Re: [Vyatta-users] DHCP pool questions
Hi Mike, As far as to why the DHCP server leases out IPs from the end of the block rather than from the beginning, I'm not sure myself. I just signed up for the ISC DHCP server mailing lists at http://www.isc.org/index.pl?/sw/dhcp/dhcp-lists.php and plan to ask the people on there this question as well. If you added a second dhcp pool for eth2, but it did not appear in '/opt/vyatta/config/dhcpd.conf', and you stil have the config and the 'dhcpd.conf' after that commit, then please include these files with your message. Thanks, Marat - Original Message - From: silvertip257 To: Marat Nepomnyashy ; vyatta-users@mailman.vyatta.com Sent: Sunday, January 13, 2008 6:54 PM Subject: Re: [Vyatta-users] DHCP pool questions Why cannot I take addresses out of the beginning of the block like I'd rather it do? How can I (without rewriting/modifying source code)? That would really stink to have to statically assign everything to make it the way (that it makes sense). It's great and all that it actually does assign an address and ' works ', but why not start at the beginning? From what Marat wrote, I understand that you've seen that behavior before - confirmed. Now, can it be changed? I won't try to start any wars here, but that would unfortunately be one reason I would not want to use Vyatta. Well that and the WAN dhclient that's in progress. I could have sworn (oh and I did commit it) that I added a config for a second dhcp pool (separate) for eth2, but voila it's gone when I check dhcpd.conf... Thanks, Mike On Jan 13, 2008 8:37 PM, Marat Nepomnyashy [EMAIL PROTECTED] wrote: Hi Mike, As far as I know, it is normal for the ISC DHCP server that the Vyatta router is using to lease out addresses starting from the last address of the DHCP lease block, I've seen this before. Not quite sure myself why ISC does it this way, maybe there is an assumption that the IPs at the end of the block are less likely to be already taken... When you write I have discovered that various parts have been separated from the main config, what do you mean? The DHCP server configuration file is '/opt/vyatta/etc/dhcpd.conf', not '/opt/vyatta/etc/dhcp.conf'. The configuration for eth2 should not show up there if you did not configure any DHCP leases for any of the subnets to which your the interface is connected. If you have additional questions, please send us snippets of your router configuration under hierarchies 'interfaces ethernet' and 'service dhcp-server'. Please also send the contents of '/opt/vyatta/etc/dhcpd.conf'. Thanks, Marat - Original Message - From: silvertip257 To: vyatta-users@mailman.vyatta.com Sent: Saturday, January 12, 2008 4:36 PM Subject: [Vyatta-users] DHCP pool questions I've set up a complete vyatta system a few times, even with two versions (2.2 and 3.0). I'm currently working with 3.0 and I'm getting the same behavior as the last time. I setup a DHCP server on eth1, but when it hands out addresses, it always gives out the last address in the block (in this case 192.168.0.60 consistently). When finding the configuration, I have discovered that various parts have been separated from the main config - I don't know if it was that way in previous versions, but thought I'd mention it. Also, my DHCP server for eth2 does not show up in /opt/vyatta/etc/dhcp.conf ;; that's another issue that I'll have to solve after this one. My config for the DHCP server: shared-network Subnet1 { subnet 192.168.0.32 netmask 255.255.255.224 { not authoritative; default-lease-time 86400; max-lease-time 86400; range 192.168.0.34 192.168.0.60; } Thanks, Mike -- // SilverTip257 // == ~ · · /V\ // \\ /( )\ ^`~´^ ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users -- // SilverTip257 // == ~ · · /V\ // \\ /( )\ ^`~´^ -- // SilverTip257 // == ~ · · /V\ // \\ /( )\ ^`~´^ ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] clustering problems
Yep, Here's more info on this problem: https://bugzilla.vyatta.com/show_bug.cgi?id=2411 These are the actual lines that changed: http://suva.vyatta.com/git/?p=ofr.git;a=commitdiff;h=fc524cf7d59981669cb4400192707d4135c6ff49 The 'if' block on lines 377 to 385 that does the VPN clustering IP check was commented out due to a config system circular dependency problem. The underlying circular dependency has been fixed in Glendale, so the clustering IP check will be re-enabled in that release. -- Marat - Original Message - From: Justin Fletcher [EMAIL PROTECTED] To: Ken Felix (C) [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 31, 2007 1:32 PM Subject: Re: [Vyatta-users] clustering problems Afraid so - a fix didn't make it into VC3. From a while back: Ah, piffle - looks like that bug was fixed after VC3 was released. You need to correct /opt/vyatta/sbin/vpn-config.pl .You can get the corrected version from http://suva.vyatta.com/git/?p=ofr.git;a=blob_plain;f=cli/scripts/vpn/vpn-config.pl;hb=HEAD or you can just comment out the check, if you're comfortable with perl. Justin On Dec 31, 2007 12:56 PM, Ken Felix (C) [EMAIL PROTECTED] wrote: Have anybody attempted clustering