Page MenuHomeVyOS Platform
People a.apostoliuk

a.apostoliuk (Andrii Apostoliuk)
User

Projects

User Details

User Since
Jun 8 2022, 9:47 AM (41 w, 4 d)

Recent Activity
View All

Wed, Mar 22

a.apostoliuk changed the status of T5093: Command 'reset vpn ipsec-profile' doesn't work from Open to In progress.
Wed, Mar 22, 8:48 AM · VyOS 1.4 Sagitta
a.apostoliuk claimed T5093: Command 'reset vpn ipsec-profile' doesn't work.
Wed, Mar 22, 8:47 AM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T5043: Need to create reset command for IKEv2 remote-access vpn connections from Open to Needs testing.
Wed, Mar 22, 8:42 AM · VyOS 1.4 Sagitta

Sun, Mar 19

a.apostoliuk closed T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2 as Resolved.
Sun, Mar 19, 1:48 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2 from In progress to Needs testing.
Sun, Mar 19, 1:47 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Thu, Mar 16

a.apostoliuk created T5093: Command 'reset vpn ipsec-profile' doesn't work.
Thu, Mar 16, 9:50 AM · VyOS 1.4 Sagitta

Mon, Mar 13

a.apostoliuk closed T5074: Show IPSEC SA failed if remote access IKEv2 vpn is used. as Resolved.
Mon, Mar 13, 10:18 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T5074: Show IPSEC SA failed if remote access IKEv2 vpn is used. from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Mon, Mar 13, 10:17 AM · VyOS 1.4 Sagitta

Fri, Mar 10

a.apostoliuk changed the status of T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2 from Open to In progress.
Fri, Mar 10, 9:35 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk added a project to T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2: VyOS 1.3 Equuleus (1.3.3).
Fri, Mar 10, 9:35 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk reopened T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2 as "Open".
Fri, Mar 10, 9:34 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk changed the status of T5074: Show IPSEC SA failed if remote access IKEv2 vpn is used. from Open to In progress.
Fri, Mar 10, 8:18 AM · VyOS 1.4 Sagitta
a.apostoliuk claimed T5074: Show IPSEC SA failed if remote access IKEv2 vpn is used..
Fri, Mar 10, 8:18 AM · VyOS 1.4 Sagitta

Thu, Mar 9

a.apostoliuk created T5074: Show IPSEC SA failed if remote access IKEv2 vpn is used..
Thu, Mar 9, 9:25 AM · VyOS 1.4 Sagitta

Wed, Mar 8

a.apostoliuk changed the status of T5042: Command 'show vpn ipsec remote-access' does not work from Open to In progress.
Wed, Mar 8, 8:14 AM · VyOS 1.4 Sagitta

Wed, Mar 1

a.apostoliuk claimed T5043: Need to create reset command for IKEv2 remote-access vpn connections.
Wed, Mar 1, 3:49 PM · VyOS 1.4 Sagitta
a.apostoliuk created T5043: Need to create reset command for IKEv2 remote-access vpn connections.
Wed, Mar 1, 3:48 PM · VyOS 1.4 Sagitta
a.apostoliuk claimed T5042: Command 'show vpn ipsec remote-access' does not work.
Wed, Mar 1, 3:27 PM · VyOS 1.4 Sagitta
a.apostoliuk created T5042: Command 'show vpn ipsec remote-access' does not work.
Wed, Mar 1, 3:27 PM · VyOS 1.4 Sagitta

Tue, Feb 28

a.apostoliuk created T5039: Can't add new local user.
Tue, Feb 28, 3:49 PM · VyOS 1.4 Sagitta
a.apostoliuk closed T4955: Openconnect radiusclient.conf generating with extra authserver as Resolved.
Tue, Feb 28, 2:01 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk moved T4955: Openconnect radiusclient.conf generating with extra authserver from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Tue, Feb 28, 2:01 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk moved T4955: Openconnect radiusclient.conf generating with extra authserver from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Tue, Feb 28, 2:01 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Mon, Feb 27

