summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-26 15:36:40 +0200
committerChristian Breunig <christian@breunig.cc>2024-06-26 21:47:09 +0200
commit85c8399b6f8cf0d999076bddaba09c1cc9088917 (patch)
treeda914230b3c6e6ab9372bae73217d4ea0e20f49e
parent89d930aee010514431302975c90b28b9f8c5a8d9 (diff)
downloadvyos-1x-85c8399b6f8cf0d999076bddaba09c1cc9088917.tar.gz
vyos-1x-85c8399b6f8cf0d999076bddaba09c1cc9088917.zip
smoketest: T6510: add missing config-test verification steps
Validate if the migrators performed correctly by comparing it to a known good result file containing all the required `set` commands
-rwxr-xr-xsmoketest/bin/vyos-configtest-pki6
-rw-r--r--smoketest/config-tests/basic-api-service20
-rw-r--r--smoketest/config-tests/basic-vyos47
-rw-r--r--smoketest/config-tests/bgp-azure-ipsec-gateway231
-rw-r--r--smoketest/config-tests/bgp-bfd-communities201
-rw-r--r--smoketest/config-tests/bgp-big-as-cloud850
-rw-r--r--smoketest/config-tests/bgp-dmvpn-hub69
-rw-r--r--smoketest/config-tests/bgp-dmvpn-spoke75
-rw-r--r--smoketest/config-tests/bgp-evpn-l2vpn-leaf55
-rw-r--r--smoketest/config-tests/bgp-evpn-l2vpn-spine48
-rw-r--r--smoketest/config-tests/bgp-evpn-l3vpn-pe-router123
-rw-r--r--smoketest/config-tests/bgp-medium-confederation2
-rw-r--r--smoketest/config-tests/bgp-rpki43
-rw-r--r--smoketest/config-tests/bgp-small-internet-exchange209
-rw-r--r--smoketest/config-tests/bgp-small-ipv4-unicast32
-rw-r--r--smoketest/config-tests/cluster-basic21
-rw-r--r--smoketest/config-tests/container-simple16
-rw-r--r--smoketest/config-tests/dialup-router-complex740
-rw-r--r--smoketest/config-tests/dialup-router-medium-vpn17
-rw-r--r--smoketest/config-tests/dialup-router-wireguard-ipv6431
-rw-r--r--smoketest/config-tests/egp-igp-route-maps46
-rw-r--r--smoketest/config-tests/igmp-pim-small22
-rw-r--r--smoketest/config-tests/ipoe-server27
-rw-r--r--smoketest/config-tests/ipv6-disable31
-rw-r--r--smoketest/config-tests/isis-small44
-rw-r--r--smoketest/config-tests/nat-basic81
-rw-r--r--smoketest/config-tests/ospf-simple10
-rw-r--r--smoketest/config-tests/ospf-small82
-rw-r--r--smoketest/config-tests/pppoe-server47
-rw-r--r--smoketest/config-tests/qos-basic75
-rw-r--r--smoketest/config-tests/rip-router83
-rw-r--r--smoketest/config-tests/rpki-only14
-rw-r--r--smoketest/config-tests/tunnel-broker75
-rw-r--r--smoketest/config-tests/vpn-openconnect-sstp35
-rw-r--r--smoketest/config-tests/vrf-basic65
-rw-r--r--smoketest/config-tests/vrf-bgp-pppoe-underlay186
-rw-r--r--smoketest/config-tests/vrf-ospf59
-rw-r--r--smoketest/config-tests/wireless-basic2
-rw-r--r--smoketest/configs/basic-api-service2
-rw-r--r--smoketest/configs/bgp-dmvpn-hub5
-rw-r--r--smoketest/configs/bgp-evpn-l3vpn-pe-router2
-rw-r--r--smoketest/configs/bgp-rpki1
-rw-r--r--smoketest/configs/isis-small41
-rw-r--r--smoketest/configs/pppoe-server4
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_openconnect.py52
45 files changed, 4000 insertions, 327 deletions
diff --git a/smoketest/bin/vyos-configtest-pki b/smoketest/bin/vyos-configtest-pki
index e753193e9..0f9ecdd41 100755
--- a/smoketest/bin/vyos-configtest-pki
+++ b/smoketest/bin/vyos-configtest-pki
@@ -25,9 +25,9 @@ from vyos.pki import encode_dh_parameters
from vyos.pki import encode_private_key
from vyos.utils.file import write_file
-subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'vyos'}
-ca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'vyos CA'}
-subca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'vyos SubCA'}
+subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS'}
+ca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS CA'}
+subca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS SubCA'}
ca_cert = '/config/auth/ovpn_test_ca.pem'
ca_key = '/config/auth/ovpn_test_ca.key'
diff --git a/smoketest/config-tests/basic-api-service b/smoketest/config-tests/basic-api-service
index dc54929b9..3f796f35d 100644
--- a/smoketest/config-tests/basic-api-service
+++ b/smoketest/config-tests/basic-api-service
@@ -1,16 +1,28 @@
set interfaces ethernet eth0 address '192.0.2.1/31'
set interfaces ethernet eth0 address '2001:db8::1234/64'
+set interfaces ethernet eth0 offload gro
set interfaces loopback lo
-set service ntp server time1.vyos.net
-set service ntp server time2.vyos.net
-set service ntp server time3.vyos.net
set service https allow-client address '172.16.0.0/12'
set service https allow-client address '192.168.0.0/16'
set service https allow-client address '10.0.0.0/8'
set service https allow-client address '2001:db8::/32'
set service https api keys id 1 key 'S3cur3'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ntp server time3.vyos.net
set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
set system login user vyos authentication plaintext-password ''
-set system console device ttyS0 speed '115200'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos
index d676c663d..6ff28ec2e 100644
--- a/smoketest/config-tests/basic-vyos
+++ b/smoketest/config-tests/basic-vyos
@@ -1,5 +1,14 @@
set interfaces ethernet eth0 address '192.168.0.1/24'
set interfaces ethernet eth0 address 'fe88::1/56'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth2 duplex 'auto'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth2 vif 100 address '100.100.0.1/24'
set interfaces ethernet eth2 vif-s 200 address '100.64.200.254/24'
set interfaces ethernet eth2 vif-s 200 vif-c 201 address '100.64.201.254/24'
@@ -19,17 +28,6 @@ set protocols static arp interface eth2.200.201 address 100.64.201.20 mac '00:50
set protocols static arp interface eth2.200.202 address 100.64.202.30 mac '00:50:00:00:00:30'
set protocols static arp interface eth2.200.202 address 100.64.202.40 mac '00:50:00:00:00:40'
set protocols static route 0.0.0.0/0 next-hop 100.64.0.1
-set service ssh ciphers 'aes128-ctr'
-set service ssh ciphers 'aes192-ctr'
-set service ssh ciphers 'aes256-ctr'
-set service ssh ciphers 'chacha20-poly1305@openssh.com'
-set service ssh ciphers 'rijndael-cbc@lysator.liu.se'
-set service ssh key-exchange 'curve25519-sha256@libssh.org'
-set service ssh key-exchange 'diffie-hellman-group1-sha1'
-set service ssh key-exchange 'diffie-hellman-group-exchange-sha1'
-set service ssh key-exchange 'diffie-hellman-group-exchange-sha256'
-set service ssh listen-address '192.168.0.1'
-set service ssh port '22'
set service dhcp-server shared-network-name LAN authoritative
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 option domain-name 'vyos.net'
@@ -66,19 +64,40 @@ set service dns forwarding allow-from '192.168.0.0/16'
set service dns forwarding cache-size '10000'
set service dns forwarding dnssec 'off'
set service dns forwarding listen-address '192.168.0.1'
+set service ssh ciphers 'aes128-ctr'
+set service ssh ciphers 'aes192-ctr'
+set service ssh ciphers 'aes256-ctr'
+set service ssh ciphers 'chacha20-poly1305@openssh.com'
+set service ssh ciphers 'rijndael-cbc@lysator.liu.se'
+set service ssh key-exchange 'curve25519-sha256@libssh.org'
+set service ssh key-exchange 'diffie-hellman-group1-sha1'
+set service ssh key-exchange 'diffie-hellman-group-exchange-sha1'
+set service ssh key-exchange 'diffie-hellman-group-exchange-sha256'
+set service ssh listen-address '192.168.0.1'
+set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack ignore ipv4 rule 1 destination address '192.0.2.2'
set system conntrack ignore ipv4 rule 1 source address '192.0.2.1'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
set system login user vyos authentication plaintext-password ''
set system name-server '192.168.0.1'
-set system syslog global facility auth level 'info'
-set system syslog global preserve-fqdn
set system syslog console facility all level 'emerg'
set system syslog console facility mail level 'info'
+set system syslog global facility all level 'info'
+set system syslog global facility auth level 'info'
+set system syslog global facility local7 level 'debug'
+set system syslog global preserve-fqdn
set system syslog host syslog.vyos.net facility auth level 'warning'
set system syslog host syslog.vyos.net facility local7 level 'notice'
set system syslog host syslog.vyos.net format octet-counted
set system syslog host syslog.vyos.net port '8000'
-set system console device ttyS0 speed '115200'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/bgp-azure-ipsec-gateway b/smoketest/config-tests/bgp-azure-ipsec-gateway
new file mode 100644
index 000000000..bbd7b961f
--- /dev/null
+++ b/smoketest/config-tests/bgp-azure-ipsec-gateway
@@ -0,0 +1,231 @@
+set firewall global-options all-ping 'enable'
+set firewall global-options broadcast-ping 'disable'
+set firewall global-options ip-src-route 'disable'
+set firewall global-options ipv6-receive-redirects 'disable'
+set firewall global-options ipv6-src-route 'disable'
+set firewall global-options log-martians 'disable'
+set firewall global-options receive-redirects 'disable'
+set firewall global-options send-redirects 'enable'
+set firewall global-options source-validation 'disable'
+set firewall global-options syn-cookies 'enable'
+set firewall global-options twa-hazards-protection 'disable'
+set high-availability vrrp group DMZ-VLAN-3962 address 192.168.34.36/27
+set high-availability vrrp group DMZ-VLAN-3962 interface 'eth1'
+set high-availability vrrp group DMZ-VLAN-3962 preempt-delay '180'
+set high-availability vrrp group DMZ-VLAN-3962 priority '200'
+set high-availability vrrp group DMZ-VLAN-3962 vrid '62'
+set interfaces ethernet eth0 address '192.0.2.189/27'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 address '192.168.34.37/27'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth1 speed 'auto'
+set interfaces loopback lo
+set interfaces vti vti31 ip adjust-mss '1350'
+set interfaces vti vti32 ip adjust-mss '1350'
+set interfaces vti vti41 ip adjust-mss '1350'
+set interfaces vti vti42 ip adjust-mss '1350'
+set interfaces vti vti51 ip adjust-mss '1350'
+set interfaces vti vti52 ip adjust-mss '1350'
+set policy prefix-list AZURE-BGP-IPv4-in description 'Prefixes received from Azure'
+set policy prefix-list AZURE-BGP-IPv4-in rule 100 action 'permit'
+set policy prefix-list AZURE-BGP-IPv4-in rule 100 le '32'
+set policy prefix-list AZURE-BGP-IPv4-in rule 100 prefix '100.64.0.0/10'
+set policy prefix-list ONPREM-BGP-IPv4-out description 'Prefixes allowed to be announced into Azure'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 100 action 'permit'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 100 prefix '10.0.0.0/8'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 200 action 'permit'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 200 prefix '172.16.0.0/12'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 300 action 'permit'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 300 prefix '192.168.0.0/16'
+set protocols bgp address-family ipv4-unicast network 10.0.0.0/8
+set protocols bgp address-family ipv4-unicast network 172.16.0.0/12
+set protocols bgp address-family ipv4-unicast network 192.168.0.0/16
+set protocols bgp neighbor 100.66.8.36 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.8.36 remote-as '64517'
+set protocols bgp neighbor 100.66.8.37 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.8.37 remote-as '64517'
+set protocols bgp neighbor 100.66.24.36 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.24.36 remote-as '64513'
+set protocols bgp neighbor 100.66.24.37 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.24.37 remote-as '64513'
+set protocols bgp neighbor 100.66.40.36 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.40.36 remote-as '64515'
+set protocols bgp neighbor 100.66.40.37 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.40.37 remote-as '64515'
+set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast nexthop-self
+set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp neighbor 192.168.34.38 capability dynamic
+set protocols bgp neighbor 192.168.34.38 password 'VyOSR0xx123'
+set protocols bgp neighbor 192.168.34.38 remote-as '65522'
+set protocols bgp neighbor 192.168.34.38 update-source 'eth1'
+set protocols bgp peer-group AZURE address-family ipv4-unicast maximum-prefix '50'
+set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list export 'ONPREM-BGP-IPv4-out'
+set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list import 'AZURE-BGP-IPv4-in'
+set protocols bgp peer-group AZURE ebgp-multihop '2'
+set protocols bgp peer-group AZURE update-source 'eth1'
+set protocols bgp system-as '65522'
+set protocols bgp timers holdtime '30'
+set protocols bgp timers keepalive '5'
+set protocols static route 0.0.0.0/0 next-hop 192.168.34.33
+set protocols static route 51.105.0.0/16 next-hop 192.0.2.161
+set protocols static route 52.143.0.0/16 next-hop 192.0.2.161
+set protocols static route 100.66.8.36/32 interface vti31
+set protocols static route 100.66.8.36/32 interface vti32
+set protocols static route 100.66.8.37/32 interface vti31
+set protocols static route 100.66.8.37/32 interface vti32
+set protocols static route 100.66.24.36/32 interface vti41
+set protocols static route 100.66.24.36/32 interface vti42
+set protocols static route 100.66.24.37/32 interface vti41
+set protocols static route 100.66.24.37/32 interface vti42
+set protocols static route 100.66.40.36/32 interface vti51
+set protocols static route 100.66.40.36/32 interface vti52
+set protocols static route 100.66.40.37/32 interface vti51
+set protocols static route 100.66.40.37/32 interface vti52
+set protocols static route 195.137.175.0/24 next-hop 192.0.2.161
+set protocols static route 212.23.159.0/26 next-hop 192.0.2.161
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 192.0.2.254
+set service snmp v3 engineid 'ff42'
+set service snmp v3 group default mode 'ro'
+set service snmp v3 group default seclevel 'priv'
+set service snmp v3 group default view 'default'
+set service snmp v3 user VyOS auth encrypted-password '1ad73f4620b8c0dd2de066622f875b161a14adad'
+set service snmp v3 user VyOS auth type 'sha'
+set service snmp v3 user VyOS group 'default'
+set service snmp v3 user VyOS privacy encrypted-password '1ad73f4620b8c0dd2de066622f875b16'
+set service snmp v3 user VyOS privacy type 'aes'
+set service snmp v3 view default oid 1
+set service ssh disable-host-validation
+set service ssh port '22'
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system flow-accounting interface 'eth1'
+set system flow-accounting interface 'vti31'
+set system flow-accounting interface 'vti32'
+set system flow-accounting interface 'vti41'
+set system flow-accounting interface 'vti42'
+set system flow-accounting interface 'vti51'
+set system flow-accounting interface 'vti52'
+set system flow-accounting netflow server 10.0.1.1 port '2055'
+set system flow-accounting netflow source-address '192.168.34.37'
+set system flow-accounting netflow version '10'
+set system flow-accounting syslog-facility 'daemon'
+set system host-name 'azure-gw-01'
+set system login radius server 192.0.2.253 key 'secret1234'
+set system login radius server 192.0.2.253 port '1812'
+set system login radius server 192.0.2.253 timeout '2'
+set system login radius server 192.0.2.254 key 'secret1234'
+set system login radius server 192.0.2.254 port '1812'
+set system login radius server 192.0.2.254 timeout '2'
+set system login radius source-address '192.168.34.37'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system logs logrotate messages max-size '20'
+set system logs logrotate messages rotate '10'
+set system name-server '192.0.2.254'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system syslog host 10.0.9.188 facility all level 'info'
+set system syslog host 10.0.9.188 protocol 'udp'
+set system time-zone 'Europe/Berlin'
+set vpn ipsec authentication psk peer_51-105-0-1 id '51.105.0.1'
+set vpn ipsec authentication psk peer_51-105-0-1 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-1 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-2 id '51.105.0.2'
+set vpn ipsec authentication psk peer_51-105-0-2 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-2 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-3 id '51.105.0.3'
+set vpn ipsec authentication psk peer_51-105-0-3 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-3 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-4 id '51.105.0.4'
+set vpn ipsec authentication psk peer_51-105-0-4 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-4 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-5 id '51.105.0.5'
+set vpn ipsec authentication psk peer_51-105-0-5 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-5 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-6 id '51.105.0.6'
+set vpn ipsec authentication psk peer_51-105-0-6 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-6 secret 'averysecretpsktowardsazure'
+set vpn ipsec esp-group ESP-AZURE lifetime '27000'
+set vpn ipsec esp-group ESP-AZURE mode 'tunnel'
+set vpn ipsec esp-group ESP-AZURE pfs 'disable'
+set vpn ipsec esp-group ESP-AZURE proposal 1 encryption 'aes256'
+set vpn ipsec esp-group ESP-AZURE proposal 1 hash 'sha1'
+set vpn ipsec ike-group IKE-AZURE close-action 'none'
+set vpn ipsec ike-group IKE-AZURE dead-peer-detection action 'restart'
+set vpn ipsec ike-group IKE-AZURE dead-peer-detection interval '2'
+set vpn ipsec ike-group IKE-AZURE dead-peer-detection timeout '15'
+set vpn ipsec ike-group IKE-AZURE key-exchange 'ikev2'
+set vpn ipsec ike-group IKE-AZURE lifetime '27000'
+set vpn ipsec ike-group IKE-AZURE proposal 1 dh-group '2'
+set vpn ipsec ike-group IKE-AZURE proposal 1 encryption 'aes256'
+set vpn ipsec ike-group IKE-AZURE proposal 1 hash 'sha1'
+set vpn ipsec interface 'eth0'
+set vpn ipsec log level '2'
+set vpn ipsec log subsystem 'ike'
+set vpn ipsec site-to-site peer peer_51-105-0-1 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-1 authentication remote-id '51.105.0.1'
+set vpn ipsec site-to-site peer peer_51-105-0-1 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-1 default-esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-1 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-1 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-1 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-1 remote-address '51.105.0.1'
+set vpn ipsec site-to-site peer peer_51-105-0-1 vti bind 'vti51'
+set vpn ipsec site-to-site peer peer_51-105-0-2 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-2 authentication remote-id '51.105.0.2'
+set vpn ipsec site-to-site peer peer_51-105-0-2 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-2 default-esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-2 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-2 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-2 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-2 remote-address '51.105.0.2'
+set vpn ipsec site-to-site peer peer_51-105-0-2 vti bind 'vti52'
+set vpn ipsec site-to-site peer peer_51-105-0-3 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-3 authentication remote-id '51.105.0.3'
+set vpn ipsec site-to-site peer peer_51-105-0-3 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-3 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-3 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-3 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-3 remote-address '51.105.0.3'
+set vpn ipsec site-to-site peer peer_51-105-0-3 vti bind 'vti32'
+set vpn ipsec site-to-site peer peer_51-105-0-3 vti esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-4 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-4 authentication remote-id '51.105.0.4'
+set vpn ipsec site-to-site peer peer_51-105-0-4 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-4 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-4 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-4 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-4 remote-address '51.105.0.4'
+set vpn ipsec site-to-site peer peer_51-105-0-4 vti bind 'vti31'
+set vpn ipsec site-to-site peer peer_51-105-0-4 vti esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-5 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-5 authentication remote-id '51.105.0.5'
+set vpn ipsec site-to-site peer peer_51-105-0-5 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-5 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-5 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-5 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-5 remote-address '51.105.0.5'
+set vpn ipsec site-to-site peer peer_51-105-0-5 vti bind 'vti42'
+set vpn ipsec site-to-site peer peer_51-105-0-5 vti esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-6 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-6 authentication remote-id '51.105.0.6'
+set vpn ipsec site-to-site peer peer_51-105-0-6 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-6 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-6 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-6 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-6 remote-address '51.105.0.6'
+set vpn ipsec site-to-site peer peer_51-105-0-6 vti bind 'vti41'
+set vpn ipsec site-to-site peer peer_51-105-0-6 vti esp-group 'ESP-AZURE'
diff --git a/smoketest/config-tests/bgp-bfd-communities b/smoketest/config-tests/bgp-bfd-communities
new file mode 100644
index 000000000..6eee0137e
--- /dev/null
+++ b/smoketest/config-tests/bgp-bfd-communities
@@ -0,0 +1,201 @@
+set interfaces ethernet eth0 address '192.0.2.100/25'
+set interfaces ethernet eth0 address '2001:db8::ffff/64'
+set interfaces ethernet eth0 offload gro
+set interfaces loopback lo
+set policy large-community-list ANYCAST_ALL rule 10 action 'permit'
+set policy large-community-list ANYCAST_ALL rule 10 description 'Allow all anycast from anywhere'
+set policy large-community-list ANYCAST_ALL rule 10 regex '4242420696:100:.*'
+set policy large-community-list ANYCAST_INT rule 10 action 'permit'
+set policy large-community-list ANYCAST_INT rule 10 description 'Allow all anycast from int'
+set policy large-community-list ANYCAST_INT rule 10 regex '4242420696:100:1'
+set policy prefix-list BGP-BACKBONE-IN description 'Inbound backbone routes from other sites'
+set policy prefix-list BGP-BACKBONE-IN rule 10 action 'deny'
+set policy prefix-list BGP-BACKBONE-IN rule 10 description 'Block default route'
+set policy prefix-list BGP-BACKBONE-IN rule 10 prefix '0.0.0.0/0'
+set policy prefix-list BGP-BACKBONE-IN rule 20 action 'deny'
+set policy prefix-list BGP-BACKBONE-IN rule 20 description 'Block int primary'
+set policy prefix-list BGP-BACKBONE-IN rule 20 ge '21'
+set policy prefix-list BGP-BACKBONE-IN rule 20 prefix '192.168.0.0/20'
+set policy prefix-list BGP-BACKBONE-IN rule 30 action 'deny'
+set policy prefix-list BGP-BACKBONE-IN rule 30 description 'Block loopbacks'
+set policy prefix-list BGP-BACKBONE-IN rule 30 ge '25'
+set policy prefix-list BGP-BACKBONE-IN rule 30 prefix '192.168.253.0/24'
+set policy prefix-list BGP-BACKBONE-IN rule 40 action 'deny'
+set policy prefix-list BGP-BACKBONE-IN rule 40 description 'Block backbone peering'
+set policy prefix-list BGP-BACKBONE-IN rule 40 ge '25'
+set policy prefix-list BGP-BACKBONE-IN rule 40 prefix '192.168.254.0/24'
+set policy prefix-list BGP-BACKBONE-IN rule 999 action 'permit'
+set policy prefix-list BGP-BACKBONE-IN rule 999 description 'Allow everything else'
+set policy prefix-list BGP-BACKBONE-IN rule 999 ge '1'
+set policy prefix-list BGP-BACKBONE-IN rule 999 prefix '0.0.0.0/0'
+set policy prefix-list BGP-BACKBONE-OUT description 'Outbound backbone routes to other sites'
+set policy prefix-list BGP-BACKBONE-OUT rule 10 action 'permit'
+set policy prefix-list BGP-BACKBONE-OUT rule 10 description 'Int primary'
+set policy prefix-list BGP-BACKBONE-OUT rule 10 ge '23'
+set policy prefix-list BGP-BACKBONE-OUT rule 10 prefix '192.168.0.0/20'
+set policy prefix-list GLOBAL description 'Globally redistributed routes'
+set policy prefix-list GLOBAL rule 10 action 'permit'
+set policy prefix-list GLOBAL rule 10 prefix '192.168.100.1/32'
+set policy prefix-list GLOBAL rule 20 action 'permit'
+set policy prefix-list GLOBAL rule 20 prefix '192.168.7.128/25'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 description 'Inbound backbone routes from other sites'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 action 'deny'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 description 'Block default route'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 prefix '::/0'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 action 'deny'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 description 'Block int primary'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 ge '53'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 prefix 'fd52:d62e:8011::/52'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 action 'deny'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 description 'Block peering and stuff'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 ge '53'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 prefix 'fd52:d62e:8011:f000::/52'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 action 'permit'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 description 'Allow everything else'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 ge '1'
+set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 prefix '::/0'
+set policy prefix-list6 BGP-BACKBONE-OUT-V6 description 'Outbound backbone routes to other sites'
+set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 action 'permit'
+set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 ge '64'
+set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 prefix 'fd52:d62e:8011::/52'
+set policy prefix-list6 GLOBAL-V6 description 'Globally redistributed routes'
+set policy prefix-list6 GLOBAL-V6 rule 10 action 'permit'
+set policy prefix-list6 GLOBAL-V6 rule 10 ge '64'
+set policy prefix-list6 GLOBAL-V6 rule 10 prefix 'fd52:d62e:8011:2::/63'
+set policy route-map BGP-BACKBONE-IN rule 10 action 'permit'
+set policy route-map BGP-BACKBONE-IN rule 10 match ip address prefix-list 'BGP-BACKBONE-IN'
+set policy route-map BGP-BACKBONE-IN rule 20 action 'permit'
+set policy route-map BGP-BACKBONE-IN rule 20 match ipv6 address prefix-list 'BGP-BACKBONE-IN-V6'
+set policy route-map BGP-BACKBONE-IN rule 30 action 'permit'
+set policy route-map BGP-BACKBONE-IN rule 30 match large-community large-community-list 'ANYCAST_ALL'
+set policy route-map BGP-BACKBONE-OUT rule 10 action 'permit'
+set policy route-map BGP-BACKBONE-OUT rule 10 match ip address prefix-list 'BGP-BACKBONE-OUT'
+set policy route-map BGP-BACKBONE-OUT rule 20 action 'permit'
+set policy route-map BGP-BACKBONE-OUT rule 20 match ipv6 address prefix-list 'BGP-BACKBONE-OUT-V6'
+set policy route-map BGP-BACKBONE-OUT rule 30 action 'permit'
+set policy route-map BGP-BACKBONE-OUT rule 30 match large-community large-community-list 'ANYCAST_INT'
+set policy route-map BGP-BACKBONE-OUT rule 30 set as-path prepend '4242420666'
+set policy route-map BGP-REDISTRIBUTE rule 10 action 'permit'
+set policy route-map BGP-REDISTRIBUTE rule 10 description 'Prepend AS and allow VPN and modem'
+set policy route-map BGP-REDISTRIBUTE rule 10 match ip address prefix-list 'GLOBAL'
+set policy route-map BGP-REDISTRIBUTE rule 10 set as-path prepend '4242420666'
+set policy route-map BGP-REDISTRIBUTE rule 20 action 'permit'
+set policy route-map BGP-REDISTRIBUTE rule 20 description 'Allow VPN'
+set policy route-map BGP-REDISTRIBUTE rule 20 match ipv6 address prefix-list 'GLOBAL-V6'
+set protocols bfd peer 192.168.253.1 interval receive '50'
+set protocols bfd peer 192.168.253.1 interval transmit '50'
+set protocols bfd peer 192.168.253.1 multihop
+set protocols bfd peer 192.168.253.1 source address '192.168.253.3'
+set protocols bfd peer 192.168.253.2 interval receive '50'
+set protocols bfd peer 192.168.253.2 interval transmit '50'
+set protocols bfd peer 192.168.253.2 multihop
+set protocols bfd peer 192.168.253.2 source address '192.168.253.3'
+set protocols bfd peer 192.168.253.6 interval receive '50'
+set protocols bfd peer 192.168.253.6 interval transmit '50'
+set protocols bfd peer 192.168.253.6 multihop
+set protocols bfd peer 192.168.253.6 source address '192.168.253.3'
+set protocols bfd peer 192.168.253.7 interval receive '50'
+set protocols bfd peer 192.168.253.7 interval transmit '50'
+set protocols bfd peer 192.168.253.7 multihop
+set protocols bfd peer 192.168.253.7 source address '192.168.253.3'
+set protocols bfd peer 192.168.253.12 interval receive '100'
+set protocols bfd peer 192.168.253.12 interval transmit '100'
+set protocols bfd peer 192.168.253.12 multihop
+set protocols bfd peer 192.168.253.12 source address '192.168.253.3'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 interval receive '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 interval transmit '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 multihop
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 source address 'fd52:d62e:8011:fffe:192:168:253:3'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 interval receive '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 interval transmit '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 multihop
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 source address 'fd52:d62e:8011:fffe:192:168:253:3'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 interval receive '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 interval transmit '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 multihop
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 source address 'fd52:d62e:8011:fffe:192:168:253:3'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 interval receive '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 interval transmit '50'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 multihop
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 source address 'fd52:d62e:8011:fffe:192:168:253:3'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 interval receive '100'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 interval transmit '100'
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 multihop
+set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 source address 'fd52:d62e:8011:fffe:192:168:253:3'
+set protocols bgp address-family ipv4-unicast redistribute connected route-map 'BGP-REDISTRIBUTE'
+set protocols bgp address-family ipv4-unicast redistribute static route-map 'BGP-REDISTRIBUTE'
+set protocols bgp address-family ipv6-unicast redistribute connected route-map 'BGP-REDISTRIBUTE'
+set protocols bgp neighbor 192.168.253.1 peer-group 'INT'
+set protocols bgp neighbor 192.168.253.2 peer-group 'INT'
+set protocols bgp neighbor 192.168.253.6 peer-group 'DAL13'
+set protocols bgp neighbor 192.168.253.7 peer-group 'DAL13'
+set protocols bgp neighbor 192.168.253.12 address-family ipv4-unicast route-map export 'BGP-BACKBONE-OUT'
+set protocols bgp neighbor 192.168.253.12 address-family ipv4-unicast route-map import 'BGP-BACKBONE-IN'
+set protocols bgp neighbor 192.168.253.12 address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp neighbor 192.168.253.12 bfd
+set protocols bgp neighbor 192.168.253.12 ebgp-multihop '2'
+set protocols bgp neighbor 192.168.253.12 remote-as '4242420669'
+set protocols bgp neighbor 192.168.253.12 update-source 'dum0'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:1 peer-group 'INTv6'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:2 peer-group 'INTv6'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:6 peer-group 'DAL13v6'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:7 peer-group 'DAL13v6'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast route-map export 'BGP-BACKBONE-OUT'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast route-map import 'BGP-BACKBONE-IN'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast soft-reconfiguration inbound
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 bfd
