hook.ua
December 27, 2023, 10:33am
1
Hi there
I’m trying to use recent vyos 1.5 to upgrade year old 1.4 based firewalls
Is this bug or feature.
Thnks
Could you share your config ?
show conf com | match l2tp
hook.ua
December 27, 2023, 1:32pm
3
Sure, please find below
set vpn l2tp remote-access authentication mode 'radius'
set vpn l2tp remote-access authentication mppe 'deny'
set vpn l2tp remote-access authentication radius server 10.1.0.xx key ''
set vpn l2tp remote-access authentication radius server 10.1.0.xx port '1812'
set vpn l2tp remote-access authentication radius source-address '10.1.0.yy'
set vpn l2tp remote-access authentication require 'mschap-v2'
set vpn l2tp remote-access ccp-disable
set vpn l2tp remote-access client-ip-pool def range '10.1.0.tt-10.1.0.pp'
set vpn l2tp remote-access default-pool 'def'
set vpn l2tp remote-access name-server '10.1.0.xx'
set vpn l2tp remote-access outside-address 'external ip'
After initial failed configuration conversion all l2tp comands were entered manually.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO kernel: [ 2.548239] fail to initialize ptp_kvm
Dec 27 15:25:10 DISTI-PRO kernel: [ 3.183512] piix4_smbus 0000:00:01.3: SMBus Host Controller not enabled!
Dec 27 15:25:10 DISTI-PRO kernel: [ 3.331439] vbd vbd-5696: 19 xenbus_dev_probe on device/vbd/5696
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:53 DISTI-PRO bgpd[1417]: [VCGF0-X62M1][EC 100663301] INTERFACE_STATE: Cannot find IF xfrmi-test-1862 in VRF 0
Dec 27 15:27:24 DISTI-PRO systemd[1]: Failed to start [email protected] - Accel-PPP - High performance VPN server application for Linux.
Dec 27 15:27:26 DISTI-PRO systemd[1]: Failed to start [email protected] - Accel-PPP - High performance VPN server application for Linux.
Thanks
Hi @hook.ua
vyos:current ← aapostoliuk:T5859-circinus
opened 10:52AM - 27 Dec 23 UTC
## Change Summary
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to '… x.x.x.x-y'
## Types of changes
<!---
What types of changes does your code introduce? Put an 'x' in all the boxes that apply.
NOTE: Markdown requires no leading or trailing whitespace inside the [ ] for checking
the box, please use [x]
-->
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Code style update (formatting, renaming)
- [ ] Refactoring (no functional changes)
- [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
- [ ] Other (please describe):
## Related Task(s)
* https://vyos.dev/T5859
## Related PR(s)
## Component(s) name
l2tp, sstp, pptp, ipoe, pppoe
## Proposed changes
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to 'x.x.x.x-y'
## How to test
<!---
Please describe in detail how you tested your changes. Include details of your testing
environment, and the tests you ran. When pasting configs, logs, shell output, backtraces,
and other large chunks of text, surround this text with triple backtics
```
like this
```
-->
CLI Configuration:
`set vpn pptp remote-access client-ip-pool TEST range '10.0.0.100-10.0.0.102'`
/run/accel-pppd/pptp.conf
Before:
```
[ip-pool]
10.0.0.100-10.0.0.102,name=TEST
```
After
```
[ip-pool]
10.0.0.100-102,name=TEST
```
## Smoketest result
<!-- Provide the output of the smoketest
```
$ /usr/libexec/vyos/tests/smoke/cli/test_xxx_feature.py
test_01_simple_options (__main__.TestFeature.test_01_simple_options) ... ok
```
-->
```
vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_service_ipoe-server.py
test_accel_ipv4_pool (__main__.TestServiceIPoEServer.test_accel_ipv4_pool) ... ok
test_accel_local_authentication (__main__.TestServiceIPoEServer.test_accel_local_authentication) ...
No IPoE interface configured
ok
test_accel_name_servers (__main__.TestServiceIPoEServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestServiceIPoEServer.test_accel_next_pool) ... ok
test_accel_radius_authentication (__main__.TestServiceIPoEServer.test_accel_radius_authentication) ... ok
----------------------------------------------------------------------
Ran 5 tests in 18.508s
OK
vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_service_pppoe-server.py
test_accel_ipv4_pool (__main__.TestServicePPPoEServer.test_accel_ipv4_pool)
Test accel-ppp IPv4 pool ... ok
test_accel_local_authentication (__main__.TestServicePPPoEServer.test_accel_local_authentication) ...
