Why: Smoketests fail as they can not establish IPv6 connection to uvicorn
backend server.
https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests.
While debugging those failing, it was uncovered, that uvicorn only listens on
IPv4 connections
vyos@vyos# netstat -tulnp | grep 8080
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN -
As the CLI already has an option to move the API communication from an IP to a
UNIX domain socket, the best idea is to make this the default way of
communication, as we never directly talk to the API server but rather use the
NGINX reverse proxy.
When we put this command we got an error like:
set interfaces tunnel tun100 local-ip '192.0.2.1'
Configuration path: interfaces tunnel tun100 [local-ip] is not valid
Set failed
To make easily understandable the Site-to-Site VPN ikev2 configuration for users (especially if the user is new to VyOS) made the following changes:
- Added dummy interface to both routers for testing purposes
- Added static route for both routers for dummy interface
- Added this line of command:
set vpn ipsec option disable-route-autoinstall
Because when we write this line after the commit action we got an error like:
WARNING: It's recommended to use ipsec vti with the next command
- corrected this line:
set vpn ipsec site-to-site peer OFFICE-B local-address '192.168.0.10'
to this:
set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10'
Based on the discussion here: https://forum.vyos.io/t/dynamic-dns-not-wollowing-web-options/12309 it seems necessary to note that setting the web-options on a given interface is not sufficient for determining the IP address when behind NAT.
I've added some additional detail, which I think will make that more clear, as well as listed the commands as required to set up DDNS behind NAT.
Further I updated the section on RFC2136 to accurately show address instead of interface
Updated command syntax for dynamic dns - changed set service dns dynamic interface to set service dns dynamic address.
Changed the login option from 'login' to 'username'
Changed the web options from 'use-web' to 'web-options'
Changed because I ran into the command syntax change on a 1.4 install. Updating documents to match.
RADIUS and TACACS configuration examples were added.
Also mentioned if there is no connection between VyOS and RADIUS/TACACS servers users need to use local accounts for authentication.
