Page MenuHomePhabricator

hagbard (burkhard)
User

Projects

User Details

User Since
May 25 2018, 2:31 AM (38 w, 4 d)

Recent Activity

Today

hagbard triaged T1255: /usr/libexec/vyos/conf_mode/host_name.py needs to add an additional newline char as Normal priority.
Tue, Feb 19, 11:09 PM · VyOS 1.2 Crux
hagbard added a comment to T1255: /usr/libexec/vyos/conf_mode/host_name.py needs to add an additional newline char.

It also overwrites resolv.conf without checking if dhcp already set it up.

Tue, Feb 19, 11:07 PM · VyOS 1.2 Crux
hagbard claimed T1255: /usr/libexec/vyos/conf_mode/host_name.py needs to add an additional newline char.
Tue, Feb 19, 10:29 PM · VyOS 1.2 Crux
hagbard closed T1254: wireguard generate wireguard keypair fails when executed on the iso as Resolved.
Tue, Feb 19, 8:43 PM · VyOS 1.2 Crux
hagbard changed the status of T1254: wireguard generate wireguard keypair fails when executed on the iso from Open to In progress.
Tue, Feb 19, 7:52 PM · VyOS 1.2 Crux
hagbard claimed T1254: wireguard generate wireguard keypair fails when executed on the iso.
Tue, Feb 19, 7:47 PM · VyOS 1.2 Crux
hagbard triaged T1254: wireguard generate wireguard keypair fails when executed on the iso as Wishlist priority.
Tue, Feb 19, 7:47 PM · VyOS 1.2 Crux
hagbard created T1254: wireguard generate wireguard keypair fails when executed on the iso.
Tue, Feb 19, 7:47 PM · VyOS 1.2 Crux
hagbard closed T1051: Update openvpn to support TLS 1.2 as Resolved.

Tested it myself and can't find any issues.

Tue, Feb 19, 7:02 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

No idea what that could be, it's for sure a config problem since many others use it as well as myself with no issue at all. Is there any way I can access your env?

Tue, Feb 19, 7:00 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

@hagbardIt fixes the issue with WANLOADBALANCE_PRE chain, but we still observe unexpected behavior.
I will write a little bit more letter.

Tue, Feb 19, 4:22 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
hagbard closed T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules as Resolved.
Tue, Feb 19, 4:18 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)

Fri, Feb 15

hagbard moved T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules from Need Triage to In Progress on the VyOS 1.2 Crux board.
Fri, Feb 15, 9:36 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Should be in the latest rolling or here: http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-13_all.deb

Fri, Feb 15, 8:37 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard changed the status of T686: 'run show openvpn client-status' is not displaying local tunnel address from In progress to On hold.

The client status file information is quite different compared to the one from a server config, I couldn't find a way yet to retrieve the information for the table.

Fri, Feb 15, 7:00 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard changed the status of T686: 'run show openvpn client-status' is not displaying local tunnel address from Open to In progress.
Fri, Feb 15, 6:37 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

@zsdc Is it working for you with the package above?

Fri, Feb 15, 5:29 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)

Thu, Feb 14

hagbard changed the status of T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules from Confirmed to Needs testing.
Thu, Feb 14, 11:37 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

@zsdc All right, http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyatta-wanloadbalance/vyatta-wanloadbalance_0.13.70+vyos2+current1_amd64.deb should solve the issue you are seeing. The code of the binary is good for another dozen bug tickets =)

Thu, Feb 14, 11:37 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

LBDecision::execute(): applying command to system: iptables -t mangle -A WANLOADBALANCE_PRE -i eth1 --proto all --destination ! 192.168.0.0/16 -m state --state NEW -j ISP_eth1
Bad argument `192.168.0.0/16'
Try `iptables -h' or 'iptables --help' for more information.
LBDecision::execute(): applying command to system: iptables -t mangle -A WANLOADBALANCE_PRE -i eth1 --proto all --destination ! 192.168.0.0/16 -j CONNMARK --restore-mark
Bad argument `192.168.0.0/16'
Try `iptables -h' or 'iptables --help' for more information.

