From 12baed897cb3e4037b234cbb0a5def645b47e415 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 24 May 2022 13:20:23 -0500
Subject: configtest: T4382: fix missing delete of 'ipsec-interfaces' node

Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that
migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces'
after moving the interface; fix the migration script, as it is not yet
in 1.3.
---
 src/migration-scripts/ipsec/5-to-6 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/migration-scripts/ipsec/5-to-6 b/src/migration-scripts/ipsec/5-to-6
index e9adee01b..3a8b3926d 100755
--- a/src/migration-scripts/ipsec/5-to-6
+++ b/src/migration-scripts/ipsec/5-to-6
@@ -78,7 +78,7 @@ if config.exists(log_mode):
 base_interfaces = base + ['ipsec-interfaces', 'interface']
 if config.exists(base_interfaces):
     config.copy(base_interfaces, base + ['interface'])
-    config.delete(base_interfaces)
+    config.delete(base + ['ipsec-interfaces'])
 
 # Remove deprecated "auto-update" option
 tmp = base + ['auto-update']
-- 
cgit v1.2.3


From 64a92e802a757fc40637aeb7494f3aa197044288 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 24 May 2022 13:37:02 -0500
Subject: configtest: T4382: bgp migration scripts need to follow quagga
 scripts

The configs bgp_bfd_communities and bgp_big_as_cloud reveal a
counterexample to the independence of component migration scripts:
quagga migration scripts must precede those of bgp; explicitly reorder
from lexical order.
---
 python/vyos/migrator.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/python/vyos/migrator.py b/python/vyos/migrator.py
index a2e0daabd..c6e3435ca 100644
--- a/python/vyos/migrator.py
+++ b/python/vyos/migrator.py
@@ -105,6 +105,11 @@ class Migrator(object):
         sys_keys = list(sys_versions.keys())
         sys_keys.sort()
 
+        # XXX 'bgp' needs to follow 'quagga':
+        if 'bgp' in sys_keys and 'quagga' in sys_keys:
+            sys_keys.insert(sys_keys.index('quagga'),
+                            sys_keys.pop(sys_keys.index('bgp')))
+
         rev_versions = {}
 
         for key in sys_keys:
-- 
cgit v1.2.3


From b2d06425d89e1e41dba96639f419656082586c02 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 24 May 2022 13:42:34 -0500
Subject: configtest: T4382: remove typo

This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'.
---
 smoketest/configs/vrf-ospf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/smoketest/configs/vrf-ospf b/smoketest/configs/vrf-ospf
index 7855e86bf..aae6afb6b 100644
--- a/smoketest/configs/vrf-ospf
+++ b/smoketest/configs/vrf-ospf
@@ -51,7 +51,6 @@ system {
             }
         }
     }
-    nt
     ntp {
         server 0.pool.ntp.org {
         }
-- 
cgit v1.2.3


From d19a5876ed144692befb76cf206f3ca7c66d3882 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 24 May 2022 13:45:29 -0500
Subject: configtest: T4382: system@20 cannot have 'user level' (16-to-17)

The config file isis-small has system@20, but 'user level' which was
migrated in system/16-to-17; remove the line in the config, as there is
no problem with the migration script in question.
---
 smoketest/configs/isis-small | 1 -
 1 file changed, 1 deletion(-)

diff --git a/smoketest/configs/isis-small b/smoketest/configs/isis-small
index 247ae32b5..5a4201988 100644
--- a/smoketest/configs/isis-small
+++ b/smoketest/configs/isis-small
@@ -74,7 +74,6 @@ system {
                 encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
                 plaintext-password ""
             }
-            level admin
         }
     }
     ntp {
-- 
cgit v1.2.3


From 9340afe48cb2bfa6415b6d769ccf288bf1ceaf3e Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 24 May 2022 13:47:51 -0500
Subject: configtest: T4382: 'nat ... log' takes no 'enable' argument

The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5
removes the boolean argument. It is confirmed that the migration script
works correctly, hence, it must be a typo in translation; remove
argument 'enable'.
---
 smoketest/configs/bgp-dmvpn-spoke | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/smoketest/configs/bgp-dmvpn-spoke b/smoketest/configs/bgp-dmvpn-spoke
index 3d7503a9b..39b64b935 100644
--- a/smoketest/configs/bgp-dmvpn-spoke
+++ b/smoketest/configs/bgp-dmvpn-spoke
@@ -32,7 +32,7 @@ interfaces {
 nat {
     source {
         rule 10 {
-            log enable
+            log
             outbound-interface pppoe1
             source {
                 address 172.17.0.0/16
-- 
cgit v1.2.3


From d78fd7452e5feeae853c8effd88627da61dac9d9 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 24 May 2022 14:51:44 -0500
Subject: configtest: T4382: bgp_small_as has a nonsensical entry

bgp_small_as contains set commands such as:
'protocols static route 10.0.0.0/8 MY-NAS distance 254'
which would appear to have no meaning, in any VyOS version.
Move to config.no-load for analysis.
---
 smoketest/configs.no-load/bgp-small-as | 687 +++++++++++++++++++++++++++++++++
 smoketest/configs/bgp-small-as         | 687 ---------------------------------
 2 files changed, 687 insertions(+), 687 deletions(-)
 create mode 100644 smoketest/configs.no-load/bgp-small-as
 delete mode 100644 smoketest/configs/bgp-small-as

