sdev (Simon)
User

Projects

Maintainers
Group

User Details

User Since: May 6 2021, 3:27 PM (99 w, 1 d)

Recent Activity
View All

Wed, Mar 29

sdev added a comment to T5101: VYOS 1.4 release no longer displayes output for 'sudo ipsec statusall'.

Management Commands

Wed, Mar 29, 9:30 PM · VyOS 1.4 Sagitta

Wed, Mar 22

sdev changed the status of T5018: Redirect to IFB removed after change in qos policy from In progress to Needs testing.

Wed, Mar 22, 4:18 PM · VyOS 1.4 Sagitta

Sat, Mar 11

sdev claimed T5080: Conntrack enabled by default.

Sat, Mar 11, 3:40 PM · VyOS 1.4 Sagitta

sdev created T5080: Conntrack enabled by default.

Sat, Mar 11, 3:39 PM · VyOS 1.4 Sagitta

Thu, Mar 9

sdev added a comment to T5018: Redirect to IFB removed after change in qos policy.

PR: https://github.com/vyos/vyos-1x/pull/1881

Thu, Mar 9, 5:09 PM · VyOS 1.4 Sagitta

sdev changed the status of T5018: Redirect to IFB removed after change in qos policy from Confirmed to In progress.

Thu, Mar 9, 4:26 PM · VyOS 1.4 Sagitta

sdev closed T5075: QoS removes interface mirror/redirect rules as Invalid.

My bad

Thu, Mar 9, 3:23 PM · VyOS 1.4 Sagitta

sdev changed the status of T5075: QoS removes interface mirror/redirect rules from Open to In progress.

Thu, Mar 9, 3:15 PM · VyOS 1.4 Sagitta

sdev created T5075: QoS removes interface mirror/redirect rules.

Thu, Mar 9, 3:15 PM · VyOS 1.4 Sagitta

sdev added a comment to T3008: Migrate from ntpd to chronyd.

Discovered a couple of problems with chrony using the existing CLI.

Thu, Mar 9, 12:25 PM · VyOS 1.4 Sagitta

Thu, Mar 2

sdev changed the status of T5039: Can't add new local user from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1863

Thu, Mar 2, 2:46 PM · VyOS 1.4 Sagitta

sdev changed the status of T5039: Can't add new local user from Open to In progress.

Thu, Mar 2, 2:06 PM · VyOS 1.4 Sagitta

sdev changed the status of T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6), a subtask of T3315: Supports dhcpv6 agent execution from pppoe0 interface, from Open to In progress.

Thu, Mar 2, 1:41 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

sdev changed the status of T3316: Use Kea DHCP(v6) instead of ISC DHCP(v6) from Open to In progress.

Have started work on migrating isc-dhcp v4/v6 server to Kea.

Thu, Mar 2, 1:41 PM · VyOS 1.4 Sagitta

Feb 22 2023

sdev changed the status of T5023: PKI commit fails to update dependents from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1840

Feb 22 2023, 9:03 AM · VyOS 1.4 Sagitta

sdev changed the status of T5023: PKI commit fails to update dependents from Open to In progress.

Feb 22 2023, 8:54 AM · VyOS 1.4 Sagitta

sdev created T5023: PKI commit fails to update dependents.

Feb 22 2023, 8:54 AM · VyOS 1.4 Sagitta

Feb 21 2023

sdev changed the status of T5003: Upgrade base system to Debian 12 "Bookworm" from In progress to Needs testing.

Builds completing. ISO worker on Jenkins should be fixed and pushing new rolling images shortly.

Feb 21 2023, 8:43 PM · VyOS 1.4 Sagitta

Feb 13 2023

sdev added a comment to T5003: Upgrade base system to Debian 12 "Bookworm".

https://github.com/vyos/vyos-build/pull/306
https://github.com/vyos/vyos-1x/pull/1817
https://github.com/vyos/vyatta-cfg/pull/60
https://github.com/vyos/vyos-http-api-tools/pull/3

Feb 13 2023, 5:57 PM · VyOS 1.4 Sagitta

sdev moved T5003: Upgrade base system to Debian 12 "Bookworm" from Need Triage to In Progress on the VyOS 1.4 Sagitta board.

Feb 13 2023, 12:42 AM · VyOS 1.4 Sagitta

sdev changed the status of T5003: Upgrade base system to Debian 12 "Bookworm" from Open to In progress.

