User Details
- User Since
- Thu, Mar 2, 11:46 AM (3 w, 15 h)
Tue, Mar 21
Mon, Mar 20
Workaround: put these lines to /config/scripts/vyos-postconfig-bootup.script
Thu, Mar 16
Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: authentication of 'domain1' with RSA_EMSA_PKCS1_SHA2_256 successful Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> peer supports MOBIKE Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: peer supports MOBIKE Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> authentication of 'domain2' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: authentication of 'domain2' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> IKE_SA JXNCCT[2] established between <pubIP2>[domain2]...<pubIP1>[domain1] Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: IKE_SA JXNCCT[2] established between <pubIP2>[domain2]...<pubIP1>[domain1] Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> scheduling rekeying in 28200s Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: scheduling rekeying in 28200s Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> maximum IKE_SA lifetime 31080s Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: maximum IKE_SA lifetime 31080s Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[CFG] <JXNCCT|2> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[KNL] <JXNCCT|2> received netlink error: Invalid argument (22) Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: received netlink error: Invalid argument (22) Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[KNL] <JXNCCT|2> unable to install source route for 192.168.127.32 Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: unable to install source route for 192.168.127.32 Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[IKE] <JXNCCT|2> CHILD_SA JXNCCT-tunnel-1{2} established with SPIs c4ba20f9_i c3ba4340_o and TS 192.168.127.32/32 === 192.168.63.32/32 Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: CHILD_SA JXNCCT-tunnel-1{2} established with SPIs c4ba20f9_i c3ba4340_o and TS 192.168.127.32/32 === 192.168.63.32/32 Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[ENC] <JXNCCT|2> generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ] Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ] Mar 16 12:47:29 bsp-asbr2-cm charon[45036]: 14[NET] <JXNCCT|2> sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (476 bytes) Mar 16 12:47:29 bsp-asbr2-cm charon-systemd[45036]: sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (476 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[NET] <JXNCCT|2> received packet: from <pubIP1>[4500] to <pubIP2>[4500] (76 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: received packet: from <pubIP1>[4500] to <pubIP2>[4500] (76 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[ENC] <JXNCCT|2> parsed INFORMATIONAL request 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: parsed INFORMATIONAL request 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[ENC] <JXNCCT|2> generating INFORMATIONAL response 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: generating INFORMATIONAL response 2 [ ] Mar 16 12:47:59 bsp-asbr2-cm charon[45036]: 06[NET] <JXNCCT|2> sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (76 bytes) Mar 16 12:47:59 bsp-asbr2-cm charon-systemd[45036]: sending packet: from <pubIP2>[4500] to <pubIP1>[4500] (76 bytes)
Tue, Mar 7
Sat, Mar 4
Fri, Mar 3
I don't know why when I set bandwidth from 10k-10mbit/s, the QoS shaper works correctly but when I set to 100mbit/s~600mbit/s, I only get fews of mbit/s or tens of mbit/s. When I set above about 800mbit/s it looks like no limitation at all. When I manually set limit by tc commands, it seems okay.
I don't know why I set a 100mbit/s shaper, but result in lots of retry and 5~10mbit/s speed.
I have almost same problem here. Can't NAT between two VRFs correctly. The outgoing packet has been NATed correctly but the incoming packet seems be dropped, can't reach the source.
Btw, in this rolling release, OSPF BFD in tunnel doesn't work correctly too.
You can manually modify strongswan's systemd service file to add 'ip vrf exec charond'. But it causes other problem.