diff --git a/smoketest/configs.no-load/bgp-small-as b/smoketest/configs.no-load/bgp-small-as
new file mode 100644
index 000000000..6b953a3f6
--- /dev/null
+++ b/smoketest/configs.no-load/bgp-small-as
@@ -0,0 +1,687 @@
+firewall {
+    all-ping enable
+    broadcast-ping disable
+    config-trap disable
+    group {
+        address-group NET-VYOS-HTTPS-4 {
+            address 10.0.150.73
+        }
+        ipv6-network-group NET-VYOS-6 {
+            network 2001:db8:200::/40
+        }
+        network-group NET-VYOS-4 {
+            network 10.0.150.0/23
+            network 192.168.189.0/24
+        }
+        port-group MY-NAS-PORTS {
+            port 80
+            port 5000
+            port 5001
+            port 6022
+            port 9443
+        }
+    }
+    ipv6-name WAN-TO-VLAN15-6 {
+        default-action drop
+        enable-default-log
+        rule 1 {
+            action accept
+            state {
+                established enable
+                related enable
+            }
+        }
+        rule 2 {
+            action drop
+            log enable
+            state {
+                invalid enable
+            }
+        }
+        rule 100 {
+            action accept
+            source {
+                group {
+                    network-group NET-VYOS-6
+                }
+            }
+        }
+        rule 1010 {
+            action accept
+            destination {
+                address 2001:db8:200:15::a
+                group {
+                    port-group MY-NAS-PORTS
+                }
+            }
+            protocol tcp
+        }
+    }
+    ipv6-receive-redirects disable
+    ipv6-src-route disable
+    ip-src-route disable
+    log-martians enable
+    name WAN-TO-VLAN15-4 {
+        default-action drop
+        enable-default-log
+        rule 1 {
+            action accept
+            state {
+                established enable
+                related enable
+            }
+        }
+        rule 2 {
+            action drop
+            log enable
+            state {
+                invalid enable
+            }
+        }
+        rule 100 {
+            action accept
+            source {
+                group {
+                    network-group NET-VYOS-4
+                }
+            }
+        }
+        rule 1000 {
+            action accept
+            destination {
+                group {
+                    address-group NET-VYOS-HTTPS-4
+                }
+                port 80,443
+            }
+            protocol tcp
+        }
+        rule 1010 {
+            action accept
+            destination {
+                address 10.0.150.74
+                group {
+                    port-group MY-NAS-PORTS
+                }
+            }
+            protocol tcp
+        }
+    }
+    receive-redirects disable
+    send-redirects enable
+    source-validation disable
+    syn-cookies enable
+    twa-hazards-protection disable
+}
+high-availability {
+    vrrp {
+        group VLAN5-IPv4 {
+            interface eth0.5
+            preempt-delay 180
+            priority 250
+            virtual-address 10.0.150.120/28
+            vrid 5
+        }
+        group VLAN5-IPv6 {
+            interface eth0.5
+            preempt-delay 180
+            priority 250
+            virtual-address 2001:db8:200:f0::ffff/64
+            vrid 6
+        }
+        group VLAN10-IPv4 {
+            interface eth0.10
+            preempt-delay 180
+            priority 250
+            virtual-address 10.0.150.62/26
+            vrid 10
+        }
+        group VLAN10-IPv6 {
+            interface eth0.10
+            preempt-delay 180
+            priority 250
+            virtual-address 2001:db8:200:10::ffff/64
+            virtual-address 2001:db8:200::ffff/64
+            vrid 11
+        }
+        group VLAN15-IPv4 {
+            interface eth0.15
+            preempt-delay 180
+            priority 250
+            virtual-address 10.0.150.78/28
+            vrid 15
+        }
+        group VLAN15-IPv6 {
+            interface eth0.15
+            preempt-delay 180
+            priority 250
+            virtual-address 2001:db8:200:15::ffff/64
+            vrid 16
+        }
+        group VLAN500-IPv4 {
+            interface eth0.500
+            preempt-delay 180
+            priority 250
+            virtual-address 10.0.151.238/28
+            vrid 238
+        }
+        group VLAN500-IPv6 {
+            interface eth0.500
+            preempt-delay 180
+            priority 250
+            virtual-address 2001:db8:200:50::ffff/64
+            vrid 239
+        }
+        group VLAN520-IPv4 {
+            interface eth0.520
+            preempt-delay 180
+            priority 250
+            virtual-address 10.0.150.190/28
+            vrid 52
+        }
+        group VLAN520-IPv6 {
+            interface eth0.520
+            preempt-delay 180
+            priority 250
+            virtual-address 2001:db8:200:520::ffff/64
+            vrid 53
+        }
+        group VLAN810-IPv4 {
+            interface eth0.810
+            preempt-delay 180
+            priority 250
+            virtual-address 10.0.151.30/27
+            vrid 80
+        }
+        group VLAN810-IPv6 {
+            interface eth0.810
+            preempt-delay 180
+            priority 250
+            virtual-address 2001:db8:200:102::ffff/64
+            vrid 81
+        }
+        sync-group VYOS {
+            member VLAN5-IPv4
+            member VLAN5-IPv6
+            member VLAN10-IPv4
+            member VLAN10-IPv6
+            member VLAN500-IPv4
+            member VLAN500-IPv6
+            member VLAN15-IPv4
+            member VLAN15-IPv6
+            member VLAN810-IPv6
+            member VLAN810-IPv4
+            member VLAN520-IPv4
+            member VLAN520-IPv6
+        }
+    }
+}
+interfaces {
+    dummy dum0 {
+        address 2001:db8:200:ffff::2/128
+        address 10.0.151.251/32
+    }
+    ethernet eth0 {
+        vif 5 {
+            address 10.0.150.121/28
+            address 2001:db8:200:f0::4/64
+            ip {
+                ospf {
+                    authentication {
+                        md5 {
+                            key-id 10 {
+                                md5-key vyosospfkey
+                            }
+                        }
+                    }
+                    cost 10
+                    dead-interval 40
+                    hello-interval 10
+                    network broadcast
+                    priority 200
+                    retransmit-interval 5
+                    transmit-delay 5
+                }
+            }
+        }
+        vif 10 {
+            address 2001:db8:200:10::1:ffff/64
+            address 2001:db8:200::1:ffff/64
+            address 10.0.150.60/26
+        }
+        vif 15 {
+            address 10.0.150.76/28
+            address 2001:db8:200:15::1:ffff/64
+            firewall {
+                out {
+                    ipv6-name WAN-TO-VLAN15-6
+                    name WAN-TO-VLAN15-4
+                }
+            }
+        }
+        vif 50 {
+            address 192.168.189.2/24
+        }
+        vif 110 {
+            address 2001:db8:200:101::ffff/64
+            address 10.0.151.190/27
+            address 10.0.151.158/28
+        }
+        vif 410 {
+            address 10.0.151.206/28
+            address 2001:db8:200:104::ffff/64
+        }
+        vif 450 {
+            address 2001:db8:200:103::ffff/64
+            address 10.0.151.142/29
+            disable
+        }
+        vif 500 {
+            address 10.0.151.236/28
+            address 2001:db8:200:50::1:ffff/64
+        }
+        vif 520 {
+            address 10.0.150.188/26
+            address 2001:db8:200:520::1:ffff/64
+        }
+        vif 800 {
+            address 2001:db8:200:ff::104:1/112
+            address 10.0.151.212/31
+        }
+        vif 810 {
+            address 10.0.151.28/27
+            address 2001:db8:200:102::1:ffff/64
+        }
+    }
+    ethernet eth1 {
+    }
+    loopback lo {
+    }
+}
+policy {
+    prefix-list as65000-origin-v4 {
+        rule 10 {
+            action permit
+            prefix 10.0.150.0/23
+        }
+        rule 100 {
+            action permit
+            prefix 0.0.0.0/0
+        }
+    }
+    prefix-list6 as65000-origin-v6 {
+        rule 10 {
+            action permit
+            prefix 2001:db8:200::/40
+        }
+    }
+    route-map as65010-in {
+        rule 10 {
+            action permit
+            set {
+                local-preference 30
+            }
+        }
+    }
+    route-map as65010-out {
+        rule 10 {
+            action permit
+            set {
+                as-path-prepend "65000 65000"
+            }
+        }
+    }
+}
+protocols {
+    bgp 65000 {
+        address-family {
