[Vyatta-users] Installation Problem - booting hangs
Hello List, trying to install Vyatta community edition 3, installation suceeded ok, but booting hangs: GRUB Loading stage1.5 GRUB loading, please wait. Then nothing more happens. I tried following things: loaded new image and installed from this. tried different harddisks SATA and PATA. before install-system, I tried dd /dev/zero /dev/hda count=1, but doesnt't help. Hardware is a small Barebone-PC with SIS964, Intel Celeron 220, 512 MB RAM. Found some strange messages in /var/log/messages, when booting again from CD. vyatta kernel: copy_e820_map() start ... size 09fc00 end 9fc00 type: 1 Enabling APIC mode: Flat: Using 0 I/O APICs BIOS bug, no explicit IRQ entries using default mptable Cannot allocate resource for EISA slot 1 Cannot allocate resource for EISA slot 2 hdb: _NEC DV-5800, Atapi CD/DVD-ROM ide0 at 0x1f0-0x1f7, 0x3f6 on irq 14 ATA: abnormal status 0x7F on port 0x2367 Registering unionfs 2.0 agpgart: Unuspported SiS chipset (device id: 0662) Any tips or information ? -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] WAN Load Balancing
Hi, This makes sense. We will try the multi WAN load balancing. Thanks, Abhilash S Ascella Technologies, Inc. www.ascellatech.com On Feb 5, 2008 11:59 AM, Dave Roberts [EMAIL PROTECTED] wrote: Thanks for your quick reply. I am agreed that we can test the multiple WAN load balancing feature before it is released to help with your testing. But one thing I forgot to mention about the broadband connection, is that it has a maximum data transfer of 20GB per month. That is why we were using the below plan: * The leased line connection is all traffic till 11 AM (it is set to the default gateway) * After 11:00AM, we switch the default gateway to the broadband connection for all internet traffic, and add a static route so that VPN traffic remains on the leased line. * After 5:00PM, we reset this back to the original configuration We don't want to exceed the maximum limit of 20GB on the broadband connection. Is it possible to limit the bandwidth usage of the broadband connection using the multiple WAN loadbalancing ? That is why we were thinking of using OSPF, so that we could increase the cost of the 2Mb connection as we approach the maximum. With this new requirement, does OSPF still make sense for us? If not, could you explain why OSPF may not be the choice for us? OSPF would allow you to assign a cost to a given route, but it's a hard cost. Paths with the lowest cost will receive all the traffic until a lower-cost path becomes available. If that's exactly what you want, then that's one way to achieve it, but it feels like overkill because OSPF is a hugely complex protocol and you really aren't using it for doing what it was intended. One thing you could do is use the WAN load balancing feature and change the weight factors between the links as you approach the maximum. There is currently no way to do this automatically, though coupled with QoS you might be able to work something out. Personally, I would go this route with WAN LB weight adjustment rather than OSPF. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Vote Vyatta and Powered by Vyatta logos
and now a note from Vyatta Marketing. Vote Vyatta in Linux Journal Readers Choice Survey Linux Journal is conducting its Readers Choice 2008 Survey and we need your votes. Vyatta has been nominated for Favorite Security Tool and Product of the Year. Please take a minute and cast your vote at http://www.linuxjournal.com/node/1006101 - New - Powered by Vyatta logos Here is another chance to show us some love with the new Powered by Vyatta logos. We have created some small logos for users to display on your site(s) to show your pride in your network, your dedication to open source and show the world that Vyatta software is what runs your network. http://www.vyatta.com/community/powered.php -- we now return you to your regulary scheduled discussions thanks for your attention and support -Tom Tom McCafferty Director of Marketing Vyatta Inc. http://www.vyatta.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta running on appliance...
