Page MenuHomePhabricator

dmbaturin (Daniil Baturin)Administrator
User

User Details

User Since
Feb 7 2016, 4:09 PM (154 w, 1 d)
Roles
Administrator

Recent Activity

Mon, Jan 14

dmbaturin renamed T1068: Completion data buffer is too small from Limitation to How Many Firewall Groups You Can Have to Completion data buffer is too small.
Mon, Jan 14, 6:18 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin closed T1175: "show vpn ipsec sa" doesn't show DMVPN connections as Resolved.
Mon, Jan 14, 6:02 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)

Sat, Jan 12

dmbaturin created T1175: "show vpn ipsec sa" doesn't show DMVPN connections.
Sat, Jan 12, 4:20 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)

Sat, Jan 5

dmbaturin claimed T1159: Incorrect handling of tunnels without PFS by the "run show vpn ipsec sa" script.
Sat, Jan 5, 9:43 PM · VyOS-1.2.0-LTS, VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin created T1159: Incorrect handling of tunnels without PFS by the "run show vpn ipsec sa" script.
Sat, Jan 5, 9:43 PM · VyOS-1.2.0-LTS, VyOS 1.2.x (VyOS 1.2.0-EPA3)

Thu, Jan 3

dmbaturin closed T1149: flow-accounting stops on 1.2.0-epa2 as Resolved.

I noticed the issue but didn't get to fixing it, applied your fix now.

Thu, Jan 3, 10:24 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)

Wed, Jan 2

dmbaturin reopened T728: Do not reference vyatta in the name of the postconfig script as "Needs testing".
Wed, Jan 2, 9:53 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3), VyOS-1.2.0-LTS
dmbaturin triaged T1146: Postconfig scripts do not always run after config load is complete as Normal priority.
Wed, Jan 2, 9:27 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin created VyOS 1.2.x (VyOS 1.2.0-EPA3).
Wed, Jan 2, 9:23 AM

Tue, Jan 1

dmbaturin edited projects for T1023: Install Grub EFI to removable location as well, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Tue, Jan 1, 12:53 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2), VyOS-1.2.0-LTS
dmbaturin edited projects for T1139: Upgrade Kernel to 4.19.12, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Tue, Jan 1, 12:53 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T1098: mmc_block, sdhci, and sdhci_acpi modules for kernel, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Tue, Jan 1, 12:53 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T1136: Typo in BGP CLI, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Tue, Jan 1, 12:52 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T314: Unable to apply MSS Clamp with VyOS configuration, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Tue, Jan 1, 12:52 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin edited projects for T1007: site-to-site GRE IPSEC VPN fails, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Tue, Jan 1, 12:51 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)

Mon, Dec 31

dmbaturin edited projects for T1043: Creating VXLAN missing commit validation for group + link, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Mon, Dec 31, 3:42 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin changed Why the issue appeared? from none to third-party on T1027: show ip ospf neighbor A.B.C.D does not work.
Mon, Dec 31, 3:41 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T1027: show ip ospf neighbor A.B.C.D does not work, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS-1.2.0-LTS.
Mon, Dec 31, 3:41 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin closed T1027: show ip ospf neighbor A.B.C.D does not work as Resolved.

FRR people fixed it rather quickly!

Mon, Dec 31, 3:41 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin added a comment to T1128: SNMP hostname not changed after commit.

Ok, ignore it, I decided not to be a lazy butt and test it myself. ;)
Reload is not enough, restart is needed, so the fix should be complete.

Mon, Dec 31, 12:48 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin closed T1128: SNMP hostname not changed after commit as Resolved.
Mon, Dec 31, 12:47 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T1128: SNMP hostname not changed after commit, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Mon, Dec 31, 12:43 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin added a comment to T1128: SNMP hostname not changed after commit.

I've added SNMP restart on hostname change, it will be in the next nightly build.

