ruffy91 (Fabian Riechsteiner)
User

Projects

User does not belong to any projects.

User Details

User Since: Nov 4 2016, 8:55 AM (410 w, 6 d)

Recent Activity
View All

Yesterday

ruffy91 added a comment to T6683: NAT64: can't add match fwmark value.

So I investigated further and it is like this in jool:
mark is only used to select between pool4 instances.

Wed, Sep 18, 6:07 PM · Restricted Project, VyOS 1.5 Circinus

Tue, Sep 3

ruffy91 added a comment to T6683: NAT64: can't add match fwmark value.

This made it possible to commit the change
Additionally I set a pbr rule like this:

vyos@vyos# show policy route6
 route6 pbr6 {
     interface bond0.1001
     interface bond0.1002
     interface bond0.1003
     rule 10 {
         destination {
             address 64:ff9b::/96
         }
         set {
             mark 1064
         }
     }
 }

This should only mark traffic going to the nat64 prefix.
however as far as I can see all traffic is still going through/to jool and the "match mark" is ignored.
Where would I be able to verify if it has been set in the backend configs?

Tue, Sep 3, 6:19 PM · Restricted Project, VyOS 1.5 Circinus

Tue, Aug 27

ruffy91 created T6683: NAT64: can't add match fwmark value.

Tue, Aug 27, 7:55 PM · Restricted Project, VyOS 1.5 Circinus

Jul 30 2024

ruffy91 created T6624: service suricata address-groups cannot be used in each other.

Jul 30 2024, 7:56 PM · Restricted Project, VyOS 1.5 Circinus

Nov 4 2016

ruffy91 added a comment to T88: IPsec tunnel broken after nightly build upgrade.

I have a similar problem, since 1.1.7 PFS in phase 2 is not working.
"Oakley Transform [AES_CBC (256), HMAC_SHA2_256, (null)] refused due to strict flag."
As you can see there is no pfs proposal sent by 1.1.7.
The same with a tunnel between 1.1.7 and pfsense 2.3.2.
When activating PFS on both there is no matching proposal, when disabling PFS on pfSense a proposal is found.

Nov 4 2016, 9:02 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

ruffy91 (Fabian Riechsteiner)User