Is there a new exploit circulating for 1.1.8?

we have been running 1.1.8 for quite some time. Over the last ~2 weeks, suddenly we are experiencing crashes. The routers in question are running in a redundant vrrp and both have crashed now. It seems to be more frequent too. So I can’t help but wonder if there is something nasty going around?

I tried updating to the latest rolling build but we couldn’t see all of our interfaces and so I had to revert back.

Thank you in advance for any feedback.

seems to be happening again as I write this. This time I am in the box before it goes down.

show ip bgp sum returns nothing. show vrrp still looks normal

log is below. I have changed the IP’s through a global search/replace, so it may not be entirely perfect.

thank you

posting log in next 2 messages since it’s too long to post in one.

logs are too large to post here, so I pasted them here. remember, I used a search/replace to change IP’s but I don’t think that matters. thank you

https://pastebin.com/1PZqcATV

I see you have problems with IPSec that breaks your BGP sessions
my best advice will be test 1.2 version and move to it
we not plan to fix anything in 1.1.x

Do you think this is due to the old IPSEC config? I can clean it up, but that’s been going on a while and this issue is new.

I tried upgrading to the latest rolling 1.2 version but it didn’t see all the NIC’s. one of the ports in a 4 port NIC totally disappeared. Intel I believe. ideas?

thank you for responding. much appreciated.

i don’t think is related to your config, but most likely remote side software. I saw that in the past already. 1.1.x becomes really obsolete and cause issues with some new implementations

Hi
Have you read my topic about kernel panic ?
That was we got suddendly like you

We updated to release 2 and it runs fine now

thanks I did see that but you have kernal panic in your log? I don’t see it. Definitely could be related.

I am a bit in a bind because release 2 doesn’t work with all the NICs for some reason. err

Did you ever figure out why it was happening? Was it receiving packets it just couldn’t chew on?

You are right if you did not get kernel panic it may not be same cause.

I did not investigate logs too much, priority was stability.
I do not noticed attack like ddos, or intusion attempts.

It was possible to upgrade to 1.2 beta because there was no ipsec, vti, etc. We are using on this router only nat and filtering.

But it works fine with 10 nics !

You should reconfirm with latest 1.2
and if it still the case and you can provide specs, we definitely can support

Over the last 11 days I have taken that router out of service and run exhaustive hardware tests. all pass. The router runs as a VRRP pair for redundancy, with each router maintaining many peering connections (BGP). All in all, it’s a BGP confederation with 8 vyos routers. The config has been working flawlessly for months with no changes and then suddenly this one keeps crashing.

So I have reloaded it to the latest rolling build. While the router was out the other router in the pair did the same thing. that doesn’t sound like hardware to me.

I replaced the disk and loaded the latest nightly build as I said, but last night the router crashed again.

I can’t help but wonder if this is some sort of exploit? anyone got any ideas?

thank you

have two routers crashing. 1.2 and 1.1.

am I really the only with such issues? started out of the blue!

thanks

I just stumpled over this discussion and I must say that sometimes we saw similar things.
In our case I was able to narrow down the problem a bit more to a quagga problem with additional attributes which were sent by some peers.
Right now I cannot remember exactly whether it came from the 32 bit community attributes or other BGP data.
But in our case remote BGP data was definitely the reason.