Page MenuHomeVyOS Platform
People sarthurdev

sarthurdev (Simon)
User

Projects

User Details

User Since
May 6 2021, 3:27 PM (203 w, 2 d)

Recent Activity
View All

Mon, Mar 24

sarthurdev created T7281: Update Kea to 2.6.1 and implement new features.
Mon, Mar 24, 1:09 PM · VyOS Rolling

Thu, Mar 13

sarthurdev removed a project from T7196: WLB configuration not migrated from 1.5-rolling-202408210022: VyOS 1.5 Circinus.
Thu, Mar 13, 4:09 PM · VyOS Rolling
sarthurdev closed T7196: WLB configuration not migrated from 1.5-rolling-202408210022 as Resolved.

Thanks for testing and confirming, @JeffWDH

Thu, Mar 13, 4:08 PM · VyOS Rolling
sarthurdev moved T6745: rename reverse-proxy to haproxy from Need Triage to Completed on the VyOS Rolling board.
Thu, Mar 13, 3:15 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev closed T6745: rename reverse-proxy to haproxy as Resolved.
Thu, Mar 13, 3:15 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev moved T7148: Global state-policy invalid cannot be set to action reject from Need Triage to Completed on the VyOS Rolling board.
Thu, Mar 13, 3:11 PM · VyOS 1.5 Circinus, VyOS Rolling
sarthurdev closed T7148: Global state-policy invalid cannot be set to action reject as Resolved.
Thu, Mar 13, 3:11 PM · VyOS 1.5 Circinus, VyOS Rolling
sarthurdev moved T7187: haproxy op-mode missing after rename from Backlog - Bug to Completed on the VyOS Rolling board.
Thu, Mar 13, 3:10 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev closed T7187: haproxy op-mode missing after rename as Resolved.
Thu, Mar 13, 3:09 PM · VyOS Rolling, VyOS 1.5 Circinus

Fri, Feb 28

sarthurdev added a comment to T7209: Configured conntrack on input affects on forward.

I think this should be considered expected behaviour, during the several iterations of the firewall (including Vyatta era - without explicit tables and chains) we've not changed the logic of enabling conntrack.

Fri, Feb 28, 6:25 PM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.3), VyOS Rolling

Feb 26 2025

sarthurdev changed the status of T7196: WLB configuration not migrated from 1.5-rolling-202408210022 from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4370

Feb 26 2025, 12:06 PM · VyOS Rolling

Feb 22 2025

sarthurdev committed rVYOSONEXac890f5e3ff7: firewall: T7148: Bridge state-policy uses drop in place of reject.
Feb 22 2025, 1:15 PM
sarthurdev committed rVYOSONEXf4df74811c59: haproxy: T7187: Fix typo in op-mode XML file.
Feb 22 2025, 6:50 AM

Feb 21 2025

sarthurdev changed the status of T7187: haproxy op-mode missing after rename from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4359

Feb 21 2025, 11:38 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev created T7188: haproxy op-mode not reporting correct usage stats.
Feb 21 2025, 11:17 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev created T7187: haproxy op-mode missing after rename.
Feb 21 2025, 11:10 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev moved T5200: Static routing tables are not created with dhcp route from Open to Finished on the VyOS 1.5 Circinus board.
Feb 21 2025, 7:01 PM · VyOS Rolling, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.3)
sarthurdev closed T5200: Static routing tables are not created with dhcp route as Invalid.

Can't reproduce the issue

Feb 21 2025, 7:01 PM · VyOS Rolling, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.3)

Feb 20 2025

sarthurdev added a project to T7148: Global state-policy invalid cannot be set to action reject: VyOS 1.5 Circinus.
Feb 20 2025, 8:16 PM · VyOS 1.5 Circinus, VyOS Rolling
sarthurdev changed the status of T7148: Global state-policy invalid cannot be set to action reject from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4357

Feb 20 2025, 7:25 PM · VyOS 1.5 Circinus, VyOS Rolling
sarthurdev committed rVYOSONEX2250f15e2353: wlb: T4452: Use return for exclude statements.
Feb 20 2025, 6:32 AM

