have hit the same error with VRFs - basic concept of having a seperated “management plane” vrf with a seperate routing table and default route… In my case (not sure it’s the same as what dbenson experienced) steps to reproduce are:
Start with a fresh vyos installation
Add the below config in a configure session:
set vrf name mgmt description ‘Management VRF’
set vrf name mgmt table ‘100’
set interfaces ethernet eth0 address ‘192.168.1.2/24’
set interfaces ethernet eth0 description ‘Management Interface’
set interfaces ethernet eth0 vrf ‘mgmt’
set protocols vrf mgmt static route 0.0.0.0/0 next-hop 192.168.1.1
set service ssh listen-address 192.168.1.2
Tried to commit, errors with:
[ service ssh ]
Job for ssh.service failed because the control process exited with error code.
See “systemctl status ssh.service” and “journalctl -xe” for details.
Took a look at the journal for the ssh unit (journalctl -xe -u ssh.service) to see:
May 03 21:14:19 vyosvpn02 sshd: error: Bind to port 22 on 192.168.1.2 failed: Cannot assign requested address.
May 03 21:14:19 vyosvpn02 sshd: fatal: Cannot bind any address.
May 03 21:14:19 vyosvpn02 systemd: ssh.service: Main process exited, code=exited, status=255/EXCEPTION
– Subject: Unit process exited
– Defined-By: systemd
– Support: https://www.debian.org/support
– An ExecStart= process belonging to unit ssh.service has exited.
– The process’ exit code is ‘exited’ and its exit status is 255.
adding the “set vrf bind-to-all” config doesn’t make a difference for the behavior with listen-address specified.
I’ve reverted to NOT specifying a listen address for ssh for now, but have the set vrf bind-to-all, otherwise can’t reach ssh on the management vrf (which is expected I assume?).
The above was tested on:
Version: VyOS 1.3-rolling-202004191932