Re: [Vyatta-users] Logging and Reporting
Please move this over to the new forums (www.vyatta.org). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daren Tay Sent: Wednesday, March 26, 2008 11:25 PM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Logging and Reporting Hi guys, Wanna ask if it is possible to have some form of logging/reporting on vyatta? To note traffic info etc... Just Syslog? Just trying to test things out Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Custom DHCP options
Yea, I was considering editing dhcpd.conf directly, but was hoping the CLI would incorporate directly. File a bug in Bugzilla (bugzilla.vyatta.com) describing what you want. If there is a need, we'll certainly incorporate it. Also, we should move this dicussion over to the forums. The email list is going to be shut down for good real soon now. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Announcing Vyatta Community Edition 4 Beta
I'm pleased to announce that VC4 (Glendale) Beta was released this morning and is available for immediate download from either www.vyatta.org http://www.vyatta.org/ or www.vyatta.com http://www.vyatta.com/ . The feature set for this release is basically unchanged from the previous Alpha 2 release, but many issues have been corrected. You can get a full set of release notes here: http://www.vyatta.org/documentation http://www.vyatta.org/documentation Notable enhancements from VC3 include: * FusionCLI * Completely reworked routing subsystem. The scalability and performance of the routing subsystem are tremendously better than VC3 and before. This new routing subsystem was used for the recent Tolly testing versus the Cisco 7204. * Role-based access control * Equal-cost multi-path routing * Remote access VPN, including L2TP+IPsec and PPTP *GRE and IP-in-IP tunnels * PPPoE * WAN load balancing * QoS and bandwidth limiting * DHCP Client See the release notes for more details. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Fractional T3 configuration?
Not that I want to cut you guys off in any way, but I'd like to have you guys move this discussion over to the new forums on vyatta.org. We're going to be shutting down this mailing list shortly and I'd like to have all active discussions happening over there. Thanks, -- Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ken Felix Sent: Sunday, March 09, 2008 2:55 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Fractional T3 configuration? If you don't mind me asking , what do they (isp) have upstream for the DSU type ( kentrox,adtran,cisco ) and could you post all of your side L2 configuration settings? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] ANN: Glendale Alpha 1 Released
PPPoE support... do you intend to support a PPPoE server with Glendale at some point? Francois, At present, it's not on the roadmap. The thought is that most of the time that PPPoE is being used, you'd have a BRAS of some sort on the provider-side, and currently, that's not a target market for Vyatta to go after. If you have a different use-case or if I'm missing something, please educate me and we'll definitely consider it. We're always looking for ways to make Vyatta better. Most all suggestions that people make are rational and interesting to us. It simply becomes a matter of priority for what we work on next. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
File it for the bug bounty contest! ;-) You are absolutely correct. Therefore the bug is: telnet is not properly mapped. *GRIN* Thanks for your help Stig. Best, -Chris ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
However, make sure it's not already filed before you do - this was bug 2478 :-) https://bugzilla.vyatta.com/show_bug.cgi?id=2478 Justin Oooo, you're good. ;-) -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] VC4 Alpha 2 Bug Hunt
Okay, with VC4 Alpha 2 just out the door earlier this week, it's time to turn up the heat on testing. From the feedback we have been receiving, it's clear that some people are actively working with VC4 Alpha 1, and hopefully now Alpha 2. To thank you for the help you're providing by exposing VC4 Alpha 2 to a more diverse set of environments than we can recreate in the lab, we're going to provide a little bounty on filed bugs, a Vyatta Deluxe Schwag Kit(tm): * Exclusive Vyatta blue logo polo shirt * High capacity Vyatta logo bistro coffee mug * Sporty Vyatta logo baseball cap Here are the T's and C's: 1. Anybody who is able to find a crash or hang of a subsystem in Vyatta will be awarded a Vyatta Deluxe Schwag Kit(tm). A crash is defined as an abnormal exit of a process. A hang is defined as a subsystem that becomes unresponsive to normal activity. Ultimately, the Vyatta engineering team will judge whether your bug qualifies as a crash or hang. 2. The top 10 filers by quantity of other bugs of substance will be awarded a Vyatta Deluxe Schwag Kit(tm). A bug of substance is something that honestly doesn't work. We'd love to hear about misspellings and such in the help strings, but that doesn't count toward your total. We're looking for things that don't work here. A good example would be a valid configuration that would fail upon commit, or might pass commit but then fail to do what it was configured to do. Validity of bugs counting toward your total is at the complete discretion of the engineering team. 3. One lucky winner will receive the Engineer's Choice award for filing the most obtuse, interesting, or otherwise strange bug, and will receive a Vyatta Deluxe Schwag Kit(tm). This one will be voted on by the engineering crew here at Vyatta, so make friends with them now. 4. All bugs must be *reproducible* and previously unknown to Vyatta (not in the Vyatta Bugzilla or the bug database of another subproject). In other words, if you see something unreproducible, please file it, but it's hard to award you a prize if we can't verify that the problem is real. In terms of being unknown, you need to come up with something that isn't already in the Vyatta database. You also need to come up with something that isn't a known bug in one of the subprojects we use. Put another way, while they may not be in the Vyatta Bugzilla, suffice it to say that we already know about the known bugs in OpenSwan, Quagga, ISC dhcpd, etc. That said, if you find a bug that was previously unknown in a subsystem, we'd love to hear about that and it will definitely count. 5. In the case of multiple people filing the same bug or questions of whether the bug is new, priority will be given based on the timestamp of the bug filing at http://bugzilla.vyatta.com/. 6. We'll use the email address in your Bugzilla account to contact you, so please make sure it's correct. Unique email addresses will be used to compute the quantity totals, so don't file your bugs across multiple Bugzilla accounts. 7. The contest starts at 2:30 PM USA Pacific Standard Time on Feb 27 and runs through 11:59 PM USA Pacific Standard Time on March 22. 8. Contestants from all over the world are welcome to play, but unfortunately, we can only award schwag prizes to those in the USA. We would love our international community members, but the economics of shipping schwag outside the USA just don't add up. (Honestly, I tried sending a European Vyatta community member a t-shirt a couple years ago and it cost me upwards of $200 to ship a $20 shirt.) If you're content with recognition/honor/fame but not schwag, we'd be happy to give you all that. ;-) If you have any questions, just let me know. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] VC4 Alpha 2 Bug Hunt
7. The contest starts at 2:30 PM USA Pacific Standard Time on Feb 27 and runs through 11:59 PM USA Pacific Standard Time on March 22. I clarified this when I posted it to vyatta.org, but sent this out too quickly... All dates/times are in 2008. I figured that was obvious, but I'm sure somebody would have taken me to task if I had left a loophole. ;-) -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Problems with Glendale Alpha 2
1. What error are you seeing? 2. Have you looked at the PPPoE documentation on Vyatta.org? http://www.vyatta.org/documentation/glendale-alpha2 -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paco Alcantara Sent: Wednesday, February 27, 2008 4:15 PM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Problems with Glendale Alpha 2 Some problems when trying Alpha 2 1.- Error when trying install-system to install Alpha2 in a hard disk (I am using VMWare environment). 2.- I am looking for PPPoE commands are I cannot find them. Any help?? Regards. Paco. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vrrp issues on VC3
Thanks for the answer. I|d love to trz but in VC3 there is no possibility. Seems we have to buy a subscription... Could somebody from Vyatta please confirm this (vrrp) issue? ??? VC3 is a community release, available for download from the Vyatta web site. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] list reply-to address
Done. After vascillating for a while, I finally caved on this. Replies now go back to the list rather than the original poster. Please be careful if you need to send something direct. As an aside, I have no idea why vyatta-users was setup differently than vyatta-hackers. They should have had the same behavior. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells Sent: Wednesday, February 20, 2008 11:23 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] list reply-to address I notice that when I mail the hackers list, the reply-to address is automatically set to [EMAIL PROTECTED] but when I mail to vyatta-users I have to manually set the reply-to address to vyatta-users@mailman.vyatta.com or I frequently get replies straight to my inbox rather than to the list. Can you please adjust the configuration of the users list to set the reply-to address to vyatta-users? It drives me a little crazy. ;-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Going to shell on Vyatta
Piyush, The answer to this varies by the particular release. Assuming you're running something VC3 or earlier, then you login as 'root' with password 'vyatta' and you'll be at the bash prompt, as others have said. As Stig pointed out, in Glendale, the model is slightly different. In Glendale, you're always 'at the shell' but with both router and Linux commands available (something we call FusionCLI). Depending on who you login as (root, vyatta, etc.), you'll have a different set of commands that you'll be able to see/execute, but essentially both worlds are always available to you from the same prompt. This is nice because Vyatta commands are peers with any other Linux command and it eliminates the dual-mode model of previous releases. For instance, you can immediate type something like show version and then do cat /proc/stat or whatever else you want. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of piyush sharma Sent: Sunday, February 10, 2008 9:10 PM To: Stig Thormodsrud Cc: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Going to shell on Vyatta Sorry Stig, my question was meant for Vyatta in general. I didn't edit the subject line earlier. I have to run an application on the linux on the Vyatta machine. For that I require to go to the shell prompt. I wanted to know how can I do that. I have logged in as user vyatta on the router. Please help me. Thanks, Piyush ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Vyatta at SCALE 6x and Glendale testing
I had a couple general announcements for the Vyatta community... First, if you live in the Southern California area, Vyatta is going to have a booth at SCALE 6x at the LAX Airport Westin. SCALE 6x runs today and this weekend, Feb 8 - 10. You can find more info about SCALE here: http://www.socallinuxexpo.org/ If you're in the area, please come by the Vyatta booth. Tom McCafferty and I will be there on both Saturday and Sunday. Second, I'd like to urge people to continue testing Glendale. We're coming up toward our next milestone and we want to maximize feedback before that date so that we can incorporate as much as possible before deliver the next step. We have already changed functionality in response to community feedback. So, your action items are: 1. If you live in Southern California, come see us at SCALE this weekend. 2. If you aren't testing Glendale yet, please do. We need all the feedback we can get. The system is proving itself to be quite stable, but the edges are rough. We need help finding the rough spots. 3. If you find what you think is a bug in Glendale, file it in Bugzilla (bugzilla.vyatta.com). 4. If you have feedback about Glendale, either positive or negative, please report it here on the vyatta-users mailing list. The positive feedback helps the team spirit and the negative feedback is useful to understand where things still aren't working right. Both are valuable. Cheers, -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] WAN Load Balancing
