PR https://github.com/vyos/vyos-1x/pull/902
PR https://github.com/vyos/vyos-documentation/pull/561

It seems that what I thought is true:

could this help https://patchwork.ozlabs.org/project/netfilter-devel/patch/776b8819c85c83088478b933a35691133055347a.1430733932.git.daniel@iogearbox.net ?

as I wrote on slack, from my point of view it is a kernel problem. It seems that the conntrack in the kernel detects the packets eben if they come in on an input interface in default and so
the nat code won'T match cause for conntrack the outgoing interface is still eth0 which is in vrf OOBM instead pppoe0.

Hi ruben,

upgraded to 1.4-rolling-202106290839 but still not working for my setup...

Is it worked in 1.3/1.2?

Hello @joeudes , it looks like without enabled ppp-option ipv6 it should not work

set service pppoe-server ppp-options ipv6 allow

the new build is already available. I am unsure if this works or is even supported by FRR.
Please consult FRR manual and try configuring this manually from vtysh.

@Viacheslav it is reproducible in 1.2.7

vyos@vyos:~$ touch file1
vyos@vyos:~$ touch file2
vyos@vyos:~$ touch file3
vyos@vyos:~$ ls
file1  file2  file3
vyos@vyos:~$ reset vpn remote-access user 
Possible completions:
  file1         Terminate specified user's current remote access VPN session(s)
  file2
  file3

looking at your configuration I see you set the neighbor using the interface name.
But in that case how does FFR know which IP address to connect to initiate a BGP session? Works in passive mode only?

PR is in: https://github.com/vyos/vyos-1x/pull/901

Bug confirmed and fixed,

I haven't access to the Cisco one because that is configured by another provider:

Should I hold out any hope for this to be implemented? Still willing to help test and do whatever I can to get this in.

I should soon have a PR ready for this, including an update to IPSec config to show how to port existing configs to use PKI.

I like the design!

In T3657#97243, @c-po wrote:

I wonder why you use ebgp multihop wirh link local addresses?

I used it only for testing (but this command increment ttl in two).

even if FRR manual states the deprecation notice, we have our own layer of abstraction and will deal with it once it is required.
For the time beeing, I just checked the commands (using tab completion).

In T3657#97243, @c-po wrote:

Also FRR manual states:

When you connect to a BGP peer over an IPv6 link-local address, you have to specify the IFNAME of the interface used for the connection. T

Please try set protocols bgp neighbor <addr> interface eth1

For 1.2.7 it adds unexpected multicast group per "save"
Configs for reproduce:

I wonder why you use ebgp multihop wirh link local addresses?

To reproduce (VyOS 1.3-beta-202106271614):

Verified working in GNS3 on 1.3.0-rc4. Note that /var/lib/dhcpv6/dhcp6c_duid is not used if send client-id is configured.

Parent Task: https://phabricator.vyos.net/T2816

I add an extra commentary , it is config on FRR:

As requested the config{F1499926}

I have tried one more scenario:

Hi, any updates on this?

Doesn't work, VyOS 1.4-rolling-202106271939

What would be the "full set" up supported characters? If I remember correctly this regex is inherited from VyOS 1.1

Please share your Cisco and VyOS config, and also the Cisco router Model/Version

For RPS, we maybe can adapt https://github.com/bhuanand/rps-rfs-configuration to VyOS?

When using show pki ... commands you would be able to see the relation between certificates and CAs.