+            ipv4-unicast {
+                network 10.0.150.0/23 {
+                }
+            }
+            ipv6-unicast {
+                network 2001:db8:200::/40 {
+                }
+            }
+        }
+        neighbor 10.0.151.222 {
+            disable-send-community {
+                extended
+                standard
+            }
+            address-family {
+                ipv4-unicast {
+                    default-originate {
+                    }
+                    prefix-list {
+                        export as65000-origin-v4
+                    }
+                    route-map {
+                        export as65010-out
+                        import as65010-in
+                    }
+                    soft-reconfiguration {
+                        inbound
+                    }
+                }
+            }
+            capability {
+                dynamic
+            }
+            remote-as 65010
+        }
+        neighbor 10.0.151.252 {
+            peer-group VYOSv4
+        }
+        neighbor 10.0.151.254 {
+            peer-group VYOSv4
+        }
+        neighbor 2001:db8:200:ffff::3 {
+            peer-group VYOSv6
+        }
+        neighbor 2001:db8:200:ffff::a {
+            peer-group VYOSv6
+        }
+        neighbor 2001:db8:200:ff::101:2 {
+            address-family {
+                ipv6-unicast {
+                    capability {
+                        dynamic
+                    }
+                    prefix-list {
+                        export as65000-origin-v6
+                    }
+                    route-map {
+                        import as65010-in
+                    }
+                    soft-reconfiguration {
+                        inbound
+                    }
+                }
+            }
+            remote-as 65010
+        }
+        parameters {
+            default {
+                no-ipv4-unicast
+            }
+            log-neighbor-changes
+            router-id 10.0.151.251
+        }
+        peer-group VYOSv4 {
+            address-family {
+                ipv4-unicast {
+                    nexthop-self {
+                    }
+                }
+            }
+            capability {
+                dynamic
+            }
+            remote-as 65000
+            update-source dum0
+        }
+        peer-group VYOSv6 {
+            address-family {
+                ipv6-unicast {
+                    nexthop-self {
+                    }
+                }
+            }
+            capability {
+                dynamic
+            }
+            remote-as 65000
+            update-source dum0
+        }
+        timers {
+            holdtime 30
+            keepalive 10
+        }
+    }
+    ospf {
+        area 0 {
+            area-type {
+                normal
+            }
+            authentication md5
+            network 10.0.151.251/32
+            network 10.0.151.208/31
+            network 10.0.150.112/28
+        }
+        parameters {
+            abr-type cisco
+            router-id 10.0.151.251
+        }
+        passive-interface default
+        passive-interface-exclude dum0
+        passive-interface-exclude eth0.5
+        redistribute {
+            connected {
+                metric-type 2
+            }
+            static {
+                metric-type 2
+            }
+        }
+    }
+    ospfv3 {
+        area 0.0.0.0 {
+            interface dum0
+            interface eth0.5
+        }
+        parameters {
+            router-id 10.0.151.251
+        }
+        redistribute {
+            connected {
+            }
+            static {
+            }
+        }
+    }
+    static {
+        route 10.0.0.0/8 {
+            MY-NAS {
+                distance 254
+            }
+        }
+        route 172.16.0.0/12 {
+            MY-NAS {
+                distance 254
+            }
+        }
+        route 192.168.0.0/16 {
+            MY-NAS {
+                distance 254
+            }
+        }
+        route 193.148.249.144/32 {
+            next-hop 192.168.189.1 {
+            }
+        }
+        route 10.0.150.0/23 {
+            MY-NAS {
+                distance 254
+            }
+        }
+        route 10.0.151.32/27 {
+            next-hop 10.0.151.5 {
+            }
+        }
+        route6 2001:db8:2fe:ffff::/64 {
+            next-hop 2001:db8:200:102::4 {
+            }
+        }
+        route6 2001:db8:2ff::/48 {
+            next-hop 2001:db8:200:101::1 {
+            }
+        }
+        route6 2001:db8:200::/40 {
+            MY-NAS {
+                distance 254
+            }
+        }
+    }
+}
+service {
+    dhcp-server {
+        shared-network-name NET-VYOS-DHCP-1 {
+            subnet 10.0.151.224/28 {
+                default-router 10.0.151.238
+                dns-server 10.0.150.2
+                dns-server 10.0.150.1
+                domain-name vyos.net
+                failover {
+                    local-address 10.0.151.236
+                    name NET-VYOS-DHCP-1
+                    peer-address 10.0.151.237
+                    status primary
+                }
+                lease 1800
+                range 0 {
+                    start 10.0.151.225
+                    stop 10.0.151.237
+                }
+            }
+        }
+        shared-network-name NET-VYOS-HOSTING-1 {
+            subnet 10.0.150.128/26 {
+                default-router 10.0.150.190
+                dns-server 10.0.150.2
+                dns-server 10.0.150.1
+                domain-name vyos.net
+                failover {
+                    local-address 10.0.150.188
+                    name NET-VYOS-HOSTING-1
+                    peer-address 10.0.150.189
+                    status primary
+                }
+                lease 604800
+                range 0 {
+                    start 10.0.150.129
+                    stop 10.0.150.187
+                }
+            }
+        }
+    }
+    lldp {
+        interface all {
+        }
+        management-address 10.0.151.251
+        snmp {
+            enable
+        }
+    }
+    router-advert {
+        interface eth4.500 {
+            default-preference high
+            name-server 2001:db8:200::1
+            name-server 2001:db8:200::2
+            prefix 2001:db8:200:50::/64 {
+                valid-lifetime infinity
+            }
+        }
+        interface eth4.520 {
+            default-preference high
+            name-server 2001:db8:200::1
+            name-server 2001:db8:200::2
+            prefix 2001:db8:200:520::/64 {
+                valid-lifetime infinity
+            }
+        }
+    }
+    snmp {
+        community public {
+            network 10.0.150.0/26
+            network 2001:db8:200:10::/64
+        }
+        contact noc@vyos.net
+        listen-address 10.0.151.251 {
+        }
+        listen-address 2001:db8:200:ffff::2 {
+        }
+        location "Jenkins"
+    }
+    ssh {
+        disable-host-validation
+        listen-address 10.0.151.251
+        listen-address 2001:db8:200:ffff::2
+        listen-address 192.168.189.2
+        loglevel fatal
+        port 22
+    }
+}
+system {
+    config-management {
+        commit-revisions 200
+    }
+    console {
+        device ttyS0 {
+            speed 115200
+        }
+    }
+    domain-name vyos.net
+    host-name vyos
+    login {
+        banner {
+            pre-login "VyOS - Network\n"
+        }
+        radius {
+            server 192.0.2.1 {
+                key SuperS3cretRADIUSkey
+                timeout 1
+            }
+            server 192.0.2.2 {
+                key SuperS3cretRADIUSkey
+                timeout 1
+            }
+            source-address 192.0.2.254
+        }
+        user vyos {
+            authentication {
+                encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+                plaintext-password ""
+            }
+        }
+    }
+    name-server 192.0.2.1
+    name-server 192.0.2.2
+    name-server 2001:db8:200::1
+    name-server 2001:db8:200::2
+    ntp {
+        allow-clients {
+            address 10.0.150.0/23
+            address 2001:db8:200::/40
+        }
+        listen-address 10.0.151.251
+        listen-address 2001:db8:200:ffff::2
+        server 0.de.pool.ntp.org {
+        }
+        server 1.de.pool.ntp.org {
+        }
+        server 2.de.pool.ntp.org {
+        }
+    }
+    syslog {
+        global {
+            facility all {
+                level notice
+            }
+            facility protocols {
+                level debug
+            }
+        }
+        host 10.0.150.26 {
+            facility all {
+                level all
+            }
+        }
+    }
+    time-zone Europe/Berlin
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3-beta-202101151942
diff --git a/smoketest/configs/bgp-small-as b/smoketest/configs/bgp-small-as
