interface eth0.20 priority 120" ... Elapsed 0.010 sec: Executing the "protocols ospf interface eth0.20 retransmit-interval 5" ... Elapsed 0.010 sec: Executing the "protocols ospf interface eth0.20 transmit-delay 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun1 cost 20" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun1 dead-interval 4" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun1 hello-interval 1" ... Elapsed 0.011 sec: Executing the "protocols ospf interface vtun1 network point-to-point" ... Elapsed 0.005 sec: Executing the "protocols ospf interface vtun1 priority 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun1 retransmit-interval 5" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun1 transmit-delay 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun2" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun2 cost 40" ... Elapsed 0.011 sec: Executing the "protocols ospf interface vtun2 dead-interval 4" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun2 hello-interval 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun2 network point-to-point" ... Elapsed 0.005 sec: Executing the "protocols ospf interface vtun2 priority 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun2 retransmit-interval 5" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun2 transmit-delay 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun5" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun5 cost 65" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun5 dead-interval 4" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun5 hello-interval 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun5 network point-to-point" ... Elapsed 0.005 sec: Executing the "protocols ospf interface vtun5 priority 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun5 retransmit-interval 5" ... Elapsed 0.010 sec: Executing the "protocols ospf interface vtun5 transmit-delay 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface wg09" ... Elapsed 0.010 sec: Executing the "protocols ospf interface wg09 dead-interval 4" ... Elapsed 0.010 sec: Executing the "protocols ospf interface wg09 hello-interval 1" ... Elapsed 0.009 sec: Executing the "protocols ospf interface wg09 network point-to-point" ... Elapsed 0.005 sec: Executing the "protocols ospf interface wg09 priority 1" ... Elapsed 0.010 sec: Executing the "protocols ospf interface wg09 retransmit-interval 5" ... Elapsed 0.010 sec: Executing the "protocols ospf interface wg09 transmit-delay 1" ... Elapsed 0.009 sec: Executing the "protocols ospf redistribute static metric-type 2" ... Elapsed 0.009 sec: Executing the "protocols ospf redistribute static route-map static-to-ospf" ... Elapsed 0.005 sec: Elapsed 0.528 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "protocols ospf" ... Elapsed 0.026 sec: Elapsed 0.026 sec: _commit_exec_cfg_node [[protocols ospf]] failed Entering the _commit_check_cfg_node Executing the "high-availability vrrp group eth0.20-20 address 193.201.42.170/28" ... Elapsed 0.017 sec: Executing the "high-availability vrrp group eth0.20-20 advertise-interval 1" ... Elapsed 0.009 sec: Executing the "high-availability vrrp group eth0.20-20 interface eth0.20" ... Elapsed 0.009 sec: Executing the "high-availability vrrp group eth0.20-20 priority 150" ... Elapsed 0.009 sec: Executing the "high-availability vrrp group eth0.20-20 vrid 20" ... Elapsed 0.009 sec: Elapsed 0.056 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "high-availability" ... Elapsed 0.995 sec: Elapsed 0.995 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "protocols bgp address-family ipv4-unicast aggregate-address 193.201.42.0/24" ... Elapsed 0.012 sec: Executing the "protocols bgp address-family ipv4-unicast network 193.201.42.250/32" ... Elapsed 0.011 sec: Executing the "protocols bgp address-family ipv4-unicast network 193.201.42.250/32 route-map bgp-local-no-export" ... Elapsed 0.005 sec: Executing the "protocols bgp neighbor 193.201.42.213" ... Elapsed 0.017 sec: Executing the "protocols bgp neighbor 193.201.42.213 description qr-r01a" ... Elapsed 0.005 sec: Executing the "protocols bgp neighbor 193.201.42.214" ... Elapsed 0.015 sec: Executing the "protocols bgp neighbor 193.201.42.214 description vp-r01" ... Elapsed 0.004 sec: Executing the "protocols bgp neighbor 193.201.42.215" ... Elapsed 0.014 