a.apostoliuk closed T4985: reset vpn ipsec-peer command with peer name does not work as Resolved.
Mon, Feb 27, 10:20 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T4985: reset vpn ipsec-peer command with peer name does not work from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Mon, Feb 27, 10:20 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Mon, Feb 27, 10:08 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Feb 24 2023

a.apostoliuk changed the status of T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from Needs testing to In progress.
Feb 24 2023, 2:30 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk added a project to T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine: VyOS 1.3 Equuleus (1.3.3).
Feb 24 2023, 9:25 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Feb 20 2023

a.apostoliuk changed the status of T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from In progress to Needs testing.
Feb 20 2023, 1:45 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Feb 15 2023

a.apostoliuk changed the status of T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine from Open to In progress.
Feb 15 2023, 2:40 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk claimed T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine.
Feb 15 2023, 1:59 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk added a comment to T4593: Upgrade strongswan to 5.9.8.

I was wrong. NOT 6 CHILSD_SAs on one tunnel.
6 IKE SAs on one configured tunnel.

Feb 15 2023, 11:50 AM · VyOS 1.4 Sagitta
a.apostoliuk added a comment to T4593: Upgrade strongswan to 5.9.8.

I met 2 issues after the last commit.
My config:

Feb 15 2023, 10:11 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
Feb 15 2023, 9:22 AM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from Finished to 1.3.3 on the VyOS 1.3 Equuleus board.
Feb 15 2023, 9:22 AM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk closed T4993: Can't delete conntrack ignore rule as Resolved.
Feb 15 2023, 9:19 AM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk moved T4993: Can't delete conntrack ignore rule from 1.3.3 to Finished on the VyOS 1.3 Equuleus board.
Feb 15 2023, 9:18 AM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk reopened T4993: Can't delete conntrack ignore rule as "In progress".
Feb 15 2023, 9:18 AM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk changed the status of T4985: reset vpn ipsec-peer command with peer name does not work from In progress to Needs testing.
Feb 15 2023, 8:49 AM · VyOS 1.4 Sagitta

Feb 14 2023

a.apostoliuk closed T4968: VPN IPsec check dpd and close action for empty values as Resolved.
Feb 14 2023, 8:17 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T4968: VPN IPsec check dpd and close action for empty values from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 14 2023, 8:16 AM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4968: VPN IPsec check dpd and close action for empty values from Open to Needs testing.
Feb 14 2023, 7:54 AM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4985: reset vpn ipsec-peer command with peer name does not work from Open to In progress.
Feb 14 2023, 7:53 AM · VyOS 1.4 Sagitta
a.apostoliuk claimed T4985: reset vpn ipsec-peer command with peer name does not work .
Feb 14 2023, 7:53 AM · VyOS 1.4 Sagitta

Feb 13 2023

a.apostoliuk closed T4993: Can't delete conntrack ignore rule as Resolved.
Feb 13 2023, 10:28 AM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk changed the status of T4993: Can't delete conntrack ignore rule from In progress to Needs testing.
Feb 13 2023, 10:28 AM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk closed T4905: Convert show nhrp tunnel to tabulate format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, as Resolved.
Feb 13 2023, 9:58 AM · VyOS 1.4 Sagitta
a.apostoliuk closed T4905: Convert show nhrp tunnel to tabulate format as Resolved.
Feb 13 2023, 9:58 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T4905: Convert show nhrp tunnel to tabulate format from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Feb 13 2023, 9:58 AM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from In progress to Needs testing.
Feb 13 2023, 9:58 AM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format from In progress to Needs testing.
Feb 13 2023, 9:58 AM · VyOS 1.4 Sagitta

Feb 10 2023

a.apostoliuk changed the status of T4993: Can't delete conntrack ignore rule from Open to In progress.
Feb 10 2023, 1:30 PM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk claimed T4993: Can't delete conntrack ignore rule.
Feb 10 2023, 1:30 PM · VyOS 1.3 Equuleus (1.3.3)
a.apostoliuk created T4993: Can't delete conntrack ignore rule.
Feb 10 2023, 10:44 AM · VyOS 1.3 Equuleus (1.3.3)

Feb 6 2023

a.apostoliuk added a comment to T4943: Radius SSH login displays "permission denied" on 1.4 rolling release.

