This might confuse the users as now there is sensitive information again, but a different one.

Confirmed to work correctly on version VyOS 1.4-rolling-202207180802.

As I know we have not access by level for now, maybe we should keep shell:priv-lvl=15 by default?

Done https://github.com/vyos/vyos-vm-images/commit/bafe06bbbf4d67a98c78c01f1cef379eb6d13fa1

Duplicate T3871

In T4533#126578, @Viacheslav wrote:

It is operator level, that shouldn’t have permission for configurations. Only basic diagnostics (op-mode)

This seems to be more inconsistent than it has been before.

It works fine with my environment. With the new image too:
VyOS 1.4-rolling-202207160217

It is operator level, that shouldn’t have permission for configurations. Only basic diagnostics (op-mode)

can you please share your configuration? Using Microsoft NPS as RADIUS backend with this configuration I can not reproduce the issue.

PR https://github.com/vyos/vyos-1x/pull/1417

Although this task is closed, I'd like to mention that after this change we are now defining rulesets with "policy route6" and binding them to interfaces with "interfaces ... policy ipv6-route". This seems to be more inconsistent than it has been before. Besides, although such changes are handled in a migration script for static configurations, they break automation scripts and require version specific fixes.

In T3435#115394, @n.fort wrote:

Error still present on VyOS 1.4-rolling-202201020317

vyos@vyos:~$ show nat source rules 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/show_nat_rules.py", line 114, in <module>
    print(format_nat_rule.format(rule, srcdests[0], tran_addr, interface))
IndexError: list index out of range
Rule       Source                                             Translation                                        Outbound Interface
----       ------                                             -----------                                        ------------------
vyos@vyos:~$ show ver

Version:          VyOS 1.4-rolling-202201020317
Release train:    sagitta

Nat config in this example:

vyos@vyos:~$ show config comm | grep nat
set nat source rule 10 description 'Masquerade to NAT'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 translation address 'masquerade'

@Viacheslav
Yes, the output of show ip route and sudo ip route are after a reboot.

@a.apostoliuk Could you specify how to reproduce this bug?
Some CLI config examples and/or some pings that indicate the issue.

PR for 1.3 https://github.com/vyos/vyos-1x/pull/1416

I tested 1.4-rolling-202207111030 and this seems to be resolved, including showing peers in the help.

Fix smoketest for 1.3 https://github.com/vyos/vyos-1x/pull/1415

PR for 1.4 https://github.com/vyos/vyos-1x/pull/1414

Requires update smoketests

@diekos Is it working after reboot?

Just tested this on VyOS 1.4-rolling-202207111030, with the following commands:

It is different shells in 1.4 and 1.3 for this user config
In 1.3 it seems correct:

vyosuser@r1# echo $SHELL
/sbin/radius_shell
[edit]
vyosuser@r1#

PR https://github.com/vyos/vyos-1x/pull/1413

I propose a patch to fix this issue:

Demo QPPB implementation supporting bgp-policy destination mode:

PR https://github.com/vyos/vyos-1x/pull/1412

Similar problem in the latest rolling releases (vyos-1.4-rolling-202207111030). Traffic policy (limiter) not set in live configuration.

If I want to use also x.pool.ntp.org how should I use it if it will migrate anything from x.pool.ntp.org?

PR https://github.com/vyos/vyatta-cfg-system/pull/182

The similar issue and for the 1.3.1-S1

vyos@vyos# run show version