Mon, Dec 31, 12:42 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T109: VyOS Can Lose Parts Of Its Config On Reboot - In Certain Situations, added: VyOS-1.2.0-LTS; removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Mon, Dec 31, 12:24 PM · VyOS-1.2.0-LTS
dmbaturin set Why the issue appeared? to none on T103: wrong hostnames in hosts file.
Mon, Dec 31, 12:23 PM · VyOS-1.2.0-LTS
dmbaturin claimed T905: The command show remote-config does not work for remote-platform openvpn.
Mon, Dec 31, 12:21 PM · VyOS-1.2.0-LTS
dmbaturin edited projects for T905: The command show remote-config does not work for remote-platform openvpn, added: VyOS-1.2.0-LTS; removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Mon, Dec 31, 12:21 PM · VyOS-1.2.0-LTS
dmbaturin closed T777: Misleading Help Text for IPSEC Connection Type as Resolved.
Mon, Dec 31, 12:20 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin added a comment to T1112: BGP redistribute static not migrated on upgrade.

Oh, you forgot metric and route-map options. Extending your patch to support them wasn's hard though, most of the work was already done.

Mon, Dec 31, 11:59 AM · VyOS-1.2.0-LTS, VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin renamed T1112: BGP redistribute static not migrated on upgrade from redistribute static not migrated on upgrade to BGP redistribute static not migrated on upgrade.
Mon, Dec 31, 11:58 AM · VyOS-1.2.0-LTS, VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin added a comment to T1112: BGP redistribute static not migrated on upgrade.

Hey @Merijn, sorry for late reply and thanks for the patch! I've merged it in and it will be in the next nightly build.

Mon, Dec 31, 11:42 AM · VyOS-1.2.0-LTS, VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin edited projects for T1108: "show vpn ipsec sa" fails with exception when there are no established SAs, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Mon, Dec 31, 11:39 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin added a comment to T1027: show ip ospf neighbor A.B.C.D does not work.

I could reproduce it in today's FRR master. I'm reporting the issue to FRR maintainers.

Mon, Dec 31, 11:37 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T1027: show ip ospf neighbor A.B.C.D does not work, added: VyOS-1.2.0-LTS; removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Mon, Dec 31, 11:33 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin closed T1138: "set comm-list" syntax is out of sync with FRR as Resolved.
Mon, Dec 31, 11:32 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T1138: "set comm-list" syntax is out of sync with FRR, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x ( VyOS 1.2.0-EPA).
Mon, Dec 31, 11:32 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin edited projects for T1011: FTP connection tracking slightly broken, added: VyOS 1.2.x (VyOS 1.2.0-EPA2); removed VyOS 1.2.x (VyOS 1.2.0-rc8).
Mon, Dec 31, 11:31 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin added a project to T1141: Conntrack helpers are no longer active by default: VyOS 1.2.x (VyOS 1.2.0-EPA2).
Mon, Dec 31, 11:31 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3), VyOS-1.2.0-LTS
dmbaturin created VyOS 1.2.x (VyOS 1.2.0-EPA2).
Mon, Dec 31, 11:30 AM
dmbaturin renamed T1108: "show vpn ipsec sa" fails with exception when there are no established SAs from show vpn ipsec sa - corrupted output in 1.2.0-rc10 to "show vpn ipsec sa" fails with exception when there are no established SAs.
Mon, Dec 31, 10:55 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin closed T1108: "show vpn ipsec sa" fails with exception when there are no established SAs as Resolved.

I've changed it to handle the situation gracefully. Actual display of connecting SAs is another story of course... The fix will be in the next nightly build.

Mon, Dec 31, 10:54 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin changed the status of T1141: Conntrack helpers are no longer active by default from Open to Needs testing.

@zsdc The fix for T1011 should have fixed this, but there's a crucial and annoying detail: apparently when the nf_conntrack module is (re)loaded without nf_conntrack_helper=1 option, the sysctl value gets overwritten.

Mon, Dec 31, 8:38 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3), VyOS-1.2.0-LTS
dmbaturin added a parent task for T1011: FTP connection tracking slightly broken: T1141: Conntrack helpers are no longer active by default.
Mon, Dec 31, 8:09 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin added a subtask for T1141: Conntrack helpers are no longer active by default: T1011: FTP connection tracking slightly broken.
Mon, Dec 31, 8:09 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3), VyOS-1.2.0-LTS
dmbaturin renamed T1141: Conntrack helpers are no longer active by default from PPTP Passthrough don't work with NAT on Vyos 1.2.0 to Conntrack helpers are no longer active by default.
Mon, Dec 31, 8:08 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3), VyOS-1.2.0-LTS
dmbaturin renamed T1133: Confusing commit error message for non-existent VRRP sync-groups used in conntrack sync from Cannot assign sync-grup under conntrack over vrrp to Confusing commit error message for non-existent VRRP sync-groups used in conntrack sync.
Mon, Dec 31, 7:26 AM · VyOS-1.2.0-LTS, vyatta-vrrp, conntrack-tools
dmbaturin closed T1133: Confusing commit error message for non-existent VRRP sync-groups used in conntrack sync as Invalid.

