Page MenuHomePhabricator

c-po (Christian Poessinger)
User

Projects

User Details

User Since
Aug 3 2017, 1:55 PM (80 w, 5 d)

Recent Activity

Yesterday

c-po added a parent task for T986: Please update the i40e driver: T1252: Extend vyos-ci Kernel Pipeline to build Intel native drivers.
Mon, Feb 18, 7:32 PM · VyOS 1.2 Crux (VyOS 1.2.3)
c-po added subtasks for T1252: Extend vyos-ci Kernel Pipeline to build Intel native drivers: T986: Please update the i40e driver, T1066: Missing NICs.
Mon, Feb 18, 7:32 PM · VyOS 1.3 Equuleus
c-po added a parent task for T1066: Missing NICs: T1252: Extend vyos-ci Kernel Pipeline to build Intel native drivers.
Mon, Feb 18, 7:32 PM · VyOS 1.3 Equuleus
c-po changed the status of T1252: Extend vyos-ci Kernel Pipeline to build Intel native drivers from Open to In progress.
Mon, Feb 18, 7:32 PM · VyOS 1.3 Equuleus
c-po created T1252: Extend vyos-ci Kernel Pipeline to build Intel native drivers.
Mon, Feb 18, 7:32 PM · VyOS 1.3 Equuleus
c-po added a comment to T1211: Blank hostnames from dhcpd are able to bring down DNS.

/var/log/messages

Mon, Feb 18, 2:06 PM · VyOS 1.3 Equuleus
c-po added a comment to T1211: Blank hostnames from dhcpd are able to bring down DNS.

can you edit /usr/libexec/vyos/system/on-dhcp-event.sh

Mon, Feb 18, 1:47 PM · VyOS 1.3 Equuleus

Sun, Feb 17

c-po added a comment to T1211: Blank hostnames from dhcpd are able to bring down DNS.

@thinkl33t can you please also provide a "faulty" /etc/hosts file?

Sun, Feb 17, 11:57 AM · VyOS 1.3 Equuleus

Sat, Feb 16

c-po closed T1174: "system domain-name" is not reflected in /etc/resolv.conf as Resolved.
Sat, Feb 16, 7:33 PM · VyOS 1.3 Equuleus

Fri, Feb 15

c-po edited projects for T1245: Cannot Clamp MSS on Transient Bridge Interfaces - Turn On br_netfilter, added: VyOS 1.3 Equuleus; removed VyOS 1.2 Crux (VyOS 1.2.0-GA).
Fri, Feb 15, 8:28 AM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus

Wed, Feb 13

c-po added a comment to T1245: Cannot Clamp MSS on Transient Bridge Interfaces - Turn On br_netfilter.

Latest rolling should autoload the module

Wed, Feb 13, 10:16 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
c-po added a comment to T1245: Cannot Clamp MSS on Transient Bridge Interfaces - Turn On br_netfilter.

br_netfilter should already be compuled as a module. Can you sudo modprobe br_netfilter? To see if it fits your purpose? If so we can autoload it on system bootup

Wed, Feb 13, 4:39 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
c-po added a comment to T1245: Cannot Clamp MSS on Transient Bridge Interfaces - Turn On br_netfilter.

This will be part of a bigger workpackage when the whole firewalling is rewritten. There is yet no ETA.

Wed, Feb 13, 7:01 AM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
c-po added a comment to T1245: Cannot Clamp MSS on Transient Bridge Interfaces - Turn On br_netfilter.

Your second command does kot specify any output interface whereas the first command speciefies tun0. Especially on ESXi you see almost no difference compared ro a vietual Box.

Wed, Feb 13, 4:31 AM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus

Tue, Feb 12

c-po added a comment to T1211: Blank hostnames from dhcpd are able to bring down DNS.

Maybe if hostname is empty, we can prepend the mac address to the fqdn which will be stored in /etc/hosts

Tue, Feb 12, 2:06 PM · VyOS 1.3 Equuleus
c-po claimed T1174: "system domain-name" is not reflected in /etc/resolv.conf.
Tue, Feb 12, 5:46 AM · VyOS 1.3 Equuleus
c-po added a comment to T1174: "system domain-name" is not reflected in /etc/resolv.conf.

Something seems to be totally off with set system domain-name and set system domain-search domain

Tue, Feb 12, 5:46 AM · VyOS 1.3 Equuleus

Sun, Feb 10

c-po added a comment to T1242: Error when setting 'pppoe 0 ipv6 address autoconf'.

