Actually, there are already run monitor traffic interface $intf commands and they work fine in 1.2.3.

Please review another portion of 'trivial' rewrites from vyatta-op. See the corresponding PRs in vyos-1x and vyatta-op.

This is "as intended" b/c ping is an op-mode command.

Adding "tls-crypt" and in the upcoming 2.5 release "tls-crypt-v2" options would also be desirable.

https://github.com/vyos/vyos-1x/commit/71f7a947539963112c61fef2a5f278d524d71198

@hagbard during some tests with the bridge interface (https://github.com/vyos/vyos-1x/commit/71f7a947539963112c61fef2a5f278d524d71198) I noticed the following:

Pyroute2 states:

One of the major issues with IPDB is its memory footprint. It proved not to be suitable for environments with thousands of routes or neighbours. Being a design issue, it could not be fixed, so a new module was started, NDB, that aims to replace IPDB. IPDB is still more feature rich, but NDB is already more fast and stable.

backported to crux

Pull request for fixing this problem: https://github.com/vyos/vyatta-netflow/pull/4

The reason for layer2, layer2+3 and layer3+4 are that those values are directly passed to the kernel, as the pernel expects:

improvement suggestion:

• remove the use of + in hash-policy names. layer2+3 and layer3+4. this could be replaced with the more used - character, so layer2-3 and layer3-4
• also add support for encap2-3 and encap3-4hash-policy

It is true that you need a hash-policy, but specifying a hash-policy is optional, if you don't specify it reverts to the kernel default that is layer2..
also defaults should not be listed in the configuration. (because then the configuration will be crowded with all kind of strange things that is a default)

@runar If I could offer an alternative, why not require set interfaces bonding bond0 hash-policy to always be specified? The hash policy is not something optional like a tunnel key for GRE, so I feel that this option should be required.

Improvement suggestion:
set interfaces bonding bond0 hash-policy # defaults to layer2, listing layer2 as an configureable alternative is then redundant. to revert to level2 the user should delete the config entry instead. also update description about using layer2 as a default

with vyos-1.2-rolling-201908270337-amd64.iso also fixed for me. Thanks

@hagbard dummy interface has been migrated, see https://github.com/vyos/vyos-1x/commit/93184326fc3768216b734a5fcc60e193b5e27fad

If it reappears, feel free to reopen.

Perfect, I think the dummy interface would be one which needs to be corrected before I can remove the class file entirely.

Resolved with rewrite of op-mode scripts in Python.

Turns out this can be done with the following code:

pyroute2 has been added to our debian repo http://dev.packages.vyos.net/repositories/current/vyos/pool/main/p/pyroute2/

We have change vyos configuration.
Now, our vyos still have 1 interface but haven't two ip adresses.
It have only one private IP.
VPN coming from wan connecte to it by public IP manage by compgany firewall and VPN coming from Local network connect to it by private ip adresses.

If this issue can be reproduced by someone else please open a new bug report. THX!

https://github.com/vyos/vyos-1x/pull/116

vyos-1x src/migration-scripts/interfaces/0-to-1 line 41:
https://github.com/vyos/vyos-1x/blob/2f3aa28f259ee7f23ef8a4a091db8ced2202bbd8/src/migration-scripts/interfaces/0-to-1#L41:

# igmp-snooping: check if enabled
igmp_val = config.return_value(base + [br, 'igmp-snooping', 'querier'])

This should be preceded by a if config.exists, as should line 33:

    # STP: check if enabled
        stp_val = config.return_value(base + [br, 'stp'])
`

The interface/0-to-1 migration script is failing on upgrade (T1611).

@c-po The above commits should reference T1556, probably a typo.

Would something like https://openwrt.org/docs/techref/netifd be useful? The drawback that it's dependent on ubus https://openwrt.org/docs/techref/ubus