Page MenuHomePhabricator

varesa (Esa Varemo)
User

Projects

User does not belong to any projects.

User Details

User Since
Apr 29 2018, 3:43 PM (80 w, 1 d)

Recent Activity

Jul 13 2019

varesa added a project to T1521: Build instructions: 'make iso' needs root: Restricted Project.
Jul 13 2019, 5:01 PM · Restricted Project
varesa created T1522: If a config session is not close cleanly, the unionfs-mount is not cleaned up in the S1 VyOS Public space.
Jul 13 2019, 4:58 PM
varesa updated the task description for T1521: Build instructions: 'make iso' needs root.
Jul 13 2019, 12:30 PM · Restricted Project
varesa changed the status of T1521: Build instructions: 'make iso' needs root from Open to Confirmed.
Jul 13 2019, 12:29 PM · Restricted Project
varesa added a comment to T1521: Build instructions: 'make iso' needs root.

https://github.com/vyos/vyos-documentation/pull/74

Jul 13 2019, 12:28 PM · Restricted Project
varesa added a comment to T1521: Build instructions: 'make iso' needs root.

Looking at the Jenkinsfile it seems that missing sudo is the only difference:

Jul 13 2019, 12:26 PM · Restricted Project
varesa created T1521: Build instructions: 'make iso' needs root in the S1 VyOS Public space.
Jul 13 2019, 12:21 PM · Restricted Project

May 20 2019

varesa added a comment to T1385: Allow bonding interfaces to have pseudo-ethernet interfaces.

The place that limits it to only ethernet devices seems to be: https://github.com/vyos/vyatta-cfg-system/blob/crux/templates/interfaces/pseudo-ethernet/node.tag/link/node.def (the checking itself happens at https://github.com/vyos/vyatta-cfg-system/blob/current/scripts/vyatta-interfaces.pl#L377)

May 20 2019, 8:50 PM · VyOS 1.3 Equuleus

Mar 11 2019

varesa added a comment to T1293: Zone-policy implementation does not allow secondary IP on an interface to communicate.

I managed to reproduce this earlier. These were the generated iptables rules and pinging from any source IP except the first one did not work. https://phabricator.vyos.net/P66
I could see the responses in tcpdump but they were getting blocked (so I assume. They did not reach the running ping program)

Mar 11 2019, 8:04 PM
varesa triaged T1294: Trying to delete 'system syslog' throws an exception/traceback as Low priority.
Mar 11 2019, 7:40 PM
varesa updated the task description for T1292: Issues while deleting all rules from a firewall.
Mar 11 2019, 7:23 PM
varesa added a comment to T1281: Ability to start DHCP cluster in degraded state.

From the man page:

You can put the server into the PARTNER-DOWN state either by using the omshell (1) command or by stopping the server, editing the last peer state declaration in the lease file, and restarting the server.
Mar 11 2019, 8:44 AM · VyOS 1.3 Equuleus
varesa created T1292: Issues while deleting all rules from a firewall in the S1 VyOS Public space.
Mar 11 2019, 8:38 AM

Mar 8 2019

varesa added a comment to T1276: dhcp relay + VLAN fails.
In T1276#33655, @syncer wrote:

Wondering if we should disable all offload stuff in virtualized environments (which not make sense anyway)

Mar 8 2019, 9:07 PM · VyOS 1.3 Equuleus

Mar 5 2019

varesa added a comment to T1276: dhcp relay + VLAN fails.

I have tested this also with putting the DHCP subnet tagged on the interface itself within proxmox. Same problem occures... So removing the server from the vlan.interface doesn't change a thing, I could test with the clients on their own interface (ethX) and add that to the relay section instead of ethX.clientVlanId but I doubt if that works.
So I don't see where do you see that this could not be a bug.

Mar 5 2019, 7:01 AM · VyOS 1.3 Equuleus

Mar 4 2019

varesa added a comment to T1276: dhcp relay + VLAN fails.

The way ISC DHCP Relay works you need to give it both the upstream and downstream interfaces (e.g. where it will listen to requests and ones where it will talk to the DHCP server). It is also shown (while not explicitly said) in the documentation: https://wiki.vyos.net/wiki/DHCP_relay

Mar 4 2019, 10:40 PM · VyOS 1.3 Equuleus
varesa added a comment to T1276: dhcp relay + VLAN fails.

vyos@vyos:~$ sh conf commands
set interfaces ethernet eth0 address '172.16.0.1/24'
[...]
set service dhcp-relay interface 'eth1.40'
set service dhcp-relay interface 'eth1.41'
set service dhcp-relay interface 'eth1.42'
set service dhcp-relay interface 'eth1.100'
set service dhcp-relay interface 'eth1.101'
set service dhcp-relay interface 'eth1.102'
set service dhcp-relay relay-options relay-agents-packets 'discard'
set service dhcp-relay server '172.16.0.10'
[...]

Mar 4 2019, 8:43 PM · VyOS 1.3 Equuleus
varesa added a comment to T1276: dhcp relay + VLAN fails.

For those of you with issues with DHCP relay and VLANs, have you:

  • Added the interface that the DHCP server is reachable on to the service dhcp-relay interface <interface> list?
  • Added the sub-interface (e.g. eth0.20) to the interfaces instead of the parent interface (eth0)?
Mar 4 2019, 6:14 PM · VyOS 1.3 Equuleus
varesa added a comment to T1276: dhcp relay + VLAN fails.