Interface name is ppp0 but will later be renamed to pppoe0

Sun, Feb 10, 7:50 PM · VyOS 1.2 Crux
c-po changed the status of T1242: Error when setting 'pppoe 0 ipv6 address autoconf' from Open to Confirmed.
Sun, Feb 10, 7:47 PM · VyOS 1.2 Crux
c-po added a comment to T1242: Error when setting 'pppoe 0 ipv6 address autoconf'.
cpo@BR1# set interfaces ethernet eth1 pppoe 0 ipv6 address autoconf
[edit]
cpo@BR1# commit
[ interfaces ethernet eth1 pppoe 0 ipv6 address autoconf ]
cp: cannot create regular file ‘/etc/ppp/ipv6-up.d/50-vyos-pppoe0-autoconf’: No                                                                                                                                                              such file or directory
sed: can't read /etc/ppp/ipv6-up.d/50-vyos-pppoe0-autoconf: No such file or dire                                                                                                                                                             ctory
chmod: cannot access ‘/etc/ppp/ipv6-up.d/50-vyos-pppoe0-autoconf’: No such file                                                                                                                                                              or directory
Warning: IPv6 forwarding is currently enabled.
         IPv6 address auto-configuration will not be performed
         unless IPv6 forwarding is disabled.
Sun, Feb 10, 7:47 PM · VyOS 1.2 Crux
c-po added a comment to T1017: 1.2.0-rc7 duplex auto (autogenerated config) setting not accepted.

@fromport how to reproduce? Is this possible with VMWare ESXi? If now, which virtualisation tool to use for testing?

Sun, Feb 10, 7:38 PM · VyOS 1.3 Equuleus
c-po added a comment to T238: wild card domain-ip association in dns forwarding.

Your given example can thus be enabled via set service dns forwarding domain microsoft.com server x.x.x.x

Sun, Feb 10, 7:36 PM · VyOS 1.3 Equuleus
c-po closed T238: wild card domain-ip association in dns forwarding as Invalid.
Sun, Feb 10, 7:35 PM · VyOS 1.3 Equuleus
c-po added a comment to T238: wild card domain-ip association in dns forwarding.

Okay, a wildcard as in * does not work and is not supported by our underlying pdns-recursor.

Sun, Feb 10, 7:31 PM · VyOS 1.3 Equuleus
c-po added a comment to T238: wild card domain-ip association in dns forwarding.

@oliveriandrea can you please retest with latest rolling release if it already works?

Sun, Feb 10, 3:35 PM · VyOS 1.3 Equuleus
c-po added a comment to T1240: Wireguard module update to 0.0.20190123.

https://github.com/vyos/vyos-wireguard/commit/95f110c1f1693c7e70b78a54459f6aeefde42772

Sun, Feb 10, 3:31 PM · VyOS 1.3 Equuleus
c-po closed T1240: Wireguard module update to 0.0.20190123 as Resolved.
Sun, Feb 10, 3:30 PM · VyOS 1.3 Equuleus
c-po closed T1213: ddclient not functional as Resolved.
Sun, Feb 10, 3:24 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po added a comment to T1213: ddclient not functional.

Implemented in latest rolling and backported to Crux branch for 1.2.1

Sun, Feb 10, 3:24 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po added a comment to T1213: ddclient not functional.

An easier solution is to wrap the test in ' like use-web='this is your IP'

Sun, Feb 10, 3:15 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po updated the task description for T1241: Remove of policy route throws CLI error.
Sun, Feb 10, 2:59 PM · VyOS 1.3 Equuleus
c-po placed T1241: Remove of policy route throws CLI error up for grabs.
Sun, Feb 10, 2:58 PM · VyOS 1.3 Equuleus
c-po claimed T1241: Remove of policy route throws CLI error.
Sun, Feb 10, 2:57 PM · VyOS 1.3 Equuleus
c-po created T1241: Remove of policy route throws CLI error.
Sun, Feb 10, 2:57 PM · VyOS 1.3 Equuleus
c-po changed the status of T314: Unable to apply MSS Clamp with VyOS configuration from Needs testing to Confirmed.
Sun, Feb 10, 2:54 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po placed T314: Unable to apply MSS Clamp with VyOS configuration up for grabs.
Sun, Feb 10, 2:54 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po added a comment to T314: Unable to apply MSS Clamp with VyOS configuration.

