Page MenuHomeVyOS Platform
Feed Search

Search
Use Results
Hide Query

Nov 1 2024

syncer merged task T6699: Router practically becomes unusable due to accel-pppd producing constant out of memory into T2567: accel-ppp eats all memory with a small sstp config.
Nov 1 2024, 7:59 PM · VyOS Rolling, Bugs, Known issue
syncer edited projects for T6699: Router practically becomes unusable due to accel-pppd producing constant out of memory, added: VyOS Rolling; removed VyOS 1.5 Circinus.
Nov 1 2024, 7:58 PM · VyOS Rolling, Bugs, Known issue

Oct 30 2024

n.fort added a comment to T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used.

No. It's not applicable for 1.4/1.5

Oct 30 2024, 10:28 AM
syncer removed a project from T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used: VyOS 1.3 Equuleus (1.3.8).

@n.fort, is this applicable to 1.4/1,5?

Oct 30 2024, 8:57 AM

Oct 10 2024

dmbaturin closed T4478: Firewall ipv6 p2p option failed as Wontfix.

Firewall is completely rewritten in 1.4 and p2p in its old form is not there.

Oct 10 2024, 5:00 PM · Known issue, VyOS 1.3 Equuleus (1.3.0)

Oct 8 2024

dmbaturin merged T2567: accel-ppp eats all memory with a small sstp config into T6699: Router practically becomes unusable due to accel-pppd producing constant out of memory.
Oct 8 2024, 8:54 PM · VyOS Rolling, Bugs, Known issue

Sep 15 2024

dmbaturin added a project to T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used: Bugs.
Sep 15 2024, 5:04 PM
dmbaturin added a project to T5547: ISIS: The L1-2 router cannot advertise L1 routes into L2: Bugs.
Sep 15 2024, 5:04 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Known issue
dmbaturin added a project to T6699: Router practically becomes unusable due to accel-pppd producing constant out of memory: Bugs.
Sep 15 2024, 5:03 PM · VyOS Rolling, Bugs, Known issue

Sep 5 2024

Viacheslav added a project to T6699: Router practically becomes unusable due to accel-pppd producing constant out of memory: Known issue.
Sep 5 2024, 6:43 AM · VyOS Rolling, Bugs, Known issue

May 13 2024

syncer edited projects for T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used, added: VyOS 1.3 Equuleus (1.3.8); removed VyOS 1.3 Equuleus (1.3.7).
May 13 2024, 7:33 PM

May 7 2024

syncer edited projects for T5547: ISIS: The L1-2 router cannot advertise L1 routes into L2, added: VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.
May 7 2024, 8:04 AM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Known issue

Mar 4 2024

Viacheslav added a comment to T3655: NAT doesn't work correctly with VRF.

@paigeadelethompson it is another issue, open a separate bug report

Mar 4 2024, 7:21 AM · VyOS 1.4 Sagitta (1.4.0-epa3)
paigeadelethompson added a comment to T3655: NAT doesn't work correctly with VRF.
table inet vrf_zones {
        map ct_iface_map {
                typeof iifname : ct zone
                elements = { "HE" : 132,
                             "WAN" : 128,
                             "eth0" : 128,
                             "tun0" : 132,
                             "eth1" : 256,
                             "eth2" : 384,
                             "veth0" : 132,
                             "veth1" : 256,
                             "VMNET" : 256,
                             "FASTNETMON" : 384 }
        }
Mar 4 2024, 4:20 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Feb 10 2024

syncer edited projects for T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used, added: VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).
Feb 10 2024, 9:19 AM

Jan 20 2024

Viacheslav triaged T5547: ISIS: The L1-2 router cannot advertise L1 routes into L2 as Low priority.
Jan 20 2024, 1:14 PM · Bugs, VyOS 1.4 Sagitta (1.4.0-GA), Known issue
Viacheslav triaged T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used as Low priority.
Jan 20 2024, 2:38 AM
Viacheslav closed T3906: [Traffic Control] Invalid Port Configuration Still Commits as Invalid.
Jan 20 2024, 2:25 AM · Known issue, VyOS 1.4 Sagitta

Dec 17 2023

syncer edited projects for T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used, added: VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).
Dec 17 2023, 11:40 PM

Oct 4 2023

fernando closed T3655: NAT doesn't work correctly with VRF as Resolved.
Oct 4 2023, 7:54 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Viacheslav added a comment to T3655: NAT doesn't work correctly with VRF.

@rherold Could you re-check it?