Feb 13 2023, 12:41 AM · VyOS 1.4 Sagitta

Feb 3 2023

sdev added a comment to T3871: Resolve unexpected interface name reordering.

In T3871#141847, @jestabro wrote:

Before adopting the approach mentioned above, there was development of an alternative using pyudev within an 'interface-monitor' daemon; the following branches contain (a version of) the rebased code. It would need a few hours of attention to check the logic and add the is_persistent check from vyos-interface-rescan.py; it could use some refactoring as well.

https://github.com/vyos/vyos-1x/compare/current...jestabro:vyos-1x:interface-monitor
https://github.com/vyos/vyatta-cfg/compare/current...jestabro:vyatta-cfg:interface-monitor
https://github.com/vyos/vyos-build/compare/current...jestabro:vyos-build:interface-monitor

Feb 3 2023, 9:33 PM · VyOS 1.4 Sagitta

Jan 29 2023

sdev closed T4965: empty description in firewall group causes configuration error on migration as Resolved.

Fixed in commit: https://github.com/vyos/vyos-1x/commit/6eea12512e59cc28f5c2e5ca5ec7e9e7b21731da

Jan 29 2023, 9:39 AM · VyOS 1.4 Sagitta

Jan 7 2023

sdev added a comment to T4919: TPM-backed config encryption.

Draft PR: https://github.com/vyos/vyos-1x/pull/1740

Jan 7 2023, 12:03 PM · VyOS 1.4 Sagitta

c-po awarded T4919: TPM-backed config encryption a 100 token.

Jan 7 2023, 8:36 AM · VyOS 1.4 Sagitta

Jan 6 2023

sdev claimed T4919: TPM-backed config encryption.

Jan 6 2023, 7:48 PM · VyOS 1.4 Sagitta

sdev created T4919: TPM-backed config encryption.

Jan 6 2023, 7:44 PM · VyOS 1.4 Sagitta

Dec 3 2022

sdev added a comment to T478: Firewall address group (multi and nesting).

PR to fix recursion check: https://github.com/vyos/vyos-1x/pull/1691

Dec 3 2022, 11:43 AM · VyOS 1.4 Sagitta

Nov 22 2022

sdev changed the status of T4834: Limit container network name to 15 characters from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1674

Nov 22 2022, 11:58 AM · VyOS 1.4 Sagitta

sdev changed the status of T4834: Limit container network name to 15 characters from Open to In progress.

Nov 22 2022, 11:55 AM · VyOS 1.4 Sagitta

sdev created T4834: Limit container network name to 15 characters.

Nov 22 2022, 11:55 AM · VyOS 1.4 Sagitta

Nov 11 2022

sdev added a comment to T4605: Firewall change default table names.

PR for policy route refactor updates to vyos_mangle: https://github.com/vyos/vyos-1x/pull/1654

Nov 11 2022, 4:49 PM · VyOS 1.4 Sagitta

Nov 3 2022

sdev triaged T4797: External address/network lists for firewall (Local and remote) as Wishlist priority.

Nov 3 2022, 7:44 PM · VyOS 1.4 Sagitta

sdev changed the status of T1097: Make firewall groups work everywhere that's appropropriate from Open to In progress.

PR adds groups to NAT: https://github.com/vyos/vyos-1x/pull/1633

Nov 3 2022, 7:41 PM · VyOS 1.4 Sagitta

sdev changed the status of T1097: Make firewall groups work everywhere that's appropropriate, a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to In progress.

Nov 3 2022, 7:41 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Nov 1 2022

sdev changed the status of T1877: Feature Request: Allow NAT to use network and address groups from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1633

Nov 1 2022, 12:48 PM · VyOS 1.4 Sagitta

sdev added a comment to T970: Hostname Support in NAT and Firewall Rules.

Adds firewall node rule N source/destination fqdn domain.com for single domains per rule and refactors resolver daemon.

Nov 1 2022, 12:47 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

sdev moved T4759: domain-group on policy route not working from Need Triage to In Progress on the VyOS 1.4 Sagitta board.

Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta

sdev changed the status of T4759: domain-group on policy route not working from Open to In progress.

Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta

sdev closed T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat as Resolved.

