Page MenuHomePhabricator
Feed Advanced Search

Fri, Feb 15

hagbard moved T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules from Need Triage to In Progress on the VyOS 1.2 Crux board.
Fri, Feb 15, 9:36 PM · VyOS 1.2 Crux
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Should be in the latest rolling or here: http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-13_all.deb

Fri, Feb 15, 8:37 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard changed the status of T686: 'run show openvpn client-status' is not displaying local tunnel address from In progress to On hold.

The client status file information is quite different compared to the one from a server config, I couldn't find a way yet to retrieve the information for the table.

Fri, Feb 15, 7:00 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard changed the status of T686: 'run show openvpn client-status' is not displaying local tunnel address from Open to In progress.
Fri, Feb 15, 6:37 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

@zsdc Is it working for you with the package above?

Fri, Feb 15, 5:29 PM · VyOS 1.2 Crux

Thu, Feb 14

hagbard changed the status of T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules from Confirmed to Needs testing.
Thu, Feb 14, 11:37 PM · VyOS 1.2 Crux
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

@zsdc All right, http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyatta-wanloadbalance/vyatta-wanloadbalance_0.13.70+vyos2+current1_amd64.deb should solve the issue you are seeing. The code of the binary is good for another dozen bug tickets =)

Thu, Feb 14, 11:37 PM · VyOS 1.2 Crux
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

LBDecision::execute(): applying command to system: iptables -t mangle -A WANLOADBALANCE_PRE -i eth1 --proto all --destination ! 192.168.0.0/16 -m state --state NEW -j ISP_eth1
Bad argument `192.168.0.0/16'
Try `iptables -h' or 'iptables --help' for more information.
LBDecision::execute(): applying command to system: iptables -t mangle -A WANLOADBALANCE_PRE -i eth1 --proto all --destination ! 192.168.0.0/16 -j CONNMARK --restore-mark
Bad argument `192.168.0.0/16'
Try `iptables -h' or 'iptables --help' for more information.

Thu, Feb 14, 11:06 PM · VyOS 1.2 Crux
hagbard changed the status of T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules from Open to Confirmed.
Thu, Feb 14, 10:54 PM · VyOS 1.2 Crux
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

Happens in /opt/vyatta/sbin/wan_lb.

Thu, Feb 14, 9:48 PM · VyOS 1.2 Crux
hagbard closed T258: Can not configure wan load-balancing on vyos-1.2 as Resolved.

Thanks for testing. New rolling has been built as well.
https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201902142225-amd64.iso

Thu, Feb 14, 9:44 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T258: Can not configure wan load-balancing on vyos-1.2 from Confirmed to Needs testing.

Please test http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyatta-wanloadbalance/vyatta-wanloadbalance_0.13.69+vyos2+current1_amd64.deb or latest rolling release.

Thu, Feb 14, 7:02 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T258: Can not configure wan load-balancing on vyos-1.2 from Open to Confirmed.
Thu, Feb 14, 6:34 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard claimed T258: Can not configure wan load-balancing on vyos-1.2.
Thu, Feb 14, 5:51 PM · VyOS 1.2 Crux (VyOS 1.2.1)

Wed, Feb 13

hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t Please test the latest rolling which has openvpn2.4 installed.

Wed, Feb 13, 4:20 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard placed T1223: Zabbix Proxy crash on actual version of VyOS up for grabs.
Wed, Feb 13, 4:13 PM · Core Community

Mon, Feb 11

hagbard added a comment to T1223: Zabbix Proxy crash on actual version of VyOS.

Nope. The function gethostbyaddr() is a libc function. What you can do is to try to reproduce the issue under debian 8 (jessie).
The crash in the zabbix ticket however is that the zabbix proxy is crashing when it received 3123 byte from 10.255.0.1.

Mon, Feb 11, 5:07 PM · Core Community
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Ok, so that issue has been corrected, I used the wrong validator. (https://github.com/vyos/vyos-1x/commit/1842fc9fdbcfa877e42714eaf620dff18ff9859c)

Mon, Feb 11, 4:52 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Hmm, that (the IP validation) was a different change which was working. I'll have a look.

