Due to the limited ability to open a pull request on the linux kernel's github repository, I had to submit the patch to netfilter maintainers team by email.

@linuxludo Can you share a link?

It seems to be a BUG in netfilter conntrack module with GRE protocol over IPv6.
I patched the conntrack module and it now works as expected.
I just submit this patch to the netfilter maintainers.
Wait & See...

I've had this bite me a few times now as well, but I wasn't able to pin it down before to being a bug.

Please retest with the latest 1.4 rolling version. TTL can now be set.

It seems it some upstream issue

vyos@r-roll01# sudo ip tunnel add tun22 mode gre local 203.0.113.1 remote any 
[edit]
vyos@r-roll01# sudo ip tunnel change tun22 mode gre local 203.0.113.1 remote 203.0.113.254
add tunnel "tun22" failed: Invalid argument
[edit]
vyos@r-roll01#

For 1.4 the same fail
Config

set interfaces tunnel tun1 address '10.20.30.1/30'
set interfaces tunnel tun1 encapsulation 'gre'
set interfaces tunnel tun1 source-address '192.168.122.11'
set interfaces tunnel tun1 multicast 'disable'
commit
set interfaces tunnel tun1 remote 192.168.122.12
commit

Updated PR
I replace raw dhcpv6 global-parameters with leafNode.

Looks like it is not possible using udev: https://stackoverflow.com/questions/40676914/how-to-set-up-a-udev-rule-for-eth-link-down-link-up

@FileGo will be fixed in the next rolling release.

PR https://github.com/vyos/vyos-1x/pull/757

To reproduce, add one tunnel

I think it related T2651

ipsec policys, policy prefix-lists,

Additional info: it seems not to show any tunnel interfaces.

PR https://github.com/vyos/vyos-1x/pull/756

Works great, interface remains disabled on boot, as configured.

It seems a bug with your configuration. It is incorrect.

This seems to also happen with setting dhcpv6 as well.

I vote for option 1.

This also happens if you delete ipv6 address autoconf and commit. Where it will drop all IP addresses besides the target interface's.

Please retest using the latest ISO image, fix is in there

It used different scripts in 1.3 and 1.4.
show interfaces => run: ${vyos_op_scripts_dir}/show_interfaces.py --action=show-brief
show interfaces vrrp => run: ${vyatta_bindir}/vyatta-show-interfaces.pl --vrrp --action=show-brief

Giving the nature of the nesting of node.def files and their execution pattern this can not be fixed in 1.2.

Frr doesn't provide such option for ipv4, only for ipv6

It does not work when established / invalid rules are at the top of the access list in any order. This works if the invalid state rule is positioned after the GRE rule, but this is not an expected behavior.

Try to place that rule after established, for example, number 25

Duplicate T3349

Update pr

remote.py declaring support for TFTP and HTTP(S) might complicate things further. Since it's only for downloading, the latter shouldn't be too complicated to handle with urllib but if we need HTTP(S) uploading capabilities, an external library like requests would be preferable. As for TFTP, there's no support for it in the standard library, but instead of pulling in a third-party library for TFTP alone, we can just write an ad hoc wrapper for curl dedicated to TFTP. It wouldn't be as complicated since TFTP has no form of authentication so there's no need to worry about host keys and such.

I will try the latest

Yes, sure. It will work only if one vlan-id defined, e.g. if you configure a couple vlan-id you will get wrong syntax"

set service pppoe-server interface eth1 vlan-id '50'
set service pppoe-server interface eth1 vlan-id '60'

In generated config

vlan-mon=eth1,50,60
interface=eth1.50,60

Expected:

vlan-mon=eth1,50,60
interface=eth1.50
interface=eth1.60

PR https://github.com/vyos/vyos-1x/pull/755
@Dmitry Can you check/review PR?

Good job! I think there exists one remark. If we set set service pppoe-server interface eth1 vlan-id '50' that means you want to listen to pppoe client on eth1.50, but in config you have

vlan-mon=eth1,50
interface=re:eth1\.\d+

e.g. eth1\.\d+ mean all vlans in eth1, even eth1.50.50.50 will fit for this regular expression
I propose do not to use a regular expression for vlan-id, as an example:

1. set service pppoe-server interface eth1 vlan-id '50'

vlan-mon=eth1,50
interface=eth1.50

Yes, agree it works by show interfaces vrrp, but behavior in 1.2.x also displayed VIP by command show interfaces
I think this is a bug and need to fix it.

https://github.com/vyos/vyos-build/pull/150

https://github.com/vyos/vyos-build/pull/149

You can use <x.x.x.x>-<x.x.x.x>
Or you need "multi" addresses not in "range"? Something like

set nat destination rule 5 translation member 203.0.113.1
set nat destination rule 5 translation member 203.0.113.14
set nat destination rule 5 translation member 203.0.113.240