- User Since
- Oct 10 2017, 8:55 PM (105 w, 6 d)
Jan 3 2019
So, is there anything that anyone can do here so that I can actually improve this documentation? Or is it just going to have to remain inaccurate for now?
Dec 31 2018
Dec 28 2018
I can confirm that this problem also exists in VyOS 1.1.x when trying to upgrade to 1.1.8. I consider this a pretty big security vulnerability, and this should be fixed in 1.1.x, not just in 1.3 or 1.2.
Feb 8 2018
Feb 6 2018
Ponder/Answer created as requested: Q130
OH! Well that's a relief. So this documentation is just out-of-date, then: https://wiki.vyos.net/wiki/Version_history
My apologies. I meant to post this as a question, not a bug, and now I do not know how to delete it.
Jan 16 2018
So the attempts with /56 and /60 were part of my hundreds of different combinations/attempts to get this to work. I have one /56 assigned to me (2603:xxxx:xxxx:8700::/56) with one gateway assigned to me (2603:xxxx:xxxx:8700:7454:7dff:feb1:d391). Skipping the WAN for just a second because I believe(d) it to need different configuration, I expected to be able to break that /56 up into /64s and use them like so:
So, I ended up handling my IPv4 addresses using 1:1 NAT. It works, and I don't love it, but I think it's the best it's going to get with Comcast's clunky static IP infrastructure. But I'm having no luck with IPv6, and could really use some help with someone who understand's static IPv6 and VyOS a little better. I have a static IPv6 prefix, and I need to statically assign some of those to public-facing servers behind my firewall/router, but it's like pulling teeth from a rhinoceros.
Jan 1 2018
Dec 31 2017
Dec 19 2017
That's true, I would use a TLS mirror with a SHA-256 hash from the master. But I'd also want the master to be TLS.
We should probably put in the mirror documentation that new mirrors must support TLS and existing mirrors are strongly urged to add support for TLS. However, to be clear, wanting a secure source for my downloads, I won't download from a mirror, because there's a lower level of trust. In fact, given a mirror with TLS and a the master source without TLS, I would chose the master source every time.
Nov 13 2017
So, one thing to note: Comcast doesn't give you a /64 at the very beginning (I didn't understand this fully at the time this was originally reported/discussed). It gives you a /128 (one address). You can then ask for a prefix of any size from a /64 to a /60, and it will give it to you. If you don't ask at all, it won't give you anything. If you ask for a prefix, but without a prefix length, it will give you a /64. (I'm not refuting anything said here; just making sure everyone understands how these are assigned.)
Oct 12 2017
Oct 11 2017
I'd like to get some clarity on this, if possible. Will VyOS's firewall features just not work at all with IPv6? Or will it work, but you have to use something other than groups? Importantly: Is it still possible for me to secure my network if I enable IPv6?
Comment by @beamerblvd on 2016-01-24:
The above completes the migration of content and all comments for Bugzilla issue 112.
Comment by Daniel Corbe on 2016-01-12:
Comment by Brett Lykins on 2015-09-28:
Comment by Jason Nadeau on 2015-09-27:
Comment by Patrick van Staveren on 2015-09-25:
Comment by Jeremy Church on 2015-08-24:
Comment by Steve Froelich on 2015-08-21:
Comment by Aaron Von Gauss on 2015-05-03:
Comment by @dmbaturin on 2015-05-03:
Comment by @darkdragon-001 on 2015-04-19:
Comment by Aaron Von Gauss on 2015-03-27:
Comment by Kouak on 2015-03-18:
Comment by @beamerblvd on 2015-03-06:
Comment by Kouak on 2015-03-05:
Comment by @beamerblvd on 2015-03-05:
Comment by @beamerblvd on 2015-03-03:
Comment by @dmbaturin on 2014-10-07:
Comment by Ryan Holt posted on 2014-09-02:
So is the correct course of action for me to create a new issue and manually copy over the contents of the issue and all of the comments?
Okay, so I want to make sure I'm clear on something. We have not migrated any issues over? Or we have migrated some, but not others?