sec: Executing the "protocols bgp neighbor 193.201.42.215 description ha-r01b" ... Elapsed 0.004 sec: Executing the "protocols bgp neighbor 193.201.42.251" ... Elapsed 0.014 sec: Executing the "protocols bgp neighbor 193.201.42.251 description qr-r01b" ... Elapsed 0.004 sec: Executing the "protocols bgp peer-group ITCONSULT" ... Elapsed 0.004 sec: Executing the "protocols bgp peer-group ITCONSULT remote-as 25040" ... Elapsed 0.008 sec: Executing the "protocols bgp peer-group ITCONSULT update-source 193.201.42.250" ... Elapsed 0.015 sec: Executing the "protocols bgp system-as 25040" ... Elapsed 0.008 sec: Executing the "protocols bgp timers holdtime 45" ... Elapsed 0.008 sec: Executing the "protocols bgp timers keepalive 5" ... Elapsed 0.013 sec: Elapsed 0.172 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "protocols bgp" ... Elapsed 1.844 sec: Elapsed 1.844 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "service ntp allow-client address 0.0.0.0/0" ... Elapsed 0.013 sec: Executing the "service ntp allow-client address ::/0" ... Elapsed 0.012 sec: Executing the "service ntp server 193.201.42.81" ... Elapsed 0.013 sec: Executing the "service ntp server 193.201.42.87" ... Elapsed 0.013 sec: Executing the "service ntp server 193.201.42.97" ... Elapsed 0.013 sec: Executing the "service ntp server 193.201.42.103" ... Elapsed 0.013 sec: Elapsed 0.080 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "service ntp" ... Elapsed 1.290 sec: Elapsed 1.290 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Elapsed 0.000 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "qos" ... Elapsed 0.091 sec: Elapsed 0.092 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "service snmp community [redacted]" ... Elapsed 0.006 sec: Executing the "service snmp community [redacted] authorization ro" ... Elapsed 0.005 sec: Executing the "service snmp community [redacted] network 193.201.42.0/24" ... Elapsed 0.012 sec: Elapsed 0.025 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "service snmp" ... Elapsed 3.355 sec: Elapsed 3.355 sec: _commit_exec_cfg_node Entering the _commit_check_cfg_node Executing the "service ssh port 22" ... Elapsed 0.012 sec: Elapsed 0.012 sec: _commit_check_cfg_node Entering the _commit_exec_cfg_node Executing the "service ssh" ... Elapsed 1.095 sec: Elapsed 1.095 sec: _commit_exec_cfg_node Elapsed 28.499 sec: Commit execute priority tree Commit failed itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ sh conf c | strip-private set firewall global-options all-ping 'enable' set firewall global-options broadcast-ping 'disable' set firewall global-options ip-src-route 'disable' set firewall global-options ipv6-receive-redirects 'disable' set firewall global-options ipv6-src-route 'disable' set firewall global-options log-martians 'enable' set firewall global-options receive-redirects 'disable' set firewall global-options send-redirects 'enable' set firewall global-options source-validation 'disable' set firewall global-options syn-cookies 'enable' set firewall global-options twa-hazards-protection 'disable' set firewall group network-group internaladdresses network 'xxx.xxx.42.0/24' set firewall group network-group internaladdresses network 'xxx.xxx.23.0/29' set firewall group network-group internaladdresses network 'xxx.xxx.203.24/29' set firewall group network-group internaladdresses network 'xxx.xxx.69.64/29' set firewall group network-group internaladdresses network 'xxx.xxx.72.64/29' set firewall group network-group internaladdresses network 'xxx.xxx.4.208/29' set firewall group network-group outviajt network 'xxx.xxx.23.0/29' set firewall group network-group outviajt network 'xxx.xxx.4.208/29' set firewall ipv4 input filter default-action 'accept' set firewall ipv4 input filter rule 5 action 'jump' set firewall ipv4 input filter rule 5 inbound-interface name 'eth0.20' set firewall ipv4 input filter rule 5 jump-target 'TO-ROUTER' set firewall ipv4 input filter rule 10 action 'jump' set firewall ipv4 input filter rule 10 inbound-interface name 'pppoe0' set firewall ipv4 input filter rule 10 jump-target 'TO-ROUTER' set firewall ipv4 input filter rule 15 action 'jump' set firewall ipv4 input filter rule 15 inbound-interface name 'vtun1' set firewall ipv4 input filter rule 15 jump-target 'TO-ROUTER' set firewall ipv4 input filter rule 20 action 'jump' set