User Details
- User Since
- Nov 11 2017, 8:13 PM (368 w, 2 d)
Apr 13 2024
Thanks for the quick fix! I intentionally messed with the file ownership and can confirm that VyOS 1.5-rolling-202404130016 will correct them to the proper values.
Mar 23 2024
Jan 20 2024
Tested https://github.com/vyos/vyos-1x/pull/2857 and confirmed that it works properly now. Thanks for the quick fix!
Jan 17 2024
Sure. I did some further testing and it looks like this is triggered if the client sends DHCP option 81 (FQDN). To reproduce:
Jan 16 2024
Jan 8 2024
The issue with the missing domain name in /etc/hosts with hostfile-update, as mentioned above, seems to trigger another problem. The hostname requested by the client seems to be added to /etc/hosts verbatim and some clients (eg. some Windows machines and printers) request a fully qualified name with a trailing dot. Since pdns-recursor unconditionally appends a dot, there are now two trailing dots, causing pdns-recursor to crash if it restarts.
Apr 10 2023
I found the issue. This was caused by bumping the debian packaging scripts from debian/2%2.10-10 to debian/2%2.10-12, which includes https://salsa.debian.org/debian/wpa/-/commit/d204ceb5a2dc33db888eb55b5fee542a1005e69c. This is not compatible with vyos because vyos uses a config path in /run.
Thanks, I ran the ethernet smoke tests, but not the wireless ones. I'll investigate right away.
Closing as resolved because the PRs were merged (thanks for the quick review!)
Apr 9 2023
For eapol specifically, if your use case involves only a single chain (1 root CA + 1 or more intermediate CAs), then my fix from T4245 should do the trick. You can add each root/intermediate CA to the PKI and then set eapol to the leaf intermediate CA. When the wpa_supplicant configuration is generated, vyos will add the intermediate CA and all of its parents to the .crt file.
Submitted PRs:
Sep 2 2022
In case anyone comes across this bug report, I submitted a couple PRs to fix this earlier this year: https://phabricator.vyos.net/T4245
I've submitted a PR to reintroduce the patch: https://github.com/vyos/vyos-build/pull/259
Sep 1 2022
Feb 20 2022
Closing this as resolved since both PRs have been merged.
Feb 19 2022
Feb 18 2022
PR for documentation: https://github.com/vyos/vyos-documentation/pull/719
I've submitted a PR here: https://github.com/vyos/vyos-1x/pull/1227
Feb 17 2022
After further testing, it looks like it's not necessary to have <iface>_ca.pem contain both the server and client chains of trust.
I started working on implementing my "alternative" idea. It's a little bit more complicated than I first thought because we have to consider both the server and client chain of trust.
Feb 15 2022
Feb 14 2022
Alternatively, since the pki code seems to already recognize parents/issuers:
I've submitted a PR to fix this here: https://github.com/vyos/vyos-1x/pull/1220