Nov 1 2022, 9:19 AM · VyOS 1.4 Sagitta

sdev changed the status of T4774: Disallow duplicate pubkey on peers of a wireguard interface from In progress to Backport candidate.

Nov 1 2022, 9:18 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus

Oct 31 2022

sdev changed the status of T1877: Feature Request: Allow NAT to use network and address groups from Open to In progress.

Oct 31 2022, 8:15 PM · VyOS 1.4 Sagitta

Oct 29 2022

sdev moved T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat from Need Triage to In Progress on the VyOS 1.4 Sagitta board.

Oct 29 2022, 5:54 PM · VyOS 1.4 Sagitta

sdev changed the status of T4782: Allow multiple CA certificates (on e.g. EAPoL) from Open to Confirmed.

Good point, I'll try and look into this and see if it can be handled everywhere the new PKI nodes are used.

Oct 29 2022, 5:53 PM · VyOS 1.4 Sagitta

sdev changed the status of T3903: Containers: after command "reboot" the host system will reboot after 1.5 minutes from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1628

Oct 29 2022, 5:48 PM · VyOS 1.4 Sagitta

Oct 28 2022

sdev added a comment to T3903: Containers: after command "reboot" the host system will reboot after 1.5 minutes.

Best suggestion seems to be introducing a script to call podman stop -t N on shutdown/reboot to reduce the timeout before SIGKILL is sent.

Oct 28 2022, 1:27 PM · VyOS 1.4 Sagitta

Oct 27 2022

sdev changed the status of T4774: Disallow duplicate pubkey on peers of a wireguard interface from Open to In progress.

1.4 PR: https://github.com/vyos/vyos-1x/pull/1621

Oct 27 2022, 10:54 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus

Oct 25 2022

sdev changed the status of T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1618

Oct 25 2022, 10:02 PM · VyOS 1.4 Sagitta

sdev changed the status of T4764: NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat from Open to In progress.

Oct 25 2022, 10:29 AM · VyOS 1.4 Sagitta

Oct 11 2022

sdev closed T4741: set firewall zone Local local-zone failed as Resolved.

Oct 11 2022, 1:29 PM · VyOS 1.4 Sagitta

sdev closed T4742: Autocomplete in policy route rule x set table / does not show the tables created in the static protocols as Resolved.

Oct 11 2022, 1:29 PM · VyOS 1.4 Sagitta

Oct 10 2022

sdev changed the status of T4742: Autocomplete in policy route rule x set table / does not show the tables created in the static protocols from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1577

Oct 10 2022, 2:27 PM · VyOS 1.4 Sagitta

sdev changed the status of T4741: set firewall zone Local local-zone failed from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1577

Oct 10 2022, 2:27 PM · VyOS 1.4 Sagitta

Sep 28 2022

sdev changed the status of T4713: [email protected]:~$ show nat destination rules | doesn't work from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1564

Sep 28 2022, 11:13 AM · VyOS 1.4 Sagitta

sdev changed the status of T4713: [email protected]:~$ show nat destination rules | doesn't work from Open to Confirmed.

Sep 28 2022, 9:57 AM · VyOS 1.4 Sagitta

Sep 27 2022

sdev added a comment to T4713: [email protected]:~$ show nat destination rules | doesn't work.

Can we see example destination NAT config with the issue?

Sep 27 2022, 8:56 PM · VyOS 1.4 Sagitta

Sep 21 2022

sdev added a comment to T4706: NAT and NAT66 issues.

Included a fix for this in NAT refactor: https://github.com/vyos/vyos-1x/pull/1552

Sep 21 2022, 4:12 PM · VyOS 1.4 Sagitta

sdev added a comment to T4605: Firewall change default table names.

PR for NAT included with refactor: https://github.com/vyos/vyos-1x/pull/1552

Sep 21 2022, 4:12 PM · VyOS 1.4 Sagitta

Sep 12 2022

sdev added a comment to T2199: Rewrite firewall in new XML/Python style.

Refactor PR: https://github.com/vyos/vyos-1x/pull/1534

Sep 12 2022, 7:16 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

sdev added a comment to T4605: Firewall change default table names.

PR for filter tables: https://github.com/vyos/vyos-1x/pull/1534

Sep 12 2022, 7:15 PM · VyOS 1.4 Sagitta

Sep 10 2022

sdev added a comment to T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups.