We are planning to do some upgrade in our network. The present network has one vyatta router and two internet connections (one is 1Mb leased line and the other is 2Mb Broadband), Since the broadband connection is limited, we are manually changing the default gateway Abhilash, You should check out the WAN Load Balancing feature that will arrive with Glendale Alpha 2 later in February and see if that will help you out. We designed it to help with cases where customers have multiple WAN connections but aren't running something sophisticated like BGP. It essentially spreads outbound traffic across multiple WAN connections in a semi-random fashion based on a weighting. In this case, you could give one line a weight of 200 (the 2 Mbps link) and the other a weight of 100 (the 1 Mbps link) and the system would do the right thing by sending twice as many flows to the 2 Mbps link as the 1 Mbps link. Now, things are flow-based, so the spreading is not necessarily optimal in terms of bandwidth over a short period of time (you could have multiple high-bandwidth flows mapped to the smaller link while low bandwidth flows are mapped to the larger link, for instance), but it should average out over time and allows you to use both links simultaneously. The functionality also allows you to check the health of the link using a ping test to another (possibly very remote) destination. By pinging to a remote destination, you can check the health of not only the local link (which may be up), but also your service provider network (which may have routing issues). When a link/network goes down, new flows will be mapped to the remaining links. As I said, the functionality isn't out yet, but it will be there in Glendale Alpha 2 and you should take a look. Given that it's new functionality, we're interested in getting as much testing and feedback on the feature as possible. Personally, I think it's going to be very cool. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Book published for Vyatta logo/mascot
I posted a thread a month ago about getting the equivalent jdocs for vyatta, have anybody from the Vyatta team approached Oreiley in just getting a book produced? A paper back edition crafted by them, would do wonders in promoting vyatta to the networking community. next , does vyatta plan on getting a mascot of some sort? We have a devil for BSD, Penguin for Linux, Cisco has the silly bridge, and Juniper the leaf. Is the vyatta logo or mascot really just the Circle that's found on the main website banner? and can somebody explain this ? I remember seeing something somewhere that it indicates open-source. Excellent questions! 1. On getting an O'Reilly book published, yep, I think that time has come. We had a couple of people say that they were interested in writing books about Vyatta, but it was early on and I think people decided to hold off a bit. To be honest, before Glendale, I don't think it would have been worth it. There was so much functionality changing all the time and it would have all broken with the new CLI (witness the work being done by Vyatta on the docs, for instance). But, I think now would be a great time to start on that stuff. 2. On a mascot, we have talked about that in the past. It's probably time to run a contest for that. ;-) Frankly, the best ideas come from the community. We do have some artistic talent available to us that could help refine a raw idea, so I think everybody could participate in a competition for suggestions without having to be an artist. 3. The Vyatta logo is a stylized eclipse, the meaning of which can be found here: http://www.vyatta.com/about/index.php But I'll admit that it lacks the cuddly nature of a penguin or a little daemon. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta as a company
The Vyatta business model is essentially very Red Hat-like: we sell subscriptions, professional services, training, etc. Yes, we have real (talented!) staff. Yes, we pay salaries. ;-) The fact is, the Vyatta team comprises veterans from Cisco, Juniper, Nortel, and other leading networking companies, as well as Linux kernel experts, and on and on. This is a talented crew that have previously build many of the products that compete with Vyatta. Our support staff have built and supported large networks and consistently receive high marks for their 'can do' support levels. And yes, customers definitely pay us for all this. As John confirms, our customers are quite satisfied with our services. In the same way that some people use a free version of Linux such as Fedora, there are many others who are developing business-critical infrastructure and want the services of a supported product to help them. This leads them to choose supported products like RHEL (or SuSE, or Ubuntu LTS, etc.). In the same way, Vyatta customers choose the subscription edition rather than the community edition. The great thing about open source is that you can get the best of both worlds: the support of a commercial offering with the open community and rapid innovation of an open source code base. As for funding, yes, we are venture-funded. If you're interested in Vyatta-the-company, you can find out more about us on the Vyatta web site. We hope you'll look past the dodgy backgrounds of the management team ( ;-) ). Believe me when I say that it's the Vyatta staff that makes this place so great. So, finally, while this is our community mailing list and I don't want to make anybody feel guilty for using the community version of our code, let me respectfully ask for your business. If you're using Vyatta in a commercial setting, please consider purchasing subscriptions. I think you'll be tremendously satisfied with the value you receive. We're not a charity and we earn every sale. Apologies for the rampant commercialism. We now return you to your regular series of technical questions and community discussion. -- Dave Well I expected that! Are there really that many commercial subscribers to pay for a full time staff? Did you guys need to get funding to get started? Venture capital? On Feb 4, 2008 5:47 PM, John Jolet [EMAIL PROTECTED] wrote: From people like me that pay for supported version :) and they have real staff, I've talked to some of themespecially the tech support folks who have consistently gone above and beyond to help me with issuesRobyn rocks! Max wrote: This is kind of a weird question, but I'm curious how you guys make any money? I mean, you have this wonderful product, 100% open source, but how to you guys keep the lights on at the office? Support contracts? Do you guys have a real staff? Employees with salaries? A bulletin board in the break room with all the human resources crap on it? Haha! seriously guys? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Unable to login, solved by reboot
Sounds like the right call. Cheers, -- Dave Roberts -Original Message- From: Jostein Martinsen-Jones [EMAIL PROTECTED] To: Dave Roberts [EMAIL PROTECTED] Cc: Justin Fletcher [EMAIL PROTECTED]; vyatta-users [EMAIL PROTECTED] Sent: 2/2/2008 5:53 AM Subject: Re: [Vyatta-users] Unable to login, solved by reboot Gisch, sounds like i'll stick to the stable release until Glendale is stable. We are going to have customer systems behind the router, and the customers doesn't appreciate downtime at all. 2008/1/31, Dave Roberts [EMAIL PROTECTED]: Glendale probably hasn't had enough widespread alpha testing to know for sure, but having said that, I think the general consensus from people at Vyatta as well as some other comments we have gotten from outside is that it feels a lot more stable. By stable, I specifically mean a lot less random behavior. Generally, with Glendale things either work or they don't. Now, having said that, there is a *lot* of stuff that doesn't work (a lot of loose ends, rough edges, etc.), but if you don't need those features, then the stuff that does work seems to work well. Put another way, if you can configure it and you test it and it works, it will probably keep working well. Vyatta currently uses Glendale everyday in our production network, for instance, and we don't see crashes. So... If servers that soon will go live means an intranet, internal company web site that can afford to be down for a few hours to upgrade to Glendale Alpha 2 and Beta in a month or two and your company won't go out of business if there is a problem, then I'd probably install Glendale Alpha 1 and I think you would probably be happy with it. If servers that soon will go live refer to multi-million dollar, revenue-generating, business-critical systems that have limited maintenance windows, etc., where you would be fired outright if things suddenly stopped working, then I definitely wouldn't do it. It's simply too risky at this point and at a minimum you'll want to upgrade to Alpha 2 and/or Beta when those become available, which would require possibly large amounts of downtime. But if you decide to go for it, we'd be very interested in any feedback you have. ;-) -- Dave -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Jostein Martinsen-Jones *Sent:* Wednesday, January 30, 2008 3:06 PM *To:* Justin Fletcher *Cc:* vyatta-users *Subject:* Re: [Vyatta-users] Unable to login, solved by reboot How production ready are Glendale. I'm using vyatta as router/firewall in front of a couple of servers that soon will go live... Since it's alpha, do you think I should do it? Just printed the whole manual... 2008/1/30, Justin Fletcher [EMAIL PROTECTED]: Maybe . . . However, much of this has been resolved with associated changes in Glendale. Give Alpha 1 a try - I doubt you'll see it there :-) Best, Justin On Jan 30, 2008 12:43 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: But i feel that the only reason I didn't have to reboot is luck :( Maybe next time i'm unable to login with any account? 2008/1/30, Justin Fletcher [EMAIL PROTECTED]: As you can see, nothing jumps out in the log. A detailed search may turn up more information; otherwise, at least you've got a work-around :-) Justin On Jan 29, 2008 2:48 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: Log result attached. I managed to login if I changed the passwords for my troubled users. Somethimes the encrypted-password didn't get encrypted. 2008/1/29, Justin Fletcher [EMAIL PROTECTED]: Give show log | match ERROR a try. Justin On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: I have this problem again. Now i was able to login to a user account I created, but unable to view logfiles since im in xorpsh. 2008/1/28, Justin Fletcher [EMAIL PROTECTED]: Anything untoward in the log files? Justin On Jan 28, 2008 7:29 AM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: Today I had a wierd experience with Vyatta. I was unable to login on any account. Did a reboot, then everything was normal. What is going on? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Unable to login, solved by reboot
