Page MenuHomeVyOS Platform
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Jan 11 2022

sarthurdev changed the status of T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 11 2022, 2:48 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T4159: Empty firewall group (address, network & port) generates invalid nftables config, commit fails from Open to Needs testing.

PR removes the empty line when there are no group members, also adds a warning message when empty groups are used in rules.

Jan 11 2022, 2:48 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4131: Show firewall group incorrect format members from Open to Needs testing.

@Viacheslav Not using exact ipset format, however addresses are sorted and output one per line.

Jan 11 2022, 2:46 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4144: Firewall address-group - Improve error messages from In progress to Needs testing.

Should resolve the rest of the error messages.

Jan 11 2022, 2:45 PM · VyOS 1.4 Sagitta

Jan 10 2022

sarthurdev changed the status of T4144: Firewall address-group - Improve error messages from Open to In progress.

IPv4 address range error messages are included in PR: https://github.com/vyos/vyos-1x/pull/1152

Jan 10 2022, 9:09 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4148: Firewall - Error messages not that clear as it were in old firewall from Open to Needs testing.

Error for rule being in use when deleting base node was fixed in https://github.com/vyos/vyos-1x/pull/1151

Jan 10 2022, 9:04 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4137: Firewall group configuration allows to set incorrect port range and invalid port from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1152

Jan 10 2022, 9:02 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1151

Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases , a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.
Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta (1.4.0-epa2)
sarthurdev changed the status of T4155: PBR: `set table main` fails in `firewall.py` with newer rolling releases from Open to Needs testing.

Thanks for catching that!

Jan 10 2022, 6:40 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4149: [Firewall-IPV6] Error delete Fw rules on VIF/INT from Open to In progress.
Jan 10 2022, 5:53 PM · VyOS 1.4 Sagitta

Jan 6 2022

sarthurdev moved T4133: Firewall network group error with zone-based firewall rules from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 6 2022, 5:27 PM · VyOS 1.4 Sagitta, VyConf
sarthurdev moved T4145: Conntrack table not showing after firewall rewriting from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Jan 6 2022, 5:26 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T4145: Conntrack table not showing after firewall rewriting.

Updates the vyatta-conntrack package to work without legacy firewall and fixes the op-mode commands. Should also fix some conntrack functionality (untested).

Jan 6 2022, 3:23 PM · VyOS 1.4 Sagitta

Jan 5 2022

sarthurdev changed the status of T4133: Firewall network group error with zone-based firewall rules from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1139

Jan 5 2022, 5:10 PM · VyOS 1.4 Sagitta, VyConf
sarthurdev changed the status of T4133: Firewall network group error with zone-based firewall rules from Open to In progress.
Jan 5 2022, 2:07 PM · VyOS 1.4 Sagitta, VyConf
sarthurdev changed the status of T3635: Add ability to use mDNS repeater with VRRP from In progress to Needs testing.
Jan 5 2022, 1:55 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4135: Declare zone policy firewall without local zone errors from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1136

Jan 5 2022, 12:40 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4135: Declare zone policy firewall without local zone errors from Open to In progress.
Jan 5 2022, 12:33 AM · VyOS 1.4 Sagitta

Jan 4 2022

sarthurdev added a comment to T4136: Firewall State Policy entries fail to load..

Duplicate of T4130

Jan 4 2022, 12:45 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T4130: Firewall state policy errors chain from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1130

Jan 4 2022, 12:14 AM · VyOS 1.4 Sagitta

Jan 3 2022

sarthurdev changed the status of T4130: Firewall state policy errors chain from Open to In progress.
Jan 3 2022, 9:58 PM · VyOS 1.4 Sagitta

Nov 4 2021

sarthurdev changed the status of T3970: Add support for op-mode PKI direct install into an active config session, a subtask of T3642: PKI configuration, from Open to In progress.
Nov 4 2021, 7:27 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev changed the status of T3970: Add support for op-mode PKI direct install into an active config session from Open to In progress.