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 ebgp-multihop '2'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 remote-as '4242420669'
+set protocols bgp neighbor fd52:d62e:8011:fffe:192:168:253:12 update-source 'dum0'
+set protocols bgp parameters confederation identifier '4242420696'
+set protocols bgp parameters confederation peers '4242420668'
+set protocols bgp parameters confederation peers '4242420669'
+set protocols bgp parameters distance global external '220'
+set protocols bgp parameters distance global internal '220'
+set protocols bgp parameters distance global local '220'
+set protocols bgp parameters graceful-restart
+set protocols bgp peer-group DAL13 address-family ipv4-unicast route-map export 'BGP-BACKBONE-OUT'
+set protocols bgp peer-group DAL13 address-family ipv4-unicast route-map import 'BGP-BACKBONE-IN'
+set protocols bgp peer-group DAL13 address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp peer-group DAL13 bfd
+set protocols bgp peer-group DAL13 ebgp-multihop '2'
+set protocols bgp peer-group DAL13 remote-as '4242420668'
+set protocols bgp peer-group DAL13 update-source 'dum0'
+set protocols bgp peer-group DAL13v6 address-family ipv6-unicast route-map export 'BGP-BACKBONE-OUT'
+set protocols bgp peer-group DAL13v6 address-family ipv6-unicast route-map import 'BGP-BACKBONE-IN'
+set protocols bgp peer-group DAL13v6 address-family ipv6-unicast soft-reconfiguration inbound
+set protocols bgp peer-group DAL13v6 bfd
+set protocols bgp peer-group DAL13v6 ebgp-multihop '2'
+set protocols bgp peer-group DAL13v6 remote-as '4242420668'
+set protocols bgp peer-group DAL13v6 update-source 'dum0'
+set protocols bgp peer-group INT address-family ipv4-unicast default-originate
+set protocols bgp peer-group INT address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp peer-group INT bfd
+set protocols bgp peer-group INT remote-as '4242420666'
+set protocols bgp peer-group INT update-source 'dum0'
+set protocols bgp peer-group INTv6 address-family ipv6-unicast default-originate
+set protocols bgp peer-group INTv6 address-family ipv6-unicast soft-reconfiguration inbound
+set protocols bgp peer-group INTv6 bfd
+set protocols bgp peer-group INTv6 remote-as '4242420666'
+set protocols bgp peer-group INTv6 update-source 'dum0'
+set protocols bgp system-as '4242420666'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set system config-management commit-revisions '200'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud
new file mode 100644
index 000000000..8de0cdb02
--- /dev/null
+++ b/smoketest/config-tests/bgp-big-as-cloud
@@ -0,0 +1,850 @@
+set firewall global-options all-ping 'enable'
+set firewall global-options broadcast-ping 'disable'
+set firewall global-options ip-src-route 'disable'
+set firewall global-options ipv6-receive-redirects 'disable'
+set firewall global-options ipv6-src-route 'disable'
+set firewall global-options log-martians 'enable'
+set firewall global-options receive-redirects 'disable'
+set firewall global-options send-redirects 'enable'
+set firewall global-options source-validation 'disable'
+set firewall global-options syn-cookies 'enable'
+set firewall global-options twa-hazards-protection 'disable'
+set firewall group address-group bgp-peers-4 address '192.0.68.3'
+set firewall group address-group bgp-peers-4 address '192.0.68.2'
+set firewall group address-group bgp-peers-4 address '192.0.176.193'
+set firewall group address-group bgp-peers-4 address '192.0.52.0-192.0.52.255'
+set firewall group address-group bgp-peers-4 address '192.0.53.0-192.0.53.255'
+set firewall group address-group bgp-peers-4 address '192.0.16.209'
+set firewall group address-group bgp-peers-4 address '192.0.192.0-192.0.192.255'
+set firewall group address-group bgp-peers-4 address '192.0.193.0-192.0.193.255'
+set firewall group address-group bgp-peers-4 address '192.0.194.0-192.0.194.255'
+set firewall group address-group bgp-peers-4 address '192.0.195.0-192.0.195.255'
+set firewall group address-group bgp-peers-4 address '192.0.196.0-192.0.196.255'
+set firewall group address-group bgp-peers-4 address '192.0.197.0-192.0.197.255'
+set firewall group address-group bgp-peers-4 address '192.0.198.0-192.0.198.255'
+set firewall group address-group bgp-peers-4 address '192.0.199.0-192.0.199.255'
+set firewall group address-group vrrp-peers-4 address '192.0.68.3'
+set firewall group address-group vrrp-peers-4 address '192.0.160.3'
+set firewall group address-group vrrp-peers-4 address '192.0.98.3'
+set firewall group address-group vrrp-peers-4 address '192.0.71.131'
+set firewall group address-group vrrp-peers-4 address '192.0.84.67'
+set firewall group address-group vrrp-peers-4 address '192.0.71.195'
+set firewall group address-group vrrp-peers-4 address '192.0.71.115'
+set firewall group address-group vrrp-peers-4 address '192.0.70.195'
+set firewall group address-group vrrp-peers-4 address '192.0.70.179'
+set firewall group address-group vrrp-peers-4 address '192.0.70.163'
+set firewall group address-group vrrp-peers-4 address '192.0.70.147'
+set firewall group address-group vrrp-peers-4 address '192.0.70.131'
+set firewall group address-group vrrp-peers-4 address '192.0.70.19'
+set firewall group address-group vrrp-peers-4 address '192.0.70.3'
+set firewall group address-group vrrp-peers-4 address '192.0.71.99'
+set firewall group address-group vrrp-peers-4 address '192.0.68.67'
+set firewall group address-group vrrp-peers-4 address '192.0.71.67'
+set firewall group address-group vrrp-peers-4 address '192.0.71.3'
+set firewall group address-group vrrp-peers-4 address '192.0.68.35'
+set firewall group address-group vrrp-peers-4 address '192.0.68.131'
+set firewall group address-group vrrp-peers-4 address '192.0.69.2'
+set firewall group address-group vrrp-peers-4 address '192.0.70.35'
+set firewall group address-group vrrp-peers-4 address '192.0.70.67'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:c::3'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:1000::2e9'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::fb'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::fc'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::fd'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::2e'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::3d'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::4a'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::5e'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::7'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::11'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::18'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::20'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::22'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::31'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::58'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::64'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::a5'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::aa'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::ab'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::b0'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::b3'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::bd'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::c'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::d2'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:24::d3'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8:838::1'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::1a27:5051:c09d'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::1a27:5051:c19d'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::20ad:0:1'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2306:0:1'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:1'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:2'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:3'
+set firewall group ipv6-address-group bgp-peers-6 address '2001:db8::2ca:0:4'
+set firewall group ipv6-address-group vrrp-peers-6 address 'fe80::fe89:15cf'
+set firewall group ipv6-network-group AS64512-6 network '2001::/29'
+set firewall group network-group AS64512-4 network '192.0.68.0/22'
+set firewall group network-group AS64512-4 network '192.0.98.0/24'
+set firewall group network-group AS64512-4 network '192.0.160.0/24'
+set firewall group network-group AS64512-4 network '192.0.84.0/22'
+set firewall ipv4 name management-to-local-4 default-action 'reject'
+set firewall ipv4 name management-to-local-4 default-log
+set firewall ipv4 name management-to-local-4 rule 500 action 'return'
+set firewall ipv4 name management-to-local-4 rule 500 protocol 'icmp'
+set firewall ipv4 name management-to-local-4 rule 501 action 'return'
+set firewall ipv4 name management-to-local-4 rule 501 destination port '22'
+set firewall ipv4 name management-to-local-4 rule 501 protocol 'tcp'
+set firewall ipv4 name management-to-local-4 rule 502 action 'return'
+set firewall ipv4 name management-to-local-4 rule 502 destination port 'snmp'
+set firewall ipv4 name management-to-local-4 rule 502 protocol 'udp'
+set firewall ipv4 name management-to-peers-4 default-action 'reject'
+set firewall ipv4 name management-to-peers-4 default-log
+set firewall ipv4 name management-to-servers-4 default-action 'reject'
+set firewall ipv4 name management-to-servers-4 default-log
+set firewall ipv4 name peers-to-local-4 default-action 'reject'
+set firewall ipv4 name peers-to-local-4 default-log
+set firewall ipv4 name peers-to-local-4 rule 500 action 'return'
+set firewall ipv4 name peers-to-local-4 rule 500 protocol 'icmp'
+set firewall ipv4 name peers-to-local-4 rule 501 action 'return'
+set firewall ipv4 name peers-to-local-4 rule 501 protocol 'vrrp'
+set firewall ipv4 name peers-to-local-4 rule 501 source group address-group 'vrrp-peers-4'
+set firewall ipv4 name peers-to-local-4 rule 502 action 'return'
+set firewall ipv4 name peers-to-local-4 rule 502 destination port 'bgp'
+set firewall ipv4 name peers-to-local-4 rule 502 protocol 'tcp'
+set firewall ipv4 name peers-to-local-4 rule 502 source group address-group 'bgp-peers-4'
+set firewall ipv4 name peers-to-local-4 rule 503 action 'return'
+set firewall ipv4 name peers-to-local-4 rule 503 protocol 'tcp'
+set firewall ipv4 name peers-to-local-4 rule 503 source group address-group 'bgp-peers-4'
+set firewall ipv4 name peers-to-local-4 rule 503 source port 'bgp'
+set firewall ipv4 name peers-to-management-4 default-action 'reject'
+set firewall ipv4 name peers-to-management-4 default-log
+set firewall ipv4 name peers-to-servers-4 default-action 'reject'
+set firewall ipv4 name peers-to-servers-4 default-log
+set firewall ipv4 name peers-to-servers-4 rule 9990 action 'reject'
+set firewall ipv4 name peers-to-servers-4 rule 9990 source group network-group 'AS64512-4'
+set firewall ipv4 name peers-to-servers-4 rule 9999 action 'return'
+set firewall ipv4 name peers-to-servers-4 rule 9999 destination group network-group 'AS64512-4'
+set firewall ipv4 name servers-to-local-4 default-action 'reject'
+set firewall ipv4 name servers-to-local-4 default-log
+set firewall ipv4 name servers-to-local-4 rule 500 action 'return'
+set firewall ipv4 name servers-to-local-4 rule 500 protocol 'icmp'
+set firewall ipv4 name servers-to-local-4 rule 501 action 'return'
+set firewall ipv4 name servers-to-local-4 rule 501 protocol 'vrrp'
+set firewall ipv4 name servers-to-local-4 rule 501 source group address-group 'vrrp-peers-4'
+set firewall ipv4 name servers-to-local-4 rule 511 action 'return'
+set firewall ipv4 name servers-to-local-4 rule 511 protocol 'tcp_udp'
+set firewall ipv4 name servers-to-local-4 rule 511 source port '53'
+set firewall ipv4 name servers-to-management-4 default-action 'reject'
+set firewall ipv4 name servers-to-management-4 default-log
+set firewall ipv4 name servers-to-peers-4 default-action 'reject'
+set firewall ipv4 name servers-to-peers-4 default-log
+set firewall ipv4 name servers-to-peers-4 rule 51 action 'return'
+set firewall ipv4 name servers-to-peers-4 rule 51 source group network-group 'AS64512-4'
+set firewall ipv6 name management-to-local-6 default-action 'reject'
+set firewall ipv6 name management-to-local-6 default-log
+set firewall ipv6 name management-to-peers-6 default-action 'reject'
+set firewall ipv6 name management-to-peers-6 default-log
+set firewall ipv6 name management-to-servers-6 default-action 'reject'
+set firewall ipv6 name management-to-servers-6 default-log
+set firewall ipv6 name peers-to-local-6 default-action 'reject'
+set firewall ipv6 name peers-to-local-6 default-log
+set firewall ipv6 name peers-to-local-6 rule 500 action 'return'
+set firewall ipv6 name peers-to-local-6 rule 500 protocol 'ipv6-icmp'
+set firewall ipv6 name peers-to-local-6 rule 501 action 'return'
+set firewall ipv6 name peers-to-local-6 rule 501 protocol 'vrrp'
+set firewall ipv6 name peers-to-local-6 rule 501 source group address-group 'vrrp-peers-6'
+set firewall ipv6 name peers-to-local-6 rule 502 action 'return'
+set firewall ipv6 name peers-to-local-6 rule 502 destination port 'bgp'
+set firewall ipv6 name peers-to-local-6 rule 502 protocol 'tcp'
+set firewall ipv6 name peers-to-local-6 rule 502 source group address-group 'bgp-peers-6'
+set firewall ipv6 name peers-to-local-6 rule 503 action 'return'
+set firewall ipv6 name peers-to-local-6 rule 503 protocol 'tcp'
+set firewall ipv6 name peers-to-local-6 rule 503 source group address-group 'bgp-peers-6'
+set firewall ipv6 name peers-to-local-6 rule 503 source port 'bgp'
+set firewall ipv6 name peers-to-management-6 default-action 'reject'
+set firewall ipv6 name peers-to-management-6 default-log
+set firewall ipv6 name peers-to-servers-6 default-action 'reject'
+set firewall ipv6 name peers-to-servers-6 default-log
+set firewall ipv6 name peers-to-servers-6 rule 9990 action 'reject'
+set firewall ipv6 name peers-to-servers-6 rule 9990 source group network-group 'AS64512-6'
+set firewall ipv6 name peers-to-servers-6 rule 9999 action 'return'
+set firewall ipv6 name peers-to-servers-6 rule 9999 destination group network-group 'AS64512-6'
+set firewall ipv6 name servers-to-local-6 default-action 'reject'
+set firewall ipv6 name servers-to-local-6 default-log
+set firewall ipv6 name servers-to-local-6 rule 500 action 'return'
+set firewall ipv6 name servers-to-local-6 rule 500 protocol 'ipv6-icmp'
+set firewall ipv6 name servers-to-local-6 rule 501 action 'return'
+set firewall ipv6 name servers-to-local-6 rule 501 protocol 'vrrp'
+set firewall ipv6 name servers-to-local-6 rule 501 source group address-group 'vrrp-peers-6'
+set firewall ipv6 name servers-to-local-6 rule 511 action 'return'
+set firewall ipv6 name servers-to-local-6 rule 511 protocol 'tcp_udp'
+set firewall ipv6 name servers-to-local-6 rule 511 source port '53'
+set firewall ipv6 name servers-to-management-6 default-action 'reject'
+set firewall ipv6 name servers-to-management-6 default-log
+set firewall ipv6 name servers-to-peers-6 default-action 'reject'
+set firewall ipv6 name servers-to-peers-6 default-log
+set firewall ipv6 name servers-to-peers-6 rule 51 action 'return'
+set firewall ipv6 name servers-to-peers-6 rule 51 source group network-group 'AS64512-6'
+set firewall zone local default-action 'drop'
+set firewall zone local from management firewall ipv6-name 'management-to-local-6'
+set firewall zone local from management firewall name 'management-to-local-4'
+set firewall zone local from peers firewall ipv6-name 'peers-to-local-6'
+set firewall zone local from peers firewall name 'peers-to-local-4'
+set firewall zone local from servers firewall ipv6-name 'servers-to-local-6'
+set firewall zone local from servers firewall name 'servers-to-local-4'
+set firewall zone local local-zone
+set firewall zone management default-action 'reject'
+set firewall zone management from peers firewall ipv6-name 'peers-to-management-6'
+set firewall zone management from peers firewall name 'peers-to-management-4'
+set firewall zone management from servers firewall ipv6-name 'servers-to-management-6'
+set firewall zone management from servers firewall name 'servers-to-management-4'
+set firewall zone management interface 'eth0'
+set firewall zone peers default-action 'reject'
+set firewall zone peers from management firewall ipv6-name 'management-to-peers-6'
+set firewall zone peers from management firewall name 'management-to-peers-4'
+set firewall zone peers from servers firewall ipv6-name 'servers-to-peers-6'
+set firewall zone peers from servers firewall name 'servers-to-peers-4'
+set firewall zone peers interface 'eth0.4088'
+set firewall zone peers interface 'eth0.4089'
+set firewall zone peers interface 'eth0.11'
+set firewall zone peers interface 'eth0.838'
+set firewall zone peers interface 'eth0.886'
+set firewall zone servers default-action 'reject'
+set firewall zone servers from management firewall ipv6-name 'management-to-servers-6'
+set firewall zone servers from management firewall name 'management-to-servers-4'
+set firewall zone servers from peers firewall ipv6-name 'peers-to-servers-6'
+set firewall zone servers from peers firewall name 'peers-to-servers-4'
+set firewall zone servers interface 'eth0.1001'
+set firewall zone servers interface 'eth0.105'
+set firewall zone servers interface 'eth0.102'
+set firewall zone servers interface 'eth0.1019'
+set firewall zone servers interface 'eth0.1014'
+set firewall zone servers interface 'eth0.1020'
+set firewall zone servers interface 'eth0.1018'
+set firewall zone servers interface 'eth0.1013'
+set firewall zone servers interface 'eth0.1012'
+set firewall zone servers interface 'eth0.1011'
+set firewall zone servers interface 'eth0.1010'
+set firewall zone servers interface 'eth0.1009'
+set firewall zone servers interface 'eth0.1006'
+set firewall zone servers interface 'eth0.1005'
+set firewall zone servers interface 'eth0.1017'
+set firewall zone servers interface 'eth0.1016'
+set firewall zone servers interface 'eth0.1002'
+set firewall zone servers interface 'eth0.1015'
+set firewall zone servers interface 'eth0.1003'
+set firewall zone servers interface 'eth0.1004'
+set firewall zone servers interface 'eth0.1007'
+set firewall zone servers interface 'eth0.1008'
+set high-availability vrrp group 11-4 address 192.0.68.1/27
+set high-availability vrrp group 11-4 interface 'eth0.11'
+set high-availability vrrp group 11-4 priority '200'
+set high-availability vrrp group 11-4 vrid '4'
+set high-availability vrrp group 11-6 address 2001:db8:c::1/64
+set high-availability vrrp group 11-6 interface 'eth0.11'
+set high-availability vrrp group 11-6 priority '200'
+set high-availability vrrp group 11-6 vrid '6'
+set high-availability vrrp group 102-4 address 192.0.98.1/24
+set high-availability vrrp group 102-4 interface 'eth0.102'
+set high-availability vrrp group 102-4 priority '200'
+set high-availability vrrp group 102-4 vrid '4'
+set high-availability vrrp group 102-6 address 2001:db8:0:102::1/64
+set high-availability vrrp group 102-6 interface 'eth0.102'
+set high-availability vrrp group 102-6 priority '200'
+set high-availability vrrp group 102-6 vrid '6'
+set high-availability vrrp group 105-4 address 192.0.160.1/24
+set high-availability vrrp group 105-4 interface 'eth0.105'
+set high-availability vrrp group 105-4 priority '200'
+set high-availability vrrp group 105-4 vrid '4'
+set high-availability vrrp group 105-6 address 2001:db8:0:105::1/64
+set high-availability vrrp group 105-6 interface 'eth0.105'
+set high-availability vrrp group 105-6 priority '200'
+set high-availability vrrp group 105-6 vrid '6'
+set high-availability vrrp group 1001-4 address 192.0.68.33/27
+set high-availability vrrp group 1001-4 interface 'eth0.1001'
+set high-availability vrrp group 1001-4 priority '200'
+set high-availability vrrp group 1001-4 vrid '4'
+set high-availability vrrp group 1001-6 address 2001:db8:0:1001::1/64
+set high-availability vrrp group 1001-6 interface 'eth0.1001'
+set high-availability vrrp group 1001-6 priority '200'
+set high-availability vrrp group 1001-6 vrid '6'
+set high-availability vrrp group 1002-4 address 192.0.68.65/26
+set high-availability vrrp group 1002-4 interface 'eth0.1002'
+set high-availability vrrp group 1002-4 priority '200'
+set high-availability vrrp group 1002-4 vrid '4'
+set high-availability vrrp group 1002-6 address 2001:db8:0:1002::1/64
+set high-availability vrrp group 1002-6 interface 'eth0.1002'
+set high-availability vrrp group 1002-6 priority '200'
+set high-availability vrrp group 1002-6 vrid '6'
+set high-availability vrrp group 1003-4 address 192.0.68.129/25
+set high-availability vrrp group 1003-4 interface 'eth0.1003'
+set high-availability vrrp group 1003-4 priority '200'
+set high-availability vrrp group 1003-4 vrid '4'
+set high-availability vrrp group 1003-6 address 2001:db8:0:1003::1/64
+set high-availability vrrp group 1003-6 interface 'eth0.1003'
+set high-availability vrrp group 1003-6 priority '200'
+set high-availability vrrp group 1003-6 vrid '6'
+set high-availability vrrp group 1004-4 address 192.0.69.1/24
+set high-availability vrrp group 1004-4 interface 'eth0.1004'
+set high-availability vrrp group 1004-4 priority '200'
+set high-availability vrrp group 1004-4 vrid '4'
+set high-availability vrrp group 1004-6 address 2001:db8:0:1004::1/64
+set high-availability vrrp group 1004-6 interface 'eth0.1004'
+set high-availability vrrp group 1004-6 priority '200'
+set high-availability vrrp group 1004-6 vrid '6'
+set high-availability vrrp group 1005-4 address 192.0.70.1/28
+set high-availability vrrp group 1005-4 interface 'eth0.1005'
+set high-availability vrrp group 1005-4 priority '200'
+set high-availability vrrp group 1005-4 vrid '4'
+set high-availability vrrp group 1005-6 address 2001:db8:0:1005::1/64
+set high-availability vrrp group 1005-6 interface 'eth0.1005'
+set high-availability vrrp group 1005-6 priority '200'
+set high-availability vrrp group 1005-6 vrid '6'
+set high-availability vrrp group 1006-4 address 192.0.70.17/28
+set high-availability vrrp group 1006-4 interface 'eth0.1006'
+set high-availability vrrp group 1006-4 priority '200'
+set high-availability vrrp group 1006-4 vrid '4'
+set high-availability vrrp group 1006-6 address 2001:db8:0:1006::1/64
+set high-availability vrrp group 1006-6 interface 'eth0.1006'
+set high-availability vrrp group 1006-6 priority '200'
+set high-availability vrrp group 1006-6 vrid '6'
+set high-availability vrrp group 1007-4 address 192.0.70.33/27
+set high-availability vrrp group 1007-4 interface 'eth0.1007'
+set high-availability vrrp group 1007-4 priority '200'
+set high-availability vrrp group 1007-4 vrid '4'
+set high-availability vrrp group 1007-6 address 2001:db8:0:1007::1/64
+set high-availability vrrp group 1007-6 interface 'eth0.1007'
+set high-availability vrrp group 1007-6 priority '200'
+set high-availability vrrp group 1007-6 vrid '6'
+set high-availability vrrp group 1008-4 address 192.0.70.65/26
+set high-availability vrrp group 1008-4 interface 'eth0.1008'
+set high-availability vrrp group 1008-4 priority '200'
+set high-availability vrrp group 1008-4 vrid '4'
+set high-availability vrrp group 1008-6 address 2001:db8:0:1008::1/64
+set high-availability vrrp group 1008-6 interface 'eth0.1008'
+set high-availability vrrp group 1008-6 priority '200'
+set high-availability vrrp group 1008-6 vrid '6'
+set high-availability vrrp group 1009-4 address 192.0.70.129/28
+set high-availability vrrp group 1009-4 interface 'eth0.1009'
+set high-availability vrrp group 1009-4 priority '200'
+set high-availability vrrp group 1009-4 vrid '4'
+set high-availability vrrp group 1009-6 address 2001:db8:0:1009::1/64
+set high-availability vrrp group 1009-6 interface 'eth0.1009'
+set high-availability vrrp group 1009-6 priority '200'
+set high-availability vrrp group 1009-6 vrid '6'
+set high-availability vrrp group 1010-4 address 192.0.70.145/28
+set high-availability vrrp group 1010-4 interface 'eth0.1010'
+set high-availability vrrp group 1010-4 priority '200'
+set high-availability vrrp group 1010-4 vrid '4'
+set high-availability vrrp group 1010-6 address 2001:db8:0:1010::1/64
+set high-availability vrrp group 1010-6 interface 'eth0.1010'
+set high-availability vrrp group 1010-6 priority '200'
+set high-availability vrrp group 1010-6 vrid '6'
+set high-availability vrrp group 1011-4 address 192.0.70.161/28
+set high-availability vrrp group 1011-4 interface 'eth0.1011'
+set high-availability vrrp group 1011-4 priority '200'
+set high-availability vrrp group 1011-4 vrid '4'
+set high-availability vrrp group 1011-6 address 2001:db8:0:1011::1/64
+set high-availability vrrp group 1011-6 interface 'eth0.1011'
+set high-availability vrrp group 1011-6 priority '200'
+set high-availability vrrp group 1011-6 vrid '6'
+set high-availability vrrp group 1012-4 address 192.0.70.177/28
+set high-availability vrrp group 1012-4 interface 'eth0.1012'
+set high-availability vrrp group 1012-4 priority '200'
+set high-availability vrrp group 1012-4 vrid '4'
+set high-availability vrrp group 1012-6 address 2001:db8:0:1012::1/64
+set high-availability vrrp group 1012-6 interface 'eth0.1012'
+set high-availability vrrp group 1012-6 priority '200'
+set high-availability vrrp group 1012-6 vrid '6'
+set high-availability vrrp group 1013-4 address 192.0.70.193/27
+set high-availability vrrp group 1013-4 interface 'eth0.1013'
+set high-availability vrrp group 1013-4 priority '200'
+set high-availability vrrp group 1013-4 vrid '4'
+set high-availability vrrp group 1013-6 address 2001:db8:0:1013::1/64
+set high-availability vrrp group 1013-6 interface 'eth0.1013'
+set high-availability vrrp group 1013-6 priority '200'
+set high-availability vrrp group 1013-6 vrid '6'
+set high-availability vrrp group 1014-4 address 192.0.84.65/26
+set high-availability vrrp group 1014-4 interface 'eth0.1014'
+set high-availability vrrp group 1014-4 priority '200'
+set high-availability vrrp group 1014-4 vrid '4'
+set high-availability vrrp group 1014-6 address 2001:db8:0:1014::1/64
+set high-availability vrrp group 1014-6 interface 'eth0.1014'
+set high-availability vrrp group 1014-6 priority '200'
+set high-availability vrrp group 1014-6 vrid '6'
+set high-availability vrrp group 1015-4 address 192.0.71.1/26
+set high-availability vrrp group 1015-4 interface 'eth0.1015'
+set high-availability vrrp group 1015-4 priority '200'
+set high-availability vrrp group 1015-4 vrid '4'
+set high-availability vrrp group 1015-6 address 2001:db8:0:1015::1/64
+set high-availability vrrp group 1015-6 interface 'eth0.1015'
+set high-availability vrrp group 1015-6 priority '200'
+set high-availability vrrp group 1015-6 vrid '6'
+set high-availability vrrp group 1016-4 address 192.0.71.65/27
+set high-availability vrrp group 1016-4 interface 'eth0.1016'
+set high-availability vrrp group 1016-4 priority '200'
+set high-availability vrrp group 1016-4 vrid '4'
+set high-availability vrrp group 1016-6 address 2001:db8:0:1016::1/64
+set high-availability vrrp group 1016-6 interface 'eth0.1016'
+set high-availability vrrp group 1016-6 priority '200'
+set high-availability vrrp group 1016-6 vrid '6'
+set high-availability vrrp group 1017-4 address 192.0.71.97/28
+set high-availability vrrp group 1017-4 interface 'eth0.1017'
+set high-availability vrrp group 1017-4 priority '200'
+set high-availability vrrp group 1017-4 vrid '4'
+set high-availability vrrp group 1017-6 address 2001:db8:0:1017::1/64
+set high-availability vrrp group 1017-6 interface 'eth0.1017'
+set high-availability vrrp group 1017-6 priority '200'
+set high-availability vrrp group 1017-6 vrid '6'
+set high-availability vrrp group 1018-4 address 192.0.71.113/28
+set high-availability vrrp group 1018-4 interface 'eth0.1018'
+set high-availability vrrp group 1018-4 priority '200'
+set high-availability vrrp group 1018-4 vrid '4'
+set high-availability vrrp group 1018-6 address 2001:db8:0:1018::1/64
+set high-availability vrrp group 1018-6 interface 'eth0.1018'
+set high-availability vrrp group 1018-6 priority '200'
+set high-availability vrrp group 1018-6 vrid '6'
+set high-availability vrrp group 1019-4 address 192.0.71.129/26
+set high-availability vrrp group 1019-4 interface 'eth0.1019'
+set high-availability vrrp group 1019-4 priority '200'
+set high-availability vrrp group 1019-4 vrid '4'
+set high-availability vrrp group 1019-6 address 2001:db8:0:1019::1/64
+set high-availability vrrp group 1019-6 interface 'eth0.1019'
+set high-availability vrrp group 1019-6 priority '200'
+set high-availability vrrp group 1019-6 vrid '6'
+set high-availability vrrp group 1020-4 address 192.0.71.193/26
+set high-availability vrrp group 1020-4 interface 'eth0.1020'
+set high-availability vrrp group 1020-4 priority '200'
+set high-availability vrrp group 1020-4 vrid '4'
+set high-availability vrrp group 1020-6 address 2001:db8:0:1020::1/64
+set high-availability vrrp group 1020-6 interface 'eth0.1020'
+set high-availability vrrp group 1020-6 priority '200'
+set high-availability vrrp group 1020-6 vrid '6'
+set interfaces ethernet eth0 address '192.0.0.11/16'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth0 vif 11 address '192.0.68.2/27'
+set interfaces ethernet eth0 vif 11 address '2001:db8:c::2/64'
+set interfaces ethernet eth0 vif 102 address '192.0.98.2/24'
+set interfaces ethernet eth0 vif 102 address '2001:db8:0:102::2/64'
+set interfaces ethernet eth0 vif 105 address '192.0.160.2/24'
+set interfaces ethernet eth0 vif 105 address '2001:db8:0:105::2/64'
+set interfaces ethernet eth0 vif 838 address '192.0.16.210/30'
+set interfaces ethernet eth0 vif 838 address '2001:db8:838::2/64'
+set interfaces ethernet eth0 vif 886 address '192.0.193.224/21'
+set interfaces ethernet eth0 vif 886 address '2001:db8::3:669:0:1/64'
+set interfaces ethernet eth0 vif 1001 address '192.0.68.34/27'
+set interfaces ethernet eth0 vif 1001 address '2001:db8:0:1001::2/64'
+set interfaces ethernet eth0 vif 1002 address '192.0.68.66/26'
+set interfaces ethernet eth0 vif 1002 address '2001:db8:0:1002::2/64'
+set interfaces ethernet eth0 vif 1003 address '192.0.68.130/25'
+set interfaces ethernet eth0 vif 1003 address '2001:db8:0:1003::2/64'
+set interfaces ethernet eth0 vif 1004 address '192.0.69.2/24'
+set interfaces ethernet eth0 vif 1004 address '2001:db8:0:1004::2/64'
+set interfaces ethernet eth0 vif 1005 address '192.0.70.2/28'
+set interfaces ethernet eth0 vif 1005 address '2001:db8:0:1005::2/64'
+set interfaces ethernet eth0 vif 1006 address '192.0.70.18/28'
+set interfaces ethernet eth0 vif 1006 address '2001:db8:0:1006::2/64'
+set interfaces ethernet eth0 vif 1007 address '192.0.70.34/27'
+set interfaces ethernet eth0 vif 1007 address '2001:db8:0:1007::2/64'
+set interfaces ethernet eth0 vif 1008 address '192.0.70.66/26'
+set interfaces ethernet eth0 vif 1008 address '2001:db8:0:1008::2/64'
+set interfaces ethernet eth0 vif 1009 address '192.0.70.130/28'
+set interfaces ethernet eth0 vif 1009 address '2001:db8:0:1009::2/64'
+set interfaces ethernet eth0 vif 1010 address '192.0.70.146/28'
+set interfaces ethernet eth0 vif 1010 address '2001:db8:0:1010::2/64'
+set interfaces ethernet eth0 vif 1011 address '192.0.70.162/28'
+set interfaces ethernet eth0 vif 1011 address '2001:db8:0:1011::2/64'
+set interfaces ethernet eth0 vif 1012 address '192.0.70.178/28'
+set interfaces ethernet eth0 vif 1012 address '2001:db8:0:1012::2/64'
+set interfaces ethernet eth0 vif 1013 address '192.0.70.194/27'
+set interfaces ethernet eth0 vif 1013 address '2001:db8:0:1013::3/64'
+set interfaces ethernet eth0 vif 1014 address '192.0.84.66/26'
+set interfaces ethernet eth0 vif 1014 address '2001:db8:0:1014::2/64'
+set interfaces ethernet eth0 vif 1015 address '192.0.71.2/26'
+set interfaces ethernet eth0 vif 1015 address '2001:db8:0:1015::2/64'
+set interfaces ethernet eth0 vif 1016 address '192.0.71.66/27'
+set interfaces ethernet eth0 vif 1016 address '2001:db8:0:1016::2/64'
+set interfaces ethernet eth0 vif 1017 address '192.0.71.98/28'
+set interfaces ethernet eth0 vif 1017 address '2001:db8:0:1017::2/64'
