Page MenuHomeVyOS Platform
People c-po

c-po (Christian Poessinger)
User

Projects

User Details

User Since
Aug 3 2017, 1:55 PM (207 w, 1 d)

Recent Activity
View All

Today

c-po created T3699: login: verify selected "system login user" name is not already used by the base system..
Fri, Jul 23, 5:26 AM · VyOS 1.3 Equuleus

Yesterday

c-po removed a project from T3697: Impossible to delete IPsec completely: VyOS 1.4 Sagitta.
Thu, Jul 22, 9:17 PM · VyOS 1.3 Equuleus
c-po added a comment to T3697: Impossible to delete IPsec completely.

No issue on 1.4-rolling-202107191536 and later.

Thu, Jul 22, 9:17 PM · VyOS 1.3 Equuleus

Wed, Jul 21

c-po renamed T3318: Update Linux Kernel to v5.4.134 / 5.10.52 from Update Linux Kernel to v5.4.132 / 5.10.50 to Update Linux Kernel to v5.4.134 / 5.10.52.
Wed, Jul 21, 7:52 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po closed T3675: L2TP over IPSEC broken as Resolved.
Wed, Jul 21, 7:33 PM

Tue, Jul 20

c-po closed T3691: GRETAP: key is not applied when interface is created as Resolved.
Tue, Jul 20, 6:04 PM · VyOS 1.3 Equuleus
c-po moved T3691: GRETAP: key is not applied when interface is created from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Tue, Jul 20, 6:04 PM · VyOS 1.3 Equuleus
c-po removed a project from T3691: GRETAP: key is not applied when interface is created: VyOS 1.4 Sagitta.
Tue, Jul 20, 6:04 PM · VyOS 1.3 Equuleus
c-po changed the status of T3691: GRETAP: key is not applied when interface is created from Open to Confirmed.
Tue, Jul 20, 5:13 PM · VyOS 1.3 Equuleus
c-po created T3691: GRETAP: key is not applied when interface is created.
Tue, Jul 20, 5:13 PM · VyOS 1.3 Equuleus

Mon, Jul 19

c-po added a project to T3576: ISIS does not support IPV6: VyOS 1.3 Equuleus.
Mon, Jul 19, 5:59 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po merged T3687: IS-IS is missing IPv6 support into T3576: ISIS does not support IPV6.
Mon, Jul 19, 5:59 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po merged task T3687: IS-IS is missing IPv6 support into T3576: ISIS does not support IPV6.
Mon, Jul 19, 5:59 PM · VyOS 1.3 Equuleus
c-po added a comment to T3687: IS-IS is missing IPv6 support.

This is already available in VyOS 1.4

Mon, Jul 19, 5:57 PM · VyOS 1.3 Equuleus

Sun, Jul 18

c-po merged T3684: Bridge doesn't show stp states / macs into T3667: brctl is damaged.
Sun, Jul 18, 2:02 PM · VyOS 1.4 Sagitta
c-po merged task T3684: Bridge doesn't show stp states / macs into T3667: brctl is damaged.
Sun, Jul 18, 2:02 PM · VyOS 1.4 Sagitta
c-po added a comment to T3684: Bridge doesn't show stp states / macs .

Can you please try running this test on a more recent VyOS version?

Sun, Jul 18, 2:01 PM · VyOS 1.4 Sagitta

Sat, Jul 17

c-po changed the status of T3684: Bridge doesn't show stp states / macs from Open to Confirmed.
Sat, Jul 17, 10:05 PM · VyOS 1.4 Sagitta
c-po added a comment to T3684: Bridge doesn't show stp states / macs .

brctl is a deprecated package and superseeded by iproute2. Commands will be adjusted, thanks for reporting.

Sat, Jul 17, 10:05 PM · VyOS 1.4 Sagitta
c-po claimed T3684: Bridge doesn't show stp states / macs .
Sat, Jul 17, 10:04 PM · VyOS 1.4 Sagitta
c-po added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

You can find the test here: https://github.com/vyos/vyos-1x/blob/current/smoketest/scripts/cli/test_interfaces_openvpn.py

Sat, Jul 17, 6:50 PM · VyOS 1.3 Equuleus
c-po added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

Unfortunately I had to revert this PR as it broke the smoketests and also triggered the following OpenVPN error:

Sat, Jul 17, 5:20 PM · VyOS 1.3 Equuleus
c-po renamed T3318: Update Linux Kernel to v5.4.134 / 5.10.52 from Update Linux Kernel to v5.4.131 / 5.10.49 to Update Linux Kernel to v5.4.132 / 5.10.50.
Sat, Jul 17, 7:16 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Tue, Jul 13

c-po added a comment to T3680: Static routes with dhcp-interface are flaky.

