A similar question was asked on the forum recently:
http://www.vyatta.org/forum/viewtopic.php?t=110
-Original Message-
From: [EMAIL PROTECTED] [mailto:vyatta-users-
[EMAIL PROTECTED] On Behalf Of Azrin Aris
Sent: Wednesday, March 26, 2008 6:06 PM
To: [EMAIL PROTECTED]
Subject:
Daniel,
If you're able to use the glendale alpha (i.e. VC4.0.0) it does have
support for adding an IP address on the bridge interface and it also
supports ECMP which might be an option for your dual links. I wrote a
quick howto for ECMP on the new forum at:
I'm pretty sure the vyatta cli in alpha 2 has telnet mapped, but even in
alpha 1 you can still get to telnet via linux (by using full path) even if
the vyatta cli hasn't been mapped for it. Try:
/bin/busybox telnet 192.1.1.1
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL
,
-Chris
On Thu, Feb 28, 2008 at 11:30 AM, Stig Thormodsrud [EMAIL PROTECTED]
wrote:
I'm pretty sure the vyatta cli in alpha 2 has telnet mapped, but even in
alpha 1 you can still get to telnet via linux (by using full path) even if
the vyatta cli hasn't been mapped for it. Try:
/bin/busybox
What error did you get with install-system? We have seen some issues with
vmware's scsi hard drive not being recognized, so if that's the issue then
you might try editing the virtual machine to use an IDE hard drive
instead.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Have you tried adding a proposal 1 with aes256 under esp-group ESP-1E for
site 2 so that the proposals match up?
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Biswajit
Banerjee
Sent: Wednesday, February 27, 2008 7:08 PM
To: vyatta-users
Subject:
I'm not sure if the version you're using has the disable-vmac option, but
if not try searching the archives for how to disable it.
stig
Ken,
You might have seen the vrrp priority of 150 for eth2 on R2 which was
just a test and replaced with 20 since a few days, but the problem still
exists.
This thread mentions the file to edit to disable vmac.
http://www.mail-archive.com/vyatta-users@mailman.vyatta.com/msg00957.html
stig
-Original Message-
From: [EMAIL PROTECTED] [mailto:vyatta-users-
[EMAIL PROTECTED] On Behalf Of Tobias Orlamuende
Sent: Monday, February 25, 2008
Tobias,
The thread mentioned below will tell you how to hack the functionality
into VC3. If you prefer not to hack you might consider trying out the
Glendale alpha since it doesn't use the vmac in it's vrrp implementation.
It also supports multiple VIPs/group and multiple groups/interface and
- show ospf4 database self-originate is one of the
best commands to troubleshoot ospf with, can we please
work towards adding it?
Nick,
I just now get around to seeing if quagga supports a similar command and I
found:
vDUT:~# show ip ospf database self-originate
OSPF Router with
Hi Nick,
Thanks for the feedback. Comments inline.
Hi Guys,
Lots of big changes in Glendale and I'm enjoying them. I did my usual
drop
test, dropping the Glendale test router into production. I even spiced
up
my config a bit, adding authentication where possible. So far so good
guys. The
In Glendale the vyatta shell is integrated with the regular bash shell, so
when you login just type configure and start adding the configuration.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of piyush
sharma
Sent: Sunday, February 10, 2008 8:43 PM
To:
Hi Dave,
I think it was Ken Felix that mentioned using different metrics to get
similar functionalty to xorp's qualified-next-hop feature. I'll verify
that when I get in the office tomorrow.
stig
Hi Stig,
What i was looking for was next-hop qualified-next-hop.
next-hop being the
Hi Jostein,
Are you using telnet or ssh to access the box? Using telnet in not secure
from a public network as the username/password is in clear text.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jostein
Martinsen-Jones
Sent: Monday, February 04, 2008
Ken,
You are right that changing the auto=start line will change this
behavior. Initially our goal was to have a fairly simple configuration to
bring-up a tunnel, but over time we'll need to add more options to the vpn
cli. The last time this came up I opened an enhancement request to make
this
Frankly I miss the ? and space auto-completion too, but am slowly
getting use to the tabtab. Given that the new cli is integrated with
bash and ? has special meaning to bash, then it probably limits our
usage of ? for help.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Frankly I miss the ? and space auto-completion too, but am slowly
getting use to the tabtab. Given that the new cli is integrated
with
bash and ? has special meaning to bash, then it probably limits our
usage of ? for help.
stig
_
From: [EMAIL PROTECTED]
I'd vote for #1 also (but my thinking may be warped by over a decade of
IOS development using the ? key ;-).