+set interfaces ethernet eth0 vif 1018 address '192.0.71.114/28'
+set interfaces ethernet eth0 vif 1018 address '2001:db8:0:1018::2/64'
+set interfaces ethernet eth0 vif 1019 address '192.0.71.130/26'
+set interfaces ethernet eth0 vif 1019 address '2001:db8:0:1019::2/64'
+set interfaces ethernet eth0 vif 1020 address '192.0.71.194/26'
+set interfaces ethernet eth0 vif 1020 address '2001:db8:0:1020::2/64'
+set interfaces ethernet eth0 vif 4088 address '2001:db8:24::c7/64'
+set interfaces ethernet eth0 vif 4088 address '192.0.52.199/23'
+set interfaces ethernet eth0 vif 4089 address '192.0.176.194/30'
+set interfaces ethernet eth0 vif 4089 address '2001:db8:1000::2ea/126'
+set interfaces loopback lo
+set policy as-path-list AS64512 rule 10 action 'permit'
+set policy as-path-list AS64512 rule 10 regex '^$'
+set policy as-path-list AS64513-AS64514 rule 10 action 'permit'
+set policy as-path-list AS64513-AS64514 rule 10 regex '^64513 64514$'
+set policy prefix-list defaultV4 rule 10 action 'permit'
+set policy prefix-list defaultV4 rule 10 prefix '0.0.0.0/0'
+set policy prefix-list hostrouteV4 rule 10 action 'permit'
+set policy prefix-list hostrouteV4 rule 10 ge '32'
+set policy prefix-list hostrouteV4 rule 10 prefix '192.0.160.0/24'
+set policy prefix-list hostrouteV4 rule 20 action 'permit'
+set policy prefix-list hostrouteV4 rule 20 ge '32'
+set policy prefix-list hostrouteV4 rule 20 prefix '192.0.98.0/24'
+set policy prefix-list hostrouteV4 rule 30 action 'permit'
+set policy prefix-list hostrouteV4 rule 30 ge '32'
+set policy prefix-list hostrouteV4 rule 30 prefix '192.0.68.0/22'
+set policy prefix-list hostrouteV4 rule 40 action 'permit'
+set policy prefix-list hostrouteV4 rule 40 ge '32'
+set policy prefix-list hostrouteV4 rule 40 prefix '192.0.84.0/22'
+set policy prefix-list privateV4 rule 10 action 'permit'
+set policy prefix-list privateV4 rule 10 le '32'
+set policy prefix-list privateV4 rule 10 prefix '192.0.0.0/8'
+set policy prefix-list privateV4 rule 20 action 'permit'
+set policy prefix-list privateV4 rule 20 le '32'
+set policy prefix-list privateV4 rule 20 prefix '192.0.0.0/12'
+set policy prefix-list privateV4 rule 30 action 'permit'
+set policy prefix-list privateV4 rule 30 le '32'
+set policy prefix-list privateV4 rule 30 prefix '192.0.0.0/16'
+set policy prefix-list vyosV4 rule 10 action 'permit'
+set policy prefix-list vyosV4 rule 10 prefix '192.0.160.0/24'
+set policy prefix-list vyosV4 rule 20 action 'permit'
+set policy prefix-list vyosV4 rule 20 prefix '192.0.98.0/24'
+set policy prefix-list vyosV4 rule 30 action 'permit'
+set policy prefix-list vyosV4 rule 30 prefix '192.0.68.0/22'
+set policy prefix-list vyosV4 rule 40 action 'permit'
+set policy prefix-list vyosV4 rule 40 prefix '192.0.84.0/22'
+set policy prefix-list6 all6 rule 10 action 'permit'
+set policy prefix-list6 all6 rule 10 ge '4'
+set policy prefix-list6 all6 rule 10 prefix '2000::/3'
+set policy prefix-list6 hostrouteV6 rule 20 action 'permit'
+set policy prefix-list6 hostrouteV6 rule 20 ge '128'
+set policy prefix-list6 hostrouteV6 rule 20 prefix '2001:db8::/29'
+set policy prefix-list6 privateV6 rule 10 action 'permit'
+set policy prefix-list6 privateV6 rule 10 prefix 'fc00::/7'
+set policy prefix-list6 vyosV6 rule 20 action 'permit'
+set policy prefix-list6 vyosV6 rule 20 prefix '2001:db8::/29'
+set policy route-map ExportRouteMap rule 5 action 'permit'
+set policy route-map ExportRouteMap rule 5 match as-path 'AS64512'
+set policy route-map ExportRouteMap rule 5 match ip address prefix-list 'hostrouteV4'
+set policy route-map ExportRouteMap rule 5 set community replace '65000:666'
+set policy route-map ExportRouteMap rule 10 action 'permit'
+set policy route-map ExportRouteMap rule 10 match as-path 'AS64512'
+set policy route-map ExportRouteMap rule 10 match ip address prefix-list 'vyosV4'
+set policy route-map ExportRouteMap rule 15 action 'permit'
+set policy route-map ExportRouteMap rule 15 match as-path 'AS64512'
+set policy route-map ExportRouteMap rule 15 match ipv6 address prefix-list 'hostrouteV6'
+set policy route-map ExportRouteMap rule 15 set community replace '65000:666'
+set policy route-map ExportRouteMap rule 20 action 'permit'
+set policy route-map ExportRouteMap rule 20 match as-path 'AS64512'
+set policy route-map ExportRouteMap rule 20 match ipv6 address prefix-list 'vyosV6'
+set policy route-map ExportRouteMap rule 100 action 'deny'
+set policy route-map ExportRouteMapAS64513 rule 5 action 'permit'
+set policy route-map ExportRouteMapAS64513 rule 5 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64513 rule 5 match ip address prefix-list 'hostrouteV4'
+set policy route-map ExportRouteMapAS64513 rule 5 set community replace '64513:666'
+set policy route-map ExportRouteMapAS64513 rule 10 action 'permit'
+set policy route-map ExportRouteMapAS64513 rule 10 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64513 rule 10 match ip address prefix-list 'vyosV4'
+set policy route-map ExportRouteMapAS64513 rule 15 action 'permit'
+set policy route-map ExportRouteMapAS64513 rule 15 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64513 rule 15 match ipv6 address prefix-list 'hostrouteV6'
+set policy route-map ExportRouteMapAS64513 rule 15 set community replace '64513:666'
+set policy route-map ExportRouteMapAS64513 rule 20 action 'permit'
+set policy route-map ExportRouteMapAS64513 rule 20 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64513 rule 20 match ipv6 address prefix-list 'vyosV6'
+set policy route-map ExportRouteMapAS64513 rule 100 action 'deny'
+set policy route-map ExportRouteMapAS64515 rule 10 action 'permit'
+set policy route-map ExportRouteMapAS64515 rule 10 match ipv6 address prefix-list 'all6'
+set policy route-map ExportRouteMapAS64515 rule 20 action 'deny'
+set policy route-map ExportRouteMapAS64515 rule 20 match ip address prefix-list 'defaultV4'
+set policy route-map ExportRouteMapAS64515 rule 100 action 'deny'
+set policy route-map ExportRouteMapAS64516 rule 5 action 'permit'
+set policy route-map ExportRouteMapAS64516 rule 5 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64516 rule 5 match ip address prefix-list 'hostrouteV4'
+set policy route-map ExportRouteMapAS64516 rule 5 set community replace '65000:666'
+set policy route-map ExportRouteMapAS64516 rule 10 action 'permit'
+set policy route-map ExportRouteMapAS64516 rule 10 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64516 rule 10 match ip address prefix-list 'vyosV4'
+set policy route-map ExportRouteMapAS64516 rule 15 action 'permit'
+set policy route-map ExportRouteMapAS64516 rule 15 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64516 rule 15 match ipv6 address prefix-list 'hostrouteV6'
+set policy route-map ExportRouteMapAS64516 rule 15 set community replace '65000:666'
+set policy route-map ExportRouteMapAS64516 rule 20 action 'permit'
+set policy route-map ExportRouteMapAS64516 rule 20 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64516 rule 20 match ipv6 address prefix-list 'vyosV6'
+set policy route-map ExportRouteMapAS64516 rule 20 set as-path exclude '100 200 300'
+set policy route-map ExportRouteMapAS64516 rule 20 set as-path prepend '64512 64512 64512'
+set policy route-map ExportRouteMapAS64516 rule 100 action 'deny'
+set policy route-map ExportRouteMapAS64517 rule 5 action 'permit'
+set policy route-map ExportRouteMapAS64517 rule 5 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64517 rule 5 match ip address prefix-list 'hostrouteV4'
+set policy route-map ExportRouteMapAS64517 rule 5 set community replace '64517:666'
+set policy route-map ExportRouteMapAS64517 rule 10 action 'permit'
+set policy route-map ExportRouteMapAS64517 rule 10 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64517 rule 10 match ip address prefix-list 'vyosV4'
+set policy route-map ExportRouteMapAS64517 rule 15 action 'permit'
+set policy route-map ExportRouteMapAS64517 rule 15 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64517 rule 15 match ipv6 address prefix-list 'hostrouteV6'
+set policy route-map ExportRouteMapAS64517 rule 15 set community replace '64517:666'
+set policy route-map ExportRouteMapAS64517 rule 20 action 'permit'
+set policy route-map ExportRouteMapAS64517 rule 20 match as-path 'AS64512'
+set policy route-map ExportRouteMapAS64517 rule 20 match ipv6 address prefix-list 'vyosV6'
+set policy route-map ExportRouteMapAS64517 rule 100 action 'deny'
+set policy route-map ImportRouteMap rule 10 action 'deny'
+set policy route-map ImportRouteMap rule 10 match ip address prefix-list 'privateV4'
+set policy route-map ImportRouteMap rule 15 action 'deny'
+set policy route-map ImportRouteMap rule 15 match ipv6 address prefix-list 'privateV6'
+set policy route-map ImportRouteMap rule 20 action 'deny'
+set policy route-map ImportRouteMap rule 20 match ip address prefix-list 'vyosV4'
+set policy route-map ImportRouteMap rule 30 action 'deny'
+set policy route-map ImportRouteMap rule 30 match ipv6 address prefix-list 'vyosV6'
+set policy route-map ImportRouteMap rule 40 action 'deny'
+set policy route-map ImportRouteMap rule 40 match as-path 'AS64512'
+set policy route-map ImportRouteMap rule 50 action 'permit'
+set policy route-map ImportRouteMap rule 50 match as-path 'AS64513-AS64514'
+set policy route-map ImportRouteMap rule 50 set weight '10001'
+set policy route-map ImportRouteMap rule 65535 action 'permit'
+set protocols bgp address-family ipv4-unicast maximum-paths ebgp '8'
+set protocols bgp address-family ipv4-unicast maximum-paths ibgp '16'
+set protocols bgp address-family ipv4-unicast network 192.0.68.0/22
+set protocols bgp address-family ipv4-unicast network 192.0.84.0/22
+set protocols bgp address-family ipv4-unicast network 192.0.98.0/24
+set protocols bgp address-family ipv4-unicast network 192.0.160.0/24
+set protocols bgp address-family ipv4-unicast redistribute static route-map 'ExportRouteMap'
+set protocols bgp address-family ipv6-unicast network 2001:db8::/29
+set protocols bgp address-family ipv6-unicast redistribute static route-map 'ExportRouteMap'
+set protocols bgp neighbor 192.0.16.209 address-family ipv4-unicast route-map export 'ExportRouteMapAS64516'
+set protocols bgp neighbor 192.0.16.209 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.16.209 remote-as '64501'
+set protocols bgp neighbor 192.0.52.12 address-family ipv4-unicast maximum-prefix '300'
+set protocols bgp neighbor 192.0.52.12 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.12 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.12 remote-as '64511'
+set protocols bgp neighbor 192.0.52.17 address-family ipv4-unicast maximum-prefix '75'
+set protocols bgp neighbor 192.0.52.17 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.17 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.17 password 'vyosvyos'
+set protocols bgp neighbor 192.0.52.17 remote-as '64512'
+set protocols bgp neighbor 192.0.52.24 address-family ipv4-unicast maximum-prefix '300'
+set protocols bgp neighbor 192.0.52.24 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.24 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.24 remote-as '64513'
+set protocols bgp neighbor 192.0.52.32 address-family ipv4-unicast maximum-prefix '50'
+set protocols bgp neighbor 192.0.52.32 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.32 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.32 password 'vyosfoooo'
+set protocols bgp neighbor 192.0.52.32 remote-as '64514'
+set protocols bgp neighbor 192.0.52.34 address-family ipv4-unicast maximum-prefix '10'
+set protocols bgp neighbor 192.0.52.34 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.34 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.34 remote-as '64515'
+set protocols bgp neighbor 192.0.52.46 address-family ipv4-unicast maximum-prefix '10'
+set protocols bgp neighbor 192.0.52.46 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.46 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.46 remote-as '64516'
+set protocols bgp neighbor 192.0.52.49 address-family ipv4-unicast maximum-prefix '75'
+set protocols bgp neighbor 192.0.52.49 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.49 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.49 password 'secret'
+set protocols bgp neighbor 192.0.52.49 remote-as '64517'
+set protocols bgp neighbor 192.0.52.74 address-family ipv4-unicast maximum-prefix '15000'
+set protocols bgp neighbor 192.0.52.74 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.74 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.74 password 'secretvyos'
+set protocols bgp neighbor 192.0.52.74 remote-as '64518'
+set protocols bgp neighbor 192.0.52.94 address-family ipv4-unicast maximum-prefix '250'
+set protocols bgp neighbor 192.0.52.94 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.94 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.94 remote-as '64519'
+set protocols bgp neighbor 192.0.52.100 address-family ipv4-unicast maximum-prefix '50'
+set protocols bgp neighbor 192.0.52.100 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.100 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.100 remote-as '64520'
+set protocols bgp neighbor 192.0.52.119 address-family ipv4-unicast maximum-prefix '30'
+set protocols bgp neighbor 192.0.52.119 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.119 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.119 remote-as '64521'
+set protocols bgp neighbor 192.0.52.165 address-family ipv4-unicast maximum-prefix '50'
+set protocols bgp neighbor 192.0.52.165 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.165 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.165 remote-as '64522'
+set protocols bgp neighbor 192.0.52.170 address-family ipv4-unicast maximum-prefix '150000'
+set protocols bgp neighbor 192.0.52.170 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.170 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.170 remote-as '64523'
+set protocols bgp neighbor 192.0.52.171 address-family ipv4-unicast maximum-prefix '10000'
+set protocols bgp neighbor 192.0.52.171 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.171 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.171 remote-as '64524'
+set protocols bgp neighbor 192.0.52.179 address-family ipv4-unicast maximum-prefix '20'
+set protocols bgp neighbor 192.0.52.179 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.179 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.179 remote-as '64525'
+set protocols bgp neighbor 192.0.52.189 address-family ipv4-unicast maximum-prefix '1000'
+set protocols bgp neighbor 192.0.52.189 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.189 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.189 remote-as '64526'
+set protocols bgp neighbor 192.0.52.210 address-family ipv4-unicast maximum-prefix '15'
+set protocols bgp neighbor 192.0.52.210 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.210 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.210 remote-as '64527'
+set protocols bgp neighbor 192.0.52.211 address-family ipv4-unicast maximum-prefix '15'
+set protocols bgp neighbor 192.0.52.211 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.211 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.211 remote-as '64528'
+set protocols bgp neighbor 192.0.52.251 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.251 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.251 address-family ipv4-unicast weight '1010'
+set protocols bgp neighbor 192.0.52.251 remote-as '64529'
+set protocols bgp neighbor 192.0.52.252 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.52.252 address-family ipv4-unicast weight '1010'
+set protocols bgp neighbor 192.0.52.252 remote-as '64530'
+set protocols bgp neighbor 192.0.52.253 address-family ipv4-unicast route-map export 'ExportRouteMapAS64515'
+set protocols bgp neighbor 192.0.52.253 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.52.253 passive
+set protocols bgp neighbor 192.0.52.253 remote-as '64531'
+set protocols bgp neighbor 192.0.68.3 address-family ipv4-unicast nexthop-self
+set protocols bgp neighbor 192.0.68.3 address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp neighbor 192.0.68.3 remote-as '64532'
+set protocols bgp neighbor 192.0.68.3 update-source '192.0.68.2'
+set protocols bgp neighbor 192.0.176.193 address-family ipv4-unicast route-map export 'ExportRouteMapAS64516'
+set protocols bgp neighbor 192.0.176.193 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.176.193 remote-as '64510'
+set protocols bgp neighbor 192.0.192.6 address-family ipv4-unicast maximum-prefix '100'
+set protocols bgp neighbor 192.0.192.6 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.192.6 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.192.6 remote-as '64502'
+set protocols bgp neighbor 192.0.192.157 address-family ipv4-unicast maximum-prefix '350000'
+set protocols bgp neighbor 192.0.192.157 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.192.157 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.192.157 remote-as '64503'
+set protocols bgp neighbor 192.0.192.228 address-family ipv4-unicast maximum-prefix '10000'
+set protocols bgp neighbor 192.0.192.228 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.192.228 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.192.228 remote-as '64504'
+set protocols bgp neighbor 192.0.193.157 address-family ipv4-unicast maximum-prefix '350000'
+set protocols bgp neighbor 192.0.193.157 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.193.157 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.193.157 remote-as '64505'
+set protocols bgp neighbor 192.0.193.202 address-family ipv4-unicast maximum-prefix '10000'
+set protocols bgp neighbor 192.0.193.202 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.193.202 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.193.202 remote-as '64506'
+set protocols bgp neighbor 192.0.193.223 address-family ipv4-unicast maximum-prefix '10000'
+set protocols bgp neighbor 192.0.193.223 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.193.223 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.193.223 remote-as '64507'
+set protocols bgp neighbor 192.0.194.161 address-family ipv4-unicast maximum-prefix '10000'
+set protocols bgp neighbor 192.0.194.161 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.194.161 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.194.161 remote-as '64508'
+set protocols bgp neighbor 192.0.194.171 address-family ipv4-unicast maximum-prefix '10000'
+set protocols bgp neighbor 192.0.194.171 address-family ipv4-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 192.0.194.171 address-family ipv4-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 192.0.194.171 remote-as '64509'
+set protocols bgp neighbor 2001:db8:24::2e address-family ipv6-unicast maximum-prefix '5'
+set protocols bgp neighbor 2001:db8:24::2e address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::2e address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::2e password 'vyossecret'
+set protocols bgp neighbor 2001:db8:24::2e remote-as '64535'
+set protocols bgp neighbor 2001:db8:24::4a address-family ipv6-unicast maximum-prefix '1000'
+set protocols bgp neighbor 2001:db8:24::4a address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::4a address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::4a remote-as '64536'
+set protocols bgp neighbor 2001:db8:24::5e address-family ipv6-unicast maximum-prefix '200'
+set protocols bgp neighbor 2001:db8:24::5e address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::5e address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::5e remote-as '64537'
+set protocols bgp neighbor 2001:db8:24::11 address-family ipv6-unicast maximum-prefix '20'
+set protocols bgp neighbor 2001:db8:24::11 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::11 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::11 remote-as '64538'
+set protocols bgp neighbor 2001:db8:24::18 address-family ipv6-unicast maximum-prefix '300'
+set protocols bgp neighbor 2001:db8:24::18 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::18 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::18 remote-as '64539'
+set protocols bgp neighbor 2001:db8:24::20 address-family ipv6-unicast maximum-prefix '10'
+set protocols bgp neighbor 2001:db8:24::20 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::20 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::20 remote-as '64540'
+set protocols bgp neighbor 2001:db8:24::22 address-family ipv6-unicast maximum-prefix '5'
+set protocols bgp neighbor 2001:db8:24::22 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::22 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::22 remote-as '64541'
+set protocols bgp neighbor 2001:db8:24::31 address-family ipv6-unicast maximum-prefix '20'
+set protocols bgp neighbor 2001:db8:24::31 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::31 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::31 remote-as '64542'
+set protocols bgp neighbor 2001:db8:24::58 address-family ipv6-unicast maximum-prefix '15'
+set protocols bgp neighbor 2001:db8:24::58 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::58 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::58 remote-as '64543'
+set protocols bgp neighbor 2001:db8:24::64 address-family ipv6-unicast maximum-prefix '10'
+set protocols bgp neighbor 2001:db8:24::64 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::64 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::64 password 'geheim'
+set protocols bgp neighbor 2001:db8:24::64 remote-as '64544'
+set protocols bgp neighbor 2001:db8:24::a5 address-family ipv6-unicast maximum-prefix '10'
+set protocols bgp neighbor 2001:db8:24::a5 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::a5 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::a5 remote-as '64545'
+set protocols bgp neighbor 2001:db8:24::aa address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::aa address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::aa remote-as '64546'
+set protocols bgp neighbor 2001:db8:24::ab address-family ipv6-unicast maximum-prefix '1800'
+set protocols bgp neighbor 2001:db8:24::ab address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::ab address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::ab remote-as '64547'
+set protocols bgp neighbor 2001:db8:24::b0 address-family ipv6-unicast maximum-prefix '5'
+set protocols bgp neighbor 2001:db8:24::b0 address-family ipv6-unicast route-map export 'ExportRouteMap'
+set protocols bgp neighbor 2001:db8:24::b0 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:24::b0 password 'secret123'
+set protocols bgp neighbor 2001:db8:24::b0 remote-as '64548'
+set protocols bgp neighbor 2001:db8:838::1 address-family ipv6-unicast route-map export 'ExportRouteMapAS64516'
+set protocols bgp neighbor 2001:db8:838::1 address-family ipv6-unicast route-map import 'ImportRouteMap'
+set protocols bgp neighbor 2001:db8:838::1 remote-as '64533'
+set protocols bgp neighbor 2001:db8:c::3 address-family ipv6-unicast nexthop-self
+set protocols bgp neighbor 2001:db8:c::3 address-family ipv6-unicast soft-reconfiguration inbound
+set protocols bgp neighbor 2001:db8:c::3 remote-as '64534'
+set protocols bgp neighbor 2001:db8:c::3 update-source '2001:db8:c::2'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp parameters router-id '192.0.68.2'
+set protocols bgp system-as '64500'
+set protocols static route 192.0.68.0/22 blackhole
+set protocols static route 192.0.84.0/22 blackhole
+set protocols static route 192.0.98.0/24 blackhole
+set protocols static route 192.0.160.0/24 blackhole
+set protocols static route6 2001:db8::/29 blackhole
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system flow-accounting disable-imt
+set system flow-accounting interface 'eth0.4088'
+set system flow-accounting interface 'eth0.4089'
+set system flow-accounting netflow engine-id '1'
+set system flow-accounting netflow server 192.0.2.55 port '2055'
+set system flow-accounting netflow version '9'
+set system flow-accounting sflow server 1.2.3.4 port '1234'
+set system flow-accounting syslog-facility 'daemon'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system name-server '2001:db8::1'
+set system name-server '2001:db8::2'
+set system name-server '192.0.2.1'
+set system name-server '192.0.2.2'
+set system syslog global facility all level 'all'
+set system syslog global preserve-fqdn
+set system time-zone 'Europe/Zurich'
diff --git a/smoketest/config-tests/bgp-dmvpn-hub b/smoketest/config-tests/bgp-dmvpn-hub
new file mode 100644
index 000000000..30521520a
--- /dev/null
+++ b/smoketest/config-tests/bgp-dmvpn-hub
@@ -0,0 +1,69 @@
+set interfaces ethernet eth0 address '100.64.10.1/31'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces loopback lo
+set interfaces tunnel tun0 address '192.168.254.62/26'
+set interfaces tunnel tun0 enable-multicast
+set interfaces tunnel tun0 encapsulation 'gre'
+set interfaces tunnel tun0 parameters ip key '1'
+set interfaces tunnel tun0 source-address '100.64.10.1'
+set protocols bgp address-family ipv4-unicast network 172.20.0.0/16
+set protocols bgp neighbor 192.168.254.1 peer-group 'DMVPN'
+set protocols bgp neighbor 192.168.254.1 remote-as '65001'
+set protocols bgp neighbor 192.168.254.2 peer-group 'DMVPN'
+set protocols bgp neighbor 192.168.254.2 remote-as '65002'
+set protocols bgp neighbor 192.168.254.3 peer-group 'DMVPN'
+set protocols bgp neighbor 192.168.254.3 remote-as '65003'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp peer-group DMVPN address-family ipv4-unicast
+set protocols bgp system-as '65000'
+set protocols bgp timers holdtime '30'
+set protocols bgp timers keepalive '10'
+set protocols nhrp tunnel tun0 cisco-authentication 'secret'
+set protocols nhrp tunnel tun0 holding-time '300'
+set protocols nhrp tunnel tun0 multicast 'dynamic'
+set protocols nhrp tunnel tun0 redirect
+set protocols nhrp tunnel tun0 shortcut
+set protocols static route 0.0.0.0/0 next-hop 100.64.10.0
+set protocols static route 172.20.0.0/16 blackhole distance '200'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ntp server time3.vyos.net
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'cpe-4'
+set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
+set system login user vyos authentication plaintext-password ''
+set system name-server '1.1.1.1'
+set system name-server '8.8.8.8'
+set system name-server '9.9.9.9'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set vpn ipsec esp-group ESP-DMVPN lifetime '1800'
+set vpn ipsec esp-group ESP-DMVPN mode 'transport'
+set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2'
+set vpn ipsec esp-group ESP-DMVPN proposal 1 encryption 'aes256'
+set vpn ipsec esp-group ESP-DMVPN proposal 1 hash 'sha1'
+set vpn ipsec ike-group IKE-DMVPN close-action 'none'
+set vpn ipsec ike-group IKE-DMVPN key-exchange 'ikev1'
+set vpn ipsec ike-group IKE-DMVPN lifetime '3600'
+set vpn ipsec ike-group IKE-DMVPN proposal 1 dh-group '2'
+set vpn ipsec ike-group IKE-DMVPN proposal 1 encryption 'aes256'
+set vpn ipsec ike-group IKE-DMVPN proposal 1 hash 'sha1'
+set vpn ipsec interface 'eth0'
+set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret'
+set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'VyOS-topsecret'
+set vpn ipsec profile NHRPVPN bind tunnel 'tun0'
+set vpn ipsec profile NHRPVPN esp-group 'ESP-DMVPN'
+set vpn ipsec profile NHRPVPN ike-group 'IKE-DMVPN'
diff --git a/smoketest/config-tests/bgp-dmvpn-spoke b/smoketest/config-tests/bgp-dmvpn-spoke
new file mode 100644
index 000000000..d1c7bc7c0
--- /dev/null
+++ b/smoketest/config-tests/bgp-dmvpn-spoke
@@ -0,0 +1,75 @@
+set interfaces ethernet eth0 vif 7 description 'PPPoE-UPLINK'
+set interfaces ethernet eth1 address '172.17.1.1/24'
+set interfaces loopback lo
+set interfaces pppoe pppoe1 authentication password 'cpe-1'
+set interfaces pppoe pppoe1 authentication username 'cpe-1'
+set interfaces pppoe pppoe1 no-peer-dns
+set interfaces pppoe pppoe1 source-interface 'eth0.7'
+set interfaces tunnel tun0 address '192.168.254.1/26'
+set interfaces tunnel tun0 enable-multicast
+set interfaces tunnel tun0 encapsulation 'gre'
+set interfaces tunnel tun0 parameters ip key '1'
+set interfaces tunnel tun0 source-address '0.0.0.0'
+set nat source rule 10 log
+set nat source rule 10 outbound-interface name 'pppoe1'
+set nat source rule 10 source address '172.17.0.0/16'
+set nat source rule 10 translation address 'masquerade'
+set protocols bgp address-family ipv4-unicast network 172.17.0.0/16
+set protocols bgp neighbor 192.168.254.62 address-family ipv4-unicast
+set protocols bgp neighbor 192.168.254.62 remote-as '65000'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp system-as '65001'
+set protocols bgp timers holdtime '30'
+set protocols bgp timers keepalive '10'
+set protocols nhrp tunnel tun0 cisco-authentication 'secret'
+set protocols nhrp tunnel tun0 holding-time '300'
+set protocols nhrp tunnel tun0 map 192.168.254.62/26 nbma-address '100.64.10.1'
+set protocols nhrp tunnel tun0 map 192.168.254.62/26 register
+set protocols nhrp tunnel tun0 multicast 'nhs'
+set protocols nhrp tunnel tun0 redirect
+set protocols nhrp tunnel tun0 shortcut
+set protocols static route 172.17.0.0/16 blackhole distance '200'
+set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 option default-router '172.17.1.1'
+set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 option name-server '172.17.1.1'
+set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 range 0 start '172.17.1.100'
+set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 range 0 stop '172.17.1.200'
+set service dhcp-server shared-network-name LAN-3 subnet 172.17.1.0/24 subnet-id '1'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ntp server time3.vyos.net
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'cpe-1'
+set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
+set system login user vyos authentication plaintext-password ''
+set system name-server '1.1.1.1'
+set system name-server '8.8.8.8'
+set system name-server '9.9.9.9'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set vpn ipsec esp-group ESP-DMVPN lifetime '1800'
+set vpn ipsec esp-group ESP-DMVPN mode 'transport'
+set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2'
+set vpn ipsec esp-group ESP-DMVPN proposal 1 encryption 'aes256'
+set vpn ipsec esp-group ESP-DMVPN proposal 1 hash 'sha1'
+set vpn ipsec ike-group IKE-DMVPN close-action 'none'
+set vpn ipsec ike-group IKE-DMVPN key-exchange 'ikev1'
+set vpn ipsec ike-group IKE-DMVPN lifetime '3600'
+set vpn ipsec ike-group IKE-DMVPN proposal 1 dh-group '2'
+set vpn ipsec ike-group IKE-DMVPN proposal 1 encryption 'aes256'
+set vpn ipsec ike-group IKE-DMVPN proposal 1 hash 'sha1'
+set vpn ipsec interface 'pppoe1'
+set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret'
+set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'VyOS-topsecret'
+set vpn ipsec profile NHRPVPN bind tunnel 'tun0'
+set vpn ipsec profile NHRPVPN esp-group 'ESP-DMVPN'
+set vpn ipsec profile NHRPVPN ike-group 'IKE-DMVPN'
diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-leaf b/smoketest/config-tests/bgp-evpn-l2vpn-leaf
new file mode 100644
index 000000000..315cb9e06
--- /dev/null
+++ b/smoketest/config-tests/bgp-evpn-l2vpn-leaf
@@ -0,0 +1,55 @@
+set interfaces bridge br100 member interface eth3
+set interfaces bridge br100 member interface vxlan100
+set interfaces dummy dum0 address '172.29.0.1/32'
+set interfaces ethernet eth0 address '2001:db8::41/64'
+set interfaces ethernet eth0 address '192.0.2.41/27'
+set interfaces ethernet eth0 description 'Out-of-Band Managament Port'
+set interfaces ethernet eth0 vrf 'MGMT'
+set interfaces ethernet eth1 address '172.29.1.1/31'
+set interfaces ethernet eth1 mtu '1600'
+set interfaces ethernet eth2 address '172.29.2.1/31'
+set interfaces ethernet eth2 mtu '1600'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth3 offload gro
+set interfaces loopback lo