Thu, Feb 14, 11:06 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules from Open to Confirmed.
Thu, Feb 14, 10:54 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1247: WAN load-balancing fail when !<x.x.x.x/x> configured in rules.

Happens in /opt/vyatta/sbin/wan_lb.

Thu, Feb 14, 9:48 PM · VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.1)
hagbard closed T258: Can not configure wan load-balancing on vyos-1.2 as Resolved.

Thanks for testing. New rolling has been built as well.
https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201902142225-amd64.iso

Thu, Feb 14, 9:44 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T258: Can not configure wan load-balancing on vyos-1.2 from Confirmed to Needs testing.

Please test http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyatta-wanloadbalance/vyatta-wanloadbalance_0.13.69+vyos2+current1_amd64.deb or latest rolling release.

Thu, Feb 14, 7:02 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T258: Can not configure wan load-balancing on vyos-1.2 from Open to Confirmed.
Thu, Feb 14, 6:34 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard claimed T258: Can not configure wan load-balancing on vyos-1.2.
Thu, Feb 14, 5:51 PM · VyOS 1.2 Crux (VyOS 1.2.1)

Wed, Feb 13

hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t Please test the latest rolling which has openvpn2.4 installed.

Wed, Feb 13, 4:20 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard placed T1223: Zabbix Proxy crash on actual version of VyOS up for grabs.
Wed, Feb 13, 4:13 PM · Core Community

Mon, Feb 11

hagbard added a comment to T1223: Zabbix Proxy crash on actual version of VyOS.

Nope. The function gethostbyaddr() is a libc function. What you can do is to try to reproduce the issue under debian 8 (jessie).
The crash in the zabbix ticket however is that the zabbix proxy is crashing when it received 3123 byte from 10.255.0.1.

Mon, Feb 11, 5:07 PM · Core Community
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Ok, so that issue has been corrected, I used the wrong validator. (https://github.com/vyos/vyos-1x/commit/1842fc9fdbcfa877e42714eaf620dff18ff9859c)

Mon, Feb 11, 4:52 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Hmm, that (the IP validation) was a different change which was working. I'll have a look.

Mon, Feb 11, 4:43 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Sat, Feb 9

hagbard closed T1238: Wireguard allows invalid IP's as Resolved by committing Restricted Diffusion Commit.
Sat, Feb 9, 10:53 PM · VyOS 1.2 Crux
hagbard changed the status of T1238: Wireguard allows invalid IP's from Open to In progress.
Sat, Feb 9, 10:20 PM · VyOS 1.2 Crux
hagbard closed T1010: improper pid file handling of webgui as Resolved.
Sat, Feb 9, 10:16 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard closed T1223: Zabbix Proxy crash on actual version of VyOS as Invalid.

looks to me like a classic buffer overflow on the zabix agent.

Sat, Feb 9, 7:12 PM · Core Community
hagbard claimed T1239: make module build for vyos-accel-ppp dynamic.
Sat, Feb 9, 7:05 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
hagbard created T1239: make module build for vyos-accel-ppp dynamic.
Sat, Feb 9, 7:05 PM · VyOS 1.2 Crux (VyOS 1.2.1), VyOS 1.3 Equuleus
hagbard claimed T1238: Wireguard allows invalid IP's.
Sat, Feb 9, 11:50 AM · VyOS 1.2 Crux
hagbard added a comment to T1010: improper pid file handling of webgui.
Sat, Feb 9, 11:06 AM · VyOS 1.2 Crux (VyOS 1.2.2)

Fri, Feb 8

hagbard changed the status of T1010: improper pid file handling of webgui from Open to In progress.
Fri, Feb 8, 7:36 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

All right, let me know if you need help.

Fri, Feb 8, 6:49 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Thu, Feb 7

hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t Can you please test?

