PR https://github.com/vyos/vyos-1x/pull/1044

WIll be added in the next rolling release, @johannrichard could you test it?

PR https://github.com/vyos/vyos-1x/pull/1042

PR https://github.com/vyos/vyatta-op-vpn/pull/28

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1039

To reproduce:

[edit vpn sstp]
vyos@r4-epa1# compare 
[edit vpn sstp]
+authentication {
+    local-users {
+        username foo {
+            password bar
+        }
+    }
+    mode local
+}
+client-ipv6-pool {
+    prefix 2001:db8::/48 {
+    }
+}
+gateway-address 192.168.122.14
+ssl {
+    ca-cert-file /config/user-data/sstp/ca.crt
+    cert-file /config/user-data/sstp/server.crt
+    key-file /config/user-data/sstp/server.key
+}
[edit vpn sstp]
vyos@r4-epa1# commit
[ vpn ]
Note: the IPsec process will not start until you configure some tunnels, profiles, or L2TP/IPsec settings

It uses PKI.

PR https://github.com/vyos/vyos-1x/pull/1038

PR https://github.com/vyos/vyos-1x/pull/1037

PR https://github.com/vyos/vyos-1x/pull/1036

Smoketest can't read configuration file /run/ddclient/ddclient.conf
https://github.com/vyos/vyos-1x/blob/1d89e5196611f06bc1d0f925fc2ac1cb4a5536ec/src/conf_mode/dynamic_dns.py#L134-L135

PR https://github.com/vyos/vyos-1x/pull/1035

May be an upstream bug, possible fixed in https://github.com/acassen/keepalived/commit/2f1024d382783742df0e5c3dd705596f958b77b5
and https://github.com/acassen/keepalived/commit/5681838ac21de25b935632c5ec41569f79b48c19

PR https://github.com/vyos/vyos-1x/pull/1034

To disable shared-network at least one shared network should be working. The second can be disabled without issues.

PR https://github.com/vyos/vyos-1x/pull/1031

An interesting thing that I get the error with that configuration:

As an option it is possible this workaround:
Install tshark and use this script https://george.mibloving.net/nivex/d6rm/raw/commit/701d49cce3a308aed0c3d89d47be7601178ea4c4/d6rm.py

All subnets that share the same physical network should be declared within a shared-network declaration

Oct 18 22:24:01 r1-roll dhcpd[4985]: Interface eth2 matches multiple shared networks

@mickvav You can use &quot. Can you re-check it?
Tested on node VyOS 1.4-rolling-202110130217

As I know, iptables works only in UTC time. And any workaround with recalculate Datetime will be affected incorrect behavior.

As for me we shouldn’t allow to downgrade images. So there are no “downgrade migration scripts”. Each downgrade - good point to get a brick.
At least we should generate a warning.

PR for "crux": https://github.com/vyos/vyos-1x/pull/1029

@artooro Will be available in the next rolling release
Let us know, if you want some other capabilities

PR https://github.com/vyos/vyos-1x/pull/1027

Maybe be added to gether with T1229

@maznu Can you create a PR?

Initial bug was Fixed, VyOS 1.4-rolling-202110130217

vyos@r1-roll# compare 
[edit container]
+name dns02 {
+    image ubuntu:focal
+    network dnsnet {
+        address 10.0.72.253
+    }
+}
+network dnsnet {
+    prefix 10.0.72.0/24
+}
-network net01 {
-    prefix 10.0.72.0/24
-}

@c-po Is it already implemented with commit https://github.com/vyos/vyos-1x/commit/ae2dc55aa68679e828d4bb133fc515172c081d0f ?

Fixed, VyOS 1.4-rolling-202110130217

vyos@r1-roll:~$ show nat source rules 
Rule       Source                                             Translation                                        Outbound Interface
----       ------                                             -----------                                        ------------------
3          192.168.0.0/24                                     masquerade                                         eth0

As for me, it should be configured in the global firewall log level, not per rule.

set firewall log-level x

PR https://github.com/vyos/vyos-1x/pull/1026

PR https://github.com/vyos/vyatta-cfg-system/pull/170