In T1185#133941, @roedie wrote:
Just a suggestion, would it be a weird idea to move the firewall config from the interface section to the firewall section? A bit like the zone config. So something like:
set firewall local interface eth0 name <firewall-filter>
set firewall in interface eth0 name <firewall-filter>
set firewall out interface eth0 name <firewall-filter>
set firewall local interface bond0.10v22v6 ipv6-name <firewall-filter>
The problem is that using zone-policy firewall is a bit overkill for a pure router or even a router with async routing. In which scenario I guess only the local variant would be useful.

Sep 10 2022, 6:23 PM · VyOS 1.3 Equuleus (1.3.3)

Aug 17 2022

sdev added a comment to T4612: Support arbitrary netmasks in firewall rules.

Not supported at the moment, but we can look into adding it for both ipv4/v6 in 1.4

Aug 17 2022, 8:05 PM · VyOS 1.4 Sagitta

sdev added a comment to T4605: Firewall change default table names.

While I'm for changing to prefixed tables, I think the issue of tailscale and custom apps should fall under the accepted risk of running custom scripts outside of the config.

Aug 17 2022, 8:02 PM · VyOS 1.4 Sagitta

sdev added a comment to T4610: Firewall with 20K entries cannot load after reboot.

Any config available to test against?

Aug 17 2022, 7:53 PM · VyOS 1.4 Sagitta

Jul 7 2022

sdev triaged T4515: Reduce telegraf binary size as Wishlist priority.

Jul 7 2022, 11:01 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta

Jul 6 2022

sdev added a comment to T4250: Organize logrotate settings to avoid duplicates.

I think there's still a problem possible with /var/log/messages handling:

Jul 6 2022, 3:50 PM · VyOS 1.4 Sagitta

sdev changed the status of T4500: Missing firewall logs from Confirmed to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1398

Jul 6 2022, 3:46 PM · VyOS 1.4 Sagitta

sdev changed the status of T4500: Missing firewall logs from Open to Confirmed.

Confirmed issue, seems to be a problem in rsyslog/logrotate. Possibly related to T4250

Jul 6 2022, 2:50 PM · VyOS 1.4 Sagitta

Jul 5 2022

sdev closed T478: Firewall address group (multi and nesting), a subtask of T2199: Rewrite firewall in new XML/Python style, as Resolved.

Jul 5 2022, 11:41 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

sdev closed T478: Firewall address group (multi and nesting) as Resolved.

Jul 5 2022, 11:41 PM · VyOS 1.4 Sagitta

sdev changed the status of T4512: enable-default-log on zone-policy from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1394

Jul 5 2022, 6:08 PM · VyOS 1.4 Sagitta

sdev changed the status of T4512: enable-default-log on zone-policy from Open to In progress.

Jul 5 2022, 5:27 PM · VyOS 1.4 Sagitta

Jul 2 2022

sdev added a comment to T4299: Firewall - GeoIP filtering.

Inverse match PR: https://github.com/vyos/vyos-1x/pull/1386

Jul 2 2022, 12:52 AM · VyOS 1.4 Sagitta

Jul 1 2022

sdev added a comment to T4500: Missing firewall logs.

If the counters are visible and incrementing when checking with nft list table ip filter then I don't think this is an implementation issue. Wondering if its a problem with the syslog daemon.

Jul 1 2022, 9:49 PM · VyOS 1.4 Sagitta

Jun 29 2022

sdev added a comment to T4485: OpenVPN: Allow multiple CAs certificates.

PR: https://github.com/vyos/vyos-1x/pull/1380

Jun 29 2022, 10:11 PM · VyOS 1.4 Sagitta

Jun 27 2022

sdev closed T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges as Resolved.

Jun 27 2022, 8:16 PM · VyOS 1.4 Sagitta

Jun 25 2022

sdev changed the status of T4485: OpenVPN: Allow multiple CAs certificates from Open to In progress.

Jun 25 2022, 9:58 PM · VyOS 1.4 Sagitta

sdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1368

Jun 25 2022, 9:48 PM · VyOS 1.4 Sagitta

sdev changed the status of T4484: Firewall op-mode summary doesn't correctly handle address group containing ranges from Open to In progress.