After some digging this is what I found out with VyOS 1.2.0-epa3:

Sun, Feb 10, 2:53 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po claimed T1240: Wireguard module update to 0.0.20190123.
Sun, Feb 10, 10:37 AM · VyOS 1.3 Equuleus
c-po created T1240: Wireguard module update to 0.0.20190123.
Sun, Feb 10, 10:37 AM · VyOS 1.3 Equuleus

Sat, Feb 9

c-po closed T1239: make module build for vyos-accel-ppp dynamic as Resolved.
Sat, Feb 9, 9:24 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
c-po changed the status of T1239: make module build for vyos-accel-ppp dynamic from Open to In progress.
Sat, Feb 9, 8:15 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
c-po closed T1236: Update Linux Kernel to 4.19.20 as Resolved.
Sat, Feb 9, 11:08 AM · VyOS 1.3 Equuleus

Fri, Feb 8

c-po changed the status of T171: Unable to delete a firewall fule from Open to Needs testing.
Fri, Feb 8, 6:37 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
c-po added a comment to T171: Unable to delete a firewall fule.

Handled in/with T484, hopefully

Fri, Feb 8, 6:36 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
c-po reopened T171: Unable to delete a firewall fule as Open by committing Restricted Diffusion Commit.
Fri, Feb 8, 6:27 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
c-po changed the status of T1236: Update Linux Kernel to 4.19.20 from Open to In progress.
Fri, Feb 8, 5:56 PM · VyOS 1.3 Equuleus
c-po created T1236: Update Linux Kernel to 4.19.20.
Fri, Feb 8, 5:56 PM · VyOS 1.3 Equuleus
c-po changed the status of T1234: DHCP relay relay-agents-packets is dysfunctional from Open to Needs testing.
Fri, Feb 8, 5:54 PM · VyOS 1.3 Equuleus
c-po added a comment to T484: Rules can't be deleted from firewall rule sets used in zone policies.

Please retest with a new rolling release tomorrow

Fri, Feb 8, 5:44 PM · VyOS 1.3 Equuleus
c-po closed T484: Rules can't be deleted from firewall rule sets used in zone policies as Resolved.
Fri, Feb 8, 5:43 PM · VyOS 1.3 Equuleus
c-po added a comment to T484: Rules can't be deleted from firewall rule sets used in zone policies.

Patch does not apply cleanly, need to backport it but will do

Fri, Feb 8, 6:53 AM · VyOS 1.3 Equuleus
c-po added a comment to T818: SNMP v3 - remove required engineid from user node.

Yes

Fri, Feb 8, 6:14 AM · VyOS 1.2 Crux (VyOS 1.2.1)

Tue, Feb 5

c-po closed T1231: Remove “service dns dynamic“ cache file on node change/delete as Resolved.
Tue, Feb 5, 6:47 AM · VyOS 1.3 Equuleus
c-po updated the task description for T1231: Remove “service dns dynamic“ cache file on node change/delete.
Tue, Feb 5, 6:34 AM · VyOS 1.3 Equuleus
c-po renamed T1231: Remove “service dns dynamic“ cache file on node change/delete from Remove ddclient cache file on delete to Remove “service dns dynamic“ cache file on node change/delete.
Tue, Feb 5, 6:04 AM · VyOS 1.3 Equuleus
c-po created T1231: Remove “service dns dynamic“ cache file on node change/delete.
Tue, Feb 5, 6:03 AM · VyOS 1.3 Equuleus

Mon, Feb 4

c-po updated subscribers of T314: Unable to apply MSS Clamp with VyOS configuration.

So this problem still exists but I have no clue where to add it in our source @dmbaturin @UnicronNL

Mon, Feb 4, 1:01 AM · VyOS 1.2 Crux (VyOS 1.2.1)

Sun, Feb 3

c-po added a comment to T1213: ddclient not functional.

Ah, there was a similar issue with dhcp last couple of weeks where quotes broke the config (T1129). Can you try using &nbsp instead of your whitespace?

Sun, Feb 3, 3:49 PM · VyOS 1.2 Crux (VyOS 1.2.1)

Sat, Feb 2

c-po added a comment to T1213: ddclient not functional.

Con you provide a configuration to reproduce the issue?

Sat, Feb 2, 4:26 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po added a comment to T1218: Static routes not being applied in 1.2 Release.

I can confirm this. 1.2.0-EPA3 does not have thisbissue but 1.2.0 has it.

