Page MenuHomeVyOS Platform

squeeby (Chris Rigby)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 2 2016, 12:52 PM (408 w, 20 h)

Recent Activity

Dec 27 2021

squeeby added a comment to T590: openvpn config using openvpn config file.

Although this works, there’s still some mandatory config statements that are required. You can just lob everything into a file to be included.

Dec 27 2021, 6:56 PM · VyOS 1.5 Circinus

Aug 9 2019

squeeby created T1571: `show log vpn ipsec` produces no output .
Aug 9 2019, 7:58 AM · VyOS 1.2 Crux (VyOS 1.2.3)

Jul 14 2019

squeeby added a comment to T1333: pdns_recursor does not perform recursive lookups on domain specific forwarders.

Woah hang on.... we actually consulted the documentation on this?! That’s cheating

Jul 14 2019, 11:11 AM · VyOS 1.2 Crux (VyOS 1.2.3)

Jul 11 2019

squeeby added a comment to T1333: pdns_recursor does not perform recursive lookups on domain specific forwarders.

From the slack discussion, we found there should be a single forward-zones-recurse line as the last one takes precedence

Jul 11 2019, 5:35 PM · VyOS 1.2 Crux (VyOS 1.2.3)

Jun 7 2019

squeeby added a comment to T1333: pdns_recursor does not perform recursive lookups on domain specific forwarders.

For completeness, this was discussed in slack:

Jun 7 2019, 2:59 PM · VyOS 1.2 Crux (VyOS 1.2.3)

Apr 13 2019

squeeby created T1333: pdns_recursor does not perform recursive lookups on domain specific forwarders.
Apr 13 2019, 9:19 PM · VyOS 1.2 Crux (VyOS 1.2.3)

Apr 1 2018

squeeby added a comment to T590: openvpn config using openvpn config file.

I agree with the above, this is actually how I'm dealing with custom options with dhcpd at the moment, however the same can't be done with openvpn as the functionality to include files doesn't exist within openvpn's config format, whereas it does with dhcpd.

Apr 1 2018, 4:41 PM · VyOS 1.5 Circinus

Mar 31 2018

squeeby added a comment to T590: openvpn config using openvpn config file.

Not just for inputting alot of commands, but making it possible to simply specifiy an opevnpn config instead of having to re-implement every possible openvpn setting using the VyOS syntax would be a huge benefit.
Not to mention the automation aspects.. copy config, load it. done.

Mar 31 2018, 8:57 PM · VyOS 1.5 Circinus

Jan 7 2018

squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

I'm using ntop-ng + nprobe.

Jan 7 2018, 1:28 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Jan 5 2018

squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

Looks good!

Jan 5 2018, 3:20 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

This appears to operate as expected.

Jan 5 2018, 2:58 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

So by reverting, the file /opt/vyatta/sbin/vyatta-netflow.pl contains:

328 sub acct_add_nflog_target {
329     my ($intf) = @_;
330
331     my ($table_chain) = acct_get_table_chain();
332     while (my ($chain, $table) = each(%$table_chain)) {
333         my $cmd = "iptables -t $table -I $chain 1 -i $intf -j NFLOG" ." --nflog-group 2";
334         if (defined $nflog_range) {
335             $cmd .= " --nflog-range $nflog_range";
336         }
337         if (defined $nflog_threshold) {
338             $cmd .= " --nflog-threshold $nflog_threshold";
339         }
340         my $ret = system($cmd);
341         if ($ret >> 8) {
342             die "Error: [$cmd] failed - $?\n";
343         }
344     }
345 }
Jan 5 2018, 2:18 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

Do you know how I can restore the previous version so I can see if it was this package that changed it?

Jan 5 2018, 1:59 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

I applied your patch but now iptables has reverted to using the ULOG target instead of NFLOG:

squeeb@gw1# commit
[ system flow-accounting interface eth2 ]
iptables: No chain/target/match by that name.
Error: [iptables -t raw -I VYATTA_CT_PREROUTING_HOOK 1 -i eth2 -j ULOG --ulog-nlgroup 2 --ulog-cprange 64 --ulog-qthreshold 10] failed - 256
Jan 5 2018, 7:50 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.

Changing the following lines to the excerpt below in /opt/vyatta/sbin/vyatta-netflow.pl seems to work:

Jan 5 2018, 1:51 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
squeeby added a comment to T296: Enabling NetFlow fails, iptables chain VYATTA_CT_PREROUTING_HOOK unknown.
# show system flow-accounting
 interface pppoe0
 interface eth2.2
 interface eth2.3
 sflow {
     agent-address 192.168.64.1
     sampling-rate 10
     server 192.168.64.10 {
         port 2055
     }
 }
Jan 5 2018, 1:38 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Nov 16 2017

squeeby added a comment to T456: lldpd is broken on 1.1.8.

Another workaround is the following:

Nov 16 2017, 11:10 PM · Rejected