Yes, seems it's just forgotten sync-group. A sync-group is required for it to work, in the current implementation. The error message is confusing and bug-like though, as of me.

Mon, Dec 31, 7:25 AM · VyOS-1.2.0-LTS, vyatta-vrrp, conntrack-tools

Sat, Dec 29

dmbaturin claimed T1133: Confusing commit error message for non-existent VRRP sync-groups used in conntrack sync.
Sat, Dec 29, 2:20 PM · VyOS-1.2.0-LTS, vyatta-vrrp, conntrack-tools

Wed, Dec 26

dmbaturin added a comment to T1122: Can't delete route-map rule with comm-list.

@m.cremers The fix will be in the next nightly build, please re-test.

Wed, Dec 26, 7:00 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin created T1138: "set comm-list" syntax is out of sync with FRR.
Wed, Dec 26, 6:38 AM · VyOS 1.2.x (VyOS 1.2.0-EPA2)

Dec 21 2018

dmbaturin added a comment to T1132: Build on Debian Buster.

So far:

Dec 21 2018, 1:42 AM · VyOS 1.3.x
dmbaturin triaged T1132: Build on Debian Buster as Normal priority.
Dec 21 2018, 1:23 AM · VyOS 1.3.x

Dec 17 2018

dmbaturin closed T1111: Misbehaviour of "recent" options in firewall rules as Resolved.
Dec 17 2018, 9:50 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin claimed T1111: Misbehaviour of "recent" options in firewall rules.
Dec 17 2018, 9:47 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin added a comment to T1111: Misbehaviour of "recent" options in firewall rules.

Thanks for catching this! I've fixed it in the upcoming rc11.

Dec 17 2018, 9:47 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin merged T1109: Add option for enabling multipath ecmp L4 hashing and dead-neighbor-detection into T992: Add an option for enabling layer 4 multipath.
Dec 17 2018, 8:07 PM · VyOS 1.2.x (VyOS 1.2.0-rc8)
dmbaturin merged task T1109: Add option for enabling multipath ecmp L4 hashing and dead-neighbor-detection into T992: Add an option for enabling layer 4 multipath.
Dec 17 2018, 8:07 PM
MrFunken awarded T865: Add initial RPKI support a Like token.
Dec 17 2018, 10:38 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3)

Dec 16 2018

dmbaturin edited projects for T375: WAN failover, not to balance the load, added: VyOS 1.3.x; removed VyOS 1.2.x ( VyOS 1.2.0-rc11).
Dec 16 2018, 4:47 PM · VyOS 1.3.x
dmbaturin changed the status of T314: Unable to apply MSS Clamp with VyOS configuration from On hold to Needs testing.
Dec 16 2018, 4:47 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin set Why the issue appeared? to none on T50: Better support for tcp-mss.
Dec 16 2018, 4:45 PM · VyOS 1.3.x
dmbaturin added a comment to T50: Better support for tcp-mss.

If we are planning firewall overhaul, the old design issues should not get in the way. It's planned for 1.3 though

Dec 16 2018, 4:45 PM · VyOS 1.3.x
dmbaturin set Why the issue appeared? to none on T123: Set module/kernel options from CLI.
Dec 16 2018, 4:44 PM · VyOS 1.3.x
dmbaturin edited projects for T738: Add local-port and resolver port options for powerdns in CLI configuration tree, added: VyOS 1.3.x; removed VyOS 1.2.x ( VyOS 1.2.0-rc11).
Dec 16 2018, 4:28 PM · VyOS 1.3.x
dmbaturin edited projects for T521: Network services may fail if vyatta-router.service startup takes longer than a few seconds, added: VyOS 1.3.x; removed VyOS 1.2.x ( VyOS 1.2.0-rc11).
Dec 16 2018, 3:40 PM · VyOS 1.3.x
dmbaturin closed T1027: show ip ospf neighbor A.B.C.D does not work as Resolved.

