User Details
- User Since
- Mar 4 2019, 8:50 PM (211 w, 6 d)
- Roles
- Administrator
Oct 5 2022
Update: latest rolling has a bit different syntax. I think users just not migrated properly on update. After adding
set service ipoe-server authentication interface eth1.50 mac 00:50:79:66:68:03 set service ipoe-server authentication interface eth1.51 mac 00:50:79:66:68:04
I see that chap-secrets file generated properly and users getsIPs
[email protected]# sudo cat /run/accel-pppd/ipoe.chap-secrets # username server password acceptable local IP addresses shaper eth1.50 * 00:50:79:66:68:03 * eth1.51 * 00:50:79:66:68:04 [email protected]# run show ipoe-server sessions ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime --------+----------+-------------------+-------------+------------+------+------+--------+---------- ipoe0 | eth1.50 | 00:50:79:66:68:03 | 172.16.50.2 | | ipoe | | active | 00:05:21 ipoe1 | eth1.51 | 00:50:79:66:68:04 | 172.16.98.2 | | ipoe | | active | 00:03:43
This issue also present in 1.3.0-1.3.2. Latest rolling 1.4-rolling-202210040218 also affected, it has empty user list in chap-secrets
[email protected]:~$ sudo cat /run/accel-pppd/ipoe.chap-secrets # username server password acceptable local IP addresses shaper [email protected]:~$
Oct 4 2022
Jul 18 2022
As I know we have not access by level for now, maybe we should keep shell:priv-lvl=15 by default?
Jul 13 2022
The similar issue and for the 1.3.1-S1
[email protected]# run show version
Jul 12 2022
Hi, but one more thing related NAT and VRF in 1.4 rolling. As you know it uses NF MAP, to isolate conntrack tables, so we need to create some design to fix this moment. Matbe with adding some mark
Jul 11 2022
Today I tested VRF route leaking and NAT. It works on 1.3.1-S1. Simple configuration:
Jul 9 2022
@Viacheslav, thanks.
Already fixed in roling
[email protected]# set service pppoe-server interface eth0 vlan-range Possible completions: start-end VLAN monitor range for the automatic creation of vlans (e.g. 1-4094)
Jun 5 2022
@NikolayP , Looks like MTU and MPPE issue. Stoping daemon does not related to this I think.
Feb 16 2022
Tested on 1.4-rolling-202202150317 and 1.3.0, all works
Feb 15 2022
PR for equuleus https://github.com/vyos/vyos-1x/pull/1222
Sorry, it works properly only for not PD. Looks like is not backported to equuleus
Client-side configuration to reproduce
set interfaces ethernet eth0 address 'dhcpv6' set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1' set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0' set interfaces ethernet eth0 dhcpv6-options pd 0 length '64'
On server-side we get the same backtrace
[email protected]# run show dhcpv6 server leases Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 209, in <module> leases = get_leases(conf, lease_file, args.state, args.pool, args.sort) File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in get_leases leases = sorted(leases, key = lambda k: int(ip_address(k['ip']))) File "/usr/libexec/vyos/op_mode/show_dhcpv6.py", line 142, in <lambda> leases = sorted(leases, key = lambda k: int(ip_address(k['ip']))) File "/usr/lib/python3.7/ipaddress.py", line 54, in ip_address address) ValueError: '2001:db8:290::/64' does not appear to be an IPv4 or IPv6 address
Tested on VyOS version 1.3.0, works properly
[email protected]# run show version | match Version Version: VyOS 1.3.0 [edit] [email protected]# run show dhcpv6 server leases IPv6 address State Last communication Lease expiration Remaining Type Pool IAID_DUID ------------------ ------- -------------------- ------------------- ----------- ------------- ----------- ----------------------------------------------------------------- 2001:db8:3456::187 active 2022/02/15 09:28:10 2022/02/15 21:28:10 11:58:28 non-temporary VyOS-DHCPv6 00:00:00:00:00:04:79:76:62:99:23:ad:43:fb:9c:5b:1c:1e:59:4b:58:01
Hi @hensur , I'm sure that this code should be moved to python implementation, patches for the legacy vyatta-cfg-qos will be rejected.
First of all, need to create CLI XML definition
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#xml-used-for-cli-definitions
and then create backend in python to process CLI commands
https://docs.vyos.io/en/equuleus/contributing/development.html?xml-used-for-cli-definitions#configuration-script-structure-and-behaviour
Feb 14 2022
@n.fort it is possible with conntrackd logging option syslog
sudo rm /etc/systemd/system/conntrackd.service.d/override.conf
edit nano /etc/conntrackd/conntrackd.conf and add Syslog on in General section, then restart conntrackd service.