User "test" has rate-limit configured for only one direction but both
upload and download must be given!
ok
test_accel_name_servers (__main__.TestServicePPPoEServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestServicePPPoEServer.test_accel_next_pool)
T5099 required specific order ... ok
test_accel_radius_authentication (__main__.TestServicePPPoEServer.test_accel_radius_authentication) ... ok
test_pppoe_server_authentication_protocols (__main__.TestServicePPPoEServer.test_pppoe_server_authentication_protocols) ... ok
test_pppoe_server_client_ipv6_pool (__main__.TestServicePPPoEServer.test_pppoe_server_client_ipv6_pool) ... ok
test_pppoe_server_ppp_options (__main__.TestServicePPPoEServer.test_pppoe_server_ppp_options) ... ok
test_pppoe_server_shaper (__main__.TestServicePPPoEServer.test_pppoe_server_shaper) ... ok
test_pppoe_server_vlan (__main__.TestServicePPPoEServer.test_pppoe_server_vlan) ... ok
----------------------------------------------------------------------
Ran 10 tests in 36.115s
OK
vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_vpn_l2tp.py
test_accel_ipv4_pool (__main__.TestVPNL2TPServer.test_accel_ipv4_pool)
Test accel-ppp IPv4 pool ... ok
test_accel_local_authentication (__main__.TestVPNL2TPServer.test_accel_local_authentication) ... ok
test_accel_name_servers (__main__.TestVPNL2TPServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestVPNL2TPServer.test_accel_next_pool)
T5099 required specific order ... ok
test_accel_radius_authentication (__main__.TestVPNL2TPServer.test_accel_radius_authentication) ... ok
----------------------------------------------------------------------
Ran 5 tests in 20.337s
OK
vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_vpn_sstp.py
test_accel_ipv4_pool (__main__.TestVPNSSTPServer.test_accel_ipv4_pool)
Test accel-ppp IPv4 pool ... ok
test_accel_local_authentication (__main__.TestVPNSSTPServer.test_accel_local_authentication) ...
User "test" has rate-limit configured for only one direction but both
upload and download must be given!
ok
test_accel_name_servers (__main__.TestVPNSSTPServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestVPNSSTPServer.test_accel_next_pool)
T5099 required specific order ... ok
test_accel_radius_authentication (__main__.TestVPNSSTPServer.test_accel_radius_authentication) ... ok
----------------------------------------------------------------------
Ran 5 tests in 21.853s
OK
vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_vpn_pptp.py
test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool)
Test accel-ppp IPv4 pool ... ok
test_accel_local_authentication (__main__.TestVPNPPTPServer.test_accel_local_authentication) ... ok
test_accel_name_servers (__main__.TestVPNPPTPServer.test_accel_name_servers) ... ok
test_accel_next_pool (__main__.TestVPNPPTPServer.test_accel_next_pool)
T5099 required specific order ... ok
test_accel_radius_authentication (__main__.TestVPNPPTPServer.test_accel_radius_authentication) ... ok
----------------------------------------------------------------------
Ran 5 tests in 20.351s
OK
```
## Checklist:
- [x] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document
- [x] I have linked this PR to one or more Phabricator Task(s)
- [x] I have run the components [**SMOKETESTS**](https://github.com/vyos/vyos-1x/tree/current/smoketest/scripts/cli) if applicable
- [x] My commit headlines contain a valid Task id
- [ ] My change requires a change to the documentation
- [ ] I have updated the documentation accordingly
1 Like
hook.ua
December 27, 2023, 2:27pm
5
it’s great to know. Thanks
Yes. This fix was merged 18 minutes ago. It will be in the next nighty build or you can build and install a package yourself. Build VyOS — VyOS 1.5.x (circinus) documentation
hook.ua
December 27, 2023, 3:13pm
7
thanks, I could wait for a while.
hook.ua
December 29, 2023, 3:36pm
8
Caught the updated version just after 3 hours after publication.
Thanks
2 Likes