The other thing to consider is the principle of least astonishment for the
over 100,000 downloads of vyatta before glendale.
stig
I vote for #1. Maybe its just because I've been
Hi Ken,
Let me 1st address point #4. There is a new routing engine that has
better performance, better scalability and a lot more features. Because
of this the commands for the routing protocols are different. Our initial
approach was to try to map the old cli exactly, but in many cases
Hi Dave,
Actually you should be able to ignore the message and shouldn't have to
enter it a 2nd time. This is bug 2211
(http://bugzilla.vyatta.com/show_bug.cgi?id=2211) which doesn't really
hurt anything, but is annoying. Basically we have validation checks that
are meant to be invoked on
* Well that and the WAN dhclient that's in progress.
Dhcp client has already been committed to the development branch which
means itll be available in the next release (glendale) assuming the
testing goes well.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Hi Dave,
When a new master takes over the vip address it sends out a gratuitous arp
so that the hosts can learn the new mac.
stig
Hi,
I been reading a few posts regarding Bug 2350
https://bugzilla.vyatta.com/show_bug.cgi?id=2350
Doesn't the disable-vmac true option create an issue with
Can canyone comment more on load balaning vrrp? Active/active style
configuration? Perhaps even noting bgp? I was not aware with vrrp one
could have two routers handling packets :/
This may have changed, but I believe Vyatta only supports one VRRP
address
per interface. Consider what
Check /var/log/messages (or show log) for further error messages.
stig
-Original Message-
From: [EMAIL PROTECTED] [mailto:vyatta-users-
[EMAIL PROTECTED] On Behalf Of Clint Chapman
Sent: Friday, January 04, 2008 6:38 PM
To: [EMAIL PROTECTED]
Subject: [Vyatta-users] Commit Error
Shouldn't the command 'show system memory' be mapped to run through
'free -m' then? I would consider this as a feature enhancement.
Seems like a reasonable request. It's very easy to change yourself if you
don't want to wait for a future release. Here's how (assuming vc3):
1) login as root
I wonder if this might be solved with the disable-vmac setting?
stig
-Original Message-
From: [EMAIL PROTECTED] [mailto:vyatta-users-
[EMAIL PROTECTED] On Behalf Of Daniel Stickney
Sent: Wednesday, December 12, 2007 2:47 PM
To: vyatta-users@mailman.vyatta.com
Subject:
YMMV.
Thanks,
allan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stig
Thormodsrud
Sent: Thursday, December 13, 2007 12:23 PM
To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel
Stickney';
vyatta-users@mailman.vyatta.com
Unfortunately there is a known bug with discard. See
http://bugzilla.vyatta.com/show_bug.cgi?id=1933
stig
-Original Message-
From: [EMAIL PROTECTED] [mailto:vyatta-users-
[EMAIL PROTECTED] On Behalf Of Peter Wohlers
Sent: Wednesday, December 12, 2007 9:22 AM
To: Shane McKinley
Cc:
Did you do a apt-get update after adding the debian repository?
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Worden
Sent: Thursday, December 06, 2007 7:04 PM
To: vyatta-users@mailman.vyatta.com
Subject: Re: [Vyatta-users] Serial Port
Hi thx!
I
Hi Jeff,
Another relevant bug is https://bugzilla.vyatta.com/show_bug.cgi?id=2368
As for ipt_rlsnmpstats, that's used to get the stats you see with show
snmp, but shouldn't affect the rest of the system. However there are
other minor changes to our kernel.
stig
FWIW, to verify if the r8169
Hi Biswajit,
There is some documentation at:
http://www.vyatta.com/documentation/VC3/Vyatta_ConfigGuide_VC3_v02.pdf.
Also one of our community members has put together a great tutorial at:
http://www.openmaniak.com/vyatta_case_ipsec.php.
stig
_
From: [EMAIL PROTECTED]
To exemplify, the other end of the tunnel is represented by an ISA 2006.
After about 5-6 minutes, time within the tunnel was idle(no traffic
exchange between the two sides), ISA will drop the IPsec SA informing
its tunnel partener about this. The IKE SA is not dropped.