Mon, Feb 11, 4:43 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Sat, Feb 9

hagbard closed T1238: Wireguard allows invalid IP's as Resolved by committing Restricted Diffusion Commit.
Sat, Feb 9, 10:53 PM · VyOS 1.2 Crux
hagbard changed the status of T1238: Wireguard allows invalid IP's from Open to In progress.
Sat, Feb 9, 10:20 PM · VyOS 1.2 Crux
hagbard closed T1010: improper pid file handling of webgui as Resolved.
Sat, Feb 9, 10:16 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard closed T1223: Zabbix Proxy crash on actual version of VyOS as Invalid.

looks to me like a classic buffer overflow on the zabix agent.

Sat, Feb 9, 7:12 PM · Core Community
hagbard claimed T1239: make module build for vyos-accel-ppp dynamic.
Sat, Feb 9, 7:05 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
hagbard created T1239: make module build for vyos-accel-ppp dynamic.
Sat, Feb 9, 7:05 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
hagbard claimed T1238: Wireguard allows invalid IP's.
Sat, Feb 9, 11:50 AM · VyOS 1.2 Crux
hagbard added a comment to T1010: improper pid file handling of webgui.
Sat, Feb 9, 11:06 AM · VyOS 1.2 Crux (VyOS 1.2.2)

Fri, Feb 8

hagbard changed the status of T1010: improper pid file handling of webgui from Open to In progress.
Fri, Feb 8, 7:36 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

All right, let me know if you need help.

Fri, Feb 8, 6:49 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Thu, Feb 7

hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t Can you please test?

Thu, Feb 7, 11:46 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Hmm. That's weird, I tested some rolling releases and 1.2.0, directly connected and via 5 hops, I can't reproduce what you see. If your crypto is ok and you have the the interface up and running, there won't be an issue. I would also see way more bug tickets here. So , I still believe yoru setup is incorrect, however it's hard to say where it fails. If the wg interface has no incoming and outgoing traffic, it's most likely routing. If inside the wg interface traffic goes out but is not answered but received on the upstream interface, somet6hing is wrong with the crypto. In your sho interface output is shows that traffic is being sent, but nothing recveived, that means the traffic you receive on the WAN side can't be authenticated, so that is an crypto issue. Either the traffic can't be decrypted or there is no existing setup for this public key. If the public key fits, then you can always decrypt with with your private one.

Thu, Feb 7, 6:12 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

That smells more like an issue with your key setup. The wg interface listens on any interface which is up and running. If the traffic inside the wg interface doesn't show anything, that means it can't decrypt the traffic with your private key.

Thu, Feb 7, 5:52 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Tue, Feb 5

hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Tested the config above with in 1.2, no issues found. Not sure what it is yet, but it looks like that either the traffic doesn't really reach the destination (aka endpoint) or vice versa. Awaiting some show output to check the key config etc.

Tue, Feb 5, 11:40 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

@Maltahl You can use any rolling, I made an enhancement yesterday to disable peers, but other than that the code hasn't been touched for a while. If the rolling release works, I need to have a look into 1.2.0. I tested with your config above and everything was working as expected, but I'm around today so feel free to ping me on slack in 1hr.

Tue, Feb 5, 4:14 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Mon, Feb 4

hagbard changed the status of T1226: Wireguard not working between vyos routers 1.2.0 from In progress to On hold.
Mon, Feb 4, 9:38 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

@Maltahl Let me know if you still need help, please. I put the task meanwhile on-hold.

Mon, Feb 4, 9:37 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard closed T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers as Resolved.

http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-12_all.deb next rolling release has it.

Mon, Feb 4, 8:26 PM · VyOS 1.2 Crux
hagbard changed the status of T1226: Wireguard not working between vyos routers 1.2.0 from Open to In progress.
Mon, Feb 4, 6:04 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Sat, Feb 2

hagbard added a comment to T1218: Static routes not being applied in 1.2 Release.

