Hello @hammersoft , VyOS migrated from xl2tp to accel-ppp. Can you check this issue on latest rolling?
https://phabricator.vyos.net/T834

Hello Harliff,

We also can add show protocols bfd peer counters and for peer show protocols bfd peer x.x.x.x counters

vyos@vyos-rtr01# run show protocols bfd peer counters | strip-private 
BFD Peers:
	peer xxx.xxx.0.4 local-address xxx.xxx.0.1 vrf default
		Control packet input: 0 packets
		Control packet output: 988 packets
		Echo packet input: 0 packets
		Echo packet output: 0 packets
		Session up events: 0
		Session down events: 0
		Zebra notifications: 0

A note when stating to convert physical interfaces.

I've made some hacks to get vyatta-config-sync working with ssh-keys (and working at all).

Why not use curl which is inside the image?

Okay. Please test with latest rolling so we can possibly backport this to crux

Sometimes vif-s used for management and may contain not encapsulated traffic which need prepare with firewall.

Please keep this in mind when rewriting dummy/loopback interfaces: https://phabricator.vyos.net/T1467

I have no experience with Q-in-Q but does it even make sense to apply a firewall to the outer side of a Q-in-Q link? I understand to apply a firewall to the vif-c interface inside vif-s (as this can be trated as any regular vlan interface) but a firewall on the encapsulated interface?

Yes, sorry, I was mean about new syntax for rolling release. PR for fixing issue with ARP https://github.com/vyos/vyos-1x/pull/101

@Dmitry, thanks for reply.

Hello @olofl , I think you need show protocols static arp interface eth1.1728 command. You also may read about ARP on https://vyos.readthedocs.io/en/latest/routing/arp.html?highlight=show%20arp

PR https://github.com/vyos/vyatta-cfg-system/pull/105
Thanks @zsdc for assist.

@c-po
I have some new findings. When I upgrade to a new rolling release (tested with the one from 11.08.2019 and 12.08.2019), I do 'add system image ...', then reboot, then the forwarders are missing in recursor.conf:

PR https://github.com/vyos/vyos-1x/pull/100

Hi Donny,

Not sure if you're still looking into this, but the following script works perfectly for me on the crux branch:

Ok, I feel very noobish, but I can't seem to change it. Any pointers?

Oh thought I did, sorry do not github very often. Let me dive in for a sec.

Thanks :) i see the pull message is updated, but could you also update the commit message to reflect this?

Ah apologies, should be fixed now.

Hi! Thanks for the contribution!

My fix is here: https://github.com/vyos/vyos-vmwaretools-scripts/pull/2

See https://github.com/vyos/vyos-build/pull/58 for what I think is the fix.

https://vyos.readthedocs.io/en/equuleus/contributing/vyos-api/interface-config.html#interface-config
https://vyos.readthedocs.io/en/latest/contributing/vyos-api/interface-config.html

I have added two PRs with some fixes and new features. The most valuable changes:

• Fixed the bug, which prevents to change or delete BFD peers with custom options. For example, when any of source address/interface, multihop was used, such peers could not be deleted or changed.
• Added configuration checks, which should prevent adding BFD option to BGP neighbors or peer-groups without corresponding peers configuration in protocols bfd. If BGP and BFD configurations are out of sync, BGP sessions could be very unstable.
• Added configuration check, which should prevent to delete peers from protocols bfd if they are still used in BGP.
• Some other small fixes and changes.

Also, was added several new options:
BFD configuration:

set protocols bfd peer IP echo-mode
set protocols bfd peer IP interval echo-interval

BGP configuration:

set protocols bgp ASN neighbor IP bfd check-control-plane-failure

I cannot reproduce this issue on VyOS 1.2.0-rolling+201908050337. @OlegGardash can you try on last rolling release?

I don't think it's a good idea, for several reasons.

This sounds like a good improvement!

Fixed. Should in the next nightly build.

Is this still an issue?

Most of these files are autogenerated and dont need to be saved across reboots.. is it possible to make them in a overlay that does not save to disk? Or another aproach is to just delete them when the device starts (before or when vyatta starts)

I second this, I would like to be able to setup different keys for multiple wireguard interfaces too.

Would we masking snmp community and email addresses in config for privacy?

https://github.com/vyos/vyos-1x/commit/d96cfc8a5b1e9f9a3484a4c4036dddabfc588f5b
While documentation is on its way, below is a very small example on how to use it:

Created PR https://github.com/vyos/vyatta-op/pull/23/commits/20822ca355fcec4a364375edf6330e6b2357a570
Need check. If you any additional info about unmasked config data, please write here

https://www.freedesktop.org/software/systemd/man/systemd.network.html

dhcp can be done via systemd or the traditional isc-dhcp client, which way should we go? systemd.networkd does link detection too and stops dhcp if the link is lost and starts it again when the link returns to state up.

@noitcennok stop polluting non relevant threads and stick to your original forum post.

@Dmitry i want to secure my /24 from layer 7 attacks? i already contacted my upstream he said:

@c-po yes, I saw this script. About documentation prefixes is not bad idea, but with XXXXX view more pretty, I think.

@Dmity stripping is done here: https://github.com/vyos/vyatta-op/blob/current/scripts/vyos-strip-config.pl

@Dmitry Do you know ABOUT BGP Communities filtering?

Please open this one as I want to get help from experts.

This is a support request,
closing in favor of forum post
https://forum.vyos.io/t/bgp-communities-filtering/3969/2

In T1567#40707, @rherold wrote:

You can add a community via route-map to your outgoing routes.

set policy route-map $YOUR-OUTGOING-MAP rule $RULENUM set community ..

You can add a community via route-map to your outgoing routes.