+set interfaces vxlan vxlan100 mtu '1500'
+set interfaces vxlan vxlan100 parameters nolearning
+set interfaces vxlan vxlan100 port '8472'
+set interfaces vxlan vxlan100 source-address '172.29.0.1'
+set interfaces vxlan vxlan100 vni '100'
+set protocols bgp address-family ipv4-unicast maximum-paths ibgp '4'
+set protocols bgp address-family ipv4-unicast redistribute connected
+set protocols bgp address-family l2vpn-evpn advertise-all-vni
+set protocols bgp neighbor 172.29.1.0 peer-group 'evpn'
+set protocols bgp neighbor 172.29.2.0 peer-group 'evpn'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp peer-group evpn address-family ipv4-unicast nexthop-self
+set protocols bgp peer-group evpn address-family l2vpn-evpn nexthop-self
+set protocols bgp peer-group evpn remote-as '65010'
+set protocols bgp system-as '65010'
+set service lldp interface all
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp listen-address '192.0.2.41'
+set service ntp listen-address '2001:db8::41'
+set service ntp server 0.de.pool.ntp.org prefer
+set service ntp vrf 'MGMT'
+set service ssh disable-host-validation
+set service ssh vrf 'MGMT'
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62
+set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1
+set vrf name MGMT table '1000'
diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-spine b/smoketest/config-tests/bgp-evpn-l2vpn-spine
new file mode 100644
index 000000000..dee29e021
--- /dev/null
+++ b/smoketest/config-tests/bgp-evpn-l2vpn-spine
@@ -0,0 +1,48 @@
+set interfaces ethernet eth0 address '192.0.2.51/27'
+set interfaces ethernet eth0 address '2001:db8::51/64'
+set interfaces ethernet eth0 description 'Out-of-Band Managament Port'
+set interfaces ethernet eth0 vrf 'MGMT'
+set interfaces ethernet eth1 address '172.29.1.0/31'
+set interfaces ethernet eth1 mtu '1600'
+set interfaces ethernet eth2 address '172.29.1.2/31'
+set interfaces ethernet eth2 mtu '1600'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth3 address '172.29.1.4/31'
+set interfaces ethernet eth3 mtu '1600'
+set interfaces ethernet eth3 offload gro
+set interfaces loopback lo
+set protocols bgp address-family ipv4-unicast maximum-paths ibgp '4'
+set protocols bgp address-family ipv4-unicast redistribute connected
+set protocols bgp listen range 172.29.1.0/24 peer-group 'evpn'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp peer-group evpn address-family ipv4-unicast route-reflector-client
+set protocols bgp peer-group evpn address-family l2vpn-evpn route-reflector-client
+set protocols bgp peer-group evpn capability dynamic
+set protocols bgp peer-group evpn remote-as '65010'
+set protocols bgp system-as '65010'
+set service lldp interface all
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp listen-address '192.0.2.51'
+set service ntp listen-address '2001:db8::51'
+set service ntp server 0.de.pool.ntp.org prefer
+set service ntp vrf 'MGMT'
+set service ssh disable-host-validation
+set service ssh vrf 'MGMT'
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62
+set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1
+set vrf name MGMT table '1000'
diff --git a/smoketest/config-tests/bgp-evpn-l3vpn-pe-router b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router
new file mode 100644
index 000000000..7a2ec9f91
--- /dev/null
+++ b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router
@@ -0,0 +1,123 @@
+set interfaces bridge br2000 address '10.1.1.1/24'
+set interfaces bridge br2000 description 'customer blue'
+set interfaces bridge br2000 member interface eth4
+set interfaces bridge br2000 member interface vxlan2000
+set interfaces bridge br2000 vrf 'blue'
+set interfaces bridge br3000 address '10.2.1.1/24'
+set interfaces bridge br3000 description 'customer red'
+set interfaces bridge br3000 member interface eth5
+set interfaces bridge br3000 member interface vxlan3000
+set interfaces bridge br3000 vrf 'red'
+set interfaces bridge br4000 address '10.3.1.1/24'
+set interfaces bridge br4000 description 'customer green'
+set interfaces bridge br4000 member interface eth6
+set interfaces bridge br4000 member interface vxlan4000
+set interfaces bridge br4000 vrf 'green'
+set interfaces dummy dum0 address '172.29.255.1/32'
+set interfaces ethernet eth0 address '192.0.2.59/27'
+set interfaces ethernet eth0 address '2001:db8:ffff::59/64'
+set interfaces ethernet eth0 description 'Out-of-Band Managament Port'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 vrf 'mgmt'
+set interfaces ethernet eth1 address '172.29.0.2/31'
+set interfaces ethernet eth1 description 'link to pe2'
+set interfaces ethernet eth1 mtu '1600'
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth2 disable
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth3 address '172.29.0.6/31'
+set interfaces ethernet eth3 description 'link to pe3'
+set interfaces ethernet eth3 mtu '1600'
+set interfaces ethernet eth3 offload gro
+set interfaces ethernet eth4 description 'customer blue'
+set interfaces ethernet eth4 offload gro
+set interfaces ethernet eth5 description 'customer red'
+set interfaces ethernet eth5 offload gro
+set interfaces ethernet eth6 description 'customer green'
+set interfaces ethernet eth6 offload gro
+set interfaces loopback lo
+set interfaces vxlan vxlan2000 mtu '1500'
+set interfaces vxlan vxlan2000 parameters nolearning
+set interfaces vxlan vxlan2000 port '4789'
+set interfaces vxlan vxlan2000 source-address '172.29.255.1'
+set interfaces vxlan vxlan2000 vni '2000'
+set interfaces vxlan vxlan3000 mtu '1500'
+set interfaces vxlan vxlan3000 parameters nolearning
+set interfaces vxlan vxlan3000 port '4789'
+set interfaces vxlan vxlan3000 source-address '172.29.255.1'
+set interfaces vxlan vxlan3000 vni '3000'
+set interfaces vxlan vxlan4000 mtu '1500'
+set interfaces vxlan vxlan4000 parameters nolearning
+set interfaces vxlan vxlan4000 port '4789'
+set interfaces vxlan vxlan4000 source-address '172.29.255.1'
+set interfaces vxlan vxlan4000 vni '4000'
+set protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
+set protocols bgp address-family l2vpn-evpn advertise-all-vni
+set protocols bgp neighbor 172.29.255.2 peer-group 'ibgp'
+set protocols bgp neighbor 172.29.255.3 peer-group 'ibgp'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp parameters router-id '172.29.255.1'
+set protocols bgp peer-group ibgp address-family l2vpn-evpn
+set protocols bgp peer-group ibgp remote-as '100'
+set protocols bgp peer-group ibgp update-source 'dum0'
+set protocols bgp system-as '100'
+set protocols ospf area 0 network '172.29.0.2/31'
+set protocols ospf area 0 network '172.29.0.6/31'
+set protocols ospf interface eth1 network 'point-to-point'
+set protocols ospf interface eth1 passive disable
+set protocols ospf interface eth3 network 'point-to-point'
+set protocols ospf interface eth3 passive disable
+set protocols ospf log-adjacency-changes detail
+set protocols ospf parameters abr-type 'cisco'
+set protocols ospf parameters router-id '172.29.255.1'
+set protocols ospf passive-interface 'default'
+set protocols ospf redistribute connected
+set service lldp interface all
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp listen-address '192.0.2.59'
+set service ntp listen-address '2001:db8:ffff::59'
+set service ntp server 192.0.2.251
+set service ntp server 192.0.2.252
+set service ntp server 2001:db8::251
+set service ntp server 2001:db8::252
+set service ntp vrf 'mgmt'
+set service ssh disable-host-validation
+set service ssh port '22'
+set service ssh vrf 'mgmt'
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system name-server '192.0.2.251'
+set system name-server '192.0.2.252'
+set system name-server '2001:db8::1'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set vrf name blue protocols bgp address-family ipv4-unicast redistribute connected
+set vrf name blue protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
+set vrf name blue protocols bgp system-as '100'
+set vrf name blue table '2000'
+set vrf name blue vni '2000'
+set vrf name green protocols bgp address-family ipv4-unicast redistribute connected
+set vrf name green protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
+set vrf name green protocols bgp system-as '100'
+set vrf name green table '4000'
+set vrf name green vni '4000'
+set vrf name mgmt protocols static route 0.0.0.0/0 next-hop 192.0.2.62
+set vrf name mgmt protocols static route6 ::/0 next-hop 2001:db8:ffff::1
+set vrf name mgmt table '1000'
+set vrf name red protocols bgp address-family ipv4-unicast redistribute connected
+set vrf name red protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
+set vrf name red protocols bgp system-as '100'
+set vrf name red table '3000'
+set vrf name red vni '3000'
diff --git a/smoketest/config-tests/bgp-medium-confederation b/smoketest/config-tests/bgp-medium-confederation
index ea3c2d144..582e28047 100644
--- a/smoketest/config-tests/bgp-medium-confederation
+++ b/smoketest/config-tests/bgp-medium-confederation
@@ -1,7 +1,7 @@
set interfaces dummy dum0 address '1.1.1.1/32'
set interfaces dummy dum0 address '2001:db8::1/128'
-set interfaces ethernet eth0 address 'fd52:100:200:fffe::1/64'
set interfaces ethernet eth0 address '192.168.253.1/24'
+set interfaces ethernet eth0 address 'fd52:100:200:fffe::1/64'
set interfaces ethernet eth1
set interfaces ethernet eth2
set policy route-map BGP-IN rule 10 action 'permit'
diff --git a/smoketest/config-tests/bgp-rpki b/smoketest/config-tests/bgp-rpki
new file mode 100644
index 000000000..44e95ae98
--- /dev/null
+++ b/smoketest/config-tests/bgp-rpki
@@ -0,0 +1,43 @@
+set interfaces ethernet eth0 address '192.0.2.100/25'
+set interfaces ethernet eth0 address '2001:db8::ffff/64'
+set interfaces ethernet eth1 address '100.64.0.1/24'
+set interfaces loopback lo
+set policy route-map ebgp-transit-rpki rule 10 action 'deny'
+set policy route-map ebgp-transit-rpki rule 10 match rpki 'invalid'
+set policy route-map ebgp-transit-rpki rule 20 action 'permit'
+set policy route-map ebgp-transit-rpki rule 20 match rpki 'notfound'
+set policy route-map ebgp-transit-rpki rule 20 set local-preference '20'
+set policy route-map ebgp-transit-rpki rule 30 action 'permit'
+set policy route-map ebgp-transit-rpki rule 30 match rpki 'valid'
+set policy route-map ebgp-transit-rpki rule 30 set local-preference '100'
+set policy route-map ebgp-transit-rpki rule 40 action 'permit'
+set policy route-map ebgp-transit-rpki rule 40 set extcommunity rt '192.0.2.100:100'
+set policy route-map ebgp-transit-rpki rule 40 set extcommunity soo '64500:100'
+set protocols bgp neighbor 1.2.3.4 address-family ipv4-unicast nexthop-self
+set protocols bgp neighbor 1.2.3.4 address-family ipv4-unicast route-map import 'ebgp-transit-rpki'
+set protocols bgp neighbor 1.2.3.4 remote-as '10'
+set protocols bgp system-as '64500'
+set protocols rpki cache 192.0.2.10 port '3323'
+set protocols rpki cache 192.0.2.10 preference '1'
+set protocols static route 0.0.0.0/0 next-hop 192.0.2.1
+set protocols static route6 ::/0 next-hop 2001:db8::1
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set service ssh
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/bgp-small-internet-exchange b/smoketest/config-tests/bgp-small-internet-exchange
new file mode 100644
index 000000000..a9dce4dd5
--- /dev/null
+++ b/smoketest/config-tests/bgp-small-internet-exchange
@@ -0,0 +1,209 @@
+set interfaces ethernet eth0 address '192.0.2.100/25'
+set interfaces ethernet eth0 address '2001:db8:aaaa::ffff/64'
+set interfaces ethernet eth1 address '192.0.2.200/25'
+set interfaces ethernet eth1 address '2001:db8:bbbb::ffff/64'
+set interfaces loopback lo
+set policy as-path-list bogon-asns rule 10 action 'permit'
+set policy as-path-list bogon-asns rule 10 description 'RFC 7607'
+set policy as-path-list bogon-asns rule 10 regex '_0_'
+set policy as-path-list bogon-asns rule 20 action 'permit'
+set policy as-path-list bogon-asns rule 20 description 'RFC 4893'
+set policy as-path-list bogon-asns rule 20 regex '_23456_'
+set policy as-path-list bogon-asns rule 30 action 'permit'
+set policy as-path-list bogon-asns rule 30 description 'RFC 5398/6996/7300'
+set policy as-path-list bogon-asns rule 30 regex '_6449[6-9]_|_65[0-4][0-9][0-9]_|_655[0-4][0-9]_|_6555[0-1]_'
+set policy as-path-list bogon-asns rule 40 action 'permit'
+set policy as-path-list bogon-asns rule 40 description 'IANA reserved'
+set policy as-path-list bogon-asns rule 40 regex '_6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_'
+set policy prefix-list IX-out-v4 rule 10 action 'permit'
+set policy prefix-list IX-out-v4 rule 10 prefix '10.0.0.0/23'
+set policy prefix-list IX-out-v4 rule 20 action 'permit'
+set policy prefix-list IX-out-v4 rule 20 prefix '10.0.128.0/23'
+set policy prefix-list bogon-v4 rule 10 action 'permit'
+set policy prefix-list bogon-v4 rule 10 le '32'
+set policy prefix-list bogon-v4 rule 10 prefix '0.0.0.0/8'
+set policy prefix-list bogon-v4 rule 20 action 'permit'
+set policy prefix-list bogon-v4 rule 20 le '32'
+set policy prefix-list bogon-v4 rule 20 prefix '10.0.0.0/8'
+set policy prefix-list bogon-v4 rule 30 action 'permit'
+set policy prefix-list bogon-v4 rule 30 le '32'
+set policy prefix-list bogon-v4 rule 30 prefix '100.64.0.0/10'
+set policy prefix-list bogon-v4 rule 40 action 'permit'
+set policy prefix-list bogon-v4 rule 40 le '32'
+set policy prefix-list bogon-v4 rule 40 prefix '127.0.0.0/8'
+set policy prefix-list bogon-v4 rule 50 action 'permit'
+set policy prefix-list bogon-v4 rule 50 le '32'
+set policy prefix-list bogon-v4 rule 50 prefix '169.254.0.0/16'
+set policy prefix-list bogon-v4 rule 60 action 'permit'
+set policy prefix-list bogon-v4 rule 60 le '32'
+set policy prefix-list bogon-v4 rule 60 prefix '172.16.0.0/12'
+set policy prefix-list bogon-v4 rule 70 action 'permit'
+set policy prefix-list bogon-v4 rule 70 le '32'
+set policy prefix-list bogon-v4 rule 70 prefix '192.0.2.0/24'
+set policy prefix-list bogon-v4 rule 80 action 'permit'
+set policy prefix-list bogon-v4 rule 80 le '32'
+set policy prefix-list bogon-v4 rule 80 prefix '192.88.99.0/24'
+set policy prefix-list bogon-v4 rule 90 action 'permit'
+set policy prefix-list bogon-v4 rule 90 le '32'
+set policy prefix-list bogon-v4 rule 90 prefix '192.168.0.0/16'
+set policy prefix-list bogon-v4 rule 100 action 'permit'
+set policy prefix-list bogon-v4 rule 100 le '32'
+set policy prefix-list bogon-v4 rule 100 prefix '198.18.0.0/15'
+set policy prefix-list bogon-v4 rule 110 action 'permit'
+set policy prefix-list bogon-v4 rule 110 le '32'
+set policy prefix-list bogon-v4 rule 110 prefix '198.51.100.0/24'
+set policy prefix-list bogon-v4 rule 120 action 'permit'
+set policy prefix-list bogon-v4 rule 120 le '32'
+set policy prefix-list bogon-v4 rule 120 prefix '203.0.113.0/24'
+set policy prefix-list bogon-v4 rule 130 action 'permit'
+set policy prefix-list bogon-v4 rule 130 le '32'
+set policy prefix-list bogon-v4 rule 130 prefix '224.0.0.0/4'
+set policy prefix-list bogon-v4 rule 140 action 'permit'
+set policy prefix-list bogon-v4 rule 140 le '32'
+set policy prefix-list bogon-v4 rule 140 prefix '240.0.0.0/4'
+set policy prefix-list prefix-filter-v4 rule 10 action 'permit'
+set policy prefix-list prefix-filter-v4 rule 10 ge '25'
+set policy prefix-list prefix-filter-v4 rule 10 prefix '0.0.0.0/0'
+set policy prefix-list6 IX-out-v6 rule 10 action 'permit'
+set policy prefix-list6 IX-out-v6 rule 10 prefix '2001:db8:100::/40'
+set policy prefix-list6 IX-out-v6 rule 20 action 'permit'
+set policy prefix-list6 IX-out-v6 rule 20 prefix '2001:db8:200::/40'
+set policy prefix-list6 bogon-v6 rule 10 action 'permit'
+set policy prefix-list6 bogon-v6 rule 10 description 'RFC 4291 IPv4-compatible, loopback, et al'
+set policy prefix-list6 bogon-v6 rule 10 le '128'
+set policy prefix-list6 bogon-v6 rule 10 prefix '::/8'
+set policy prefix-list6 bogon-v6 rule 20 action 'permit'
+set policy prefix-list6 bogon-v6 rule 20 description 'RFC 6666 Discard-Only'
+set policy prefix-list6 bogon-v6 rule 20 le '128'
+set policy prefix-list6 bogon-v6 rule 20 prefix '0100::/64'
+set policy prefix-list6 bogon-v6 rule 30 action 'permit'
+set policy prefix-list6 bogon-v6 rule 30 description 'RFC 5180 BMWG'
+set policy prefix-list6 bogon-v6 rule 30 le '128'
+set policy prefix-list6 bogon-v6 rule 30 prefix '2001:2::/48'
+set policy prefix-list6 bogon-v6 rule 40 action 'permit'
+set policy prefix-list6 bogon-v6 rule 40 description 'RFC 4843 ORCHID'
+set policy prefix-list6 bogon-v6 rule 40 le '128'
+set policy prefix-list6 bogon-v6 rule 40 prefix '2001:10::/28'
+set policy prefix-list6 bogon-v6 rule 50 action 'permit'
+set policy prefix-list6 bogon-v6 rule 50 description 'RFC 3849 documentation'
+set policy prefix-list6 bogon-v6 rule 50 le '128'
+set policy prefix-list6 bogon-v6 rule 50 prefix '2001:db8::/32'
+set policy prefix-list6 bogon-v6 rule 60 action 'permit'
+set policy prefix-list6 bogon-v6 rule 60 description 'RFC 7526 6to4 anycast relay'
+set policy prefix-list6 bogon-v6 rule 60 le '128'
+set policy prefix-list6 bogon-v6 rule 60 prefix '2002::/16'
+set policy prefix-list6 bogon-v6 rule 70 action 'permit'
+set policy prefix-list6 bogon-v6 rule 70 description 'RFC 3701 old 6bone'
+set policy prefix-list6 bogon-v6 rule 70 le '128'
+set policy prefix-list6 bogon-v6 rule 70 prefix '3ffe::/16'
+set policy prefix-list6 bogon-v6 rule 80 action 'permit'
+set policy prefix-list6 bogon-v6 rule 80 description 'RFC 4193 unique local unicast'
+set policy prefix-list6 bogon-v6 rule 80 le '128'
+set policy prefix-list6 bogon-v6 rule 80 prefix 'fc00::/7'
+set policy prefix-list6 bogon-v6 rule 90 action 'permit'
+set policy prefix-list6 bogon-v6 rule 90 description 'RFC 4291 link local unicast'
+set policy prefix-list6 bogon-v6 rule 90 le '128'
+set policy prefix-list6 bogon-v6 rule 90 prefix 'fe80::/10'
+set policy prefix-list6 bogon-v6 rule 100 action 'permit'
+set policy prefix-list6 bogon-v6 rule 100 description 'RFC 3879 old site local unicast'
+set policy prefix-list6 bogon-v6 rule 100 le '128'
+set policy prefix-list6 bogon-v6 rule 100 prefix 'fec0::/10'
+set policy prefix-list6 bogon-v6 rule 110 action 'permit'
+set policy prefix-list6 bogon-v6 rule 110 description 'RFC 4291 multicast'
+set policy prefix-list6 bogon-v6 rule 110 le '128'
+set policy prefix-list6 bogon-v6 rule 110 prefix 'ff00::/8'
+set policy prefix-list6 prefix-filter-v6 rule 10 action 'permit'
+set policy prefix-list6 prefix-filter-v6 rule 10 ge '49'
+set policy prefix-list6 prefix-filter-v6 rule 10 prefix '::/0'
+set policy route-map IX-in-v4 rule 5 action 'permit'
+set policy route-map IX-in-v4 rule 5 call 'eBGP-IN-v4'
+set policy route-map IX-in-v4 rule 5 on-match next
+set policy route-map IX-in-v4 rule 10 action 'permit'
+set policy route-map IX-in-v6 rule 5 action 'permit'
+set policy route-map IX-in-v6 rule 5 call 'eBGP-IN-v6'
+set policy route-map IX-in-v6 rule 5 on-match next
+set policy route-map IX-in-v6 rule 10 action 'permit'
+set policy route-map IX-out-v4 rule 10 action 'permit'
+set policy route-map IX-out-v4 rule 10 match ip address prefix-list 'IX-out-v4'
+set policy route-map IX-out-v6 rule 10 action 'permit'
+set policy route-map IX-out-v6 rule 10 match ipv6 address prefix-list 'IX-out-v6'
+set policy route-map eBGP-IN-v4 rule 10 action 'deny'
+set policy route-map eBGP-IN-v4 rule 10 match as-path 'bogon-asns'
+set policy route-map eBGP-IN-v4 rule 20 action 'deny'
+set policy route-map eBGP-IN-v4 rule 20 match ip address prefix-list 'bogon-v4'
+set policy route-map eBGP-IN-v4 rule 30 action 'deny'
+set policy route-map eBGP-IN-v4 rule 30 match ip address prefix-list 'prefix-filter-v4'
+set policy route-map eBGP-IN-v4 rule 40 action 'permit'
+set policy route-map eBGP-IN-v4 rule 40 set local-preference '100'
+set policy route-map eBGP-IN-v4 rule 40 set metric '0'
+set policy route-map eBGP-IN-v6 rule 10 action 'deny'
+set policy route-map eBGP-IN-v6 rule 10 match as-path 'bogon-asns'
+set policy route-map eBGP-IN-v6 rule 20 action 'deny'
+set policy route-map eBGP-IN-v6 rule 20 match ipv6 address prefix-list 'bogon-v6'
+set policy route-map eBGP-IN-v6 rule 30 action 'deny'
+set policy route-map eBGP-IN-v6 rule 30 match ipv6 address prefix-list 'prefix-filter-v6'
+set policy route-map eBGP-IN-v6 rule 31 action 'deny'
+set policy route-map eBGP-IN-v6 rule 31 match ipv6 nexthop address '2001:db8::1'
+set policy route-map eBGP-IN-v6 rule 40 action 'permit'
+set policy route-map eBGP-IN-v6 rule 40 set local-preference '100'
+set policy route-map eBGP-IN-v6 rule 40 set metric '0'
+set protocols bgp address-family ipv4-unicast network 10.0.0.0/23
+set protocols bgp address-family ipv4-unicast network 10.0.128.0/23
+set protocols bgp address-family ipv6-unicast network 2001:db8:100::/40
+set protocols bgp address-family ipv6-unicast network 2001:db8:200::/40
+set protocols bgp neighbor 192.0.2.1 description 'Peering: IX-1 (Route Server)'
+set protocols bgp neighbor 192.0.2.1 peer-group 'IXPeeringIPv4'
+set protocols bgp neighbor 192.0.2.1 remote-as '65020'
+set protocols bgp neighbor 192.0.2.2 description 'Peering: IX-1 (Route Server)'
+set protocols bgp neighbor 192.0.2.2 peer-group 'IXPeeringIPv4'
+set protocols bgp neighbor 192.0.2.2 remote-as '65020'
+set protocols bgp neighbor 192.0.2.3 description 'Peering: IX-1 (Route Server)'
+set protocols bgp neighbor 192.0.2.3 peer-group 'IXPeeringIPv4'
+set protocols bgp neighbor 192.0.2.3 remote-as '65020'
+set protocols bgp neighbor 192.0.2.129 description 'Peering: IX-2 (Route Server)'
+set protocols bgp neighbor 192.0.2.129 peer-group 'IXPeeringIPv4'
+set protocols bgp neighbor 192.0.2.129 remote-as '65030'
+set protocols bgp neighbor 192.0.2.130 description 'Peering: IX-2 (Route Server)'
+set protocols bgp neighbor 192.0.2.130 peer-group 'IXPeeringIPv4'
+set protocols bgp neighbor 192.0.2.130 remote-as '65030'
+set protocols bgp neighbor 2001:db8:aaaa::1 description 'Peering: IX-1 (Route Server)'
+set protocols bgp neighbor 2001:db8:aaaa::1 peer-group 'IXPeeringIPv6'
+set protocols bgp neighbor 2001:db8:aaaa::1 remote-as '65020'
+set protocols bgp neighbor 2001:db8:aaaa::2 description 'Peering: IX-1 (Route Server)'
+set protocols bgp neighbor 2001:db8:aaaa::2 peer-group 'IXPeeringIPv6'
+set protocols bgp neighbor 2001:db8:aaaa::2 remote-as '65020'
+set protocols bgp neighbor 2001:db8:bbbb::1 description 'Peering: IX-2 (Route Server)'
+set protocols bgp neighbor 2001:db8:bbbb::1 peer-group 'IXPeeringIPv6'
+set protocols bgp neighbor 2001:db8:bbbb::1 remote-as '65030'
+set protocols bgp neighbor 2001:db8:bbbb::2 description 'Peering: IX-2 (Route Server)'
+set protocols bgp neighbor 2001:db8:bbbb::2 peer-group 'IXPeeringIPv6'
+set protocols bgp neighbor 2001:db8:bbbb::2 remote-as '65030'
+set protocols bgp peer-group IXPeeringIPv4 address-family ipv4-unicast route-map export 'IX-out-v4'
+set protocols bgp peer-group IXPeeringIPv4 address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp peer-group IXPeeringIPv6 address-family ipv6-unicast route-map export 'IX-out-v6'
+set protocols bgp peer-group IXPeeringIPv6 address-family ipv6-unicast soft-reconfiguration inbound
+set protocols bgp system-as '65000'
+set protocols static route 10.0.0.0/23 blackhole distance '250'
+set protocols static route 10.0.128.0/23 blackhole distance '250'
+set protocols static route6 2001:db8:100::/40 blackhole distance '250'
+set protocols static route6 2001:db8:200::/40 blackhole distance '250'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set service ssh
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/bgp-small-ipv4-unicast b/smoketest/config-tests/bgp-small-ipv4-unicast
new file mode 100644
index 000000000..b8c0e1246
--- /dev/null
+++ b/smoketest/config-tests/bgp-small-ipv4-unicast
@@ -0,0 +1,32 @@
+set interfaces ethernet eth0 address '192.0.2.1/24'
+set interfaces ethernet eth0 address '2001:db8::1/64'
+set interfaces loopback lo
+set protocols bgp address-family ipv4-unicast network 10.0.150.0/23
+set protocols bgp address-family ipv6-unicast network 2001:db8:200::/40
+set protocols bgp neighbor 192.0.2.10 address-family ipv4-unicast
+set protocols bgp neighbor 192.0.2.10 remote-as '65010'
+set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast
+set protocols bgp neighbor 192.0.2.11 remote-as '65011'
+set protocols bgp neighbor 2001:db8::10 address-family ipv4-unicast
+set protocols bgp neighbor 2001:db8::10 remote-as '65010'
+set protocols bgp neighbor 2001:db8::11 address-family ipv4-unicast
+set protocols bgp neighbor 2001:db8::11 remote-as '65011'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp system-as '65001'
+set service ssh disable-host-validation
+set service ssh port '22'
+set system config-management commit-revisions '200'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'notice'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/cluster-basic b/smoketest/config-tests/cluster-basic
new file mode 100644
index 000000000..744c117eb
--- /dev/null
+++ b/smoketest/config-tests/cluster-basic
@@ -0,0 +1,21 @@
+set high-availability vrrp group VyOS address 192.0.2.10/24
+set high-availability vrrp group VyOS address 192.0.2.20/24
+set high-availability vrrp group VyOS advertise-interval '1'
+set high-availability vrrp group VyOS authentication password 'qwerty'
+set high-availability vrrp group VyOS authentication type 'plaintext-password'
+set high-availability vrrp group VyOS interface 'eth1'
+set high-availability vrrp group VyOS vrid '1'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 address '192.0.2.1/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set interfaces loopback lo
+set system config-management commit-revisions '100'
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Antarctica/South_Pole'
diff --git a/smoketest/config-tests/container-simple b/smoketest/config-tests/container-simple
index 5af365cf9..fcc665100 100644
--- a/smoketest/config-tests/container-simple
+++ b/smoketest/config-tests/container-simple
@@ -1,8 +1,3 @@
-set system config-management commit-revisions '50'
-set system host-name 'vyos'
-set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
-set system login user vyos authentication plaintext-password ''
-set system console device ttyS0 speed '115200'
set container name c01 allow-host-networks
set container name c01 capability 'net-bind-service'
set container name c01 capability 'net-raw'
@@ -11,4 +6,13 @@ set container name c02 allow-host-networks
set container name c02 allow-host-pid
set container name c02 capability 'sys-time'
set container name c02 image 'busybox:stable'
-set container name c02 sysctl parameter kernel.msgmax value '8192' \ No newline at end of file
+set container name c02 sysctl parameter kernel.msgmax value '8192'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set system config-management commit-revisions '50'
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
+set system login user vyos authentication plaintext-password ''
diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex
new file mode 100644
index 000000000..4416ef82e
--- /dev/null
+++ b/smoketest/config-tests/dialup-router-complex
@@ -0,0 +1,740 @@
+set firewall global-options all-ping 'enable'
+set firewall global-options broadcast-ping 'disable'
+set firewall global-options ip-src-route 'disable'
+set firewall global-options ipv6-receive-redirects 'disable'
+set firewall global-options ipv6-src-route 'disable'
+set firewall global-options log-martians 'enable'
+set firewall global-options receive-redirects 'disable'
+set firewall global-options send-redirects 'enable'
+set firewall global-options source-validation 'disable'
+set firewall global-options syn-cookies 'enable'
+set firewall global-options timeout icmp '30'
+set firewall global-options timeout other '600'
+set firewall global-options timeout udp other '300'
+set firewall global-options timeout udp stream '300'
+set firewall global-options twa-hazards-protection 'disable'
+set firewall group address-group AUDIO-STREAM address '172.16.35.20'
+set firewall group address-group AUDIO-STREAM address '172.16.35.21'
+set firewall group address-group AUDIO-STREAM address '172.16.35.22'
+set firewall group address-group AUDIO-STREAM address '172.16.35.23'
+set firewall group address-group DMZ-RDP-SERVER address '172.16.33.40'
+set firewall group address-group DMZ-WEBSERVER address '172.16.36.10'
+set firewall group address-group DMZ-WEBSERVER address '172.16.36.40'
+set firewall group address-group DMZ-WEBSERVER address '172.16.36.20'
+set firewall group address-group DOMAIN-CONTROLLER address '172.16.100.10'
+set firewall group address-group DOMAIN-CONTROLLER address '172.16.100.20'
+set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.241'
+set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.242'
+set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.243'
+set firewall group ipv6-network-group LOCAL-ADDRESSES network 'ff02::/64'
+set firewall group ipv6-network-group LOCAL-ADDRESSES network 'fe80::/10'
+set firewall group network-group SSH-IN-ALLOW network '192.0.2.0/24'
+set firewall group network-group SSH-IN-ALLOW network '10.0.0.0/8'
+set firewall group network-group SSH-IN-ALLOW network '172.16.0.0/12'
+set firewall group network-group SSH-IN-ALLOW network '192.168.0.0/16'
+set firewall group port-group SMART-TV-PORTS port '5005-5006'
+set firewall group port-group SMART-TV-PORTS port '80'
+set firewall group port-group SMART-TV-PORTS port '443'
+set firewall group port-group SMART-TV-PORTS port '3722'
+set firewall ipv4 name DMZ-GUEST default-action 'drop'
+set firewall ipv4 name DMZ-GUEST default-log
+set firewall ipv4 name DMZ-GUEST rule 1 action 'return'
+set firewall ipv4 name DMZ-GUEST rule 1 state 'established'
+set firewall ipv4 name DMZ-GUEST rule 1 state 'related'
+set firewall ipv4 name DMZ-GUEST rule 2 action 'drop'
+set firewall ipv4 name DMZ-GUEST rule 2 log
+set firewall ipv4 name DMZ-GUEST rule 2 state 'invalid'
+set firewall ipv4 name DMZ-LAN default-action 'drop'
+set firewall ipv4 name DMZ-LAN default-log
+set firewall ipv4 name DMZ-LAN rule 1 action 'return'
+set firewall ipv4 name DMZ-LAN rule 1 state 'established'
+set firewall ipv4 name DMZ-LAN rule 1 state 'related'
+set firewall ipv4 name DMZ-LAN rule 2 action 'drop'
+set firewall ipv4 name DMZ-LAN rule 2 log
+set firewall ipv4 name DMZ-LAN rule 2 state 'invalid'
+set firewall ipv4 name DMZ-LAN rule 100 action 'return'
+set firewall ipv4 name DMZ-LAN rule 100 description 'NTP and LDAP to AD DC'
+set firewall ipv4 name DMZ-LAN rule 100 destination group address-group 'DOMAIN-CONTROLLER'
+set firewall ipv4 name DMZ-LAN rule 100 destination port '123,389,636'
+set firewall ipv4 name DMZ-LAN rule 100 protocol 'tcp_udp'
+set firewall ipv4 name DMZ-LAN rule 300 action 'return'
+set firewall ipv4 name DMZ-LAN rule 300 destination group address-group 'DMZ-RDP-SERVER'
+set firewall ipv4 name DMZ-LAN rule 300 destination port '3389'
+set firewall ipv4 name DMZ-LAN rule 300 protocol 'tcp_udp'
+set firewall ipv4 name DMZ-LAN rule 300 source address '172.16.36.20'
+set firewall ipv4 name DMZ-LOCAL default-action 'drop'
+set firewall ipv4 name DMZ-LOCAL default-log
+set firewall ipv4 name DMZ-LOCAL rule 1 action 'return'
+set firewall ipv4 name DMZ-LOCAL rule 1 state 'established'
+set firewall ipv4 name DMZ-LOCAL rule 1 state 'related'
+set firewall ipv4 name DMZ-LOCAL rule 2 action 'drop'
+set firewall ipv4 name DMZ-LOCAL rule 2 log
+set firewall ipv4 name DMZ-LOCAL rule 2 state 'invalid'
+set firewall ipv4 name DMZ-LOCAL rule 50 action 'return'
+set firewall ipv4 name DMZ-LOCAL rule 50 destination address '172.16.254.30'
+set firewall ipv4 name DMZ-LOCAL rule 50 destination port '53'
+set firewall ipv4 name DMZ-LOCAL rule 50 protocol 'tcp_udp'
+set firewall ipv4 name DMZ-LOCAL rule 123 action 'return'
+set firewall ipv4 name DMZ-LOCAL rule 123 destination port '123'
+set firewall ipv4 name DMZ-LOCAL rule 123 protocol 'udp'
+set firewall ipv4 name DMZ-LOCAL rule 800 action 'drop'
+set firewall ipv4 name DMZ-LOCAL rule 800 description 'SSH anti brute force'