Tested on:

Mar 4 2019, 3:39 PM · VyOS 1.3 Equuleus
varesa added a comment to T1276: dhcp relay + VLAN fails.

I was asked to test with VRRP, still works fine.

Mar 4 2019, 3:37 PM · VyOS 1.3 Equuleus
varesa added a comment to T1276: dhcp relay + VLAN fails.

I did not manage to reproduce the issue.

Mar 4 2019, 3:27 PM · VyOS 1.3 Equuleus

Feb 28 2019

varesa added a comment to T1246: VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values.

I should note that this is not my issue/task nor am I personally affected by it. I just pointed out that part of the original issue should be solved by my PR which originated from elsewhere and left my two cents about how to handle the other case here.

Feb 28 2019, 10:21 PM · VyOS 1.2 Crux (VyOS 1.2.3), VyOS 1.3 Equuleus
varesa added a comment to T1246: VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values.
What comes to the quoting of openvpn-option --push "xxx", if we do not want to introduce nested quotes to the parser, maybe we should have a second configuration option dedicated to --push?

There is open-vpn server push-route or so available. Sooner or later that backend will be rewritten.

Feb 28 2019, 12:13 AM · VyOS 1.2 Crux (VyOS 1.2.3), VyOS 1.3 Equuleus
varesa added a comment to T1246: VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values.

What comes to the quoting of openvpn-option --push "xxx", if we do not want to introduce nested quotes to the parser, maybe we should have a second configuration option dedicated to --push?

Feb 28 2019, 12:06 AM · VyOS 1.2 Crux (VyOS 1.2.3), VyOS 1.3 Equuleus
varesa added a comment to T1246: VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values.

@varesa so 'server push-route x.x.x.0/24' does work for you?
The double quotes are an issue with the parser and I doubt that if will be allowed in the future again.

Feb 28 2019, 12:00 AM · VyOS 1.2 Crux (VyOS 1.2.3), VyOS 1.3 Equuleus

Feb 27 2019

varesa added a comment to T1259: OpenVPN Server Fails to Start.

In T1246 I noticed that while my fix makes the syntax correct enough that OpenVPN starts, it is actually missing the $variables inside the quotes as the patch changed double quotes to single quotes.
That means that instead of --push "dhcp-option DNS 1.1.1.1" or --push "route 192.168.0.0 255.255.255.0" it started with --push "dhcp-option " and --push "route "

Feb 27 2019, 11:59 PM · vyatta-op-vpn, openvpn, vyatta-openvpn
varesa added a comment to T1246: VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values.

I went ahead and dug out the other configuration that doesn't work in 1.2.0 either. This is pulled from the config.boot file in the vyos 1.2.0 image i have installed.

openvpn vtun1 {
      description clientvpn
      encryption aes256
      hash sha256
      local-port 1194
      mode server
      protocol tcp-passive
      server {
          name-server x.x.x.4
          name-server x.x.x.3
          push-route x.x.x.0/24
          push-route x.x.x.0/24
          subnet x.x.x.0/24
      }
      tls {
          ca-cert-file /config/auth/ca.crt
          cert-file /config/auth/server.crt
          dh-file /config/auth/dh2048.pem
          key-file /config/auth/server.key
      }
      use-lzo-compression
  }
Feb 27 2019, 8:15 PM · VyOS 1.2 Crux (VyOS 1.2.3), VyOS 1.3 Equuleus
varesa added a comment to T1270: DHCP Server on VIF interfaces.

e.g. could indeed be tested to make sure that it works

Feb 27 2019, 9:59 AM · Rejected
varesa added a comment to T1270: DHCP Server on VIF interfaces.

I think the issue you found might still be a valid one, even though it was not the same one that was originally talked about on IRC.

Feb 27 2019, 9:58 AM · Rejected

Feb 21 2019

varesa added a comment to T1259: OpenVPN Server Fails to Start.

PR: https://github.com/vyos/vyatta-openvpn/pull/7

Feb 21 2019, 9:36 PM · vyatta-op-vpn, openvpn, vyatta-openvpn
varesa added a comment to T1259: OpenVPN Server Fails to Start.

Hopefully a fix: https://github.com/varesa/vyatta-openvpn/commit/a0d7c07f1ff0b5fe7450d3a13c1365b8e3589725

Feb 21 2019, 9:31 PM · vyatta-op-vpn, openvpn, vyatta-openvpn
varesa added a comment to T1259: OpenVPN Server Fails to Start.

Produced command seems to be:

Feb 21 2019, 9:02 PM · vyatta-op-vpn, openvpn, vyatta-openvpn
varesa added a comment to T1259: OpenVPN Server Fails to Start.

Also managed to reproduce, some set-commands to help reproduction:

Feb 21 2019, 9:00 PM · vyatta-op-vpn, openvpn, vyatta-openvpn

Jul 10 2018

varesa added a comment to T740: User UID not properly set when add/deleting users.

Above was on 1.1.7, the same thing happens on 1.1.8:

Jul 10 2018, 1:15 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
varesa added a comment to T740: User UID not properly set when add/deleting users.

I don't think the alphabetic order is even relevant (or ansible for that matter). Once you delete a user it frees up the UID but leaves the home directory around with the now unused UID. If you re-create users in a different order the UIDs that still own the home directories no longer match the corresponding users.

Jul 10 2018, 1:09 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)