- User Since
- May 25 2018, 2:31 AM (287 w, 5 d)
Jun 23 2021
Wireguard has no link states on the interface, the ip command just does an 'administrative' up down, which won't start a renegotiation. The policy description (remove peer) needs to be removed from the wg interface and re-added, otherwise you need to wait until wg tries to rekey which will then eventually renegotiate the entire connection.
The removal was as far as I recall part of the original vyos code, so it may have been removed at one point, I haven't looked into the code yet.
Jan 10 2021
Sounds good, syslog needs to be set to level debug for kernel facility, so it's per default only visible in the journal logs. Tested with a few tunnels, it's not very noisy, even with 20 tunnels.
Jan 9 2021
output looks then like below and is being logged to ringbuffer as well as systemd-journald:
Dec 24 2020
vyatta-webproxy: 80% done, @cpo grabbed it since I had no time to continue for a while and put it on hold. I removed obsolete options which implies the need of a migration script. Ldap, AD, IP and user/passwd auth works, I removed caches, squidguard, include domain filters (just a list) and so on, but I stopped it now since it's been taken away.
Kernel modules are pre-compiled and can be loaded.
Dec 23 2020
Nov 14 2020
Sep 13 2020
Due to the fact that transparent proxy, which was the default, is being removed for now, there will be in the first version 2 authentication modes, one is by IP address or network (nothing else would be required as long as you have the correct src IP) and LDAP (either anonym or with bind-dn to browse LDAP. I have both mechanisms already working via cli and about to clean up and test right now. If anyone need a special authentication mechanism, please let me know. I also disabled local file caches, since these days most traffic is https anyway, we can take some pressure off of the filesystem (ssd).
Sep 6 2020
The perl scripts didn't create any config line, that's why I'm asking. I have it already implemented and successfully tested with the new python code, but wonder how people were able to use it all by just using the cli. I may need somebody for testing with AD, since I don't have access to any AD environment anymore.
Sep 5 2020
Does anyone know if ldap auth worked at all with the old perl backend? I try to find out how likely I need to migrate cli entries. from what I have seen, ldap auth with anonymous ldap browsing didn't generate any required config for squid.
Sep 4 2020
I agree, a separate DNS would be way easier to maintain if you have a lot of TLDs you need/want to block, since squid has to load it from a list, let's see if anyone is still using that, other wise it would be nicer and easier to scrape that off and implement a nameserver tag node win the cli.
Sep 3 2020
Is there any interest in the following scenarios:
Aug 30 2020
Squid will be used for authentication and controlling name resolution (pointing to a spacial DNS or so?) , no squidguard or caching will be used anymore. It also ran in transparent mode per default, which requires an iptables rules set. I think that feature can be removed, since a transparent proxy has no authentication options anyway.
@c-po https://github.com/vyos/vyos-build/pull/121 will fix it, but I used .142 while the conifg file was from 136, so please review first. I tested it and the system speaker is fully functional again.
You can test it quickly via `echo -ne "\a"', which should make noise. Beep seems to be broken, looks like it can't be used via sudo, something I may can have a look later into.
Aug 29 2020
echo -ne "\a" should give you a beep sound on the the system speaker too, if you just want to quickly test it. I tested it with deb10 minimal install, works via qemu too.
e.g: qemu-system-x86_64 -smp cpus=3 -soundhw pcspk -m 1024 -enable-kvm -drive file=os.img,media=disk (os disk is a deb10 netinstall).
With capabilities I meant the listed capabilities listed under the input link via sys:
As far as I recall it doesn't initializes is correctly anymore, you can test with beep. The system beep you can set via cli is broken since then.
Aug 28 2020
Fixing up the code, but it will suffer the same issue as in T2835. That build file should be the last thing in the build process, otherwise there is no other way to find out what pkg were installed during the build.
It looks like that the build process messed it up, it did create the version file at the beginning of the build, not at the end. After the file usr/share/vyos/version.json was create, pkg installations took place a few minutes alter, that's why everything in the image is newer than the version file, therefore the command output is absolutely correct. I'll check if I can find out what went wrong during the build, since it appears that only 1.2.6 is affected.
Built on: Thu 13 Aug 2020 11:57 UTC
Happens also when just using the booted image without install. Investigating.
Jul 27 2020
-1 as well
As an additional tool I think it's ok but other than that there is no reason for that too.
Apr 7 2020
Mar 24 2020
The code should be in the op-mode script rather than the class.But the PR was merged in, so I suppose it's ok.
Mar 21 2020
@alien Can you please share your config, I can't reproduce it. The op function will be moved into the the ops script out of the ifconfig class, which caused the issue due to restructuring out internal class architecture.
Mar 19 2020
@alien Can you please test the issue with the latest rolling release?
Mar 16 2020
https://github.com/vyos/vyos-1x/commit/5cb0059353e94dc11aa116e4aa8ce0422c4f3534 should fix the issue. The op-mode commands may need to be refactored in general and split into it's own structures.
@syncer https://github.com/vyos/vyos-1x/commit/dad110ce666edae42ac18c59a800bda503589f27 are only CLI modifications (validation to be be precise), no code changes at all which would change the functionality, in my opinion it can be backported as is.
Mar 2 2020
Feb 27 2020
No answer from user.
Feb 24 2020
@Dmitry next rolling will have it enabled, let me know if it works for you as intended.
Feb 23 2020
Feb 11 2020
Feb 8 2020
Jan 31 2020
Jan 28 2020
Jan 26 2020
All right, we stay with squid, however I may drop squidguard but ask in the forum first if that feature would be required by many users.