+set firewall ipv4 name DMZ-LOCAL rule 800 destination port 'ssh'
+set firewall ipv4 name DMZ-LOCAL rule 800 log
+set firewall ipv4 name DMZ-LOCAL rule 800 protocol 'tcp'
+set firewall ipv4 name DMZ-LOCAL rule 800 recent count '4'
+set firewall ipv4 name DMZ-LOCAL rule 800 recent time 'minute'
+set firewall ipv4 name DMZ-LOCAL rule 800 state 'new'
+set firewall ipv4 name DMZ-WAN default-action 'return'
+set firewall ipv4 name GUEST-DMZ default-action 'drop'
+set firewall ipv4 name GUEST-DMZ default-log
+set firewall ipv4 name GUEST-DMZ rule 1 action 'return'
+set firewall ipv4 name GUEST-DMZ rule 1 state 'established'
+set firewall ipv4 name GUEST-DMZ rule 1 state 'related'
+set firewall ipv4 name GUEST-DMZ rule 2 action 'drop'
+set firewall ipv4 name GUEST-DMZ rule 2 log
+set firewall ipv4 name GUEST-DMZ rule 2 state 'invalid'
+set firewall ipv4 name GUEST-DMZ rule 100 action 'return'
+set firewall ipv4 name GUEST-DMZ rule 100 destination port '80,443'
+set firewall ipv4 name GUEST-DMZ rule 100 protocol 'tcp'
+set firewall ipv4 name GUEST-IOT default-action 'drop'
+set firewall ipv4 name GUEST-IOT default-log
+set firewall ipv4 name GUEST-IOT rule 1 action 'return'
+set firewall ipv4 name GUEST-IOT rule 1 state 'established'
+set firewall ipv4 name GUEST-IOT rule 1 state 'related'
+set firewall ipv4 name GUEST-IOT rule 2 action 'drop'
+set firewall ipv4 name GUEST-IOT rule 2 log
+set firewall ipv4 name GUEST-IOT rule 2 state 'invalid'
+set firewall ipv4 name GUEST-IOT rule 100 action 'return'
+set firewall ipv4 name GUEST-IOT rule 100 description 'MEDIA-STREAMING-CLIENTS Devices to GUEST'
+set firewall ipv4 name GUEST-IOT rule 100 destination group address-group 'MEDIA-STREAMING-CLIENTS'
+set firewall ipv4 name GUEST-IOT rule 100 protocol 'tcp_udp'
+set firewall ipv4 name GUEST-IOT rule 110 action 'return'
+set firewall ipv4 name GUEST-IOT rule 110 description 'AUDIO-STREAM Devices to GUEST'
+set firewall ipv4 name GUEST-IOT rule 110 destination group address-group 'AUDIO-STREAM'
+set firewall ipv4 name GUEST-IOT rule 110 protocol 'tcp_udp'
+set firewall ipv4 name GUEST-IOT rule 200 action 'return'
+set firewall ipv4 name GUEST-IOT rule 200 description 'MCAST relay'
+set firewall ipv4 name GUEST-IOT rule 200 destination address '224.0.0.251'
+set firewall ipv4 name GUEST-IOT rule 200 destination port '5353'
+set firewall ipv4 name GUEST-IOT rule 200 protocol 'udp'
+set firewall ipv4 name GUEST-IOT rule 300 action 'return'
+set firewall ipv4 name GUEST-IOT rule 300 description 'BCAST relay'
+set firewall ipv4 name GUEST-IOT rule 300 destination port '1900'
+set firewall ipv4 name GUEST-IOT rule 300 protocol 'udp'
+set firewall ipv4 name GUEST-LAN default-action 'drop'
+set firewall ipv4 name GUEST-LAN default-log
+set firewall ipv4 name GUEST-LAN rule 1 action 'return'
+set firewall ipv4 name GUEST-LAN rule 1 state 'established'
+set firewall ipv4 name GUEST-LAN rule 1 state 'related'
+set firewall ipv4 name GUEST-LAN rule 2 action 'drop'
+set firewall ipv4 name GUEST-LAN rule 2 log
+set firewall ipv4 name GUEST-LAN rule 2 state 'invalid'
+set firewall ipv4 name GUEST-LOCAL default-action 'drop'
+set firewall ipv4 name GUEST-LOCAL default-log
+set firewall ipv4 name GUEST-LOCAL rule 1 action 'return'
+set firewall ipv4 name GUEST-LOCAL rule 1 state 'established'
+set firewall ipv4 name GUEST-LOCAL rule 1 state 'related'
+set firewall ipv4 name GUEST-LOCAL rule 2 action 'drop'
+set firewall ipv4 name GUEST-LOCAL rule 2 log
+set firewall ipv4 name GUEST-LOCAL rule 2 state 'invalid'
+set firewall ipv4 name GUEST-LOCAL rule 10 action 'return'
+set firewall ipv4 name GUEST-LOCAL rule 10 description 'DNS'
+set firewall ipv4 name GUEST-LOCAL rule 10 destination address '172.31.0.254'
+set firewall ipv4 name GUEST-LOCAL rule 10 destination port '53'
+set firewall ipv4 name GUEST-LOCAL rule 10 protocol 'tcp_udp'
+set firewall ipv4 name GUEST-LOCAL rule 11 action 'return'
+set firewall ipv4 name GUEST-LOCAL rule 11 description 'DHCP'
+set firewall ipv4 name GUEST-LOCAL rule 11 destination port '67'
+set firewall ipv4 name GUEST-LOCAL rule 11 protocol 'udp'
+set firewall ipv4 name GUEST-LOCAL rule 15 action 'return'
+set firewall ipv4 name GUEST-LOCAL rule 15 destination address '172.31.0.254'
+set firewall ipv4 name GUEST-LOCAL rule 15 protocol 'icmp'
+set firewall ipv4 name GUEST-LOCAL rule 200 action 'return'
+set firewall ipv4 name GUEST-LOCAL rule 200 description 'MCAST relay'
+set firewall ipv4 name GUEST-LOCAL rule 200 destination address '224.0.0.251'
+set firewall ipv4 name GUEST-LOCAL rule 200 destination port '5353'
+set firewall ipv4 name GUEST-LOCAL rule 200 protocol 'udp'
+set firewall ipv4 name GUEST-LOCAL rule 210 action 'return'
+set firewall ipv4 name GUEST-LOCAL rule 210 description 'AUDIO-STREAM Broadcast'
+set firewall ipv4 name GUEST-LOCAL rule 210 destination port '1900'
+set firewall ipv4 name GUEST-LOCAL rule 210 protocol 'udp'
+set firewall ipv4 name GUEST-WAN default-action 'drop'
+set firewall ipv4 name GUEST-WAN default-log
+set firewall ipv4 name GUEST-WAN rule 1 action 'return'
+set firewall ipv4 name GUEST-WAN rule 1 state 'established'
+set firewall ipv4 name GUEST-WAN rule 1 state 'related'
+set firewall ipv4 name GUEST-WAN rule 2 action 'drop'
+set firewall ipv4 name GUEST-WAN rule 2 log
+set firewall ipv4 name GUEST-WAN rule 2 state 'invalid'
+set firewall ipv4 name GUEST-WAN rule 25 action 'return'
+set firewall ipv4 name GUEST-WAN rule 25 description 'SMTP'
+set firewall ipv4 name GUEST-WAN rule 25 destination port '25,587'
+set firewall ipv4 name GUEST-WAN rule 25 protocol 'tcp'
+set firewall ipv4 name GUEST-WAN rule 53 action 'return'
+set firewall ipv4 name GUEST-WAN rule 53 destination port '53'
+set firewall ipv4 name GUEST-WAN rule 53 protocol 'tcp_udp'
+set firewall ipv4 name GUEST-WAN rule 60 action 'return'
+set firewall ipv4 name GUEST-WAN rule 60 source address '172.31.0.200'
+set firewall ipv4 name GUEST-WAN rule 80 action 'return'
+set firewall ipv4 name GUEST-WAN rule 80 source address '172.31.0.200'
+set firewall ipv4 name GUEST-WAN rule 100 action 'return'
+set firewall ipv4 name GUEST-WAN rule 100 protocol 'icmp'
+set firewall ipv4 name GUEST-WAN rule 110 action 'return'
+set firewall ipv4 name GUEST-WAN rule 110 description 'POP3'
+set firewall ipv4 name GUEST-WAN rule 110 destination port '110,995'
+set firewall ipv4 name GUEST-WAN rule 110 limit rate '10/minute'
+set firewall ipv4 name GUEST-WAN rule 110 protocol 'tcp'
+set firewall ipv4 name GUEST-WAN rule 123 action 'return'
+set firewall ipv4 name GUEST-WAN rule 123 description 'NTP Client'
+set firewall ipv4 name GUEST-WAN rule 123 destination port '123'
+set firewall ipv4 name GUEST-WAN rule 123 protocol 'udp'
+set firewall ipv4 name GUEST-WAN rule 143 action 'return'
+set firewall ipv4 name GUEST-WAN rule 143 description 'IMAP'
+set firewall ipv4 name GUEST-WAN rule 143 destination port '143,993'
+set firewall ipv4 name GUEST-WAN rule 143 protocol 'tcp'
+set firewall ipv4 name GUEST-WAN rule 200 action 'return'
+set firewall ipv4 name GUEST-WAN rule 200 destination port '80,443'
+set firewall ipv4 name GUEST-WAN rule 200 protocol 'tcp'
+set firewall ipv4 name GUEST-WAN rule 500 action 'return'
+set firewall ipv4 name GUEST-WAN rule 500 description 'L2TP IPSec'
+set firewall ipv4 name GUEST-WAN rule 500 destination port '500,4500'
+set firewall ipv4 name GUEST-WAN rule 500 protocol 'udp'
+set firewall ipv4 name GUEST-WAN rule 600 action 'return'
+set firewall ipv4 name GUEST-WAN rule 600 destination port '5222-5224'
+set firewall ipv4 name GUEST-WAN rule 600 protocol 'tcp'
+set firewall ipv4 name GUEST-WAN rule 601 action 'return'
+set firewall ipv4 name GUEST-WAN rule 601 destination port '3478-3497,4500,16384-16387,16393-16402'
+set firewall ipv4 name GUEST-WAN rule 601 protocol 'udp'
+set firewall ipv4 name GUEST-WAN rule 1000 action 'return'
+set firewall ipv4 name GUEST-WAN rule 1000 source address '172.31.0.184'
+set firewall ipv4 name IOT-GUEST default-action 'drop'
+set firewall ipv4 name IOT-GUEST default-log
+set firewall ipv4 name IOT-GUEST rule 1 action 'return'
+set firewall ipv4 name IOT-GUEST rule 1 state 'established'
+set firewall ipv4 name IOT-GUEST rule 1 state 'related'
+set firewall ipv4 name IOT-GUEST rule 2 action 'drop'
+set firewall ipv4 name IOT-GUEST rule 2 log
+set firewall ipv4 name IOT-GUEST rule 2 state 'invalid'
+set firewall ipv4 name IOT-GUEST rule 100 action 'return'
+set firewall ipv4 name IOT-GUEST rule 100 description 'MEDIA-STREAMING-CLIENTS Devices to IOT'
+set firewall ipv4 name IOT-GUEST rule 100 protocol 'tcp_udp'
+set firewall ipv4 name IOT-GUEST rule 100 source group address-group 'MEDIA-STREAMING-CLIENTS'
+set firewall ipv4 name IOT-GUEST rule 110 action 'return'
+set firewall ipv4 name IOT-GUEST rule 110 description 'AUDIO-STREAM Devices to IOT'
+set firewall ipv4 name IOT-GUEST rule 110 protocol 'tcp_udp'
+set firewall ipv4 name IOT-GUEST rule 110 source group address-group 'AUDIO-STREAM'
+set firewall ipv4 name IOT-GUEST rule 200 action 'return'
+set firewall ipv4 name IOT-GUEST rule 200 description 'MCAST relay'
+set firewall ipv4 name IOT-GUEST rule 200 destination address '224.0.0.251'
+set firewall ipv4 name IOT-GUEST rule 200 destination port '5353'
+set firewall ipv4 name IOT-GUEST rule 200 protocol 'udp'
+set firewall ipv4 name IOT-GUEST rule 300 action 'return'
+set firewall ipv4 name IOT-GUEST rule 300 description 'BCAST relay'
+set firewall ipv4 name IOT-GUEST rule 300 destination port '1900'
+set firewall ipv4 name IOT-GUEST rule 300 protocol 'udp'
+set firewall ipv4 name IOT-LAN default-action 'drop'
+set firewall ipv4 name IOT-LAN default-log
+set firewall ipv4 name IOT-LAN rule 1 action 'return'
+set firewall ipv4 name IOT-LAN rule 1 state 'established'
+set firewall ipv4 name IOT-LAN rule 1 state 'related'
+set firewall ipv4 name IOT-LAN rule 2 action 'drop'
+set firewall ipv4 name IOT-LAN rule 2 log
+set firewall ipv4 name IOT-LAN rule 2 state 'invalid'
+set firewall ipv4 name IOT-LAN rule 100 action 'return'
+set firewall ipv4 name IOT-LAN rule 100 description 'AppleTV to LAN'
+set firewall ipv4 name IOT-LAN rule 100 destination group port-group 'SMART-TV-PORTS'
+set firewall ipv4 name IOT-LAN rule 100 protocol 'tcp_udp'
+set firewall ipv4 name IOT-LAN rule 100 source group address-group 'MEDIA-STREAMING-CLIENTS'
+set firewall ipv4 name IOT-LAN rule 110 action 'return'
+set firewall ipv4 name IOT-LAN rule 110 description 'AUDIO-STREAM Devices to LAN'
+set firewall ipv4 name IOT-LAN rule 110 protocol 'tcp_udp'
+set firewall ipv4 name IOT-LAN rule 110 source group address-group 'AUDIO-STREAM'
+set firewall ipv4 name IOT-LOCAL default-action 'drop'
+set firewall ipv4 name IOT-LOCAL default-log
+set firewall ipv4 name IOT-LOCAL rule 1 action 'return'
+set firewall ipv4 name IOT-LOCAL rule 1 state 'established'
+set firewall ipv4 name IOT-LOCAL rule 1 state 'related'
+set firewall ipv4 name IOT-LOCAL rule 2 action 'drop'
+set firewall ipv4 name IOT-LOCAL rule 2 log
+set firewall ipv4 name IOT-LOCAL rule 2 state 'invalid'
+set firewall ipv4 name IOT-LOCAL rule 10 action 'return'
+set firewall ipv4 name IOT-LOCAL rule 10 description 'DNS'
+set firewall ipv4 name IOT-LOCAL rule 10 destination address '172.16.254.30'
+set firewall ipv4 name IOT-LOCAL rule 10 destination port '53'
+set firewall ipv4 name IOT-LOCAL rule 10 protocol 'tcp_udp'
+set firewall ipv4 name IOT-LOCAL rule 11 action 'return'
+set firewall ipv4 name IOT-LOCAL rule 11 description 'DHCP'
+set firewall ipv4 name IOT-LOCAL rule 11 destination port '67'
+set firewall ipv4 name IOT-LOCAL rule 11 protocol 'udp'
+set firewall ipv4 name IOT-LOCAL rule 15 action 'return'
+set firewall ipv4 name IOT-LOCAL rule 15 destination address '172.16.35.254'
+set firewall ipv4 name IOT-LOCAL rule 15 protocol 'icmp'
+set firewall ipv4 name IOT-LOCAL rule 200 action 'return'
+set firewall ipv4 name IOT-LOCAL rule 200 description 'MCAST relay'
+set firewall ipv4 name IOT-LOCAL rule 200 destination address '224.0.0.251'
+set firewall ipv4 name IOT-LOCAL rule 200 destination port '5353'
+set firewall ipv4 name IOT-LOCAL rule 200 protocol 'udp'
+set firewall ipv4 name IOT-LOCAL rule 201 action 'return'
+set firewall ipv4 name IOT-LOCAL rule 201 description 'MCAST relay'
+set firewall ipv4 name IOT-LOCAL rule 201 destination address '172.16.35.254'
+set firewall ipv4 name IOT-LOCAL rule 201 destination port '5353'
+set firewall ipv4 name IOT-LOCAL rule 201 protocol 'udp'
+set firewall ipv4 name IOT-LOCAL rule 210 action 'return'
+set firewall ipv4 name IOT-LOCAL rule 210 description 'AUDIO-STREAM Broadcast'
+set firewall ipv4 name IOT-LOCAL rule 210 destination port '1900,1902,6969'
+set firewall ipv4 name IOT-LOCAL rule 210 protocol 'udp'
+set firewall ipv4 name IOT-WAN default-action 'return'
+set firewall ipv4 name LAN-DMZ default-action 'drop'
+set firewall ipv4 name LAN-DMZ default-log
+set firewall ipv4 name LAN-DMZ rule 1 action 'return'
+set firewall ipv4 name LAN-DMZ rule 1 state 'established'
+set firewall ipv4 name LAN-DMZ rule 1 state 'related'
+set firewall ipv4 name LAN-DMZ rule 2 action 'drop'
+set firewall ipv4 name LAN-DMZ rule 2 log
+set firewall ipv4 name LAN-DMZ rule 2 state 'invalid'
+set firewall ipv4 name LAN-DMZ rule 22 action 'return'
+set firewall ipv4 name LAN-DMZ rule 22 description 'SSH into DMZ'
+set firewall ipv4 name LAN-DMZ rule 22 destination port '22'
+set firewall ipv4 name LAN-DMZ rule 22 protocol 'tcp'
+set firewall ipv4 name LAN-DMZ rule 100 action 'return'
+set firewall ipv4 name LAN-DMZ rule 100 destination group address-group 'DMZ-WEBSERVER'
+set firewall ipv4 name LAN-DMZ rule 100 destination port '22,80,443'
+set firewall ipv4 name LAN-DMZ rule 100 protocol 'tcp'
+set firewall ipv4 name LAN-GUEST default-action 'drop'
+set firewall ipv4 name LAN-GUEST default-log
+set firewall ipv4 name LAN-GUEST rule 1 action 'return'
+set firewall ipv4 name LAN-GUEST rule 1 state 'established'
+set firewall ipv4 name LAN-GUEST rule 1 state 'related'
+set firewall ipv4 name LAN-GUEST rule 2 action 'drop'
+set firewall ipv4 name LAN-GUEST rule 2 log
+set firewall ipv4 name LAN-GUEST rule 2 state 'invalid'
+set firewall ipv4 name LAN-IOT default-action 'return'
+set firewall ipv4 name LAN-LOCAL default-action 'return'
+set firewall ipv4 name LAN-WAN default-action 'return'
+set firewall ipv4 name LOCAL-DMZ default-action 'drop'
+set firewall ipv4 name LOCAL-DMZ default-log
+set firewall ipv4 name LOCAL-DMZ rule 1 action 'return'
+set firewall ipv4 name LOCAL-DMZ rule 1 state 'established'
+set firewall ipv4 name LOCAL-DMZ rule 1 state 'related'
+set firewall ipv4 name LOCAL-DMZ rule 2 action 'drop'
+set firewall ipv4 name LOCAL-DMZ rule 2 log
+set firewall ipv4 name LOCAL-DMZ rule 2 state 'invalid'
+set firewall ipv4 name LOCAL-GUEST default-action 'drop'
+set firewall ipv4 name LOCAL-GUEST default-log
+set firewall ipv4 name LOCAL-GUEST rule 1 action 'return'
+set firewall ipv4 name LOCAL-GUEST rule 1 state 'established'
+set firewall ipv4 name LOCAL-GUEST rule 1 state 'related'
+set firewall ipv4 name LOCAL-GUEST rule 2 action 'drop'
+set firewall ipv4 name LOCAL-GUEST rule 2 log
+set firewall ipv4 name LOCAL-GUEST rule 2 state 'invalid'
+set firewall ipv4 name LOCAL-GUEST rule 5 action 'return'
+set firewall ipv4 name LOCAL-GUEST rule 5 protocol 'icmp'
+set firewall ipv4 name LOCAL-GUEST rule 200 action 'return'
+set firewall ipv4 name LOCAL-GUEST rule 200 description 'MCAST relay'
+set firewall ipv4 name LOCAL-GUEST rule 200 destination address '224.0.0.251'
+set firewall ipv4 name LOCAL-GUEST rule 200 destination port '5353'
+set firewall ipv4 name LOCAL-GUEST rule 200 protocol 'udp'
+set firewall ipv4 name LOCAL-GUEST rule 300 action 'return'
+set firewall ipv4 name LOCAL-GUEST rule 300 description 'BCAST relay'
+set firewall ipv4 name LOCAL-GUEST rule 300 destination port '1900'
+set firewall ipv4 name LOCAL-GUEST rule 300 protocol 'udp'
+set firewall ipv4 name LOCAL-IOT default-action 'drop'
+set firewall ipv4 name LOCAL-IOT default-log
+set firewall ipv4 name LOCAL-IOT rule 1 action 'return'
+set firewall ipv4 name LOCAL-IOT rule 1 state 'established'
+set firewall ipv4 name LOCAL-IOT rule 1 state 'related'
+set firewall ipv4 name LOCAL-IOT rule 2 action 'drop'
+set firewall ipv4 name LOCAL-IOT rule 2 log
+set firewall ipv4 name LOCAL-IOT rule 2 state 'invalid'
+set firewall ipv4 name LOCAL-IOT rule 5 action 'return'
+set firewall ipv4 name LOCAL-IOT rule 5 protocol 'icmp'
+set firewall ipv4 name LOCAL-IOT rule 200 action 'return'
+set firewall ipv4 name LOCAL-IOT rule 200 description 'MCAST relay'
+set firewall ipv4 name LOCAL-IOT rule 200 destination address '224.0.0.251'
+set firewall ipv4 name LOCAL-IOT rule 200 destination port '5353'
+set firewall ipv4 name LOCAL-IOT rule 200 protocol 'udp'
+set firewall ipv4 name LOCAL-IOT rule 300 action 'return'
+set firewall ipv4 name LOCAL-IOT rule 300 description 'BCAST relay'
+set firewall ipv4 name LOCAL-IOT rule 300 destination port '1900,6969'
+set firewall ipv4 name LOCAL-IOT rule 300 protocol 'udp'
+set firewall ipv4 name LOCAL-LAN default-action 'return'
+set firewall ipv4 name LOCAL-WAN default-action 'drop'
+set firewall ipv4 name LOCAL-WAN default-log
+set firewall ipv4 name LOCAL-WAN rule 1 action 'return'
+set firewall ipv4 name LOCAL-WAN rule 1 state 'established'
+set firewall ipv4 name LOCAL-WAN rule 1 state 'related'
+set firewall ipv4 name LOCAL-WAN rule 2 action 'drop'
+set firewall ipv4 name LOCAL-WAN rule 2 log
+set firewall ipv4 name LOCAL-WAN rule 2 state 'invalid'
+set firewall ipv4 name LOCAL-WAN rule 10 action 'return'
+set firewall ipv4 name LOCAL-WAN rule 10 protocol 'icmp'
+set firewall ipv4 name LOCAL-WAN rule 50 action 'return'
+set firewall ipv4 name LOCAL-WAN rule 50 description 'DNS'
+set firewall ipv4 name LOCAL-WAN rule 50 destination port '53'
+set firewall ipv4 name LOCAL-WAN rule 50 protocol 'tcp_udp'
+set firewall ipv4 name LOCAL-WAN rule 80 action 'return'
+set firewall ipv4 name LOCAL-WAN rule 80 destination port '80,443'
+set firewall ipv4 name LOCAL-WAN rule 80 protocol 'tcp'
+set firewall ipv4 name LOCAL-WAN rule 123 action 'return'
+set firewall ipv4 name LOCAL-WAN rule 123 description 'NTP'
+set firewall ipv4 name LOCAL-WAN rule 123 destination port '123'
+set firewall ipv4 name LOCAL-WAN rule 123 protocol 'udp'
+set firewall ipv4 name WAN-DMZ default-action 'drop'
+set firewall ipv4 name WAN-DMZ default-log
+set firewall ipv4 name WAN-DMZ rule 1 action 'return'
+set firewall ipv4 name WAN-DMZ rule 1 state 'established'
+set firewall ipv4 name WAN-DMZ rule 1 state 'related'
+set firewall ipv4 name WAN-DMZ rule 2 action 'drop'
+set firewall ipv4 name WAN-DMZ rule 2 log
+set firewall ipv4 name WAN-DMZ rule 2 state 'invalid'
+set firewall ipv4 name WAN-DMZ rule 100 action 'return'
+set firewall ipv4 name WAN-DMZ rule 100 destination address '172.16.36.10'
+set firewall ipv4 name WAN-DMZ rule 100 destination port '80,443'
+set firewall ipv4 name WAN-DMZ rule 100 protocol 'tcp'
+set firewall ipv4 name WAN-GUEST default-action 'drop'
+set firewall ipv4 name WAN-GUEST default-log
+set firewall ipv4 name WAN-GUEST rule 1 action 'return'
+set firewall ipv4 name WAN-GUEST rule 1 state 'established'
+set firewall ipv4 name WAN-GUEST rule 1 state 'related'
+set firewall ipv4 name WAN-GUEST rule 2 action 'drop'
+set firewall ipv4 name WAN-GUEST rule 2 log
+set firewall ipv4 name WAN-GUEST rule 2 state 'invalid'
+set firewall ipv4 name WAN-GUEST rule 1000 action 'return'
+set firewall ipv4 name WAN-GUEST rule 1000 destination address '172.31.0.184'
+set firewall ipv4 name WAN-GUEST rule 8000 action 'return'
+set firewall ipv4 name WAN-GUEST rule 8000 destination address '172.31.0.200'
+set firewall ipv4 name WAN-GUEST rule 8000 destination port '10000'
+set firewall ipv4 name WAN-GUEST rule 8000 protocol 'udp'
+set firewall ipv4 name WAN-IOT default-action 'drop'
+set firewall ipv4 name WAN-IOT default-log
+set firewall ipv4 name WAN-IOT rule 1 action 'return'
+set firewall ipv4 name WAN-IOT rule 1 state 'established'
+set firewall ipv4 name WAN-IOT rule 1 state 'related'
+set firewall ipv4 name WAN-IOT rule 2 action 'drop'
+set firewall ipv4 name WAN-IOT rule 2 log
+set firewall ipv4 name WAN-IOT rule 2 state 'invalid'
+set firewall ipv4 name WAN-LAN default-action 'drop'
+set firewall ipv4 name WAN-LAN default-log
+set firewall ipv4 name WAN-LAN rule 1 action 'return'
+set firewall ipv4 name WAN-LAN rule 1 state 'established'
+set firewall ipv4 name WAN-LAN rule 1 state 'related'
+set firewall ipv4 name WAN-LAN rule 2 action 'drop'
+set firewall ipv4 name WAN-LAN rule 2 log
+set firewall ipv4 name WAN-LAN rule 2 state 'invalid'
+set firewall ipv4 name WAN-LAN rule 1000 action 'return'
+set firewall ipv4 name WAN-LAN rule 1000 destination address '172.16.33.40'
+set firewall ipv4 name WAN-LAN rule 1000 destination port '3389'
+set firewall ipv4 name WAN-LAN rule 1000 protocol 'tcp'
+set firewall ipv4 name WAN-LAN rule 1000 source group network-group 'SSH-IN-ALLOW'
+set firewall ipv4 name WAN-LOCAL default-action 'drop'
+set firewall ipv4 name WAN-LOCAL default-log
+set firewall ipv4 name WAN-LOCAL rule 1 action 'return'
+set firewall ipv4 name WAN-LOCAL rule 1 state 'established'
+set firewall ipv4 name WAN-LOCAL rule 1 state 'related'
+set firewall ipv4 name WAN-LOCAL rule 2 action 'drop'
+set firewall ipv4 name WAN-LOCAL rule 2 log
+set firewall ipv4 name WAN-LOCAL rule 2 state 'invalid'
+set firewall ipv4 name WAN-LOCAL rule 22 action 'return'
+set firewall ipv4 name WAN-LOCAL rule 22 destination port '22'
+set firewall ipv4 name WAN-LOCAL rule 22 protocol 'tcp'
+set firewall ipv4 name WAN-LOCAL rule 22 source group network-group 'SSH-IN-ALLOW'
+set firewall ipv6 name ALLOW-ALL-6 default-action 'return'
+set firewall ipv6 name ALLOW-BASIC-6 default-action 'drop'
+set firewall ipv6 name ALLOW-BASIC-6 default-log
+set firewall ipv6 name ALLOW-BASIC-6 rule 1 action 'return'
+set firewall ipv6 name ALLOW-BASIC-6 rule 1 state 'established'
+set firewall ipv6 name ALLOW-BASIC-6 rule 1 state 'related'
+set firewall ipv6 name ALLOW-BASIC-6 rule 2 action 'drop'
+set firewall ipv6 name ALLOW-BASIC-6 rule 2 state 'invalid'
+set firewall ipv6 name ALLOW-BASIC-6 rule 10 action 'return'
+set firewall ipv6 name ALLOW-BASIC-6 rule 10 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-BASIC-6 rule 15 action 'return'
+set firewall ipv6 name ALLOW-BASIC-6 rule 15 icmpv6 type '1'
+set firewall ipv6 name ALLOW-BASIC-6 rule 15 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-BASIC-6 rule 16 action 'return'
+set firewall ipv6 name ALLOW-BASIC-6 rule 16 icmpv6 code '1'
+set firewall ipv6 name ALLOW-BASIC-6 rule 16 icmpv6 type '1'
+set firewall ipv6 name ALLOW-BASIC-6 rule 16 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-BASIC-6 rule 17 action 'return'
+set firewall ipv6 name ALLOW-BASIC-6 rule 17 icmpv6 type-name 'destination-unreachable'
+set firewall ipv6 name ALLOW-BASIC-6 rule 17 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 default-action 'drop'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 default-log
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 action 'return'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 state 'established'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 state 'related'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 2 action 'drop'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 2 state 'invalid'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 action 'return'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 destination group network-group 'LOCAL-ADDRESSES'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 source address 'fe80::/10'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 action 'return'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 icmpv6 type-name 'echo-request'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 action 'return'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 icmpv6 type-name 'destination-unreachable'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 action 'return'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 icmpv6 type-name 'packet-too-big'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 action 'return'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 icmpv6 type-name 'time-exceeded'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 protocol 'ipv6-icmp'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 action 'return'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 icmpv6 type-name 'parameter-problem'
+set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 protocol 'ipv6-icmp'
+set firewall ipv6 name WAN-LOCAL-6 default-action 'drop'
+set firewall ipv6 name WAN-LOCAL-6 default-log
+set firewall ipv6 name WAN-LOCAL-6 rule 1 action 'return'
+set firewall ipv6 name WAN-LOCAL-6 rule 1 state 'established'
+set firewall ipv6 name WAN-LOCAL-6 rule 1 state 'related'
+set firewall ipv6 name WAN-LOCAL-6 rule 2 action 'drop'
+set firewall ipv6 name WAN-LOCAL-6 rule 2 state 'invalid'
+set firewall ipv6 name WAN-LOCAL-6 rule 10 action 'return'
+set firewall ipv6 name WAN-LOCAL-6 rule 10 destination address 'ff02::/64'
+set firewall ipv6 name WAN-LOCAL-6 rule 10 protocol 'ipv6-icmp'
+set firewall ipv6 name WAN-LOCAL-6 rule 10 source address 'fe80::/10'
+set firewall ipv6 name WAN-LOCAL-6 rule 50 action 'return'
+set firewall ipv6 name WAN-LOCAL-6 rule 50 description 'DHCPv6'
+set firewall ipv6 name WAN-LOCAL-6 rule 50 destination address 'fe80::/10'
+set firewall ipv6 name WAN-LOCAL-6 rule 50 destination port '546'
+set firewall ipv6 name WAN-LOCAL-6 rule 50 protocol 'udp'
+set firewall ipv6 name WAN-LOCAL-6 rule 50 source address 'fe80::/10'
+set firewall ipv6 name WAN-LOCAL-6 rule 50 source port '547'
+set firewall zone DMZ default-action 'drop'
+set firewall zone DMZ from GUEST firewall name 'GUEST-DMZ'
+set firewall zone DMZ from LAN firewall name 'LAN-DMZ'
+set firewall zone DMZ from LOCAL firewall name 'LOCAL-DMZ'
+set firewall zone DMZ from WAN firewall name 'WAN-DMZ'
+set firewall zone DMZ interface 'eth0.50'
+set firewall zone GUEST default-action 'drop'
+set firewall zone GUEST from DMZ firewall name 'DMZ-GUEST'
+set firewall zone GUEST from IOT firewall name 'IOT-GUEST'
+set firewall zone GUEST from LAN firewall name 'LAN-GUEST'
+set firewall zone GUEST from LOCAL firewall ipv6-name 'ALLOW-ALL-6'
+set firewall zone GUEST from LOCAL firewall name 'LOCAL-GUEST'
+set firewall zone GUEST from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6'
+set firewall zone GUEST from WAN firewall name 'WAN-GUEST'
+set firewall zone GUEST interface 'eth0.20'
+set firewall zone IOT default-action 'drop'
+set firewall zone IOT from GUEST firewall name 'GUEST-IOT'
+set firewall zone IOT from LAN firewall name 'LAN-IOT'
+set firewall zone IOT from LOCAL firewall name 'LOCAL-IOT'
+set firewall zone IOT from WAN firewall name 'WAN-IOT'
+set firewall zone IOT interface 'eth0.35'
+set firewall zone LAN default-action 'drop'
+set firewall zone LAN from DMZ firewall name 'DMZ-LAN'
+set firewall zone LAN from GUEST firewall name 'GUEST-LAN'
+set firewall zone LAN from IOT firewall name 'IOT-LAN'
+set firewall zone LAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6'
+set firewall zone LAN from LOCAL firewall name 'LOCAL-LAN'
+set firewall zone LAN from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6'
+set firewall zone LAN from WAN firewall name 'WAN-LAN'
+set firewall zone LAN interface 'eth0.5'
+set firewall zone LAN interface 'eth0.10'
+set firewall zone LAN interface 'eth0.100'
+set firewall zone LAN interface 'eth0.201'
+set firewall zone LAN interface 'eth0.202'
+set firewall zone LAN interface 'eth0.203'
+set firewall zone LAN interface 'eth0.204'
+set firewall zone LOCAL default-action 'drop'
+set firewall zone LOCAL from DMZ firewall name 'DMZ-LOCAL'
+set firewall zone LOCAL from GUEST firewall ipv6-name 'ALLOW-ESTABLISHED-6'
+set firewall zone LOCAL from GUEST firewall name 'GUEST-LOCAL'
+set firewall zone LOCAL from IOT firewall name 'IOT-LOCAL'
+set firewall zone LOCAL from LAN firewall ipv6-name 'ALLOW-ALL-6'
+set firewall zone LOCAL from LAN firewall name 'LAN-LOCAL'
+set firewall zone LOCAL from WAN firewall ipv6-name 'WAN-LOCAL-6'
+set firewall zone LOCAL from WAN firewall name 'WAN-LOCAL'
+set firewall zone LOCAL local-zone
+set firewall zone WAN default-action 'drop'
+set firewall zone WAN from DMZ firewall name 'DMZ-WAN'
+set firewall zone WAN from GUEST firewall ipv6-name 'ALLOW-ALL-6'
+set firewall zone WAN from GUEST firewall name 'GUEST-WAN'
+set firewall zone WAN from IOT firewall name 'IOT-WAN'
+set firewall zone WAN from LAN firewall ipv6-name 'ALLOW-ALL-6'
+set firewall zone WAN from LAN firewall name 'LAN-WAN'
+set firewall zone WAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6'
+set firewall zone WAN from LOCAL firewall name 'LOCAL-WAN'
+set firewall zone WAN interface 'pppoe0'
+set interfaces dummy dum0 address '172.16.254.30/32'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth0 vif 5 address '172.16.37.254/24'
+set interfaces ethernet eth0 vif 10 address '172.16.33.254/24'
+set interfaces ethernet eth0 vif 10 ip adjust-mss '1320'
+set interfaces ethernet eth0 vif 10 ipv6 adjust-mss '1300'
+set interfaces ethernet eth0 vif 20 address '172.31.0.254/24'
+set interfaces ethernet eth0 vif 35 address '172.16.35.254/24'
+set interfaces ethernet eth0 vif 50 address '172.16.36.254/24'
+set interfaces ethernet eth0 vif 100 address '172.16.100.254/24'
+set interfaces ethernet eth0 vif 201 address '172.18.201.254/24'
+set interfaces ethernet eth0 vif 202 address '172.18.202.254/24'
+set interfaces ethernet eth0 vif 203 address '172.18.203.254/24'
+set interfaces ethernet eth0 vif 204 address '172.18.204.254/24'
+set interfaces ethernet eth1 vif 7 description 'FTTH-PPPoE'
+set interfaces loopback lo address '172.16.254.30/32'
+set interfaces pppoe pppoe0 authentication password 'vyos'
+set interfaces pppoe pppoe0 authentication username 'vyos'
+set interfaces pppoe pppoe0 description 'FTTH 100/50MBit'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 address '1'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 sla-id '10'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.20 address '1'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.20 sla-id '20'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56'
+set interfaces pppoe pppoe0 ip adjust-mss '1452'
+set interfaces pppoe pppoe0 ipv6 address autoconf
+set interfaces pppoe pppoe0 ipv6 adjust-mss '1432'
+set interfaces pppoe pppoe0 mtu '1492'
+set interfaces pppoe pppoe0 no-peer-dns
+set interfaces pppoe pppoe0 source-interface 'eth1.7'
+set nat destination rule 100 description 'HTTP(S)'
+set nat destination rule 100 destination port '80,443'
+set nat destination rule 100 inbound-interface name 'pppoe0'
+set nat destination rule 100 log
+set nat destination rule 100 protocol 'tcp'
+set nat destination rule 100 translation address '172.16.36.10'
+set nat destination rule 1000 destination port '3389'
+set nat destination rule 1000 disable
+set nat destination rule 1000 inbound-interface name 'pppoe0'
+set nat destination rule 1000 protocol 'tcp'
+set nat destination rule 1000 translation address '172.16.33.40'
+set nat destination rule 8000 destination port '10000'
+set nat destination rule 8000 inbound-interface name 'pppoe0'
+set nat destination rule 8000 log
+set nat destination rule 8000 protocol 'udp'
+set nat destination rule 8000 translation address '172.31.0.200'
+set nat source rule 100 log
+set nat source rule 100 outbound-interface name 'pppoe0'
+set nat source rule 100 source address '172.16.32.0/19'
+set nat source rule 100 translation address 'masquerade'
+set nat source rule 200 outbound-interface name 'pppoe0'
+set nat source rule 200 source address '172.16.100.0/24'
+set nat source rule 200 translation address 'masquerade'
+set nat source rule 300 outbound-interface name 'pppoe0'