Jun 25 2022, 9:46 PM · VyOS 1.4 Sagitta

Jun 15 2022

sdev changed the status of T4435: Policy route and firewall - error when using undefined group from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1362

Jun 15 2022, 9:15 PM · VyOS 1.4 Sagitta

sdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from In progress to Needs testing.

Jun 15 2022, 1:33 PM · VyOS 1.4 Sagitta

sdev added a comment to T4147: New Firewall Implementation - proposed changes on group implementation.

PR: https://github.com/vyos/vyos-1x/pull/1361

Jun 15 2022, 1:32 PM · VyOS 1.4 Sagitta

Jun 13 2022

sdev changed the status of T4147: New Firewall Implementation - proposed changes on group implementation from Open to In progress.

Working on moving groups to named set as part of a refactor in some firewall code.

Jun 13 2022, 12:11 PM · VyOS 1.4 Sagitta

Jun 10 2022

sdev changed the status of T4299: Firewall - GeoIP filtering from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1357

Jun 10 2022, 11:02 PM · VyOS 1.4 Sagitta

sdev changed the status of T478: Firewall address group (multi and nesting), a subtask of T2199: Rewrite firewall in new XML/Python style, from Open to Needs testing.

Jun 10 2022, 7:23 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

sdev changed the status of T478: Firewall address group (multi and nesting) from Open to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/1356

Jun 10 2022, 7:23 PM · VyOS 1.4 Sagitta

May 31 2022

sdev closed T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors as Resolved.

May 31 2022, 6:13 PM · VyOS 1.4 Sagitta

sdev closed T4148: Firewall - Error messages not that clear as it were in old firewall as Resolved.

May 31 2022, 6:11 PM · VyOS 1.4 Sagitta

sdev closed T4199: Commit failed when setting icmpv6 type any as Resolved.

May 31 2022, 6:09 PM · VyOS 1.4 Sagitta

sdev closed T4212: PermissionError when generating/installing server Certificate (generate pki certificate sign ...) as Resolved.

May 31 2022, 6:05 PM · VyOS 1.4 Sagitta

May 30 2022

sdev added a comment to T3642: PKI configuration.

PR for op-mode importing existing PKI files into config: https://github.com/vyos/vyos-1x/pull/1343

May 30 2022, 10:59 PM · VyOS 1.4 Sagitta

May 27 2022

sdev added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

In T1230#123939, @panachoi wrote:

1.4 rolling does not help me, so there must be something "wrong" with my configuration. I've attached the private config, it would be awesome if someone might find what's broken.

private.cfg127 KBDownload

May 27 2022, 6:20 PM · VyOS 1.3 Equuleus (1.3.3)

May 26 2022

sdev added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

@panachoi If you can share the anonymized config that works in 1.2.8 that would be useful. I'd expect migrating to 1.4 to see a decent improvement in firewall load times.

May 26 2022, 10:07 AM · VyOS 1.3 Equuleus (1.3.3)

Apr 20 2022

sdev closed T4345: New firewall code does not accept "rate/time interval" syntax used in old config as Resolved.

Apr 20 2022, 11:58 AM · VyOS 1.4 Sagitta

Apr 14 2022

sdev added a comment to T4358: Image sizes have grown significantly in 1.4.

30 largest packages in 1.4 dev build:

telegraf 144 MB
linux-image-5.10.109-amd64-vyos 107 MB
libwireshark14 100 MB
vyos-linux-firmware 68.8 MB
containernetworking-plugins 51.2 MB
vyos-http-api-tools 40.4 MB
podman 37.3 MB
python3-pycryptodome 36.0 MB
libicu67 33.9 MB
vim-runtime 32.9 MB
vyos-1x 29.2 MB
libperl5.32 28.5 MB
salt-common 27.9 MB
nmap-common 21.2 MB
frr 20.2 MB
libruby2.7 17.9 MB
coreutils 17.9 MB
perl-modules-5.32 17.9 MB
grub-common 17.8 MB
systemd 16.4 MB
locales 16.4 MB
libc6 13.1 MB
pmacct 13.0 MB
ieee-data 12.3 MB
vyos-intel-qat 11.7 MB
aptitude-common 10.3 MB
gdb 10.0 MB
udev 9,184 kB
grub-efi-amd64-bin 8,831 kB
squid 8,582 kB

Apr 14 2022, 3:01 PM · VyOS 1.4 Sagitta