Feb 19 2025

sarthurdev moved T6692: DHCP Exclude IP - Error Config from Open to Finished on the VyOS 1.5 Circinus board.
Feb 19 2025, 7:41 PM · VyOS 1.5 Circinus, VyOS Rolling, Bugs
sarthurdev closed T6692: DHCP Exclude IP - Error Config as Resolved.
Feb 19 2025, 7:25 PM · VyOS 1.5 Circinus, VyOS Rolling, Bugs
sarthurdev closed T4443: Wan Load Balancing Multiple Regressions as Not Applicable.

Closing this, new tasks can be opened for any issues found in new WLB.

Feb 19 2025, 7:15 PM · VyOS Rolling, Bugs
sarthurdev closed T4443: Wan Load Balancing Multiple Regressions, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Not Applicable.
Feb 19 2025, 7:15 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev closed T4587: wan load balance issues with 3 or more WANs, a subtask of T4470: Rewrite load-balancing wan to XML/Python, as Not Applicable.
Feb 19 2025, 7:13 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev closed T4587: wan load balance issues with 3 or more WANs as Not Applicable.

Please re-open if this is encountered in new WLB.

Feb 19 2025, 7:13 PM · Bugs, VyOS Rolling
sarthurdev closed T2760: In a load-balanced multi-wan configuration with DHCP assigned addresses, IPsec "dhcp-interface" does not work as Not Applicable.

This should not be an issue in new implementation

Feb 19 2025, 7:10 PM · VyOS Rolling, Bugs
sarthurdev changed the status of T4452: WAN load-balancing exclude rules break PBR from Open to Needs testing.

PR for new implementation: https://github.com/vyos/vyos-1x/pull/4356

Feb 19 2025, 7:06 PM · VyOS Rolling, Bugs
sarthurdev closed T4470: Rewrite load-balancing wan to XML/Python as Resolved.
Feb 19 2025, 6:50 PM · VyOS Rolling, VyOS 1.5 Circinus

Feb 18 2025

sarthurdev committed rVYOSONEXab6382ede233: wlb: T4470: Support WLB op-mode commands.
Feb 18 2025, 10:04 AM
sarthurdev committed rVYOSONEXa03174843512: wlb: T4470: Migrate WAN load balancer to Python/XML.
Feb 18 2025, 10:04 AM

Jan 25 2025

sarthurdev closed T7041: show dhcp server leases index out of range error as Resolved.
Jan 25 2025, 7:10 PM · VyOS 1.5 Circinus

Jan 13 2025

sarthurdev committed rVYOSONEXc014e5c8297c: kea: T7041: Check lease hostname string is not empty.
Jan 13 2025, 6:55 PM

Jan 12 2025

sarthurdev changed the status of T7041: show dhcp server leases index out of range error from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4301

Jan 12 2025, 6:50 PM · VyOS 1.5 Circinus

Nov 29 2024

sarthurdev committed rVYOSONEX961eab48de35: pki: T3642: Minimize `node_changed` code.
Nov 29 2024, 2:48 PM
sarthurdev committed rVYOSONEX0358f6c660e6: pki: T6809: Support system install of CA certificates.
Nov 29 2024, 2:48 PM

Nov 26 2024

sarthurdev added a comment to T6040: Implement a firewall blacklisting solution.

I think it being called and centered around blacklisting is too specific. I'd be more inclined to see it as a firewall group, perhaps like the functionality of domain groups:

Nov 26 2024, 7:22 PM · VyOS Rolling

Nov 25 2024

sarthurdev committed rVYOSONEX4e49794fcf55: dhcp: T6692: Fix range options not present when `exclude` is used.
Nov 25 2024, 3:56 PM

Nov 22 2024

sarthurdev changed the status of T6809: System CA Not Updated with Configuration from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4204

Nov 22 2024, 12:15 AM · VyOS Rolling, Bugs

Nov 21 2024

sarthurdev changed the status of T6692: DHCP Exclude IP - Error Config from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4203

Nov 21 2024, 8:43 PM · VyOS 1.5 Circinus, VyOS Rolling, Bugs
sarthurdev added a comment to T6907: [op-commands] encrypted/hidden sensible information in 'show configuration'.

