Page MenuHomeVyOS Platform

Magnum (Marcus Hoff)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 7 2020, 11:36 AM (232 w, 6 d)

Recent Activity

Oct 26 2020

Magnum created T3018: Unclear behaviour when configuring vif and vif-s interfaces.
Oct 26 2020, 1:07 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Oct 22 2020

Magnum closed T2906: OpenVPN: tls-auth missing key direction as Resolved.

Tested creation on both server and client.
OpenVPN conf file is contains the key-direction
Server and client can connect correctly.

Oct 22 2020, 7:10 AM · VyOS 1.3 Equuleus (1.3.0), openvpn

Oct 21 2020

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Also, while setting up test for T2906:

Oct 21 2020, 2:02 PM · VyOS 1.3 Equuleus (1.3.0)
Magnum claimed T2906: OpenVPN: tls-auth missing key direction.

No problem

Oct 21 2020, 1:52 PM · VyOS 1.3 Equuleus (1.3.0), openvpn
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

I can see why the smoketests pass. They only check if the interface has been removed from the config - not the system.

Oct 21 2020, 1:41 PM · VyOS 1.3 Equuleus (1.3.0)

Oct 19 2020

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Just tested with:
https://github.com/vyos/vyos-1x/commit/85cc735b05be109e6daa5403efa4122b8b6e79d2

Oct 19 2020, 12:28 PM · VyOS 1.3 Equuleus (1.3.0)
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

No, I'm running this commit:
https://github.com/vyos/vyos-1x/commit/029f9839c21317ec5959b331eee25da472d08dc1

Oct 19 2020, 10:50 AM · VyOS 1.3 Equuleus (1.3.0)
Magnum reopened T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit, a subtask of T1579: Rewrite all interface types in new XML/Python style, as In progress.
Oct 19 2020, 10:16 AM · VyOS 1.3 Equuleus (1.3.0)
Magnum reopened T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit as "In progress".

I spoke to soon.
The interfaces are very persistant now - when you delete the vtun interface it doesn't get taken down!

Oct 19 2020, 10:16 AM · VyOS 1.3 Equuleus (1.3.0)
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Tested in my lab and it works both during creation and reboot.

Oct 19 2020, 8:57 AM · VyOS 1.3 Equuleus (1.3.0)

Oct 18 2020

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

Well spotted - i hadn't seen that option before.
I'll give it a go and see how it runs.

Oct 18 2020, 6:32 PM · VyOS 1.3 Equuleus (1.3.0)
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

I know, that my specific problem is related to OpenVPN, but are you saying, that this is only relevant for OpenVPN and it's not going to impact other interfaces?

Oct 18 2020, 3:13 PM · VyOS 1.3 Equuleus (1.3.0)

Oct 14 2020

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.
interfaces {
    ethernet eth2 {
        address 10.201.1.2/30
        description WAN
        hw-id 0c:6b:af:b0:4f:02
    }
    openvpn vtun11 {
        description "CPE MGMT"
        device-type tun
        encryption {
            cipher aes256
        }
        hash sha1
        mode client
        persistent-tunnel
        protocol udp
        remote-host 10.200.200.11
        remote-port 1194
        tls {
            auth-file /config/auth/shared.key
            ca-cert-file /config/auth/ca.crt
            cert-file /config/auth/cpe1-1.crt
            key-file /config/auth/cpe1-1.key
        }
        vrf CPE-MGMT
    }
}
protocols {
    static {
        route 0.0.0.0/0 {
            next-hop 10.201.1.1 {
            }
        }
    }
}
vrf {
    name CPE-MGMT {
        description "CPE MGMT"
        table 112
    }
}
Oct 14 2020, 7:01 AM · VyOS 1.3 Equuleus (1.3.0)

Oct 13 2020

Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

This bug seems to be worse than I thought.
Here's an example:
On reboot an openvpn client inteface will come up outside the vrf. Any routes that get pushed by the server will not get added to the client because it's wants to add the routes inside the vrf of the vtun interface - but the vtun isn't a member.
Heres a log snippet:

Oct 13 2020, 11:35 AM · VyOS 1.3 Equuleus (1.3.0)
Magnum added a comment to T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.

You're right, if-up.d scripts only get run for the interfaces defined in /etc/network/interfaces.

Oct 13 2020, 10:29 AM · VyOS 1.3 Equuleus (1.3.0)

Oct 7 2020

Magnum created T2969: OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit.
Oct 7 2020, 4:56 PM · VyOS 1.3 Equuleus (1.3.0)

Oct 6 2020

Magnum closed T2957: show openvpn not printing anything as Resolved.
Oct 6 2020, 3:20 PM · VyOS 1.3 Equuleus (1.3.0), openvpn

Oct 5 2020

Magnum moved T2957: show openvpn not printing anything from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
Oct 5 2020, 7:03 AM · VyOS 1.3 Equuleus (1.3.0), openvpn

Oct 3 2020

Magnum added a comment to T2957: show openvpn not printing anything.

Fix in PR: https://github.com/vyos/vyos-1x/pull/561

Oct 3 2020, 12:01 PM · VyOS 1.3 Equuleus (1.3.0), openvpn
Magnum created T2957: show openvpn not printing anything.
Oct 3 2020, 11:53 AM · VyOS 1.3 Equuleus (1.3.0), openvpn

Sep 20 2020

Magnum added a comment to T2908: VRF and bridge membership isn’t mutually exclusive.

First create a vrf and bridge interface and add eth1 to the bridge:

Sep 20 2020, 3:55 PM · VyOS 1.3 Equuleus (1.3.4)
Magnum added a comment to T2907: OpenVPN: Option to disable encryption.

PR for vyos-1x: https://github.com/vyos/vyos-1x/pull/547

Sep 20 2020, 3:32 PM · VyOS 1.3 Equuleus (1.3.0), openvpn
Magnum added a comment to T2906: OpenVPN: tls-auth missing key direction.

PR for vyos-1x: https://github.com/vyos/vyos-1x/pull/548

Sep 20 2020, 3:31 PM · VyOS 1.3 Equuleus (1.3.0), openvpn
Magnum created T2908: VRF and bridge membership isn’t mutually exclusive.
Sep 20 2020, 1:17 PM · VyOS 1.3 Equuleus (1.3.4)
Magnum created T2907: OpenVPN: Option to disable encryption.
Sep 20 2020, 12:41 PM · VyOS 1.3 Equuleus (1.3.0), openvpn
Magnum created T2906: OpenVPN: tls-auth missing key direction.
Sep 20 2020, 12:37 PM · VyOS 1.3 Equuleus (1.3.0), openvpn