Glendale probably hasn't had enough widespread alpha testing to know for sure, but having said that, I think the general consensus from people at Vyatta as well as some other comments we have gotten from outside is that it feels a lot more stable. By stable, I specifically mean a lot less random behavior. Generally, with Glendale things either work or they don't. Now, having said that, there is a *lot* of stuff that doesn't work (a lot of loose ends, rough edges, etc.), but if you don't need those features, then the stuff that does work seems to work well. Put another way, if you can configure it and you test it and it works, it will probably keep working well. Vyatta currently uses Glendale everyday in our production network, for instance, and we don't see crashes. So... If servers that soon will go live means an intranet, internal company web site that can afford to be down for a few hours to upgrade to Glendale Alpha 2 and Beta in a month or two and your company won't go out of business if there is a problem, then I'd probably install Glendale Alpha 1 and I think you would probably be happy with it. If servers that soon will go live refer to multi-million dollar, revenue-generating, business-critical systems that have limited maintenance windows, etc., where you would be fired outright if things suddenly stopped working, then I definitely wouldn't do it. It's simply too risky at this point and at a minimum you'll want to upgrade to Alpha 2 and/or Beta when those become available, which would require possibly large amounts of downtime. But if you decide to go for it, we'd be very interested in any feedback you have. ;-) -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jostein Martinsen-Jones Sent: Wednesday, January 30, 2008 3:06 PM To: Justin Fletcher Cc: vyatta-users Subject: Re: [Vyatta-users] Unable to login, solved by reboot How production ready are Glendale. I'm using vyatta as router/firewall in front of a couple of servers that soon will go live... Since it's alpha, do you think I should do it? Just printed the whole manual... 2008/1/30, Justin Fletcher [EMAIL PROTECTED]: Maybe . . . However, much of this has been resolved with associated changes in Glendale. Give Alpha 1 a try - I doubt you'll see it there :-) Best, Justin On Jan 30, 2008 12:43 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: But i feel that the only reason I didn't have to reboot is luck :( Maybe next time i'm unable to login with any account? 2008/1/30, Justin Fletcher [EMAIL PROTECTED]: As you can see, nothing jumps out in the log. A detailed search may turn up more information; otherwise, at least you've got a work-around :-) Justin On Jan 29, 2008 2:48 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: Log result attached. I managed to login if I changed the passwords for my troubled users. Somethimes the encrypted-password didn't get encrypted. 2008/1/29, Justin Fletcher [EMAIL PROTECTED]: Give show log | match ERROR a try. Justin On Jan 29, 2008 2:00 PM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: I have this problem again. Now i was able to login to a user account I created, but unable to view logfiles since im in xorpsh. 2008/1/28, Justin Fletcher [EMAIL PROTECTED]: Anything untoward in the log files? Justin On Jan 28, 2008 7:29 AM, Jostein Martinsen-Jones [EMAIL PROTECTED] wrote: Today I had a wierd experience with Vyatta. I was unable to login on any account. Did a reboot, then everything was normal. What is going on? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] glendale problems my 1st view
Aubrey, when you say it's mildly confusing, what are you referring to? -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells Sent: Tuesday, January 29, 2008 7:48 AM To: Ken Felix (C) Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] glendale problems my 1st view #3 - I agree, please bring back my beloved ?! Its an automatic reflex to hit ? whenever I'm in a router. I end up hitting it 3 or 4 times before I realize that its echoing the char to the screen rather than activating help. That and the new CLI being mildly confusing (i'm adjusting to it) are my only two complaints so far. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 28, 2008, at 10:03 PM, Ken Felix (C) wrote: 1. Still todate, OSPF md authenication is not enable or even configurable 2. System uptime is now show via show version show system uptime 3. system help now requires a tab vrs the previous question mark on the CLI, I thought this was confusing at first 4. system configuration like for protocols ospf is slightly different vrs vc3 5. any help on the CLI regardless of level show bash options vrs th vyatta engine options. (confusing to say the least ) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] ANN: Glendale Alpha 1 Released
implemented or released: - * QoS: This will provide access to the Linux tc subsystem in a relatively easy-to-use fashion. * WAN Load Balancing: This feature will allow people to use two or more low-priced broadband connections, possibly from different service providers, and load balance outbound traffic between them. This can improve the connectivity of a site without having to employ complex BGP multi-homing scenarios. * PPPoE: This will help people with DSL connections. * New installer: Currently, the Alpha 1 release uses a variant of the previous Vyatta install-system script. The final Glendale release will use a new, more sophisticated installer based on the current Debian installer. TOP ENHANCEMENT REQUESTS: = It should be noted that with the Glendale final release (not necessarily in Alpha 1), many of the Top Enhancement Requests on the Vyatta Community wiki will have been addressed. http://www.vyatta.com/twiki/bin/view/Community/TopEnhancements On the Top 5 Enhancement Request list: #1: DHCP client: Implemented in Alpha 1 #2: QoS #3: VPN will be significantly improved with the addition of VPN client: Implemented in Alpha 1 #5: PPPoE On the General Enhancement Requests list: #2: Bandwidth policing: Depending on how you read this one, the QoS feature set may give you what you want. Inbound policing won't be implmented, but you will be able to set bandwidth caps on particular traffic types on the outbound to prevent bulk traffic from swamping higher priority traffic on a skinny WAN interface, for instance. #17: 4-byte ASN: Implemented in Alpha 1 #34: GRE tunnels: Implemented in Alpha 1 We do review the Top Enhancement requests list and take it seriously. If you would like to suggest a new feature or vote for existing suggestions, please do so on the wiki. FUTURE GLENDALE RELEASES: = As I said at the start of this note, Glendale represents significant changes and a lot of work on the part of the development team. In order to facilitate additional testing and feedback from the Vyatta Community, we'll be making other preview releases available according to the following (rough) schedule: * Alpha 1 - January 2008 * Alpha 2 - February 2008 * Beta - March 2008 * VC4 Release - April 2008 All of these releases will be announced on the vyatta-users mailing list, with the final release also announced to vyatta-announce. CONCLUSION: === The Vyatta Community now spans every continent and just about every country on earth. Thanks for being a part of it. We need your help and feedback to make Glendale the best Vyatta release yet. In particular, there can never be enough testing of the system, so we encourage people to try it out and report back your experiences, whether good or bad. If you find that things are performing well, feel free to cautiously deploy it in real networks, always keeping in mind the caveat that this is still pre-release, Alpha or Beta software. Cheers, -- Dave Roberts Vyatta Cruise Director ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] ANN: Glendale Alpha 1 Released
Discuss Glendale on this list unless the comments are specifically about how to build or hack the system. Cheers, -- Dave Roberts -Original Message- From: Aubrey Wells [EMAIL PROTECTED] To: Dave Roberts [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: 1/24/2008 5:39 PM Subject: Re: [Vyatta-users] ANN: Glendale Alpha 1 Released Sweet. Downloading it now to put it through its paces. Should we post questions/comments/bugs here or on hackers? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 24, 2008, at 7:33 PM, Dave Roberts wrote: As many of you know, the Vyatta development team has been working hard on the next major Vyatta release, code named Glendale. Glendale represents a *HUGE* step forward on a number of fronts. Because of this, Vyatta has committed to making early previews available to the Vyatta Community so that you can get comfortable with the new features and provide feedback on the functionality and stability of the system. TODAY'S ANNOUNCEMENT: = Today, I'm pleased to announce that Glendale Alpha 1 has been made available for download from the Vyatta web site: http://www.vyatta.com/download/ Release notes and documentation for Alpha 1 are available on the Vyatta Community Wiki: http://www.vyatta.com/twiki/bin/view/Community/GlendaleAlpha1 Currently, the documentation is going through rapid development and has been released as separate chapters. As new chapters are written or previously released chapters are updated, they will be uploaded to the Community Wiki. If you find issues with the documentation, please report them to the vyatta-users mailing list. THINGS TO NOTE: === This is ***ALPHA*** software. It is not yet feature complete or fully stable. Because of this, it is not suitable for production networks. If you use it in your production network, it will lose your packets, corrupt your data, and make your hair fall out. Be warned. Anybody even contemplating testing Alpha 1 should be sure to read the rest of this announcement and the release notes very carefully. There are a number of changes to the system. All that said, we want you to test it like crazy, so don't be shy. ALPHA 1 FEATURES: = The release notes have some more information, but here is a description of some of the major changes in the system: * Glendale has touched just about every subsystem in some way. In some cases, the changes are relatively minor. In others, they represent a radical departure. Because of the global changes, Glendale does not attempt to keep backward compatibility with previous configuration files. If you want to upgrade a system to Glendale, save off the configuration first and then translate the configuration by hand to the new syntax. * Glendale Alpha 1 is distributed in ISO format only. There are currently no package repositories for the system and future preview releases (Alpha 2 and Beta) will be distributed in a similar fashion. * Glendale has a completely new command line interface infrastructure, called FusionCLI. FusionCLI is based on an extended version of bash with access to Vyatta-specific commands and syntax, effectively fusing together management functionality at the CLI level and eliminating the separate Vyatta shell. FusionCLI has a role-based user account system. Depending on the user role, the user may be able to execute standard Linux commands from the FusionCLI prompt. Further, the system is scriptable with a combination of bash scripting and Vyatta-specific commands. Once you play with this for a while, you'll begin to realize the power this affords administrators. The release notes have more information about this functionality. In particular, there are changes to the online '?'-help system that you should be aware of. * Glendale has completely revamped the routing subsystem. If you were struggling with routing protocol issues previously, there is a very good chance that your issues are gone. In particular, scalability and stability are greatly improved and the feature set has been expanded tremendously. * Along with the routing subsystem, the policy subsystem is completely different. It should now handle more complex policy configurations and operate closer to the way you would expect. * The VRRP subsystem has been revamped. We now support multiple VRRP groups on a single interface, eliminating a common issue with the previous VRRP implementation. * DHCP client is now supported. This will make it easier for people connecting to broadband networks that do not provide static addressing (commonly DSL and cable networks). * Many other existing subsystems have been touched to fix bugs or provide minor enhancements. Implemented but not documented
Re: [Vyatta-users] Emergency Config paste? How do you prepare?
Ken, This is great to hear. Sometimes people ask us, What is different about Vyatta than simply getting a Linux distro and turning on some networking features? The answer is that a Linux box manages like a bag of individual components, not like an integrated system. With Vyatta, much of the added value is in delivering something that acts more like an appliance (everything in a single config, integrated CLI with structure command set to view state and change configuration, etc.). But because it's also based on Linux at its core, you get the benefits of an open system. If you want to rsync your configs around, or add a different application, or even do custom development, the system is flexible enough to get you there. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Felix (C) Sent: Friday, January 18, 2008 11:34 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Emergency Config paste? How do you prepare? I'm doing the same with scp and set keys for a automated backup in a script ran by cron. What's nice with vyatta vrs my current quagga/keepalived setup, is that vyatta allows for one single config file to be used to restore it's configuration. I had one of our junior administrator play around with this, and he was able to install vyatta on a virgin server and have it up in running in mins from just copying the config.boot to a USB thumb drive and performing a quick copy. Very nice ;) Once vyatta fixes some of the buggy issues that I've seen and installing better support for VRRP, I plan on deploying vyatta thru out the network core. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Waiting for xorp_rtrmgr...
