At present, vyos has serious configuration file configuration item application dependency order problem, which can be manually configured, but for the following vyos configuration files:
firewall { all-ping enable broadcast-ping enable config-trap disable ipv6-receive-redirects enable ipv6-src-route enable ip-src-route enable log-martians enable name wan { default-action drop rule 1 { action accept state { established enable related enable } } } name wan-local { default-action drop rule 1 { action accept state { established enable related enable } } rule 2 { action accept icmp { type-name echo-request } protocol icmp state { new enable } } rule 3 { action drop destination { port 22 } protocol tcp recent { count 4 time 60 } state { new enable } } rule 4 { action accept protocol tcp state { new enable } } } options { interface pppoe0 { adjust-mss 1452 adjust-mss6 1280 } } receive-redirects disable send-redirects enable source-validation disable state-policy { established { action accept log { enable } } invalid { action accept log { enable } } related { action accept log { enable } } } syn-cookies enable twa-hazards-protection disable } interfaces { bridge br1 { address 192.168.0.1/24 address fc00:470:f1cd::1/64 description "lan 0" dhcpv6-options { temporary } ipv6 { address { autoconf eui64 fc00:470:f1cd::/64 } dup-addr-detect-transmits 1 } member { interface eth1.1 { } interface eth2 { } } stp } bridge br2 { address 192.168.101.1/24 address fc00:470:f1cd:101::1/64 description "lan 101" dhcpv6-options { temporary } ipv6 { address { autoconf eui64 fc00:470:f1cd:101::/64 } dup-addr-detect-transmits 1 } member { interface eth0 { } interface eth1.2 { } interface eth3 { } interface eth4 { } } stp } ethernet eth0 { description LAN hw-id 00:98:2b:f8:3f:11 ipv6 { address { } dup-addr-detect-transmits 1 } } ethernet eth1 { description Trunk hw-id 00:98:2b:f8:3f:12 vif 1 { description "vlan 1 of eth1" } vif 2 { description "vlan 2 of eth1" } } ethernet eth2 { description LAN hw-id 00:98:2b:f8:3f:13 } ethernet eth3 { description LAN hw-id 00:98:2b:f8:3f:14 } ethernet eth4 { description LAN hw-id 00:98:2b:f8:3f:15 } ethernet eth5 { description WAN disable-flow-control firewall { in { name wan } local { name wan-local } } hw-id 00:98:2b:f8:3f:16 } } nat { nptv6 { rule 2 { description "IPv6 NPT" outbound-interface pppoe0 source { prefix fc00:470:f1cd::/48 } translation { prefix 240e:fc:7d:64b9::/64 } } } source { rule 1 { description PUBLIC log enable outbound-interface pppoe0 protocol all source { address 0.0.0.0/0 } translation { address masquerade } } } } protocols { static { interface-route 0.0.0.0/0 { next-hop-interface pppoe0 { } } interface-route6 ::/0 { next-hop-interface pppoe0 { } } table 150 { interface-route 0.0.0.0/0 { next-hop-interface pppoe0 { } } interface-route6 ::/0 { next-hop-interface pppoe0 { } } } } } service { dhcp-server { shared-network-name pri101 { description "DHCP 101" subnet 192.168.101.0/24 { default-router 192.168.101.1 dns-server 192.168.0.254 dns-server 192.168.101.1 dns-server 192.168.0.1 lease 86400 ntp-server 192.168.101.1 range 0 { start 192.168.101.8 stop 192.168.101.254 } } } } dhcpv6-server { preference 0 shared-network-name pri101 { subnet fc00:470:f1cd:101::/64 { address-range { start fc00:470:f1cd:101::8 { stop fc00:470:f1cd:101:ffff:ffff:ffff:ffff } } name-server fc00:470:f1cd::ff00 name-server fc00:470:f1cd::1 name-server fc00:470:f1cd:101::1 } } } dns { forwarding { allow-from 192.168.0.0/16 allow-from 2001:470:f1cd::/48 cache-size 1024 domain pve. { server 192.168.0.47 server 2001:470:f1cd::47 } listen-address 0.0.0.0 listen-address :: name-server 2001:470:f1cd::ff00 name-server 192.168.0.254 name-server 202.96.134.33 name-server 202.96.128.86 name-server 114.114.114.114 name-server 1.1.1.1 name-server 1.0.0.1 system } } https { virtual-host vhost0 { listen-address "*" server-name 192.168.0.1 } } mdns { repeater { interface br1 interface br2 } } router-advert { interface br1 { } interface br2 { name-server fc00:410:f1cd:101::1 } } ssh { listen-address 0.0.0.0 } } system { acceleration { } config-management { commit-revisions 100 } console { device ttyS0 { speed 115200 } } domain-name router host-name vyos ip { arp { table-size 2048 } multipath { layer4-hashing } } ipv6 { multipath { layer4-hashing } neighbor { table-size 2048 } strict-dad } login { user vyos { authentication { encrypted-password $6$UaXQViDvJ.Hr$85U/9Q5d/tc9hdtrnntMVgrztOCext..OJCHaJYZUo82GAdD95lchvSjI3vCZJTNte7cIAs87YctYlXODGXAz1 plaintext-password "" } } } name-server 192.168.0.1 ntp { allow-clients { address 192.168.0.0/16 address fc00:470:f1cd::/48 } listen-address :: listen-address 0.0.0.0 server 0.debian.pool.ntp.org { } server 1.debian.pool.ntp.org { } server 2.debian.pool.ntp.org { } server 3.debian.pool.ntp.org { } } sysctl { custom net.ipv4.conf.all.rp_filter { value 0 } custom net.ipv4.conf.default.rp_filter { value 0 } custom net.ipv4.conf.eth0.rp_filter { value 0 } custom net.ipv6.conf.all.accept_ra { value 2 } custom net.ipv6.conf.all.forwarding { value 1 } } syslog { global { facility all { level info } facility protocols { level debug } } } time-zone Asia/Shanghai }
Please test its configuration item dependency according to the above configuration!