Change Details

Incorrect check [[ https://github.com/vyos/vyatta-cfg-quagga/blob/f8f52fc4ad5f738a1b95727e407f4b6f736292b2/scripts/bgp/vyatta-bgp.pl#L1301-L1304 | is_local_address ]] for bgp neighbor with option ip_nonlocal_bind set Initially, it was described from the [[ https://forum.vyos.io/t/config-validation-failing-when-net-ipv4-ip-nonlocal-bind-1 | forum ]] and still have this bug. If OpenVPN uses the virtual VRRP as the listening address to start correctly, it requires the sysctl option "net.ipv4.ip_nonlocal_bind = 1" And this option prevents configuring bgp neighbors due to but with "local system IP" check. ``` vyos@r1# set protocols bgp 65001 neighbor 192.0.2.1 remote-as 65001 Can't set neighbor address to local system IP. Value validation failed Set failed [edit] vyos@r1# sysctl net.ipv4.ip_nonlocal_bind net.ipv4.ip_nonlocal_bind = 1 vyos@r1# [edit] vyos@r1# sudo ip route get 192.0.2.1 192.0.2.1 dev eth1 src 192.0.2.2 uid 0 cache vyos@r1# vyos@r1# run show arp interface eth1 Address HWtype HWaddress Flags Mask Iface 192.0.2.1 ether 52:54:00:c7:31:bc C eth1 [edit] vyos@r1# vyos@r1# run show int ethernet eth1 brief Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth1 192.0.2.2/24 u/u [edit] vyos@r1# ``` So a workaround is it comments out such [[ https://github.com/vyos/vyatta-cfg-quagga/blob/f8f52fc4ad5f738a1b95727e407f4b6f736292b2/scripts/bgp/vyatta-bgp.pl#L1301-L1302 | check ]] Or use another solution proposed from the forum https://github.com/jlowsley/vyatta-cfg/commit/10ae5b525e6642983c6337041295424120a801fd (needs to check)

Incorrect check [[ https://github.com/vyos/vyatta-cfg-quagga/blob/f8f52fc4ad5f738a1b95727e407f4b6f736292b2/scripts/bgp/vyatta-bgp.pl#L1301-L1304 | is_local_address ]] for bgp neighbor with option ip_nonlocal_bind set Initially, it was described from the [[ https://forum.vyos.io/t/config-validation-failing-when-net-ipv4-ip-nonlocal-bind-1 | forum ]] and still have this bug. If OpenVPN uses the virtual VRRP as the listening address to start correctly, it requires the sysctl option "net.ipv4.ip_nonlocal_bind = 1" And this option prevents configuring bgp neighbors due to "local system IP" check. ``` vyos@r1# set protocols bgp 65001 neighbor 192.0.2.1 remote-as 65001 Can't set neighbor address to local system IP. Value validation failed Set failed [edit] vyos@r1# sysctl net.ipv4.ip_nonlocal_bind net.ipv4.ip_nonlocal_bind = 1 vyos@r1# [edit] vyos@r1# sudo ip route get 192.0.2.1 192.0.2.1 dev eth1 src 192.0.2.2 uid 0 cache vyos@r1# vyos@r1# run show arp interface eth1 Address HWtype HWaddress Flags Mask Iface 192.0.2.1 ether 52:54:00:c7:31:bc C eth1 [edit] vyos@r1# vyos@r1# run show int ethernet eth1 brief Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth1 192.0.2.2/24 u/u [edit] vyos@r1# ``` So a workaround is it comments out such [[ https://github.com/vyos/vyatta-cfg-quagga/blob/f8f52fc4ad5f738a1b95727e407f4b6f736292b2/scripts/bgp/vyatta-bgp.pl#L1301-L1302 | check ]] Or use another solution proposed from the forum https://github.com/jlowsley/vyatta-cfg/commit/10ae5b525e6642983c6337041295424120a801fd (needs to check)

Incorrect check [[ https://github.com/vyos/vyatta-cfg-quagga/blob/f8f52fc4ad5f738a1b95727e407f4b6f736292b2/scripts/bgp/vyatta-bgp.pl#L1301-L1304 | is_local_address ]] for bgp neighbor with option ip_nonlocal_bind set Initially, it was described from the [[ https://forum.vyos.io/t/config-validation-failing-when-net-ipv4-ip-nonlocal-bind-1 | forum ]] and still have this bug. If OpenVPN uses the virtual VRRP as the listening address to start correctly, it requires the sysctl option "net.ipv4.ip_nonlocal_bind = 1" And this option prevents configuring bgp neighbors due to but with "local system IP" check. ``` vyos@r1# set protocols bgp 65001 neighbor 192.0.2.1 remote-as 65001 Can't set neighbor address to local system IP. Value validation failed Set failed [edit] vyos@r1# sysctl net.ipv4.ip_nonlocal_bind net.ipv4.ip_nonlocal_bind = 1 vyos@r1# [edit] vyos@r1# sudo ip route get 192.0.2.1 192.0.2.1 dev eth1 src 192.0.2.2 uid 0 cache vyos@r1# vyos@r1# run show arp interface eth1 Address HWtype HWaddress Flags Mask Iface 192.0.2.1 ether 52:54:00:c7:31:bc C eth1 [edit] vyos@r1# vyos@r1# run show int ethernet eth1 brief Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth1 192.0.2.2/24 u/u [edit] vyos@r1# ``` So a workaround is it comments out such [[ https://github.com/vyos/vyatta-cfg-quagga/blob/f8f52fc4ad5f738a1b95727e407f4b6f736292b2/scripts/bgp/vyatta-bgp.pl#L1301-L1302 | check ]] Or use another solution proposed from the forum https://github.com/jlowsley/vyatta-cfg/commit/10ae5b525e6642983c6337041295424120a801fd (needs to check)