Is that how the Vyatta company operates? Leave bugs unpatched and hope someone will pay for support? It would seem to make more sense to hold features back instead of bugs. As one of the guys representing the business-side of our company, I'll weigh in here. As Justin rightly points out, the bugs are not unpatched, they are simply unreleased in a binary format. The code repositories are there and you're free to build from them directly if you want. It is not our policy to leave bugs in the community version so that people will buy the supported version. That said, each release of binaries does cost resources to build it, test it, package things up, prepare documention and release notes, etc. That's true on both the community side as well as the subscription side. Our policy is to do time-based binary releases of the community version, primarily driven around the introduction of new features, but also incorporating all bug fixes up until that point. Bugs that are fixed between the time-based Community releases are released with the next Community release cycle. Paying customers are, well, paying us to support them. That means that we do patches and fixes when required to address issues that are pressing for them. BTW, Red Hat has a similar model for Fedora vs. RHEL. While the Fedora community does update packages in Fedora on a regular basis, any given bug may remain unfixed in Fedora until the next release when a new version of a package is introduced. It certainly isn't Red Hat policy to take every patch from RHEL and apply it to Fedora as soon as it is applied in RHEL. So, I think our policies are rational and I have no problem defending them. We're definitely not being deliberately unfair to the community in any way. We *are* prioritizing paying customers over free community releases, but I think we're doing that in a reasonable way, not unlike any other commercial open source company. I am more than willing to pay for support, but I wanted to make sure the product would work for me first. Of course. I don't blame you for that. We'd like to help you with that as much as possible. You should note that the vyatta-users list has lots of participating from Vyatta employees who try to give you the best answer they can at any given time. It is not our policy to deliver anything but straight answers and the best support we can, whether to our paying customers or community. Many of our customers tell us that they felt comfortable with Vyatta because of the interactions they had with us *before* they became a customer. I would note that several times in the past few weeks, I have seen engineers posting to the vyatta-users mailing list with a small patch of code that a user could apply themselves if they required the fix before the next release. I have a better idea -- Patch the bugs, and allow the software to be functional for the purpose it was created. Then we are talking. This is absolutely our policy, subject to the time-based release methodology that we follow. Unfortunately it seems Vyatta is unlikely an acceptable replacement for my Cisco 7500. That would be a bummer for us. We certainly want everybody to have a good experience with Vyatta. We would love to get you going and have you as a customer. I have been reading your blog about your Vyatta and enjoying your writing. So far I have ran into 3 detrimental issues and the routing bugs bring me just short of a dead end. 1. VRRP Limitations 2. Policy System Limitations 3. Routing Bugs The best I can tell you at this time is that these are all high-priority issues for us and are being addressed in the codebase right now. I would suggest you try to the upcoming Glendale Alpha ISO, which we are making available in about a week or so, to give the community some visibility into the things that are changing. There have been huge changes to all of these subsystems and I believe that all the issues you found have been removed. I am still going to try to work around this issue, but maybe the Vyatta company can re-think the bug-fix-holding for monetary purposes philosophy. Again, it is not our philosophy or policy to withhold bugs from the community. The only policy we have is to allocate our release-oriented resources toward Vyatta Community releases on a time-based cycle. You're simply catching us between releases where a particular bug that you're interested in has not yet been released in binary form (but has been in source code form). -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Waiting for xorp_rtrmgr...
(SIDE NOTE: (No offense meant) Why should changing interface notations and static routes cause anything to crash?) It shouldn't. That's one of the big things we're fixing in Glendale. The Routermanager process did not handle errors well at all. It has been eliminated entirely in Glendale. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP pool questions
Exactly. Why should anybody care? This is DHCP we're talking about. As long as a node receives a currently unused address from the pool, you're up and done. If you want to control the assignment of nodes to addresses, well, that's what static addressing is for. I do think it's a bit odd that the ISC DHCP server would allocate stuff from the end of the pool rather than the beginning, but that's perfectly legal, IMO. This is just a guess, but the ISC server may be using the hash table to try to reassign the same address back to the same client if it's still available. As new clients with new MAC addresses come in, they are assigned a new address in decreasing order, but when a client returns, it will be assigned the same address as before unless another client is using it. This probably helps eliminate accidental duplicate corner cases with things like laptops that go on and off net, machines that go into a low-power sleep state, etc. In a former company, we used the standard Windows Server DHCP server and I remember having some issues with duplicate addresses being handed out. I think the server always got it right, but I think clients would sometimes miss the fact that their lease had expired. You can't completely eliminate this problem if the client is buggy, but you can mitigate it if you try to hand out the same address to the same clients each time. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells Sent: Sunday, January 13, 2008 9:39 PM To: Marat Nepomnyashy Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] DHCP pool questions From the dhcpd.conf (5) man page: quote The DHCP server generates the list of available IP addresses from a hash table. This means that the addresses are not sorted in any particular order, and so it is not possible to predict the order in which the DHCP server will allocate IP addresses. Users of previous versions of the ISC DHCP server may have become accustomed to the DHCP server allocating IP addresses in ascending order, but this is no longer possible, and there is no way to configure this behavior with version 3 of the ISC DHCP server. /quote So it looks like it is actually non-deterministic what IP you may receive. If you have a fresh dhcpd.leases file, you will initially get leases in descending order, but after a few are assigned and some are expired, it will become somewhat random(ish). This is how the ISC dhcpd daemon works (which happens to be the most popular (by far) linux dhcp daemon) and isnt specific to vyatta. If you install dhcpd on a redhat system, you'll see the exact same behavior. As for *why* this was done starting with v3 of dhcpd, I dunno. I'm curious as to why it leasing in descending order is a show-stopper for you? This seems like a (very) trivial thing to nitpick over. What difference does it make as long as your clients get addresses? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 13, 2008, at 10:41 PM, Marat Nepomnyashy wrote: Hi Mike, As far as to why the DHCP server leases out IPs from the end of the block rather than from the beginning, I'm not sure myself. I just signed up for the ISC DHCP server mailing lists at http://www.isc.org/index.pl?/sw/dhcp/dhcp-lists.php and plan to ask the people on there this question as well. If you added a second dhcp pool for eth2, but it did not appear in '/opt/vyatta/config/dhcpd.conf', and you stil have the config and the 'dhcpd.conf' after that commit, then please include these files with your message. Thanks, Marat - Original Message - From: silvertip257 mailto:[EMAIL PROTECTED] To: Marat Nepomnyashy mailto:[EMAIL PROTECTED] ; vyatta-users@mailman.vyatta.com Sent: Sunday, January 13, 2008 6:54 PM Subject: Re: [Vyatta-users] DHCP pool questions Why cannot I take addresses out of the beginning of the block like I'd rather it do? How can I (without rewriting/modifying source code)? That would really stink to have to statically assign everything to make it the way (that it makes sense). It's great and all that it actually does assign an address and ' works ', but why not start at the beginning? From what Marat wrote, I understand that you've seen that behavior before - confirmed. Now, can it be changed? I won't try to start any wars here, but that would unfortunately be one reason I would not want to use Vyatta. Well that and the WAN dhclient that's in progress. I could have sworn (oh and I did commit it) that I added a config for a second dhcp pool (separate) for eth2, but voila it's gone when I check dhcpd.conf... Thanks, Mike On Jan 13, 2008 8:37 PM, Marat Nepomnyashy [EMAIL PROTECTED] wrote: Hi Mike, As far as I know, it is normal for the ISC DHCP server that the Vyatta router is using to lease out addresses starting from the last address of the DHCP lease block, I've seen this before. Not quite sure myself why ISC
Re: [Vyatta-users] Vyatta as a virtual machine on Terminator C3 hardware
We have Asus Terminator C3 computers that are currently acting as standby file servers on Slackware. (In other words, idle 99.999% of the time) We may need a VPN solution in the near future to connect our sites, and I was wondering if it would even be possible to run Vyatta under Vmware on a 800MHz Via CPU with 256MB ram. (ram can be upgraded, CPU cannot) I'd like to simply install Vmware Server to (A)keep company data on a different device than the internet facing VPN and to (B)make installation simple on myself. I'm talking about under 2 dozen PCs at each site with the two main types of traffic being telnet-type traffic and voice. Everything will be sent through the VPN. My question to the list is this: Is it even worth my time to test? If you guys say that the specs are just too low, then I probably won't bother testing then. I took a look at hardware requirements and I think this falls just a little short, but I haven't had much real world experience with Vyatta, yet. It'll work. It might be slow, but you haven't said what your performance requirements are. It should keep up with a T1, for instance, but I wouldn't expect more than about 20 Mbps out of it for larger packets, and you have said that your main traffic is all small packets (telnet and voice). On a 1 GHz VIA, we typically get over 100 Mbps for larger packets. VMware is going to chop that down. You'll get better performance if you use the VC2.2 VMware Certified Virtual Appliance on our web site. That particular distribution includes the optimized vmnet drivers. If you just go with the standard ISO and install it, you'll be using the emulated Ethernet drivers, which will kill a lot of the potential performance. Unless you're looking for high performance, my advice would be to give it a go. If you do, report back on your performance findings. I'd be interested in hearing about your experience to help others downstream. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] ANN: Glendale timeline
There has been a lot of discussion on this list over the last few months. The community is definitely growing and we're happy to see people helping people use the software. With more use comes more feature requests and bug reports. This is generally a good thing, but it can be frustrating. A few mailing-list interactions over the past few weeks have ended with a That's fixed in the next release or That feature is coming in Glendale message. That answer inevitably leads to a What's Glendale and when will it be here? question. Vyatta's next release is code named Glendale (after a city in California, which is where we currently get all our release names). Glendale is the code base that will eventually become VC4. In the history of Vyatta, there have been three large epochs: The first epoch was the 1.0 through 1.0.3 releases. In this epoch, the system was a custom version of Linux. It was very inflexible and adding a package to the system meant rebuilding the whole system from scratch. While the Debian package format was used as a format, all packages in the system were incompatible with standard Debian package dependencies. The second epoch started with 1.1. In release 1.1, we reworked the system completely to base it on standard Debian and to be compatible with Debian package dependencies. This meant it was now possible to get a package from a standard Debian repository and add it to the system and apt would know how to do all the right things with installing dependent packages. With the start of VC2, we broke the release trains into separate Community and Supported systems, based on each other, but not necessarily the same. On the Community side of things, VC2 through VC3 are part of the second epoch. On the subscription side of things, releases from 2.0 through 2.3 are part of the second epoch. Glendale represents the start of the third epoch. The goals for Glendale were to: 1. Make the system even more open and extensible. 2. Improve the scalability and performance of the system to address new markets. 3. Add in a bunch of features that everybody wanted, some of which had been blocked by fundamental architectural issues that needed to be removed. 4. Fix a whole lot of bugs. We believe we are well on our way to achieving all that. While I won't go into a lot of detail right here, you can expect the following major changes in Glendale: 1. The routing subsystem has been overhauled. The feature set has improved dramatically and the stability and performance have increased. 2. The CLI has been completely overhauled. On the surface, you'll find that it looks the same and has the same flavor of past releases, but the functionality is greatly increased along with the ease of adding new features going forward. 3. We have added a bunch of new features. Many of these were top-requested features on the Top Enhancements Community wiki page. A high-level enhancements include: * DHCP client * QoS * VPN remote client support * PPPoE * GRE encapsulation * Equal Cost Multipath (ECMP) routing * WAN Load Balancing * A new installer to replace the install-system script There are other enhancements at all levels of the system below the major feature level. The next step is for you, the Vyatta community, to get involved in the development and testing process. We're interested in your feedback, opinions, and comments. In order to get you convenient access to the system, we're going to make three pre-release builds available in ISO CD-ROM format on the following schedule: * Alpha 1: January 2008 * Alpha 2: February 2008 * Beta: March 2008 * Release: April 2008 We are preparing Alpha 1 even as we speak and I should be able to announce its arrival later this week or early next week. At that time, I'll give you a lot more detail about what has changed in the release, what to expect in terms of rough edges and incomplete functionality. Not everything will be in the system in the early alphas, and many things that are present will have major issues. Each release will try to identify the landmines to help you avoid them. We're all looking forward to this release. Glendale represents a quantum leap forward in the Vyatta system and is the foundation for many improvements we have on the drawing board. If you're at all interested in the Vyatta system, you'll want to download the Alphas and start investigating the changes. As I said, I'll have more detail in a few days. Until then... Cheers, -- Dave Roberts Vyatta Cruise Director ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Refactoring Vyatta Config
I am more familiar with VMWare at this point, so that is what I was thinking... They are VIA embedded... given 1Ghz and 512mb do you think things would get sluggish assuming a moderately properly configured setup? Vyatta seems really slim and very efficient, and I have a hundred more things to say that I like! My hosts are dual core amd 64s, with ram to spare so I honestly don't know if something less powerful would work in a virtualized setup. Guess there is one way to find out :) but was wondering if anyone had a comment about that. I have never used virtualization on a VIA processor. Remember that VIA processors are less efficient, clock for clock, than an Intel or AMD processor. Mentally, I cut the clock speed in half. Thus, a 1 GHz VIA is about like a 500 MHz Intel or AMD. Thus, I would think that it would start to get sluggish, though that may not matter depending on the performance requirements. If you're trying to route at 100 Mbps, it may not make it virtualized. If you're only doing T1, it might be fine. So, short answer, you're at least one the edge. Try it out and report back what you find. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] IGMP v3 support?