Most likely related to T3505

Tue, Jul 13, 9:06 PM · VyOS 1.4 Sagitta

Mon, Jul 12

c-po added a comment to T56: Add pkcs11 support to OpenVPN interfaces.

thanks for your detailed bisection of this issue. You mind submitting a GitHub PullRequest as per https://docs.vyos.io/en/equuleus/contributing/development.html?

Mon, Jul 12, 6:56 PM · VyOS 1.3 Equuleus
c-po renamed T3318: Update Linux Kernel to v5.4.134 / 5.10.52 from Update Linux Kernel to v5.4.129 / 5.10.47 to Update Linux Kernel to v5.4.131 / 5.10.49.
Mon, Jul 12, 4:45 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po closed T3661: [vrf} route-leaking missing command as Invalid.
Mon, Jul 12, 4:41 PM · VyOS 1.3 Equuleus

Sun, Jul 11

c-po added a comment to T3661: [vrf} route-leaking missing command.

I did a short lab test using the following topology based on my assumptions what you wan't to do:

Sun, Jul 11, 1:54 PM · VyOS 1.3 Equuleus
c-po added a comment to T2773: EIGRP support for VRF.

@Viacheslav but that sounds more of a decent FRR bug. We could still consider adding EIGRP support for 1.4

Sun, Jul 11, 1:13 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po moved T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Sun, Jul 11, 1:12 PM · VyOS 1.4 Sagitta
c-po moved T3663: Use inotify file watching where applicable from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Sun, Jul 11, 1:12 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po moved T1210: About IKEv2 IPSec VPN remote access from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Sun, Jul 11, 1:12 PM · VyOS 1.4 Sagitta
c-po changed the status of T1210: About IKEv2 IPSec VPN remote access, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to Needs testing.
Sun, Jul 11, 1:12 PM · VyOS 1.4 Sagitta
c-po changed the status of T1210: About IKEv2 IPSec VPN remote access from Open to Needs testing.
Sun, Jul 11, 1:12 PM · VyOS 1.4 Sagitta
c-po closed T3665: Missing VRF support for VxLAN but already documented as Resolved.
Sun, Jul 11, 1:09 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po claimed T3665: Missing VRF support for VxLAN but already documented.
Sun, Jul 11, 1:06 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po added a project to T3637: vrf: bind-to-all didn't work properly: VyOS 1.3 Equuleus.
Sun, Jul 11, 12:33 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po added a comment to T3666: VRF bind-to-all - it doesn't apply the settings ..

Backported fix from T3637

Sun, Jul 11, 12:31 PM · VyOS 1.3 Equuleus
c-po merged T3666: VRF bind-to-all - it doesn't apply the settings . into T3637: vrf: bind-to-all didn't work properly.
Sun, Jul 11, 12:31 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po merged task T3666: VRF bind-to-all - it doesn't apply the settings . into T3637: vrf: bind-to-all didn't work properly.
Sun, Jul 11, 12:31 PM · VyOS 1.3 Equuleus
c-po claimed T3661: [vrf} route-leaking missing command.
Sun, Jul 11, 11:39 AM · VyOS 1.3 Equuleus
c-po changed the status of T3666: VRF bind-to-all - it doesn't apply the settings . from Open to In progress.
Sun, Jul 11, 11:36 AM · VyOS 1.3 Equuleus

Sat, Jul 10

c-po added a comment to T3675: L2TP over IPSEC broken.

I can confirm this on the latest rolling versions, seems to be a problem with the IPSec rewrite/move to swanctl.conf.

Sat, Jul 10, 9:00 AM
c-po changed the status of T3675: L2TP over IPSEC broken from Open to Confirmed.
Sat, Jul 10, 9:00 AM

Tue, Jul 6

c-po closed T3660: Conntrack-Sync configuration command to specify destination udp port for peer as Resolved.
Tue, Jul 6, 5:33 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po added a comment to T3660: Conntrack-Sync configuration command to specify destination udp port for peer.

Thanks for the confirmTion

Tue, Jul 6, 5:33 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus

Sun, Jul 4

c-po added a comment to T1251: IKEv2 Agile VPN Support.

@dongjunbo this is a very very basic PR for VyOS 1.4 with the goal to implement this into the main VyOS release.

