For first do these changes as in commit
Try policy local route, for example:

set policy local-route rule 10 set table 111
set policy local-route rule 10 source 192.0.2.0/24

The main reason:

@Rhongomiant Am I understanding correctly that you don't see the default route in table 111?

I ve tested this scenario on VyOS 1.4-rolling-202201200814, as said Srividya you can choose minutes betwen 1-99.
If this is critical, you can expand the range by opening a "feature request".

@adestis Could you share commands, on how to reproduce this bug? Thanks.

Some details in T4193

@klipz In my case, the only problem is adding the wlan interface to the bridge at startup (looks like an order thing), when vyos is started (and the wlan interface is up) no problem to add it to the bridge witth the CLI.

I experience the same problem of VyOS failing to add wlan0 to bridge, which persists in all 1.3-epa and 1.3-LTS versions, as well as 1.4 nightly builds.

PR https://github.com/vyos/vyatta-op-vpn/pull/32

PR https://github.com/vyos/vyos-opennhrp/pull/3

Scenario proposed by @NikolayP gives next content in table ip filter:

PR for 1.3 https://github.com/vyos/vyos-nhrp/pull/7

PR for 1.4 https://github.com/vyos/vyos-1x/pull/1145

Could you also create a pr for 1.4?
Or 1.4 doesn’t have such limits?

Does it work with vlan bridges T3115?

PR to fix the problem: https://github.com/vyos/vyos-1x/pull/1128
It is compatible with both 1.3 and 1.4, so can be cherry-picked from sagitta to equuleus.

The error is received when the input for minutes is provided in three digits.

PR https://github.com/vyos/vyos-1x/pull/1125

PR for 1.2:
https://github.com/vyos/vyatta-cfg-vpn/pull/55

PR for 1.3:
https://github.com/vyos/vyatta-cfg-vpn/pull/54

PR for crux https://github.com/vyos/vyatta-cfg-vpn/pull/53

If anyone actually wants support for source port parameter, feel free to reopen this, but the interface parameter is a no-go. In the meantime, rewriting vyatta-config-mgmt takes precedence.

That's a good idea. What remains in that repo was hardly touched in a decade.

PR https://github.com/vyos/vyatta-cfg-vpn/pull/52

It doesn't matter what you add mobike disable or enable
A possible reason it generates incorrect swanctl.conf for option mobike

@nikeshhajari thanks, I can reproduce it in 1.3:

set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 multicast 'enable'
set interfaces tunnel tun0 parameters ip key '1'
set interfaces tunnel tun0 source-address '192.168.122.14'
set protocols nhrp tunnel tun0 cisco-authentication 'orange'
set protocols nhrp tunnel tun0 holding-time '300'
set protocols nhrp tunnel tun0 multicast 'dynamic'
set protocols nhrp tunnel tun0 redirect
set protocols nhrp tunnel tun0 shortcut
set vpn ipsec esp-group ESP-HUB compression 'disable'
set vpn ipsec esp-group ESP-HUB lifetime '3600'
set vpn ipsec esp-group ESP-HUB mode 'tunnel'
set vpn ipsec esp-group ESP-HUB pfs 'dh-group21'
set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha256'
set vpn ipsec esp-group ESP-HUB proposal 2 encryption 'aes256'
set vpn ipsec esp-group ESP-HUB proposal 2 hash 'sha256'
set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no'
set vpn ipsec ike-group IKE-HUB key-exchange 'ikev2'
set vpn ipsec ike-group IKE-HUB lifetime '28800'
set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '21'
set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha256'
set vpn ipsec ike-group IKE-HUB proposal 2 dh-group '21'
set vpn ipsec ike-group IKE-HUB proposal 2 encryption 'aes256'
set vpn ipsec ike-group IKE-HUB proposal 2 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret'
set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'PRE_SHARED_KEY'
set vpn ipsec profile NHRPVPN bind tunnel 'tun0'
set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB'
set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB'
commit

Add mobile disable:

set vpn ipsec ike-group IKE-HUB mobike 'disable'
commit
[ vpn ]
Warning: unable to [reload changes to swanctl.conf], received error code 5632

I prefer to rewrite the whole https://github.com/vyos/vyatta-config-mgmt to XML/python

@Viacheslav the only way is by letting it run.
As adviced in the slack I upgraed to differt version, just now it dropped again.
This time it's differtent as the backup still sayes it still the backup node but all traffic to the VRRP address is offline.

I personally think the interface part is high-effort, low-gain since you can simply use the address of the interface to the same effect, whereas simply providing an interface will force it to decide which address to use on dual-stack systems. It needs to pick between AF_INET and AF_INET6 when creating the socket before setsockopt()ing SO_BINDTODEVICE; although I think we can get away with doing what socket.create_connection() does. Even then, only the SFTP portion of the code directly uses socket — everything else relies on higher level libraries that only expose address and port options. (Also, using a single parameter for both addresses and interfaces is a bad idea, in my opinion, because it's probably more useful to resolve an FQDN string to an address rather than assume all strings are interfaces. But otherwise, we'd need to find a way to resolve conflict between address and interface parameters.) All in all, I don't think the interface parameter is a good idea at all but we'll see.

I think this is the limitation with the Linux interface name, it should not be higher than 16 characters. In you config I see, as an example (bond0.995.130 = 13 chars and additional part .100 = 4) = 17
I know how we can fix it manually, but I'm not sure that it is a good idea.
Accel-PPP supports name changing for created interface by vlan_mon module

[pppoe]
vlan-name=e0.%P.%N
interface=re:^e0\.\d+\.\d+

you can try to change this manually (edit /run/accel-ppp/pppoe.conf) and restart pppoe-server