Hmm, I have 7.1-dev-1~debian8+1 on a rolling and 3 blackhole routes and no issues at all.

Sat, Feb 2, 7:06 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard claimed T1226: Wireguard not working between vyos routers 1.2.0.
Sat, Feb 2, 5:29 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

@Maltahl Did you try the same with the rolling release? I don't see any issue with your config in particular, did you check that the wg traffic is actually getting to your router02?

Sat, Feb 2, 5:28 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Fri, Feb 1

hagbard triaged T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers as Normal priority.
Fri, Feb 1, 7:00 PM · VyOS 1.2 Crux
hagbard claimed T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers .
Fri, Feb 1, 6:59 PM · VyOS 1.2 Crux
hagbard created T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers .
Fri, Feb 1, 6:59 PM · VyOS 1.2 Crux

Thu, Jan 31

hagbard changed the status of T1051: Update openvpn to support TLS 1.2 from Open to Needs testing.

@thinkl33t Would you mind testing your use case with https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201901312041-amd64.iso or later? This iso is using the bpo package of openvpn (2.4.0).

Thu, Jan 31, 8:14 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t http://dev.packages.vyos.net/repositories/current/vyos/pool/main/o/openvpn/openvpn_2.4.0-6+deb9u1~bpo8+1_amd64.deb

Thu, Jan 31, 7:41 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Wed, Jan 30

hagbard closed T1217: 1.2.0 LTS cant delete wireguard wg0 interface as Resolved.

http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-11_all.deb or next rolling release will have the fix.

Wed, Jan 30, 11:36 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1217: 1.2.0 LTS cant delete wireguard wg0 interface.

Fix: https://github.com/vyos/vyos-1x/commit/2f70340179a64d5936c32cc3c0d6d7f6f04054d0 applied, pkg build currently running.

Wed, Jan 30, 11:02 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T1217: 1.2.0 LTS cant delete wireguard wg0 interface from Confirmed to In progress.
Wed, Jan 30, 10:54 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1217: 1.2.0 LTS cant delete wireguard wg0 interface.

Bug confirmed.

Wed, Jan 30, 10:49 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T1217: 1.2.0 LTS cant delete wireguard wg0 interface from Open to Confirmed.
Wed, Jan 30, 10:48 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1217: 1.2.0 LTS cant delete wireguard wg0 interface.

I can't replicate it, but I'm using also the rolling release.
Can you please provide the output of:

Wed, Jan 30, 10:31 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard claimed T1217: 1.2.0 LTS cant delete wireguard wg0 interface.
Wed, Jan 30, 10:23 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@c-po imported and test against latest rolling, I couldn't find any issue with 2.4.
Can you please set it up in ci? I'll take it from there once set up.

Wed, Jan 30, 8:15 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@c-po it only affects clients which enforce tls 1.0 or 1.1, at least what I have tested. The perl code needs quite some rework, so I think I split the task into getting a newer release of openvpn into the build. Newer versions have tls 1.0 and 1.1 disabled per default from what I have read, so I think it might be more a changelog announcement that with the new version only tls 1.2 is automatically supported and you have the option to enable weak ciphers via opt .... or so. I'm not too sure yet, I think I have to wait a little on the response once the newer version is in rolling and the feedback I receive.

Wed, Jan 30, 6:06 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Tue, Jan 29

hagbard added a comment to T166: NPTv6 Broken - 999.201609170235.

Done. https://github.com/vyos/vyatta-nat/commit/98ce64bc3c73118c8e909173da460501ca6cabf1

Tue, Jan 29, 11:27 PM · VyOS 1.3 Equuleus
hagbard closed T166: NPTv6 Broken - 999.201609170235 as Resolved.

Perfect. Merged: https://github.com/vyos/vyatta-cfg-firewall/commit/23447bef89a46f44d7544f15c2755d33f38ffd4c

Tue, Jan 29, 9:43 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.
In T1051#27092, @c-po wrote:

set interfaces openvpn vtun0 disable-weak-tls-ciphers

Tue, Jan 29, 6:32 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T166: NPTv6 Broken - 999.201609170235.