firewall ipv4 input filter rule 20 inbound-interface name 'vtun2' set firewall ipv4 input filter rule 20 jump-target 'TO-ROUTER' set firewall ipv4 input filter rule 25 action 'jump' set firewall ipv4 input filter rule 25 inbound-interface name 'vtun5' set firewall ipv4 input filter rule 25 jump-target 'TO-ROUTER' set firewall ipv4 name TO-ROUTER default-action 'drop' set firewall ipv4 name TO-ROUTER rule 10 action 'return' set firewall ipv4 name TO-ROUTER rule 10 description 'itconsult Local Traffic' set firewall ipv4 name TO-ROUTER rule 10 protocol 'all' set firewall ipv4 name TO-ROUTER rule 10 source address 'xxx.xxx.42.0/24' set firewall ipv4 name TO-ROUTER rule 20 action 'return' set firewall ipv4 name TO-ROUTER rule 20 description 'Foreshore link subnet' set firewall ipv4 name TO-ROUTER rule 20 protocol 'all' set firewall ipv4 name TO-ROUTER rule 20 source address 'xxx.xxx.95.24/29' set firewall ipv4 name TO-ROUTER rule 21 action 'return' set firewall ipv4 name TO-ROUTER rule 21 description 'Foreshore routed subnet' set firewall ipv4 name TO-ROUTER rule 21 protocol 'all' set firewall ipv4 name TO-ROUTER rule 21 source address 'xxx.xxx.69.64/29' set firewall ipv4 name TO-ROUTER rule 30 action 'return' set firewall ipv4 name TO-ROUTER rule 30 description 'Newtel link subnet' set firewall ipv4 name TO-ROUTER rule 30 protocol 'all' set firewall ipv4 name TO-ROUTER rule 30 source address 'xxx.xxx.203.32/29' set firewall ipv4 name TO-ROUTER rule 31 action 'return' set firewall ipv4 name TO-ROUTER rule 31 description 'Newtel link subnet' set firewall ipv4 name TO-ROUTER rule 31 protocol 'all' set firewall ipv4 name TO-ROUTER rule 31 source address 'xxx.xxx.203.24/29' set firewall ipv4 name TO-ROUTER rule 40 action 'return' set firewall ipv4 name TO-ROUTER rule 40 description 'JT link subnet' set firewall ipv4 name TO-ROUTER rule 40 protocol 'all' set firewall ipv4 name TO-ROUTER rule 40 source address 'xxx.xxx.4.208/29' set firewall ipv4 name TO-ROUTER rule 41 action 'return' set firewall ipv4 name TO-ROUTER rule 41 description 'JT routed subnet' set firewall ipv4 name TO-ROUTER rule 41 protocol 'all' set firewall ipv4 name TO-ROUTER rule 41 source address 'xxx.xxx.23.0/29' set firewall ipv4 name TO-ROUTER rule 42 action 'return' set firewall ipv4 name TO-ROUTER rule 42 description 'JT BGP peers' set firewall ipv4 name TO-ROUTER rule 42 protocol 'all' set firewall ipv4 name TO-ROUTER rule 42 source address 'xxx.xxx.12.56/31' set firewall ipv4 name TO-ROUTER rule 43 action 'return' set firewall ipv4 name TO-ROUTER rule 43 description 'JT BGP peers' set firewall ipv4 name TO-ROUTER rule 43 protocol 'all' set firewall ipv4 name TO-ROUTER rule 43 source address 'xxx.xxx.102.192/29' set firewall ipv4 name TO-ROUTER rule 46 action 'return' set firewall ipv4 name TO-ROUTER rule 46 description 'qr broadband' set firewall ipv4 name TO-ROUTER rule 46 protocol 'all' set firewall ipv4 name TO-ROUTER rule 46 source address 'xxx.xxx.27.93/32' set firewall ipv4 name TO-ROUTER rule 47 action 'return' set firewall ipv4 name TO-ROUTER rule 47 description 'vp-r01a' set firewall ipv4 name TO-ROUTER rule 47 protocol 'all' set firewall ipv4 name TO-ROUTER rule 47 source address 'xxx.xxx.63.136/32' set firewall ipv4 name TO-ROUTER rule 50 action 'return' set firewall ipv4 name TO-ROUTER rule 50 description 'ssh from m70' set firewall ipv4 name TO-ROUTER rule 50 destination port 'ssh' set firewall ipv4 name TO-ROUTER rule 50 protocol 'tcp' set firewall ipv4 name TO-ROUTER rule 50 source address 'xxx.xxx.144.150/32' set firewall ipv4 name TO-ROUTER rule 51 action 'return' set firewall ipv4 name TO-ROUTER rule 51 description 'ssh from m72' set firewall ipv4 name TO-ROUTER rule 51 destination port 'ssh' set firewall ipv4 name TO-ROUTER rule 51 protocol 'tcp' set firewall ipv4 name TO-ROUTER rule 51 source address 'xxx.xxx.34.123/32' set firewall ipv4 name TO-ROUTER rule 60 action 'return' set firewall ipv4 name TO-ROUTER rule 60 description 'VRRP' set firewall ipv4 name TO-ROUTER rule 60 destination address 'xxx.xxx.0.18' set firewall ipv4 name TO-ROUTER rule 60 protocol '112' set firewall ipv4 name TO-ROUTER rule 70 action 'return' set firewall ipv4 name TO-ROUTER rule 70 description 'IPSEC UDP' set firewall ipv4 name TO-ROUTER rule 70 destination port '500,4500,1701' set firewall ipv4 name TO-ROUTER