OSPF configure doesn't work on USG 3 - vtysh-set command not found

[admontis]

Running USG 3 with firmware 4.4.50.5272448 When trying to configure the wireguard interface for OSPF, eg. cost 20, the command fails with "vtysh-set command not found" Looking at: /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/cost/node.def -> update:expression: "vtysh-set -i ....

This command is not available on my box.

Workaround: use the same commands as OpenVPN

update:vtysh -c "configure terminal" \ -c "interface $VAR(../../../@)" \ -c "ip ospf cost $VAR(@)" delete:vtysh -c "configure terminal" \ -c "interface $VAR(../../../@)" \ -c "no ip ospf cost"

[dulitz]

I'm seeing the same issue on a USG-4P. Do you have a pull request for this?

I have confirmed that vtysh-set exists on EdgeOS 2.0.8-hotfix1 (for EdgeRouter X and X-SFP) but not on USG-4P 4.4.55.5377109 (latest). Also on the USG-4P, /opt/vyatta/sbin/ubnt_vtysh does not exist (which the vtysh-set wrapper exec's on the EdgeRouter).

Also, I notice wireguard's ospf node doesn't have a bandwidth child, which seems like an error. Maybe I'll put together a pull request to fix both issues at once.

[dulitz]

Looking at this, I think we need to keep the existing config for the EdgeRouter and do something different for the USG. I have it working with a shim /usr/bin/vtysh-set which strips -i and --noerr options and execs vtysh -c "configure terminal" "$@" and I think that's probably the best solution.

[admontis]

I separated the config into edge and unifi.

[dulitz]

I reviewed your commits to your respository. I can't speak to the packaging changes, but your separation into edge and unifi seems like a good path to me and in my opinion you should create a pull request.

One thing I didn't remember to check in my review: you fix various ipv6 issues and add the ospf/bandwidth node which was erroneously missing from mainline, and that is awesome. Do you add that for edge also, or just for unifi? Do you have access to an EdgeRouter to see what openvpn uses there?

[admontis]

I don't have any EdgeRouter with me. So I focused on Unifi only to get my site up and running

[dulitz]

Cool, one of us can add that later (I have edgerouters here but no need to clutter up your pull request with that bit).

How have you tested your packaging changes? You sure it hasn't broken anything else?

[admontis]

I'm building automatically with my local gitlab (.gitlab-ci.yml) and not using the github workflows. If I find some time, I can adapt the github build process. The Unifi package is running on several live environments since end of 2020 without any issues on USG3 and USG4

[admontis]

GitHub build process integrated into a separate branch. I will test the packages later and merge it into master

[dulitz]

Happy to test your Edge packages for you.

On Mon, Jun 21, 2021 at 12:50 AM admontis @.***> wrote:

GitHub build process integrated into a separate branch. I will test the packages later and merge it into master

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/61#issuecomment-864810203, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVWYJIZEXGUO7B4QU3K4BLTT3VOHANCNFSM4U5QX6ZA .

[admontis]

Not sure if you can download the build artifacts. guess not. will put to a download page

[dulitz]

Maybe I could download your earlier artifacts -- I haven't tried downloading the github ones, which are the ones I want to test the most as they correspond to what will happen after any pull request is merged.

On Mon, Jun 21, 2021 at 10:51 AM admontis @.***> wrote:

Not sure if you can download the build artifacts. guess not. will put to a download page

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/61#issuecomment-865228928, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVWYJOIBWODVNXGVEJY7UTTT53ZPANCNFSM4U5QX6ZA .

[admontis]

Created a release with the current version. You should be able to download the packages now

[dulitz]

Sorry for the delay, I've been fixing network issues elsewhere. I'm still running 2.0.8 here so need to wait until a good time to upgrade before I can install these. Probably will be 12 hours from now.

[admontis]

No problem. Do you have any idea if this also works on the UDM Pro ?

[dulitz]

Wireguard does; see this thread. But the UDM and UDM Pro don't use vyatta so the wireguard-vyatta-ubnt repository is not useful for them.

[admontis]

Yeah! Found this already. Installed on the box and looking quite ok

[dulitz]

Confirmed working on E50 -- what I wanted to check was whether the non-USG configs still worked and they do, so I think you should submit a pull request. Thanks for putting this together!

In addition to fixing OSPF for the USG, your changes fix the missing ip/ospf/bandwidth node for EdgeRouter, and I think you fix some IPv6 issues for EdgeRouter as well? Please include that in your message with the pull request.

[dulitz]

Also, if it's convenient, could you update your releases page to indicate that the E50 package is also for EdgeRouter X-SFP and EdgePoint EP-R6 devices? I could do my own pull request but I'm lazy. :)

[dulitz]

Did you ever create that PR? Because I don't see it in either opened or closed -- maybe I missed it.

UBNT pushed a new kernel to me which wiped the old wireguard module and my shim. When I reinstalled the latest package, the OSFP issue remains.

[admontis]

Not yet. I need to catch up with the latest changes

Am 12.11.2021 um 20:26 schrieb Daniel @.***>:

Did you ever create that PR? Because I don't see it in either opened or closed -- maybe I missed it.

UBNT pushed a new kernel to me which wiped the old wireguard module and my shim. When I reinstalled the latest package, the OSFP issue remains.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/61#issuecomment-967381003, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKVHUQMMATVNQ5VVFRZ6WVLULVS7BANCNFSM4U5QX6ZA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.