PR: https://github.com/vyos/vyos-1x/pull/1066

Nov 4 2021, 7:27 PM · VyOS 1.4 Sagitta
sarthurdev created T3970: Add support for op-mode PKI direct install into an active config session.
Nov 4 2021, 7:21 PM · VyOS 1.4 Sagitta

Nov 3 2021

sarthurdev added a comment to T3931: SSTP doesn't work after rewriting to PKI.

PR: https://github.com/vyos/vyos-1x/pull/1062

Nov 3 2021, 1:31 PM · VyOS 1.4 Sagitta

Oct 31 2021

sarthurdev added a comment to T3873: Zone based Firewall - Filter traffic in same zone.

Included this feature in the firewall/zone-policy rewrite: https://github.com/vyos/vyos-1x/pull/1033

Oct 31 2021, 10:05 PM · VyOS 1.4 Sagitta

Oct 20 2021

sarthurdev added a comment to T2199: Rewrite firewall in new XML/Python style.

Draft PR: https://github.com/vyos/vyos-1x/pull/1033

Oct 20 2021, 3:21 PM · VyOS 1.4 Sagitta (1.4.0-epa2)

Oct 19 2021

sarthurdev added a comment to T3917: Use Avahi as mDNS repeater for IPv6 support.

PR: https://github.com/vyos/vyos-1x/pull/1030

Oct 19 2021, 8:54 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3917: Use Avahi as mDNS repeater for IPv6 support from Open to In progress.
Oct 19 2021, 8:40 PM · VyOS 1.4 Sagitta

Sep 24 2021

sarthurdev created T3854: Missing op-mode commands for conntrack-sync.
Sep 24 2021, 10:31 AM · VyOS 1.3 Equuleus ( 1.3.1), VyOS 1.4 Sagitta

Sep 14 2021

sarthurdev added a comment to T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta.

Good shout, fixed in following PR: https://github.com/vyos/vyos-1x/pull/1005

Sep 14 2021, 9:05 AM · VyOS 1.4 Sagitta

Sep 13 2021

sarthurdev added a comment to T3828: ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta.

PR: https://github.com/vyos/vyos-1x/pull/1004

Sep 13 2021, 12:52 PM · VyOS 1.4 Sagitta

Aug 13 2021

sarthurdev changed the status of T3752: generate pki certificate file xxx doesn't touch file from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/969

Aug 13 2021, 4:42 PM · VyOS 1.4 Sagitta

Aug 10 2021

sarthurdev added a comment to T3727: VPN IPsec ESP proposal and ESP presented in config missmatch.

PR: https://github.com/vyos/vyos-1x/pull/961

Aug 10 2021, 11:57 AM · VyOS 1.4 Sagitta

Jul 22 2021

sarthurdev changed the status of T3642: PKI configuration, a subtask of T2799: VyOS Certificates Manager, from In progress to Needs testing.
Jul 22 2021, 3:49 PM · VyOS 1.3 Equuleus (1.3.6)
sarthurdev changed the status of T3642: PKI configuration from In progress to Needs testing.
Jul 22 2021, 3:49 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev updated the task description for T3642: PKI configuration.
Jul 22 2021, 3:49 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jul 21 2021

sarthurdev updated the task description for T3642: PKI configuration.
Jul 21 2021, 10:01 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev updated the task description for T3642: PKI configuration.
Jul 21 2021, 10:00 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jul 20 2021

sarthurdev updated the task description for T3642: PKI configuration.
Jul 20 2021, 1:46 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jul 19 2021

sarthurdev updated the task description for T3642: PKI configuration.
Jul 19 2021, 5:17 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev added a comment to T3642: PKI configuration.

PKI Wireguard PR: https://github.com/vyos/vyos-1x/pull/929

Jul 19 2021, 5:17 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jul 16 2021

sarthurdev updated the task description for T3642: PKI configuration.
Jul 16 2021, 5:39 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jul 13 2021

sarthurdev added a comment to T3678: VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.

