Page MenuHomeVyOS Platform
People ruffy91

ruffy91 (Fabian Riechsteiner)
User

Projects

User does not belong to any projects.

User Details

User Since
Nov 4 2016, 8:55 AM (446 w, 20 h)

Recent Activity
View All

Sat, May 10

ruffy91 created T7444: add authentication for firewall remote-groups.
Sat, May 10, 6:25 AM

Mar 31 2025

ruffy91 created T7303: Allow to bind haproxy service to interface.
Mar 31 2025, 7:41 PM · VyOS Rolling

Mar 23 2025

ruffy91 created T7279: VyOS nightly build signed with wrong key.
Mar 23 2025, 10:12 AM · VyOS Rolling

Nov 7 2024

ruffy91 created T6857: Ruleset information for ipv6 Firewall "prerouting raw" shows wrong default-action.
Nov 7 2024, 8:43 PM · Bugs, VyOS Rolling

Oct 13 2024

ruffy91 created T6776: zabbix-agent affected by CVE-2023-32728 (RCE via S.M.A.R.T. plugin).
Oct 13 2024, 8:23 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.1), VyOS Rolling

Sep 18 2024

ruffy91 added a comment to T6683: NAT64: can't add match fwmark value.

So I investigated further and it is like this in jool:
mark is only used to select between pool4 instances.

Sep 18 2024, 6:07 PM · VyOS Rolling, Bugs

Sep 3 2024

ruffy91 added a comment to T6683: NAT64: can't add match fwmark value.

This made it possible to commit the change
Additionally I set a pbr rule like this:

vyos@vyos# show policy route6
 route6 pbr6 {
     interface bond0.1001
     interface bond0.1002
     interface bond0.1003
     rule 10 {
         destination {
             address 64:ff9b::/96
         }
         set {
             mark 1064
         }
     }
 }

This should only mark traffic going to the nat64 prefix.
however as far as I can see all traffic is still going through/to jool and the "match mark" is ignored.
Where would I be able to verify if it has been set in the backend configs?

Sep 3 2024, 6:19 PM · VyOS Rolling, Bugs

Aug 27 2024

ruffy91 created T6683: NAT64: can't add match fwmark value.
Aug 27 2024, 7:55 PM · VyOS Rolling, Bugs

Jul 30 2024

ruffy91 created T6624: service suricata address-groups cannot be used in each other.
Jul 30 2024, 7:56 PM · VyOS Rolling, Bugs

Nov 4 2016

ruffy91 added a comment to T88: IPsec tunnel broken after nightly build upgrade.

I have a similar problem, since 1.1.7 PFS in phase 2 is not working.
"Oakley Transform [AES_CBC (256), HMAC_SHA2_256, (null)] refused due to strict flag."
As you can see there is no pfs proposal sent by 1.1.7.
The same with a tunnel between 1.1.7 and pfsense 2.3.2.
When activating PFS on both there is no matching proposal, when disabling PFS on pfSense a proposal is found.

Nov 4 2016, 9:02 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)