I've been having an issue with configuring #haproxy under #vyos for aaaages.

Yesterday I decided to spend some time to figure out why I wouldn't work and it turned out to be a pretty silly, annoying bug.

Vyos was writing the timeouts in seconds, whereas HAProxy defaults to milliseconds unless you specify the time unit.

https://vyos.dev/T5548

Wenn ich nach #WireGuard schaue, sehe ich Posts, wo sich Personen freuen, dass ihre Fritz!Box nun endlich WireGuard unterstützt. Freie Routerbetriebssysteme wie #OpenWrt oder #VyOS haben schon seit langem diese Unterstützung. Ich finde es schade, dass so viele proprietäre Routerbetriebssysteme verwenden 😐🙁😭
#VendorLock #FritzBox

I'm considering switching from #OpenWrt to #VyOS for my main firewalls.
I have been experimenting with VyOS for some time now and I really have to say it's awesome.

Interestingly key-based SSH auth wasn't working on the new #VyOS install.

Turns out that it seems to have screwed up the UID of the home directory of my new user. A quick chown took care of it and now it's working.

New #VyOS install is done!
Everything seems to be working: #IPv4, #IPv6, Mesh #Wireguard VPN, #BGP over WG, #BFD to quickly detect VPN connection loss and re-route via other peer within a second, #QoS with Cake to eliminate Upload Bufferbloat.
And by learning the new Firewall syntax I also made a better / stricter firewall config.

Now lets see if the setup is also stable. It should in theory, it's my first bare-metal VyOS install after all and most issues I've had were to to virtualization.

#VyOS changed their Firewall structure! I was just wondering why my copy pasted config didn’t apply.

I am glad this happened right before I started this new install, so now I can immediately learn it.
I am currently still confused, but if it is able to improve the mess that is my old zone config, I‘m up for it.

This is so stupid

and I think i've convinced myself to abandon the #vyos journey and go native linux tooling

Going down the #vyos #arm64 rabbit hole is a painful one.... And I'm not even sweating the kernel or uboot part, just trying to get the packages and rootfs built

I successfully bodged tundra-nat64 into my #VyOS router, such that it can do NAT64 itself. 🎉
It ain‘t pretty, but it works.

#ipv6

#adhd is awesome.

I sat down at my desk to beef up my #vyos config for #lanecloud networking. What happened?

* saw a disk on my desk that needed copying to my NAS so I plugged it in my work station
* logged into my NAS to update some perms
* partially kicked off some updates on NAS
* googled libvirt terraform provider
* wrote linkedin post in response to terraform provider about how IaC atrophies really fast
* clicked "continue" on NAS update
* and uhhh now I'm posting about above. 🤦‍♂️

Cool. #Vyos has basic #haproxy configuration functionality now.

Back at it again. #eveNG #vyos #router #BGP #lab #cisco

Put my notes about the issues I faced during the #VyOS upgrade into a Blog post, in case anyone ever faces the same issues: https://jsteuernagel.de/upgrading-vyos-from-version-1-3-equuleus-to-version-1-4-sagitta/

I just made my second attempt at upgrading #VyOS to 1.4.
And this time, it went perfectly fine! It only forgot about my static interface-routes, as they now have a different syntax and it didn't migrate. Re-added and everything is back to normal.
Now onto my #BGP adventures!

Lying in bed, researching how to configure #BGP over #Wireguard on #VyOS.
Yup, seems like a normal evening.

VyOS will support babel in the latest version. Yuhu!
Unfortunately VyOS uses the FRR implementation of babel, which seems to have some bugs.
https://blog.vyos.io/vyos-project-april-2023-update
https://alioth-lists.debian.net/pipermail/babel-users/2023-April/004082.html
#vyos #babel #routing

Those new #VyOS updates really look promising and I'm thrilled about what comes in the future.
Sadly my first attempts with managing configuration with #Ansible were not very successful, but I will try another time.
https://blog.vyos.io/vyos-project-april-2023-update

I was not sure about using #vyos or #opnsense but I much prefer the juniper like CLI than the web interface of #opnsense

Replaced my #mikrotik CCR router by an HP T730 running open source #vyos network operating system :)

Navigating a BGP zombie outbreak on Juniper routers
https://blog.apnic.net/2023/04/13/navigating-a-bgp-zombie-outbreak-on-juniper-routers/
One of the reasons why I love FLOSS. You can investigate and fix the problem yourself (with the necessary knowledge) if you look into the source code.
An alternative to routers would be OpenWrt, VyOS, bird2, OpenBGPD and frr.

#floss #networking #routing #BGP #OpenWrt #VyOS #bird2 #OpenBGPD #frrRouting