- User Since
- May 25 2018, 2:31 AM (121 w, 1 d)
Sun, Sep 13
Due to the fact that transparent proxy, which was the default, is being removed for now, there will be in the first version 2 authentication modes, one is by IP address or network (nothing else would be required as long as you have the correct src IP) and LDAP (either anonym or with bind-dn to browse LDAP. I have both mechanisms already working via cli and about to clean up and test right now. If anyone need a special authentication mechanism, please let me know. I also disabled local file caches, since these days most traffic is https anyway, we can take some pressure off of the filesystem (ssd).
Sun, Sep 6
The perl scripts didn't create any config line, that's why I'm asking. I have it already implemented and successfully tested with the new python code, but wonder how people were able to use it all by just using the cli. I may need somebody for testing with AD, since I don't have access to any AD environment anymore.
Sat, Sep 5
Does anyone know if ldap auth worked at all with the old perl backend? I try to find out how likely I need to migrate cli entries. from what I have seen, ldap auth with anonymous ldap browsing didn't generate any required config for squid.
Fri, Sep 4
I agree, a separate DNS would be way easier to maintain if you have a lot of TLDs you need/want to block, since squid has to load it from a list, let's see if anyone is still using that, other wise it would be nicer and easier to scrape that off and implement a nameserver tag node win the cli.
Thu, Sep 3
Is there any interest in the following scenarios:
Sun, Aug 30
Squid will be used for authentication and controlling name resolution (pointing to a spacial DNS or so?) , no squidguard or caching will be used anymore.
@c-po https://github.com/vyos/vyos-build/pull/121 will fix it, but I used .142 while the conifg file was from 136, so please review first. I tested it and the system speaker is fully functional again.
You can test it quickly via `echo -ne "\a"', which should make noise. Beep seems to be broken, looks like it can't be used via sudo, something I may can have a look later into.
Sat, Aug 29
echo -ne "\a" should give you a beep sound on the the system speaker too, if you just want to quickly test it. I tested it with deb10 minimal install, works via qemu too.
e.g: qemu-system-x86_64 -smp cpus=3 -soundhw pcspk -m 1024 -enable-kvm -drive file=os.img,media=disk (os disk is a deb10 netinstall).
With capabilities I meant the listed capabilities listed under the input link via sys:
As far as I recall it doesn't initializes is correctly anymore, you can test with beep. The system beep you can set via cli is broken since then.
Fri, Aug 28
Fixing up the code, but it will suffer the same issue as in T2835. That build file should be the last thing in the build process, otherwise there is no other way to find out what pkg were installed during the build.
It looks like that the build process messed it up, it did create the version file at the beginning of the build, not at the end. After the file usr/share/vyos/version.json was create, pkg installations took place a few minutes alter, that's why everything in the image is newer than the version file, therefore the command output is absolutely correct. I'll check if I can find out what went wrong during the build, since it appears that only 1.2.6 is affected.
Built on: Thu 13 Aug 2020 11:57 UTC
Happens also when just using the booted image without install. Investigating.
Jul 27 2020
-1 as well
As an additional tool I think it's ok but other than that there is no reason for that too.
Apr 7 2020
Mar 24 2020
The code should be in the op-mode script rather than the class.But the PR was merged in, so I suppose it's ok.
Mar 21 2020
@alien Can you please share your config, I can't reproduce it. The op function will be moved into the the ops script out of the ifconfig class, which caused the issue due to restructuring out internal class architecture.
Mar 19 2020
@alien Can you please test the issue with the latest rolling release?
Mar 16 2020
https://github.com/vyos/vyos-1x/commit/5cb0059353e94dc11aa116e4aa8ce0422c4f3534 should fix the issue. The op-mode commands may need to be refactored in general and split into it's own structures.
@syncer https://github.com/vyos/vyos-1x/commit/dad110ce666edae42ac18c59a800bda503589f27 are only CLI modifications (validation to be be precise), no code changes at all which would change the functionality, in my opinion it can be backported as is.
Mar 2 2020
Feb 27 2020
No answer from user.
Feb 24 2020
@Dmitry next rolling will have it enabled, let me know if it works for you as intended.
Feb 23 2020
Feb 11 2020
Feb 8 2020
Jan 31 2020
Jan 28 2020
Jan 26 2020
All right, we stay with squid, however I may drop squidguard but ask in the forum first if that feature would be required by many users.
Jan 24 2020
Jan 23 2020
@max1e6 Did you have a chance to test? Otherwise I assume the issue isn't present anymore.
Let me know if you come across any issues.
@Dmitry What default delays do you suggest?
@syncer After all considerations, because of the authentication modules squid brings in, I would rather stay with squid for now. Let me know what you think.
Jan 21 2020
- trafficserver (buster native - 19.7 MB of additional disk space will be used)
- looks like squidguard can't be integrated (removing it entirely?)
Jan 17 2020
Ack, I have already after step 5 an issue. The uids shouldn't be an issue, since the users should be all in the same group and the group has r/w permissions.