Page MenuHomeVyOS Platform
People ruffy91

ruffy91 (Fabian Riechsteiner)
User

Projects

User does not belong to any projects.

User Details

User Since
Nov 4 2016, 8:55 AM (474 w, 13 h)

Recent Activity
View All

Oct 31 2025

ruffy91 renamed T7928: load-balancing haproxy not taking into account listen-address when checking for other services on port from Cannot reuse port for haproxy that is used as container port to load-balancing haproxy not taking into account listen-address when checking for other services on port.
Oct 31 2025, 7:41 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling

Oct 15 2025

ruffy91 added a comment to T7928: load-balancing haproxy not taking into account listen-address when checking for other services on port.
tmp_address = front_config.get('address', None)

shouldn't this be listen_address instead of address on line 75?

Oct 15 2025, 5:40 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
ruffy91 added a comment to T7928: load-balancing haproxy not taking into account listen-address when checking for other services on port.

After my workaround described above:

vyos@vyos# sudo netstat -tulpn | grep 993                                         
tcp        0      0 192.0.2.1:993      0.0.0.0:*               LISTEN      513
01/haproxy
tcp6       0      0 2001:0db8::25:993  :::*                    LISTEN      784
61/conmon

and then when configuring the other way around:

edit]
vyos@vyos# set load-balancing haproxy service wan-993 port 994
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# set load-balancing haproxy service wan-993 port 993
[edit]
vyos@vyos# commit
[ load-balancing haproxy ]
TCP port "993" is used by another service
[[load-balancing haproxy]] failed
Commit failed
[edit]
vyos@vyos# sudo netstat -tulpn | grep 993                     
tcp6       0      0 2001:0db8::25:993  :::*                    LISTEN      784
61/conmon
Oct 15 2025, 5:12 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling

Oct 13 2025

ruffy91 updated the task description for T7928: load-balancing haproxy not taking into account listen-address when checking for other services on port.
Oct 13 2025, 6:18 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
ruffy91 created T7928: load-balancing haproxy not taking into account listen-address when checking for other services on port.
Oct 13 2025, 6:15 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
ruffy91 added a comment to T7485: DHCPv6 does not work on PPPoE interfaces.

Yes I've tested with the latest nightly, the config node didn't exist before.

vyos@vyos# show interfaces pppoe pppoe0 | strip-private
+address dhcpv6
 authentication {
     password xxxxxx
     username xxxxxx
 }
 dhcpv6-options {
     duid xx:xx:xx:xx:xx:12:xx:xx:xx:xx:xx:b9:xx:xx:xx:xx:xx:94
     pd 0 {
         interface bond0.1 {
             address 1
             sla-id 0
         }
         interface bond0.1001 {
             address 1
             sla-id 1
         }
         interface bond0.1002 {
             address 1
             sla-id 2
         }
         interface bond0.1003 {
             address 1
             sla-id 3
         }
         interface bond0.2001 {
             address 1
             sla-id 257
         }
         interface eth2 {
             address 1
             sla-id 4
         }
         interface eth3 {
             address 1
             sla-id 10
         }
         length 48
     }
 }
 ipv6 {
     address {
         autoconf
     }
 }
 mtu 1500
 no-peer-dns
 source-interface bond0.4002
[edit]
vyos@vyos#
[ interfaces pppoe pppoe0 ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 156, in run_
script
    script.apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces_pppoe.py", line 132,
 in apply
    p.update(pppoe)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/pppoe.py", lin
e 124, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py",
 line 1831, in update
    self.add_addr(addr, vrf_changed=vrf_changed)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py",
 line 1286, in add_addr
    elif not is_intf_addr_assigned(self.ifname, addr, netns=netns):
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/network.py", line
 454, in is_intf_addr_assigned
    if ip_interface(addr) == interface or address == addr:
       ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/ipaddress.py", line 117, in ip_interfac
e
    raise ValueError(f'{address!r} does not appear to be an IPv4 or
 IPv6 interface')
ValueError: 'd' does not appear to be an IPv4 or IPv6 interface
Oct 13 2025, 2:55 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
ruffy91 added a comment to T7485: DHCPv6 does not work on PPPoE interfaces.

