@c-po It seems you only implement the "type bridge_slave neigh_suppress on"
And "type bridge_slave learning on" is not implemented in this PR.
Will you add this also?
Thank you

set protocols static neighbor-proxy arp 192.0.2.1 interface eth1

check

vyos@r4# sudo ip nei show proxy
192.0.2.1 dev eth1 proxy 
[edit]
vyos@r4#

It looks like maybe there’s just some op mode command changes.

According to firewall-version.xml.i, the firewall config version was not updated to 12. Was this intentional?

@Viacheslav My addition of the onlink option is really brute-force, applied blindly to everything just to see if that was a solution and give you more information. I do not think my "fix" is really ready for a PR.

@giuavo I didn't test "default route", only regular routes for some prefixes, and it worked.
Could you create a PR?

PR https://github.com/vyos/vyos-1x/pull/2453

Tested in 1.3. Everything works

Tested in 1.5

Backport to 1.4 https://github.com/vyos/vyos-1x/pull/2449

It's fixed in 1.5-rolling-202311060023 but the bug is still present in 1.4.

I would mainly want to log new conntrack entries for various reasons.

it's not a bug, this command are able in ospf :

@devon

after merge this ldp bug fixed , I saw that now it's already working . Could you check it ? I've tested on a lab and it seems to work :

I’m also seeing this error after the update to 1.3.4

That looks better:

        chain VZONE_LOCAL_OUT {
                oifname "lo" counter packets 387 bytes 33672 return
                oifname "bond0.40" counter packets 14 bytes 496 jump NAME_LOCAL_TO_ALL
                oifname "bond0.40" counter packets 0 bytes 0 return
                oifname "bond0.70" counter packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
                oifname "bond0.70" counter packets 0 bytes 0 return
r packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
                oifname { "bond0.7", "bond0.30", "bond0.90", "bond0.88" } counter packets 0 bytes 0 return
                oifname { "eth0", "pppoe0", "eth1.281" } counter packets 3 bytes 180 jump NAME_LOCAL_TO_ALL
                oifname { "eth0", "pppoe0", "eth1.281" } counter packets 0 bytes 0 return
                oifname "bond0.80" counter packets 2 bytes 80 jump NAME_LOCAL_TO_ALL
                oifname "bond0.80" counter packets 0 bytes 0 return
                oifname { "bond0.1", "podman-cntr-net" } counter packets 2 bytes 128 jump NAME_LOCAL_TO_ALL
                oifname { "bond0.1", "podman-cntr-net" } counter packets 0 bytes 0 return
                oifname { "wg0", "vti0", "vtun0", "podman-ts-net" } counter packets 0 bytes 0 jump NAME_LOCAL_TO_ALL
                oifname { "wg0", "vti0", "vtun0", "podman-ts-net" } counter packets 0 bytes 0 return
                counter packets 0 bytes 0 drop comment "zone_LOCAL default-action drop"
        }

tested /resolved

Does anyone knows real scenario where permanently storing/saving this logs are required?
Yes, this feature is not working on 1.4, neither on 1.5
But I can't think on a real case where this logs are needed. I know that keeping information of NAT for certain ISP is mandatory due lo legal requirements. But writing a log entry for every conntrack status change seems like it will flood logs, and may consume more resources than expected.
With usage of netflow/slflow, maybe this required information can be obtained in the netflow collector, and do not increase load on vyos router.

It seems to be the difference between the vyos version build in the Dockerfile of librtr-dev and the Debian librtr-dev version (which works).