The same bug was with ipoe-server https://vyos.dev/T5283
It is the actual address x.x.x.0 for UNIX devices and PPP interfaces, but it could be issue work Windows clients
There is a simple fix https://github.com/vyos/vyos-1x/commit/8a79769bf447cb18d456f061afd6a7997b8264f8

Which version?
Which tested config? Which generated config?
It would be more clear if you provided tangible examples.

Duplicate of the task https://vyos.dev/T4502
And there also a PR https://github.com/vyos/vyos-1x/pull/2062
It is waiting for merging firewall refactoring

You skip this warning and delte version number line

// Warning: Do not remove the following line
// vyos-config-version: "bgp@4:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-dynamic@1:dns-forwarding@4:firewall@10:flow-accounting@1:https@4:ids@1:interfaces@29:ipoe-server@1:ipsec@12:isis@3:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@2:openconnect@2:ospf@2:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@11:rip@1:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@26:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
// Release version: 1.4-rolling-202307090317

Conntrack should be disabled by default https://vyos.dev/T5080

It is not a bug.
It is the implementation of TACACS authentication https://github.com/vyos/vyos-1x/pull/2038
https://github.com/vyos/vyos-1x/blob/fa07179ae7f1dc07e6ccc1b20d2b81384b6efe07/debian/vyos-1x.postinst#L47-L52

There is this line in the code https://github.com/vyos/vyos-1x/blob/688755a988e233e221bf920e391e35d5ddc9cb56/src/op_mode/show_ntp.sh#L21

@jvoss Add the PR, please
Thanks.

Try to add no_tag_node_value_mangle there https://github.com/vyos/vyos-1x/blob/20b7155f4140f54cf7669256160b6fedd8c1ab7a/src/conf_mode/protocols_static.py#L50

@dongjunbo It requires more tests and reviews

Do you have any idea for the CLI?

Proposed syntax one of them

set system option time-format 12|24
set system option time-format 12-hour|24-hour
set system option time-format us|gb

Actually, it should configure:

sudo localectl set-locale LC_TIME="en_GB.UTF-8"
sudo localectl set-locale LC_TIME="en_US.UTF-8"

Maybe it is the wrong way. I think it shouldn't touch anything in the disable state.

PR https://github.com/vyos/vyos-1x/pull/2105

set system sflow interface 'eth0'
set system sflow interface 'eth1'
set system sflow server 127.0.0.1

Actualy is just exports TMOUT option per login

In T5364#153398, @troggie wrote:

In T5364#153397, @Viacheslav wrote:

I'm wondering about the syntax
Will it be enough?

set service pppoe-server pado-delay 0

I think we should include the sessions incase there multiple PPPOE services and people want to spread the load across multiple devices?
Or maybe an option to allow without sessions as well as allow with sessions - make the system versatile ?

I'm wondering about the syntax
Will it be enough?

set service pppoe-server pado-delay 0

Will be fixed in the next rolling release.

PR https://github.com/vyos/vyos-1x/pull/2102

In T5363#153177, @Apachez wrote:

I think this should be configured through a config option if bash-history should be retained or not (by default it shouldnt for regular users and equal to root).

It can for security reasons be argued that history should only exist in current session but when user logs out it should be removed.

This way in a multiuser environment one user cannot steal potential sensitive data from another user.

If security logging (what a particular user have done to the system when logged in) is needed this should be done remotely through syslog or similar.

Something wrong with this template https://github.com/vyos/vyos-1x/blob/d2540ac4c6fc05991b18cf0e2434fbb6d5f3c2cf/data/templates/lldp/vyos.conf.j2#L7

It should be configurable as an option but not by default.

It is not fully implemented.
You have to set the URL to a JSON file with System versions, which not exists for now (there is no permanent URL for it), so it will be in the future developments.

