Page MenuHomeVyOS Platform

sdev (Simon)
User

Projects

User does not belong to any projects.

User Details

User Since
May 6 2021, 3:27 PM (6 w, 6 d)

Recent Activity

Yesterday

sdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

@SrividyaA Fixed in PR https://github.com/vyos/vyos-1x/pull/894

Tue, Jun 22, 7:45 AM · VyOS 1.4 Sagitta
sdev added a comment to T3643: show vpn ipsec sa doesn't show tunnels in "down" state.

PR: https://github.com/vyos/vyos-1x/pull/894

Tue, Jun 22, 7:44 AM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

Mon, Jun 21

sdev updated the task description for T3642: PKI configuration.
Mon, Jun 21, 5:18 PM · VyOS 1.4 Sagitta
sdev updated the task description for T3642: PKI configuration.
Mon, Jun 21, 5:18 PM · VyOS 1.4 Sagitta
sdev created T3642: PKI configuration.
Mon, Jun 21, 5:14 PM · VyOS 1.4 Sagitta

Sat, Jun 19

sdev added a comment to T3635: Add ability to use mDNS repeater with VRRP.

PR: https://github.com/vyos/vyos-1x/pull/887

Sat, Jun 19, 11:55 AM · VyOS 1.4 Sagitta
sdev changed the status of T3635: Add ability to use mDNS repeater with VRRP from Open to In progress.
Sat, Jun 19, 11:48 AM · VyOS 1.4 Sagitta

Thu, Jun 17

sdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

@SrividyaA Fixed in PR: https://github.com/vyos/vyos-1x/pull/884

Thu, Jun 17, 7:58 PM · VyOS 1.4 Sagitta

Tue, Jun 15

sdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

Swanctl migration PR: https://github.com/vyos/vyos-1x/pull/881

Tue, Jun 15, 8:43 AM · VyOS 1.4 Sagitta

Sat, Jun 12

sdev added a comment to T1501: VPN Commit Errors.

PR: https://github.com/vyos/vyos-1x/pull/875

Sat, Jun 12, 7:21 PM · VyOS 1.3 Equuleus

Fri, Jun 11

sdev added a comment to T645: Allow multiple prefixes in ipsec tunnel.

Included in PR: https://github.com/vyos/vyos-1x/pull/872

Fri, Jun 11, 8:45 PM · VyOS 1.4 Sagitta
sdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

I've left vti esp-group to keep backwards compatibility with current behaviour when vti is configured without any tunnels (when it uses 0.0.0.0/0), in that scenario it would still use the group specified.

Fri, Jun 11, 5:00 PM · VyOS 1.4 Sagitta
sdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

I wonder if instead it should just use the normal tunnel node for this. So if VTI is set on a peer, all configured tunnels get marked for the VTI interface. Current VyOS behaviour allows only for tunnels, or VTI - not both. This method would make use of the existing config tree.

Fri, Jun 11, 4:27 PM · VyOS 1.4 Sagitta
sdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

@krox2 Oh I think I understand what you mean. You'd want to also be able to create multiple child SAs each with unique left/right subnets?

Fri, Jun 11, 11:45 AM · VyOS 1.4 Sagitta

Thu, Jun 10

sdev added a comment to T3613: Selectors for route-based IPsec tunnel (vti).

PR: https://github.com/vyos/vyos-1x/pull/872

Thu, Jun 10, 10:20 PM · VyOS 1.4 Sagitta

Mon, Jun 7

sdev added a comment to T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.

Clarifying as requested by c-po:

Mon, Jun 7, 9:12 AM · VyOS 1.4 Sagitta

Fri, Jun 4

sdev changed the status of T3599: Migrate NHRP to XML/Python from In progress to Needs testing.

PR: https://github.com/vyos/vyos-1x/pull/865

Fri, Jun 4, 9:55 PM · VyOS 1.4 Sagitta
sdev changed the status of T3599: Migrate NHRP to XML/Python from Open to In progress.
Fri, Jun 4, 5:28 PM · VyOS 1.4 Sagitta

Thu, Jun 3

sdev created T3598: DMVPN/IPSec does not work with upstream Strongswan 5.9.
Thu, Jun 3, 2:32 PM · VyOS 1.4 Sagitta

Tue, Jun 1

sdev changed the status of T3594: Disable by default service strongswan-starter, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to In progress.
Tue, Jun 1, 1:28 PM · VyOS 1.4 Sagitta
sdev changed the status of T3594: Disable by default service strongswan-starter from Open to In progress.

PR: https://github.com/vyos/vyos-build/pull/168

Tue, Jun 1, 1:28 PM · VyOS 1.4 Sagitta

Sun, May 30

sdev added a comment to T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.

Also vpn ipsec site-to-site peer x tunnel x allow-nat-networks and vpn ipsec site-to-site peer x tunnel x allow-public-networks

Sun, May 30, 9:46 AM · VyOS 1.4 Sagitta

Fri, May 28

sdev added a comment to T3585: Fix NHRP module for updated interfaces tunnel syntax.

PR: https://github.com/vyos/vyos-nhrp/pull/6

Fri, May 28, 9:49 AM · VyOS 1.4 Sagitta
sdev changed the status of T3585: Fix NHRP module for updated interfaces tunnel syntax from Open to In progress.
Fri, May 28, 9:19 AM · VyOS 1.4 Sagitta

Thu, May 27

sdev added a comment to T2816: Rewrite IPsec scripts with the new XML/Python approach.

IPSec / DMVPN PR: https://github.com/vyos/vyos-1x/pull/856

Thu, May 27, 5:09 PM · VyOS 1.4 Sagitta

May 24 2021

sdev added a comment to T3577: Generating vpn x509 key pair fails with command not found.

The main issue seems to be a lack of execute permissions on the script vyatta-gen-x509-keypair

May 24 2021, 12:48 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
sdev created T3577: Generating vpn x509 key pair fails with command not found.
May 24 2021, 12:41 PM · VyOS 1.2 Crux, VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

May 22 2021

sdev added a comment to T3570: Prevent setting of a larger MTU on child interfaces.

PR: https://github.com/vyos/vyos-1x/pull/853

May 22 2021, 7:49 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta
sdev changed the status of T3570: Prevent setting of a larger MTU on child interfaces from Open to In progress.
May 22 2021, 7:37 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta

May 12 2021

sdev created T3543: Support for setting lacp_rate on LACP bonded interfaces.
May 12 2021, 10:05 PM · VyOS 1.3 Equuleus, VyOS 1.4 Sagitta