Oct 4 2023, 7:54 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
fernando added a comment to T3655: NAT doesn't work correctly with VRF.

for me , it's ok . I didn't see another issue related it . we can close

Oct 4 2023, 7:44 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Viacheslav added a comment to T3655: NAT doesn't work correctly with VRF.

Can we close it?

Oct 4 2023, 7:29 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Sep 14 2023

vfreex added a comment to T3655: NAT doesn't work correctly with VRF.

@fernando This is really nice. Thank you for the testing!

Sep 14 2023, 7:02 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Sep 12 2023

fernando reopened T3655: NAT doesn't work correctly with VRF as "Needs testing".
Sep 12 2023, 6:59 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
fernando added a comment to T3655: NAT doesn't work correctly with VRF.

command on 1.5 :

Sep 12 2023, 6:36 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
fernando closed T3655: NAT doesn't work correctly with VRF as Unknown Status.
Sep 12 2023, 4:17 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
fernando updated subscribers of T3655: NAT doesn't work correctly with VRF.

@vfreex I've tested in my labs related this issues , I can confirm that it work as expected . this original zone solved the problem when there was a src-nat /dst-nat with different VRFs or leaking with them ,Thanks you for this contribution .

Sep 12 2023, 4:16 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Sep 10 2023

Apachez added a comment to T3655: NAT doesn't work correctly with VRF.

Oh sorry, I missed that this commit was for LTS 1.3.x series.

Sep 10 2023, 7:13 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
vfreex added a comment to T3655: NAT doesn't work correctly with VRF.

@Apachez I am running kernel 6.1.49-amd64-vyos and this works fine with my local setup.
The patch is already in linux kernel since at least 4.3 (you can confirm with https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/include/net/netfilter/nf_conntrack_zones.h?h=linux-4.3.y), but it was added to nft command only since Feb 2017: https://git.netfilter.org/nftables/commit/src/ct.c?id=ed66d9966294a3bab6c8611e369861ba57374743

Sep 10 2023, 6:17 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Apachez added a comment to T3655: NAT doesn't work correctly with VRF.

@vfreex the referenced netfilter patch is from 2015, is that really valid for current version thats included in the Linux 6.1 LTS kernel?

Sep 10 2023, 6:05 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
vfreex added a comment to T3655: NAT doesn't work correctly with VRF.

You can test this approach on a running VyOS router using following commands:

Sep 10 2023, 5:32 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
vfreex added a comment to T3655: NAT doesn't work correctly with VRF.

I created a PR to fix this issue by using direction parameter of conntrack zones: https://github.com/vyos/vyos-1x/pull/2236
I have a very basic VRF setup and it works fine. It would be much appreciated if someone could test this with more complex VRF setup.

Sep 10 2023, 5:04 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Aug 25 2023

syncer edited projects for T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used, added: VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).
Aug 25 2023, 9:33 PM

Jul 12 2023

syncer edited projects for T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used, added: VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).
Jul 12 2023, 10:32 PM

Jun 22 2023

NeilHanlon added a comment to T3655: NAT doesn't work correctly with VRF.

I'm also encountering this issue on the latest rolling release.

Jun 22 2023, 12:51 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Jun 8 2023

gusbourg added a comment to T3655: NAT doesn't work correctly with VRF.

I have been able to get NAT to work with VRFs with 1.4-rolling-202306080317. However:

Jun 8 2023, 6:55 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

May 17 2023

fernando added a comment to T3655: NAT doesn't work correctly with VRF.

I've done test , regarding the original issues that it was nat+route-leaking (default + foo) , which is working on the last rolling (VyOS 1.4-rolling-202305140317). however, I've tried some test using two vrf+route-leaking and NAT , I can replicated the issue:

May 17 2023, 3:19 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

May 16 2023

diodep added a comment to T3655: NAT doesn't work correctly with VRF.
In T3655#148609, @bbabich wrote:
In T3655#131502, @Viacheslav wrote:

I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload

set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth1 address '192.0.2.1/24'
set interfaces ethernet eth1 vrf 'foo'
set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo'
set system conntrack
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0'
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default'
set vrf name foo table '1010'

Nftables

root@r14:/home/vyos# cat nat.nft 
flush ruleset

table ip filter {
	flowtable fastnat {
		hook ingress priority filter
		devices = { eth0, eth1 }
	}

	chain forward {
		type filter hook forward priority filter; policy accept;
		ip protocol { tcp, udp } flow add @fastnat
	}
}
table ip nat {
	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 192.0.2.0/24 oif "eth0" snat to 192.168.122.14 persistent
	}