rule 70 protocol 'udp' set firewall ipv4 name TO-ROUTER rule 80 action 'return' set firewall ipv4 name TO-ROUTER rule 80 description 'IPSEC ESP' set firewall ipv4 name TO-ROUTER rule 80 protocol 'esp' set firewall ipv4 name TO-ROUTER rule 100 action 'return' set firewall ipv4 name TO-ROUTER rule 100 description 'DHCP' set firewall ipv4 name TO-ROUTER rule 100 destination port 'bootps' set firewall ipv4 name TO-ROUTER rule 100 protocol 'udp' set firewall ipv4 name TO-ROUTER rule 401 action 'return' set firewall ipv4 name TO-ROUTER rule 401 description 'wireguard re lvg-r01' set firewall ipv4 name TO-ROUTER rule 401 destination port '51820' set firewall ipv4 name TO-ROUTER rule 401 protocol 'udp' set firewall ipv4 name TO-ROUTER rule 401 source address 'xxx.xxx.69.0/24' set firewall ipv4 name TO-ROUTER rule 402 action 'return' set firewall ipv4 name TO-ROUTER rule 402 description 'wireguard re lvg-r01' set firewall ipv4 name TO-ROUTER rule 402 destination port '51820' set firewall ipv4 name TO-ROUTER rule 402 protocol 'udp' set firewall ipv4 name TO-ROUTER rule 402 source address 'xxx.xxx.70.0/24' set firewall ipv4 name TO-ROUTER rule 996 action 'return' set firewall ipv4 name TO-ROUTER rule 996 description 'ICMP Throughout' set firewall ipv4 name TO-ROUTER rule 996 protocol 'icmp' set firewall ipv4 name TO-ROUTER rule 999 action 'reject' set firewall ipv4 name TO-ROUTER rule 999 description 'Block' set firewall ipv4 name TO-ROUTER rule 999 protocol 'all' set high-availability vrrp group eth0.20-20 address xxx.xxx.42.170/28 set high-availability vrrp group eth0.20-20 advertise-interval '1' set high-availability vrrp group eth0.20-20 interface 'eth0.20' set high-availability vrrp group eth0.20-20 priority '150' set high-availability vrrp group eth0.20-20 vrid '20' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:24' set interfaces ethernet eth0 offload gro set interfaces ethernet eth0 offload gso set interfaces ethernet eth0 offload sg set interfaces ethernet eth0 offload tso set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth0 vif 20 address 'xxx.xxx.42.168/28' set interfaces ethernet eth0 vif 20 description 'Hatherley Backbone' set interfaces ethernet eth0 vif 122 description 'ONT 509001' set interfaces loopback lo address 'xxx.xxx.42.250/32' set interfaces openvpn vtun1 description 'qr-r01a bb - ha-r01a bb' set interfaces openvpn vtun1 disable set interfaces openvpn vtun1 encryption cipher 'aes256' set interfaces openvpn vtun1 hash 'sha256' set interfaces openvpn vtun1 local-address xxx.xxx.42.146 subnet-mask 'xxx.xxx.255.252' set interfaces openvpn vtun1 mode 'site-to-site' set interfaces openvpn vtun1 remote-address 'xxx.xxx.42.145' set interfaces openvpn vtun1 remote-host 'xxx.xxx.27.93' set interfaces openvpn vtun1 shared-secret-key 'openvpn_vtun1_shared' set interfaces openvpn vtun2 description 'qr-r01b foreshore - ha-r01a bb' set interfaces openvpn vtun2 disable set interfaces openvpn vtun2 encryption cipher 'aes256' set interfaces openvpn vtun2 hash 'sha256' set interfaces openvpn vtun2 local-address xxx.xxx.42.150 subnet-mask 'xxx.xxx.255.252' set interfaces openvpn vtun2 local-port '1195' set interfaces openvpn vtun2 mode 'site-to-site' set interfaces openvpn vtun2 remote-address 'xxx.xxx.42.149' set interfaces openvpn vtun2 remote-host 'xxx.xxx.95.29' set interfaces openvpn vtun2 remote-port '1195' set interfaces openvpn vtun2 shared-secret-key 'openvpn_vtun2_shared' set interfaces openvpn vtun5 description 'vp-r01 - broadband' set interfaces openvpn vtun5 disable set interfaces openvpn vtun5 encryption cipher 'aes256' set interfaces openvpn vtun5 hash 'sha256' set interfaces openvpn vtun5 local-address xxx.xxx.42.241 subnet-mask 'xxx.xxx.255.252' set interfaces openvpn vtun5 local-port '1198' set interfaces openvpn vtun5 mode 'site-to-site' set interfaces openvpn vtun5 remote-address 'xxx.xxx.42.242' set interfaces openvpn vtun5 remote-host 'xxx.xxx.63.136' set interfaces openvpn vtun5 remote-port '1198' set interfaces openvpn vtun5 shared-secret-key 'openvpn_vtun5_shared' set interfaces pppoe pppoe0 authentication password xxxxxx set interfaces pppoe pppoe0 authentication username xxxxxx set interfaces pppoe pppoe0 mtu '1492' set interfaces pppoe pppoe0 no-default-route set interfaces pppoe pppoe0 no-peer-dns set interfaces pppoe pppoe0 source-interface 