deleted file mode 100644
index 6b953a3f6..000000000
--- a/smoketest/configs/bgp-small-as
+++ /dev/null
@@ -1,687 +0,0 @@
-firewall {
-    all-ping enable
-    broadcast-ping disable
-    config-trap disable
-    group {
-        address-group NET-VYOS-HTTPS-4 {
-            address 10.0.150.73
-        }
-        ipv6-network-group NET-VYOS-6 {
-            network 2001:db8:200::/40
-        }
-        network-group NET-VYOS-4 {
-            network 10.0.150.0/23
-            network 192.168.189.0/24
-        }
-        port-group MY-NAS-PORTS {
-            port 80
-            port 5000
-            port 5001
-            port 6022
-            port 9443
-        }
-    }
-    ipv6-name WAN-TO-VLAN15-6 {
-        default-action drop
-        enable-default-log
-        rule 1 {
-            action accept
-            state {
-                established enable
-                related enable
-            }
-        }
-        rule 2 {
-            action drop
-            log enable
-            state {
-                invalid enable
-            }
-        }
-        rule 100 {
-            action accept
-            source {
-                group {
-                    network-group NET-VYOS-6
-                }
-            }
-        }
-        rule 1010 {
-            action accept
-            destination {
-                address 2001:db8:200:15::a
-                group {
-                    port-group MY-NAS-PORTS
-                }
-            }
-            protocol tcp
-        }
-    }
-    ipv6-receive-redirects disable
-    ipv6-src-route disable
-    ip-src-route disable
-    log-martians enable
-    name WAN-TO-VLAN15-4 {
-        default-action drop
-        enable-default-log
-        rule 1 {
-            action accept
-            state {
-                established enable
-                related enable
-            }
-        }
-        rule 2 {
-            action drop
-            log enable
-            state {
-                invalid enable
-            }
-        }
-        rule 100 {
-            action accept
-            source {
-                group {
-                    network-group NET-VYOS-4
-                }
-            }
-        }
-        rule 1000 {
-            action accept
-            destination {
-                group {
-                    address-group NET-VYOS-HTTPS-4
-                }
-                port 80,443
-            }
-            protocol tcp
-        }
-        rule 1010 {
-            action accept
-            destination {
-                address 10.0.150.74
-                group {
-                    port-group MY-NAS-PORTS
-                }
-            }
-            protocol tcp
-        }
-    }
-    receive-redirects disable
-    send-redirects enable
-    source-validation disable
-    syn-cookies enable
-    twa-hazards-protection disable
-}
-high-availability {
-    vrrp {
-        group VLAN5-IPv4 {
-            interface eth0.5
-            preempt-delay 180
-            priority 250
-            virtual-address 10.0.150.120/28
-            vrid 5
-        }
-        group VLAN5-IPv6 {
-            interface eth0.5
-            preempt-delay 180
-            priority 250
-            virtual-address 2001:db8:200:f0::ffff/64
-            vrid 6
-        }
-        group VLAN10-IPv4 {
-            interface eth0.10
-            preempt-delay 180
-            priority 250
-            virtual-address 10.0.150.62/26
-            vrid 10
-        }
-        group VLAN10-IPv6 {
-            interface eth0.10
-            preempt-delay 180
-            priority 250
-            virtual-address 2001:db8:200:10::ffff/64
-            virtual-address 2001:db8:200::ffff/64
-            vrid 11
-        }
-        group VLAN15-IPv4 {
-            interface eth0.15
-            preempt-delay 180
-            priority 250
-            virtual-address 10.0.150.78/28
-            vrid 15
-        }
-        group VLAN15-IPv6 {
-            interface eth0.15
-            preempt-delay 180
-            priority 250
-            virtual-address 2001:db8:200:15::ffff/64
-            vrid 16
-        }
-        group VLAN500-IPv4 {
-            interface eth0.500
-            preempt-delay 180
-            priority 250
-            virtual-address 10.0.151.238/28
-            vrid 238
-        }
-        group VLAN500-IPv6 {
-            interface eth0.500
-            preempt-delay 180
-            priority 250
-            virtual-address 2001:db8:200:50::ffff/64
-            vrid 239
-        }
-        group VLAN520-IPv4 {
-            interface eth0.520
-            preempt-delay 180
-            priority 250
-            virtual-address 10.0.150.190/28
-            vrid 52
-        }
-        group VLAN520-IPv6 {
-            interface eth0.520
-            preempt-delay 180
-            priority 250
-            virtual-address 2001:db8:200:520::ffff/64
-            vrid 53
-        }
-        group VLAN810-IPv4 {
-            interface eth0.810
-            preempt-delay 180
-            priority 250
-            virtual-address 10.0.151.30/27
-            vrid 80
-        }
-        group VLAN810-IPv6 {
-            interface eth0.810
-            preempt-delay 180
-            priority 250
-            virtual-address 2001:db8:200:102::ffff/64
-            vrid 81
-        }
-        sync-group VYOS {
-            member VLAN5-IPv4
-            member VLAN5-IPv6
-            member VLAN10-IPv4
-            member VLAN10-IPv6
-            member VLAN500-IPv4
-            member VLAN500-IPv6
-            member VLAN15-IPv4
-            member VLAN15-IPv6
-            member VLAN810-IPv6
-            member VLAN810-IPv4
-            member VLAN520-IPv4
-            member VLAN520-IPv6
-        }
-    }
-}
-interfaces {
-    dummy dum0 {
-        address 2001:db8:200:ffff::2/128
-        address 10.0.151.251/32
-    }
-    ethernet eth0 {
-        vif 5 {
-            address 10.0.150.121/28
-            address 2001:db8:200:f0::4/64
-            ip {
-                ospf {
-                    authentication {
-                        md5 {
-                            key-id 10 {
-                                md5-key vyosospfkey
-                            }
-                        }
-                    }
-                    cost 10
-                    dead-interval 40
-                    hello-interval 10
-                    network broadcast
-                    priority 200
-                    retransmit-interval 5
-                    transmit-delay 5
-                }
-            }
-        }
-        vif 10 {
-            address 2001:db8:200:10::1:ffff/64
-            address 2001:db8:200::1:ffff/64
-            address 10.0.150.60/26
-        }
-        vif 15 {
-            address 10.0.150.76/28
-            address 2001:db8:200:15::1:ffff/64
-            firewall {
-                out {
-                    ipv6-name WAN-TO-VLAN15-6
-                    name WAN-TO-VLAN15-4
-                }
-            }
-        }
-        vif 50 {
-            address 192.168.189.2/24
-        }
-        vif 110 {
-            address 2001:db8:200:101::ffff/64
-            address 10.0.151.190/27
-            address 10.0.151.158/28
-        }
-        vif 410 {
-            address 10.0.151.206/28
-            address 2001:db8:200:104::ffff/64
-        }
-        vif 450 {
-            address 2001:db8:200:103::ffff/64
-            address 10.0.151.142/29
-            disable
-        }
-        vif 500 {
-            address 10.0.151.236/28
-            address 2001:db8:200:50::1:ffff/64
-        }
-        vif 520 {
-            address 10.0.150.188/26
-            address 2001:db8:200:520::1:ffff/64
-        }
-        vif 800 {
-            address 2001:db8:200:ff::104:1/112
-            address 10.0.151.212/31
-        }
-        vif 810 {
-            address 10.0.151.28/27
-            address 2001:db8:200:102::1:ffff/64
-        }
-    }
-    ethernet eth1 {
-    }
-    loopback lo {
-    }
-}
-policy {
-    prefix-list as65000-origin-v4 {
-        rule 10 {
-            action permit
-            prefix 10.0.150.0/23
-        }
-        rule 100 {
-            action permit
-            prefix 0.0.0.0/0
-        }
-    }
-    prefix-list6 as65000-origin-v6 {
-        rule 10 {
-            action permit
-            prefix 2001:db8:200::/40
-        }
-    }
-    route-map as65010-in {
-        rule 10 {
-            action permit
-            set {
-                local-preference 30
-            }
-        }
-    }
-    route-map as65010-out {
-        rule 10 {
-            action permit
-            set {
-                as-path-prepend "65000 65000"
-            }
-        }
-    }
-}
-protocols {
-    bgp 65000 {
-        address-family {
-            ipv4-unicast {
-                network 10.0.150.0/23 {