	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
	}
}

Conntrack table

vyos@r14:~$ sudo conntrack -F
conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied.
vyos@r14:~$ 
vyos@r14:~$ sudo conntrack -L
tcp      6 431999 ESTABLISHED src=192.168.122.14 dst=192.168.122.1 sport=22 dport=44462 src=192.168.122.1 dst=192.168.122.14 sport=44462 dport=22 [ASSURED] mark=0 use=1
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33018 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33018 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=37517 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=37517 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=59794 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=59794 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39288 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39288 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39616 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39616 [OFFLOAD] mark=0 use=2
icmp     1 29 src=192.0.2.2 dst=1.1.1.1 type=8 code=0 id=12387 src=1.1.1.1 dst=192.168.122.14 type=0 code=0 id=12387 mark=0 use=1
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=41155 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=41155 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39829 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39829 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33655 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33655 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=44835 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=44835 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=40213 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=40213 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33729 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33729 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=48344 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=48344 [OFFLOAD] mark=0 use=2
conntrack v1.4.6 (conntrack-tools): 14 flow entries have been shown.
vyos@r14:~$

This works for me too on current rolling releases from Jan-2023 to now.

May 16 2023, 6:57 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

May 12 2023

bbabich added a comment to T3655: NAT doesn't work correctly with VRF.
In T3655#131502, @Viacheslav wrote:

I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload

set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth1 address '192.0.2.1/24'
set interfaces ethernet eth1 vrf 'foo'
set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo'
set system conntrack
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0'
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default'
set vrf name foo table '1010'

Nftables

root@r14:/home/vyos# cat nat.nft 
flush ruleset

table ip filter {
	flowtable fastnat {
		hook ingress priority filter
		devices = { eth0, eth1 }
	}

	chain forward {
		type filter hook forward priority filter; policy accept;
		ip protocol { tcp, udp } flow add @fastnat
	}
}
table ip nat {
	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 192.0.2.0/24 oif "eth0" snat to 192.168.122.14 persistent
	}

	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
	}
}

Conntrack table

vyos@r14:~$ sudo conntrack -F
conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied.
vyos@r14:~$ 
vyos@r14:~$ sudo conntrack -L
tcp      6 431999 ESTABLISHED src=192.168.122.14 dst=192.168.122.1 sport=22 dport=44462 src=192.168.122.1 dst=192.168.122.14 sport=44462 dport=22 [ASSURED] mark=0 use=1
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33018 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33018 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=37517 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=37517 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=59794 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=59794 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39288 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39288 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39616 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39616 [OFFLOAD] mark=0 use=2
icmp     1 29 src=192.0.2.2 dst=1.1.1.1 type=8 code=0 id=12387 src=1.1.1.1 dst=192.168.122.14 type=0 code=0 id=12387 mark=0 use=1
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=41155 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=41155 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39829 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39829 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33655 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33655 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=44835 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=44835 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=40213 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=40213 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33729 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33729 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=48344 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=48344 [OFFLOAD] mark=0 use=2
conntrack v1.4.6 (conntrack-tools): 14 flow entries have been shown.
vyos@r14:~$
May 12 2023, 2:24 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

May 8 2023

diodep added a comment to T3655: NAT doesn't work correctly with VRF.
In T3655#143947, @fernando wrote:

it doesn't seem the same problem as here, this logic that was applied over this version was vrf not on the table . Could you share full configuration ? there is some point over vrfs / vrf default /leaking that are not clear. So I can replicate the scenery and we see what is going on .

May 8 2023, 7:41 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Mar 7 2023

diodep added a comment to T3655: NAT doesn't work correctly with VRF.
In T3655#143947, @fernando wrote:

it doesn't seem the same problem as here, this logic that was applied over this version was vrf not on the table . Could you share full configuration ? there is some point over vrfs / vrf default /leaking that are not clear. So I can replicate the scenery and we see what is going on .

Mar 7 2023, 4:36 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Mar 4 2023

diodep added a comment to T3655: NAT doesn't work correctly with VRF.
In T3655#143947, @fernando wrote:

it doesn't seem the same problem as here, this logic that was applied over this version was vrf not on the table . Could you share full configuration ? there is some point over vrfs / vrf default /leaking that are not clear. So I can replicate the scenery and we see what is going on .

Mar 4 2023, 2:52 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Mar 3 2023

fernando added a comment to T3655: NAT doesn't work correctly with VRF.

it doesn't seem the same problem as here, this logic that was applied over this version was vrf not on the table . Could you share full configuration ? there is some point over vrfs / vrf default /leaking that are not clear. So I can replicate the scenery and we see what is going on .

