Hi @zsdc just setting the conntrac-sync protocol would trigger it.
set service conntrack-sync accept-protocol dccp
Set failed
[edit]
I found out that the permissions in folders in /opt/vyatta/config do affect this in some way
vyos@<redacted># pwd
/opt/vyatta/config/tmp/new_config_30580
[edit]
vyos@<redacted># ls -l
total 0
drwxrwxr-x 1 vyos root 300 Apr 11 22:23 **firewall**
drwxrwxr-x 1 vyos root 60 Apr 11 22:23 **high-availability**
drwxrwxr-x 1 vyos root 100 Apr 11 22:23 **interfaces**
drwxrwxr-x 1 vyos root 60 Apr 11 22:23 **policy**
drwxrwxr-x 1 vyos root 80 Apr 11 22:23 **protocols**
drwxrwxr-x 1 vyos root 100 Apr 11 22:23 **service**
drwxrwxr-x 1 vyos root 220 Apr 11 22:23 **system**
drwxrwxr-x 1 vyos root 60 Apr 11 22:23 **traffic-policy**
[edit]
vyos@<redacted># sudo chown -R vyos ./
[edit]
vyos@<redacted># ls -l
total 0
drwxrwxr-x 1 vyos vyattacfg 300 Apr 13 06:58 firewall
drwxrwxr-x 1 vyos vyattacfg 60 Apr 13 06:58 high-availability
drwxrwxr-x 1 vyos vyattacfg 100 Apr 13 06:58 interfaces
drwxrwxr-x 1 vyos vyattacfg 60 Apr 13 06:58 policy
drwxrwxr-x 1 vyos vyattacfg 80 Apr 13 06:58 protocols
drwxrwxr-x 1 vyos vyattacfg 100 Apr 13 06:58 service
drwxrwxr-x 1 vyos vyattacfg 220 Apr 13 06:58 system
drwxrwxr-x 1 vyos vyattacfg 60 Apr 13 06:58 traffic-policy
[edit]
changing the ownership of the folders to vyos which will change the group to vyattacfg seems to help so that I can set the conntrack-sync in configure mode but commit also results in failure with the message Abort
being shown.
I gave up and found that editing /config/config.boot directly was possible to set conntrack-sync.
But then I realized after doing all of this and once I reboot the router I can’t even do configuration on items which I previously could e.g.
vyos@<redacted># set high vrrp group <redacted> disable
Set failed
[edit]
I get the feeling it has something to do with permissions on some folders but cant seem to figure out what should be the right permissions and how come it went haywire in the first place. Anyone has any idea what should be the right permission settings for the folders to keep it permanent?