tested and resolved : VyOS 1.5-rolling-202407251105

tested and resolved, we've added this change in our cli to fix this deprecate option in opnvpn :

[edit]
vyos@vyos-ser-win# set interfaces openvpn vtun10 server topology
Possible completions:
   subnet               Subnet topology (recommended) (default)
   point-to-point       Point-to-point topology
   net30                net30 topology (deprecated)

I've tested in the new version , the problem with default net30 , it is already there .however , when the new version started show a warning message that migrating from net30 to subnet because is going to be deprecated :

In T6211#194799, @stephenmcmahon wrote:

In T6211#189615, @Viacheslav wrote:

Probably the best way will be moving the config to the vrf section (not implemented)
For example:

set vrf name foo service dhcp-server shared-network-name eth1 option default-router '192.168.1.1'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'

task related : https://vyos.dev/T4025

I've checked this bug , it's still present the vesion 1.4./1.5 and the 1.3.x , this problem is related to the update of the new version (openvpn) where the syntax to create a tunnel tap (layer2) is changed , this command allow to transport frame and it's needed when you want to bridge a vtun :

I've created the FRR bug report :

confirm that it works as well , spoke to spoke connection adding authentication. :

@volodymyr.huti I've checked a hub & spoke with Cisco nhrp and opennhrp , it works ,although, it has some issues related to establish spoke to spoke tunnel or when removing the password , here is my environment (it was merged for the master branch, not backport to stable) .

here we can add some prevention to raise error, to avoid that someone uses in EBGP a profile to IBGP, because, the problem is under FRR which syntax brakes the frr-cli.

I've tested it, the problem here is because you change a wrong local role , in your configuration is a rs-client ( IBGP relationship) but when you move to rs-server ( only works with EBGP , this attribute reflect EBGP routes to bgp router clients ) , so, that it's reason why you are not allowed to change :
VyOS :

vyos@vyos# run show configuration commands | match bgp
set protocols bgp neighbor 10.88.88.255 address-family ipv4-unicast
set protocols bgp neighbor 10.88.88.255 peer-group 'FAST'
set protocols bgp peer-group FAST capability dynamic
set protocols bgp peer-group FAST graceful-restart 'enable'
set protocols bgp peer-group FAST local-role rs-client
set protocols bgp peer-group FAST password 'F@st123!'
set protocols bgp peer-group FAST remote-as '211186'
set protocols bgp peer-group FAST update-source '10.88.88.2'
set protocols bgp system-as '211186'
[edit]
vyos@vyos# delete protocols bgp peer-group FAST local-role rs-client
[edit]
vyos@vyos# commit
[edit]

documentation : https://github.com/vyos/vyos-documentation/pull/1479

@a.apostoliuk

please , Could you share configuration on how to replicate it ? it's also here the guideline about report a bug :

please, read the guidelines that I shared, the point here if it works with our system , is not error in cli structure o functionality you should open a forum topic or support case (in case you have an active subscription), before opening a task here that is not clear.(without configuration ,debug attached or packet capture)

please , read the guidelines on this post . it doesn't see a bug if not a support task:

PR : https://github.com/vyos/vyos-1x/pull/3571

@mersl thanks for confirm.

we've added this ability to configure the topology on isis :

agree ,it's more a feature than a bug : PR https://github.com/vyos/vyos-1x/pull/3537

the problem here is that MT options is enable by default when the RIB has ipv4, if not not-MT is enable by default on IPv4 .So, you need to add additional topologies (ipv6-unicast , ipv6-multicast,etc)

tested new cli structure, it combine the new mach-group and old syntax :

I've tested and now is working correctly :

add documentation : https://github.com/vyos/vyos-documentation/pull/1444

PR https://github.com/vyos/vyos-1x/pull/3410

PR: https://github.com/vyos/vyos-1x/pull/3333

this new command was merge in order to solved this problem :

vyos@vrf-test:~$ show configuration commands | match disable
set protocols bgp parameters disable-ebgp-connected-route-check

PR:https://github.com/vyos/vyos-1x/pull/3212

it think that we can use also something similar to what we use ocserv to generate ssl certificates:

it makes seens , agree with add a Config Error to do not allow both options simultaneously ,.

as I mentioned , it was added in 9.1 as default behavior :

this command was added by default in FRR , but it's supported on lasted version (9.1):

i've re-checked with the new image from GCP and new cloud-init version , it seems to be working as expexted :

this fix is not merge yet : https://github.com/vyos/vyatta-op-vpn/pull/37

some improvements were added in this task , enable or disable the http security headers in the openconnect configuration :

when it's merge , I will test with the controller to see if we are able to get BMP with the new FRR version.

PR 1.3 : https://github.com/vyos/vyos-1x/pull/2572

tested on 1.5/1.4 :

PR 1.5/1.4 : https://github.com/vyos/vyos-1x/pull/2564

Do you tested it ? using our current rolling-release

I'll hava a lab with PIM SSM and BFD , I'll update our documentation with those feature with example.

I've tested this flag in both version 1.4 / 1.5 , it seems to work as expected :

tested on 1.4-rolling-202311080309

it's not a bug, this command are able in ospf :

@devon

after merge this ldp bug fixed , I saw that now it's already working . Could you check it ? I've tested on a lab and it seems to work :

tested /resolved

PR : https://github.com/vyos/vyos-1x/pull/2411

@jvoss thanks to confirm !

I've tested this issues in our lasted rolling-realese , after last commit , it seems works without problems :

vyos@vyos# load test.conf
Loading configuration from 'test.conf'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@vyos# compare
[policy]
+ route-map TEST {
+     rule 10 {
+         action "permit"
+         set {
+             community {
+                 add "65001:1"
+             }
+             large-community {
+                 add "4200000000:100:1"
+             }
+         }
+     }
+ }

exactly , i'll give an example of what is the improving (or new cli) , we have a policy where we can mach different DSCPs associate with REAL TIME or VIOCE . Current in our cli , it would be something like this :

this case was resolved lasted configuration done .

this task is a re-definition from a traffic class , I think it could be more clear if we separate tc-filter in a class-map , so we can define different profiles in our cli based on services :