I just check and on version: vyos-1.4-rolling-202205310217 is still missing :(

We've added this feature in our latest nightly building release, could you check it ?

Has any progress on this been made? I am still having this issue on 1.4-rolling-202205250217.

PR for op-mode importing existing PKI files into config: https://github.com/vyos/vyos-1x/pull/1343

PR: https://github.com/vyos/vyos-1x/pull/1342

This vm started out with 4G of memory and 2CPUs; I doubled quickly everything when I hit the out of memory error the first time, but that didn't help. I can quickly install the latest rolling and test

PR: https://github.com/vyos/vyos-1x/pull/1339

Yes, you error with "root" user is a known issue: T4281.

Reset added in T4442

Currently dealing with some minor FRR issues:

I've debugged this further, by breaking up my configuration into various sections (system, interfaces, firewall,nat,service,vpn etc) and running them on a new VM.

Still not much luck here. But I've let the boot run a bit longer, and notice the following:

@fernando Could you try to set sysctl mark?

sysctl -w net.ipv4.conf.eth0.src_valid_mark=1
sysctl -w net.ipv4.conf.eth1.src_valid_mark=1

PR https://github.com/vyos/vyos-1x/pull/1340

set service event-handler event first filter pattern '.*ssh2.*'
set service event-handler event first script arguments '192.0.2.5'
set service event-handler event first script environment interface value 'eth0'
set service event-handler event first script path '/config/scripts/hello.sh'

The current salt-minion version 3003.4+ds-1
@maznu Do we need anything else for it?

PR https://github.com/vyos/vyos-1x/pull/1338

Okay, thats the only rule where I was using a port-group combined with protocol all; the others that use protocol all dont have a port or port group in the rule, so they are okay?

PR for 1.4 Sagitta branch https://github.com/vyos/vyos-1x/pull/1337

Works on my setup

In T1230#123939, @panachoi wrote:

1.4 rolling does not help me, so there must be something "wrong" with my configuration. I've attached the private config, it would be awesome if someone might find what's broken.

private.cfg127 KBDownload

For a better analysis, can you share your firewall and nat config without hidden data? You can send it to my email: n.fort@vyos.io

PR for 1.3 equuleus branch https://github.com/vyos/vyos-1x/pull/1336

1.4 rolling does not help me, so there must be something "wrong" with my configuration. I've attached the private config, it would be awesome if someone might find what's broken.

@panachoi , for me moving to 1.4 rolling release did the trick. Boot times went from > 10 mins in 1.2 to 2-3 minutes in 1.4. Hope that helps

Some debug info:

@panachoi If you can share the anonymized config that works in 1.2.8 that would be useful. I'd expect migrating to 1.4 to see a decent improvement in firewall load times.

I'm still having issues moving past anything higher than 1.2.8. Booting 1.2.8 looks thusly:

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1335

PR:
https://github.com/vyos/vyos-1x/pull/1334

I'm trying to think what could have a 110 minute timer and the only think I can think of is the DHCP lease time:

May 26 05:58:49 rtr dhclient-script-vyos[7261]: No changes to apply via vyos-hostsd-client
May 26 05:58:49 rtr dhclient[7216]: bound to 72.81.238.169 -- renewal in 3075 seconds.

I just caught it again. Same logs line up with my continuous ping.