Would someone have an idea when can we expect to see IGMPv3 support in Vyatta? I suppose PIM-SM SSM is already supported, but is there a way to use this feature without IGMPv3? PIM-SM is currently experimental. We do absolutely no testing of it whatsoever at this time. We'd be pleased to hear about any bugs, but we haven't yet started to work in earnest on the multicast subsystem. If you find something, please file it in Bugzilla (bugzilla.vyatta.com). We're expecting to do some multicast work in 2008. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Installed to HD now I can't log in
That's very odd. Sometimes, router manager can fail to start, typically when there is a problem of some sort with the config file. In that case, you can't log in as vyatta, but you should always be able to login as root, assuming you know the right password. If you have made no changes to the configuration, I can't for the life of me figure out why it would lock you out in that way. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jesse Robertson Sent: Wednesday, January 02, 2008 8:10 AM To: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Installed to HD now I can't log in Ok I just tried using the other enter key with no luck. I swapped out keyboards and that didn't help. Then I threw the live boot back in it and ran from that. Now it works fine again. If I go to the installed version it still doesn't work. I'm thinking it may be related to the media I had used for the CD (It was the only disk I had and it was a bit rough). I think I'm going to try reinstalling with a clean CD to see if that works. Thanks for your assistance Jesse On 12/31/07, Aubrey Wells [EMAIL PROTECTED] wrote: Sounds like a sticky [Enter] key, or a problem with the keyboard or motherboard. Try using the other enter key? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com http://www.sheltonjohns.com/ On Dec 31, 2007, at 4:53 PM, Jesse Robertson wrote: I just installed vyatta to the hard drive. I accepted the default configurations in all cases and when it finished I rebooted. Everything seems to load then I am presented with Welcome to Vyatta - vyatta tty1 and the login prompt. I have tried root and vyatta and in both cases as soon as I hit enter instead of asking for a password it says LOGIN INCORRECT on 4 lines then says MAXIMUM NUMBER OF TRIES EXCEEDED (5) Then it goes back to the login prompt. What is going on? Thanks Jesse ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Happy New Year from the Vyatta crew
I just wanted to take some time to wish everybody in the Vyatta Community a very happy new year. We accomplished a lot in 2007, including but not limited to: * Released VC2, based on a more Debian-ish foundation * Released VC3, with a whole bunch of new features * Three incremental point releases between the two majors (2.1, 2.1.1, and 2.2), adding features, simplifying the system in many respects, and fixing bugs * Created VMware Virtual Appliances, including a VMware certified appliance with optimized drivers * Reached 100,000 downloads * Firmly established Vyatta as the open source secure router of choice and a realistic alternative to other proprietary offerings for enterprises Now, we're looking forward to 2008. We have a lot more cooking up in the back room for your enjoyment. Currently, the Vyatta elves are working on what will become VC4, code-named Glendale. You'll see some more information about Glendale from me in the next few weeks. So, thank you for your support in 2007. We could not have done it without you. We wish you and your families a very happy new year! -- Dave Dave Roberts Vice-President, Strategy and Marketing Vyatta, Inc. Welcome to the dawn of open-source networking. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Recover Wiki Password
This may be the wrong place to ask this, but where or how can I recover my twiki password for the Vyatta community wiki? I see no place in the web interface for this purpose. Look here: http://www.vyatta.com/twiki/bin/view/Main/ChangePassword -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] All I Want for Christmas
Not a bad idea. File an enhancement request, please: http://bugzilla.vyatta.com/ -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Davey Sent: Tuesday, December 18, 2007 1:33 PM To: Vyatta-Users Subject: [Vyatta-users] All I Want for Christmas Hi all, I'd like to publiclly share something I'd like for Christmas. Currently when the command show interfaces, or show interfaces system, or show interfaces system enabled is used the output is very terse. It very closely resembles the output of ifconfig. Not a bad thing, but it could be a little cleaner. At the very least I'd like to see the interface description listed in the output of these commands. Anything else that could be done to make the output a little more friendly/readable would be great. The one part that is perfect is the counters section. This section is much clearer than the output produced by Cisco IOS, although an option to clear these counters would be great. Thanks, Nick ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] IPsec and VRRP problem
Thank you - it finally works :) If you ever come to Bosnia (small country in the heart of europe), I'll buy you cevapi ;) http://en.wikipedia.org/wiki/%C4%86evap%C4%8Di%C4%87i Is that offer good for anybody on the list? I have to admit that I have never had cevapi in Bosnia before, but it sounds like fun. ;-) -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] How to implement various Routing DisciplineinVyatta ?
If you want to post that stuff on the wiki (or at least a pointer on the wiki), that would be great. This page would be a good place to start: http://www.vyatta.com/twiki/bin/view/Community/WebHome -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane McKinley Sent: Thursday, December 13, 2007 11:30 AM To: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] How to implement various Routing DisciplineinVyatta ? I believe there is nothing for this in Vyatta OFR. I have made a init.d and bash scripts for this reason that works very well through the Linux kernel on Vyatta v3. Let me know if you are interested and I will shoot them over to you. Thanks, Shane McKinley Habersham EMC Tel: 706-839-4130 Cel: 706-968-3186 _ From: saptarshi moitra [mailto:[EMAIL PROTECTED] Sent: Thursday, December 13, 2007 2:19 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] How to implement various Routing Discipline inVyatta ? Hi Everyone Does anyone have the idea if the Routing disciplines of the Vyatta router can be changed in its configuration file? Suppose I want to implement various queuing and packet scheduling disciplines like FIFO, FQ, WFQ, RR in my router how do I go about doing it ? Thanks in advance for the help ! Saptarshi ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] R: R: Routing problem
ok ok ! my error ! sorry ! ;) There is a law of the universe somewhere that you're most likely to notice your own mistake right after posting to an Internet mailing list. ;-) If this phenomenon hasn't yet been named yet, I hereby dub it Dave's Law. ;-) -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta null route
Ya... it doesn't make breakfast for me in the morning either... oh well. Maybe next version ;) The nice thing about open source is its relentless improvement. ;-) In this particular case, the bug is fixed in the next version. Because of the structural work we have been doing over the past few months, many of the more annoying things in the system will have been removed. For those that have not been removed, the infrastructure will have been put in place to make faster progress in getting them. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta null route
Meaning Glendale? Yes. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] lacp
Does Vyatta support LACP/ieee 802.3ad for etherchanneling? I didn't see it in the vyatta software page. http://www.vyatta.com/products/vyatta_software_datasheet.pdf It's clear that lacp is generally a feature available on switches but it could be interseting to have it on the Vyatta router. (like the Cisco 3750 switch/router) Typically, the VMARE servers requires link aggregation through lacp. Not yet. We have talked about using ifenslave to do this. Vote for it on the wiki: http://www.vyatta.com/twiki/bin/view/Community/TopEnhancements It's called Ethernet interface bonding. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Multicast configuration woes
I'm evaluating the Vyatta product in my lab and I'm having trouble getting it to pass multicast traffic. I don't have a good answer for you on this particular issue, but I'll just point out that multicast support in Vyatta is currently experimental and you are likely to encounter problems. In Vyatta's vocabulary, experimental means that there is code present that claims to implement the feature, and we have done our best to make that code available to be configured, but we haven't tested it at all. Thus, I can't say for sure what those problems might be. We enourage everybody who is interested in multicast (or any other experimental features like IPv6) to give it a whirl and post the experiences here on vyatta-users. Over time, we'll be spending more time on multicast and other experimental features, and the list of successes and problems will help us scope and prioritize the work. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vyatta on esx 3.0.2
You have a couple of options. First, you can simply install from the ISO, just as if you were installing onto regular hardware. See the Quick Start guide for instructions (it's towards the back). Second, you could install from a virtual appliance, available on our web site. Right now, the VC2.2 appliance has the optimized VMware drivers in it. The VC3 version does not include those drivers and will probably give you lower performance. (We'll be adding the optimized drivers to that at some point.) There is a utility tool, available from VMware, that will convert the appliance files to the correct format for ESX. I don't remember the name of it. Take a look on the VMware web site and forums and they'll tell you. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abhishek Jain Sent: Sunday, December 02, 2007 3:26 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] vyatta on esx 3.0.2 Hi Can somebody help me with instructions on how to install vyatta on vmware esx server 3.0.2. I would be having 6 virtual machines apart from vyatta on this server. Vyatta would be used as firewall and for routing among these virtual machines. Thanks Abhishek Jain ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Compaq DL360 G1 - cpqarray
I am curious as to what makes Vyatta different from XORP other than the commercial support? Are there features in Vyatta that XORP does not have? Yes, lots. Other than the stuff Aubrey mentioned at the macro-feature level (firewall, VPN, NAT, etc.), we have also made extensive changes to the routing protocol codebase to include features such as VLANs and scalability enhancements and bug fixes. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] HOWTO: Bandwidth management and traffic shaping