Thu, Feb 7, 11:46 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Hmm. That's weird, I tested some rolling releases and 1.2.0, directly connected and via 5 hops, I can't reproduce what you see. If your crypto is ok and you have the the interface up and running, there won't be an issue. I would also see way more bug tickets here. So , I still believe yoru setup is incorrect, however it's hard to say where it fails. If the wg interface has no incoming and outgoing traffic, it's most likely routing. If inside the wg interface traffic goes out but is not answered but received on the upstream interface, somet6hing is wrong with the crypto. In your sho interface output is shows that traffic is being sent, but nothing recveived, that means the traffic you receive on the WAN side can't be authenticated, so that is an crypto issue. Either the traffic can't be decrypted or there is no existing setup for this public key. If the public key fits, then you can always decrypt with with your private one.

Thu, Feb 7, 6:12 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

That smells more like an issue with your key setup. The wg interface listens on any interface which is up and running. If the traffic inside the wg interface doesn't show anything, that means it can't decrypt the traffic with your private key.

Thu, Feb 7, 5:52 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Tue, Feb 5

hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

Tested the config above with in 1.2, no issues found. Not sure what it is yet, but it looks like that either the traffic doesn't really reach the destination (aka endpoint) or vice versa. Awaiting some show output to check the key config etc.

Tue, Feb 5, 11:40 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

@Maltahl You can use any rolling, I made an enhancement yesterday to disable peers, but other than that the code hasn't been touched for a while. If the rolling release works, I need to have a look into 1.2.0. I tested with your config above and everything was working as expected, but I'm around today so feel free to ping me on slack in 1hr.

Tue, Feb 5, 4:14 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Mon, Feb 4

hagbard changed the status of T1226: Wireguard not working between vyos routers 1.2.0 from In progress to On hold.
Mon, Feb 4, 9:38 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

@Maltahl Let me know if you still need help, please. I put the task meanwhile on-hold.

Mon, Feb 4, 9:37 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard closed T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers as Resolved.

http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-12_all.deb next rolling release has it.

Mon, Feb 4, 8:26 PM · VyOS 1.2 Crux
hagbard changed the status of T1226: Wireguard not working between vyos routers 1.2.0 from Open to In progress.
Mon, Feb 4, 6:04 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Sat, Feb 2

hagbard added a comment to T1218: Static routes not being applied in 1.2 Release.

Hmm, I have 7.1-dev-1~debian8+1 on a rolling and 3 blackhole routes and no issues at all.

Sat, Feb 2, 7:06 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard claimed T1226: Wireguard not working between vyos routers 1.2.0.
Sat, Feb 2, 5:29 PM · VyOS 1.2 Crux (VyOS 1.2.2)
hagbard added a comment to T1226: Wireguard not working between vyos routers 1.2.0.

@Maltahl Did you try the same with the rolling release? I don't see any issue with your config in particular, did you check that the wg traffic is actually getting to your router02?

Sat, Feb 2, 5:28 PM · VyOS 1.2 Crux (VyOS 1.2.2)

Fri, Feb 1

hagbard triaged T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers as Normal priority.
Fri, Feb 1, 7:00 PM · VyOS 1.2 Crux
hagbard claimed T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers .
Fri, Feb 1, 6:59 PM · VyOS 1.2 Crux
hagbard created T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers .
Fri, Feb 1, 6:59 PM · VyOS 1.2 Crux

Thu, Jan 31

hagbard changed the status of T1051: Update openvpn to support TLS 1.2 from Open to Needs testing.

@thinkl33t Would you mind testing your use case with https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201901312041-amd64.iso or later? This iso is using the bpo package of openvpn (2.4.0).

Thu, Jan 31, 8:14 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@thinkl33t http://dev.packages.vyos.net/repositories/current/vyos/pool/main/o/openvpn/openvpn_2.4.0-6+deb9u1~bpo8+1_amd64.deb

Thu, Jan 31, 7:41 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Wed, Jan 30

hagbard closed T1217: 1.2.0 LTS cant delete wireguard wg0 interface as Resolved.

http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.2.0-11_all.deb or next rolling release will have the fix.

Wed, Jan 30, 11:36 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1217: 1.2.0 LTS cant delete wireguard wg0 interface.

Fix: https://github.com/vyos/vyos-1x/commit/2f70340179a64d5936c32cc3c0d6d7f6f04054d0 applied, pkg build currently running.