@Merijn Have you tested your changes already? I was only bale to find https://github.com/vyos/vyatta-cfg-firewall/pull/12 which only contains the ip6tables targets, did you send PRs for systctl too?

Tue, Jan 29, 6:30 PM · VyOS 1.3 Equuleus

Mon, Jan 28

hagbard changed the status of T833: accel-ppp: pptp implementation, a subtask of T742: Implement accel-ppp in VyOS, from On hold to Confirmed.
Mon, Jan 28, 10:57 PM · VyOS 1.3 Equuleus
hagbard changed the status of T833: accel-ppp: pptp implementation from On hold to Confirmed.
Mon, Jan 28, 10:57 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@syncer Currently we ship in the iso openvpn from, we could use it from bpo which would be 2.4 (2.6 is the latest), or we replace it with a self-compiled 2.6, or do you just want cpo's solution implemented?

Mon, Jan 28, 4:48 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Sat, Jan 26

hagbard renamed T1205: module pcspkr missing from module pcspkr missiing to module pcspkr missing.
Sat, Jan 26, 6:35 PM · VyOS 1.3 Equuleus
hagbard closed T1193: libvyosconfig parser cannot handle top level leaf and tag nodes as Resolved.
Sat, Jan 26, 6:34 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard created T1205: module pcspkr missing.
Sat, Jan 26, 6:25 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Rebuilding iso, once it finished it will have the correct version.
[...]
Get:152 http://dev.packages.vyos.net/repositories/current/vyos/ current/main libvyosconfig0 amd64 0.0.6 [841 kB]
[...]
Will test it from the iso, just for peace of mind.

Sat, Jan 26, 5:32 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard claimed T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Dev.packages has 0.0.06, so something goes sideways during build process, I will work on that and test. I'll take the task back and close it when resolved in ci (looking into it right now). I manually installed the package and everything works as expected.

Sat, Jan 26, 5:26 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Still same issue on 1.2.0-rolling+201901250337.

Sat, Jan 26, 5:21 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Nice! I will test it tomorrow for sure.

Sat, Jan 26, 2:28 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)

Fri, Jan 25

hagbard closed T1178: Scheduled script breaks ability to modify configuration as Resolved.
Fri, Jan 25, 8:07 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Anyone?

Fri, Jan 25, 6:13 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)

Wed, Jan 23

hagbard reassigned T1193: libvyosconfig parser cannot handle top level leaf and tag nodes from hagbard to dmbaturin.
Wed, Jan 23, 8:08 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Found the bug, https://github.com/hagbard-01/vyos-1x/releases/download/1.2.0-10/vyos-1x_1.2.0-10_all.deb should fix it. As soon as You guys can confirm, I push it upstream.

Wed, Jan 23, 7:56 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

@c-po All right, found it. Try it without arguments, then it ends up just as */5 * * * * root /usr/bin/logger which causes the issue. That shouldn't be too hard to fix, the existence of the cronjobfile after a reboot without the save command however is a longer journey.

Wed, Jan 23, 6:32 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Thanks that helps, I gotta review. Remote authenticated users would act like local ones by the way, pam would resolve it or if it can't be resolved, con exits with 1.

Wed, Jan 23, 6:07 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

@c-po
*/5 * * * * cpo sg vyattacfg "/usr/bin/logger foo"

Wed, Jan 23, 7:44 AM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

I had to pass on libvyos and OCAML, just reading and understanding a few lines took me forever. What would be the fix?