Could nodes be flagged as sensitive in XML properties and that flag exposed to op-mode show scripts?

Nov 21 2024, 7:08 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
sarthurdev added a comment to T6534: TPM config encryption is broken.

@syncer The fix is present in rolling and circinus branches

Nov 21 2024, 3:00 PM · VyOS 1.5 Circinus, VyOS Rolling, Bugs
sarthurdev closed T6534: TPM config encryption is broken as Resolved.

Can be closed as resolved by above PR.

Nov 21 2024, 2:10 PM · VyOS 1.5 Circinus, VyOS Rolling, Bugs

Nov 20 2024

sarthurdev committed rVYOSONEXf6ee516ca440: serial: T3397: Remove `--keep-baud` which could result in unexpected baud rate.
Nov 20 2024, 9:06 PM
sarthurdev added a comment to T3397: getty forces --keep-baud in 1.2.x.

Issue present in 1.4.0 tested with Supermicro SOL on ttyS1.

Nov 20 2024, 4:15 PM · VyOS Rolling, VyOS 1.4 Sagitta (1.4.1), VyOS 1.3 Equuleus (1.3.9)

Oct 28 2024

sarthurdev added a comment to T375: WAN failover, not to balance the load.

Most likely, if not addressed already with initial implementation.

Oct 28 2024, 8:26 AM · Restricted Project, VyOS Rolling

Oct 22 2024

sarthurdev closed T6766: Add support ECDSA keys in PKI as Resolved.
Oct 22 2024, 9:02 PM · VyOS 1.5 Circinus

Oct 10 2024

sarthurdev committed rVYOSONEXbb28e001b112: pki: T6766: Add support for ECDSA private keys.
Oct 10 2024, 3:15 PM
sarthurdev committed rVYOSONEX7765e037b9fc: haproxy: T6745: Add haproxy migration to config test.
Oct 10 2024, 3:13 PM
sarthurdev committed rVYOSONEX90a4827284ac: haproxy: T6745: Rename `reverse-proxy` to `haproxy`.
Oct 10 2024, 3:13 PM

Oct 9 2024

sarthurdev changed the status of T6745: rename reverse-proxy to haproxy from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4147

Oct 9 2024, 5:56 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev changed the status of T6745: rename reverse-proxy to haproxy from Open to In progress.
Oct 9 2024, 1:06 PM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev changed the status of T4470: Rewrite load-balancing wan to XML/Python from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4108

Oct 9 2024, 9:27 AM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev changed the status of T6766: Add support ECDSA keys in PKI from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/4146

Oct 9 2024, 9:25 AM · VyOS 1.5 Circinus
sarthurdev added a comment to T6768: GeoIP database update does not work.

Can't reproduce on my end:

Oct 9 2024, 8:46 AM · VyOS Rolling

Oct 7 2024

sarthurdev created T6766: Add support ECDSA keys in PKI.
Oct 7 2024, 6:41 PM · VyOS 1.5 Circinus

Sep 29 2024

sarthurdev moved T4470: Rewrite load-balancing wan to XML/Python from Open to In Progress on the VyOS 1.5 Circinus board.
Sep 29 2024, 11:33 AM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev edited projects for T4470: Rewrite load-balancing wan to XML/Python, added: VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.
Sep 29 2024, 11:33 AM · VyOS Rolling, VyOS 1.5 Circinus
sarthurdev reopened T4470: Rewrite load-balancing wan to XML/Python as "In progress".

Draft PR: https://github.com/vyos/vyos-1x/pull/4108 (WIP)

Sep 29 2024, 11:33 AM · VyOS Rolling, VyOS 1.5 Circinus

Sep 2 2024

sarthurdev added a comment to T6692: DHCP Exclude IP - Error Config.

Can you please include the VyOS config?