+set nat source rule 300 source address '172.31.0.0/24'
+set nat source rule 300 translation address 'masquerade'
+set nat source rule 400 outbound-interface name 'pppoe0'
+set nat source rule 400 source address '172.18.200.0/21'
+set nat source rule 400 translation address 'masquerade'
+set protocols static route 10.0.0.0/8 blackhole distance '254'
+set protocols static route 169.254.0.0/16 blackhole distance '254'
+set protocols static route 172.16.0.0/12 blackhole distance '254'
+set protocols static route 192.168.0.0/16 blackhole distance '254'
+set protocols static route6 2000::/3 interface pppoe0
+set qos policy shaper QoS bandwidth '50mbit'
+set qos policy shaper QoS default bandwidth '100%'
+set qos policy shaper QoS default burst '15k'
+set qos policy shaper QoS default queue-limit '1000'
+set qos policy shaper QoS default queue-type 'fq-codel'
+set service dhcp-server shared-network-name BACKBONE authoritative
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 lease '86400'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option default-router '172.16.37.254'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-search 'vyos.net'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option name-server '172.16.254.30'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option ntp-server '172.16.254.30'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 start '172.16.37.120'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 stop '172.16.37.149'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1.wue3 ip-address '172.16.37.231'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1.wue3 mac '18:e8:29:6c:c3:a5'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 subnet-id '1'
+set service dhcp-server shared-network-name GUEST authoritative
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 lease '86400'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option default-router '172.31.0.254'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-search 'vyos.net'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option name-server '172.31.0.254'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 start '172.31.0.100'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 stop '172.31.0.199'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host01 ip-address '172.31.0.200'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host01 mac '00:50:00:00:00:01'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host02 ip-address '172.31.0.184'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host02 mac '00:50:00:00:00:02'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 subnet-id '2'
+set service dhcp-server shared-network-name IOT authoritative
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 lease '86400'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option default-router '172.16.35.254'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option domain-search 'vyos.net'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option name-server '172.16.254.30'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option ntp-server '172.16.254.30'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 range 0 start '172.16.35.101'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 range 0 stop '172.16.35.149'
+set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 subnet-id '3'
+set service dhcp-server shared-network-name LAN authoritative
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 lease '86400'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option default-router '172.16.33.254'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-search 'vyos.net'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option name-server '172.16.254.30'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option ntp-server '172.16.254.30'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 start '172.16.33.100'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 stop '172.16.33.189'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 subnet-id '4'
+set service dns forwarding allow-from '172.16.0.0/12'
+set service dns forwarding cache-size '0'
+set service dns forwarding domain 16.172.in-addr.arpa addnta
+set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.10
+set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.20
+set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.110.30
+set service dns forwarding domain 16.172.in-addr.arpa recursion-desired
+set service dns forwarding domain 18.172.in-addr.arpa addnta
+set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.10
+set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.20
+set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.110.30
+set service dns forwarding domain 18.172.in-addr.arpa recursion-desired
+set service dns forwarding domain vyos.net addnta
+set service dns forwarding domain vyos.net name-server 172.16.100.10
+set service dns forwarding domain vyos.net name-server 172.16.100.20
+set service dns forwarding domain vyos.net name-server 172.16.110.30
+set service dns forwarding domain vyos.net recursion-desired
+set service dns forwarding ignore-hosts-file
+set service dns forwarding listen-address '172.16.254.30'
+set service dns forwarding listen-address '172.31.0.254'
+set service dns forwarding negative-ttl '60'
+set service lldp legacy-protocols cdp
+set service lldp snmp
+set service mdns repeater interface 'eth0.35'
+set service mdns repeater interface 'eth0.10'
+set service ntp allow-client address '172.16.0.0/12'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set service router-advert interface eth0.10 prefix ::/64 preferred-lifetime '2700'
+set service router-advert interface eth0.10 prefix ::/64 valid-lifetime '5400'
+set service router-advert interface eth0.20 prefix ::/64 preferred-lifetime '2700'
+set service router-advert interface eth0.20 prefix ::/64 valid-lifetime '5400'
+set service snmp community fooBar authorization 'ro'
+set service snmp community fooBar network '172.16.100.0/24'
+set service snmp contact 'VyOS maintainers and contributors <maintainers@vyos.io>'
+set service snmp listen-address 172.16.254.30 port '161'
+set service snmp location 'The Internet'
+set service ssh disable-host-validation
+set service ssh port '22'
+set system config-management commit-revisions '200'
+set system conntrack expect-table-size '2048'
+set system conntrack hash-size '32768'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system conntrack table-size '262144'
+set system conntrack timeout
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system name-server '172.16.254.30'
+set system option ctrl-alt-delete 'ignore'
+set system option reboot-on-panic
+set system option startup-beep
+set system syslog global facility all level 'debug'
+set system syslog global facility local7 level 'debug'
+set system syslog host 172.16.100.1 facility all level 'warning'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn
index 8c221707f..67af456f4 100644
--- a/smoketest/config-tests/dialup-router-medium-vpn
+++ b/smoketest/config-tests/dialup-router-medium-vpn
@@ -25,18 +25,12 @@ set high-availability vrrp sync-group failover-group member 'LAN'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 mtu '9000'
set interfaces ethernet eth0 offload gro
-set interfaces ethernet eth0 offload gso
-set interfaces ethernet eth0 offload sg
-set interfaces ethernet eth0 offload tso
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address '192.168.0.250/24'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 ip source-validation 'strict'
set interfaces ethernet eth1 mtu '9000'
set interfaces ethernet eth1 offload gro
-set interfaces ethernet eth1 offload gso
-set interfaces ethernet eth1 offload sg
-set interfaces ethernet eth1 offload tso
set interfaces ethernet eth1 speed 'auto'
set interfaces loopback lo
set interfaces openvpn vtun0 encryption ncp-ciphers 'aes256'
@@ -130,6 +124,7 @@ set interfaces wireguard wg0 peer red persistent-keepalive '20'
set interfaces wireguard wg0 peer red preshared-key 'CumyXX7osvUT9AwnS+m2TEfCaL0Ptc2LfuZ78Sujuk8='
set interfaces wireguard wg0 peer red public-key 'ALGWvMJCKpHF2tVH3hEIHqUe9iFfAmZATUUok/WQzks='
set interfaces wireguard wg0 port '7777'
+set interfaces wireguard wg0 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0='
set interfaces wireguard wg1 address '10.89.90.2/30'
set interfaces wireguard wg1 ip adjust-mss '1380'
set interfaces wireguard wg1 peer sam address '192.0.2.45'
@@ -140,6 +135,7 @@ set interfaces wireguard wg1 peer sam port '1200'
set interfaces wireguard wg1 peer sam preshared-key 'XpFtzx2Z+nR8pBv9/sSf7I94OkZkVYTz0AeU5Q/QQUE='
set interfaces wireguard wg1 peer sam public-key 'v5zfKGvH6W/lfDXJ0en96lvKo1gfFxMUWxe02+Fj5BU='
set interfaces wireguard wg1 port '7778'
+set interfaces wireguard wg1 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0='
set nat destination rule 50 destination port '49371'
set nat destination rule 50 inbound-interface name 'pppoe0'
set nat destination rule 50 protocol 'tcp_udp'
@@ -295,9 +291,18 @@ set service ssh listen-address '192.168.0.1'
set service ssh listen-address '192.168.10.1'
set service ssh listen-address '192.168.0.250'
set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system ip arp table-size '1024'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
set system name-server '192.168.0.1'
set system name-server 'pppoe0'
set system option ctrl-alt-delete 'ignore'
diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6
index 814a62d55..ff4bf89c2 100644
--- a/smoketest/config-tests/dialup-router-wireguard-ipv6
+++ b/smoketest/config-tests/dialup-router-wireguard-ipv6
@@ -1,207 +1,3 @@
-set interfaces dummy dum0 address '172.16.254.30/32'
-set interfaces ethernet eth0 vif 10 address '172.16.33.254/24'
-set interfaces ethernet eth0 vif 10 address '172.16.40.254/24'
-set interfaces ethernet eth0 vif 5 address '172.16.37.254/24'
-set interfaces ethernet eth0 vif 50 address '172.16.36.254/24'
-set interfaces ethernet eth0 ring-buffer rx '256'
-set interfaces ethernet eth0 ring-buffer tx '256'
-set interfaces ethernet eth1 offload gro
-set interfaces ethernet eth1 offload gso
-set interfaces ethernet eth1 offload sg
-set interfaces ethernet eth1 offload tso
-set interfaces ethernet eth1 vif 20 address '172.31.0.254/24'
-set interfaces ethernet eth2 disable
-set interfaces ethernet eth2 offload gro
-set interfaces ethernet eth2 offload gso
-set interfaces ethernet eth2 offload sg
-set interfaces ethernet eth2 offload tso
-set interfaces ethernet eth3 offload gro
-set interfaces ethernet eth3 offload gso
-set interfaces ethernet eth3 offload sg
-set interfaces ethernet eth3 offload tso
-set interfaces ethernet eth3 ring-buffer rx '256'
-set interfaces ethernet eth3 ring-buffer tx '256'
-set interfaces ethernet eth3 vif 7
-set interfaces loopback lo address '172.16.254.30/32'
-set interfaces pppoe pppoe0 authentication password 'vyos'
-set interfaces pppoe pppoe0 authentication username 'vyos'
-set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 address '1'
-set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 sla-id '10'
-set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 address '1'
-set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 sla-id '20'
-set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56'
-set interfaces pppoe pppoe0 ip adjust-mss '1452'
-set interfaces pppoe pppoe0 ipv6 address autoconf
-set interfaces pppoe pppoe0 ipv6 adjust-mss '1432'
-set interfaces pppoe pppoe0 no-peer-dns
-set interfaces pppoe pppoe0 source-interface 'eth3.7'
-set interfaces wireguard wg100 address '172.16.252.128/31'
-set interfaces wireguard wg100 mtu '1500'
-set interfaces wireguard wg100 peer HR6 address '100.65.151.213'
-set interfaces wireguard wg100 peer HR6 allowed-ips '0.0.0.0/0'
-set interfaces wireguard wg100 peer HR6 port '10100'
-set interfaces wireguard wg100 port '10100'
-set interfaces wireguard wg200 address '172.16.252.130/31'
-set interfaces wireguard wg200 mtu '1500'
-set interfaces wireguard wg200 peer WH56 address '80.151.69.205'
-set interfaces wireguard wg200 peer WH56 allowed-ips '0.0.0.0/0'
-set interfaces wireguard wg200 peer WH56 port '10200'
-set interfaces wireguard wg200 port '10200'
-set interfaces wireguard wg666 address '172.29.0.1/31'
-set interfaces wireguard wg666 mtu '1500'
-set interfaces wireguard wg666 peer WH34 address '100.65.55.1'
-set interfaces wireguard wg666 peer WH34 allowed-ips '0.0.0.0/0'
-set interfaces wireguard wg666 peer WH34 port '10666'
-set interfaces wireguard wg666 port '10666'
-set protocols ospf area 0 network '172.16.37.0/24'
-set protocols ospf area 0 network '172.16.254.30/32'
-set protocols ospf area 0 network '172.18.202.0/24'
-set protocols ospf area 0 network '172.18.203.0/24'
-set protocols ospf area 0 network '172.18.204.0/24'
-set protocols ospf interface eth0.5 authentication md5 key-id 10 md5-key 'ospf'
-set protocols ospf interface eth0.5 dead-interval '40'
-set protocols ospf interface eth0.5 hello-interval '10'
-set protocols ospf interface eth0.5 passive disable
-set protocols ospf interface eth0.5 priority '1'
-set protocols ospf interface eth0.5 retransmit-interval '5'
-set protocols ospf interface eth0.5 transmit-delay '1'
-set protocols ospf log-adjacency-changes detail
-set protocols ospf parameters router-id '172.16.254.30'
-set protocols ospf default-information originate always
-set protocols ospf default-information originate metric-type '2'
-set protocols ospf redistribute connected metric-type '2'
-set protocols ospf redistribute connected route-map 'MAP-OSPF-CONNECTED'
-set protocols static route 10.0.0.0/8 blackhole distance '254'
-set protocols static route 169.254.0.0/16 blackhole distance '254'
-set protocols static route 172.16.0.0/12 blackhole distance '254'
-set protocols static route 172.16.32.0/21 blackhole
-set protocols static route 172.18.0.0/16 blackhole
-set protocols static route 172.29.0.2/31 next-hop 172.29.0.0
-set protocols static route 192.168.0.0/16 blackhole distance '254'
-set protocols static route 192.168.189.0/24 next-hop 172.29.0.0
-set protocols static route6 2000::/3 interface pppoe0
-set protocols bfd peer 172.16.252.129
-set protocols bfd peer 172.16.252.131
-set protocols bfd peer 172.18.254.201
-set protocols bgp address-family ipv4-unicast network 172.16.32.0/21
-set protocols bgp address-family ipv4-unicast network 172.16.100.0/24
-set protocols bgp address-family ipv4-unicast network 172.16.252.128/31
-set protocols bgp address-family ipv4-unicast network 172.16.252.130/31
-set protocols bgp address-family ipv4-unicast network 172.16.254.30/32
-set protocols bgp address-family ipv4-unicast network 172.18.0.0/16
-set protocols bgp neighbor 172.16.252.129 peer-group 'WIREGUARD'
-set protocols bgp neighbor 172.16.252.131 peer-group 'WIREGUARD'
-set protocols bgp neighbor 172.18.254.201 address-family ipv4-unicast nexthop-self
-set protocols bgp neighbor 172.18.254.201 bfd
-set protocols bgp neighbor 172.18.254.201 remote-as '64503'
-set protocols bgp neighbor 172.18.254.201 update-source 'dum0'
-set protocols bgp parameters log-neighbor-changes
-set protocols bgp peer-group WIREGUARD address-family ipv4-unicast soft-reconfiguration inbound
-set protocols bgp peer-group WIREGUARD bfd
-set protocols bgp peer-group WIREGUARD remote-as 'external'
-set protocols bgp system-as '64503'
-set protocols bgp timers holdtime '30'
-set protocols bgp timers keepalive '10'
-set service lldp legacy-protocols cdp
-set service lldp legacy-protocols edp
-set service lldp legacy-protocols fdp
-set service lldp legacy-protocols sonmp
-set service lldp snmp
-set service ntp allow-client address '172.16.0.0/12'
-set service ntp server time1.vyos.net
-set service ntp server time2.vyos.net
-set service dhcp-server shared-network-name BACKBONE authoritative
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 lease '86400'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option default-router '172.16.37.254'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-name 'vyos.net'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-search 'vyos.net'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option name-server '172.16.254.30'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option ntp-server '172.16.254.30'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 start '172.16.37.120'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 stop '172.16.37.149'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 ip-address '172.16.37.231'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 mac '02:00:00:00:ee:18'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 ip-address '172.16.37.232'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 mac '02:00:00:00:52:84'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 ip-address '172.16.37.233'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 mac '02:00:00:00:51:c0'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 ip-address '172.16.37.234'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 mac '02:00:00:00:e6:fc'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 ip-address '172.16.37.235'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 mac '02:00:00:00:c3:50'
-set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 subnet-id '1'
-set service dhcp-server shared-network-name GUEST authoritative
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 lease '86400'
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option default-router '172.31.0.254'
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-name 'vyos.net'
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-search 'vyos.net'
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option name-server '172.31.0.254'
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 start '172.31.0.101'
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 stop '172.31.0.199'
-set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 subnet-id '2'
-set service dhcp-server shared-network-name LAN authoritative
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 lease '86400'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option default-router '172.16.33.254'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-name 'vyos.net'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-search 'vyos.net'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option name-server '172.16.254.30'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option ntp-server '172.16.254.30'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 start '172.16.33.100'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 stop '172.16.33.189'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four ip-address '172.16.33.214'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four mac '02:00:00:00:c4:33'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one ip-address '172.16.33.221'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one mac '02:00:00:00:eb:a6'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three ip-address '172.16.33.212'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three mac '02:00:00:00:12:c7'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two ip-address '172.16.33.211'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two mac '02:00:00:00:58:90'
-set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 subnet-id '3'
-set service dns dynamic name service-vyos-pppoe0 address interface 'pppoe0'
-set service dns dynamic name service-vyos-pppoe0 host-name 'r1.vyos.net'
-set service dns dynamic name service-vyos-pppoe0 password 'vyos'
-set service dns dynamic name service-vyos-pppoe0 protocol 'dyndns2'
-set service dns dynamic name service-vyos-pppoe0 server 'dyndns.vyos.io'
-set service dns dynamic name service-vyos-pppoe0 username 'vyos-vyos'
-set service dns forwarding allow-from '172.16.0.0/12'
-set service dns forwarding domain 16.172.in-addr.arpa addnta
-set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.10
-set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.20
-set service dns forwarding domain 16.172.in-addr.arpa recursion-desired
-set service dns forwarding domain 18.172.in-addr.arpa addnta
-set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.10
-set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.20
-set service dns forwarding domain 18.172.in-addr.arpa recursion-desired
-set service dns forwarding domain vyos.net addnta
-set service dns forwarding domain vyos.net name-server 172.16.100.10
-set service dns forwarding domain vyos.net name-server 172.16.100.20
-set service dns forwarding domain vyos.net recursion-desired
-set service dns forwarding ignore-hosts-file
-set service dns forwarding listen-address '172.16.254.30'
-set service dns forwarding listen-address '172.31.0.254'
-set service dns forwarding negative-ttl '60'
-set service router-advert interface eth0.10 prefix ::/64 preferred-lifetime '2700'
-set service router-advert interface eth0.10 prefix ::/64 valid-lifetime '5400'
-set service router-advert interface eth1.20 prefix ::/64 preferred-lifetime '2700'
-set service router-advert interface eth1.20 prefix ::/64 valid-lifetime '5400'
-set service snmp community ro-community authorization 'ro'
-set service snmp community ro-community network '172.16.100.0/24'
-set service snmp contact 'VyOS'
-set service snmp listen-address 172.16.254.30 port '161'
-set service snmp location 'CLOUD'
-set system conntrack expect-table-size '2048'
-set system conntrack hash-size '32768'
-set system conntrack table-size '262144'
-set system domain-name 'vyos.net'
-set system host-name 'r1'
-set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
-set system login user vyos authentication plaintext-password ''
-set system option ctrl-alt-delete 'ignore'
-set system option performance 'latency'
-set system option startup-beep
-set system syslog global facility all level 'debug'
-set system syslog host 172.16.100.1 facility all level 'warning'
-set system console device ttyS0 speed '115200'
set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options ip-src-route 'disable'
@@ -634,6 +430,67 @@ set firewall zone WAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6'
set firewall zone WAN from LOCAL firewall name 'LOCAL-WAN'
set firewall zone WAN interface 'pppoe0'
set firewall zone WAN interface 'wg666'
+set interfaces dummy dum0 address '172.16.254.30/32'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 ring-buffer rx '256'
+set interfaces ethernet eth0 ring-buffer tx '256'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth0 vif 5 address '172.16.37.254/24'
+set interfaces ethernet eth0 vif 10 address '172.16.33.254/24'
+set interfaces ethernet eth0 vif 10 address '172.16.40.254/24'
+set interfaces ethernet eth0 vif 50 address '172.16.36.254/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth1 vif 20 address '172.31.0.254/24'
+set interfaces ethernet eth2 disable
+set interfaces ethernet eth2 duplex 'auto'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth2 speed 'auto'
+set interfaces ethernet eth3 duplex 'auto'
+set interfaces ethernet eth3 offload gro
+set interfaces ethernet eth3 ring-buffer rx '256'
+set interfaces ethernet eth3 ring-buffer tx '256'
+set interfaces ethernet eth3 speed 'auto'
+set interfaces ethernet eth3 vif 7
+set interfaces loopback lo address '172.16.254.30/32'
+set interfaces pppoe pppoe0 authentication password 'vyos'
+set interfaces pppoe pppoe0 authentication username 'vyos'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 address '1'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 sla-id '10'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 address '1'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth1.20 sla-id '20'
+set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56'
+set interfaces pppoe pppoe0 ip adjust-mss '1452'
+set interfaces pppoe pppoe0 ipv6 address autoconf
+set interfaces pppoe pppoe0 ipv6 adjust-mss '1432'
+set interfaces pppoe pppoe0 no-peer-dns
+set interfaces pppoe pppoe0 source-interface 'eth3.7'
+set interfaces wireguard wg100 address '172.16.252.128/31'
+set interfaces wireguard wg100 mtu '1500'
+set interfaces wireguard wg100 peer HR6 address '100.65.151.213'
+set interfaces wireguard wg100 peer HR6 allowed-ips '0.0.0.0/0'
+set interfaces wireguard wg100 peer HR6 port '10100'
+set interfaces wireguard wg100 peer HR6 public-key 'yLpi+UZuI019bmWH2h5fX3gStbpPPPLgEoYMyrdkOnQ='
+set interfaces wireguard wg100 port '10100'
+set interfaces wireguard wg100 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0='
+set interfaces wireguard wg200 address '172.16.252.130/31'
+set interfaces wireguard wg200 mtu '1500'
+set interfaces wireguard wg200 peer WH56 address '80.151.69.205'
+set interfaces wireguard wg200 peer WH56 allowed-ips '0.0.0.0/0'
+set interfaces wireguard wg200 peer WH56 port '10200'
+set interfaces wireguard wg200 peer WH56 public-key 'XQbkj6vnKKBJfJQyThXysU0iGxCvEOEb31kpaZgkrD8='
+set interfaces wireguard wg200 port '10200'
+set interfaces wireguard wg200 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0='
+set interfaces wireguard wg666 address '172.29.0.1/31'
+set interfaces wireguard wg666 mtu '1500'
+set interfaces wireguard wg666 peer WH34 address '100.65.55.1'
+set interfaces wireguard wg666 peer WH34 allowed-ips '0.0.0.0/0'
+set interfaces wireguard wg666 peer WH34 port '10666'
+set interfaces wireguard wg666 peer WH34 public-key 'yaTN4+xAafKM04D+Baeg5GWfbdaw35TE9HQivwRgAk0='
+set interfaces wireguard wg666 port '10666'
+set interfaces wireguard wg666 private-key 'aGx+fvW916Ej7QRnBbW3QMoldhNv1u95/WHz45zDmF0='
set nat destination rule 8000 destination port '10000'
set nat destination rule 8000 inbound-interface name 'pppoe0'
set nat destination rule 8000 protocol 'udp'
@@ -667,8 +524,174 @@ set policy route-map MAP-OSPF-CONNECTED rule 20 action 'permit'
set policy route-map MAP-OSPF-CONNECTED rule 20 match interface 'eth0.10'
set policy route-map MAP-OSPF-CONNECTED rule 40 action 'permit'
set policy route-map MAP-OSPF-CONNECTED rule 40 match interface 'eth0.50'
+set protocols bfd peer 172.16.252.129
+set protocols bfd peer 172.16.252.131
+set protocols bfd peer 172.18.254.201
+set protocols bgp address-family ipv4-unicast network 172.16.32.0/21
+set protocols bgp address-family ipv4-unicast network 172.16.100.0/24
+set protocols bgp address-family ipv4-unicast network 172.16.252.128/31
+set protocols bgp address-family ipv4-unicast network 172.16.252.130/31
+set protocols bgp address-family ipv4-unicast network 172.16.254.30/32
+set protocols bgp address-family ipv4-unicast network 172.18.0.0/16
+set protocols bgp neighbor 172.16.252.129 peer-group 'WIREGUARD'
+set protocols bgp neighbor 172.16.252.131 peer-group 'WIREGUARD'
+set protocols bgp neighbor 172.18.254.201 address-family ipv4-unicast nexthop-self
+set protocols bgp neighbor 172.18.254.201 bfd
+set protocols bgp neighbor 172.18.254.201 remote-as '64503'
+set protocols bgp neighbor 172.18.254.201 update-source 'dum0'
+set protocols bgp parameters log-neighbor-changes
+set protocols bgp peer-group WIREGUARD address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp peer-group WIREGUARD bfd
+set protocols bgp peer-group WIREGUARD remote-as 'external'
+set protocols bgp system-as '64503'
+set protocols bgp timers holdtime '30'
+set protocols bgp timers keepalive '10'
+set protocols ospf area 0 network '172.16.254.30/32'
+set protocols ospf area 0 network '172.16.37.0/24'
+set protocols ospf area 0 network '172.18.201.0/24'
+set protocols ospf area 0 network '172.18.202.0/24'
+set protocols ospf area 0 network '172.18.203.0/24'
+set protocols ospf area 0 network '172.18.204.0/24'
+set protocols ospf default-information originate always
+set protocols ospf default-information originate metric-type '2'
+set protocols ospf interface eth0.5 authentication md5 key-id 10 md5-key 'ospf'
+set protocols ospf interface eth0.5 dead-interval '40'
+set protocols ospf interface eth0.5 hello-interval '10'
+set protocols ospf interface eth0.5 passive disable
+set protocols ospf interface eth0.5 priority '1'
+set protocols ospf interface eth0.5 retransmit-interval '5'
+set protocols ospf interface eth0.5 transmit-delay '1'
+set protocols ospf log-adjacency-changes detail
+set protocols ospf parameters abr-type 'cisco'
+set protocols ospf parameters router-id '172.16.254.30'
+set protocols ospf passive-interface 'default'
+set protocols ospf redistribute connected metric-type '2'
+set protocols ospf redistribute connected route-map 'MAP-OSPF-CONNECTED'
+set protocols static route 10.0.0.0/8 blackhole distance '254'
+set protocols static route 169.254.0.0/16 blackhole distance '254'
+set protocols static route 172.16.0.0/12 blackhole distance '254'
+set protocols static route 172.16.32.0/21 blackhole
+set protocols static route 172.18.0.0/16 blackhole
+set protocols static route 172.29.0.2/31 next-hop 172.29.0.0
+set protocols static route 192.168.0.0/16 blackhole distance '254'
+set protocols static route 192.168.189.0/24 next-hop 172.29.0.0
+set protocols static route6 2000::/3 interface pppoe0
set qos policy shaper QoS bandwidth '50mbit'
set qos policy shaper QoS default bandwidth '100%'
set qos policy shaper QoS default burst '15k'
set qos policy shaper QoS default queue-limit '1000'
set qos policy shaper QoS default queue-type 'fq-codel'
+set service dhcp-server shared-network-name BACKBONE authoritative
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 lease '86400'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option default-router '172.16.37.254'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-search 'vyos.net'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option name-server '172.16.254.30'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option ntp-server '172.16.254.30'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 start '172.16.37.120'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 stop '172.16.37.149'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 ip-address '172.16.37.231'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1 mac '02:00:00:00:ee:18'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 ip-address '172.16.37.232'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP2 mac '02:00:00:00:52:84'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 ip-address '172.16.37.233'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP3 mac '02:00:00:00:51:c0'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 ip-address '172.16.37.234'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP4 mac '02:00:00:00:e6:fc'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 ip-address '172.16.37.235'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP5 mac '02:00:00:00:c3:50'
+set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 subnet-id '1'
+set service dhcp-server shared-network-name GUEST authoritative
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 lease '86400'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option default-router '172.31.0.254'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-search 'vyos.net'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option name-server '172.31.0.254'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 start '172.31.0.101'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 stop '172.31.0.199'
+set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 subnet-id '2'
+set service dhcp-server shared-network-name LAN authoritative