Sun, Jul 4, 10:03 AM · VyOS 1.3 Equuleus
c-po added a comment to T1210: About IKEv2 IPSec VPN remote access.

https://github.com/vyos/vyos-1x/pull/908

Sun, Jul 4, 10:00 AM · VyOS 1.4 Sagitta
c-po added a comment to T1251: IKEv2 Agile VPN Support.

https://github.com/vyos/vyos-1x/pull/908

Sun, Jul 4, 10:00 AM · VyOS 1.3 Equuleus

Sat, Jul 3

c-po claimed T1210: About IKEv2 IPSec VPN remote access.
Sat, Jul 3, 5:22 PM · VyOS 1.4 Sagitta
c-po closed T57: Make it possible to disable the entire IPsec peer, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Sat, Jul 3, 5:22 PM · VyOS 1.4 Sagitta
c-po closed T57: Make it possible to disable the entire IPsec peer as Resolved.
Sat, Jul 3, 5:22 PM · VyOS 1.4 Sagitta
c-po edited projects for T1210: About IKEv2 IPSec VPN remote access, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
Sat, Jul 3, 5:20 PM · VyOS 1.4 Sagitta
c-po merged task T1251: IKEv2 Agile VPN Support into T1210: About IKEv2 IPSec VPN remote access.
Sat, Jul 3, 5:20 PM · VyOS 1.3 Equuleus
c-po merged T1251: IKEv2 Agile VPN Support into T1210: About IKEv2 IPSec VPN remote access.
Sat, Jul 3, 5:20 PM · VyOS 1.4 Sagitta
c-po added a comment to T3661: [vrf} route-leaking missing command.

Commands are implemented.

Sat, Jul 3, 12:07 PM · VyOS 1.3 Equuleus

Fri, Jul 2

c-po added a comment to T3660: Conntrack-Sync configuration command to specify destination udp port for peer.

Added command set service conntrack-sync interface <intrerface> port <port>

Fri, Jul 2, 8:26 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po changed the status of T3660: Conntrack-Sync configuration command to specify destination udp port for peer from Confirmed to Needs testing.
Fri, Jul 2, 8:23 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus

Thu, Jul 1

c-po changed the status of T3660: Conntrack-Sync configuration command to specify destination udp port for peer from Open to Confirmed.
Thu, Jul 1, 7:50 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po added a project to T3660: Conntrack-Sync configuration command to specify destination udp port for peer: VyOS 1.4 Sagitta.
Thu, Jul 1, 7:50 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po added a comment to T3660: Conntrack-Sync configuration command to specify destination udp port for peer.

conntrtack implementation changed form 1.3 -> 1.4 by a rewrite. Can you please tell us which version of VyOS you are using?

Thu, Jul 1, 7:46 PM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po assigned T3659: Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors to sdev.
Thu, Jul 1, 7:45 PM · VyOS 1.4 Sagitta
c-po renamed T3318: Update Linux Kernel to v5.4.134 / 5.10.52 from Update Linux Kernel to v5.4.128 / 5.10.46 to Update Linux Kernel to v5.4.129 / 5.10.47.
Thu, Jul 1, 7:43 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po moved T3083: Add feature event-handler from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
Thu, Jul 1, 9:11 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po closed T2035: Executing vyos-smoketest multiple times makes ssh test fail on execution as Resolved.
Thu, Jul 1, 9:09 AM · VyOS 1.4 Sagitta
c-po added a comment to T2035: Executing vyos-smoketest multiple times makes ssh test fail on execution.

Should be addresses using the new vyos smoketest shim from 1.4 branch.

Thu, Jul 1, 9:09 AM · VyOS 1.4 Sagitta
c-po removed a project from T2035: Executing vyos-smoketest multiple times makes ssh test fail on execution: VyOS 1.3 Equuleus.
Thu, Jul 1, 9:09 AM · VyOS 1.4 Sagitta
c-po moved T3636: SSTP / L2TP ipv6 support broken from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
Thu, Jul 1, 9:08 AM · VyOS 1.4 Sagitta
c-po moved T3642: PKI configuration from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
Thu, Jul 1, 9:08 AM · VyOS 1.4 Sagitta
c-po moved T2778: Migrate "system syslog" to get_config_dict() to support new features from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
Thu, Jul 1, 9:08 AM · VyOS 1.4 Sagitta
c-po moved T2769: Add VRF support for syslog from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
Thu, Jul 1, 9:08 AM · VyOS 1.4 Sagitta
c-po added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

Please share your configuration.

Thu, Jul 1, 7:39 AM · VyOS 1.4 Sagitta

Wed, Jun 30

c-po added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

Please share your entire setup then somwe are able to help out.

Wed, Jun 30, 7:39 PM · VyOS 1.4 Sagitta
c-po added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

please stop the idea of "deprecated" command. VyOS commands are in no relation to FRR commands.
If (and when) the FRR syntax changes, we will ensure it will still work by either migrating the VyOS CLI configuration dynamically on upgrade or by adjusting to the FRR configuration "under the hood" with our Jinja2 template.