Wed, Jan 23, 6:41 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)

Tue, Jan 22

hagbard updated subscribers of T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.
Tue, Jan 22, 10:58 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Issue sits somewhere in vyos.configtree

Tue, Jan 22, 10:45 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard changed the status of T1193: libvyosconfig parser cannot handle top level leaf and tag nodes from Open to Confirmed.
Tue, Jan 22, 10:39 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard claimed T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.
Tue, Jan 22, 10:38 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

All right, can you please test: https://github.com/hagbard-01/vyos-1x/releases/download/1.2.0-10/vyos-1x_1.2.0-10_all.deb

Tue, Jan 22, 10:26 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard renamed T1194: cronjob is being setup even if not saved from conjobs is being setup even if not saved to conjob is being setup even if not saved.
Tue, Jan 22, 8:58 PM · VyOS 1.3 Equuleus
hagbard created T1194: cronjob is being setup even if not saved.
Tue, Jan 22, 8:53 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

OK, so the issue happens only if a) the cronjobs was executed by root and b) it modifies the config (which gets then rewritten via union-fs). I created another user called test01, the user vyos has a cron job in his name, regardless what user (test01 or vyos) the script runs, all stays healthy. As soon as the script is triggered via root, you can't set anything in your running config due to the permission changes I wrote yesterday.

Tue, Jan 22, 8:42 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Thanks for confirming. With 2 users, you may encounter always the issue that a cronjob locks up your ability to change the config afterwards. For now the manual workaround should help you, I'm going to revert my changes from yesterday and return to the drawing board.

Tue, Jan 22, 6:35 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard closed T1181: disable/enable interface with dhcp ip assignement fails to restart dhclient as Resolved.

Thx for testing.

Tue, Jan 22, 6:16 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard closed T894: DHCP not renewed after switching network as Resolved.

Fixed via T1181

Tue, Jan 22, 6:15 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard closed T894: DHCP not renewed after switching network, a subtask of T1181: disable/enable interface with dhcp ip assignement fails to restart dhclient, as Resolved.
Tue, Jan 22, 6:15 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

I wouldn't execute a scheduled script. Thats all. Do you recreate then a different user? Since all users have admin privs, the probem with the change permissions will persist. Actually makes it works, one user can block the other. So, I have to find something else out.

Tue, Jan 22, 6:13 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

@cpo it would just exit 1. I gotta look into the possibility to see the commit user, I was under the assumption that the vyos user always exists. If there are multiple (at least 2 different) and the cron runs a root or the user (the one which did not setup the job), it will disable any config for all other users, since the filesystem permissions change. ACL's would be something which can solve it, but I have to verify it. I'll keep this task open to track it. Do you just replace the vyos user, or are you using root only in your config?

Tue, Jan 22, 4:38 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)

Mon, Jan 21

hagbard assigned T1185: Firewall rulesets are ignored in RFC-compliant VRRP setups to Merijn.
Mon, Jan 21, 10:11 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard moved T894: DHCP not renewed after switching network from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.0-GA) board.
Mon, Jan 21, 10:06 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T894: DHCP not renewed after switching network.

@yun can you please test with the latest rolling?

Mon, Jan 21, 10:06 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

@kroy install http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-10_all.deb and try again, I have the changes in that package and tonights rolling will have it too. I couldn't find anywhere a requirement that the cronjobs need root, so I switched it to always run as vyos which keeps the file system permissions intact. Test it on a test machine first, but it should now do what you want, I used your script code from above, but didn't have any real ospf adjacency with any other route, but that shouldn't matter at all. Let me know the results please.

Mon, Jan 21, 9:20 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

OK, I think I found it, however so far I can only give you a quick workaround rather than solving it.
Short explanation, if you setup cron, your script is executed as root which changes the permissions for the configs on union-fs and the directories, that's why already a set fails, it can't simply write as user vyos to the directory.
To get your stuff working, try the following (preferably on a test box, I used the rolling from tonight but any 1.2 image should work if it's not older than 3 months or so)

Mon, Jan 21, 8:41 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

The 'commit' causes the issue, but right now I'm not sure why.

Mon, Jan 21, 8:03 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.
In T1178#30992, @kroy wrote:

@hagbard Note that a reboot does fix the ability to edit configuration again until the next time the cron script runs.

Mon, Jan 21, 6:13 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard changed the status of T1178: Scheduled script breaks ability to modify configuration from Open to Needs testing.
Mon, Jan 21, 6:09 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.
Mon, Jan 21, 6:09 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)