Page MenuHomeVyOS Platform

aderouineau (Aurelien Derouineau)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 8 2022, 6:54 PM (97 w, 6 d)

Recent Activity

Jan 20 2024

aderouineau added a comment to T5692: NTP leap smear.

I made a suggestion in the description. What do you think?

Jan 20 2024, 1:44 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Oct 29 2023

aderouineau added a comment to T5694: NTP should always be allowed from localhost and bindaddress/binddevice can only exist once.

Instead of "deny all" if no allow-clients are configured then localhost is always allowed. Can be handy when using containers and other if needed to sync to localhost for whatever reason (if the use of RTC isnt enough).

Oct 29 2023, 2:53 PM · VyOS 1.5 Circinus

Oct 28 2023

aderouineau added a comment to T5694: NTP should always be allowed from localhost and bindaddress/binddevice can only exist once.

What kind of cleanup are you talking about?

Oct 28 2023, 3:33 AM · VyOS 1.5 Circinus
aderouineau added a comment to T5694: NTP should always be allowed from localhost and bindaddress/binddevice can only exist once.

This task is regarding to add localhost by default as allowed source to speak to chronyd (the current NTP daemon in VyOS).

Oct 28 2023, 3:05 AM · VyOS 1.5 Circinus
aderouineau closed T5691: `show ntp` not working as Invalid.
Oct 28 2023, 2:26 AM · VyOS 1.5 Circinus
aderouineau added a comment to T5691: `show ntp` not working.

I found the issue. I was missing a firewall input rule to allow anything from lo.

Oct 28 2023, 2:26 AM · VyOS 1.5 Circinus
aderouineau added a comment to T5691: `show ntp` not working.

With my config chronyd still listens locally on 323:

udp        0      0 192.168.2.253:123       0.0.0.0:*                           20420/chronyd
udp        0      0 127.0.0.1:323           0.0.0.0:*                           20420/chronyd
udp6       0      0 ::1:323                 :::*                                20420/chronyd
Oct 28 2023, 2:13 AM · VyOS 1.5 Circinus

Oct 27 2023

aderouineau added a comment to T5691: `show ntp` not working.

It is not, but I do not want to make my NTP internet-facing anyways.

Oct 27 2023, 6:02 PM · VyOS 1.5 Circinus
aderouineau added a comment to T5691: `show ntp` not working.

Can you show the output of sudo ls -la /run/chrony?

Oct 27 2023, 5:40 PM · VyOS 1.5 Circinus
aderouineau added a comment to T5691: `show ntp` not working.

My VyOS NTP config:

set allow-client address '192.168.0.0/16'
set listen-address '192.168.2.253'
set server time.aws.com pool
set server time.google.com pool
Oct 27 2023, 5:39 PM · VyOS 1.5 Circinus
aderouineau created T5692: NTP leap smear.
Oct 27 2023, 10:40 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
aderouineau triaged T5691: `show ntp` not working as Normal priority.
Oct 27 2023, 10:15 AM · VyOS 1.5 Circinus

Aug 28 2023

aderouineau closed T5472: NAT redirect should not require port as Resolved.

My bad, I don't know how I missed them!

Aug 28 2023, 8:03 AM · VyOS 1.4 Sagitta
aderouineau added a comment to T5472: NAT redirect should not require port.

Validated the change on version 1.4-rolling-202308250021.

Aug 28 2023, 12:54 AM · VyOS 1.4 Sagitta

Aug 13 2023

aderouineau updated the task description for T5472: NAT redirect should not require port.
Aug 13 2023, 8:45 AM · VyOS 1.4 Sagitta
aderouineau created T5472: NAT redirect should not require port.
Aug 13 2023, 8:45 AM · VyOS 1.4 Sagitta

Feb 7 2023

aderouineau updated subscribers of T4123: checksum file fails to download from AWS S3 in rolling-release.

@c-po is this an S3 bucket policy issue, or do the files not exist?

Feb 7 2023, 3:57 PM · VyOS 1.4 Sagitta

Nov 27 2022

aderouineau created T4843: Command-line arguments in container config.
Nov 27 2022, 12:16 AM · VyOS 1.4 Sagitta

Oct 23 2022

aderouineau added a comment to T2196: Dynamic ipv4 interface list hairpin.

Any update on this, since it's been more than 2 years since the initial request? This would indeed be very useful for hairpin NAT. It it complicated to implement?

Oct 23 2022, 3:06 AM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta
aderouineau added a comment to T3910: Hairpin NAT Not Functioning Correctly.

I think this should be re-opened. The solution that is documented does not follow the spirit of hairpin NAT, which is that traffic on port N not actually destined to the inside target should not be redirected.

Oct 23 2022, 2:58 AM · Rejected

Oct 16 2022

aderouineau added a comment to T4123: checksum file fails to download from AWS S3 in rolling-release.