Mar 3 2023, 3:14 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
diodep added a comment to T3655: NAT doesn't work correctly with VRF.

I have almost same problem here. Can't NAT between two VRFs correctly. The outgoing packet has been NATed correctly but the incoming packet seems be dropped, can't reach the source, it seems the return packet can't be tracked correctly.

Mar 3 2023, 6:21 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Feb 28 2023

SrividyaA placed T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used up for grabs.
Feb 28 2023, 11:58 AM

Feb 21 2023

Charlie-Root added a comment to T3655: NAT doesn't work correctly with VRF.
Feb 21 2023, 1:45 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Oct 3 2022

n.fort added a comment to T3655: NAT doesn't work correctly with VRF.

At least on my lab, with one of the latest 1.4, this is working for me:

Oct 3 2022, 2:21 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Oct 1 2022

aohanian added a comment to T3655: NAT doesn't work correctly with VRF.

Is there a way to isolate a NAT rule to operate within a VRF?

Oct 1 2022, 2:31 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Aug 30 2022

Viacheslav added a comment to T3655: NAT doesn't work correctly with VRF.
Aug 30 2022, 6:33 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Aug 29 2022

fernando added a comment to T3655: NAT doesn't work correctly with VRF.

as I remember ... it has been working by this PR:

Aug 29 2022, 8:19 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Viacheslav added a comment to T3655: NAT doesn't work correctly with VRF.

I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload

set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth1 address '192.0.2.1/24'
set interfaces ethernet eth1 vrf 'foo'
set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo'
set system conntrack
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0'
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default'
set vrf name foo table '1010'
Aug 29 2022, 5:14 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Aug 14 2022

dmbaturin added a project to T3989: Firewall - Can't delete rule in firewall entry and leave just default-action when firewall entry is in used: Known issue.
Aug 14 2022, 6:39 PM

Jul 12 2022

Unknown Object (User) added a comment to T3655: NAT doesn't work correctly with VRF.

Hi, but one more thing related NAT and VRF in 1.4 rolling. As you know it uses NF MAP, to isolate conntrack tables, so we need to create some design to fix this moment. Matbe with adding some mark

Jul 12 2022, 6:05 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Jul 11 2022

fernando added a comment to T3655: NAT doesn't work correctly with VRF.

I've re-tested this issues with the initial configuration, nat source / mesquered/ destination , it seems to work as @Dmitry said. The conntrack doesn't show the connection as [UNREPLIED] , it's established :

Jul 11 2022, 8:31 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Viacheslav removed a project from T3655: NAT doesn't work correctly with VRF: VyOS 1.3 Equuleus (1.3.0).
Jul 11 2022, 12:03 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
Unknown Object (User) added a comment to T3655: NAT doesn't work correctly with VRF.

Today I tested VRF route leaking and NAT. It works on 1.3.1-S1. Simple configuration:

Jul 11 2022, 11:49 AM · VyOS 1.4 Sagitta (1.4.0-epa3)

Nov 1 2021

syncer edited projects for T3655: NAT doesn't work correctly with VRF, added: VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa3).
Nov 1 2021, 10:12 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Oct 23 2021

rherold added a comment to T3655: NAT doesn't work correctly with VRF.

anything new here?

Oct 23 2021, 3:07 PM · VyOS 1.4 Sagitta (1.4.0-epa3)

Oct 17 2021

syncer changed the status of T3655: NAT doesn't work correctly with VRF from Open to In progress.
Oct 17 2021, 2:56 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
syncer edited projects for T3655: NAT doesn't work correctly with VRF, added: VyOS 1.3 Equuleus (1.3.0-epa3), VyOS 1.4 Sagitta, Known issue; removed VyOS 1.3 Equuleus.
Oct 17 2021, 2:56 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
syncer edited projects for T3906: [Traffic Control] Invalid Port Configuration Still Commits, added: VyOS 1.4 Sagitta, Known issue; removed VyOS 1.3 Equuleus (1.3.0-epa1).
Oct 17 2021, 12:11 PM · Known issue, VyOS 1.4 Sagitta

Mar 16 2020

qxmips added projects to T1301: bgp peer-groups don't work when "no-ipv4-unicast" is enabled.: Workaround available, Known issue.
Mar 16 2020, 12:31 PM · VyOS 1.2 Crux (VyOS 1.2.5)

Mar 15 2020

syncer created Known issue.
Mar 15 2020, 3:29 PM