Wed, Jan 30, 11:02 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T1217: 1.2.0 LTS cant delete wireguard wg0 interface from Confirmed to In progress.
Wed, Jan 30, 10:54 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1217: 1.2.0 LTS cant delete wireguard wg0 interface.

Bug confirmed.

Wed, Jan 30, 10:49 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard changed the status of T1217: 1.2.0 LTS cant delete wireguard wg0 interface from Open to Confirmed.
Wed, Jan 30, 10:48 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1217: 1.2.0 LTS cant delete wireguard wg0 interface.

I can't replicate it, but I'm using also the rolling release.
Can you please provide the output of:

Wed, Jan 30, 10:31 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard claimed T1217: 1.2.0 LTS cant delete wireguard wg0 interface.
Wed, Jan 30, 10:23 PM · VyOS 1.2 Crux (VyOS 1.2.1)
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@c-po imported and test against latest rolling, I couldn't find any issue with 2.4.
Can you please set it up in ci? I'll take it from there once set up.

Wed, Jan 30, 8:15 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@c-po it only affects clients which enforce tls 1.0 or 1.1, at least what I have tested. The perl code needs quite some rework, so I think I split the task into getting a newer release of openvpn into the build. Newer versions have tls 1.0 and 1.1 disabled per default from what I have read, so I think it might be more a changelog announcement that with the new version only tls 1.2 is automatically supported and you have the option to enable weak ciphers via opt .... or so. I'm not too sure yet, I think I have to wait a little on the response once the newer version is in rolling and the feedback I receive.

Wed, Jan 30, 6:06 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Tue, Jan 29

hagbard added a comment to T166: NPTv6 Broken - 999.201609170235.

Done. https://github.com/vyos/vyatta-nat/commit/98ce64bc3c73118c8e909173da460501ca6cabf1

Tue, Jan 29, 11:27 PM · VyOS 1.3 Equuleus
hagbard closed T166: NPTv6 Broken - 999.201609170235 as Resolved.

Perfect. Merged: https://github.com/vyos/vyatta-cfg-firewall/commit/23447bef89a46f44d7544f15c2755d33f38ffd4c

Tue, Jan 29, 9:43 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.
In T1051#27092, @c-po wrote:

set interfaces openvpn vtun0 disable-weak-tls-ciphers

Tue, Jan 29, 6:32 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA
hagbard added a comment to T166: NPTv6 Broken - 999.201609170235.

@Merijn Have you tested your changes already? I was only bale to find https://github.com/vyos/vyatta-cfg-firewall/pull/12 which only contains the ip6tables targets, did you send PRs for systctl too?

Tue, Jan 29, 6:30 PM · VyOS 1.3 Equuleus

Mon, Jan 28

hagbard changed the status of T833: accel-ppp: pptp implementation, a subtask of T742: Implement accel-ppp in VyOS, from On hold to Confirmed.
Mon, Jan 28, 10:57 PM · VyOS 1.3 Equuleus
hagbard changed the status of T833: accel-ppp: pptp implementation from On hold to Confirmed.
Mon, Jan 28, 10:57 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1051: Update openvpn to support TLS 1.2.

@syncer Currently we ship in the iso openvpn from, we could use it from bpo which would be 2.4 (2.6 is the latest), or we replace it with a self-compiled 2.6, or do you just want cpo's solution implemented?

Mon, Jan 28, 4:48 PM · VyOS 1.2 Crux (VyOS 1.2.2), VyOS-1.2.0-GA

Sat, Jan 26

hagbard renamed T1205: module pcspkr missing from module pcspkr missiing to module pcspkr missing.
Sat, Jan 26, 6:35 PM · VyOS 1.3 Equuleus
hagbard closed T1193: libvyosconfig parser cannot handle top level leaf and tag nodes as Resolved.
Sat, Jan 26, 6:34 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard created T1205: module pcspkr missing.
Sat, Jan 26, 6:25 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Rebuilding iso, once it finished it will have the correct version.
[...]
Get:152 http://dev.packages.vyos.net/repositories/current/vyos/ current/main libvyosconfig0 amd64 0.0.6 [841 kB]
[...]
Will test it from the iso, just for peace of mind.