If the other end of
* I need some help here. I have hard time to change the default route.
I tried delete and commit, set (new value)
* and commitnothing sucessfull. Check below. Does anyone can point
out my mistake?
Hmm, that's odd. I just booted up a vc3 and tried the same thing:
[EMAIL
1. Is VIF support NIC specific? I have a test box, with one built-in
100Mb/s forcedeth (NForce2) interface, and a couple of cheap Realtek
8169
PCI 1000Mb/s interfaces. All work fine without VIFs, but when I try to
add a VIF to the r8169 cards, the commit fails (and all subsequent
commits
Think of it as an access-list where a packet's source/destination
addresses are compared to see if it should be encapsulated into the
tunnel. Those subnet commands do accept 0.0.0.0 such that anything
matches.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
I have run into this in the past when I've copied a virtual machine from
one physical machine to another. When I did a search on vmware's forum
for this error message they said it generally was due to a file permission
problem. In my case a quick chmod fixed the issue, so you might want to
look
Sounds like it might be chocking on the wireless adapter in the laptops.
Are there other error messages in /var/log/messages?
stig
_
From: Eduardo Pardo [mailto:[EMAIL PROTECTED]
Sent: Monday, November 12, 2007 7:18 AM
To: Stig Thormodsrud
Subject: Re: [Vyatta-users] Login
Hi Troppy,
Under quagga i just successfully added the network 10.7.0.2/30 (the
tunnel network) in OSPF but under Vyatta you need to use an interface
(set
protocol ospf4 area 0.0.0.0 interface ...) and of course
i have no tun or tap interface available at the VYatta level, so i
tried
to use
If the router manager wasn't able to start or if it crashed, then you
won't be able to log in as root. Login as root and look for errors in
/var/log/messages that might give a clue to the problem.
stig
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eduardo
Hi all,
just installed yvatta and wanted to establish an ipsec vpn connection.
When
entering the pre-shared-secret I receive the following message:
snip
[EMAIL PROTECTED] set vpn ipsec site-to-site peer xxx.xxx.xxx.xxx
authentication
pre-shared-secret 11([EMAIL PROTECTED]
I have two PCs linked by an E1 link wit Sangoma A101 cards
PC1
eth0 10.0.0.0/24
wan0
local 192.168.0.1
remote 192.168.0.2
prefix-length 24
PC2
eth0 10.9.1.0/24
wan0
local 192.168.0.2
remote 192.168.0.1
prefix-length 24
show route does not show the wan ports and I cannot ping
It would be helpful to see the configs, but my quess would be that the
packet coming from C does not match the local-subnet and/or
remote-subnet configuration on B, so it's not getting put in the tunnel.
If C has a different subnet you may need to add another tunnel or if this
is all internal you
02, 2007 12:42 AM
To: [EMAIL PROTECTED]; vyatta-users@mailman.vyatta.com; Stig Thormodsrud
Subject: RE: [Vyatta-users] IPSec - RSA
Hello,
Thank for your answer.
The thing is when i try to copy the public key generated by Vyatta on
Cisco, i have an error
message on cisco at the firrst non
Hi Troopy,
Im not sure about the cisco error, but on the vyatta side the rsa config
would like something like:
set vpn ipsec site-to-site peer x.x.x.x authentication mode rsa
set vpn ipsec site-to-site peer x.x.x.x authentication rsa-key-sig
tunnel-name
set vpn rsa-keys rsa-key-name
Hi Dominique,
I don't see anything wrong with your config, so it's puzzling that the
other processes aren't getting started. You might be running into bug
2325 (https://bugzilla.vyatta.com/show_bug.cgi?id=2325) , but then you
probably would have additional error messages in your log. I might
, Stig Thormodsrud mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
Hi,
I need to set a few 'configure' paramters
non-interactively as soon as the router boots up. For
instance, to set the host-name I run:
xorphsh -c configure set system host-name myrouter1
xorphsh -c configure commit
Dave probably meant tshark instead of wireshark.
stig
-Original Message-
From: [EMAIL PROTECTED] [mailto:vyatta-users-
[EMAIL PROTECTED] On Behalf Of Dave Roberts
Sent: Tuesday, August 28, 2007 9:34 AM
To: 'Daren Tay'; 'Wink'; vyatta-users@mailman.vyatta.com
Subject: Re:
47 matches
Mail list logo