That command works for me in the upcoming rc, so I assume they fixed it.

Dec 16 2018, 3:37 PM · VyOS 1.2.x (VyOS 1.2.0-EPA2)
dmbaturin removed a project from T1082: run "show vpn debug detail " error: VyOS 1.2.x ( VyOS 1.2.0-rc11).
Dec 16 2018, 3:35 PM
dmbaturin closed T1082: run "show vpn debug detail " error as Invalid.

That command has been removed in rc10. "run show ipsec debug" is now mapped to "ipsec statusall", which should be detailed enough for all practical purposes.

Dec 16 2018, 3:34 PM
dmbaturin renamed T1072: Route-map rules do not allow named community-lists from Community List - Inconsistent Syntax to Route-map rules do not allow named community-lists.
Dec 16 2018, 3:32 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin closed T1072: Route-map rules do not allow named community-lists as Resolved.

Good catch! Fixed.

Dec 16 2018, 3:31 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin closed T1093: Cannot delete route-map with BGP community as Resolved.

Ah , another minor incompatibility between Quagga and FRR. I've fixed it, the fix will be in the next rc.

Dec 16 2018, 3:19 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin closed T1063: Routing protocol and QoS templates are missing in the wireguard CLI as Resolved.

@hagbard I've added it to all interface templates generators now, including that for QoS.

Dec 16 2018, 3:06 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin renamed T1063: Routing protocol and QoS templates are missing in the wireguard CLI from Wireguard: Unable to add wireguard interface to a routing protocol (eg. ospf) to Routing protocol and QoS templates are missing in the wireguard CLI.
Dec 16 2018, 2:58 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin renamed T1087: Firewall commands are missing in wireguard interface CLI from Firewall on Wireguard Interface to Firewall commands are missing in wireguard interface CLI.
Dec 16 2018, 2:53 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin edited projects for T1087: Firewall commands are missing in wireguard interface CLI, added: VyOS 1.2.x ( VyOS 1.2.0-rc11); removed VyOS 1.2.x.
Dec 16 2018, 2:52 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin added a comment to T1087: Firewall commands are missing in wireguard interface CLI.

@hagbarg Sorry I haven't spotted this earlier and had to revert your commit! Please check out my commits: this is how it's been done historically. You would have to also add PBR templates so I see no reason for duplicating that, especially in light of planned firewall overhaul that will rid us from interface templates.

Dec 16 2018, 2:52 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin closed T1047: Configuration saved on a livecd cannot be carried over to the installed image as Resolved.
Dec 16 2018, 2:26 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin claimed T1093: Cannot delete route-map with BGP community.
Dec 16 2018, 2:24 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin changed the status of T1093: Cannot delete route-map with BGP community from Open to Confirmed.
Dec 16 2018, 2:23 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)

Dec 15 2018

MrXermon awarded T865: Add initial RPKI support a Like token.
Dec 15 2018, 2:32 PM · VyOS 1.2.x (VyOS 1.2.0-EPA3)

Dec 7 2018

dmbaturin added a commit to T1060: Possibility to bypass the webproxy based on source IP address: Unknown Object (Diffusion Commit).
Dec 7 2018, 1:45 PM · VyOS 1.3.x, vyatta-webproxy
dmbaturin added a parent task for T1060: Possibility to bypass the webproxy based on source IP address: T1090: Webproxy overhaul.
Dec 7 2018, 1:44 PM · VyOS 1.3.x, vyatta-webproxy
dmbaturin added a subtask for T1090: Webproxy overhaul: T1060: Possibility to bypass the webproxy based on source IP address.
Dec 7 2018, 1:44 PM · VyOS 1.3.x
dmbaturin triaged T1090: Webproxy overhaul as Low priority.
Dec 7 2018, 1:43 PM · VyOS 1.3.x

Dec 4 2018

dmbaturin added a comment to T1075: Unable to build the ISO for VyOS 1.2.0.

@begetan Yeah, very strange. I need to check why this issue re-appeared, hope I'll get it fixed by tomorrow.

