According to firewall-version.xml.i, the firewall config version was not updated to 12. Was this intentional?

@Viacheslav My addition of the onlink option is really brute-force, applied blindly to everything just to see if that was a solution and give you more information. I do not think my "fix" is really ready for a PR.

@giuavo I didn't test "default route", only regular routes for some prefixes, and it worked.
Could you create a PR?

PR https://github.com/vyos/vyos-1x/pull/2453

Tested in 1.3. Everything works

Tested in 1.5

Backport to 1.4 https://github.com/vyos/vyos-1x/pull/2449

It's fixed in 1.5-rolling-202311060023 but the bug is still present in 1.4.

I would mainly want to log new conntrack entries for various reasons.

it's not a bug, this command are able in ospf :

@devon

after merge this ldp bug fixed , I saw that now it's already working . Could you check it ? I've tested on a lab and it seems to work :

I’m also seeing this error after the update to 1.3.4

That looks better:

        chain VZONE_LOCAL_OUT {
                oifname "lo" counter packets 387 bytes 33672 return
                oifname "bond0.40" counter packets 14 bytes 496 jump NAME_LOCAL_TO_ALL
                oifname "bond0.40" counter packets 0 bytes 0 return
                oifname "bond0.70" counter packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
                oifname "bond0.70" counter packets 0 bytes 0 return
r packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
                oifname { "bond0.7", "bond0.30", "bond0.90", "bond0.88" } counter packets 0 bytes 0 return
                oifname { "eth0", "pppoe0", "eth1.281" } counter packets 3 bytes 180 jump NAME_LOCAL_TO_ALL
                oifname { "eth0", "pppoe0", "eth1.281" } counter packets 0 bytes 0 return
                oifname "bond0.80" counter packets 2 bytes 80 jump NAME_LOCAL_TO_ALL
                oifname "bond0.80" counter packets 0 bytes 0 return
                oifname { "bond0.1", "podman-cntr-net" } counter packets 2 bytes 128 jump NAME_LOCAL_TO_ALL
                oifname { "bond0.1", "podman-cntr-net" } counter packets 0 bytes 0 return
                oifname { "wg0", "vti0", "vtun0", "podman-ts-net" } counter packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
                oifname { "wg0", "vti0", "vtun0", "podman-ts-net" } counter packets 0 bytes 0 return
                counter packets 0 bytes 0 drop comment "zone_LOCAL default-action drop"
        }

tested /resolved

Does anyone knows real scenario where permanently storing/saving this logs are required?
Yes, this feature is not working on 1.4, neither on 1.5
But I can't think on a real case where this logs are needed. I know that keeping information of NAT for certain ISP is mandatory due lo legal requirements. But writing a log entry for every conntrack status change seems like it will flood logs, and may consume more resources than expected.
With usage of netflow/slflow, maybe this required information can be obtained in the netflow collector, and do not increase load on vyos router.

It seems to be the difference between the vyos version build in the Dockerfile of librtr-dev and the Debian librtr-dev version (which works).

https://github.com/vyos/vyos-1x/pull/2442

Thanks, I'll wait for the merge and test the new iso ASAP.

PR: https://github.com/vyos/vyos-1x/pull/2441

If you add the librtr-dev to the docker build image and build FRR (with the docker build image) yourself it works:

$ git clone -b current --single-branch https://github.com/vyos/vyos-build.git
$ cd vyos-build
$ vi docker/Dockerfile
$ git diff
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 953ea4c..baeb232 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -345,6 +345,9 @@ RUN apt-get update && apt-get install -y \
       libnl-genl-3-dev \
       libxtables-dev

PR https://github.com/vyos/vyos-1x/pull/2440

Working on it! Thanks for the details!

Yup, VPN site to site authentication credentials are stored as "secret" hence the patch.

Do you have any example of in which context that exists?

In that PR, shouldnt also ifb* be included?

PR https://github.com/vyos/vyos-1x/pull/2436

@n.fort Unfortunately, I'm hitting an issue with traffic sent from the router itself.
Running 1.4-rolling-202311021131.
Interfaces eth0 and pppoe0 are WAN. Interfaces bond0* are LAN.
For example, running dig google.nl @9.9.9.9 from the VyOS CLI will fail. The kernel log says:

PR added...
https://github.com/vyos/vyos-1x/pull/2435

PR https://github.com/vyos/vyos-1x/pull/2434

set service snmp community public client '127.0.0.1'
set service snmp mib interface-max '25'
set service snmp mib interface 'eth'
set service snmp mib interface 'bond'

+1 for the other "virtual interfaces like lo, dummy, sstp. If such an interface is created - vyos.ifconfig library sets (or should set) all the appropriate sysctl stuff