User Details
- User Since
- Mar 2 2023, 11:46 AM (80 w, 6 d)
Tue, Sep 10
Tue, Aug 27
Sep 28 2023
It seems this problem is not caused by IPsec, but it was caused by GRE implementation.
Jul 19 2023
FRR upstream accepted this patch. https://github.com/FRRouting/frr/pull/13140
May 16 2023
May 12 2023
May 8 2023
On 1.4-rolling-202305080742, speed limit and protocol detection still not worked out correctly too.
Apr 27 2023
Ok, if we merge the patch (backported to frr v8.5), this task can be close.
Mar 30 2023
Mar 29 2023
Mar 28 2023
I think it is good to implement a append kernel boot parameter in configuration file. Like mitigations=off to help old platforms to perform well.
Mar 21 2023
Mar 20 2023
Workaround: put these lines to /config/scripts/vyos-postconfig-bootup.script
Mar 16 2023
Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: authentication of 'domain1' with RSA_EMSA_PKCS1_SHA2_256 successful Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> peer supports MOBIKE Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: peer supports MOBIKE Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> authentication of 'domain2' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: authentication of 'domain2' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> IKE_SA JXNCCT[2] established between <pubIP2>[domain2]...<pubIP1>[domain1] Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: IKE_SA JXNCCT[2] established between <pubIP2>[domain2]...<pubIP1>[domain1] Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> scheduling rekeying in 28200s Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: scheduling rekeying in 28200s Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> maximum IKE_SA lifetime 31080s Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: maximum IKE_SA lifetime 31080s Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[CFG] <JXNCCT|2> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[KNL] <JXNCCT|2> received netlink error: Invalid argument (22) Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: received netlink error: Invalid argument (22) Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[KNL] <JXNCCT|2> unable to install source route for 192.168.127.32 Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: unable to install source route for 192.168.127.32 Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> CHILD_SA JXNCCT-tunnel-1{2} established with SPIs c4ba20f9_i c3ba4340_o and TS 192.168.127.32/32 === 192.168.63.32/32 Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: CHILD_SA JXNCCT-tunnel-1{2} established with SPIs c4ba20f9_i c3ba4340_o and TS 192.168.127.32/32 === 192.168.63.32/32 Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[ENC] <JXNCCT|2> generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ] Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ] Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[NET] <JXNCCT|2> sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (476 bytes) Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (476 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[NET] <JXNCCT|2> received packet: from <pubIP1>[4500] to <pubIP2>[4500] (76 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: received packet: from <pubIP1>[4500] to <pubIP2>[4500] (76 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[ENC] <JXNCCT|2> parsed INFORMATIONAL request 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: parsed INFORMATIONAL request 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[ENC] <JXNCCT|2> generating INFORMATIONAL response 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: generating INFORMATIONAL response 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[NET] <JXNCCT|2> sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (76 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (76 bytes)
Mar 7 2023
Mar 4 2023
Mar 3 2023
I don't know why when I set bandwidth from 10k-10mbit/s, the QoS shaper works correctly but when I set to 100mbit/s~600mbit/s, I only get fews of mbit/s or tens of mbit/s. When I set above about 800mbit/s it looks like no limitation at all. When I manually set limit by tc commands, it seems okay.
I don't know why I set a 100mbit/s shaper, but result in lots of retry and 5~10mbit/s speed.
I have almost same problem here. Can't NAT between two VRFs correctly. The outgoing packet has been NATed correctly but the incoming packet seems be dropped, can't reach the source, it seems the return packet can't be tracked correctly.
Btw, in this rolling release, OSPF BFD in tunnel doesn't work correctly too.
You can manually modify strongswan's systemd service file to add 'ip vrf exec charond'. But it causes other problem.