In T5041#143810, @fernando wrote:

Could we use something like Dannil proposes? https://vyos.dev/T4883 , as you said FRR staticd don't allow this option but it could be useful when we have different mtu over the interface.

Could we use something like Dannil proposes? https://vyos.dev/T4883 , as you said FRR staticd don't allow this option but it could be useful when we have different mtu over the interface.

Cannot reproduce it with this configuration (VyOS 1.4-rolling-202302280651, don't have a lot of file descriptors):

set protocols bfd peer 192.0.2.5 multihop
set protocols bfd peer 192.0.2.5 source address '192.0.2.1'
set protocols bfd peer 192.0.2.6 multihop
set protocols bfd peer 192.0.2.6 source address '192.0.2.1'
set protocols bfd profile BBR interval multiplier '3'
set protocols bfd profile BBR interval receive '350'
set protocols bfd profile BBR interval transmit '350'

The thing is, we don't use iproute2 commands for adding a route. We use FRR staticd for it. As an exception failover route that uses iproute2 commands
FRRouting 8.4.2 doesn't have such option

r14(config)# ip route 192.0.2.1/32 203.0.113.1 
  <cr>         
  (1-255)      Distance value for this route
  INTERFACE    IP gateway interface name
     dum0 eth0 eth1 eth2 lo veth0 veth1 wg0 
  Null0        Null interface
  color        SR-TE color
  label        Specify label(s) for this route
  nexthop-vrf  Specify the VRF
  table        Table to configure
  tag          Set tag for this route
  vrf          Specify the VRF

show vpn ipsec remote-access shows only accel-ppp l2tp, pptp https://github.com/vyos/vyos-1x/blob/current/src/op_mode/show_vpn_ra.py

Add another feature that is improved if we're thinking of moving to KEA :

PR:
https://github.com/vyos/vyos-1x/pull/1862

Currently digging through a bug with ocserv upstream maintainers, might get a 1.1.7 once we fix that or atleast a 1.1.6-4.
Aside from the weird Duo+RADIUS thing, the version noted in this issue currently runs great.

My Xbox One game console is set to use "automatic" settings regarding both port selection and forwarding (via UPNP), and in doing so it chose port 54060 on my LAN (and has been distributed the IP address 172.23.217.102 from my DHCP server — which is not VyOS, by the way).

A few issues I'm encountering while trying to test it right now:

PR for 1.3 https://github.com/vyos/vyos-build/pull/316

For 1.4

vyos@r14# run show version all | match ocser
ii  ocserv                               1.1.6-3                          amd64        OpenConnect VPN server compatible with Cisco AnyConnect VPN
[edit]
vyos@r14#

@Nova_Logic Is this bug still active?

It still requires testing
who can test if this feature works as expected?

@zsdc Can we close it?

PR https://github.com/vyos/vyos-1x/pull/1860

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1859

Done in T4014

In T4917#140304, @Viacheslav wrote:

In T4917#140239, @b- wrote:

Thanks! That’ll help me with what I’m working on :)From where does this limitation originate, anyway? Is there a way to at least add . to the acceptable characters list, so as to allow for foo.sh?  Would that break something that expects to skip over filenames with dots and other characters?

Not sure exactly but it seems this part of code https://github.com/vyos/vyatta-cfg/blob/ec568ce7b432acda01f9639afb509287a0e3d760/src/commit/commit-algorithm.cpp#L846

@lue30499 T4997 was merged, so the script I put above (which adds/updates a firewall group for the DHCP IP of any DHCP-enabled interfaces) can now be installed on an official build of 1.4-rolling!

PR using list_interfaces from vyos-utils:

Openconnect

[edit]
vyos@r14# set vpn openconnect network-settings push-route 100.64.22.0/24
[edit]
vyos@r14# commit
[ vpn openconnect ]
/usr/libexec/vyos/conf_mode/vpn_openconnect.py:32: DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13
  from crypt import crypt, mksalt, METHOD_SHA512

As a temporary workaround, I use the script below. For some reason /etc/rc.local no longer runs automatically on VyOS 1.3.2, so I run it manually after each reboot for now. Until it is run, Phicomm routers keep disconnecting due to failed IPV6CP negotiation incorrectly triggering complete PPPoE session termination. I have two PPPoE servers at different locations for redundancy, both rebooting at the same time is very unlikely, so I can live with it for now.

thank you, yes updating to latest 1.4 rolling has resolved the issue, pls feel free to close this task as duplicate to https://vyos.dev/T4907