with vyatta and seen any problems with vpn-ipsec not allowing the cluster ip_addres to be applied? [EMAIL PROTECTED] set vpn ipsec site-to-site peer 1.1.1.40 local-ip 1.1.1.36 [edit] [EMAIL PROTECTED] commit [edit] Commit Failed VPN configuration error. Local IP specified for peer 1.1.1.40 has not been configured in any of the ipsec interfaces or clustering. VPN configuration commit aborted due to error(s). [EMAIL PROTECTED] show cluster interface eth0 interface eth1 pre-shared-secret: firstcluster keepalive-interval: 3 dead-interval: 10 group vpn { primary: fw001 secondary fw002 monitor 2.2.2.140 service 1.1.1.36 service 192.168.254.254 service ipsec } [edit] ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Ethernet card responding to multiple addresses
Hi Jesse, If the system is pingable, then you should be able to access the WebGUI if you enabled 'service webgui'. Have you tried enabling 'service ssh', and ssh-ing to the system? For which IPs did that work? Thanks, Marat - Original Message - From: Jesse Robertson To: vyatta-users@mailman.vyatta.com Sent: Friday, December 28, 2007 1:52 PM Subject: [Vyatta-users] Ethernet card responding to multiple addresses I'm just beginning to learn about this and am in the process of setting up a test router. I have installed 3 ethernet cards in the test pc of various brands and ages ( I used what I had laying around and this is only replacing a linksys BEFSX41 (Hopefully)). The software recognizes the 3 separate cards and has called them eth 0 - 2 and reads there MAC addresses nicely. I set each card to its own IP 192.168.1.30/24 -192.168.1.32/24 and when I go to Configure and Show it displays correctly. The issue is that I have only connected one card to a switch and that is showing up as all three ip addresses. It responds intermittently to pings and though I activated the WebGUI I cannot access it. If someone has an idea of what I'm doing wrong I'd appreciate the help. Thanks Jesse -- ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] requests
Hi Todd, Thanks for the feedback. Two new enhancement requests have been open in the Vyatta Bugzilla. 1. Display hostname of router when user logs into GUI Bug 2562 http://bugzilla.vyatta.com/show_bug.cgi?id=2562 2. Add firewall-rule-specific enable/disable configuration parameters Bug 2563 http://bugzilla.vyatta.com/show_bug.cgi?id=2563 -- Marat - Original Message - From: Todd Worden To: vyatta-users@mailman.vyatta.com Sent: Saturday, December 22, 2007 5:56 PM Subject: [Vyatta-users] requests I think there is a better place probably to ask this, but for a future release it would be nice to have a couple mods. 1. When the user logs into the webgui to display the host-name of the router if configured. For uses who are using VRRP this might allow a quick determination which router has won the election. 2. An enabled flag on firewall rules, so when debugging configuration it would be easy to pull a rule, or rule set out of the mix As for the new documentation, I would be excited to see it, but also felt the existing documentation is very good. It, combined with the videos, combined with a couple questions on this list, has been quite complimentary. Thank you all for the awesome product! I hope to convince many to begin using it. Todd Worden Web-Wired, LLC 434.906.0420 [EMAIL PROTECTED] www.web-wired.biz -- ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] DHCP relay in vif interfaces (vc3)
Hi Sergio, There is a limitation in the VC3 release in that only 'ethX' values can be specified for DHCP relay interfaces. This is due to overly stringent validation checks. I just opened a new bug on this: https://bugzilla.vyatta.com/show_bug.cgi?id=2473 A temporary work-around can be implemented using the attachments just added to Bug 2473. There is the attachment id 238 that should be copied over the runtime file '/opt/vyatta/share/xorp/templates/rl_dhcp.tp' on your router. You will also need to apply the patch in attachment id 239 to the runtime script file '/opt/vyatta/sbin/dhcrelay-starter.pl' to disable another validation check. You will have to reboot the router for the validation checks removals to take effect, so make sure you're running off a disk rather than CDROM, or the changes will be lost. Hope this works for now, -- Marat - Original Message - From: Sergio Garcia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 14, 2007 4:34 AM Subject: [Vyatta-users] DHCP relay in vif interfaces (vc3) Hi all. I hope you can help me with this doubt :) I want to relay dhcp requests incoming from tree eth1 vif's to a dhcp server but Vyatta VC3 only allows me to select ethX interfaces (X goes from 0 to 23). Is it possible to do this? Launching dhcrelay manually is not a good solution, but if it is the only way I will accept. Thanks in advance ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Main Vyatta web Page mysteriously gone and nologin prompt