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 lease '86400'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option default-router '172.16.33.254'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-search 'vyos.net'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option name-server '172.16.254.30'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option ntp-server '172.16.254.30'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 start '172.16.33.100'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 stop '172.16.33.189'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four ip-address '172.16.33.214'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping four mac '02:00:00:00:c4:33'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one ip-address '172.16.33.221'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping one mac '02:00:00:00:eb:a6'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three ip-address '172.16.33.212'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping three mac '02:00:00:00:12:c7'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two ip-address '172.16.33.211'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 static-mapping two mac '02:00:00:00:58:90'
+set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 subnet-id '3'
+set service dns dynamic name service-vyos-pppoe0 address interface 'pppoe0'
+set service dns dynamic name service-vyos-pppoe0 host-name 'r1.vyos.net'
+set service dns dynamic name service-vyos-pppoe0 password 'vyos'
+set service dns dynamic name service-vyos-pppoe0 protocol 'dyndns2'
+set service dns dynamic name service-vyos-pppoe0 server 'dyndns.vyos.io'
+set service dns dynamic name service-vyos-pppoe0 username 'vyos-vyos'
+set service dns forwarding allow-from '172.16.0.0/12'
+set service dns forwarding domain 16.172.in-addr.arpa addnta
+set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.10
+set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.20
+set service dns forwarding domain 16.172.in-addr.arpa recursion-desired
+set service dns forwarding domain 18.172.in-addr.arpa addnta
+set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.10
+set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.20
+set service dns forwarding domain 18.172.in-addr.arpa recursion-desired
+set service dns forwarding domain vyos.net addnta
+set service dns forwarding domain vyos.net name-server 172.16.100.10
+set service dns forwarding domain vyos.net name-server 172.16.100.20
+set service dns forwarding domain vyos.net recursion-desired
+set service dns forwarding ignore-hosts-file
+set service dns forwarding listen-address '172.16.254.30'
+set service dns forwarding listen-address '172.31.0.254'
+set service dns forwarding negative-ttl '60'
+set service lldp legacy-protocols cdp
+set service lldp legacy-protocols edp
+set service lldp legacy-protocols fdp
+set service lldp legacy-protocols sonmp
+set service lldp snmp
+set service ntp allow-client address '172.16.0.0/12'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service router-advert interface eth0.10 prefix ::/64 preferred-lifetime '2700'
+set service router-advert interface eth0.10 prefix ::/64 valid-lifetime '5400'
+set service router-advert interface eth1.20 prefix ::/64 preferred-lifetime '2700'
+set service router-advert interface eth1.20 prefix ::/64 valid-lifetime '5400'
+set service snmp community ro-community authorization 'ro'
+set service snmp community ro-community network '172.16.100.0/24'
+set service snmp contact 'VyOS'
+set service snmp listen-address 172.16.254.30 port '161'
+set service snmp location 'CLOUD'
+set service ssh disable-host-validation
+set service ssh port '22'
+set system config-management commit-revisions '200'
+set system conntrack expect-table-size '2048'
+set system conntrack hash-size '32768'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system conntrack table-size '262144'
+set system conntrack timeout
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'r1'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system name-server '172.16.254.30'
+set system option ctrl-alt-delete 'ignore'
+set system option performance 'latency'
+set system option reboot-on-panic
+set system option startup-beep
+set system syslog global facility all level 'debug'
+set system syslog global facility local7 level 'debug'
+set system syslog host 172.16.100.1 facility all level 'warning'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/egp-igp-route-maps b/smoketest/config-tests/egp-igp-route-maps
new file mode 100644
index 000000000..fc46d25ff
--- /dev/null
+++ b/smoketest/config-tests/egp-igp-route-maps
@@ -0,0 +1,46 @@
+set interfaces ethernet eth0 address '192.0.2.1/25'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 address '192.0.2.129/25'
+set interfaces ethernet eth1 address '2001:db8::1234/64'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set interfaces loopback lo
+set policy route-map zebra-bgp rule 10 action 'permit'
+set policy route-map zebra-isis rule 10 action 'permit'
+set policy route-map zebra-ospf rule 10 action 'permit'
+set policy route-map zebra-ospfv3 rule 10 action 'permit'
+set policy route-map zebra-ripng rule 10 action 'permit'
+set policy route-map zebra-static rule 10 action 'permit'
+set protocols bgp system-as '100'
+set protocols isis interface eth0
+set protocols isis net '49.0001.1921.6800.1002.00'
+set protocols ospf area 0 network '192.0.2.0/25'
+set protocols ospf area 0 network '192.0.2.128/25'
+set protocols ospf interface eth0 passive disable
+set protocols ospf interface eth1 passive disable
+set protocols ospf log-adjacency-changes
+set protocols ospf parameters abr-type 'cisco'
+set protocols ospf parameters router-id '1.1.1.1'
+set protocols ospf passive-interface 'default'
+set protocols ospfv3 area 0
+set protocols ospfv3 interface eth1 area '0'
+set protocols ospfv3 parameters router-id '1.1.1.1'
+set protocols ripng interface eth1
+set protocols static
+set system config-management commit-revisions '100'
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system ip protocol bgp route-map 'zebra-bgp'
+set system ip protocol isis route-map 'zebra-isis'
+set system ip protocol ospf route-map 'zebra-ospf'
+set system ip protocol static route-map 'zebra-static'
+set system ipv6 protocol ospfv3 route-map 'zebra-ospfv3'
+set system ipv6 protocol ripng route-map 'zebra-ripng'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system logs logrotate messages max-size '1'
+set system logs logrotate messages rotate '5'
+set system name-server '192.168.0.1'
+set system syslog global facility all level 'info'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/igmp-pim-small b/smoketest/config-tests/igmp-pim-small
index 207c17d45..909c3d67b 100644
--- a/smoketest/config-tests/igmp-pim-small
+++ b/smoketest/config-tests/igmp-pim-small
@@ -1,5 +1,12 @@
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address '100.64.0.1/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 address '172.16.0.2/24'
+set interfaces ethernet eth2 duplex 'auto'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth2 speed 'auto'
set protocols pim interface eth1 igmp join 224.1.0.0 source-address '1.1.1.1'
set protocols pim interface eth1 igmp join 224.1.0.0 source-address '1.1.1.2'
set protocols pim interface eth1 igmp query-interval '1000'
@@ -7,11 +14,24 @@ set protocols pim interface eth1 igmp query-max-response-time '30'
set protocols pim interface eth1 igmp version '2'
set protocols pim interface eth2
set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
set service ntp server 0.pool.ntp.org
set service ntp server 1.pool.ntp.org
set service ntp server 2.pool.ntp.org
+set system config-management commit-revisions '200'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
set system domain-name 'vyos.io'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
set system login user vyos authentication plaintext-password ''
-set system console device ttyS0 speed '115200'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/ipoe-server b/smoketest/config-tests/ipoe-server
index fb32fdb14..f4a12f502 100644
--- a/smoketest/config-tests/ipoe-server
+++ b/smoketest/config-tests/ipoe-server
@@ -1,9 +1,10 @@
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth1 address '192.168.0.1/24'
+set interfaces ethernet eth2 offload gro
set interfaces loopback lo
-set service ntp server time1.vyos.net
-set service ntp server time2.vyos.net
-set service ntp server time3.vyos.net
+set nat source rule 100 outbound-interface name 'eth0'
+set nat source rule 100 source address '192.168.0.0/24'
+set nat source rule 100 translation address 'masquerade'
set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 rate-limit download '1000'
set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 rate-limit upload '500'
set service ipoe-server authentication interface eth1 mac 08:00:27:2f:d8:06 vlan '100'
@@ -25,11 +26,23 @@ set service ipoe-server name-server '10.10.1.1'
set service ipoe-server name-server '10.10.1.2'
set service ipoe-server name-server '2001:db8:aaa::'
set service ipoe-server name-server '2001:db8:bbb::'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ntp server time3.vyos.net
+set service ssh
set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
set system login user vyos authentication plaintext-password ''
-set system console device ttyS0 speed '115200'
-set nat source rule 100 outbound-interface name 'eth0'
-set nat source rule 100 source address '192.168.0.0/24'
-set nat source rule 100 translation address 'masquerade'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/ipv6-disable b/smoketest/config-tests/ipv6-disable
new file mode 100644
index 000000000..40e34fa0c
--- /dev/null
+++ b/smoketest/config-tests/ipv6-disable
@@ -0,0 +1,31 @@
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth0 vif 201 address '172.18.201.10/24'
+set interfaces ethernet eth0 vif 202 address '172.18.202.10/24'
+set interfaces ethernet eth0 vif 203 address '172.18.203.10/24'
+set interfaces ethernet eth0 vif 204 address '172.18.204.10/24'
+set protocols static route 0.0.0.0/0 next-hop 172.18.201.254 distance '10'
+set protocols static route 0.0.0.0/0 next-hop 172.18.202.254 distance '20'
+set protocols static route 0.0.0.0/0 next-hop 172.18.203.254 distance '30'
+set protocols static route 0.0.0.0/0 next-hop 172.18.204.254 distance '40'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 172.16.254.20
+set service ntp server 172.16.254.30
+set system config-management commit-revisions '200'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system name-server '172.16.254.20'
+set system name-server '172.16.254.30'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/isis-small b/smoketest/config-tests/isis-small
new file mode 100644
index 000000000..b322f4e29
--- /dev/null
+++ b/smoketest/config-tests/isis-small
@@ -0,0 +1,44 @@
+set interfaces dummy dum0 address '203.0.113.1/24'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 offload sg
+set interfaces ethernet eth0 offload tso
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 address '192.0.2.1/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 offload sg
+set interfaces ethernet eth1 offload tso
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth2 duplex 'auto'
+set interfaces ethernet eth2 offload sg
+set interfaces ethernet eth2 offload tso
+set interfaces ethernet eth2 speed 'auto'
+set interfaces ethernet eth3 duplex 'auto'
+set interfaces ethernet eth3 offload sg
+set interfaces ethernet eth3 offload tso
+set interfaces ethernet eth3 speed 'auto'
+set policy prefix-list EXPORT-ISIS rule 10 action 'permit'
+set policy prefix-list EXPORT-ISIS rule 10 prefix '203.0.113.0/24'
+set policy route-map EXPORT-ISIS rule 10 action 'permit'
+set policy route-map EXPORT-ISIS rule 10 match ip address prefix-list 'EXPORT-ISIS'
+set protocols isis interface eth1 bfd
+set protocols isis net '49.0001.1921.6800.1002.00'
+set protocols isis redistribute ipv4 connected level-2 route-map 'EXPORT-ISIS'
+set system config-management commit-revisions '200'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.io'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ntp server time3.vyos.net
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/nat-basic b/smoketest/config-tests/nat-basic
index 9fea08b02..471add3b3 100644
--- a/smoketest/config-tests/nat-basic
+++ b/smoketest/config-tests/nat-basic
@@ -1,25 +1,17 @@
-set interfaces ethernet eth0 offload rps
+set interfaces bonding bond10 hash-policy 'layer3+4'
+set interfaces bonding bond10 member interface 'eth2'
+set interfaces bonding bond10 member interface 'eth3'
+set interfaces bonding bond10 mode '802.3ad'
+set interfaces bonding bond10 vif 50 address '192.168.189.1/24'
set interfaces ethernet eth0 disable
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 offload rps
set interfaces ethernet eth1 offload gro
-set interfaces ethernet eth1 offload gso
set interfaces ethernet eth1 offload rps
-set interfaces ethernet eth1 offload sg
-set interfaces ethernet eth1 offload tso
set interfaces ethernet eth2 offload gro
-set interfaces ethernet eth2 offload gso
set interfaces ethernet eth2 offload rps
-set interfaces ethernet eth2 offload sg
-set interfaces ethernet eth2 offload tso
set interfaces ethernet eth3 offload gro
-set interfaces ethernet eth3 offload gso
set interfaces ethernet eth3 offload rps
-set interfaces ethernet eth3 offload sg
-set interfaces ethernet eth3 offload tso
-set interfaces bonding bond10 hash-policy 'layer3+4'
-set interfaces bonding bond10 member interface 'eth2'
-set interfaces bonding bond10 member interface 'eth3'
-set interfaces bonding bond10 mode '802.3ad'
-set interfaces bonding bond10 vif 50 address '192.168.189.1/24'
set interfaces loopback lo
set interfaces pppoe pppoe7 authentication password 'vyos'
set interfaces pppoe pppoe7 authentication username 'vyos'
@@ -31,30 +23,6 @@ set interfaces pppoe pppoe7 ipv6 adjust-mss '1432'
set interfaces pppoe pppoe7 mtu '1492'
set interfaces pppoe pppoe7 no-peer-dns
set interfaces pppoe pppoe7 source-interface 'eth1'
-set service lldp interface eth1 disable
-set service ntp allow-client address '192.168.189.0/24'
-set service ntp server time1.vyos.net
-set service ntp server time2.vyos.net
-set service ntp listen-address '192.168.189.1'
-set service ssh dynamic-protection
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 lease '604800'
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option default-router '192.168.189.1'
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option domain-name 'vyos.net'
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '1.1.1.1'
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '9.9.9.9'
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 start '192.168.189.20'
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 stop '192.168.189.254'
-set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 subnet-id '1'
-set service router-advert interface bond10.50 prefix ::/64 preferred-lifetime '2700'
-set service router-advert interface bond10.50 prefix ::/64 valid-lifetime '5400'
-set system config-management commit-revisions '100'
-set system domain-name 'vyos.net'
-set system host-name 'R1'
-set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
-set system login user vyos authentication plaintext-password ''
-set system name-server '1.1.1.1'
-set system name-server '9.9.9.9'
-set system console device ttyS0 speed '115200'
set nat destination rule 1000 destination port '3389'
set nat destination rule 1000 inbound-interface name 'pppoe7'
set nat destination rule 1000 protocol 'tcp'
@@ -83,3 +51,38 @@ set nat source rule 50 translation port '10300'
set nat source rule 100 outbound-interface name 'pppoe7'
set nat source rule 100 source address '192.168.189.0/24'
set nat source rule 100 translation address 'masquerade'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 lease '604800'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option default-router '192.168.189.1'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option domain-name 'vyos.net'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '1.1.1.1'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '9.9.9.9'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 start '192.168.189.20'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 stop '192.168.189.254'
+set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 subnet-id '1'
+set service lldp interface all
+set service lldp interface eth1 disable
+set service ntp allow-client address '192.168.189.0/24'
+set service ntp listen-address '192.168.189.1'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service router-advert interface bond10.50 prefix ::/64 preferred-lifetime '2700'
+set service router-advert interface bond10.50 prefix ::/64 valid-lifetime '5400'
+set service ssh disable-host-validation
+set service ssh dynamic-protection
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'R1'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system name-server '1.1.1.1'
+set system name-server '9.9.9.9'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/ospf-simple b/smoketest/config-tests/ospf-simple
index 13d5e7038..355709448 100644
--- a/smoketest/config-tests/ospf-simple
+++ b/smoketest/config-tests/ospf-simple
@@ -1,9 +1,11 @@
set interfaces ethernet eth0 vif 20 address '193.201.42.173/28'
set interfaces ethernet eth0 vif 666 address '10.66.66.1/24'
+set interfaces ethernet eth1
+set interfaces ethernet eth2
set interfaces loopback lo
-set protocols ospf area 0 network '10.66.66.0/24'
-set protocols ospf area 0 network '193.201.42.160/28'
set protocols ospf area 0 area-type normal
+set protocols ospf area 0 network '193.201.42.160/28'
+set protocols ospf area 0 network '10.66.66.0/24'
set protocols ospf interface eth0.20 cost '999'
set protocols ospf interface eth0.20 dead-interval '4'
set protocols ospf interface eth0.20 hello-interval '1'
@@ -14,7 +16,9 @@ set protocols ospf interface eth0.666 passive
set protocols ospf log-adjacency-changes detail
set protocols static route 0.0.0.0/0 next-hop 193.201.42.170 distance '130'
set system config-management commit-revisions '100'
+set system console device ttyS0 speed '115200'
set system host-name 'lab-vyos-r1'
set system login user vyos authentication encrypted-password '$6$R.OnGzfXSfl6J$Iba/hl9bmjBs0VPtZ2zdW.Snh/nHuvxUwi0R6ruypgW63iKEbicJH.uUst8xZCyByURblxRtjAC1lAnYfIt.b0'
set system login user vyos authentication plaintext-password ''
-set system console device ttyS0 speed '115200'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/ospf-small b/smoketest/config-tests/ospf-small
new file mode 100644
index 000000000..a7f8b682c
--- /dev/null
+++ b/smoketest/config-tests/ospf-small
@@ -0,0 +1,82 @@
+set interfaces dummy dum0 address '172.18.254.200/32'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth0 vif 201 address '172.18.201.9/24'
+set interfaces ethernet eth0 vif 202 address '172.18.202.9/24'
+set interfaces ethernet eth0 vif 203 address '172.18.203.9/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set protocols ospf area 0 network '172.18.201.0/24'
+set protocols ospf area 0 network '172.18.202.0/24'
+set protocols ospf area 0 network '172.18.203.0/24'
+set protocols ospf area 0 network '172.18.254.200/32'
+set protocols ospf interface eth0.201 authentication md5 key-id 10 md5-key 'OSPFVyOSNET'
+set protocols ospf interface eth0.201 dead-interval '40'
+set protocols ospf interface eth0.201 hello-interval '10'
+set protocols ospf interface eth0.201 passive disable
+set protocols ospf interface eth0.201 priority '1'
+set protocols ospf interface eth0.201 retransmit-interval '5'
+set protocols ospf interface eth0.201 transmit-delay '1'
+set protocols ospf interface eth0.202 authentication md5 key-id 10 md5-key 'OSPFVyOSNET'
+set protocols ospf interface eth0.202 dead-interval '40'
+set protocols ospf interface eth0.202 hello-interval '10'
+set protocols ospf interface eth0.202 passive disable
+set protocols ospf interface eth0.202 priority '1'
+set protocols ospf interface eth0.202 retransmit-interval '5'
+set protocols ospf interface eth0.202 transmit-delay '1'
+set protocols ospf interface eth0.203 authentication md5 key-id 10 md5-key 'OSPFVyOSNET'
+set protocols ospf interface eth0.203 dead-interval '40'
+set protocols ospf interface eth0.203 hello-interval '10'
+set protocols ospf interface eth0.203 passive disable
+set protocols ospf interface eth0.203 priority '1'
+set protocols ospf interface eth0.203 retransmit-interval '5'
+set protocols ospf interface eth0.203 transmit-delay '1'
+set protocols ospf log-adjacency-changes
+set protocols ospf parameters abr-type 'cisco'
+set protocols ospf parameters router-id '172.18.254.200'
+set protocols ospf passive-interface 'default'
+set protocols ospfv3 area 0.0.0.0
+set protocols ospfv3 interface eth0.201 area '0.0.0.0'
+set protocols ospfv3 interface eth0.201 bfd
+set protocols ospfv3 interface eth0.201 cost '40'
+set protocols ospfv3 interface eth0.202 area '0.0.0.0'
+set protocols ospfv3 interface eth0.202 bfd
+set protocols ospfv3 interface eth0.202 cost '40'
+set protocols ospfv3 interface eth0.203 area '0.0.0.0'
+set protocols ospfv3 interface eth0.203 bfd
+set protocols ospfv3 interface eth0.203 cost '40'
+set protocols ospfv3 interface eth1 area '0.0.0.0'
+set protocols ospfv3 interface eth1 bfd
+set protocols ospfv3 interface eth1 cost '60'
+set protocols ospfv3 interface eth1 mtu-ignore
+set protocols ospfv3 interface eth1 network 'broadcast'
+set protocols ospfv3 interface eth1 priority '20'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ssh disable-host-validation
+set service ssh port '22'
+set system config-management commit-revisions '200'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system name-server '172.16.254.30'
+set system sysctl parameter net.ipv4.conf.eth0.tag value '1'
+set system sysctl parameter net.ipv4.conf.eth1.tag value '1'
+set system sysctl parameter net.ipv4.igmp_max_memberships value '5'
+set system sysctl parameter net.ipv4.ipfrag_time value '4'
+set system sysctl parameter net.mpls.default_ttl value '10'
+set system sysctl parameter net.mpls.ip_ttl_propagate value '0'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/pppoe-server b/smoketest/config-tests/pppoe-server
new file mode 100644
index 000000000..34fbea215
--- /dev/null
+++ b/smoketest/config-tests/pppoe-server
@@ -0,0 +1,47 @@
+set interfaces ethernet eth0 address 'dhcp'
+set interfaces ethernet eth1 address '192.168.0.1/24'
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth2 speed 'auto'
+set interfaces ethernet eth2 duplex 'auto'
+set interfaces loopback lo
+set nat source rule 100 outbound-interface name 'eth0'
+set nat source rule 100 source address '192.168.0.0/24'
+set nat source rule 100 translation address 'masquerade'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set service pppoe-server access-concentrator 'ACN'
+set service pppoe-server authentication local-users username foo password 'bar'
+set service pppoe-server authentication local-users username foo rate-limit download '20480'
+set service pppoe-server authentication local-users username foo rate-limit upload '10240'
+set service pppoe-server authentication mode 'local'
+set service pppoe-server client-ip-pool default-range-pool range '10.0.0.0/24'
+set service pppoe-server client-ip-pool default-range-pool range '10.0.1.0/24'
+set service pppoe-server client-ip-pool default-range-pool range '10.0.2.0/24'
+set service pppoe-server default-pool 'default-range-pool'
+set service pppoe-server gateway-address '192.168.0.2'
+set service pppoe-server interface eth1
+set service pppoe-server interface eth2 vlan '10'
+set service pppoe-server interface eth2 vlan '20'
+set service pppoe-server interface eth2 vlan '30-40'
+set service pppoe-server interface eth2 vlan '50-60'
+set service pppoe-server name-server '192.168.0.1'
+set service pppoe-server ppp-options disable-ccp
+set service ssh
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/qos-basic b/smoketest/config-tests/qos-basic
new file mode 100644
index 000000000..0e198b80c
--- /dev/null
+++ b/smoketest/config-tests/qos-basic
@@ -0,0 +1,75 @@
+set interfaces ethernet eth0 address '10.1.1.100/24'
+set interfaces ethernet eth1 address '10.2.1.1/24'
+set interfaces ethernet eth2 address '10.9.9.1/24'
+set interfaces ethernet eth2 vif 200
+set interfaces loopback lo
+set qos interface eth0 egress 'FS'
+set qos interface eth1 egress 'ISPC'
+set qos interface eth2 egress 'MY-HTB'
+set qos interface eth2.200 egress 'foo-emulate'
+set qos policy network-emulator foo-emulate bandwidth '300mbit'
+set qos policy shaper FS bandwidth 'auto'
+set qos policy shaper FS class 10 bandwidth '100%'
+set qos policy shaper FS class 10 burst '15k'
+set qos policy shaper FS class 10 match ADDRESS10 ip source address '172.17.1.2/32'
+set qos policy shaper FS class 10 queue-type 'fair-queue'
+set qos policy shaper FS class 20 bandwidth '100%'
+set qos policy shaper FS class 20 burst '15k'
+set qos policy shaper FS class 20 match ADDRESS20 ip source address '172.17.1.3/32'
+set qos policy shaper FS class 20 queue-type 'fair-queue'
+set qos policy shaper FS class 30 bandwidth '100%'
+set qos policy shaper FS class 30 burst '15k'
+set qos policy shaper FS class 30 match ADDRESS30 ip source address '172.17.1.4/32'
+set qos policy shaper FS class 30 queue-type 'fair-queue'
+set qos policy shaper FS default bandwidth '10%'
+set qos policy shaper FS default burst '15k'
+set qos policy shaper FS default ceiling '100%'
+set qos policy shaper FS default priority '7'
+set qos policy shaper FS default queue-type 'fair-queue'
+set qos policy shaper ISPC bandwidth '600mbit'
+set qos policy shaper ISPC default bandwidth '50%'
+set qos policy shaper ISPC default burst '768k'
+set qos policy shaper ISPC default ceiling '100%'
+set qos policy shaper ISPC default queue-type 'fq-codel'
+set qos policy shaper ISPC description 'Outbound Traffic Shaper - ISPC'
+set qos policy shaper MY-HTB bandwidth '10mbit'
+set qos policy shaper MY-HTB class 30 bandwidth '10%'
+set qos policy shaper MY-HTB class 30 burst '15k'
+set qos policy shaper MY-HTB class 30 ceiling '50%'
+set qos policy shaper MY-HTB class 30 match ADDRESS30 ip source address '10.1.1.0/24'
+set qos policy shaper MY-HTB class 30 priority '5'
+set qos policy shaper MY-HTB class 30 queue-type 'fair-queue'
+set qos policy shaper MY-HTB class 40 bandwidth '90%'
+set qos policy shaper MY-HTB class 40 burst '15k'
+set qos policy shaper MY-HTB class 40 ceiling '100%'
+set qos policy shaper MY-HTB class 40 match ADDRESS40 ip source address '10.2.1.0/24'
+set qos policy shaper MY-HTB class 40 priority '5'
+set qos policy shaper MY-HTB class 40 queue-type 'fair-queue'
+set qos policy shaper MY-HTB class 50 bandwidth '100%'
+set qos policy shaper MY-HTB class 50 burst '15k'
+set qos policy shaper MY-HTB class 50 match ADDRESS50 ipv6 source address '2001:db8::1/64'
+set qos policy shaper MY-HTB class 50 queue-type 'fair-queue'
+set qos policy shaper MY-HTB default bandwidth '10%'
+set qos policy shaper MY-HTB default burst '15k'
+set qos policy shaper MY-HTB default ceiling '100%'
+set qos policy shaper MY-HTB default priority '7'
+set qos policy shaper MY-HTB default queue-type 'fair-queue'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ntp server time3.vyos.net
+set system config-management commit-revisions '10'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/rip-router b/smoketest/config-tests/rip-router
new file mode 100644
index 000000000..829aafbd5
--- /dev/null
+++ b/smoketest/config-tests/rip-router
@@ -0,0 +1,83 @@
+set interfaces dummy dum0 address '192.0.2.0/32'
+set interfaces ethernet eth0 address '172.18.202.10/24'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth1 vif 20
+set interfaces ethernet eth1 vif-s 200 vif-c 2000
+set interfaces ethernet eth1 vif-s 200 vif-c 3000
+set policy access-list6 198 rule 10 action 'permit'
+set policy access-list6 198 rule 10 source any
+set policy access-list6 199 rule 20 action 'deny'
+set policy access-list6 199 rule 20 source any
+set policy prefix-list6 bar-prefix rule 200 action 'deny'
+set policy prefix-list6 bar-prefix rule 200 prefix '2001:db8::/32'
+set policy prefix-list6 foo-prefix rule 100 action 'permit'
+set policy prefix-list6 foo-prefix rule 100 prefix '2001:db8::/32'
+set policy route-map FooBar123 rule 10 action 'permit'
+set protocols rip default-distance '20'
+set protocols rip default-information originate
+set protocols rip interface eth0 authentication md5 1 password 'VyOSsecure'
+set protocols rip interface eth0 split-horizon poison-reverse
+set protocols rip interface eth1.20 authentication plaintext-password 'VyOSsecure'
+set protocols rip interface eth1.20 split-horizon poison-reverse
+set protocols rip interface eth1.200 authentication md5 1 password 'VyOSsecure'
+set protocols rip interface eth1.200 split-horizon disable
+set protocols rip interface eth1.200.2000 authentication md5 1 password 'VyOSsecure'
+set protocols rip interface eth1.200.3000 split-horizon disable
+set protocols rip network '192.168.0.0/24'
+set protocols rip redistribute connected
+set protocols ripng aggregate-address '2001:db8:1000::/48'
+set protocols ripng default-information originate
+set protocols ripng default-metric '8'
+set protocols ripng distribute-list access-list in '198'
+set protocols ripng distribute-list access-list out '199'
+set protocols ripng distribute-list interface eth0 access-list in '198'
+set protocols ripng distribute-list interface eth0 access-list out '199'
+set protocols ripng distribute-list interface eth0 prefix-list in 'foo-prefix'
+set protocols ripng distribute-list interface eth0 prefix-list out 'bar-prefix'
+set protocols ripng distribute-list interface eth1 access-list in '198'
+set protocols ripng distribute-list interface eth1 access-list out '199'
+set protocols ripng distribute-list interface eth1 prefix-list in 'foo-prefix'
+set protocols ripng distribute-list interface eth1 prefix-list out 'bar-prefix'
+set protocols ripng distribute-list interface eth2 access-list in '198'
+set protocols ripng distribute-list interface eth2 access-list out '199'
+set protocols ripng distribute-list interface eth2 prefix-list in 'foo-prefix'
+set protocols ripng distribute-list interface eth2 prefix-list out 'bar-prefix'
+set protocols ripng distribute-list prefix-list in 'foo-prefix'
+set protocols ripng distribute-list prefix-list out 'bar-prefix'
+set protocols ripng interface eth0 split-horizon poison-reverse
+set protocols ripng interface eth1.20 split-horizon disable
+set protocols ripng interface eth1.200 split-horizon poison-reverse
+set protocols ripng interface eth1.200.3000 split-horizon poison-reverse
+set protocols ripng network '2001:db8:1000::/64'
+set protocols ripng network '2001:db8:1001::/64'
+set protocols ripng network '2001:db8:2000::/64'
+set protocols ripng network '2001:db8:2001::/64'
+set protocols ripng passive-interface 'default'
+set protocols ripng redistribute connected metric '8'
+set protocols ripng redistribute connected route-map 'FooBar123'
+set protocols ripng redistribute static metric '8'
+set protocols ripng redistribute static route-map 'FooBar123'
+set protocols ripng route '2001:db8:1000::/64'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set service ssh port '22'
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/rpki-only b/smoketest/config-tests/rpki-only
index 569463b12..dcbc7673d 100644
--- a/smoketest/config-tests/rpki-only
+++ b/smoketest/config-tests/rpki-only
@@ -1,5 +1,7 @@
set interfaces ethernet eth0 address '192.0.2.1/24'
set interfaces ethernet eth0 address '2001:db8::1/64'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
set interfaces loopback lo