Sat, Feb 2, 9:53 AM · VyOS 1.2 Crux (VyOS 1.2.1)

Thu, Jan 31

c-po added a comment to T1214: Add `ipaddrcheck` to the packages directory.

Package needs to be build from source. There are already some packages which we build that way like libyang or librtr so not a big deal.

Thu, Jan 31, 6:27 PM · VyOS 1.3 Equuleus

Wed, Jan 30

c-po closed T1160: snmp settings allowing access via IPv6 when it should not as Resolved.
Wed, Jan 30, 6:30 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po edited projects for T1213: ddclient not functional, added: VyOS 1.2 Crux (VyOS 1.2.1); removed VyOS 1.2 Crux.
Wed, Jan 30, 6:29 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po closed T1213: ddclient not functional as Resolved.
Wed, Jan 30, 6:09 PM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po edited projects for T1214: Add `ipaddrcheck` to the packages directory, added: VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
Wed, Jan 30, 11:15 AM · VyOS 1.3 Equuleus
c-po closed T1214: Add `ipaddrcheck` to the packages directory as Resolved.
Wed, Jan 30, 11:15 AM · VyOS 1.3 Equuleus
c-po claimed T1213: ddclient not functional.
Wed, Jan 30, 8:12 AM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po added a comment to T1051: Update openvpn to support TLS 1.2.

Sounds more reasonable (enable than disable). Will this affect backwards compatibility or will there be a migrator?

Wed, Jan 30, 5:18 AM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Tue, Jan 29

c-po added a comment to T1160: snmp settings allowing access via IPv6 when it should not.

@danhusan is this your expected behavior?

Tue, Jan 29, 7:50 AM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po added a comment to T1211: Blank hostnames from dhcpd are able to bring down DNS.

can you share your DHCP configuration with us for reproducibility?

Tue, Jan 29, 7:05 AM · VyOS 1.3 Equuleus

Mon, Jan 28

c-po changed Why the issue appeared? from none to implementation-mistake on T1160: snmp settings allowing access via IPv6 when it should not.
Mon, Jan 28, 5:38 AM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po changed Difficulty level from unknown to normal on T1160: snmp settings allowing access via IPv6 when it should not.
Mon, Jan 28, 5:38 AM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po changed the status of T1160: snmp settings allowing access via IPv6 when it should not from Open to Confirmed.
Mon, Jan 28, 5:38 AM · VyOS 1.2 Crux (VyOS 1.2.1)
c-po added a comment to T1160: snmp settings allowing access via IPv6 when it should not.

IMHO this is a general CLI design issue.

Mon, Jan 28, 5:38 AM · VyOS 1.2 Crux (VyOS 1.2.1)

Wed, Jan 23

c-po added a comment to T1178: Scheduled script breaks ability to modify configuration.

Nope, I used:

Wed, Jan 23, 8:06 AM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
c-po added a comment to T1178: Scheduled script breaks ability to modify configuration.

@hagbard I replaced vyos user with another one. Also image corporate setups where RADIUS is used for authing and there are no local users.

Wed, Jan 23, 7:34 AM · VyOS 1.2 Crux (VyOS 1.2.0-GA)

Tue, Jan 22

c-po triaged T1190: Separate out build-host setup shell commands from Dockerfile to shell script as Wishlist priority.
Tue, Jan 22, 6:53 AM · VyOS 1.3 Equuleus
c-po added a comment to T1190: Separate out build-host setup shell commands from Dockerfile to shell script.

There are no disadvantages in doing so. Any contribution is welcome.

Tue, Jan 22, 6:53 AM · VyOS 1.3 Equuleus
c-po added a comment to T1178: Scheduled script breaks ability to modify configuration.

Depending on the task which needs to be executed a script might need to be run as root.

Tue, Jan 22, 6:50 AM · VyOS 1.2 Crux (VyOS 1.2.0-GA)

Jan 12 2019

c-po closed T1041: DNS forwarding always requires an upstream recursor - but not needed with PowerDNS Recursor as Resolved.
Jan 12 2019, 9:57 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-EPA3)

Jan 11 2019

c-po added a comment to T1066: Missing NICs.

lsmod output from 4.18.6-1 (all 4 NICs working) please. We already have a lsmod output of the other versions.

Jan 11 2019, 2:01 PM · VyOS 1.3 Equuleus
c-po added a comment to T1066: Missing NICs.

Please place your code snippets inside a Code section as mentioned above, this makes it easier to read.