FRR does not support it
Allows only full multicast table

r11# clear ip 
...
  mroute       IP multicast routing table

https://github.com/vyos/vyos-1x/blob/d2540ac4c6fc05991b18cf0e2434fbb6d5f3c2cf/src/init/vyos-router#L327
https://github.com/vyos/vyos-1x/blob/d2540ac4c6fc05991b18cf0e2434fbb6d5f3c2cf/src/conf_mode/system-login.py#L392-L393

PR https://github.com/vyos/vyos-1x/pull/2101

Fixed with enabling offloads https://vyos.dev/T3619

vyos@r14# set interfaces ethernet eth0 offload 
Possible completions:
   gro                  Enable Generic Receive Offload
   gso                  Enable Generic Segmentation Offload
   lro                  Enable Large Receive Offload
   rfs                  Enable Receive Flow Steering
   rps                  Enable Receive Packet Steering
   sg                   Enable Scatter-Gather
   tso                  Enable TCP Segmentation Offloading

It possible with

set protocols bgp 65001 parameters default no-ipv4-unicast

It seems to work fine (VyOS 1.4-rolling-202307120317).

vyos@r14# set interfaces ethernet eth1 description 123
[edit]
vyos@r14# commit
[edit]
vyos@r14# compare 1
[interfaces ethernet eth1]
+ description "123"

Updated link https://github.com/vyos/vyatta-cfg-quagga/blob/2fa0f52e45f4491b760cf03e72c871020492dfb7/templates/protocols/ospf/passive-interface/node.def#L29-L35

We will not update FRR to 8.x for 1.3 LTS releases.

PR https://github.com/vyos/vyos-1x/pull/2084

@trae32566 Thanks I can confirm it is a bug with using commit-archive location, there is a separate task https://vyos.dev/T5348
Thanks

In T775#151897, @trae32566 wrote:

@Viacheslav I'm not sure why, but it appears that after doing this, there is high CPU usage on the secondary side, and eventually it stops responding entirely (bgp sessions go down, no response to anything via icmp) and has to be hard reset; it won't even respond to a console login attempt:

This makes me think something in my firewall configuration is making it unhappy. I can paste my full firewall config somewhere if you'd like, but I'd prefer if it's not public for security reasons (is email fine?).

In T775#151894, @trae32566 wrote:

@Viacheslav I think that fixed it...sorta. It looks like now it does sync successfully, though it appears to time out after awhile for some reason:

trae@cr01a-vyos:~$ configure
[edit]
trae@cr01a-vyos# set firewall name INT_TO_LOCAL rule 80 destination address 192.168.253.2-192.168.253.3                                                                                                                                                                                                                    
[edit]
trae@cr01a-vyos# commit
INFO:vyos_config_sync:Config synchronization: Mode=load, Secondary=cr01b-vyos.int.rtr.trae32566.org

An error occurred: HTTPSConnectionPool(host='cr01b-vyos.int.rtr.trae32566.org', port=443): Read timed out. (read timeout=60)
ERROR:vyos_config_sync:An error occurred: HTTPSConnectionPool(host='cr01b-vyos.int.rtr.trae32566.org', port=443): Read timed out. (read timeout=60)

That being said, it does appear to have set the config on the other side:

trae@cr01b-vyos# show firewall name INT_TO_LOCAL rule 80
 action accept
 description "API access"
 destination {
     address 192.168.253.2-192.168.253.3
 }
 protocol tcp
 source {
     address 192.168.253.2-192.168.253.3
 }
trae@cr01b-vyos# cat /var/log/nginx/access.log 
fd52:d62e:8011:fffe::2 - - [09/Jul/2023:09:54:23 -0500] "POST /configure-section HTTP/1.1" 200 80 "-" "python-requests/2.28.1"
fd52:d62e:8011:fffe::2 - - [09/Jul/2023:09:55:25 -0500] "POST /configure-section HTTP/1.1" 499 0 "-" "python-requests/2.28.1"

Also, If it's any easier / you'd prefer I can set up a Webex or something.

@trae32566 Thanks, could you change one file and comment on one check?

sudo nano -c +140 /run/scripts/commit/post-hooks.d/vyos_config_sync

Set comment

# Config sync only if sections changed
#if not any(map(is_section_revised, sections)):
#    return

@trae32566 Which version on the remote site?

@trae32566 Try the same with ip address, I tested with IPv4 addresses

Check if it exists in the kernel.

zcat /proc/config.gz | grep PARPORT

@Apachez Thanks!

There are several layouts

se-fi-ir209
se-fi-lat6
se-ir209
se-lat6