Sep 2 2024, 2:49 PM · VyOS 1.5 Circinus, VyOS Rolling, Bugs
sarthurdev claimed T6692: DHCP Exclude IP - Error Config.
Sep 2 2024, 2:48 PM · VyOS 1.5 Circinus, VyOS Rolling, Bugs

Jun 27 2024

sarthurdev closed T4919: TPM-backed config encryption as Resolved.
Jun 27 2024, 2:15 PM · VyOS 1.5 Circinus

May 1 2024

sarthurdev committed rVYOSONEX456419c79304: firewall: T6257: Show member information for dynamic groups in op-mode.
May 1 2024, 8:13 AM

Apr 26 2024

sarthurdev changed the status of T6257: Add op mode commands for dynamic firewall address groups from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/3369

Apr 26 2024, 5:42 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 25 2024

sarthurdev moved T6241: Updating CRL in "pki" config does not update OpenVPN from Open to In Progress on the VyOS 1.5 Circinus board.
Apr 25 2024, 2:46 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev moved T6241: Updating CRL in "pki" config does not update OpenVPN from Need Triage to In Progress on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Apr 25 2024, 2:46 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev added a comment to T6266: Firewall flowtable ability to set timeout for TCP and UDP flow.

Possibly would make sense for CLI to fall under firewall global-options?

Apr 25 2024, 2:03 PM · VyOS Rolling
sarthurdev claimed T6257: Add op mode commands for dynamic firewall address groups.
Apr 25 2024, 1:59 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 18 2024

sarthurdev committed rVYOSONEXa88b3bd344cc: pki: T6241: do not call dependency before its initialization (authored by jestabro).
Apr 18 2024, 12:42 PM

Apr 15 2024

sarthurdev committed rVYOSONEX9f9891a20995: pki: T6241: Fix dependency updates on PKI changes.
Apr 15 2024, 6:12 PM
sarthurdev closed T6174: can't view dhcp server leases if logged in as a tacacs account as Resolved.
Apr 15 2024, 2:48 PM · VyOS 1.5 Circinus
sarthurdev closed T6163: kea-dhcp4-server crashes due to incorrect lease file permissions after 1.5-rolling-202403120022 -> 1.5-rolling-202403230018 upgrade as Resolved.
Apr 15 2024, 2:48 PM · VyOS 1.5 Circinus
sarthurdev changed the status of T6241: Updating CRL in "pki" config does not update OpenVPN from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/3311

Apr 15 2024, 2:43 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Apr 7 2024

sarthurdev committed rVYOSONEX7d339d18e14d: kea: T3316: Ensure correct permissions on lease files.
Apr 7 2024, 8:22 PM
sarthurdev changed the status of T6163: kea-dhcp4-server crashes due to incorrect lease file permissions after 1.5-rolling-202403120022 -> 1.5-rolling-202403230018 upgrade from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/3277

Apr 7 2024, 8:14 PM · VyOS 1.5 Circinus
sarthurdev merged T6137: dhcp files and directory permission not correct after image uprgading into T6163: kea-dhcp4-server crashes due to incorrect lease file permissions after 1.5-rolling-202403120022 -> 1.5-rolling-202403230018 upgrade.
Apr 7 2024, 6:17 PM · VyOS 1.5 Circinus
sarthurdev merged task T6137: dhcp files and directory permission not correct after image uprgading into T6163: kea-dhcp4-server crashes due to incorrect lease file permissions after 1.5-rolling-202403120022 -> 1.5-rolling-202403230018 upgrade.
Apr 7 2024, 6:17 PM · VyOS 1.5 Circinus
sarthurdev changed the status of T6163: kea-dhcp4-server crashes due to incorrect lease file permissions after 1.5-rolling-202403120022 -> 1.5-rolling-202403230018 upgrade from Open to Confirmed.
Apr 7 2024, 6:11 PM · VyOS 1.5 Circinus