'eth0.122' set interfaces wireguard wg09 address 'xxx.xxx.136.237/30' set interfaces wireguard wg09 description 'lvg-r01 via JT Broadband/Airtel' set interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 'xxx.xxx.0.0/0' set interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive '25' set interfaces wireguard wg09 peer to-lvg-r01 public-key 'CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo=' set interfaces wireguard wg09 port '51820' set interfaces wireguard wg09 private-key xxxxxx set pki openvpn shared-secret xxxxxx key xxxxxx set pki openvpn shared-secret xxxxxx version '1' set pki openvpn shared-secret xxxxxx key xxxxxx set pki openvpn shared-secret xxxxxx version '1' set pki openvpn shared-secret xxxxxx key xxxxxx set pki openvpn shared-secret xxxxxx version '1' set policy as-path-list itconsult rule 10 action 'permit' set policy as-path-list itconsult rule 10 regex '^$' set policy prefix-list default-route rule 10 action 'permit' set policy prefix-list default-route rule 10 prefix 'xxx.xxx.0.0/0' set policy prefix-list itconsult-aggregated rule 10 action 'permit' set policy prefix-list itconsult-aggregated rule 10 prefix 'xxx.xxx.42.0/24' set policy prefix-list rfc1918 rule 10 action 'permit' set policy prefix-list rfc1918 rule 10 prefix 'xxx.xxx.0.0/8' set policy prefix-list rfc1918 rule 11 action 'permit' set policy prefix-list rfc1918 rule 11 ge '9' set policy prefix-list rfc1918 rule 11 prefix 'xxx.xxx.0.0/8' set policy prefix-list rfc1918 rule 20 action 'permit' set policy prefix-list rfc1918 rule 20 prefix 'xxx.xxx.0.0/12' set policy prefix-list rfc1918 rule 21 action 'permit' set policy prefix-list rfc1918 rule 21 ge '13' set policy prefix-list rfc1918 rule 21 prefix 'xxx.xxx.0.0/12' set policy prefix-list rfc1918 rule 30 action 'permit' set policy prefix-list rfc1918 rule 30 prefix 'xxx.xxx.0.0/16' set policy prefix-list rfc1918 rule 31 action 'permit' set policy prefix-list rfc1918 rule 31 ge '17' set policy prefix-list rfc1918 rule 31 prefix 'xxx.xxx.0.0/16' set policy route outviajt interface 'eth0.20' set policy route outviajt rule 10 description 'Internal Traffic' set policy route outviajt rule 10 destination group network-group 'internaladdresses' set policy route outviajt rule 10 set table 'main' set policy route outviajt rule 10 source group network-group 'outviajt' set policy route outviajt rule 20 description 'Out via JT' set policy route outviajt rule 20 set table '1' set policy route outviajt rule 20 source group network-group 'outviajt' set policy route outviajt rule 30 description 'Normal Traffic' set policy route outviajt rule 30 set table 'main' set policy route-map bgp-local-no-export rule 10 action 'permit' set policy route-map bgp-local-no-export rule 10 set set policy route-map bgp-no-advertise rule 10 action 'deny' set policy route-map static-to-ospf rule 10 action 'permit' set policy route-map static-to-ospf rule 10 description 'Redistribute default route' set policy route-map static-to-ospf rule 10 match ip address prefix-list 'default-route' set policy route-map static-to-ospf rule 20 action 'deny' set policy route-map static-to-ospf rule 20 description 'Do not resistribute anything else' set protocols bgp address-family ipv4-unicast aggregate-address xxx.xxx.42.0/24 set protocols bgp address-family ipv4-unicast network xxx.xxx.42.250/32 route-map 'bgp-local-no-export' set protocols bgp neighbor xxx.xxx.42.213 address-family ipv4-unicast set protocols bgp neighbor xxx.xxx.42.213 description 'qr-r01a' set protocols bgp neighbor xxx.xxx.42.213 peer-group 'ITCONSULT' set protocols bgp neighbor xxx.xxx.42.214 address-family ipv4-unicast set protocols bgp neighbor xxx.xxx.42.214 description 'vp-r01' set protocols bgp neighbor xxx.xxx.42.214 peer-group 'ITCONSULT' set protocols bgp neighbor xxx.xxx.42.215 address-family ipv4-unicast set protocols bgp neighbor xxx.xxx.42.215 description 'ha-r01b' set protocols bgp neighbor xxx.xxx.42.215 peer-group 'ITCONSULT' set protocols bgp neighbor xxx.xxx.42.251 address-family ipv4-unicast set protocols bgp neighbor xxx.xxx.42.251 description 'qr-r01b' set protocols bgp neighbor xxx.xxx.42.251 peer-group 'ITCONSULT' set protocols bgp parameters log-neighbor-changes set protocols bgp parameters no-fast-external-failover set protocols bgp peer-group ITCONSULT remote-as '25040' set