Currently the only application of VyOS LDP is as P router (backbone router in an MPLS cloud).

Additionally, sometimes the Peer ID and Local ID are not correctly formatted. for example:

It seems a parser issue. We are reviewing the script https://github.com/vyos/vyatta-op-vpn/blob/current/scripts/vyatta-op-vpn.pl

When the configuration provided is reproduced, the problem occurs: show ike sa is "down" while show ipsec sa is "up".

ref T2747

And script

#!/usr/bin/env bash

Sounds good thanks.

Your rolling release is from a time where the interface configuration changed heavily. An entire new concept was added, please retry with one of the latest rollings.

FRR 7.4 has been released, and the default behaviour has been changed, commit 62282e8379. @Viacheslav, when we update to this version, I can work with you to update the migration script.

As discussed in above comment, this is understandable behaviour, but will be re-investigated after the move to fastapi, re T2397.

Addressed in T2568.

This was an early experiment which contributed some ideas towards T2582; closed as superseded by that task.

I am giving up with HFSC. I have been studying it for a long time, I have tested it in many different ways, without VyOS too. The only thing I have found is that this is is not a problem of VyOS.

Route Distinguisher & Route Targets are, in general, configured under VRF proccess. Below a sample of how this configurations would looks like:

Bellow a sample of how BGP VPNv4 and VPNv6 AF configuration looks like:

Sure thing. Note my configuration contains some table maps that I have set up to route VPN traffic, and certain source IPs through specific interfaces. But there is no effect on the load-balancer when these sections are removed. Thank you.

Could you please provide full configuration or at least protocol section configuration?

GNS3 virtualization network verification passed

I will have a look as this was not supported by vyatta and therefore not added to the code when converted to python

Coming with a syntax which is not ultimately going to be as complex as the cli may be an impossible challenge. Changing the API to include in the XML what is path vs payload may indeed lead to indeed a better API tho. The example given use the word create in the path when REST would use POST.

The commit fails when the local-ip option is included only with the 6RD prefix options (without 6RD option, 6in4 tunnel is created). In the tunnel.py script, local value is not defined as result stack trace is received

PR: https://github.com/vyos/vyos-build/pull/116

PR Merged

PR: https://github.com/vyos/vyatta-cfg-system/pull/127

Container fixed, closing this ticket

The CI is now extended to build arm containers by default. they are also exported to dockerhub. closing this ticket

Discussion updated in PR 513.
https://github.com/vyos/vyos-1x/pull/513

This will be a oneliner in the new XML implementation. Just send PR

Reading the UBNT source code I see:

https://github.com/vyos/vyos-1x/pull/522

I find the above mentioned syntax to clumsy:

@srgabrieltelecon create please Pull Request.

I´ve used the version of the software: VyOS 1.3-rolling-202007300117.
As I´ve used GRE tunnels it does not simulates the same scenario reported, which uses pure IPsec. I will configure IPsec tunnels over physical interfaces and log the results here again.

I suspect this could be related to displaying a peer with a hostname that contains a dash, such as, "abc-peer12.dyndns.org." Or, possibly a string matching error getting thrown off by "AES_GCM_16_128/MODP_2048"

The IKE SA appears down in your second example?

vyos@HUB-2# sh vpn
ipsec {

esp-group MyESPGroup {
    proposal 1 {
        encryption aes256
        hash md5
    }
}
ike-group MyIKEGroup {
    proposal 1 {
        dh-group 2
        encryption aes256
        hash md5
    }
}
ipsec-interfaces {
    interface eth0.100
}
site-to-site {
    peer 169.254.100.1 {
        authentication {
            mode pre-shared-secret
            pre-shared-secret MYSECRETKEY
        }
        default-esp-group MyESPGroup
        ike-group MyIKEGroup
        local-address 169.254.100.6
        tunnel 20 {
            protocol gre
        }
    }
}

}
[edit]

I´ve configured a simple P-2P IPsec/GRE Tunnel and the command shows IKE and IPsec SAs UP:

Dependency and VRF support for tcptraceroute6 will be submitted in the next few days

I would have expected the output generated to be an OR of the validators or regexes and allow the output if any would have passed it

Before adding "<defaultValue>" it was working but not now.

Fixed, VyOS 1.3-rolling-202008040823

I wasn't trying to solve any specific issue. I was working on some other project, trying to use GCC as a preprocessor, the same way as it's used here, and ran into those obstacles I listed in the original description, which are present here too. I was made aware m4 is much more suitable to template processing than GCC as it was actually designed and made for it.
As for using any self-made code to do this, I have no problem with that as long as it's well known this is what is now used, is documented, and then an effort made to port all preprocessing to it. I see no sense using two or three different preprocessors.

Update document

Thank you for writing some testing code using the smoketest repository. It may take a few working days for anyone to come back to you.

SSH only supports "source-address" via its BindAddress option

smoketest for nptv6