What's the last message before it hangs? Justin On Feb 7, 2008 2:12 PM, ken Felix [EMAIL PROTECTED] wrote: I'm doing the same but with a 2gb and 4gb fast Compact Flash. It runs great but I just notice a problem the last 2 days in my test lab and it ( host ) hangs at boot time. Could be y hardware or CF card or adpater. fwiw, Logic supply has shipped their servers to me but so far I've haven't received all of my new pieces for my project. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Installation Problem - booting hangs
One other thing to look into... Make sure you're not using the RAID functionality of the SIS964. Robert Bays wrote: Stefan, Looks like grub isn't loading stage 1.5. One thing to check... In the BIOS there may be a setting that switches the disk mode from normal to LBA. It should be set to LBA... Cheers, Robert. Stefan Leippert wrote: Hello List, trying to install Vyatta community edition 3, installation suceeded ok, but booting hangs: GRUB Loading stage1.5 GRUB loading, please wait. Then nothing more happens. I tried following things: loaded new image and installed from this. tried different harddisks SATA and PATA. before install-system, I tried dd /dev/zero /dev/hda count=1, but doesnt't help. Hardware is a small Barebone-PC with SIS964, Intel Celeron 220, 512 MB RAM. Found some strange messages in /var/log/messages, when booting again from CD. vyatta kernel: copy_e820_map() start ... size 09fc00 end 9fc00 type: 1 Enabling APIC mode: Flat: Using 0 I/O APICs BIOS bug, no explicit IRQ entries using default mptable Cannot allocate resource for EISA slot 1 Cannot allocate resource for EISA slot 2 hdb: _NEC DV-5800, Atapi CD/DVD-ROM ide0 at 0x1f0-0x1f7, 0x3f6 on irq 14 ATA: abnormal status 0x7F on port 0x2367 Registering unionfs 2.0 agpgart: Unuspported SiS chipset (device id: 0662) Any tips or information ? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] IPSec Termination
Here's my config conn peer-0.0.0.0-tunnel-1 left=1.1.1.1 right=%any leftsubnet=192.168.12.0/24 rightsubnet=192.168.10.0/24 rekey=no ike=3des-sha1,3des-sha1 ike=3des-sha1,3des-sha1 ikelifetime=3600s aggrmode=yes esp=3des-md5,3des-sha1 keylife=1800s rekeymargin=540s type=tunnel pfs=yes compress=no authby=secret auto=add From the initiator I get an error message INVALID_ID INFORMATION How do you configure the user id to match the userid from the initiator, or does that matter? Also does the above config look accurate for an aggressive mode. When I configure auto=ignore I see no IPSEC information When I change auto=add, I see the IPSEC negotiations, and it doesn't initiate, which is good. But tunnel not established Carlos Dunmoodie Network Engineer Engineering Office: (301) 944-2896 Cell: (443) 864-9822 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ken Felix Sent: Monday, February 04, 2008 7:32 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] IPSec Termination Couldn't you get the same thing with the VPN dead peer-detect set to HOLD? Under strongswan for example, their's a setting that would allow you to auto=start or auto=ignore, if you could add this, you should be okay. Here's how my vyatta ipsec.conf looks; If the last line was set to auto=ignore, than I would think ipsec would be started and the host would wait for the far-end ( right ) to initiated the session. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] IPSec Termination
Hi Carlos, I'm not sure I'm correctly understanding your reason for using aggressive mode but, are you sure that the other end of the connection is expecting an aggressive mode negotiation? If your only special requirement is that the other end of the connection is being initiated from an unknown peer address, then simply setting the peer to 0.0.0.0, which it looks like you've done, should work for you. Either way, I don't think your phase 1 negotiation will complete if only one end is set to aggressive mode. This may be the reason for the INVALID_ID error. Have you tried connecting with aggrmode=no? If none of the above apply to your situation, can you reply with the VPN configuration on the remote end? Also, what type of device is it? Thanks! Robyn Dunmoodie, Carlos wrote: Here's my config conn peer-0.0.0.0-tunnel-1 left=1.1.1.1 right=%any leftsubnet=192.168.12.0/24 rightsubnet=192.168.10.0/24 rekey=no ike=3des-sha1,3des-sha1 ike=3des-sha1,3des-sha1 ikelifetime=3600s aggrmode=yes esp=3des-md5,3des-sha1 keylife=1800s rekeymargin=540s type=tunnel pfs=yes compress=no authby=secret auto=add From the initiator I get an error message INVALID_ID INFORMATION How do you configure the user id to match the userid from the initiator, or does that matter? Also does the above config look accurate for an aggressive mode. When I configure auto=ignore I see no IPSEC information When I change auto=add, I see the IPSEC negotiations, and it doesn't initiate, which is good. But tunnel not established Carlos Dunmoodie Network Engineer Engineering Office: (301) 944-2896 Cell: (443) 864-9822 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ken Felix Sent: Monday, February 04, 2008 7:32 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] IPSec Termination Couldn't you get the same thing with the VPN dead peer-detect set to HOLD? Under strongswan for example, their's a setting that would allow you to auto=start or auto=ignore, if you could add this, you should be okay. Here's how my vyatta ipsec.conf looks; If the last line was set to auto=ignore, than I would think ipsec would be started and the host would wait for the far-end ( right ) to initiated the session. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Vyatta running on appliance...
Hi All; I just wanted to let people know that I have a Vyatta VC3 cluster running in production on the following hardware: http://www.yawarra.com.au/hw-eber.php Options: 768 Mb RAM [max] 4 x 1 G ports 512 Mb. Flash card Initial install was via a USB cdrom drive. If I were to order again I would get the 2G flash drives. L But other than that, it has run extremely well and has been very stable. It is doing static routing between our administrative LANs and our mission critical Broadcast LANs. Chad Hurley Acting Deputy Director, Technical Operations Radio Free Asia T. 202-530-2024 E. [EMAIL PROTECTED] ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users