-                }
-            }
-            ipv6-unicast {
-                network 2001:db8:200::/40 {
-                }
-            }
-        }
-        neighbor 10.0.151.222 {
-            disable-send-community {
-                extended
-                standard
-            }
-            address-family {
-                ipv4-unicast {
-                    default-originate {
-                    }
-                    prefix-list {
-                        export as65000-origin-v4
-                    }
-                    route-map {
-                        export as65010-out
-                        import as65010-in
-                    }
-                    soft-reconfiguration {
-                        inbound
-                    }
-                }
-            }
-            capability {
-                dynamic
-            }
-            remote-as 65010
-        }
-        neighbor 10.0.151.252 {
-            peer-group VYOSv4
-        }
-        neighbor 10.0.151.254 {
-            peer-group VYOSv4
-        }
-        neighbor 2001:db8:200:ffff::3 {
-            peer-group VYOSv6
-        }
-        neighbor 2001:db8:200:ffff::a {
-            peer-group VYOSv6
-        }
-        neighbor 2001:db8:200:ff::101:2 {
-            address-family {
-                ipv6-unicast {
-                    capability {
-                        dynamic
-                    }
-                    prefix-list {
-                        export as65000-origin-v6
-                    }
-                    route-map {
-                        import as65010-in
-                    }
-                    soft-reconfiguration {
-                        inbound
-                    }
-                }
-            }
-            remote-as 65010
-        }
-        parameters {
-            default {
-                no-ipv4-unicast
-            }
-            log-neighbor-changes
-            router-id 10.0.151.251
-        }
-        peer-group VYOSv4 {
-            address-family {
-                ipv4-unicast {
-                    nexthop-self {
-                    }
-                }
-            }
-            capability {
-                dynamic
-            }
-            remote-as 65000
-            update-source dum0
-        }
-        peer-group VYOSv6 {
-            address-family {
-                ipv6-unicast {
-                    nexthop-self {
-                    }
-                }
-            }
-            capability {
-                dynamic
-            }
-            remote-as 65000
-            update-source dum0
-        }
-        timers {
-            holdtime 30
-            keepalive 10
-        }
-    }
-    ospf {
-        area 0 {
-            area-type {
-                normal
-            }
-            authentication md5
-            network 10.0.151.251/32
-            network 10.0.151.208/31
-            network 10.0.150.112/28
-        }
-        parameters {
-            abr-type cisco
-            router-id 10.0.151.251
-        }
-        passive-interface default
-        passive-interface-exclude dum0
-        passive-interface-exclude eth0.5
-        redistribute {
-            connected {
-                metric-type 2
-            }
-            static {
-                metric-type 2
-            }
-        }
-    }
-    ospfv3 {
-        area 0.0.0.0 {
-            interface dum0
-            interface eth0.5
-        }
-        parameters {
-            router-id 10.0.151.251
-        }
-        redistribute {
-            connected {
-            }
-            static {
-            }
-        }
-    }
-    static {
-        route 10.0.0.0/8 {
-            MY-NAS {
-                distance 254
-            }
-        }
-        route 172.16.0.0/12 {
-            MY-NAS {
-                distance 254
-            }
-        }
-        route 192.168.0.0/16 {
-            MY-NAS {
-                distance 254
-            }
-        }
-        route 193.148.249.144/32 {
-            next-hop 192.168.189.1 {
-            }
-        }
-        route 10.0.150.0/23 {
-            MY-NAS {
-                distance 254
-            }
-        }
-        route 10.0.151.32/27 {
-            next-hop 10.0.151.5 {
-            }
-        }
-        route6 2001:db8:2fe:ffff::/64 {
-            next-hop 2001:db8:200:102::4 {
-            }
-        }
-        route6 2001:db8:2ff::/48 {
-            next-hop 2001:db8:200:101::1 {
-            }
-        }
-        route6 2001:db8:200::/40 {
-            MY-NAS {
-                distance 254
-            }
-        }
-    }
-}
-service {
-    dhcp-server {
-        shared-network-name NET-VYOS-DHCP-1 {
-            subnet 10.0.151.224/28 {
-                default-router 10.0.151.238
-                dns-server 10.0.150.2
-                dns-server 10.0.150.1
-                domain-name vyos.net
-                failover {
-                    local-address 10.0.151.236
-                    name NET-VYOS-DHCP-1
-                    peer-address 10.0.151.237
-                    status primary
-                }
-                lease 1800
-                range 0 {
-                    start 10.0.151.225
-                    stop 10.0.151.237
-                }
-            }
-        }
-        shared-network-name NET-VYOS-HOSTING-1 {
-            subnet 10.0.150.128/26 {
-                default-router 10.0.150.190
-                dns-server 10.0.150.2
-                dns-server 10.0.150.1
-                domain-name vyos.net
-                failover {
-                    local-address 10.0.150.188
-                    name NET-VYOS-HOSTING-1
-                    peer-address 10.0.150.189
-                    status primary
-                }
-                lease 604800
-                range 0 {
-                    start 10.0.150.129
-                    stop 10.0.150.187
-                }
-            }
-        }
-    }
-    lldp {
-        interface all {
-        }
-        management-address 10.0.151.251
-        snmp {
-            enable
-        }
-    }
-    router-advert {
-        interface eth4.500 {
-            default-preference high
-            name-server 2001:db8:200::1
-            name-server 2001:db8:200::2
-            prefix 2001:db8:200:50::/64 {
-                valid-lifetime infinity
-            }
-        }
-        interface eth4.520 {
-            default-preference high
-            name-server 2001:db8:200::1
-            name-server 2001:db8:200::2
-            prefix 2001:db8:200:520::/64 {
-                valid-lifetime infinity
-            }
-        }
-    }
-    snmp {
-        community public {
-            network 10.0.150.0/26
-            network 2001:db8:200:10::/64
-        }
-        contact noc@vyos.net
-        listen-address 10.0.151.251 {
-        }
-        listen-address 2001:db8:200:ffff::2 {
-        }
-        location "Jenkins"
-    }
-    ssh {
-        disable-host-validation
-        listen-address 10.0.151.251
-        listen-address 2001:db8:200:ffff::2
-        listen-address 192.168.189.2
-        loglevel fatal
-        port 22
-    }
-}
-system {
-    config-management {
-        commit-revisions 200
-    }
-    console {
-        device ttyS0 {
-            speed 115200
-        }
-    }
-    domain-name vyos.net
-    host-name vyos
-    login {
-        banner {
-            pre-login "VyOS - Network\n"
-        }
-        radius {
-            server 192.0.2.1 {
-                key SuperS3cretRADIUSkey
-                timeout 1
-            }
-            server 192.0.2.2 {
-                key SuperS3cretRADIUSkey
-                timeout 1
-            }
-            source-address 192.0.2.254
-        }
-        user vyos {
-            authentication {
-                encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
-                plaintext-password ""
-            }
-        }
-    }
-    name-server 192.0.2.1
-    name-server 192.0.2.2
-    name-server 2001:db8:200::1
-    name-server 2001:db8:200::2
-    ntp {
-        allow-clients {
-            address 10.0.150.0/23
-            address 2001:db8:200::/40
-        }
-        listen-address 10.0.151.251
-        listen-address 2001:db8:200:ffff::2
-        server 0.de.pool.ntp.org {
-        }
-        server 1.de.pool.ntp.org {
-        }
-        server 2.de.pool.ntp.org {
-        }
-    }
-    syslog {
-        global {
-            facility all {
-                level notice
-            }
-            facility protocols {
-                level debug
-            }
-        }
-        host 10.0.150.26 {
-            facility all {
-                level all
-            }
-        }
-    }
-    time-zone Europe/Berlin
-}
-
-
-// Warning: Do not remove the following line.
-// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
-// Release version: 1.3-beta-202101151942
-- 
cgit v1.2.3