This unfortunately doesn't work.
Why is it in the new address node when there is ipv4 address and ipv6 address already? It should be in ipv6 address where the other ipv6 addressing options are too.
Also I get the following error when trying to set it:

script
    script.apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces_pppoe.py", line 132,
 in apply
    p.update(pppoe)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/pppoe.py", lin
e 124, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py",
 line 1831, in update
    self.add_addr(addr, vrf_changed=vrf_changed)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py",
 line 1286, in add_addr
    elif not is_intf_addr_assigned(self.ifname, addr, netns=netns):
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/network.py", line
 454, in is_intf_addr_assigned
    if ip_interface(addr) == interface or address == addr:
       ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/ipaddress.py", line 117, in ip_interfac
e
    raise ValueError(f'{address!r} does not appear to be an IPv4 or
 IPv6 interface')
ValueError: 'd' does not appear to be an IPv4 or IPv6 interface
Oct 13 2025, 10:22 AM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling

May 10 2025

ruffy91 created T7444: add authentication for firewall remote-groups.
May 10 2025, 6:25 AM

Mar 31 2025

ruffy91 created T7303: Allow to bind haproxy service to interface.
Mar 31 2025, 7:41 PM · VyOS Rolling

Mar 23 2025

ruffy91 created T7279: VyOS nightly build signed with wrong key.
Mar 23 2025, 10:12 AM · VyOS Rolling

Nov 7 2024

ruffy91 created T6857: Ruleset information for ipv6 firewall "prerouting raw" shows wrong default action.
Nov 7 2024, 8:43 PM · VyOS 1.5 Circinus (2025.11)

Oct 13 2024

ruffy91 created T6776: zabbix-agent affected by CVE-2023-32728 (RCE via S.M.A.R.T. plugin).
Oct 13 2024, 8:23 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.1), VyOS Rolling

Sep 18 2024

ruffy91 added a comment to T6683: NAT64: can't add match fwmark value.

So I investigated further and it is like this in jool:
mark is only used to select between pool4 instances.

Sep 18 2024, 6:07 PM · VyOS Rolling, Bugs

Sep 3 2024

ruffy91 added a comment to T6683: NAT64: can't add match fwmark value.

This made it possible to commit the change
Additionally I set a pbr rule like this:

vyos@vyos# show policy route6
 route6 pbr6 {
     interface bond0.1001
     interface bond0.1002
     interface bond0.1003
     rule 10 {
         destination {
             address 64:ff9b::/96
         }
         set {
             mark 1064
         }
     }
 }

This should only mark traffic going to the nat64 prefix.
however as far as I can see all traffic is still going through/to jool and the "match mark" is ignored.
Where would I be able to verify if it has been set in the backend configs?

Sep 3 2024, 6:19 PM · VyOS Rolling, Bugs

Aug 27 2024

ruffy91 created T6683: NAT64: can't add match fwmark value.
Aug 27 2024, 7:55 PM · VyOS Rolling, Bugs

Jul 30 2024

ruffy91 created T6624: service suricata address-groups cannot be used in each other.
Jul 30 2024, 7:56 PM · VyOS Rolling, Bugs

Nov 4 2016

ruffy91 added a comment to T88: IPsec tunnel broken after nightly build upgrade.

I have a similar problem, since 1.1.7 PFS in phase 2 is not working.
"Oakley Transform [AES_CBC (256), HMAC_SHA2_256, (null)] refused due to strict flag."
As you can see there is no pfs proposal sent by 1.1.7.
The same with a tunnel between 1.1.7 and pfsense 2.3.2.
When activating PFS on both there is no matching proposal, when disabling PFS on pfSense a proposal is found.

Nov 4 2016, 9:02 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)