I confirm this is still an issue in 1.4-rolling-202207250217 trying to download 1.4-rolling-202210150526:

Oct 16 2022, 3:25 AM · VyOS 1.4 Sagitta

Jul 28 2022

aderouineau added a comment to T4570: Exception when trying to set up VXLAN over Wireguard.

The reason I set an MTU is because I get the following error when unset:

WARNING: RFC7348 recommends VXLAN tunnels preserve a 1500 byte MTU
Jul 28 2022, 5:58 PM · VyOS 1.4 Sagitta

Jul 26 2022

aderouineau added a comment to T4570: Exception when trying to set up VXLAN over Wireguard.

Here is my WG config:

set interfaces wireguard wg2 address 'REDACTED_IPV6/64'
set interfaces wireguard wg2 peer mypeer address 'REDACTED_IPV4'
set interfaces wireguard wg2 peer mypeer allowed-ips '::/0'
set interfaces wireguard wg2 peer mypeer persistent-keepalive '60'
set interfaces wireguard wg2 peer mypeer port '51820'
set interfaces wireguard wg2 peer mypeer public-key 'REDACTED'
set interfaces wireguard wg2 private-key 'REDACTED'
set interfaces wireguard wg2 vrf 'test'
Jul 26 2022, 11:41 PM · VyOS 1.4 Sagitta
aderouineau added a comment to T4497: ping cannot force ipv4 or ipv6.

@n.fort source-address is useful especially when more precision is needed. At the moment its use is cumbersome as it does not provide help hint on the addresses assigned to the router, forcing an operator to first list those addresses.

Jul 26 2022, 2:14 AM · VyOS 1.4 Sagitta
aderouineau added a comment to T4492: Incorrect list of neighbors in help for "show bgp vrf VRF neighbors".

As of 1.4-rolling-202207250217 this is still not resolved.

Jul 26 2022, 2:10 AM · VyOS 1.4 Sagitta
aderouineau closed T4495: Combine BGP reset op commands as Resolved.

I can confirm that at least as of version 1.4-rolling-202207250217the op commands have been merged:

vyos@vyos-lab:~$ reset bgp
Possible completions:
  <x.x.x.x>     BGP IPv4/IPv6 neighbor to clear
  <h:h:h:h:h:h:h:h>
  1-4294967295  Reset peers with the AS number
  all           Clear all peers
  external      Reset all external peers
  ipv4          IPv4 Address Family
  ipv6          IPv6 Address Family
  l2vpn         Layer 2 Virtual Private Network Address Family
  peer-group    Reset all members of peer-group
  prefix        Clear bestpath and re-advertise
  vrf           Virtual Routing and Forwarding (VRF)
Jul 26 2022, 2:09 AM · VyOS 1.4 Sagitta
aderouineau created T4570: Exception when trying to set up VXLAN over Wireguard.
Jul 26 2022, 2:01 AM · VyOS 1.4 Sagitta

Jul 15 2022

aderouineau added a comment to T4494: Cannot reset BGP peer within VRF.

I tested 1.4-rolling-202207111030 and this seems to be resolved, including showing peers in the help.

Jul 15 2022, 3:50 PM · VyOS 1.4 Sagitta
aderouineau closed T4494: Cannot reset BGP peer within VRF as Resolved.
Jul 15 2022, 3:49 PM · VyOS 1.4 Sagitta

Jun 29 2022

aderouineau triaged T4497: ping cannot force ipv4 or ipv6 as Normal priority.
Jun 29 2022, 12:55 AM · VyOS 1.4 Sagitta
aderouineau triaged T4496: ping vrf help does not list VRFs as Low priority.
Jun 29 2022, 12:50 AM · VyOS 1.4 Sagitta
aderouineau triaged T4495: Combine BGP reset op commands as Wishlist priority.
Jun 29 2022, 12:41 AM · VyOS 1.4 Sagitta
aderouineau triaged T4494: Cannot reset BGP peer within VRF as Normal priority.
Jun 29 2022, 12:34 AM · VyOS 1.4 Sagitta
aderouineau triaged T4493: Incorrect help for "show bgp neighbors" as Low priority.
Jun 29 2022, 12:27 AM · VyOS 1.4 Sagitta
aderouineau triaged T4492: Incorrect list of neighbors in help for "show bgp vrf VRF neighbors" as Normal priority.
Jun 29 2022, 12:25 AM · VyOS 1.4 Sagitta

Jun 26 2022

aderouineau added a comment to T1733: Route filters syntax redesign.

@MrXermon Let's say someone is setting up BGP peering and wants to control import or export of prefixes using prefixlist. With your suggestion, how would you deny certain prefixes and accept all others? Can JunOS solve this directly with prefixlist without using route-map?

Jun 26 2022, 9:06 PM · VyOS 2.0.x

Jun 21 2022

aderouineau created T4475: route-map does not support ipv6 peer.
Jun 21 2022, 2:00 AM · VyOS 1.3 Equuleus (1.3.4)