From 90cdf726b8c9dc2890126edb8860d96df96120ae Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 24 May 2022 15:32:37 -0500
Subject: configtest: T4382: inconsistent ipsec component version

The pki-ipsec sagitta-era config contains
'vpn ipsec ipsec-interfaces interface eth0'
with ipsec component version ipsec@6, however, this construction is
successfully moved by migration script ipsec/5-to-6. Consequently, this
must have been an error in translation of the config file. Note that
this is unrelated to the corrected error regarding an empty
'ipsec-interfaces' node. Move config to configs.no-load for review.
---
 smoketest/configs.no-load/pki-ipsec | 148 ++++++++++++++++++++++++++++++++++++
 smoketest/configs/pki-ipsec         | 148 ------------------------------------
 2 files changed, 148 insertions(+), 148 deletions(-)
 create mode 100644 smoketest/configs.no-load/pki-ipsec
 delete mode 100644 smoketest/configs/pki-ipsec

diff --git a/smoketest/configs.no-load/pki-ipsec b/smoketest/configs.no-load/pki-ipsec
new file mode 100644
index 000000000..6fc239d27
--- /dev/null
+++ b/smoketest/configs.no-load/pki-ipsec
@@ -0,0 +1,148 @@
+interfaces {
+    dummy dum0 {
+        address 172.20.0.1/30
+    }
+    ethernet eth0 {
+        address 192.168.150.1/24
+    }
+}
+system {
+    config-management {
+        commit-revisions 100
+    }
+    console {
+        device ttyS0 {
+            speed 115200
+        }
+    }
+    host-name vyos
+    login {
+        user vyos {
+            authentication {
+                encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+                plaintext-password ""
+            }
+        }
+    }
+    ntp {
+        server time1.vyos.net {
+        }
+        server time2.vyos.net {
+        }
+        server time3.vyos.net {
+        }
+    }
+    syslog {
+        global {
+            facility all {
+                level info
+            }
+            facility protocols {
+                level debug
+            }
+        }
+    }
+}
+vpn {
+    ipsec {
+        esp-group MyESPGroup {
+            proposal 1 {
+                encryption aes128
+                hash sha1
+            }
+        }
+        ike-group MyIKEGroup {
+            proposal 1 {
+                dh-group 2
+                encryption aes128
+                hash sha1
+            }
+        }
+        ipsec-interfaces {
+            interface eth0
+        }
+        site-to-site {
+            peer 192.168.150.2 {
+                authentication {
+                    mode x509
+                    x509 {
+                        ca-cert-file ovpn_test_ca.pem
+                        cert-file ovpn_test_server.pem
+                        key {
+                            file ovpn_test_server.key
+                        }
+                    }
+                }
+                default-esp-group MyESPGroup
+                ike-group MyIKEGroup
+                local-address 192.168.150.1
+                tunnel 0 {
+                    local {
+                        prefix 172.20.0.0/24
+                    }
+                    remote {
+                        prefix 172.21.0.0/24
+                    }
+                }
+            }
+            peer 192.168.150.3 {
+                authentication {
+                    mode rsa
+                    pre-shared-secret MYSECRETKEY
+                    rsa-key-name peer2
+                }
+                default-esp-group MyESPGroup
+                ike-group MyIKEGroup
+                local-address 192.168.150.1
+                tunnel 0 {
+                    local {
+                        prefix 172.20.0.0/24
+                    }
+                    remote {
+                        prefix 172.22.0.0/24
+                    }
+                }
+            }
+        }
+    }
+    l2tp {
+        remote-access {
+            authentication {
+                local-users {
+                    username alice {
+                        password notsecure
+                    }
+                }
+                mode local
+            }
+            client-ip-pool {
+                start 192.168.255.2
+                stop 192.168.255.254
+            }
+            ipsec-settings {
+                authentication {
+                    mode x509
+                    x509 {
+                        ca-cert-file /config/auth/ovpn_test_ca.pem
+                        server-cert-file /config/auth/ovpn_test_server.pem
+                        server-key-file /config/auth/ovpn_test_server.key
+                    }
+                }
+            }
+            outside-address 192.168.150.1
+        }
+    }
+    rsa-keys {
+        local-key {
+            file /config/auth/ovpn_test_server.key
+        }
+        rsa-key-name peer2 {
+            rsa-key 0sAwEAAbudt5WQZSW2plbixjpgx4yVN/WMHdYRIZhyypJWO4ujQ/UQS9j3oTBgV2+RLtQ0YQ7eocwIfkvJVUnnZVMyZ4asQMOarQgbQ5nFGliCcDOMtNXRxHlMsvmjLx4o6FWbGukwgoxsT2x915n0XMn4XJNNSIEQotxj2GWFhEfBSPHyOM++kODk0lkbE7mLeHMMFq02vQhoczzEPWxjUUoY3jywhmHMfb4PdAKLFyt9x40znmPCYh+NSMQmpBXtD3gjGtX62bgrqKuP3BJU44x1gLlv8rJAJ4SY74YKnFUZ8m5GSbnVapwPOrp65lJZFKOGs2XXjAp5leoR+wmSYyqbDJM=
+        }
+    }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.4-rolling-202106290839
diff --git a/smoketest/configs/pki-ipsec b/smoketest/configs/pki-ipsec
deleted file mode 100644
index 6fc239d27..000000000
--- a/smoketest/configs/pki-ipsec
+++ /dev/null
@@ -1,148 +0,0 @@
-interfaces {
-    dummy dum0 {
-        address 172.20.0.1/30
-    }
-    ethernet eth0 {
-        address 192.168.150.1/24
-    }
-}
-system {
-    config-management {
-        commit-revisions 100
-    }
-    console {
-        device ttyS0 {
-            speed 115200
-        }
-    }
-    host-name vyos
-    login {
-        user vyos {
-            authentication {
-                encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
-                plaintext-password ""
-            }
-        }
-    }
-    ntp {
-        server time1.vyos.net {
-        }
-        server time2.vyos.net {
-        }
-        server time3.vyos.net {
-        }
-    }
-    syslog {
-        global {
-            facility all {
-                level info
-            }
-            facility protocols {
-                level debug
-            }
-        }
-    }
-}
-vpn {
-    ipsec {
-        esp-group MyESPGroup {
-            proposal 1 {
-                encryption aes128
-                hash sha1
-            }
-        }
-        ike-group MyIKEGroup {
-            proposal 1 {
-                dh-group 2
-                encryption aes128
-                hash sha1
-            }
-        }
-        ipsec-interfaces {
-            interface eth0
-        }
-        site-to-site {
-            peer 192.168.150.2 {
-                authentication {
-                    mode x509
-                    x509 {
-                        ca-cert-file ovpn_test_ca.pem
-                        cert-file ovpn_test_server.pem
-                        key {
-                            file ovpn_test_server.key
-                        }
-                    }
-                }
-                default-esp-group MyESPGroup
-                ike-group MyIKEGroup
-                local-address 192.168.150.1
-                tunnel 0 {
-                    local {
-                        prefix 172.20.0.0/24
-                    }
-                    remote {
-                        prefix 172.21.0.0/24
-                    }
-                }
-            }
-            peer 192.168.150.3 {
-                authentication {
-                    mode rsa
-                    pre-shared-secret MYSECRETKEY
-                    rsa-key-name peer2
-                }
-                default-esp-group MyESPGroup
-                ike-group MyIKEGroup
-                local-address 192.168.150.1
-                tunnel 0 {
-                    local {
-                        prefix 172.20.0.0/24
-                    }
-                    remote {
-                        prefix 172.22.0.0/24
-                    }
-                }
-            }
-        }
-    }
-    l2tp {
-        remote-access {
-            authentication {
-                local-users {
-                    username alice {
-                        password notsecure
-                    }
-                }
-                mode local
-            }
-            client-ip-pool {
-                start 192.168.255.2
-                stop 192.168.255.254
-            }
-            ipsec-settings {
-                authentication {
-                    mode x509
-                    x509 {
-                        ca-cert-file /config/auth/ovpn_test_ca.pem
-                        server-cert-file /config/auth/ovpn_test_server.pem
-                        server-key-file /config/auth/ovpn_test_server.key
-                    }
-                }
-            }
-            outside-address 192.168.150.1
-        }
-    }
-    rsa-keys {
-        local-key {
-            file /config/auth/ovpn_test_server.key
-        }
-        rsa-key-name peer2 {
-            rsa-key 0sAwEAAbudt5WQZSW2plbixjpgx4yVN/WMHdYRIZhyypJWO4ujQ/UQS9j3oTBgV2+RLtQ0YQ7eocwIfkvJVUnnZVMyZ4asQMOarQgbQ5nFGliCcDOMtNXRxHlMsvmjLx4o6FWbGukwgoxsT2x915n0XMn4XJNNSIEQotxj2GWFhEfBSPHyOM++kODk0lkbE7mLeHMMFq02vQhoczzEPWxjUUoY3jywhmHMfb4PdAKLFyt9x40znmPCYh+NSMQmpBXtD3gjGtX62bgrqKuP3BJU44x1gLlv8rJAJ4SY74YKnFUZ8m5GSbnVapwPOrp65lJZFKOGs2XXjAp5leoR+wmSYyqbDJM=
-        }
-    }
-}
-
-
-// Warning: Do not remove the following line.
-// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
-// Release version: 1.4-rolling-202106290839
-- 
cgit v1.2.3