From time to time I stumble across things written about Vyatta. I found a nice how-to on bandwidth management and traffic shaping the other day. Those that have been watching closely will already know that we're planning on delivering QoS and bandwidth management in the next major release, but this should help you out in the mean time: http://www.hackosis.com/index.php/2007/11/08/linux-router-bandwidth-management-example/ Thanks, Shane! (whoever you are...) This how-to makes a good compliment to the Configuring QoS for VoIP Networks whitepaper available on the Vyatta web site which describes a similar technique: http://www.vyatta.com/documentation/whitepapers.php This is a great example of how an open source router makes your life better. If there is a feature that Vyatta does not (yet) support, you have a way to extend the base system to get what you want done. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] can i compile vyatta source code in fedora core 6 ?(please reply )
can i compile vyatta source code in fedora core 6 ? Short answer is no. Long answer is that the current build environment is Debian. We're working to enlarge that, but it'll always be somewhat biased toward Debian-ish systems because Vyatta uses Debian as the foundation of much of the system and we rely on the Debian toolchain. We're currently doing some work that should make the build system a bit less restrictive and allow things like Ubuntu to be used, but the other build systems will essentially be Debian-based. Fedora, being RPM-based, won't be in the cards for a while. Put another way, you're essentially asking the equivalent of whether it's possible to build Debian in Fedora. While not theoretically impossible, it's certainly not as simple as installing a couple of packages and typing ./configure; make. If you're up for a challenge, feel free to pursue this task. I'd be overjoyed if somebody could make this happen. You can find instructions for how to build the current system on the community wiki: http://www.vyatta.com/twiki/bin/view/Community/BuildingOfr -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Digest versus Non-Digest Mail
For the sake of those of us who subscribe to the Vyatta-users mail in digest form (the once a day compilation), please try only to quote the pertinent part of your reply to a poster. Leaving the whole of the original post, when only a small portion is needed to clarify your reply makes the messages needlessly long. And for the sake of whatever deity you hold sacred, don't send confidentiality notices or 10-line pithy sayings in your signature. This litters the ether with needless bits of crap we just don't need when discussing open-source routing. Thanks, ROFL! Amen! Yes! Seriously, good advice. The world is becoming more electronically connected. Mailing list hygiene is just as important as personal hygiene in this day and age. Trim where you can. ;-) -- Dave something pithy would go here, but I trimmed it... this message is not confidential and in fact should be shared with everyone, unless of course by the act of receiving this message your company has now deemed it a company confidential secret. In which case, you should not share it with anybody before asking your company attorneys whether you can do so. Your mileage may vary. Employees of Vyatta and their immediate families are not eligible to win. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] can't find my running config
I have a similar problem twice now. And I do have it installed to a disk not running off the iso. Hmmm... That's a problem. Do you know what you typed to save it? Are you sure you didn't save it to another file name? The system allows you to save different files under different names, but those won't get picked up on a reboot. It only gets saved to the boot config if you don't specify a different name. If you did this, you can try to load the file, then save it out again with no name. You should also be able to exit the shell, possibly all the way to the login prompt, then login as root and look at the config file to see what's there. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] installation
driveCan someone point me to where in the documentation this action is mentioned? Thanks. The Quick Start Guide will tell you how to do this. Look for the section titled Installing to a Persistent Device. Page 50 in the VC3 Quick Start. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta VPN and NAT
Adrian, I'm putting an article on my website about how to create a site-to-site connection between Vyatta and ISA 2006. Once you get this completed, please add a link to it on the community wiki page that points to documentation such as this: http://www.vyatta.com/twiki/bin/view/Community/CommunityDocumentation We'd like to start building up the library of such contributions so that other community members can easily find them. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Vyatta Community Edition 3 (VC3) released
Vyatta is pleased to announce the release of Vyatta Community Edition 3
(code named Dublin). Updated packages have been released to the Vyatta
Community main repository. An ISO CD-ROM image and a new VMware virtual
appliance are available from the Vyatta web site. Both will be available at
SourceForge shortly.
This code is release quality and is suitable for those wanting to run the
latest set of features. We appreciate all bug reports that anybody can
provide, either directly to Bugzilla (bugzilla.vyatta.com) or to the
vyatta-users mailing list.
DOCUMENTATION
=
New documentation for VC3, including release notes, can be found on the
Vyatta web site at:
http://www.vyatta.com/documentation/
We suggest that everybody review at least the release notes before
upgrading.
UPGRADING
=
The system may be upgraded from Release VC2.x to Release VC3 using an
ordinary package upgrade. The URL for updating to Release VC3 code is
http://archive.vyatta.com/vyatta/. The repository is “community”. The
component is “main”, as in the following configuration example:
package {
repository community {
component: main
url: http://archive.vyatta.com/vyatta;
}
}
To update the community edition, issue the following commands:
apt-get update
apt-get -y install vc-base
full-upgrade
FILING BUGS
===
If you find a bug in this release, please file a bug on Bugzilla and/or
report it to the vyatta-users mailing list. More information about the
mailing lists and Bugzilla can be found here:
http://www.vyatta.com/community/mailing.php
http://www.vyatta.com/twiki/bin/view/Community/BugDatabase
NEW IN THIS RELEASE
===
* Multilink Point-to-Point Protocol support. This release introduces support
for multilink Point-to-Point Protocol (MLPPP) bundling as described in RFC
1990. MLPPP allows you to group PPP interfaces, typically on T1 or E1 lines
into a single virtual link, resulting in greater performance than a single
low-speed link but lower cost than a high-speed link.
* IPsec VPN clustering. IPsec VPN can now be configured in a cluster.
Clustering can be used as a failover mechanism to provide high availability
for mission-critical services. The cluster monitors the nodes providing the
IPsec VPN tunnel at a designated address. If the system detects that the
node has failed, or that the link to the node has failed, the system
migrates both the VPN tunnel and the IP addresses to a backup node. Failover
is currently supported between two nodes: a primary node and a secondary
node.
* Enhanced serial interface support. Serial interface support has been
improved in a number of ways. Additions include:
* Ability to add a description to a serial link.
* Authentication for PPP-encapsulated interfaces. Connections can be
authenticated by password, user ID, or system name, and the PAP, CHAP,
MS-CHAP, MS-CHAP v.2 and EAP authentication protocols are supported.
* LCP echo support for PPP-encapsulated interfaces.
* Configurable Maximum Transmission Unit (MTU) and Maximum Receive Unit
(MRU) for T1- and E1-encapsulated interfaces.
* Ability to specify external or internal clock for T1- and
E1-encapsulated interfaces
* Support for the Frame Relay t392 (polling verification timer) LMI
signaling option.
* Inverse ARP support on Frame Relay permanent virtual circuits (PVCs).
* Additional options for the “show interfaces serial” command, including
an option to provide trace-level logging or raw frames for a serial
interface.
* Redesigned the output of the “show interface serial” command to
increase clarity and consistency.
* Improvements to Firewall. Many improvements and enhancements have been
added to firewall support in Release VC3:
* Negated values can now be specified for the following fields:
protocol, source/destination address, and source/destination network.
This allows exclusion of addresses and networks. For example, the rule “set
firewall name TEST rule 1 source network !192.168.0.0/24” will match packets
whose source address is NOT in the 192.168.0.0/24 network.
* The “show firewall” command now displays information for all
user-defined firewall rule sets. Previous releases allowed viewing only one
firewall rule set at a time.
* A description can now be configured for each firewall rule, such as
Allow inbound SSH traffic.
* The “show firewall,” “show firewall name,” and “show firewall name
rule num” commands now display the source ports and destination ports, if
they have been set.
* Each firewall rule can now support multiple source and destination
“port-number” and “port-name” values within a single firewall rule. In
addition, the “port-name” option now allows any port names defined in the
file /etc/services. This ability was previously only available for NAT
rules.
* The protocol field for firewall rules now allows any protocol number
or name listed
Re: [Vyatta-users] Save password permanently
Also, make sure you're installing to disk. The live CD obviously loses things when you reboot because it only creates a RAM disk. Alternatively, you can save to floppy disk for the live CD. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Marrow Jr Sent: Monday, October 29, 2007 11:40 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Save password permanently How do I save the new password I have configured for root and vyatta permanently? Every time I reboot the system I have to change the password, i'm sure there is something that I am missing. Please advise, thanks. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Beta 3
First install VC2.2 and then do a package upgrade to the VC3 beta packages, per the instructions in the release notes. There is no ISO being distributed for the beta. Release notes can be found here: http://www.vyatta.com/documentation/index.php Additional information can be found in the release announcement here: http://mailman.vyatta.com/pipermail/vyatta-users/2007-October/002133.html -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Marrow Jr Sent: Friday, October 19, 2007 11:23 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Beta 3 Hello, I was wondering, how do I get a copy of the Beta 3 community edition? I can't find the download link of the site, thanks. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Dear John...