This error occurs because the ipsec module blindly updates the l2tp module after a commit change to ensure any l2tp via ipsec config is then refreshed also.

Jul 13 2021, 4:01 PM · VyOS 1.4 Sagitta

Jul 7 2021

sarthurdev updated the task description for T3642: PKI configuration.
Jul 7 2021, 11:59 AM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev added a comment to T3642: PKI configuration.

vpn rsa-keys migrated: https://github.com/vyos/vyos-1x/pull/912

Jul 7 2021, 11:57 AM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jul 2 2021

sarthurdev changed the status of T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors from In progress to Needs testing.
Jul 2 2021, 10:38 AM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3656: IPSec 1.4 : "show vpn ike sa" does not show the correct default ike version.

Should be resolved in PR: https://github.com/vyos/vyos-1x/pull/903

Jul 2 2021, 10:38 AM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors.

Fixed in PR: https://github.com/vyos/vyos-1x/pull/903

Jul 2 2021, 10:37 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors from Open to In progress.
Jul 2 2021, 9:00 AM · VyOS 1.4 Sagitta

Jun 29 2021

sarthurdev added a comment to T3642: PKI configuration.

PR is in: https://github.com/vyos/vyos-1x/pull/901

Jun 29 2021, 4:39 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev changed the status of T3642: PKI configuration, a subtask of T2799: VyOS Certificates Manager, from Open to In progress.
Jun 29 2021, 12:37 PM · VyOS 1.3 Equuleus (1.3.6)
sarthurdev changed the status of T3642: PKI configuration from Open to In progress.

I should soon have a PR ready for this, including an update to IPSec config to show how to port existing configs to use PKI.

Jun 29 2021, 12:37 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jun 26 2021

sarthurdev added a comment to T3642: PKI configuration.

When using show pki ... commands you would be able to see the relation between certificates and CAs.

Jun 26 2021, 5:27 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jun 22 2021

sarthurdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

@SrividyaA Fixed in PR https://github.com/vyos/vyos-1x/pull/894

Jun 22 2021, 7:45 AM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3643: show vpn ipsec sa doesn't show tunnels in "down" state.

PR: https://github.com/vyos/vyos-1x/pull/894

Jun 22 2021, 7:44 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Jun 21 2021

sarthurdev updated the task description for T3642: PKI configuration.
Jun 21 2021, 5:18 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev updated the task description for T3642: PKI configuration.
Jun 21 2021, 5:18 PM · VyOS 1.4 Sagitta (1.4.0-epa1)
sarthurdev created T3642: PKI configuration.
Jun 21 2021, 5:14 PM · VyOS 1.4 Sagitta (1.4.0-epa1)

Jun 19 2021

sarthurdev added a comment to T3635: Add ability to use mDNS repeater with VRRP.

PR: https://github.com/vyos/vyos-1x/pull/887

Jun 19 2021, 11:55 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3635: Add ability to use mDNS repeater with VRRP from Open to In progress.
Jun 19 2021, 11:48 AM · VyOS 1.4 Sagitta

Jun 17 2021

sarthurdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

@SrividyaA Fixed in PR: https://github.com/vyos/vyos-1x/pull/884

Jun 17 2021, 7:58 PM · VyOS 1.4 Sagitta

Jun 15 2021

sarthurdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

Swanctl migration PR: https://github.com/vyos/vyos-1x/pull/881

Jun 15 2021, 8:43 AM · VyOS 1.4 Sagitta

Jun 12 2021

sarthurdev added a comment to T1501: VPN Commit Errors.

PR: https://github.com/vyos/vyos-1x/pull/875

Jun 12 2021, 7:21 PM · VyOS 1.3 Equuleus (1.3.0), test

Jun 11 2021

sarthurdev added a comment to T645: Allow multiple prefixes in ipsec tunnel.