From 9375ded103b4747c9a23965687af3e7289e8721d Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Wed, 25 May 2022 09:21:37 -0500
Subject: configtest: T4382: missing 'ipv4-options' in 'interfaces openvpn'

As a result of the firewall/5-to-6 migration script,
'firewall options interface vtun0 adjust-mss'
is moved to:
'interfaces openvpn vtun0 ip adjust-mss 1380'
however, interfaces-openvpn.xml.in is missing the include file
ipv4-options.xml.i. Add missing include file.
---
 interface-definitions/interfaces-openvpn.xml.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index edcf7b37f..bfad6d70f 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -167,6 +167,7 @@
               </leafNode>
             </children>
           </node>
+          #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
           #include <include/interface/mirror.xml.i>
           <leafNode name="hash">
-- 
cgit v1.2.3


From d8ce60dd846792fec76af92151d470a4169f163d Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Wed, 25 May 2022 10:21:25 -0500
Subject: configtest: T4382: missing block in migration script vrf/0-to-1

The config vrf-basic reveals a missing block in the migration script
vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in
Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in
vrf-ospf.
---
 smoketest/configs/vrf-basic      |  1 -
 src/migration-scripts/vrf/0-to-1 | 10 ++++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/smoketest/configs/vrf-basic b/smoketest/configs/vrf-basic
index ded33f683..20ac7a92f 100644
--- a/smoketest/configs/vrf-basic
+++ b/smoketest/configs/vrf-basic
@@ -196,7 +196,6 @@ system {
             }
         }
     }
-    nt
     ntp {
         server 0.pool.ntp.org {
         }
diff --git a/src/migration-scripts/vrf/0-to-1 b/src/migration-scripts/vrf/0-to-1
index 2b41ef3c7..5df751113 100755
--- a/src/migration-scripts/vrf/0-to-1
+++ b/src/migration-scripts/vrf/0-to-1
@@ -114,6 +114,16 @@ for vrf in config.list_nodes(base):
                     if config.exists(vrf_path):
                         config.rename(vrf_path, 'vrf')
 
+            next_hop = route_path + [route, 'interface']
+            if config.exists(next_hop):
+                for interface in config.list_nodes(next_hop):
+                    interface_path = next_hop + [interface, 'next-hop-interface']
+                    if config.exists(interface_path):
+                        config.rename(interface_path, 'interface')
+                    vrf_path = next_hop + [interface, 'next-hop-vrf']
+                    if config.exists(vrf_path):
+                        config.rename(vrf_path, 'vrf')
+
 try:
     with open(file_name, 'w') as f:
         f.write(config.to_string())
-- 
cgit v1.2.3


From ac9d01365a9fd41003b4b8427348a3c3102341f5 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Wed, 25 May 2022 11:01:48 -0500
Subject: configtest: T4382: no migration to 'bgp local-as' under vrf