protocols bgp peer-group ITCONSULT update-source 'xxx.xxx.42.250' set protocols bgp system-as '25040' set protocols bgp timers holdtime '45' set protocols bgp timers keepalive '5' set protocols static route xxx.xxx.0.0/0 blackhole distance '210' set protocols static route xxx.xxx.63.136/32 interface pppoe0 set protocols static route xxx.xxx.69.0/24 interface pppoe0 set protocols static route xxx.xxx.70.0/24 interface pppoe0 set protocols static route xxx.xxx.42.0/24 blackhole distance '210' set protocols static route xxx.xxx.42.188/32 next-hop xxx.xxx.42.171 set protocols static route xxx.xxx.12.56/31 interface pppoe0 set protocols static route xxx.xxx.27.93/32 interface pppoe0 set protocols static route xxx.xxx.95.29/32 interface pppoe0 set protocols static table 1 route xxx.xxx.0.0/0 interface pppoe0 set qos policy set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0' set service ntp allow-client xxxxxx '::/0' set service ntp server xxxxx.tld set service ntp server xxxxx.tld set service ntp server xxxxx.tld set service ntp server xxxxx.tld set service snmp community [redacted] authorization 'ro' set service snmp community [redacted] network 'xxx.xxx.42.0/24' set service ssh port '22' set system config-management commit-revisions '20' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system domain-name xxxxxx set system host-name xxxxxx set system login banner post-login '' set system login banner pre-login '' set system login user xxxxxx authentication encrypted-password xxxxxx set system login user xxxxxx authentication plaintext-password xxxxxx set system name-server 'xxx.xxx.42.9' set system name-server 'xxx.xxx.42.130' set system syslog global facility all level 'debug' set system syslog global facility local7 level 'debug' set system syslog host xxx.xxx.42.2 facility all level 'debug' set system time-zone 'GB' itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ sh int Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------------------------- eth0 - 00:16:3e:e0:be:24 default 1500 u/u eth0.20 193.201.42.168/28 00:16:3e:e0:be:24 default 1500 u/u Hatherley Backbone 193.201.42.170/28 eth0.122 - 00:16:3e:e0:be:24 default 1500 u/u ONT 509001 lo 127.0.0.1/8 00:00:00:00:00:00 default 65536 u/u 193.201.42.250/32 ::1/128 pppoe0 212.9.10.53/32 n/a default 1492 u/u wg09 10.193.136.237/30 n/a default 1420 u/u lvg-r01 via JT Broadband/Airtel itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ conf WARNING: There was a config error on boot: saving the configuration now could overwrite data. You may want to check and reload the boot config [edit] itconsult@ha-r01a# load Loading configuration from 'config.boot' Load complete. Use 'commit' to make changes effective. [edit] itconsult@ha-r01a# sh | strip-private firewall { global-options { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable receive-redirects disable send-redirects enable source-validation disable syn-cookies enable twa-hazards-protection disable } group { network-group internaladdresses { network xxx.xxx.42.0/24 network xxx.xxx.23.0/29 network xxx.xxx.203.24/29 network xxx.xxx.69.64/29 network xxx.xxx.72.64/29 network xxx.xxx.4.208/29 } network-group outviajt { network xxx.xxx.23.0/29 network xxx.xxx.4.208/29 } } ipv4 { input { filter { default-action accept rule 5 { action jump inbound-interface { name eth0.20 } jump-target TO-ROUTER } rule 10 { action jump inbound-interface { name pppoe0 } jump-target TO-ROUTER } rule 15 { action jump inbound-interface { name vtun1 } jump-target TO-ROUTER } rule 20 { action jump inbound-interface { name vtun2 } jump-target TO-ROUTER } rule 25 { action jump inbound-interface { name vtun5 } jump-target TO-ROUTER } } } name TO-ROUTER { default-action drop rule 10 { action return description "itconsult Local Traffic" protocol all source { address xxx.xxx.42.0/24 } } rule 20 { action return description "Foreshore link subnet" protocol all source { address xxx.xxx.95.24/29 } } rule 21 { action return description "Foreshore routed subnet" protocol all source { address xxx.xxx.69.64/29 } } rule 30 { action return description "Newtel link subnet" protocol all source { address xxx.xxx.203.32/29 } } rule 31 { action return description "Newtel link subnet" protocol all source { address xxx.xxx.203.24/29 } } rule 40 { action return description "JT link subnet" protocol all source { address xxx.xxx.4.208/29 } } rule 41 { action return description "JT routed subnet" protocol all source { address xxx.xxx.23.0/29 } } rule 42 { action return description "JT BGP peers" protocol all source { address xxx.xxx.12.56/31 } } rule 43 { action return description "JT BGP peers" protocol all source { address xxx.xxx.102.192/29 } } rule 46 { action return description "qr broadband" protocol all source { address xxx.xxx.27.93/32 } } rule 47 { action return description vp-r01a protocol all source { address xxx.xxx.63.136/32 } } rule 50 { action return description "ssh from m70" destination { port ssh } protocol tcp source { address xxx.xxx.144.150/32 } } rule 51 { action return description "ssh from m72" destination { port ssh } protocol tcp source { address xxx.xxx.34.123/32 } } rule 60 { action return description VRRP destination { address xxx.xxx.0.18 } protocol 112 } rule 70 { action return description "IPSEC UDP" destination { port 500,4500,1701 } protocol udp } rule 80 { action return description "IPSEC ESP" protocol esp } rule 100 { action return description DHCP destination { port bootps } protocol udp } rule 401 { action return description "wireguard re lvg-r01" destination { port 51820 } protocol udp source { address xxx.xxx.69.0/24 } } rule 402 { action return description "wireguard re lvg-r01" destination { port 51820 } protocol udp source { address xxx.xxx.70.0/24 } } rule 996 { action return description "ICMP Throughout" protocol icmp } rule 999 { action reject description Block protocol all } } } } high-availability { vrrp { group eth0.20-20 { address xxx.xxx.42.170/28 { } advertise-interval 1 interface eth0.20 priority 150 vrid 20 } } } interfaces { ethernet eth0 { duplex auto hw-id xx:xx:xx:xx:xx:24 offload { gro gso sg tso } speed auto vif 20 { address xxx.xxx.42.168/28 description "Hatherley Backbone" } vif 122 { description "ONT 509001" } } loopback lo { address xxx.xxx.42.250/32 } openvpn vtun1 { description "qr-r01a bb - ha-r01a bb" disable encryption { cipher aes256 } hash sha256 local-address xxx.xxx.42.146 { subnet-mask xxx.xxx.255.252 } mode site-to-site remote-address xxx.xxx.42.145 remote-host xxxxx.tld shared-secret-key openvpn_vtun1_shared } openvpn vtun2 { description "qr-r01b foreshore - ha-r01a bb" disable encryption { cipher aes256 } hash sha256 local-address xxx.xxx.42.150 { subnet-mask xxx.xxx.255.252 } local-port 1195 mode site-to-site remote-address xxx.xxx.42.149 remote-host xxxxx.tld remote-port 1195 shared-secret-key openvpn_vtun2_shared } openvpn vtun5 { description "vp-r01 - broadband" disable encryption { cipher aes256 } hash sha256 local-address xxx.xxx.42.241 { subnet-mask xxx.xxx.255.252 } local-port 1198 mode site-to-site remote-address xxx.xxx.42.242 remote-host xxxxx.tld remote-port 1198 shared-secret-key openvpn_vtun5_shared } pppoe pppoe0 { authentication { password xxxxxx username xxxxxx } mtu 1492 no-default-route no-peer-dns source-interface eth0.122 } wireguard wg09 { address xxx.xxx.136.237/30 description "lvg-r01 via JT Broadband/Airtel" peer to-lvg-r01 { allowed-ips xxx.xxx.0.0/0 persistent-keepalive 25 public-key CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo= } port 51820 private-key xxxxxx } } pki { openvpn { shared-secret xxxxxx { key xxxxxx version 1 } shared-secret xxxxxx { key xxxxxx version 1 } shared-secret xxxxxx { key xxxxxx version 1 } } } policy { as-path-list itconsult { rule 10 { action permit regex ^$ } } prefix-list default-route { rule 10 { action permit prefix xxx.xxx.0.0/0 } } prefix-list itconsult-aggregated { rule 10 { action permit prefix xxx.xxx.42.0/24 } } prefix-list rfc1918 { rule 10 { action permit prefix xxx.xxx.0.0/8 } rule 11 { action permit ge 9 prefix xxx.xxx.0.0/8 } rule 20 { action permit prefix xxx.xxx.0.0/12 } rule 21 { action permit ge 13 prefix xxx.xxx.0.0/12 } rule 30 { action permit prefix xxx.xxx.0.0/16 } rule 31 { action permit ge 17 prefix xxx.xxx.0.0/16 } } route outviajt { interface eth0.20 rule 10 { description "Internal Traffic" destination { group { network-group internaladdresses } } set { table main } source { group { network-group outviajt } } } rule 20 { description "Out via JT" set { table 1 } source { group { network-group outviajt } } } rule 30 { description "Normal Traffic" set { table main } } } route-map bgp-local-no-export { rule 10 { action