For more info on this problem, take a look at Bug 2366. http://bugzilla.vyatta.com/show_bug.cgi?id=2366 The 2.3 release will no longer have this problem. Now, the problem that Jeff has been experiencing has similar symptoms, but is actually due to different causes, as Jeff did not install with default prompts, and no longer experienced the problem after a reboot. There is another Bug for that: http://bugzilla.vyatta.com/show_bug.cgi?id=2420 -- Marat - Original Message - From: Justin Fletcher [EMAIL PROTECTED] To: Scott Pickles [EMAIL PROTECTED] Cc: vyatta-users@mailman.vyatta.com Sent: Monday, October 08, 2007 7:46 PM Subject: Re: [Vyatta-users] Main Vyatta web Page mysteriously gone and nologin prompt It's a recent discovery tracked in the Bugzilla database. In the next release, the installation script checks for it, and ensures that you can't do that. Justin On 10/8/07, Scott Pickles [EMAIL PROTECTED] wrote: I agree with Jeff. I too installed Vyatta using the default prompts. If you are aware of the fact that installing root and config on the same partitions is an issue, why not either put a disclaimer in the documentation, the setup, or both? Regards, Scott On 10/8/07, Jeff [EMAIL PROTECTED] wrote: Mysteriously sometime between Thursday afternoon and Monday morning the vyatta main webpage is gone and I see the lighthttpd placeholder page nor is it prompting to allow the connection as it did before and i do not know why..??? Things were all there Thursday afternoon.. I have not rebotted vyatta, and vyatta seems to be running ok Anyone with any ideas? Jeff ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vyatta login
Hi Mike, The vyatta user login credentials are initialized by rtrmgr based on the information in the configuration file. The rtrmgr may have crashed before it would have initialized the login credentials. To test this hypothesis, login as root/vyatta, and do 'ps - ef | grep rtrmgr'. If the rtrmgr did crash, take a look in '/var/log/messages' for its error message. Most likely it did not like something in the configuration file. If you can, please send your configuration file as an attachment, also send '/var/log/messages'. -- Marat - Original Message - From: silvertip257 To: vyatta-users@mailman.vyatta.com Sent: Friday, September 21, 2007 12:15 PM Subject: [Vyatta-users] vyatta login I know this will seem to be a rather stupid post, but I cannot seem to get into my vyatta after booting Live from CD. I've got both the VC2 and 2.2 versions on livecd and have not changed a thing - I'm booting Live. My main goal is to use Camarillo ( 2.2) so I'm as up-to-date as possible. I type vyatta and vyatta for username and password, respectively. I get Login Incorrect. Despite that user, root and vyatta for username and password work fine. I've watched the screencast on the vyatta site, so I'm not missing anything that I need to know. I also have all the user/help manuals for vyatta, so I have resources and did my homework. Please help me out, as I've finally eliminated the hardware issues I had before. Thanks, Mike -- ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Web interface gone...
Hi Egbert, It sounds like after the package update, lighttpd got restarted with the default settings in '/etc/lighttpd/lighttpd.conf', and the default 'document-root' settings are pointed to '/var/www' instead of '/var/www/pages'. The reason why you saw the general login page layout but not the content when you browsed to http://my-server/pages/ is because loading that content depends on 'document-root' to be set to '/var/www/pages' To fix this problem, it is necessary to get lighttpd restarted with the Vyatta config file '/opt/vyatta/etc/lighttpd.conf' rather than the default config file '/etc/lighttpd/lighttpd.conf'. Do you have the Vyatta config file '/opt/vyatta/etc/lighttpd.conf' on your system? To restart lighttpd with proper config file, try the following sequence of commands from the root bash shell: /etc/init.d/lighttpd stop /opt/vyatta/sbin/lighttpd.init start The above should shut down lighttpd with default settings, and start it up again with Vyatta-specific settings. Then try browsing to the server and using the GUI again. Hit F5 in your browser just to make sure that you load a fresh page. Let me know how it goes, Thanks, Marat - Original Message - From: Egbert Jan [EMAIL PROTECTED] To: vyatta-users@mailman.vyatta.com Sent: Tuesday, August 28, 2007 1:15 PM Subject: [Vyatta-users] Web interface gone... Hi, In an attempt to update my router (was already on 2.2 community testing branch), I used the update commands from the webinterface. So far so good. But at a certain point lighttpd got updated (from the etch repositry) and now I get a lighttpd welcome page on port 80 and an error on 443 (https). I suspect that /etc/lighttpd.conf was modified/replaced and (at least DocumentRoot) is wrong. It is now /var/www. Shouldn't it be /var/www/pages? I have not rebooted yet (more users here at home...). When I point Firefox to http://my-server/pages/ I get an empty login page. The general layout is there but no login/password box. What wold be the simplest way to repair the web interface? I have still ssh access. TNX Egbert Jan (NL) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users