The migration script bgp/0-to-1 did not address
'protocols bgp ASN' -> 'protocols bgp local-as ASN'
under a vrf. Move to configs.no-load for review on extending/adding a
migration script.
---
 smoketest/configs.no-load/vrf-bgp | 166 ++++++++++++++++++++++++++++++++++++++
 smoketest/configs/vrf-bgp         | 166 --------------------------------------
 2 files changed, 166 insertions(+), 166 deletions(-)
 create mode 100644 smoketest/configs.no-load/vrf-bgp
 delete mode 100644 smoketest/configs/vrf-bgp

diff --git a/smoketest/configs.no-load/vrf-bgp b/smoketest/configs.no-load/vrf-bgp
new file mode 100644
index 000000000..4ad372a36
--- /dev/null
+++ b/smoketest/configs.no-load/vrf-bgp
@@ -0,0 +1,166 @@
+interfaces {
+    ethernet eth0 {
+        address 192.0.2.1/24
+    }
+     ethernet eth1 {
+         vrf black
+     }
+     ethernet eth2 {
+         vrf black
+     }
+}
+protocols {
+    ospf {
+        area 0 {
+            network 192.0.2.0/24
+        }
+        interface eth0 {
+            authentication {
+                md5 {
+                    key-id 10 {
+                        md5-key ospfkey
+                    }
+                }
+            }
+        }
+        log-adjacency-changes {
+        }
+        parameters {
+            abr-type cisco
+            router-id 1.2.3.4
+        }
+        passive-interface default
+        passive-interface-exclude eth0
+    }
+}
+system {
+    config-management {
+        commit-revisions 100
+    }
+    console {
+        device ttyS0 {
+            speed 115200
+        }
+    }
+    host-name vyos
+    login {
+        user vyos {
+            authentication {
+                encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+                plaintext-password ""
+            }
+        }
+    }
+    nt
+    ntp {
+        server 0.pool.ntp.org {
+        }
+        server 1.pool.ntp.org {
+        }
+        server 2.pool.ntp.org {
+        }
+    }
+    syslog {
+        global {
+            facility all {
+                level info
+            }
+            facility protocols {
+                level debug
+            }
+        }
+    }
+    time-zone Europe/Berlin
+}
+vrf {
+    name black {
+        protocols {
+            bgp 65000 {
+                address-family {
+                    ipv4-unicast {
+                        network 10.0.150.0/23 {
+                        }
+                    }
+                    ipv6-unicast {
+                        network 2001:db8:200::/40 {
+                        }
+                    }
+                }
+                neighbor 10.0.151.222 {
+                    disable-send-community {
+                        extended
+                        standard
+                    }
+                    address-family {
+                        ipv4-unicast {
+                            default-originate {
+                            }
+                            soft-reconfiguration {
+                                inbound
+                            }
+                        }
+                    }
+                    capability {
+                        dynamic
+                    }
+                    remote-as 65010
+                }
+                neighbor 10.0.151.252 {
+                    peer-group VYOSv4
+                }
+                neighbor 10.0.151.254 {
+                    peer-group VYOSv4
+                }
+                neighbor 2001:db8:200:ffff::3 {
+                    peer-group VYOSv6
+                }
+                neighbor 2001:db8:200:ffff::a {
+                    peer-group VYOSv6
+                }
+                neighbor 2001:db8:200:ff::101:2 {
+                    remote-as 65010
+                }
+                parameters {
+                    default {
+                        no-ipv4-unicast
+                    }
+                    log-neighbor-changes
+                    router-id 10.0.151.251
+                }
+                peer-group VYOSv4 {
+                    address-family {
+                        ipv4-unicast {
+                            nexthop-self {
+                            }
+                        }
+                    }
+                    capability {
+                        dynamic
+                    }
+                    remote-as 65000
+                    update-source dum0
+                }
+                peer-group VYOSv6 {
+                    address-family {
+                        ipv6-unicast {
+                            nexthop-self {
+                            }
+                        }
+                    }
+                    capability {
+                        dynamic
+                    }
+                    remote-as 65000
+                    update-source dum0
+                }
+            }
+
+        }
+        table 2000
+    }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.4-rolling-202103130218
diff --git a/smoketest/configs/vrf-bgp b/smoketest/configs/vrf-bgp
deleted file mode 100644
index 4ad372a36..000000000
--- a/smoketest/configs/vrf-bgp
+++ /dev/null
@@ -1,166 +0,0 @@
-interfaces {
-    ethernet eth0 {
-        address 192.0.2.1/24
-    }
-     ethernet eth1 {
-         vrf black
-     }
-     ethernet eth2 {
-         vrf black
-     }
-}
-protocols {
-    ospf {
-        area 0 {
-            network 192.0.2.0/24
-        }
-        interface eth0 {
-            authentication {
-                md5 {
-                    key-id 10 {
-                        md5-key ospfkey
-                    }
-                }
-            }
-        }
-        log-adjacency-changes {
-        }
-        parameters {
-            abr-type cisco
-            router-id 1.2.3.4
-        }
-        passive-interface default
-        passive-interface-exclude eth0
-    }
-}
-system {
-    config-management {
-        commit-revisions 100
-    }
-    console {
-        device ttyS0 {
-            speed 115200
-        }
-    }
-    host-name vyos
-    login {
-        user vyos {
-            authentication {
-                encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
-                plaintext-password ""
-            }
-        }
-    }
-    nt
-    ntp {
-        server 0.pool.ntp.org {
-        }
-        server 1.pool.ntp.org {
-        }
-        server 2.pool.ntp.org {
-        }
-    }
-    syslog {
-        global {
-            facility all {
-                level info
-            }
-            facility protocols {
-                level debug
-            }
-        }
-    }
-    time-zone Europe/Berlin
-}
-vrf {
-    name black {
-        protocols {
-            bgp 65000 {
-                address-family {
-                    ipv4-unicast {
-                        network 10.0.150.0/23 {
-                        }
-                    }
-                    ipv6-unicast {
-                        network 2001:db8:200::/40 {
-                        }
-                    }
-                }
-                neighbor 10.0.151.222 {
-                    disable-send-community {
-                        extended
-                        standard
-                    }
-                    address-family {
-                        ipv4-unicast {
-                            default-originate {
-                            }
-                            soft-reconfiguration {
-                                inbound
-                            }
-                        }
-                    }
-                    capability {
-                        dynamic
-                    }
-                    remote-as 65010
-                }
-                neighbor 10.0.151.252 {
-                    peer-group VYOSv4
-                }
-                neighbor 10.0.151.254 {
-                    peer-group VYOSv4
-                }
-                neighbor 2001:db8:200:ffff::3 {
-                    peer-group VYOSv6
-                }
-                neighbor 2001:db8:200:ffff::a {
-                    peer-group VYOSv6
-                }
-                neighbor 2001:db8:200:ff::101:2 {
-                    remote-as 65010
-                }
-                parameters {
-                    default {
-                        no-ipv4-unicast
-                    }
-                    log-neighbor-changes
-                    router-id 10.0.151.251
-                }
-                peer-group VYOSv4 {
-                    address-family {
-                        ipv4-unicast {
-                            nexthop-self {
-                            }
-                        }
-                    }
-                    capability {
-                        dynamic
-                    }
-                    remote-as 65000
-                    update-source dum0
-                }
-                peer-group VYOSv6 {
-                    address-family {
-                        ipv6-unicast {
-                            nexthop-self {
-                            }
-                        }
-                    }
-                    capability {
-                        dynamic
-                    }
-                    remote-as 65000
-                    update-source dum0
-                }
-            }
-
-        }
-        table 2000
-    }
-}
-
-
-// Warning: Do not remove the following line.
-// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
-// Release version: 1.4-rolling-202103130218
-- 
cgit v1.2.3