It is a problem with mapping user to radius_priv_user
This problem began after https://github.com/vyos/vyos-1x/commit/765f84386b6e94984ff79db2eab36d51f759159b#diff-0ab0ed71ce757261c4a6ae2f3a5bc441d6257d477bfb5435ae38f230777ff81cR51
If I set in sshd_config

Feb 6 2023, 2:15 PM · VyOS 1.4 Sagitta

Jan 27 2023

a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to In progress.
Jan 27 2023, 9:45 AM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4905: Convert show nhrp tunnel to tabulate format from Open to In progress.
Jan 27 2023, 9:45 AM · VyOS 1.4 Sagitta
a.apostoliuk claimed T4905: Convert show nhrp tunnel to tabulate format.
Jan 27 2023, 9:45 AM · VyOS 1.4 Sagitta

Jan 26 2023

a.apostoliuk changed the status of T4955: Openconnect radiusclient.conf generating with extra authserver from Open to In progress.
Jan 26 2023, 8:04 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk claimed T4955: Openconnect radiusclient.conf generating with extra authserver.
Jan 26 2023, 7:43 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jan 20 2023

a.apostoliuk added a comment to T4943: Radius SSH login displays "permission denied" on 1.4 rolling release.

Confirm.
Version: VyOS 1.4-rolling-202301200317

Jan 20 2023, 1:07 PM · VyOS 1.4 Sagitta
a.apostoliuk closed T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2 as Resolved.
Jan 20 2023, 8:43 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk closed T4551: IPsec rekeying collisions bug as Resolved.
Jan 20 2023, 8:43 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T4551: IPsec rekeying collisions bug from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jan 20 2023, 8:43 AM · VyOS 1.4 Sagitta
a.apostoliuk reopened T4551: IPsec rekeying collisions bug as "Needs testing".
Jan 20 2023, 8:42 AM · VyOS 1.4 Sagitta
a.apostoliuk closed T4551: IPsec rekeying collisions bug as Resolved.
Jan 20 2023, 8:41 AM · VyOS 1.4 Sagitta
a.apostoliuk moved T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2 from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Jan 20 2023, 8:40 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jan 17 2023

a.apostoliuk changed the status of T4864: `show firewall` command errors from In progress to Needs testing.
Jan 17 2023, 3:17 PM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4551: IPsec rekeying collisions bug from Open to In progress.
Jan 17 2023, 10:08 AM · VyOS 1.4 Sagitta

Jan 16 2023

a.apostoliuk changed the status of T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2 from Open to In progress.
Jan 16 2023, 3:04 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jan 11 2023

a.apostoliuk changed the status of T4927: Need to change restart to reload-or-restart in Webproxy module from Open to In progress.
Jan 11 2023, 6:48 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Jan 10 2023

a.apostoliuk added a comment to T4551: IPsec rekeying collisions bug.

I found that if IPSEC lifetime is large(28800) then this problem occurs.
If lifetime eq 1800 sec, everything works.

Jan 10 2023, 3:46 PM · VyOS 1.4 Sagitta
a.apostoliuk claimed T4927: Need to change restart to reload-or-restart in Webproxy module.
Jan 10 2023, 9:42 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
a.apostoliuk created T4927: Need to change restart to reload-or-restart in Webproxy module.
Jan 10 2023, 9:42 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Jan 9 2023

a.apostoliuk added a comment to T4924: Systemctl strongswan.service for some reason is not disabled.

I have tested this bug.
After boot everything woks fine without any problems.
But after restart vpn command all these issues began.

  1. Error message
vyos charon[2079]: 04[NET] no socket implementation registered, sending failed
  1. Swanctl shows unnormal info. IPSEC phase is down.
  2. Traffic passes through the tunnel.
  3. New process appears
Jan 9 2023, 4:21 PM · VyOS 1.4 Sagitta
a.apostoliuk added a comment to T4924: Systemctl strongswan.service for some reason is not disabled.
Jan 9 2023, 3:39 PM · VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4877: Need verification in using import vrf and import vpn, export vpn commands from In progress to Needs testing.
Jan 9 2023, 10:54 AM · VyOS 1.4 Sagitta
a.apostoliuk claimed T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2.
Jan 9 2023, 8:26 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk created T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2.
Jan 9 2023, 8:25 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jan 6 2023

a.apostoliuk added a comment to T4551: IPsec rekeying collisions bug.