Wow. I'm absolutely surprised that you folks have not generated more content. I was at ISPCON yesterday and talked to some Vyatta community members who subscribe to this mailing list. Lots of people mentioned having a good belly-laugh, but nobody seems to have responded with content. Thus, I'll pick up my own glove and throw it down again... Folks, let's see your letters. Make them serious. Make them humorous. Make them tender. Make them sad. But let's see some creative writing. No limits on the number you can write, either. Once you do one, you'll probably want to do five or more. Now get writing! -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Roberts Sent: Monday, October 15, 2007 3:51 PM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Dear John... Some Monday fun for everybody. After coming back from the Ohio Linux Fest at the end of September, we were sitting around here at Vyatta discussing the show. Somebody remarked that there were an aweful lot of people that came up to our booth and told us that they loved open source networking and really wanted to tell Cisco to take a hike. Somebody else around the table jokingly said, Yea, wouldn't it be fun to write Cisco a 'Dear John' letter? Thus was born the Vyatta Secret Society Dear John page: http://www.vyatta.com/secret/dearjohn/index.php If you aren't familiar with a Dear John letter, it's a form of breakup letter that was often written to American GIs during WWII by their stay-at-home sweethearts who, rather than wait for the GI to return, had finally decided to break up with him and marry the guy next door. For more on the form, see: http://en.wikipedia.org/wiki/Dear_John_letter So, try your creative writing skills and write your own break-up letter to Cisco. Feel free to vote for your favorites, too. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Press interview opportunities around VC3
With VC3 coming down the pike, I'm looking for folks that would like to be advocates with the press and possibly analysts. What I need are Vyatta community members, either customers or Community Edition users, who are willing to speak with the press about how you are using Vyatta in creative ways. This is a great opportunity for you to get some press visibility for your company or even just for you. Vyatta and our cool PR-wonks over at Eastwick Communications will handle all the interface for you. All you have to do is make yourself available and be able to tell an interesting story in your own words about how you're using Vyatta to solve real problems. In general, we're much more predisposed to stories in a business context. The I used my little sister's old PC to replace my Linksys story is interesting, but probably not compelling to the publications that we're talking with. They're looking for the stories that are along the lines of: 1. I replaced my Cisco 7200 with a $4000 system from IBM and software and WAN cards from Vyatta 2. I'm running my 10-node distributed organization on $300 Soekris boxes and Vyatta 3. I'm creating an ISP to help network villages in Africa and I'm using Vyatta and donated PCs to get it done 4. I'm running Vyatta virtualized with VMware or Xen to serve my hosting customers 5. I'm using Vyatta with a blade server system to create a highly integrated system for both compute and networking 6. I'm taking old CD-ROMs onto which I have burned every copy of Vyatta heretofore released and shredding them and using them as high-tech mulch for my indoor plants You know, interesting stuff. (Okay, maybe not #6, but use your imagination.) Now, it's sometimes easy to think that *your* story isn't very interesting. You're just going about your life, solving the problems that you need to solve. What you don't realize is that what seems boring and dull to you can actually be quite interesting to a publication that thrives on customer stories. Thus, if you're at all interested in the opportunity, contact us and we'll help determine whether it's something the reporters will want to hear. If you're interested, shoot me an email directly with some information about your story and I'll try to work you into our PR plan. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] VC3 beta available
Vyatta is pleased to announce the beta release of Vyatta Community Edition 3 (code named Dublin). Updated packages have been released to the Vyatta testing repository. This code is beta quality and is suitable for those wanting a preview of this release. We urge that everybody interested in eventually upgrading to the final edition of VC3 perform an upgrade on a non-critical system to this release. We appreciate all bug reports that anybody can provide, either directly to Bugzilla (bugzilla.vyatta.com) or to the vyatta-users mailing list. UPGRADING = To upgrade, make sure your repository configuration includes the Testing repository, as described on the wiki: http://www.vyatta.com/twiki/bin/view/Community/HowToUpdate To update the community edition, issue the following commands from the bash prompt (root login): apt-get update apt-get -y install vc-base full-upgrade FILING BUGS === If you find a bug in this release, please file a bug on Bugzilla and/or report it to the vyatta-users mailing list. More information about the mailing lists and Bugzilla can be found here: http://www.vyatta.com/community/mailing.php http://www.vyatta.com/twiki/bin/view/Community/BugDatabase VERSION NUMBER == There was some confusion over this behavior during the last beta, so hopefully this section can address the behavior you'll see. Note that this is a beta release. Thus, when you type show version you will still see a previous version number (e.g. VC2.2). You can tell that you have upgraded when you perform a show version all command because there will be multiple packages flagged as being more recent than those of the base version you are running (e.g. VC2.2). In other words, think of this as a set of package upgrades which will be correctly reported when you invoke show version all, but this is not yet a full upgrade of the base version. NEW IN THIS RELEASE === * Multilink Point-to-Point Protocol support. This release introduces support for multilink Point-to-Point Protocol (MLPPP) bundling as described in RFC 1990. MLPPP allows you to group PPP interfaces, typically on T1 or E1 lines into a single virtual link, resulting in greater performance than a single low-speed link but lower cost than a high-speed link. * IPsec VPN clustering. IPsec VPN can now be configured in a cluster. Clustering can be used as a failover mechanism to provide high availability for mission-critical services. The cluster monitors the nodes providing the IPsec VPN tunnel at a designated address. If the system detects that the node has failed, or that the link to the node has failed, the system migrates both the VPN tunnel and the IP addresses to a backup node. Failover is currently supported between two nodes: a primary node and a secondary node. * Enhanced serial interface support. Serial interface support has been improved in a number of ways. Additions include: * Ability to add a description to a serial link. * Authentication for PPP-encapsulated interfaces. Connections can be authenticated by password, user ID, or system name, and the PAP, CHAP, MS-CHAP, MS-CHAP v.2 and EAP authentication protocols are supported. * LCP echo support for PPP-encapsulated interfaces. * Configurable Maximum Transmission Unit (MTU) and Maximum Receive Unit (MRU) for T1- and E1-encapsulated interfaces. * Ability to specify external or internal clock for T1- and E1-encapsulated interfaces * Support for the Frame Relay t392 (polling verification timer) LMI signaling option. * Inverse ARP support on Frame Relay permanent virtual circuits (PVCs). * Additional options for the “show interfaces serial” command, including an option to provide trace-level logging or raw frames for a serial interface. * Redesigned the output of the “show interface serial” command to increase clarity and consistency. * Improvements to Firewall. Many improvements and enhancements have been added to firewall support in Release VC3: * Negated values can now be specified for the following fields: protocol, source/destination address, and source/destination network. This allows exclusion of addresses and networks. For example, the rule “set firewall name TEST rule 1 source network !192.168.0.0/24” will match packets whose source address is NOT in the 192.168.0.0/24 network. * The “show firewall” command now displays information for all user-defined firewall rule sets. Previous releases allowed viewing only one firewall rule set at a time. * A description can now be configured for each firewall rule, such as Allow inbound SSH traffic. * The “show firewall,” “show firewall name,” and “show firewall name rule num” commands now display the source ports and destination ports, if they have been set. * Each firewall rule can now support multiple source and destination “port-number” and “port-name” values within a single firewall
[Vyatta-users] Dear John...
Some Monday fun for everybody. After coming back from the Ohio Linux Fest at the end of September, we were sitting around here at Vyatta discussing the show. Somebody remarked that there were an aweful lot of people that came up to our booth and told us that they loved open source networking and really wanted to tell Cisco to take a hike. Somebody else around the table jokingly said, Yea, wouldn't it be fun to write Cisco a 'Dear John' letter? Thus was born the Vyatta Secret Society Dear John page: http://www.vyatta.com/secret/dearjohn/index.php If you aren't familiar with a Dear John letter, it's a form of breakup letter that was often written to American GIs during WWII by their stay-at-home sweethearts who, rather than wait for the GI to return, had finally decided to break up with him and marry the guy next door. For more on the form, see: http://en.wikipedia.org/wiki/Dear_John_letter So, try your creative writing skills and write your own break-up letter to Cisco. Feel free to vote for your favorites, too. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Prevent root ssh login, but allow shell access?
Either way. Check out the firewall documentation for how to set this up. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juan E. Aguilar Sent: Thursday, October 11, 2007 11:14 AM To: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Prevent root ssh login, but allow shell access? Dave, For #2 below, would you mean an ACL on the Vyatta box or an upstream firewall rule? I would like to setup a rule which only permits SSH to the router from a specified IP range as I don't have the option of an upstream firewall. Thanks, Juan Aguilar From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Roberts Sent: Thursday, October 11, 2007 2:01 PM To: 'Daren Tay'; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Prevent root ssh login, but allow shell access? If the box is publicly accessible, there is no way to prevent users from trying to login to it. There are bots that try a whole bunch of default passwords on every publicly accessible box they can find. The ssh daemon will dutifully log all access attempts. My Fedora box at home generates the same sorts of log messages all the time. Your only defenses are to: 1. Remove the box from the Internet. 2. Set up some firewall rules that block access for ssh from the Internet side if you don't want it to be accessible there. 3. Or just make sure you use good passwords for all accounts. In the case of the specific log message you show below, I'd note that the bot is trying an unknown user name (something like bob) that you don't have on your box. It's probably a default account of some sort for a known exploit. Rule #1 before connecting *anything* to the Internet (whether Vyatta, Red Hat, Debian, or a Windows box)--change *all* the default passwords locally. With Vyatta, this is fairly simple and can be done with just a couple of commands before you even set an IP address for any interface. In fact, I think I did this exact thing in the screen cam demo of Vyatta on the web site (yes, I'm the guy who can't type ;-). -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daren Tay Sent: Monday, October 08, 2007 7:38 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Prevent root ssh login, but allow shell access? Hi guys, I have getting alot of such entries in my log: Oct 7 14:35:12 vyatta sshd[27845]: (pam_unix) check pass; user unknown I think its just some bots trying to login. Anyway to prevent this? Also, currently I allow root login, but I don't feel safe with that option. I can disable that using DenyUser in sshd_config. Yet, I need to have access to bash, since users other than root will go straight to XORPSH. If I try to manually create a user with bash access in the system using useradd, it will get overwrite everytime I make changes to XORPSH. What's the best way about this? Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Prevent root ssh login, but allow shell access?
If the box is publicly accessible, there is no way to prevent users from trying to login to it. There are bots that try a whole bunch of default passwords on every publicly accessible box they can find. The ssh daemon will dutifully log all access attempts. My Fedora box at home generates the same sorts of log messages all the time. Your only defenses are to: 1. Remove the box from the Internet. 2. Set up some firewall rules that block access for ssh from the Internet side if you don't want it to be accessible there. 3. Or just make sure you use good passwords for all accounts. In the case of the specific log message you show below, I'd note that the bot is trying an unknown user name (something like bob) that you don't have on your box. It's probably a default account of some sort for a known exploit. Rule #1 before connecting *anything* to the Internet (whether Vyatta, Red Hat, Debian, or a Windows box)--change *all* the default passwords locally. With Vyatta, this is fairly simple and can be done with just a couple of commands before you even set an IP address for any interface. In fact, I think I did this exact thing in the screen cam demo of Vyatta on the web site (yes, I'm the guy who can't type ;-). -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daren Tay Sent: Monday, October 08, 2007 7:38 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Prevent root ssh login, but allow shell access? Hi guys, I have getting alot of such entries in my log: Oct 7 14:35:12 vyatta sshd[27845]: (pam_unix) check pass; user unknown I think its just some bots trying to login. Anyway to prevent this? Also, currently I allow root login, but I don't feel safe with that option. I can disable that using DenyUser in sshd_config. Yet, I need to have access to bash, since users other than root will go straight to XORPSH. If I try to manually create a user with bash access in the system using useradd, it will get overwrite everytime I make changes to XORPSH. What's the best way about this? Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Nagios plugin
You certainly can; I monitor Vyatta routers with MRTG and Nagios. Another option here is Hyperic, a Vyatta Ready partner. They have a plug-in for Hyperic HQ. There is a community version of Hyperic HQ available. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta virtualization with Xen
Vyatta does not support running paravirtualized under Xen. We do run under Xen in non-para modes, however, using the hardware virtualization support in newer x86 processors. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dominique Jeannerod Sent: Monday, October 08, 2007 1:07 AM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Vyatta virtualization with Xen Hi, i'm trying to setup Vyatta in a Xen virtual machine (paravirtualized), and it was ok with version VC2_1, but i need to fix some Vyatta bugs, and run the VC2_2 version. But VC2_2 comes with a 2.6.20 kernel ... and here come the problem, and question : xen only officially supports the 2.6.18 kernel, although some distributions (like FC7) have a 2.6.20 xen kernel. I'm running a RHEL5 box as the hosting machine (dom0). Did someone manage to make Vyatta VC2_2 run on Xen with a 2.6.20 kernel ? Is it possible to make Vyatta run on a 2.6.18 kernel ? Thanks with anticipation for any answer, or suggestion, as I am now quite disapointed, and blocked in my Vyatta project. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Installation Question
Good Luck. Ryan, and if you get it working, be sure to write up a report of your experience and post it to the mailing list. It would be great if others could learn from your experience. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Community vs Subscription Edition
The Community and Subscription Editions are built from the same source train, but they do differ. The primary differences are going to be timings of features and bug fixes. New features may be released to the Community Edition first in order to stabilize them before they are released to Subscribers. Conversely, Subscribers will see more interim bug fixes, patches, etc., between Community Edition releases. Today, there is nothing that is held back from the Community Edition in terms of features, primarily because we want to make it the main stabilization vehicle for new functionality. Over time, you may see the feature sets diverge and reconverge over time as new features are stabilized, but they should track in roughly the same direction over large timescales. The best analogy here is the difference between Fedora and RHEL at Red Hat. They more-or-less have similar functionality and track to similar directions over time, but any individual release of Fedora is different than a release of RHEL. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aubrey Wells Sent: Friday, September 14, 2007 1:32 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Community vs Subscription Edition Is there a software difference between the Community and Subscription Editions of Vyatta? There's a size difference in the ISOs so there's *some* difference there, but in just using it I don't see anything different. Am I missing anything, or is it just the support that makes the difference? I apologize if this is documented somewhere, I couldn't find anything that mentioned any differences besides the support options. -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] OFR under Xen?