permit set { } } } route-map bgp-no-advertise { rule 10 { action deny } } route-map static-to-ospf { rule 10 { action permit description "Redistribute default route" match { ip { address { prefix-list default-route } } } } rule 20 { action deny description "Do not resistribute anything else" } } } protocols { bgp { address-family { ipv4-unicast { aggregate-address xxx.xxx.42.0/24 { } network xxx.xxx.42.250/32 { route-map bgp-local-no-export } } } neighbor xxx.xxx.42.213 { address-family { ipv4-unicast { } } description qr-r01a peer-group ITCONSULT } neighbor xxx.xxx.42.214 { address-family { ipv4-unicast { } } description vp-r01 peer-group ITCONSULT } neighbor xxx.xxx.42.215 { address-family { ipv4-unicast { } } description ha-r01b peer-group ITCONSULT } neighbor xxx.xxx.42.251 { address-family { ipv4-unicast { } } description qr-r01b peer-group ITCONSULT } parameters { log-neighbor-changes no-fast-external-failover } peer-group ITCONSULT { remote-as XXXXXX update-source xxx.xxx.42.250 } system-as 25040 timers { holdtime 45 keepalive 5 } } + ospf { + area 0 { + area-type { + normal + } + network xxx.xxx.42.160/28 + network xxx.xxx.42.250/32 + network xxx.xxx.42.156/30 + network xxx.xxx.42.200/30 + network xxx.xxx.42.144/30 + network xxx.xxx.42.148/30 + network xxx.xxx.42.240/30 + network xxx.xxx.136.236/30 + } + default-information { + originate { + metric 10 + metric-type 1 + } + } + interface eth0.20 { + cost 10 + dead-interval 4 + hello-interval 1 + priority 120 + retransmit-interval 5 + transmit-delay 1 + } + interface vtun1 { + cost 20 + dead-interval 4 + hello-interval 1 + network point-to-point + priority 1 + retransmit-interval 5 + transmit-delay 1 + } + interface vtun2 { + cost 40 + dead-interval 4 + hello-interval 1 + network point-to-point + priority 1 + retransmit-interval 5 + transmit-delay 1 + } + interface vtun5 { + cost 65 + dead-interval 4 + hello-interval 1 + network point-to-point + priority 1 + retransmit-interval 5 + transmit-delay 1 + } + interface wg09 { + dead-interval 4 + hello-interval 1 + network point-to-point + priority 1 + retransmit-interval 5 + transmit-delay 1 + } + log-adjacency-changes { + detail + } + redistribute { + static { + metric-type 2 + route-map static-to-ospf + } + } + } static { route xxx.xxx.0.0/0 { blackhole { distance 210 } } route xxx.xxx.63.136/32 { interface pppoe0 { } } route xxx.xxx.69.0/24 { interface pppoe0 { } } route xxx.xxx.70.0/24 { interface pppoe0 { } } route xxx.xxx.42.0/24 { blackhole { distance 210 } } - route xxx.xxx.42.188/32 { - next-hop xxx.xxx.42.171 { - } - } route xxx.xxx.12.56/31 { interface pppoe0 { } } route xxx.xxx.27.93/32 { interface pppoe0 { } } route xxx.xxx.95.29/32 { interface pppoe0 { } } table 1 { route xxx.xxx.0.0/0 { interface pppoe0 { } } } } } qos { policy { } } service { ntp { allow-client xxxxxx address xxx.xxx.0.0/0 address ::/0 } server xxxxx.tld { } server xxxxx.tld { } server xxxxx.tld { } server xxxxx.tld { } } snmp { community [redacted] { authorization ro network xxx.xxx.42.0/24 } } ssh { port 22 } } system { config-management { commit-revisions 20 } conntrack { modules { ftp h323 nfs pptp sip sqlnet tftp } } domain-name xxxxxx host-name xxxxxx login { banner { post-login "" pre-login "" } user xxxxxx { authentication { encrypted-password xxxxxx plaintext-password xxxxxx } } } name-server xxx.xxx.42.9 name-server xxx.xxx.42.130 syslog { global { facility all { level debug } facility local7 { level debug } } host xxx.xxx.42.2 { facility all { level debug } } } time-zone GB } [edit] itconsult@ha-r01a# exit discard exit itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ itconsult@ha-r01a:~$ conf WARNING: There was a config error on boot: saving the configuration now could overwrite data. You may want to check and reload the boot config [edit] itconsult@ha-r01a# load Loading configuration from 'config.boot' Load complete. Use 'commit' to make changes effective. [edit] itconsult@ha-r01a# commit Interface "vtun1" does not exist! [[protocols ospf]] failed Commit failed [edit] itconsult@ha-r01a# [edit] itconsult@ha-r01a# [edit] itconsult@ha-r01a# [edit] itconsult@ha-r01a# [edit] itconsult@ha-r01a# [edit] itconsult@ha-r01a# exit Cannot exit: configuration modified. Use 'exit discard' to discard the changes and exit. [edit] itconsult@ha-r01a# exit discard exit itconsult@ha-r01a:~$