Dec 4 2018, 3:30 PM · VyOS 1.2.x (VyOS 1.2.0-CRUX-GA)
dmbaturin renamed T1047: Configuration saved on a livecd cannot be carried over to the installed image from Configuration does not propagate to install image. to Configuration saved on a livecd cannot be carried over to the installed image.
Dec 4 2018, 3:27 PM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin closed T1019: Enable Google BBR support at kernel compile time as Resolved.
Dec 4 2018, 12:48 AM · VyOS 1.2.x (VyOS 1.2.0-rc10)

Dec 3 2018

dmbaturin closed T902: VyOS 1.2.0-rc2 fails to load configuration when conntrack modules are disabled in config as Resolved.

I've tested this configuration again and it works for me, so I suppose it's fixed. If it reapprears, feel free to reopen.

Dec 3 2018, 3:02 AM · VyOS 1.2.x (VyOS 1.2.0-rc10)
dmbaturin renamed T888: Cannot set the "system conntrack tcp loose enable" option from conntrack tcp loose error to Cannot set the "system conntrack tcp loose enable" option.
Dec 3 2018, 3:01 AM · VyOS-1.2.0-LTS, VyOS 1.2.x (VyOS 1.2.0-rc2)
dmbaturin closed T337: 'show vpn ipsec sa' output wrong when remote or local prefix not in system subnet as Resolved.

@hagbard "show vpn ipsec sa verbose" is now a thin wrapper for "ipsec statusall" so it's not applicable there either. :)

Dec 3 2018, 2:56 AM · VyOS 1.2.x (VyOS 1.2.0-rc10)
dmbaturin added a comment to T1047: Configuration saved on a livecd cannot be carried over to the installed image.

...to be fair, I also think there should be a warning when trying to save a config on a livecd. We hear from people once in a while that they forgot they are running from a livecd and lose their config after reboot.

Dec 3 2018, 1:52 AM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin created T1076: Configuration files are kept in the system when VyOS config is commited but not saved.
Dec 3 2018, 1:51 AM · VyOS 1.3.x
dmbaturin edited projects for T769: StrongSWAN starts when "vpn ipsec" is not present in the config, added: VyOS 1.2.x (VyOS 1.2.0-rc9); removed VyOS 1.2.x (VyOS 1.2.0-rc10).
Dec 3 2018, 1:37 AM · VyOS 1.2.x (VyOS 1.2.0-rc9)
dmbaturin closed T769: StrongSWAN starts when "vpn ipsec" is not present in the config as Resolved.

Clearly undesirable behaviour was caused by a combination of two issues: StrongSWAN starting even when IPsec is not present in the VyOS config, and /etc/ipsec.conf staying in place if config was commited but not saved.

Dec 3 2018, 1:36 AM · VyOS 1.2.x (VyOS 1.2.0-rc9)
dmbaturin renamed T769: StrongSWAN starts when "vpn ipsec" is not present in the config from /etc/ipsec.conf stored persistent with just commit to StrongSWAN starts when "vpn ipsec" is not present in the config.
Dec 3 2018, 1:33 AM · VyOS 1.2.x (VyOS 1.2.0-rc9)
dmbaturin closed T1006: Eliminate unnecessary IP address validation utilities as Resolved.

The only remaining bit is the valid_address utility, which is much more difficult to remove because it's so pervasive (used by the "address" option in every interface type).

Dec 3 2018, 1:25 AM · VyOS 1.2.x (VyOS 1.2.0-rc10)
dmbaturin changed the status of T1047: Configuration saved on a livecd cannot be carried over to the installed image from Open to Needs testing.

The root cause is that /config is not mounted on livecd anymore, due to the difference in startup scripts.

Dec 3 2018, 1:21 AM · VyOS 1.2.x ( VyOS 1.2.0-rc11)
dmbaturin edited projects for T1007: site-to-site GRE IPSEC VPN fails, added: VyOS 1.2.x ( VyOS 1.2.0-rc11); removed VyOS 1.2.x (VyOS 1.2.0-rc10).
Dec 3 2018, 12:47 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin changed the status of T1007: site-to-site GRE IPSEC VPN fails from Open to Needs testing.
Dec 3 2018, 12:47 AM · VyOS 1.2.x (VyOS 1.2.0-EPA3)
dmbaturin closed T956: Incorrect output of "run show vpn ipsec sa" as Resolved.

Ok, the issue is that StrongSWAN uses different format for SAs with zero and non-zero counters!

Dec 3 2018, 12:43 AM · VyOS 1.2.x (VyOS 1.2.0-rc10)