Wed, Jun 30, 6:48 PM · VyOS 1.4 Sagitta
c-po edited projects for T2769: Add VRF support for syslog, added: VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
Wed, Jun 30, 6:43 PM · VyOS 1.4 Sagitta
c-po removed a project from T2778: Migrate "system syslog" to get_config_dict() to support new features: VyOS 1.3 Equuleus.
Wed, Jun 30, 6:43 PM · VyOS 1.4 Sagitta
c-po changed the status of T3658: Add support for dhcpdv6 fixed-prefix6 from In progress to Needs testing.
Wed, Jun 30, 6:43 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po moved T3658: Add support for dhcpdv6 fixed-prefix6 from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Wed, Jun 30, 6:43 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po moved T3658: Add support for dhcpdv6 fixed-prefix6 from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Wed, Jun 30, 6:42 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Tue, Jun 29

c-po added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

the new build is already available. I am unsure if this works or is even supported by FRR.

Tue, Jun 29, 6:26 PM · VyOS 1.4 Sagitta
c-po closed T1441: Add support for IPSec XFRM interfaces as Resolved.
Tue, Jun 29, 4:38 PM · VyOS 1.4 Sagitta
c-po changed Is it a breaking change? from none to validation on T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.
Tue, Jun 29, 4:36 PM · VyOS 1.4 Sagitta
c-po changed Version from -VyOS 1.4-rolling-202106260417 to 1.4-rolling-202106260417 on T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.
Tue, Jun 29, 4:36 PM · VyOS 1.4 Sagitta
c-po closed T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses as Resolved.
Tue, Jun 29, 4:36 PM · VyOS 1.4 Sagitta
c-po added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

Bug confirmed and fixed,

Tue, Jun 29, 4:36 PM · VyOS 1.4 Sagitta

Mon, Jun 28

c-po changed the status of T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses from Open to Confirmed.
Mon, Jun 28, 7:07 PM · VyOS 1.4 Sagitta
c-po added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

even if FRR manual states the deprecation notice, we have our own layer of abstraction and will deal with it once it is required.
For the time beeing, I just checked the commands (using tab completion).

Mon, Jun 28, 6:59 PM · VyOS 1.4 Sagitta
c-po added a comment to T3657: BGP neighbors ipv6 not able to establish with IPv6 link-local addresses.

I wonder why you use ebgp multihop wirh link local addresses?

Mon, Jun 28, 5:45 PM · VyOS 1.4 Sagitta

Sun, Jun 27

c-po added a comment to T2770: Allow to use in SNMP community all characters.

What would be the "full set" up supported characters? If I remember correctly this regex is inherited from VyOS 1.1

Sun, Jun 27, 7:42 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po moved T2770: Allow to use in SNMP community all characters from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
Sun, Jun 27, 7:42 AM · VyOS 1.4 Sagitta, VyOS 1.3 Equuleus
c-po moved T3651: Move certbot request to op-mode from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
Sun, Jun 27, 7:42 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
c-po added a comment to T3652: BGP handshake with cisco router ends in timeout.

Please share your Cisco and VyOS config, and also the Cisco router Model/Version

Sun, Jun 27, 7:41 AM

Sat, Jun 26

c-po closed T3586: Tunnel/Wireguard/VTI: replace random get_mac function with addrgenmode as Invalid.
Sat, Jun 26, 7:43 AM · VyOS 1.4 Sagitta
c-po added a comment to T3586: Tunnel/Wireguard/VTI: replace random get_mac function with addrgenmode.

THis is infact only relevant when IPv6 addressing is used.

Sat, Jun 26, 7:39 AM · VyOS 1.4 Sagitta

Fri, Jun 25

c-po added a comment to T3642: PKI configuration.

I ver much like this idea. Certificates can then easily be migrated from device to device, and very easy be referenced in a service.

Fri, Jun 25, 8:17 PM · VyOS 1.4 Sagitta
c-po closed T3641: Upgrade base system from Debian Buster -> Debian Bullseye as Resolved.
Fri, Jun 25, 7:42 PM · VyOS 1.4 Sagitta
c-po closed T3650: OpenVPN: Upgrade package to 2.5.1 before releasing VyOS 1.3.0 as Resolved.
Fri, Jun 25, 5:28 PM · VyOS 1.3 Equuleus
c-po moved T3650: OpenVPN: Upgrade package to 2.5.1 before releasing VyOS 1.3.0 from Need Triage to Finished on the VyOS 1.3 Equuleus board.
Fri, Jun 25, 5:27 PM · VyOS 1.3 Equuleus
c-po updated the task description for T3650: OpenVPN: Upgrade package to 2.5.1 before releasing VyOS 1.3.0.
Fri, Jun 25, 5:26 PM · VyOS 1.3 Equuleus
c-po changed the status of T3650: OpenVPN: Upgrade package to 2.5.1 before releasing VyOS 1.3.0 from Open to In progress.
Fri, Jun 25, 5:20 PM · VyOS 1.3 Equuleus