Currently digging through a bug with ocserv upstream maintainers, might get a 1.1.7 once we fix that or atleast a 1.1.6-4.
Aside from the weird Duo+RADIUS thing, the version noted in this issue currently runs great.

My Xbox One game console is set to use "automatic" settings regarding both port selection and forwarding (via UPNP), and in doing so it chose port 54060 on my LAN (and has been distributed the IP address 172.23.217.102 from my DHCP server — which is not VyOS, by the way).

A few issues I'm encountering while trying to test it right now:

PR for 1.3 https://github.com/vyos/vyos-build/pull/316

For 1.4

vyos@r14# run show version all | match ocser
ii  ocserv                               1.1.6-3                          amd64        OpenConnect VPN server compatible with Cisco AnyConnect VPN
[edit]
vyos@r14#

@Nova_Logic Is this bug still active?

It still requires testing
who can test if this feature works as expected?

@zsdc Can we close it?

PR https://github.com/vyos/vyos-1x/pull/1860

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1859

Done in T4014

In T4917#140304, @Viacheslav wrote:

In T4917#140239, @b- wrote:

Thanks! That’ll help me with what I’m working on :)From where does this limitation originate, anyway? Is there a way to at least add . to the acceptable characters list, so as to allow for foo.sh?  Would that break something that expects to skip over filenames with dots and other characters?

Not sure exactly but it seems this part of code https://github.com/vyos/vyatta-cfg/blob/ec568ce7b432acda01f9639afb509287a0e3d760/src/commit/commit-algorithm.cpp#L846

@lue30499 T4997 was merged, so the script I put above (which adds/updates a firewall group for the DHCP IP of any DHCP-enabled interfaces) can now be installed on an official build of 1.4-rolling!

PR using list_interfaces from vyos-utils:

Openconnect

[edit]
vyos@r14# set vpn openconnect network-settings push-route 100.64.22.0/24
[edit]
vyos@r14# commit
[ vpn openconnect ]
/usr/libexec/vyos/conf_mode/vpn_openconnect.py:32: DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13
  from crypt import crypt, mksalt, METHOD_SHA512

As a temporary workaround, I use the script below. For some reason /etc/rc.local no longer runs automatically on VyOS 1.3.2, so I run it manually after each reboot for now. Until it is run, Phicomm routers keep disconnecting due to failed IPV6CP negotiation incorrectly triggering complete PPPoE session termination. I have two PPPoE servers at different locations for redundancy, both rebooting at the same time is very unlikely, so I can live with it for now.

thank you, yes updating to latest 1.4 rolling has resolved the issue, pls feel free to close this task as duplicate to https://vyos.dev/T4907

@Hazza06 https://github.com/vyos/vyos-1x/commit/09be3e86f2171e8b090fd3270ce05ae67ade58ec T4907

I'd be happy to test anything that implements this. Previously, I (judging from the forum, I'm not the only one) using this EdgeOS-BL-Mgmt with 1.3.x.

are you saying this has been fixed in just the last 2 months ? i reported this on 1.4-rolling-202212280917

There is missed the command tc qdisc add dev eth0 handle ffff: ingress

vyos@r14# tc qdisc show dev eth0
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
[edit]
vyos@r14# 
[edit]
vyos@r14# tc filter add dev eth0 parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
[edit]
vyos@r14#

Try the latest rolling release

PR https://github.com/vyos/vyos-1x/pull/1853

vyos@r14:~$ generate public-key-command user foo path https://github.com/xxxxx.keys
# To add this key as an embedded key, run the following commands:
configure
set system login user foo authentication public-keys github@39e9c9ba-408d-4b4b-9aa6-d07f531285bf key xxxxx
set system login user foo authentication public-keys github@39e9c9ba-408d-4b4b-9aa6-d07f531285bf type ssh-rsa
set system login user foo authentication public-keys github@4732d9b0-4bc5-47d1-9028-0e68348a932f key xxxxx
set system login user foo authentication public-keys github@4732d9b0-4bc5-47d1-9028-0e68348a932f type ssh-rsa
set system login user foo authentication public-keys github@a93a85ba-5b63-4c3a-a589-2e82da7c8f1f key xxxxx
set system login user foo authentication public-keys github@a93a85ba-5b63-4c3a-a589-2e82da7c8f1f type ssh-rsa
commit
save
exit
vyos@r14:~$

Yes, apparently so from GitHub.

Do those keys always without an "identifier"?
I mean foo@localhost

ssh-rsa AAA....

Hello - I upgraded to the latest rolling release (1.4-rolling-202302250317), and it appears to be working. I am able to login with a radius account successfully. Thank you for your efforts! I see in you PR's above, the second link is to change the shell from "bash" to "vbash". It appears once I login with a radius privileged account, the shell continues to default to "bash":

including information about Netopee2/sysrepo services, how to integrate it with FRR, where we can utilize the advantages netconf/yang :