https://github.com/vyos/vyos-1x/pull/800

Looks like that is actually working.

Oops, I did not see that. Thanks.

I modified bgp.frr.tmpl, but systemctl restart vyos-configd did not seem to do anything. Rebooting the router produces the correct config:

@linuxludo thanks for the heads-up - should be fixed in the next bugfix version of 5.10 then which I regularely update VyOS to. See T3318

We probably should move the following statement https://github.com/vyos/vyos-1x/blob/current/data/templates/frr/bgp.frr.tmpl#L362-L364

Just for your information.
The patch was added to kernel 5.4, 5.10 and 5.11.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/

If you add neighbor/commit and after that commit adding "set protocols bgp parameters default no-ipv4-unicast" it can not be accepted. Because neighbor was added before this command.
Re-create neighbor and commit. And check again.

When on VyOS 1.4 please use the show bgp ipv6 command as exposed by FRR. The show ip bgp command is only kept as not all options from show ip bgp are exposed in FRR under the show bgp ipv4 tree.

You can't/don't need to set local-as for neighbor [ if neighbor local as == your global asn ]
Can you send a code error?

I don't understand how DHCP relays work, esp in a pfsense environment. Not worth looking at this.

Fixed. 1.2.7, VyOS 1.3.0-rc3, VyOS 1.4-rolling-202104041918

I wonder if this used to work in the past?

@maznu @Merijn Can you test the latest rolling 1.4 release?
It should be fixed.
You can kill ripd/ripng/ospfd/bgpd/isisd daemons or allow it for watchfrr.

Turns out this is not a VyOS limitation but is a Linux Kernel/iproute2 limitation.

Fixed via https://github.com/vyos/vyatta-cfg-firewall/pull/21

This bug also persists in VyOS 1.2.7

The same with "policy" /usr/libexec/vyos/tests/config/dialup-router-medium-vpn

To reproduce it add firewall and attach it to interface

Usually on delete, the firewall should be detached from the interface first as the logic should go from the highest priority to the lowest one.

It is a priority for configurations
When the system load, the firewall should have configuration, and after configuration is applied to the interface.
So I think we can't delete it in one commit, it tried to delete the firewall before detaching the firewall from the interface.

So I finally stopped being lazy and got VyOS in to GNS3. As with our production routers MPLS remains off after restarting with either 1.3-rolling-202104021041 or 1.4-rolling-202104022042 for VLAN sub interfaces. Ethernet parent interfaces have their mpls state managed correctly.

It seems fixed for rolling release 1.4 because soft has been moved to FRR7.5.1
Of course it is not fixed for rolling release 1.3 (and as I understand won't be) due to FRR7.3.1

@syncer
Sorry to dredge up an old bug, but I believe I've hit this today on 1.2.7-LTS myself. Per @zsdc's original description, It seems that when you configure:

Added minisign package https://github.com/vyos/vyos-build/tree/current/packages/minisign and also included this in vyos-1x dependency list for crux, equuleus and current