Jan 11 2019, 12:18 PM · VyOS 1.3 Equuleus
c-po created T1174: "system domain-name" is not reflected in /etc/resolv.conf.
Jan 11 2019, 7:57 AM · VyOS 1.3 Equuleus
c-po renamed T1168: Upgrade from 1.1.8 to 1.2-EPA2 fails for "vpn ipsec logging log-modes all" from Upgrade: 1,1,7 -> 1.2.0-epa2 to Upgrade from 1.1.8 to 1.2-EPA2 fails for "vpn ipsec logging log-modes all".
Jan 11 2019, 6:57 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-EPA3)
c-po merged task T1173: Upgrade from 1.1.8 to 1.2 failesVpn ipsec logging log-modes all into T1168: Upgrade from 1.1.8 to 1.2-EPA2 fails for "vpn ipsec logging log-modes all".
Jan 11 2019, 6:57 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-EPA2)
c-po merged T1173: Upgrade from 1.1.8 to 1.2 failesVpn ipsec logging log-modes all into T1168: Upgrade from 1.1.8 to 1.2-EPA2 fails for "vpn ipsec logging log-modes all".
Jan 11 2019, 6:57 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-EPA3)

Jan 10 2019

c-po added a comment to T1066: Missing NICs.

No reply from the vendor so far

Jan 10 2019, 5:04 PM · VyOS 1.3 Equuleus
c-po added a comment to T1066: Missing NICs.

Latest is fine

Jan 10 2019, 1:44 PM · VyOS 1.3 Equuleus

Jan 9 2019

c-po added a comment to T754: Enable DNSSEC in DNS forwarder.

No issue known but it eases reproducibility

Jan 9 2019, 6:28 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
c-po added a comment to T754: Enable DNSSEC in DNS forwarder.

@alexandrestein can you share your complete dns forwarding config node please?

Jan 9 2019, 5:46 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Jan 8 2019

c-po added a comment to T1052: ISO compilation error.

The provides Dockerfile lists all packages which are needed to compile VyOS on a Debian jessie host. If you do not want ro install all this on your host simply use the provided Docker image and you are ready to go.

Jan 8 2019, 7:00 PM · build-iso

Jan 7 2019

c-po added a comment to T1066: Missing NICs.

Thanks. An lsmod from rc5 would be nice, too.

Jan 7 2019, 6:23 AM · VyOS 1.3 Equuleus

Jan 6 2019

c-po added a comment to T1066: Missing NICs.

Can you share the dmesg output from RC5 please?

Jan 6 2019, 9:09 PM · VyOS 1.3 Equuleus
c-po created T1162: WireGuard: Unable to modify tunnels - KeyError: 'state'.
Jan 6 2019, 8:12 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-EPA3)
c-po added a comment to T1066: Missing NICs.

It also reports:

Jan 6 2019, 7:30 PM · VyOS 1.3 Equuleus
c-po added a comment to T1066: Missing NICs.

ISO is still building. You are right, a NIC is a NIC, but a NIC consists of a MAC and a PHY which does the PHYsical interface. you can have the same MAC part multiple times but with different PHY ICs. Lets wait for the ISO to compile.

Jan 6 2019, 6:11 PM · VyOS 1.3 Equuleus
c-po added a comment to T1066: Missing NICs.

According to the datasheet https://f.ipc2u.de/files/add/doc/445/3I380D-D90-Datasheet.pdf I see no PHY that is used on this board - nevertheless I saw that we do not ship every avialable PHY driver, also drivers present in 1.2.0-rc6 are no longer present like CONFIG_BCM7XXX_PHY. I will provide you with an updated ISO for testing.

Jan 6 2019, 5:44 PM · VyOS 1.3 Equuleus
c-po added a comment to T1066: Missing NICs.

Looks like a general issue here. Do you still have the old Buster ISO with Kernel 4.18 that you can install on the target HW?

Jan 6 2019, 5:30 PM · VyOS 1.3 Equuleus
c-po added a comment to T1161: Does Vyos take advantage of linux's improved security features?.
vyos@vyos:~$ show system kernel-messages | grep "Execute Disable" 
NX (Execute Disable) protection: active
Jan 6 2019, 5:24 PM
c-po added a comment to T1067: VXLAN support improvements.

@rps what about changing the minimum supported MTU from "68" to "1450" which is the default that is used in VyOS.

Jan 6 2019, 10:43 AM · VyOS 1.3 Equuleus