Included in PR: https://github.com/vyos/vyos-1x/pull/881

Jun 11 2021, 8:45 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

I've left vti esp-group to keep backwards compatibility with current behaviour when vti is configured without any tunnels (when it uses 0.0.0.0/0), in that scenario it would still use the group specified.

Jun 11 2021, 5:00 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

I wonder if instead it should just use the existing tunnel node for this. So if VTI is set on a peer, all configured tunnels get marked for the VTI interface. Current VyOS behaviour allows only for tunnels, or VTI - not both.

Jun 11 2021, 4:27 PM · VyOS 1.4 Sagitta
sarthurdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

@krox2 Oh I think I understand what you mean. You'd want to also be able to create multiple child SAs each with unique left/right subnets?

Jun 11 2021, 11:45 AM · VyOS 1.4 Sagitta

Jun 10 2021

sarthurdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

PR https://github.com/vyos/vyos-1x/pull/881

Jun 10 2021, 10:20 PM · VyOS 1.4 Sagitta

Jun 7 2021

sarthurdev added a comment to T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.

Clarifying as requested by c-po:

Jun 7 2021, 9:12 AM · VyOS 1.4 Sagitta

Jun 4 2021

sarthurdev changed the status of T3599: Migrate NHRP to XML/Python from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/865

Jun 4 2021, 9:55 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3599: Migrate NHRP to XML/Python from Open to In progress.
Jun 4 2021, 5:28 PM · VyOS 1.4 Sagitta

Jun 3 2021

sarthurdev created T3598: DMVPN/IPSec does not work with upstream Strongswan 5.9.
Jun 3 2021, 2:32 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project

Jun 1 2021

sarthurdev changed the status of T3594: Disable by default service strongswan-starter, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to In progress.
Jun 1 2021, 1:28 PM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3594: Disable by default service strongswan-starter from Open to In progress.

PR: https://github.com/vyos/vyos-build/pull/168

Jun 1 2021, 1:28 PM · VyOS 1.4 Sagitta

May 30 2021

sarthurdev added a comment to T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.

Also vpn ipsec site-to-site peer x tunnel x allow-nat-networks and vpn ipsec site-to-site peer x tunnel x allow-public-networks

May 30 2021, 9:46 AM · VyOS 1.4 Sagitta

May 28 2021

sarthurdev added a comment to T3585: Fix NHRP module for updated interfaces tunnel syntax.

PR: https://github.com/vyos/vyos-nhrp/pull/6

May 28 2021, 9:49 AM · VyOS 1.4 Sagitta
sarthurdev changed the status of T3585: Fix NHRP module for updated interfaces tunnel syntax from Open to In progress.
May 28 2021, 9:19 AM · VyOS 1.4 Sagitta

May 27 2021

sarthurdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

IPSec / DMVPN PR: https://github.com/vyos/vyos-1x/pull/856

May 27 2021, 5:09 PM · VyOS 1.4 Sagitta

May 24 2021

sarthurdev added a comment to T3577: Generating vpn x509 key pair fails with command not found.

The main issue seems to be a lack of execute permissions on the script vyatta-gen-x509-keypair

May 24 2021, 12:48 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta
sarthurdev created T3577: Generating vpn x509 key pair fails with command not found.
May 24 2021, 12:41 PM · VyOS 1.3 Equuleus (1.3.4), VyOS 1.4 Sagitta

May 22 2021

sarthurdev added a comment to T3570: Prevent setting of a larger MTU on child interfaces.

PR: https://github.com/vyos/vyos-1x/pull/853

May 22 2021, 7:49 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
sarthurdev changed the status of T3570: Prevent setting of a larger MTU on child interfaces from Open to In progress.
May 22 2021, 7:37 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

May 12 2021

sarthurdev created T3543: Support for setting lacp_rate on LACP bonded interfaces.
May 12 2021, 10:05 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
First
Prev