Nov 13 2018
Nov 7 2018
It looks like this change was made in https://phabricator.vyos.net/T726 before the python rewrite.
Nov 2 2018
Oct 30 2018
This is exactly the same issue i reported in T786, for every interface thats created the script runs its full processing.. when 10 interfaces are created it tries to execute it 10 times and so on. I have purposed a fix for this behaveor in T786 and there is a PR (https://github.com/vyos/vyos-1x/pull/33) on this. Another thing that could be done to fix this is to fix the underlaying vbash code that makes this happen, but i think that is a larger task.
All right, node.tag gets called twice. In the first round both interfaces are being configured correctly, then the parser calls it again (node.tag) and of course the IP already exists, so the error is valid from a script perspective.
Related to the issue @runar reported: https://phabricator.vyos.net/T786.
Oct 29 2018
Currently only the check for additionally installed packages is implemented, but the script can be extended. Didn't push it to crux to have it properly tested first.
Listing the specific ip addresses was my legacy configuration. I removed it in the current configuration. I played a little with the interface routes and the seem to work properly on the technical side of things as i am able to ping the opposit device. But somehow the routing daemon lists routes to the peers as 'inactive' which makes the configuration unusable for me.
Since I don't know your listen ports I can't verify, if the ports you've set are correct or not. What I see in the logs, looks all ok, please keep in mind that your tunnel shows onl;y active if at least one packet passed the wg interface, otherwise you won't see anything.
So as far as i see from the above your wg interfaces are being created (you can bind multiple different peers to one interface by the way) and active.
I rebased the router with the rc-4 image. After importing the configuration and rebooting the router a similar error occurs. The boot screen shows the error message "vyos-config[1708]: Configuration error". Looking into the configuration using 'show configuration' only shows the configuration of the wg2 interface but 'cat /config/config.boot' shows all three interfaces with correct configurations. The wireguard tool shows threee interfaces similar to the output before without any configuration.
That's intresting. I rebooted the system a few seconds ago and the tunnels dom't become active.
@c-po can we mark this as resolved?
Oct 28 2018
I've tested your setup and can't find any issue with the interfaces in -rc4. However your routes won't survive a reboot, please use 'set protocols static interface-route <destination-net> next-hop-interface wg0'.
If that doesn't solve your issue, please check 'show interfaces' and check if the wg interfaces is setup after reboot there.
Also please provide the output of the following:
'grep wireguard /var/log/messages'
this is the configuration which i need to set again after each reboot (and i remove the ip address from the interface and set it again as ip + peer address as there is no configuration option at the moment). I removed some unimportant information.
Hi @MrXermon ,
can you please share your configuration? At least the set interface wireguard ... ones would be interesting, so I can test it.
@dmbaturin Awesome, I didn't have the time to look into that further. I'm going to test it for sure.
Groups need a big overhaul, but its probably out of the 1.2.0 scope.
I've finally located the place where tag node output is handled and added quoting analogous to what was always done to leaf node values. Now saved configs should be correct.
In rc3 and rc4, it's empty for me.
By default cli-shell-api showCfg is level-aware, and the script indeed did not use the option for supressing it.
Indeed, the original script only took the first word, rather than all words after "filter".
Oct 27 2018
Tested on the latest 1.2.0-rc4 and it appears that the memory plugin is still enabled.
Verified on VyOS 1.2.0-rc4 as working correctly.
So that's what I have right now for checking the packages, if they are newer than the image build time, it would spit out the below:
@hagbardI like the idea to have it modular,
we also need to add profiling option (collecting system metrics over some period of time)
and maybe some more stuff (specific to functionality like ipsec, bgp, firewall, etc)