After that you will get messages
conntrack-tools[5097]: udp 17 src=100.64.0.3 dst=1.1.1.1 sport=41900 dport=53 src=1.1.1.1 dst=198.51.100.1 sport=53 dport=41900
Feb 4 2022
@jestabro you are right. Adding no_tag_node_value_mangle=True will fix this issue.
https://github.com/vyos/vyos-1x/blob/ec13cac66ba612ecc36053158c7517c8fe993547/src/system/keepalived-fifo.py#L73-L74
self.vrrp_config_dict = conf.get_config_dict(base,
key_mangling=('-', '_'), get_first_key=True,
no_tag_node_value_mangle=True)Feb 2 2022
Jan 24 2022
PR current - https://github.com/vyos/vyos-build/pull/214
PR equuleus - https://github.com/vyos/vyos-build/pull/215
Jan 18 2022
Looks like I see the same issue for 1.3.0. Reproducing steps:
set interfaces ethernet eth1 address 'dhcp' set protocols static table 1 route 0.0.0.0/0 dhcp-interface eth1
Jan 12 2022
Jan 11 2022
Jan 6 2022
Jan 4 2022
Dec 30 2021
Dec 29 2021
Related task https://phabricator.vyos.net/T4119
Dec 21 2021
I think this is the limitation with the Linux interface name, it should not be higher than 16 characters. In you config I see, as an example (bond0.995.130 = 13 chars and additional part .100 = 4) = 17
I know how we can fix it manually, but I'm not sure that it is a good idea.
Accel-PPP supports name changing for created interface by vlan_mon module
[pppoe] vlan-name=e0.%P.%N interface=re:^e0\.\d+\.\d+
you can try to change this manually (edit /run/accel-ppp/pppoe.conf) and restart pppoe-server
Dec 19 2021
Dec 17 2021
Yes, but sync-groups dont have health-check scripts.
The best solution, in this case, is to implement health-check features for sync-group and do migration script.
We should not use health-check configured for a group if this group belongs to a sync-group
Dec 16 2021
When sync group configure the keepalived report to log, looks like we need to use this script on sync_group
Dec 16 15:22:53 vyos Keepalived_vrrp[4766]: Warning - script healthcheck_XXX is not used
Dec 15 2021
@GallySoft could you please share your configuration commands?
Is S-VLAN 995 and C-VLAN 2092 as an example configured on the bond0 interface?
Hi @GallySoft, this fix is still not in 1.3. Try to test it on 1.4 fresh rollings.
Dec 9 2021
Dec 7 2021
Dec 6 2021
I believe that CLI should protect a user and deny him to shoot in his leg. In any case, we cannot guarantee a successful update if the script will not be migrated
We definitely have to delete enable_script_security from https://github.com/vyos/vyos-1x/blob/current/data/templates/vrrp/keepalived.conf.tmpl#L10
Dec 4 2021
Also, I propose to add missing 'space' to header
[email protected]:~$ show pppoe-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes ---------+----------+---------------+-----+--------+-------------------+------------+--------+----------+-----------+----------
Easy to fix here https://github.com/vyos/vyos-1x/blob/current/src/op_mode/ppp-server-ctrl.py#L63
replace to print(f' {output}')
Dec 3 2021
Related task https://phabricator.vyos.net/T3546
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1094
Dec 2 2021
Dec 1 2021
Nov 29 2021
Nov 26 2021
23:05:52 DEBUG - Running Testcase: /usr/libexec/vyos/tests/smoke/cli/test_vpn_openconnect.py 23:06:04 DEBUG - test_vpn (__main__.TestVpnOpenconnect) ... ok 23:06:07 DEBUG - 23:06:07 DEBUG - ---------------------------------------------------------------------- 23:06:07 DEBUG - Ran 1 test in 11.396s 23:06:07 DEBUG - 23:06:07 DEBUG - OK 23:06:07 DEBUG - Running Testcase: /usr/libexec/vyos/tests/smoke/cli/test_vpn_sstp.py 23:06:22 DEBUG - test_accel_local_authentication (__main__.TestVPNSSTPServer) ... ok 23:06:28 DEBUG - test_accel_name_servers (__main__.TestVPNSSTPServer) ... ok 23:06:38 DEBUG - test_accel_radius_authentication (__main__.TestVPNSSTPServer) ... ok 23:06:40 DEBUG - 23:06:41 DEBUG - ---------------------------------------------------------------------- 23:06:41 DEBUG - Ran 3 tests in 32.454s 23:06:41 DEBUG - 23:06:41 DEBUG - OK
Nov 24 2021
Now certificate files existing should be checked via validator name="file-exists" which was fixed T3695
PR https://github.com/vyos/vyos-1x/pull/1082
Also, fixed certificate files check. PR https://github.com/vyos/vyos-1x/pull/1081
Nov 23 2021
PR fo equuleus https://github.com/vyos/vyos-build/pull/205
PR for current https://github.com/vyos/vyos-build/pull/204
Nov 22 2021
PR ready for current https://github.com/vyos/vyos-1x/pull/1076
Nov 20 2021
Nov 15 2021
Nov 11 2021
This issue should be fixed after these changes https://phabricator.vyos.net/T1970 (udevadm settle)
Tested on EdgeCore SAF51015I with generic ISOs.
Does not possible to reproduce this behavior on 1.3-epa3.