The key is that Vyatta is *Debian-based*, not stock Debian with some additional packages. We have a custom kernel to support some features that we require, as well as some mods to startup scripts, etc., so you can't simply copy Vyatta packages to Debian and be done with it. I don't want to rain on anybody's parade, but I believe to support Vyatta under para-virtualization, you'd need to rebuild the kernel. It's something to look at, thought, and I'd encourage anybody with the skill to go for it. If people have questions about how to build the system, take them over to vyatta-hackers. -- Dave _ From: Leonardo Lima [mailto:[EMAIL PROTECTED] Sent: Friday, September 14, 2007 3:42 PM To: Aubrey Wells Cc: Dave Roberts; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] OFR under Xen? Xen para-virtualizes Debian (as I have lots of Debian Sarge in devel space), and isn't Vyatta Debian-based? Maybe that's a hint that you can go that way, installing the OFR packages on a fresh Sarge install? Just a (random) thought... On 9/14/07, Aubrey Wells [EMAIL PROTECTED] wrote: Well, I got it working under Xen as a fully-virtualized domU, and it was fairly easy because you can boot the domU from an ISO and install to your virtual disk as if it were native. I really want to do it para-virtualized though, for performance reasons. I had minimal success booting the vmware image converted to a raw disk image with pygrub as a paravirtualized guest, but I'm probably going to have to roll my own ISO to make some kernel changes to get it to work. Maybe fully-virtualized isnt so bad after all... :) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group 404.478.2790 www.sheltonjohns.com On Sep 14, 2007, at 10:03 AM, Dave Roberts wrote: There has been at least one report of success: http://mailman.vyatta.com/pipermail/vyatta-users/2007-June/001627.html I have also been told that it works on Virtual Iron. Vyatta has not tested with either of these, however, so everything I'm saying is second-hand. I'd love to get more reports of success. If people have Vyatta running under Xen, Virtual Iron, Virtual Box, or some other VPS scheme, I'd love to know about it. We have tested formally with VMware and I can confirm that works great. -- Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] On Behalf Of Aubrey Wells Sent: Thursday, September 13, 2007 9:57 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] OFR under Xen? Has anyone gotten Vyatta to run under Xen? -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Setting up DHCP client
I have a setup where I need to have an IP address assigned through DHCP on eth0. I installed the DHCP client package, with dpkg -i dhcp3-client_3.0.4-13_i386.deb. It works when I start it manually. After a reboot it stops working. I have made changes to /etc/network/interfaces: auto eth0 lo iface lo inet loopback iface eth0 inet dhcp After rebooting, I notice the dhcp3-client running, but no IP address has been set. I also noticed 'dpkg-query -l '*dhcp*'' listing more than one dhcp package.Is this a problem ? Can someone who has experience setting up DHCP client on Vyatta Router help me out please? This will not currently work. DHCP client is not supported on Vyatta at this time because there is a conflict with the way that IP addresses are set. We're working to remove the issue and add DHCP client functionality to the system, but it's a bigger process that simply adding a package. Unfortunately, it requires a bit of yak shaving (http://www.faqs.org/docs/jargon/Y/yak-shaving.html , http://projects.csail.mit.edu/gsb/old-archive/gsb-archive/gsb2000-02-11.ht ml). -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Performance of Vyatta - what should I note
I am using a rather simple Dell server for my Vyatta solution; a P4-D 2.8Ghz with 1GB ram. For an infrastructure of an uplink of 4Mbps, and projected to grow, will this be enough? What should I take note considering I am doing rather intensive NAT-ing (heck, I don't even know if it qualifies to be called intensive) Should I have more ram to handle a bigger route table? Or would a more power processor help? Or would any of these be redundant? That will be plenty. See the Hardware Performance Guide on the web site in the whitepapers section (http://www.vyatta.com/documentation/whitepapers.php) for more info about performance you will be able to achieve with given config. Suffice it to say that anything 100 Mbps or less is easily achievable with just about any 1 GHz system out there, even with NAT. We have shown a 2.8 GHz system running at 2 Gbps in the Tolly test on the web site. Whether you're able to achieve this depends highly on the bus structure in the particular system, however (it's an I/O problem more than a processor problem). See the Perf Guide for more info and discussion. If you are planning on having a large routing table (full BGP feeds), then you'll want to stock up on RAM. If you're doing anything short of that, 1 GB is fine. In short, your system sounds fine to handle everything you have described. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta Community Edition 2.2 (Camarillo) released to main
UPGRADING = To upgrade, make sure your repository configuration includes the Main repository, as described on the wiki: http://www.vyatta.com/twiki/bin/view/Community/HowToUpdate Unless you have changed to repository configuration, the default configuration file includes the Main repository. Then login as root to the system and type the following three commands: apt-get update apt-get upgrade full-upgrade The full-upgrade command is something new that makes sure that you get any additional packages that are part of the release that were not previously installed. This procedure is wrong. Apologies. I copied it verbatim from the beta release announcement without realizing that we had changed it slightly. The correct procedure is in the release notes and is as follows: apt-get update apt-get install vyatta-base full-upgrade In particular, that second step should not be 'apt-get upgrade' which may cause problems. Apologies for any confusion. - Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Error Trying to Upgrade to VCE2.2
If you followed the procedure I sent out in the announcement email, then I'm probably the source of the problem. I mistakenly copied the procedure from the 2.2 beta announcement into the final release. The procedure was changed slightly between beta and final release. I just sent out a correction. The release notes contain the correct procedure. Try the new procedure. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juan E. Aguilar Sent: Friday, August 31, 2007 10:31 AM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Error Trying to Upgrade to VCE2.2 Hi, Just tried upgrading to Camarillo and got the following error message back from running apt-get upgrade: Unpacking replacement vc2-vpn ... dpkg: error processing /var/cache/apt/archives/vc2-vpn_1.4-35_i386.deb (--unpack): trying to overwrite `/opt/vyatta/libexec/xorp/gen_local_rsa_key.pl', which is also in package vc2-xorp Preparing to replace vc2-wanpipe r3.1-rc1-1 (using .../vc2-wanpipe_r3.1-rc1-21_i386.deb) ... Unpacking replacement vc2-wanpipe ... Errors were encountered while processing: /var/cache/apt/archives/vc2-vpn_1.4-35_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) Not sure where this leaves me with the upgrade. Thanks, Juan Aguilar ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP ip address on ethernet interface
Hello Vyatta, I found vyatta for a few days and i installed it successfully on my box. It runs all fine and i updated it to the latest state. But i have a simple question, it ist possible to recive a dynamic ip from an dhcp server on an vyatta ethernet interface ? i didnt find a solution in the past ? ...like on linux dhclient eth0 best regards Michael Michael, DHCP client addressing on interfaces is a highly requested feature but it isn't yet in the software. We're working on some changes to the system that will get it there in a couple of releases. The actual feature itself it relatively trivial to implement using the standard DHCP client packages but it has to wait until we make some other changes to the way that interfaces are handled in the system such that we don't interfere with the DHCP operation. Unfortunately, this other work is taking longer that we'd like. Look for this change in a few months. In the mean time, feel free to add your vote to the list of top-requested enhancements on the wiki: http://www.vyatta.com/twiki/bin/view/Community/TopEnhancements -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
No, on the router. Login in as root and fireup Wireshark.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Daren Tay
Sent: Tuesday, August 28, 2007 4:32 AM
To: Wink; vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Allowing FTP Connections
woah... on the desktop that i am trying to connect from?
-Original Message-
From: Wink [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 28 August 2007 19:14
To: Daren Tay; vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Allowing FTP Connections
Packet captures? Perhaps the forwarding function is working.
I'd run wireshark and see if the FTP packets are being
forwarded out of the router...
- Original Message -
From: Daren Tay [EMAIL PROTECTED]
To: vyatta-users@mailman.vyatta.com
Sent: Tuesday, August 28, 2007 6:09 AM
Subject: [Vyatta-users] Allowing FTP Connections
Hi guys,
I realise after setting all the static routes, and what
not, I can SSH
but I can't FTP. weird...
basically the public ip is at my router which directs to my private
server
(192.168.40.x) via routing.
The 2 key NAT rules are:
rule 1 {
type: source
translation-type: masquerade
outbound-interface: eth0
protocols: all
source {
network: 192.168.40.0/24
}
destination {
network: 0.0.0.0/0
}
}
rule 12 {
type: destination
translation-type: static
inbound-interface: eth0
protocols: all
source {
network: 0.0.0.0/0
}
destination {
address: public ip
}
inside-address {
address: 192.168.40.73
}
}
Can SSH, HTTP etc, but I can't do FTP weirdly do I need
to do more
NAT?
Thanks!
Daren
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date:
8/27/2007 6:20 PM
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] User and Password Management
I just downloaded the ISO, so I suppose its the latest stable version? Actually, this isn't the latest stable version. It's the latest stable ISO, but you'll want to do a package update. The details for how to do this can be found in the latest release notes here: http://www.vyatta.com/documentation/ -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] VPN
The VPN stuff is not described in the Quick-Start, but it is in the newest documentation. Go here http://www.vyatta.com/documentation/ then download the 2.2 Beta docs. -- Dave PS: Welcome to the Vyatta community. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yves Helaudais Sent: Friday, August 17, 2007 1:26 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] VPN I'm interested in the VPN but I found a minimum of info in the documentation. Where could I find mor info? Is the VPN supported in the Quick Start? It does not seem so. Thanks! Yves Helaudais ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
