♟ a.hajiyev

I tested the same scenario in VyOS 2025.03.09-0613-rolling and did not observe the same issue.
VyOS works as expected and commit did not get stuck.

There are around 300 interfaces:

around 200 vxlan interface
around 30 bridge interfaces
around 30 Pseudo-Ethernet/MACvlan interfaces
around 16 Ethernet interfaces
around 30 Bridge interfaces

Only worked:

Reboot instance
load /config/config.boot
sudo podman rm suricata
commit

Then it works

vyos@VyOS-Test01#
[edit]
vyos@VyOS-Test01# load /config/config.boot
[edit]
vyos@VyOS-Test01#
[edit]
vyos@VyOS-Test01# compare
+ container {
+     name suricata {
+         allow-host-networks
+         arguments "-q 1"
+         capability "net-admin"
+         capability "sys-admin"
+         capability "sys-nice"
+         image "jasonish/suricata:6.0.14"
+         memory "1024"
+         volume ETC {
+             destination "/etc/suricata"
+             source "/config/suricata/etc"
+         }
+         volume LOGS {
+             destination "/var/log/suricata"
+             source "/config/suricata/logs"
+         }
+         volume RULES {
+             destination "/var/lib/suricata/rules/"
+             source "/config/suricata/rules"
+         }
+     }
+ }

If service is 'failed' state

vyos@VyOS-Test01:~$ systemctl status vyos-container-suricata.service
× vyos-container-suricata.service - VyOS Container suricata
     Loaded: loaded (/run/systemd/system/vyos-container-suricata.service; static)
     Active: failed (Result: exit-code) since Fri 2024-08-23 10:32:44 UTC; 43s ago
   Duration: 4min 55.702s
    Process: 2855 ExecStartPre=/bin/rm -f /run/vyos-container-suricata.service.pid /run/vyos-container-suricata.service.cid (code=exited, sta>
    Process: 2856 ExecStart=/usr/bin/podman run --conmon-pidfile /run/vyos-container-suricata.service.pid --cidfile /run/vyos-container-suric>
    Process: 2867 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile /run/vyos-container-suricata.service.cid (code=exited, status=0/SUCCE>
    Process: 2873 ExecStopPost=/bin/rm -f /run/vyos-container-suricata.service.cid (code=exited, status=0/SUCCESS)
        CPU: 129ms

You are right there is an op-mode command to restart the container

restart container suricata

But I think there needs to be some checks/changes at least someone will execute the native Podman command to restart the container.

Tested in VyOS 1.4.0-rc1 , VyOS 1.3.5 and VyOS 1.5-rolling-202401030023
The configuration
VyOS 1.4.0-rc1:

Tested in VyOS 1.3.4

Tested in VyOS 1.4-rolling-202311100309

Tested on VyOS 1.4-rolling-202311100309

IKEv1
2 proposals
the pfs is enabled

Tested in VyOS 1.4-rolling-202311100309:

Tested in VyOS 1.4-rolling-202311100309
Configs:
Node-1

Tested on VyOS 1.4-rolling-202311100309:

Tested in VyOS 1.4-rolling-202311100309:
The configuration:

Tested in VyOS 1.4-rolling-202311100309
The configuration:
VyOS:

Tested in VyOS 1.4-rolling-202311100309:
Configurations:

Tested on VyOS 1.4-rolling-202311100309 and VyOS 1.5-rolling-202311160736 - L-Time shows 0. But supposed to show 3600 according to the configuration.

Tested in VyOS 1.4-rolling-202311100309 (AES)

Tested in VyOS 1.4-rolling-202311100309 (3DES)

In VyOS 1.3.4
Configs:

I tested in VyOS 1.4-rolling-202311100309

Tested in VyOS 1.4-rolling-202311100309
Tried with single quotes: ''

Tested VyOS 1.4-rolling-202311100309

Used one of the latest rolling releases.
Configured the Radius server and VyOS

Checked in VyOS 1.4-rolling-202310030309

LEFT router configuration

a.hajiyev (Aslan)
User

Projects

User Details

Recent Activity
View All

Mar 12 2025

Mar 11 2025

Dec 19 2024

Nov 14 2024

Oct 28 2024

Oct 24 2024

Oct 23 2024

Oct 3 2024

Sep 18 2024

Aug 23 2024

Aug 15 2024

Jul 1 2024

May 28 2024

Apr 9 2024

Jan 11 2024

Nov 30 2023

Nov 29 2023

Nov 28 2023

Nov 24 2023

Nov 23 2023

Nov 22 2023

Nov 20 2023

Nov 16 2023

Nov 15 2023

Oct 25 2023

Oct 24 2023

Aug 15 2023

Aug 14 2023

Jul 27 2023

a.hajiyev (Aslan)User