Mar 28 2024

sarthurdev committed rVYOSONEXa39f8c73ba60: dhcp: T6174: Add TACACS/Radius users to _kea group.
Mar 28 2024, 8:31 PM
sarthurdev changed the status of T6174: can't view dhcp server leases if logged in as a tacacs account from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/3210

Mar 28 2024, 8:24 PM · VyOS 1.5 Circinus
sarthurdev committed rVYOSONEX952b1656f516: ipsec: T5606: T5871: Use multi node for CA certificates.
Mar 28 2024, 4:11 PM
sarthurdev changed the status of T6174: can't view dhcp server leases if logged in as a tacacs account from Open to In progress.
Mar 28 2024, 3:03 PM · VyOS 1.5 Circinus
sarthurdev closed T6102: Clear dhcp-server lease throws python exception on 1.5-rolling as Resolved.
Mar 28 2024, 3:02 PM · VyOS 1.5 Circinus
sarthurdev moved T6147: Conntrack not working as expected with global state-policy from In Progress to Finished on the VyOS 1.5 Circinus board.
Mar 28 2024, 3:01 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev closed T6147: Conntrack not working as expected with global state-policy as Resolved.
Mar 28 2024, 3:01 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev moved T5606: IPSec VPN: Allow multiple CAs certificates from In Progress to Finished on the VyOS 1.5 Circinus board.

Updated PR to use multi nodes: https://github.com/vyos/vyos-1x/pull/3202

Mar 28 2024, 2:21 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Mar 21 2024

sarthurdev committed rVYOSONEX62bda3b082a7: conntrack: T6147: Enable conntrack when firewall state-policy is defined.
Mar 21 2024, 12:03 AM

Mar 20 2024

sarthurdev changed the status of T6147: Conntrack not working as expected with global state-policy from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/3159

Mar 20 2024, 10:10 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev changed the status of T6147: Conntrack not working as expected with global state-policy from Confirmed to In progress.
Mar 20 2024, 9:47 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev renamed T6147: Conntrack not working as expected with global state-policy from Conntrack not working as expected to Conntrack not working as expected with global state-policy.
Mar 20 2024, 9:47 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
sarthurdev claimed T6147: Conntrack not working as expected with global state-policy.

This likely because the global state policy being reintroduced was not accounted for in the firewall check in conf script. I'll check this week.

Mar 20 2024, 8:14 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Mar 12 2024

sarthurdev updated subscribers of T6116: VyOS can't work as expected at k8s platform.

Interfaces aren't added on boot because mac address is locally administered: https://github.com/vyos/vyos-1x/blob/current/src/helpers/vyos-interface-rescan.py#L60

Mar 12 2024, 9:11 PM · VyOS Rolling, Bugs
sarthurdev committed rVYOSONEX1fbda3162305: conntrack: T5080: Fix rule order for applied conntrack modules.
Mar 12 2024, 3:14 PM

Mar 11 2024

sarthurdev updated subscribers of T6089: [1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added.

Pretty sure this is the offending migrator. I briefly discussed this with @c-po

Mar 11 2024, 9:45 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Mar 9 2024

sarthurdev committed rVYOSONEXc55140f8bbd8: dhcp: T6102: Fix clear DHCP lease op-mode.
Mar 9 2024, 7:09 PM
sarthurdev committed rVYOSONEX0920121eed97: dhcp: T3316: De-duplicate Kea control socket variable.
Mar 9 2024, 7:09 PM

Mar 7 2024

sarthurdev moved T6073: Conntrack/NAT not being disabled when VRFs are defined from In Progress to Finished on the VyOS 1.5 Circinus board.
Mar 7 2024, 3:45 PM · VyOS 1.4 Sagitta (1.4.0-epa2), VyOS 1.5 Circinus
sarthurdev closed T6073: Conntrack/NAT not being disabled when VRFs are defined as Resolved.
Mar 7 2024, 3:45 PM · VyOS 1.4 Sagitta (1.4.0-epa2), VyOS 1.5 Circinus
sarthurdev committed rVYOSONEX4249473dbaf5: config: T4919: Add support for encrypted config file with TPM.
Mar 7 2024, 3:37 PM