Sat, Jan 26, 5:32 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard claimed T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Dev.packages has 0.0.06, so something goes sideways during build process, I will work on that and test. I'll take the task back and close it when resolved in ci (looking into it right now). I manually installed the package and everything works as expected.

Sat, Jan 26, 5:26 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Still same issue on 1.2.0-rolling+201901250337.

Sat, Jan 26, 5:21 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Nice! I will test it tomorrow for sure.

Sat, Jan 26, 2:28 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)

Fri, Jan 25

hagbard closed T1178: Scheduled script breaks ability to modify configuration as Resolved.
Fri, Jan 25, 8:07 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Anyone?

Fri, Jan 25, 6:13 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)

Wed, Jan 23

hagbard reassigned T1193: libvyosconfig parser cannot handle top level leaf and tag nodes from hagbard to dmbaturin.
Wed, Jan 23, 8:08 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Found the bug, https://github.com/hagbard-01/vyos-1x/releases/download/1.2.0-10/vyos-1x_1.2.0-10_all.deb should fix it. As soon as You guys can confirm, I push it upstream.

Wed, Jan 23, 7:56 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

@c-po All right, found it. Try it without arguments, then it ends up just as */5 * * * * root /usr/bin/logger which causes the issue. That shouldn't be too hard to fix, the existence of the cronjobfile after a reboot without the save command however is a longer journey.

Wed, Jan 23, 6:32 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Thanks that helps, I gotta review. Remote authenticated users would act like local ones by the way, pam would resolve it or if it can't be resolved, con exits with 1.

Wed, Jan 23, 6:07 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

@c-po
*/5 * * * * cpo sg vyattacfg "/usr/bin/logger foo"

Wed, Jan 23, 7:44 AM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

I had to pass on libvyos and OCAML, just reading and understanding a few lines took me forever. What would be the fix?

Wed, Jan 23, 6:41 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)

Tue, Jan 22

hagbard updated subscribers of T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.
Tue, Jan 22, 10:58 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.

Issue sits somewhere in vyos.configtree

Tue, Jan 22, 10:45 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard changed the status of T1193: libvyosconfig parser cannot handle top level leaf and tag nodes from Open to Confirmed.
Tue, Jan 22, 10:39 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard claimed T1193: libvyosconfig parser cannot handle top level leaf and tag nodes.
Tue, Jan 22, 10:38 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

All right, can you please test: https://github.com/hagbard-01/vyos-1x/releases/download/1.2.0-10/vyos-1x_1.2.0-10_all.deb

Tue, Jan 22, 10:26 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard renamed T1194: cronjob is being setup even if not saved from conjobs is being setup even if not saved to conjob is being setup even if not saved.
Tue, Jan 22, 8:58 PM · VyOS 1.3 Equuleus
hagbard created T1194: cronjob is being setup even if not saved.
Tue, Jan 22, 8:53 PM · VyOS 1.3 Equuleus
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

OK, so the issue happens only if a) the cronjobs was executed by root and b) it modifies the config (which gets then rewritten via union-fs). I created another user called test01, the user vyos has a cron job in his name, regardless what user (test01 or vyos) the script runs, all stays healthy. As soon as the script is triggered via root, you can't set anything in your running config due to the permission changes I wrote yesterday.

Tue, Jan 22, 8:42 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard added a comment to T1178: Scheduled script breaks ability to modify configuration.

Thanks for confirming. With 2 users, you may encounter always the issue that a cronjob locks up your ability to change the config afterwards. For now the manual workaround should help you, I'm going to revert my changes from yesterday and return to the drawing board.

Tue, Jan 22, 6:35 PM · VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard closed T1181: disable/enable interface with dhcp ip assignement fails to restart dhclient as Resolved.

Thx for testing.

Tue, Jan 22, 6:16 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)
hagbard closed T894: DHCP not renewed after switching network as Resolved.

Fixed via T1181

Tue, Jan 22, 6:15 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-GA)