I have checked this config on VyOS 1.4-rolling-202212310809 (Strongswan 5.9.8). The problem is the same.

Jan 6 2023, 1:43 PM · VyOS 1.4 Sagitta

Jan 3 2023

a.apostoliuk changed the status of T4864: `show firewall` command errors from Open to In progress.
Jan 3 2023, 12:28 PM · VyOS 1.4 Sagitta

Dec 22 2022

a.apostoliuk created T4890: show conntrack table ipv4 fail.
Dec 22 2022, 4:32 PM · VyOS 1.4 Sagitta

Dec 14 2022

a.apostoliuk changed the status of T4877: Need verification in using import vrf and import vpn, export vpn commands from Open to In progress.
Dec 14 2022, 1:34 PM · VyOS 1.4 Sagitta
a.apostoliuk claimed T4877: Need verification in using import vrf and import vpn, export vpn commands.
Dec 14 2022, 1:33 PM · VyOS 1.4 Sagitta
a.apostoliuk created T4877: Need verification in using import vrf and import vpn, export vpn commands.
Dec 14 2022, 1:22 PM · VyOS 1.4 Sagitta

Dec 10 2022

a.apostoliuk changed the status of T4874: Add Warning message to Equuleus from Open to In progress.
Dec 10 2022, 6:38 AM · VyOS 1.3 Equuleus
a.apostoliuk created T4874: Add Warning message to Equuleus.
Dec 10 2022, 6:38 AM · VyOS 1.3 Equuleus

Dec 6 2022

a.apostoliuk changed the status of T4862: webproxy domain-block does not work from Open to In progress.
Dec 6 2022, 10:15 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
a.apostoliuk created T4862: webproxy domain-block does not work.
Dec 6 2022, 10:15 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Nov 29 2022

a.apostoliuk changed the status of T3810: webproxy squidguard rules don't work properly after rewriting to python. from Needs testing to In progress.
Nov 29 2022, 7:47 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk claimed T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Nov 29 2022, 7:46 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Nov 28 2022

a.apostoliuk added a subtask for T3810: webproxy squidguard rules don't work properly after rewriting to python. : T4844: Incorrect permissions of the safeguard DB directory.
Nov 28 2022, 3:08 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
a.apostoliuk added a parent task for T4844: Incorrect permissions of the safeguard DB directory: T3810: webproxy squidguard rules don't work properly after rewriting to python. .
Nov 28 2022, 3:08 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
a.apostoliuk changed the status of T4844: Incorrect permissions of the safeguard DB directory from Open to In progress.
Nov 28 2022, 3:07 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
a.apostoliuk claimed T4844: Incorrect permissions of the safeguard DB directory.
Nov 28 2022, 3:07 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
a.apostoliuk created T4844: Incorrect permissions of the safeguard DB directory.
Nov 28 2022, 3:07 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Nov 23 2022

a.apostoliuk closed T4496: ping vrf help does not list VRFs as Resolved.
Nov 23 2022, 11:44 AM · VyOS 1.4 Sagitta
a.apostoliuk closed T4492: Incorrect list of neighbors in help for "show bgp vrf VRF neighbors" as Resolved.
Nov 23 2022, 11:43 AM · VyOS 1.4 Sagitta
a.apostoliuk closed T4660: Reorganize route map set community CLI as Resolved.
Nov 23 2022, 11:42 AM · VyOS 1.4 Sagitta
a.apostoliuk closed T4793: Create warning message about disable-route-autoinstall when ipsec vti is used, a subtask of T3953: IPSec with vti interfaces by default add default route to table 220, as Resolved.
Nov 23 2022, 11:38 AM · VyOS 1.3 Equuleus (1.3.3)