set pki openssh rpki-5.6.7.8 private key 'b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAweDyflDFR4qyEwETbJkZ2ZZc+sJNiDTvYpwGsWIkju49lJSxHe1xKf8FhwfyMu40Snt1yDlRmmmz4CsbLgbuZGMPvXG11e34+C0pSVUvpF6aqRTeLl1pDRK7Rnjgm3su+I8SRLQR4qbLG6VXWOFuVpwiqbExLaU0hFYTPNP+dArNpsWEEKsohk6pTXdhg3VzWp3vCMjl2JTshDa3lD7p2xISSAReEY0fnfEAmQzH4Z6DIwwGdFuMWoQIg+oFBM9ARrO2/FIjRsz6AecR/WeU72JEw4aJic1/cAJQA6PiQBHwkuo3Wll1tbpxeRZoB2NQG22ETyJLvhfTaooNLT9HpQAAA8joU5dM6FOXTAAAAAdzc2gtcnNhAAABAQDB4PJ+UMVHirITARNsmRnZllz6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVhM80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfhnoMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6jdaWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0elAAAAAwEAAQAAAQACkDlUjzfUhtJs6uY5WNrdJB5NmHUS+HQzzxFNlhkapK6+wKqI1UNaRUtq6iF7J+gcFf7MK2nXS098BsXguWm8fQzPuemoDvHsQhiaJhyvpSqRUrvPTB/f8t/0AhQiKiJIWgfpTaIw53inAGwjujNNxNm2eafHTThhCYxOkRT7rsT6bnSio6yeqPy5QHg7IKFztp5FXDUyiOS3aX3SvzQcDUkMXALdvzX50t1XIk+X48Rgkq72dL4VpV2oMNDu3hM6FqBUplf9Mv3s51FNSma/cibCQoVufrIfoqYjkNTjIpYFUcq4zZ0/KvgXgzSsy9VN/4TtbalrOuu7X/SHJbvhAAAAgGPFsXgONYQvXxCnK1dIueozgaZg1I/n522E2ZCOXBW4dYJVyNpppwRreDzuFzTDEe061MpNHfScjVBJCCulivFYWscL6oaGsryDbFxO3QmB4I98UBqrds2yan9/JGc6EYe299yvaHy7Y64+NC0+fN8H2RAZ61T4w10JrCaJRyvzAAAAgQDvBfuV1U7o9k/fbU+U7W2UYnWblpOZAMfi1XQP6IJJeyWs90PdTdXh+l0eIQrCawIiRJytNfxMmbD4huwTf77fWiyCcPznmALQ7ex/yJ+W5Z0V4dPGF3h7o1uiS236JhQ7mfcliCkhp/1PIklBIMPcCp0zl+s9wMv2hX7w1Pah9QAAAIEAz6YgU9Xute+J+dBwoWxEQ+igR6KE55Um7O9AvSrqnCm9r7lSFsXC2ErYOxoDSJ3yIBEV0b4XAGn6tbbVIs3jS8BnLHxclAHQecOx1PGn7PKbnPW0oJRq/X9QCIEelKYvlykpayn7uZooTXqcDaPZxfPpmPdye8chVJvdygi7kPEAAAAMY3BvQExSMS53dWUzAQIDBAUGBw=='
set pki openssh rpki-5.6.7.8 public key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDB4PJ+UMVHirITARNsmRnZllz6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVhM80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfhnoMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6jdaWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0el'
@@ -14,6 +16,7 @@ set policy route-map ROUTES-IN rule 30 action 'deny'
set policy route-map ROUTES-IN rule 30 match rpki 'invalid'
set protocols bgp neighbor 192.0.2.200 address-family ipv4-unicast route-map import 'ROUTES-IN'
set protocols bgp neighbor 192.0.2.200 remote-as '200'
+set protocols bgp neighbor 2001:db8::200 address-family ipv4-unicast
set protocols bgp neighbor 2001:db8::200 address-family ipv6-unicast route-map import 'ROUTES-IN'
set protocols bgp neighbor 2001:db8::200 remote-as '200'
set protocols bgp system-as '100'
@@ -23,8 +26,17 @@ set protocols rpki cache 5.6.7.8 port '2222'
set protocols rpki cache 5.6.7.8 preference '20'
set protocols rpki cache 5.6.7.8 ssh key 'rpki-5.6.7.8'
set protocols rpki cache 5.6.7.8 ssh username 'vyos'
+set system config-management commit-revisions '200'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
set system login user vyos authentication plaintext-password ''
set system syslog global facility all level 'debug'
-set system console device ttyS0 speed '115200'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/tunnel-broker b/smoketest/config-tests/tunnel-broker
new file mode 100644
index 000000000..ee6301c85
--- /dev/null
+++ b/smoketest/config-tests/tunnel-broker
@@ -0,0 +1,75 @@
+set interfaces dummy dum0 address '192.0.2.0/32'
+set interfaces dummy dum1 address '192.0.2.1/32'
+set interfaces dummy dum2 address '192.0.2.2/32'
+set interfaces dummy dum3 address '192.0.2.3/32'
+set interfaces dummy dum4 address '192.0.2.4/32'
+set interfaces ethernet eth0 address '172.18.202.10/24'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces l2tpv3 l2tpeth10 destination-port '5010'
+set interfaces l2tpv3 l2tpeth10 encapsulation 'ip'
+set interfaces l2tpv3 l2tpeth10 peer-session-id '110'
+set interfaces l2tpv3 l2tpeth10 peer-tunnel-id '10'
+set interfaces l2tpv3 l2tpeth10 remote '172.18.202.110'
+set interfaces l2tpv3 l2tpeth10 session-id '110'
+set interfaces l2tpv3 l2tpeth10 source-address '172.18.202.10'
+set interfaces l2tpv3 l2tpeth10 source-port '5010'
+set interfaces l2tpv3 l2tpeth10 tunnel-id '10'
+set interfaces l2tpv3 l2tpeth20 destination-port '5020'
+set interfaces l2tpv3 l2tpeth20 encapsulation 'ip'
+set interfaces l2tpv3 l2tpeth20 peer-session-id '120'
+set interfaces l2tpv3 l2tpeth20 peer-tunnel-id '20'
+set interfaces l2tpv3 l2tpeth20 remote '172.18.202.120'
+set interfaces l2tpv3 l2tpeth20 session-id '120'
+set interfaces l2tpv3 l2tpeth20 source-address '172.18.202.10'
+set interfaces l2tpv3 l2tpeth20 source-port '5020'
+set interfaces l2tpv3 l2tpeth20 tunnel-id '20'
+set interfaces l2tpv3 l2tpeth30 destination-port '5030'
+set interfaces l2tpv3 l2tpeth30 encapsulation 'ip'
+set interfaces l2tpv3 l2tpeth30 peer-session-id '130'
+set interfaces l2tpv3 l2tpeth30 peer-tunnel-id '30'
+set interfaces l2tpv3 l2tpeth30 remote '172.18.202.130'
+set interfaces l2tpv3 l2tpeth30 session-id '130'
+set interfaces l2tpv3 l2tpeth30 source-address '172.18.202.10'
+set interfaces l2tpv3 l2tpeth30 source-port '5030'
+set interfaces l2tpv3 l2tpeth30 tunnel-id '30'
+set interfaces tunnel tun100 address '172.16.0.1/30'
+set interfaces tunnel tun100 encapsulation 'gretap'
+set interfaces tunnel tun100 remote '192.0.2.100'
+set interfaces tunnel tun100 source-address '192.0.2.1'
+set interfaces tunnel tun200 address '172.16.0.5/30'
+set interfaces tunnel tun200 encapsulation 'gre'
+set interfaces tunnel tun200 remote '192.0.2.101'
+set interfaces tunnel tun200 source-interface 'eth0'
+set interfaces tunnel tun300 address '172.16.0.9/30'
+set interfaces tunnel tun300 encapsulation 'ipip'
+set interfaces tunnel tun300 remote '192.0.2.102'
+set interfaces tunnel tun300 source-address '192.0.2.2'
+set interfaces tunnel tun400 address '172.16.0.13/30'
+set interfaces tunnel tun400 encapsulation 'gretap'
+set interfaces tunnel tun400 remote '192.0.2.103'
+set interfaces tunnel tun400 source-address '192.0.2.3'
+set interfaces tunnel tun500 address '172.16.0.17/30'
+set interfaces tunnel tun500 encapsulation 'gre'
+set interfaces tunnel tun500 remote '192.0.2.104'
+set interfaces tunnel tun500 source-address '192.0.2.4'
+set protocols static route 0.0.0.0/0 next-hop 172.18.202.254
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
diff --git a/smoketest/config-tests/vpn-openconnect-sstp b/smoketest/config-tests/vpn-openconnect-sstp
new file mode 100644
index 000000000..28d7d5daa
--- /dev/null
+++ b/smoketest/config-tests/vpn-openconnect-sstp
@@ -0,0 +1,35 @@
+set interfaces ethernet eth0 address '192.168.150.1/24'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server time1.vyos.net
+set service ntp server time2.vyos.net
+set service ntp server time3.vyos.net
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set vpn openconnect authentication local-users username test password 'test'
+set vpn openconnect authentication mode local 'password'
+set vpn openconnect network-settings client-ip-settings subnet '192.168.160.0/24'
+set vpn openconnect ssl ca-certificate 'openconnect'
+set vpn openconnect ssl certificate 'openconnect'
+set vpn openconnect tls-version-min '1.0'
+set vpn sstp authentication local-users username test password 'test'
+set vpn sstp authentication mode 'local'
+set vpn sstp authentication protocols 'mschap-v2'
+set vpn sstp client-ip-pool default-range-pool range '192.168.170.0/24'
+set vpn sstp default-pool 'default-range-pool'
+set vpn sstp gateway-address '192.168.150.1'
+set vpn sstp port '8443'
+set vpn sstp ssl ca-certificate 'sstp'
+set vpn sstp ssl certificate 'sstp'
diff --git a/smoketest/config-tests/vrf-basic b/smoketest/config-tests/vrf-basic
new file mode 100644
index 000000000..1d2874a60
--- /dev/null
+++ b/smoketest/config-tests/vrf-basic
@@ -0,0 +1,65 @@
+set interfaces ethernet eth0 address '192.0.2.1/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth1 vrf 'green'
+set interfaces ethernet eth2 vrf 'red'
+set protocols static route 0.0.0.0/0 next-hop 192.0.2.254 distance '10'
+set protocols static table 10 route 1.0.0.0/8 interface eth0 distance '20'
+set protocols static table 10 route 2.0.0.0/8 interface eth0 distance '20'
+set protocols static table 10 route 3.0.0.0/8 interface eth0 distance '20'
+set protocols static table 20 route 4.0.0.0/8 interface eth0 distance '20'
+set protocols static table 20 route 5.0.0.0/8 interface eth0 distance '50'
+set protocols static table 20 route 6.0.0.0/8 interface eth0 distance '60'
+set protocols static table 20 route 11.0.0.0/8 next-hop 1.1.1.1 interface 'eth0'
+set protocols static table 20 route 12.0.0.0/8 next-hop 1.1.1.1 interface 'eth0'
+set protocols static table 20 route 13.0.0.0/8 next-hop 1.1.1.1 interface 'eth0'
+set protocols static table 20 route6 2001:db8:100::/40 interface eth1 distance '20'
+set protocols static table 20 route6 2001:db8::/40 interface eth1 distance '10'
+set protocols static table 30 route 14.0.0.0/8 next-hop 2.2.1.1 interface 'eth1'
+set protocols static table 30 route 15.0.0.0/8 next-hop 2.2.1.1 interface 'eth1'
+set protocols static table 30 route6 2001:db8:200::/40 interface eth1 distance '20'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
+set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 interface 'eth1'
+set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 vrf 'default'
+set vrf name green protocols static route 21.0.0.0/8 next-hop 2.2.1.1 interface 'eth1'
+set vrf name green protocols static route 21.0.0.0/8 next-hop 2.2.1.1 vrf 'default'
+set vrf name green protocols static route 100.0.0.0/8 interface eth0 distance '200'
+set vrf name green protocols static route 100.0.0.0/8 interface eth0 vrf 'default'
+set vrf name green protocols static route 101.0.0.0/8 interface eth0 vrf 'default'
+set vrf name green protocols static route 101.0.0.0/8 interface eth1
+set vrf name green protocols static route6 2001:db8:100::/40 next-hop fe80::1 interface 'eth0'
+set vrf name green protocols static route6 2001:db8:100::/40 next-hop fe80::1 vrf 'default'
+set vrf name green protocols static route6 2001:db8:300::/40 interface eth1 distance '20'
+set vrf name green protocols static route6 2001:db8:300::/40 interface eth1 vrf 'default'
+set vrf name green table '1000'
+set vrf name red protocols static route 30.0.0.0/8 next-hop 1.1.1.1 interface 'eth1'
+set vrf name red protocols static route 40.0.0.0/8 next-hop 2.2.1.1 interface 'eth1'
+set vrf name red protocols static route 40.0.0.0/8 next-hop 2.2.1.1 vrf 'default'
+set vrf name red protocols static route 103.0.0.0/8 interface eth0 distance '201'
+set vrf name red protocols static route 103.0.0.0/8 interface eth0 vrf 'default'
+set vrf name red protocols static route 104.0.0.0/8 interface eth0 vrf 'default'
+set vrf name red protocols static route 104.0.0.0/8 interface eth1 vrf 'default'
+set vrf name red protocols static route6 2001:db8:100::/40 next-hop fe80::1 interface 'eth0'
+set vrf name red protocols static route6 2001:db8:100::/40 next-hop fe80::1 vrf 'default'
+set vrf name red protocols static route6 2001:db8:400::/40 interface eth1 distance '24'
+set vrf name red protocols static route6 2001:db8:400::/40 interface eth1 vrf 'default'
+set vrf name red table '2000'
diff --git a/smoketest/config-tests/vrf-bgp-pppoe-underlay b/smoketest/config-tests/vrf-bgp-pppoe-underlay
new file mode 100644
index 000000000..bd64c914a
--- /dev/null
+++ b/smoketest/config-tests/vrf-bgp-pppoe-underlay
@@ -0,0 +1,186 @@
+set interfaces bridge br50 address '192.168.0.1/24'
+set interfaces bridge br50 member interface eth0.50
+set interfaces bridge br50 member interface eth2
+set interfaces bridge br50 member interface eth3
+set interfaces dummy dum0 address '100.64.51.252/32'
+set interfaces dummy dum0 address '2001:db8:200:ffff::1/128'
+set interfaces dummy dum0 vrf 'vyos-test-01'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 offload rps
+set interfaces ethernet eth0 ring-buffer rx '256'
+set interfaces ethernet eth0 ring-buffer tx '256'
+set interfaces ethernet eth0 vif 5 address '2001:db8:200:f0::114/64'
+set interfaces ethernet eth0 vif 5 address '100.64.50.121/28'
+set interfaces ethernet eth0 vif 5 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 10 address '2001:db8:200:10::ffff/64'
+set interfaces ethernet eth0 vif 10 address '2001:db8:200::ffff/64'
+set interfaces ethernet eth0 vif 10 address '100.64.50.62/26'
+set interfaces ethernet eth0 vif 10 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 15 address '100.64.50.78/28'
+set interfaces ethernet eth0 vif 15 address '2001:db8:200:15::ffff/64'
+set interfaces ethernet eth0 vif 15 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 50 description 'Member of bridge br50'
+set interfaces ethernet eth0 vif 110 address '100.64.51.190/27'
+set interfaces ethernet eth0 vif 110 address '100.64.51.158/28'
+set interfaces ethernet eth0 vif 110 address '2001:db8:200:101::ffff/64'
+set interfaces ethernet eth0 vif 110 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 410 address '100.64.51.206/28'
+set interfaces ethernet eth0 vif 410 address '2001:db8:200:104::ffff/64'
+set interfaces ethernet eth0 vif 410 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 500 address '100.64.51.238/28'
+set interfaces ethernet eth0 vif 500 address '2001:db8:200:50::ffff/64'
+set interfaces ethernet eth0 vif 500 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 520 address '100.64.50.190/28'
+set interfaces ethernet eth0 vif 520 address '2001:db8:200:520::ffff/64'
+set interfaces ethernet eth0 vif 520 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 666 address '2001:db8:200:ff::101:1/112'
+set interfaces ethernet eth0 vif 666 address '100.64.51.223/31'
+set interfaces ethernet eth0 vif 666 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 800 address '2001:db8:200:ff::104:1/112'
+set interfaces ethernet eth0 vif 800 address '100.64.51.212/31'
+set interfaces ethernet eth0 vif 800 vrf 'vyos-test-01'
+set interfaces ethernet eth0 vif 810 address '100.64.51.30/27'
+set interfaces ethernet eth0 vif 810 address '2001:db8:200:102::ffff/64'
+set interfaces ethernet eth0 vif 810 vrf 'vyos-test-01'
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth1 offload rps
+set interfaces ethernet eth1 ring-buffer rx '256'
+set interfaces ethernet eth1 ring-buffer tx '256'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth3 offload gro
+set interfaces loopback lo
+set interfaces pppoe pppoe7 authentication password 'vyos'
+set interfaces pppoe pppoe7 authentication username 'vyos'
+set interfaces pppoe pppoe7 dhcpv6-options pd 0 interface br50 address '1'
+set interfaces pppoe pppoe7 dhcpv6-options pd 0 length '56'
+set interfaces pppoe pppoe7 ip adjust-mss '1452'
+set interfaces pppoe pppoe7 ipv6 address autoconf
+set interfaces pppoe pppoe7 ipv6 adjust-mss '1432'
+set interfaces pppoe pppoe7 mtu '1492'
+set interfaces pppoe pppoe7 no-peer-dns
+set interfaces pppoe pppoe7 source-interface 'eth1'
+set interfaces virtual-ethernet veth0 address '100.64.51.220/31'
+set interfaces virtual-ethernet veth0 address '2001:db8:200:ff::105:1/112'
+set interfaces virtual-ethernet veth0 description 'Core: connect vyos-test-01 and default VRF'
+set interfaces virtual-ethernet veth0 peer-name 'veth1'
+set interfaces virtual-ethernet veth1 address '100.64.51.221/31'
+set interfaces virtual-ethernet veth1 address '2001:db8:200:ff::105:2/112'
+set interfaces virtual-ethernet veth1 description 'Core: connect vyos-test-01 and default VRF'
+set interfaces virtual-ethernet veth1 peer-name 'veth0'
+set interfaces virtual-ethernet veth1 vrf 'vyos-test-01'
+set interfaces wireguard wg500 address '100.64.51.209/31'
+set interfaces wireguard wg500 mtu '1500'
+set interfaces wireguard wg500 peer A address '192.0.2.1'
+set interfaces wireguard wg500 peer A allowed-ips '0.0.0.0/0'
+set interfaces wireguard wg500 peer A port '5500'
+set interfaces wireguard wg500 peer A public-key 'KGSXF4QckzGe7f7CT+r6VZ5brOD/pVYk8yvrxOQ+X0Y='
+set interfaces wireguard wg500 port '5500'
+set interfaces wireguard wg500 private-key 'iLJh6Me6AdPJtNv3dgGhUbtyFxExxmNU4v0Fs6YE2Xc='
+set interfaces wireguard wg500 vrf 'vyos-test-01'
+set interfaces wireguard wg501 address '2001:db8:200:ff::102:2/112'
+set interfaces wireguard wg501 mtu '1500'
+set interfaces wireguard wg501 peer A address '2001:db8:300::1'
+set interfaces wireguard wg501 peer A allowed-ips '::/0'
+set interfaces wireguard wg501 peer A port '5501'
+set interfaces wireguard wg501 peer A public-key 'OF+1OJ+VfQ0Yw1mgVtQ2ion4CnAdy8Bvx7yEiO4+Pn8='
+set interfaces wireguard wg501 port '5501'
+set interfaces wireguard wg501 private-key '0MP5X0PW58O4q2LDpuIXgZ0ySyAoWH8/kdpvQccCbUU='
+set interfaces wireguard wg501 vrf 'vyos-test-01'
+set interfaces wireguard wg666 address '172.29.0.0/31'
+set interfaces wireguard wg666 mtu '1500'
+set interfaces wireguard wg666 peer B allowed-ips '0.0.0.0/0'
+set interfaces wireguard wg666 peer B public-key '2HT+RfwcqJMYNYzdmtmpem8Ht0dL37o31APHVwmh024='
+set interfaces wireguard wg666 port '50666'
+set interfaces wireguard wg666 private-key 'zvPnp2MLAoX7SotuHLFLDyy4sdlD7ttbD1xNEqA3mkU='
+set nat source rule 100 outbound-interface name 'pppoe7'
+set nat source rule 100 source address '192.168.0.0/24'
+set nat source rule 100 translation address 'masquerade'
+set policy prefix-list AS100-origin-v4 rule 10 action 'permit'
+set policy prefix-list AS100-origin-v4 rule 10 prefix '100.64.0.0/12'
+set policy prefix-list AS100-origin-v4 rule 100 action 'permit'
+set policy prefix-list AS100-origin-v4 rule 100 prefix '0.0.0.0/0'
+set policy prefix-list AS200-origin-v4 rule 10 action 'permit'
+set policy prefix-list AS200-origin-v4 rule 10 prefix '10.0.0.0/8'
+set policy prefix-list AS200-origin-v4 rule 20 action 'permit'
+set policy prefix-list AS200-origin-v4 rule 20 prefix '172.16.0.0/12'
+set policy prefix-list6 AS100-origin-v6 rule 10 action 'permit'
+set policy prefix-list6 AS100-origin-v6 rule 10 prefix '2001:db8:200::/40'
+set policy prefix-list6 AS200-origin-v6 rule 10 action 'permit'
+set policy prefix-list6 AS200-origin-v6 rule 10 prefix '2001:db8:100::/40'
+set protocols static route 100.64.50.0/23 next-hop 100.64.51.221
+set protocols static route 192.0.2.255/32 interface pppoe7
+set protocols static route6 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff/128 interface pppoe7
+set qos interface pppoe7 egress 'isp-out'
+set qos policy shaper isp-out bandwidth '38mbit'
+set qos policy shaper isp-out default bandwidth '100%'
+set qos policy shaper isp-out default burst '15k'
+set qos policy shaper isp-out default queue-limit '1000'
+set qos policy shaper isp-out default queue-type 'fq-codel'
+set service router-advert interface br50 prefix ::/64 preferred-lifetime '2700'
+set service router-advert interface br50 prefix ::/64 valid-lifetime '5400'
+set service router-advert interface eth0.500 default-preference 'high'
+set service router-advert interface eth0.500 name-server '2001:db8:200::1'
+set service router-advert interface eth0.500 name-server '2001:db8:200::2'
+set service router-advert interface eth0.500 prefix 2001:db8:200:50::/64 valid-lifetime 'infinity'
+set service router-advert interface eth0.520 default-preference 'high'
+set service router-advert interface eth0.520 name-server '2001:db8:200::1'
+set service router-advert interface eth0.520 name-server '2001:db8:200::2'
+set service router-advert interface eth0.520 prefix 2001:db8:200:520::/64 valid-lifetime 'infinity'
+set service ssh disable-host-validation
+set service ssh dynamic-protection allow-from '100.64.0.0/10'
+set service ssh dynamic-protection allow-from '2001:db8:200::/40'
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system name-server '192.168.0.1'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
+set vrf bind-to-all
+set vrf name vyos-test-01 protocols bgp address-family ipv4-unicast network 100.64.50.0/23
+set vrf name vyos-test-01 protocols bgp address-family ipv6-unicast network 2001:db8:200:ffff::1/128
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.208 peer-group 'AS100v4'
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast default-originate
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast maximum-prefix '10'
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast prefix-list export 'AS100-origin-v4'
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast prefix-list import 'AS200-origin-v4'
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 address-family ipv4-unicast soft-reconfiguration inbound
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 capability dynamic
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.222 remote-as '200'
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.251 peer-group 'AS100v4'
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.251 shutdown
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.254 peer-group 'AS100v4'
+set vrf name vyos-test-01 protocols bgp neighbor 100.64.51.254 shutdown
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast maximum-prefix '10'
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast prefix-list export 'AS100-origin-v6'
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast prefix-list import 'AS200-origin-v6'
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 address-family ipv6-unicast soft-reconfiguration inbound
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 capability dynamic
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ff::101:2 remote-as '200'
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ffff::2 peer-group 'AS100v6'
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ffff::2 shutdown
+set vrf name vyos-test-01 protocols bgp neighbor 2001:db8:200:ffff::a peer-group 'AS100v6'
+set vrf name vyos-test-01 protocols bgp peer-group AS100v4 address-family ipv4-unicast nexthop-self
+set vrf name vyos-test-01 protocols bgp peer-group AS100v4 capability dynamic
+set vrf name vyos-test-01 protocols bgp peer-group AS100v4 remote-as 'internal'
+set vrf name vyos-test-01 protocols bgp peer-group AS100v4 update-source 'dum0'
+set vrf name vyos-test-01 protocols bgp peer-group AS100v6 address-family ipv6-unicast nexthop-self
+set vrf name vyos-test-01 protocols bgp peer-group AS100v6 capability dynamic
+set vrf name vyos-test-01 protocols bgp peer-group AS100v6 remote-as 'internal'
+set vrf name vyos-test-01 protocols bgp peer-group AS100v6 update-source 'dum0'
+set vrf name vyos-test-01 protocols bgp system-as '100'
+set vrf name vyos-test-01 protocols static route 100.64.50.0/23 blackhole
+set vrf name vyos-test-01 protocols static route 100.64.51.32/27 next-hop 100.64.51.5
+set vrf name vyos-test-01 protocols static route 192.168.0.0/24 next-hop 100.64.51.220
+set vrf name vyos-test-01 protocols static route6 2001:db8:2fe:ffff::/64 next-hop 2001:db8:200:102::5
+set vrf name vyos-test-01 table '1000'
diff --git a/smoketest/config-tests/vrf-ospf b/smoketest/config-tests/vrf-ospf
new file mode 100644
index 000000000..fd14615e0
--- /dev/null
+++ b/smoketest/config-tests/vrf-ospf
@@ -0,0 +1,59 @@
+set interfaces ethernet eth0 address '192.0.2.1/24'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth1 vrf 'red'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth2 vrf 'blue'
+set protocols ospf area 0 network '192.0.2.0/24'
+set protocols ospf interface eth0 authentication md5 key-id 10 md5-key 'ospfkey'
+set protocols ospf interface eth0 passive disable
+set protocols ospf log-adjacency-changes
+set protocols ospf parameters abr-type 'cisco'
+set protocols ospf parameters router-id '1.2.3.4'
+set protocols ospf passive-interface 'default'
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 0.pool.ntp.org
+set service ntp server 1.pool.ntp.org
+set service ntp server 2.pool.ntp.org
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
+set vrf name blue protocols ospf area 0 network '172.18.201.0/24'
+set vrf name blue protocols ospf interface eth2 authentication md5 key-id 30 md5-key 'vyoskey456'
+set vrf name blue protocols ospf interface eth2 dead-interval '40'
+set vrf name blue protocols ospf interface eth2 hello-interval '10'
+set vrf name blue protocols ospf interface eth2 passive disable
+set vrf name blue protocols ospf interface eth2 priority '1'
+set vrf name blue protocols ospf interface eth2 retransmit-interval '5'
+set vrf name blue protocols ospf interface eth2 transmit-delay '1'
+set vrf name blue protocols ospf log-adjacency-changes
+set vrf name blue protocols ospf parameters abr-type 'cisco'
+set vrf name blue protocols ospf parameters router-id '5.6.7.8'
+set vrf name blue protocols ospf passive-interface 'default'
+set vrf name blue table '2000'
+set vrf name red protocols ospf area 0 network '172.18.202.0/24'
+set vrf name red protocols ospf interface eth1 authentication md5 key-id 20 md5-key 'vyoskey123'
+set vrf name red protocols ospf interface eth1 dead-interval '40'
+set vrf name red protocols ospf interface eth1 hello-interval '10'
+set vrf name red protocols ospf interface eth1 passive disable
+set vrf name red protocols ospf interface eth1 priority '1'
+set vrf name red protocols ospf interface eth1 retransmit-interval '5'
+set vrf name red protocols ospf interface eth1 transmit-delay '1'
+set vrf name red protocols ospf log-adjacency-changes
+set vrf name red protocols ospf parameters abr-type 'cisco'
+set vrf name red protocols ospf parameters router-id '9.10.11.12'
+set vrf name red protocols ospf passive-interface 'default'
+set vrf name red table '1000'
diff --git a/smoketest/config-tests/wireless-basic b/smoketest/config-tests/wireless-basic
index 77db29c2f..d9e6c8fac 100644
--- a/smoketest/config-tests/wireless-basic
+++ b/smoketest/config-tests/wireless-basic
@@ -20,6 +20,6 @@ set system console device ttyS0 speed '115200'
set system domain-name 'dev.vyos.net'
set system host-name 'WR1'
set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
-set system wireless country-code 'es'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
+set system wireless country-code 'es'
diff --git a/smoketest/configs/basic-api-service b/smoketest/configs/basic-api-service
index f997ccd73..d5364d3e6 100644
--- a/smoketest/configs/basic-api-service
+++ b/smoketest/configs/basic-api-service
@@ -3,8 +3,6 @@ interfaces {
address 192.0.2.1/31
address 2001:db8::1234/64
}
- ethernet eth1 {
- }
loopback lo {
}
}
diff --git a/smoketest/configs/bgp-dmvpn-hub b/smoketest/configs/bgp-dmvpn-hub
index fc5aadd8f..fc0be5e07 100644
--- a/smoketest/configs/bgp-dmvpn-hub
+++ b/smoketest/configs/bgp-dmvpn-hub
@@ -1,8 +1,12 @@
interfaces {
ethernet eth0 {
address 100.64.10.1/31
+ speed auto
+ duplex auto
}
ethernet eth1 {
+ speed auto
+ duplex auto
}
loopback lo {
}
@@ -171,4 +175,3 @@ vpn {
// Warning: Do not remove the following line.
// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.3.0-epa3
-
diff --git a/smoketest/configs/bgp-evpn-l3vpn-pe-router b/smoketest/configs/bgp-evpn-l3vpn-pe-router
index b1ca7fae3..c676463b8 100644
--- a/smoketest/configs/bgp-evpn-l3vpn-pe-router
+++ b/smoketest/configs/bgp-evpn-l3vpn-pe-router
@@ -38,7 +38,7 @@ interfaces {
ethernet eth0 {
address 192.0.2.59/27
address 2001:db8:ffff::59/64
- description "out-of-band management"
+ description "Out-of-Band Managament Port"
vrf mgmt
}
ethernet eth1 {
diff --git a/smoketest/configs/bgp-rpki b/smoketest/configs/bgp-rpki
index dffab4c69..5588f15c9 100644
--- a/smoketest/configs/bgp-rpki
+++ b/smoketest/configs/bgp-rpki
@@ -4,6 +4,7 @@ interfaces {
address 2001:db8::ffff/64
}
ethernet eth1 {
+ address 100.64.0.1/24
}
loopback lo {
}
diff --git a/smoketest/configs/isis-small b/smoketest/configs/isis-small
index 5a4201988..79a2f042f 100644
--- a/smoketest/configs/isis-small
+++ b/smoketest/configs/isis-small
@@ -4,19 +4,35 @@ interfaces {
}
ethernet eth0 {
duplex auto
+ offload {
+ sg
+ tso
+ }
speed auto
}
ethernet eth1 {
address 192.0.2.1/24
duplex auto
+ offload {
+ sg
+ tso
+ }
speed auto
}
ethernet eth2 {
duplex auto
+ offload {
+ sg
+ tso
+ }
speed auto
}
ethernet eth3 {
duplex auto
+ offload {
+ sg
+ tso
+ }
speed auto
}
}
@@ -41,9 +57,9 @@ policy {
}
}
protocols {
- isis FOO {
+ isis {
interface eth1 {
- bfd
+ bfd
}
net 49.0001.1921.6800.1002.00
redistribute {
@@ -61,6 +77,17 @@ system {
config-management {
commit-revisions 200
}
+ conntrack {
+ modules {
+ ftp
+ h323
+ nfs
+ pptp
+ sip
+ sqlnet
+ tftp
+ }
+ }
console {
device ttyS0 {
speed 115200
@@ -77,11 +104,11 @@ system {
}
}
ntp {
- server 0.pool.ntp.org {
+ server time1.vyos.net {
}
- server 1.pool.ntp.org {
+ server time2.vyos.net {
}
- server 2.pool.ntp.org {
+ server time3.vyos.net {
}
}
syslog {
@@ -99,5 +126,5 @@ system {
// Warning: Do not remove the following line.
-// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@7:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
-// Release version: 1.3.0-rc1
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.0
diff --git a/smoketest/configs/pppoe-server b/smoketest/configs/pppoe-server
index ff5815e29..a01a45115 100644
--- a/smoketest/configs/pppoe-server
+++ b/smoketest/configs/pppoe-server
@@ -4,8 +4,12 @@ interfaces {
}
ethernet eth1 {
address 192.168.0.1/24
+ speed auto
+ duplex auto
}
ethernet eth2 {
+ speed auto
+ duplex auto
}
loopback lo {
}
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index a2e426dc7..dcce229e2 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -106,32 +106,32 @@ n+vZdJAWTq76zAPT3n9FClo=
"""
ca_key_data = """
- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg7Mjl6+rs8Bd
- kjqgl2QDuHfrH2mTDCeB7WuNTnIz0BPDtlmwIdqhU7LdCB/zUSABAa6LBe/Z/bK
- WCRKyq8fU2/4uWECe975IMXOfFdYT6KA78DROvOi32JZmln0LAXV+538eb+g19x
- NtoBhPO8igiNevfkV+nJehRK/41ATj+assTOv87vaSX7WqyaP/ZqkIdQD9Kc3cq
- B4JsYjkWcniHL9yk4oY3cjKK8PJ1pi4FqgFHt2hA+Ic+NvbAhc47K9otP8FM4jk
- Sii3MZfHA6Czb43BtbR+YEiWPzBhzE2bCuIgeRUumMF1Z+CAT6U7Cpx3XPh+Ac2
- RnDa8wKeQ1eqE1AgMBAAECggEAEDDaoqVqmMWsONoQiWRMr2h1RZvPxP7OpuKVW
- iF3XgrMOb9HZc+Ybpj1dC+NDMekvNaHhMuF2Lqz6UgjDjzzVMH/x4yfDwFWUqeb
- SxbglvGmVk4zg48JNkmArLT6GJQccD1XXjZZmqSOhagM4KalCpIdxfvgoZbTCa2
- xMSCLHS+1HCDcmpCoeXM6ZBPTn0NbjRDAqIzCwcq2veG7RSz040obk8h7nrdv7j
- hxRGmtPmPFzKgGLNn6GnL7AwYVMiidjj/ntvM4B1OMs9MwUYbtpg98TWcWyu+ZR
- akUrnVf9z2aIHCKyuJvke/PNqMgw+L8KV4/478XxWhXfl7K1F3nMQKBgQDRBUDY
- NFH0wC4MMWsA+RGwyz7RlzACChDJCMtA/agbW06gUoE9UYf8KtLQQQYljlLJHxH
- GD72QnuM+sowGGXnbD4BabA9TQiQUG5c6boznTy1uU1gt8T0Zl0mmC7vIMoMBVd
- 5bb0qrZvuR123kDGYn6crug9uvMIYSSlhGmBGTJQKBgQDFGC3vfkCyXzLoYy+RI
- s/rXgyBF1PUYQtyDgL0N811L0H7a8JhFnt4FvodUbxv2ob+1kIc9e3yXT6FsGyO
- 7IDOnqgeQKy74bYqVPZZuf1FOFb9fuxf00pn1FmhAF4OuSWkhVhrKkyrZwdD8Ar
- jLK253J94dogjdKAYfN1csaOA0QKBgD0zUZI8d4a3QoRVb+RACTr/t6v8nZTrR5
- DlX0XvP2qLKJFutuKyXaOrEkDh2R/j9T9oNncMos+WhikUdEVQ7koC1u0i2LXjF
- tdAYN4+Akmz+DRmeNoy2VYF4w2YP+pVR+B7OPkCtBVNuPkx3743Fy42mTGPMCKy
- jX8Lf59j5Tl1AoGBAI3sk2dZqozHMIlWovIH92CtIKP0gFD2cJ94p3fklvZDSWg
- aeKYg4lffc8uZB/AjlAH9ly3ziZx0uIjcOc/RTg96/+SI/dls9xgUhjCmVVJ692
- ki9GMsau/JYaEl+pTvjcOiocDJfNwQHJM3Tx+3FII59DtyXyXo3T/E6kHNSMeBA
- oGAR9M48DTspv9OH1S7X6yR6MtMY5ltsBmB3gPhQFxiDKBvARkIkAPqObQ9TG/V
- uOz2Purq0Oz7SHsY2jiFDd2KEGo6JfG61NDdIhiQC99ztSgt7NtvSCnX22SfVDW
- oFxSK+tek7tvDVXAXCNy4ZESMEUGJ6NDHImb80aF+xZ3wYKw=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg7Mjl6+rs8Bdk
+jqgl2QDuHfrH2mTDCeB7WuNTnIz0BPDtlmwIdqhU7LdCB/zUSABAa6LBe/Z/bKWC
+RKyq8fU2/4uWECe975IMXOfFdYT6KA78DROvOi32JZmln0LAXV+538eb+g19xNto
+BhPO8igiNevfkV+nJehRK/41ATj+assTOv87vaSX7WqyaP/ZqkIdQD9Kc3cqB4Js
+YjkWcniHL9yk4oY3cjKK8PJ1pi4FqgFHt2hA+Ic+NvbAhc47K9otP8FM4jkSii3M
+ZfHA6Czb43BtbR+YEiWPzBhzE2bCuIgeRUumMF1Z+CAT6U7Cpx3XPh+Ac2RnDa8w
+KeQ1eqE1AgMBAAECggEAEDDaoqVqmMWsONoQiWRMr2h1RZvPxP7OpuKVWiF3XgrM
+Ob9HZc+Ybpj1dC+NDMekvNaHhMuF2Lqz6UgjDjzzVMH/x4yfDwFWUqebSxbglvGm
+Vk4zg48JNkmArLT6GJQccD1XXjZZmqSOhagM4KalCpIdxfvgoZbTCa2xMSCLHS+1
+HCDcmpCoeXM6ZBPTn0NbjRDAqIzCwcq2veG7RSz040obk8h7nrdv7jhxRGmtPmPF
+zKgGLNn6GnL7AwYVMiidjj/ntvM4B1OMs9MwUYbtpg98TWcWyu+ZRakUrnVf9z2a
+IHCKyuJvke/PNqMgw+L8KV4/478XxWhXfl7K1F3nMQKBgQDRBUDYNFH0wC4MMWsA
++RGwyz7RlzACChDJCMtA/agbW06gUoE9UYf8KtLQQQYljlLJHxHGD72QnuM+sowG
+GXnbD4BabA9TQiQUG5c6boznTy1uU1gt8T0Zl0mmC7vIMoMBVd5bb0qrZvuR123k
+DGYn6crug9uvMIYSSlhGmBGTJQKBgQDFGC3vfkCyXzLoYy+RIs/rXgyBF1PUYQty
+DgL0N811L0H7a8JhFnt4FvodUbxv2ob+1kIc9e3yXT6FsGyO7IDOnqgeQKy74bYq
+VPZZuf1FOFb9fuxf00pn1FmhAF4OuSWkhVhrKkyrZwdD8ArjLK253J94dogjdKAY
+fN1csaOA0QKBgD0zUZI8d4a3QoRVb+RACTr/t6v8nZTrR5DlX0XvP2qLKJFutuKy
+XaOrEkDh2R/j9T9oNncMos+WhikUdEVQ7koC1u0i2LXjFtdAYN4+Akmz+DRmeNoy
+2VYF4w2YP+pVR+B7OPkCtBVNuPkx3743Fy42mTGPMCKyjX8Lf59j5Tl1AoGBAI3s
+k2dZqozHMIlWovIH92CtIKP0gFD2cJ94p3fklvZDSWgaeKYg4lffc8uZB/AjlAH9
+ly3ziZx0uIjcOc/RTg96/+SI/dls9xgUhjCmVVJ692ki9GMsau/JYaEl+pTvjcOi
+ocDJfNwQHJM3Tx+3FII59DtyXyXo3T/E6kHNSMeBAoGAR9M48DTspv9OH1S7X6yR
+6MtMY5ltsBmB3gPhQFxiDKBvARkIkAPqObQ9TG/VuOz2Purq0Oz7SHsY2jiFDd2K
+EGo6JfG61NDdIhiQC99ztSgt7NtvSCnX22SfVDWoFxSK+tek7tvDVXAXCNy4ZESM
+EUGJ6NDHImb80aF+xZ3wYKw=
"""
PROCESS_NAME = 'ocserv-main'