I personally think the interface part is high-effort, low-gain since you can simply use the address of the interface to the same effect, whereas simply providing an interface will force it to decide which address to use on dual-stack systems. It needs to pick between AF_INET and AF_INET6 when creating the socket before setsockopt()ing SO_BINDTODEVICE; although I think we can get away with doing what socket.create_connection() does. Even then, only the SFTP portion of the code directly uses socket — everything else relies on higher level libraries that only expose address and port options. (Also, using a single parameter for both addresses and interfaces is a bad idea, in my opinion, because it's probably more useful to resolve an FQDN string to an address rather than assume all strings are interfaces. But otherwise, we'd need to find a way to resolve conflict between address and interface parameters.) All in all, I don't think the interface parameter is a good idea at all but we'll see.

All parts completely backported to Equuleus.

I opened a new issue for this: T4090.

@m.korobeinikov Could you re-check it and close if necessary?

@ernstjo Do you have any news regarding this issue or should we close it?

@SrividyaA Could you re-check it?

PR https://github.com/vyos/vyos-1x/pull/1117

@daniil can you edit one file?

sudo nano -c +1308 /usr/lib/python3/dist-packages/vyos/ifconfig/interface.py

And replace string:

if not 'redirect' in self._config:

To string:

if not 'redirect' in self._config and not 'traffic_policy' in self._config:

save and reboot the router or just restart vyos-configd

sudo systemctl restart vyos-configd

I think this is the limitation with the Linux interface name, it should not be higher than 16 characters. In you config I see, as an example (bond0.995.130 = 13 chars and additional part .100 = 4) = 17
I know how we can fix it manually, but I'm not sure that it is a good idea.
Accel-PPP supports name changing for created interface by vlan_mon module

[pppoe]
vlan-name=e0.%P.%N
interface=re:^e0\.\d+\.\d+

you can try to change this manually (edit /run/accel-ppp/pppoe.conf) and restart pppoe-server

PR https://github.com/vyos/vyos-1x/pull/1116

@boevering Do you know how to reproduce it?

@Boman I don't see such issue:

vyos@r11-roll# set interfaces bridge br0 enable-vlan 
[edit]
vyos@r11-roll# set interfaces bridge br0 member interface eth2 allowed-vlan 1-4094
[edit]
vyos@r11-roll# 
[edit]
vyos@r11-roll# time commit

Confirmed working in 1.3.0 LTS.

I agree, when offloading is enabled, it is necessary to increase MTU for traffic policing.

@daniil Can you share an example of traffic-policy 1G?

PR https://github.com/vyos/vyos-1x/pull/1115

There is still another bug:

set nat destination rule 120 destination address '203.0.113.1'
set nat destination rule 120 inbound-interface 'eth0'
set nat destination rule 120 protocol 'tcp'
set nat destination rule 120 translation address '192.0.2.40'

PR https://github.com/vyos/vyos-1x/pull/1114

vyos@r11-roll:~$ show nat destination rules 
Rule       Destination                                        Translation                                        Inbound Interface
----       -----------                                        -----------                                        -----------------
100        port 3389                                          192.0.2.40 port 80                                 eth0      
vyos@r11-roll:~$

I'm going to do what I suggested.

@adestis thank you. This issue isn't critical. It's more for to improve the design and for convenience of our customers.
You can use /32 to add a host, but we have to have the opportunity to add hosts without masks.
For example, if you need to create a group consisting of 1000 (or more random hosts), it's more convenient to use configuration without masks.

@c-po I will check it!

@UnicronNL can you rechecknon todays rolling image? It behaved differently for me

I set the banners via set system login pre-login 'test' and/or set system login post-login 'test'
and then the banners are set. (and the default is overwritten)

Well deleting the login banner results in the "default" behavior as expected.

PR https://github.com/vyos/vyatta-cluster/pull/5

Similar problem:

There is a reason https://github.com/vyos/vyatta-cfg-vpn/blob/de19cb9b03b78c4e3da93e014764bb2400ffe8a6/scripts/vpn-config.pl#L34

@m.korobeinikov why not use network group with /32 host addresses ?

The custom banner is removed after the deletion operation. But it shows the default banner:

@Viacheslav found the source of the restriction:

It gives a different error when the translation port option is configured for both the source and destination nat:

submitted this PR: https://github.com/vyos/vyos-1x/pull/1112

Can also confirm that 1.3.0-epa3 is broken, so something must have changed between epa3 and 202112180443.

Tried 1.3-beta-202112180443, seems to be working as it should now.