Release Notes

1.2 (Crux)

1.2.4

1.2.4 is a maintenance release made in December 2019.

Resolved issues

  • T258 Can not configure wan load-balancing on vyos-1.2
  • T818 SNMP v3 - remove required engineid from user node
  • T1030 Upgrade ddclient from 3.8.2 to 3.9.0 (support Cloudflare API v4)
  • T1183 BFD Support via FRR
  • T1299 Allow SNMPd to be extended with custom scripts
  • T1351 accel-pppoe adding CIDR based IP pool option
  • T1391 In route-map set community additive
  • T1394 syslog systemd and host_name.py race condition
  • T1401 Copying files with the FTP protocol fails if the password contains special characters
  • T1421 OpenVPN client push-route stopped working, needs added quotes to fix
  • T1430 Add options for custom DHCP client-id and hostname
  • T1447 Python subprocess called without import in host_name.py
  • T1470 improve output of “show dhcpv6 server leases”
  • T1485 Enable ‘AdvIntervalOpt’ option in for radvd.conf
  • T1496 Separate rolling release and LTS kernel builds
  • T1560 “set load-balancing wan rule 0” causes segfault and prevents load balancing from starting
  • T1568 strip-private command improvement for additional masking of IPv6 and MAC address
  • T1578 completion offers “show table”, but show table does not exist
  • T1593 Support ip6gre
  • T1597 /usr/sbin/rsyslogd after deleting “system syslog”
  • T1638 vyos-hostsd not setting system domain name
  • T1678 hostfile-update missing line feed
  • T1694 NTPd: Do not listen on all interfaces by default
  • T1701 Delete domain-name and domain-search won’t work
  • T1705 High CPU usage by bgpd when snmp is active
  • T1707 DHCP static mapping and exclude address not working
  • T1708 Update Rolling Release Kernel to 4.19.76
  • T1709 Update WireGuard to 0.0.20190913
  • T1716 Update Intel NIC drivers to recent versions
  • T1726 Update Linux Firmware binaries to a more recent version 2019-03-14 -> 2019-10-07
  • T1728 Update Linux Kernel to 4.19.79
  • T1737 SNMP tab completion missing
  • T1738 Copy SNMP configuration from node to node raises exception
  • T1740 Broken OSPFv2 virtual-link authentication
  • T1742 NHRP unable to commit.
  • T1745 dhcp-server commit fails with “DHCP range stop address x must be greater or equal to the range start address y!” when static mapping has same IP as range stop
  • T1749 numeric validator doesn’t support multiple ranges
  • T1769 Remove complex SNMPv3 Transport Security Model (TSM)
  • T1772 <regex> constraints in XML are partially broken
  • T1778 Kilobits/Megabits difference in configuration Vyos/FRR
  • T1780 Adding ipsec ike closeaction
  • T1786 disable-dhcp-nameservers is missed in current host_name.py implementation
  • T1788 Intel QAT (QuickAssist Technology ) implementation
  • T1792 Update WireGuard to Debian release 0.0.20191012-1
  • T1800 Update Linux Kernel to v4.19.84
  • T1809 Wireless: SSID scan does not work in AP mode
  • T1811 Upgrade from 1.1.8: Config file migration failed: module=l2tp
  • T1812 DHCP: hostnames of clients not resolving after update v1.2.3 -> 1.2-rolling
  • T1819 Reboot kills SNMPv3 configuration
  • T1822 Priority inversion wireless interface dhcpv6
  • T1825 Improve DHCP configuration error message
  • T1836 import-conf-mode-commands in vyos-1x/scripts fails to create an xml
  • T1839 LLDP shows “VyOS unknown” instead of “VyOS”
  • T1841 PPP ipv6-up.d direcotry missing
  • T1893 igmp-proxy: Do not allow adding unknown interface
  • T1903 Implementation udev predefined interface naming
  • T1904 update eth1 and eth2 link files for the vep4600

1.2.3

1.2.3 is a maintenance and feature backport release made in September 2019.

New features

  • HTTP API
  • T1524 “set service dns forwarding allow-from <IPv4 net|IPv6 net>” option for limiting queries to specific client networks
  • T1503 Functions for checking if a commit is in progress
  • T1543 “set system contig-mangement commit-archive source-address” option
  • T1554 Intel NIC drivers now support receive side scaling and multiqueue

Resolved issues

  • T1209 OSPF max-metric values over 100 no longer causes commit errors
  • T1333 Fixes issue with DNS forwarding not performing recursive lookups on domain specific forwarders
  • T1362 Special characters in VRRP passwords are handled correctly
  • T1377 BGP weight is applied properly
  • T1420 Fixed permission for log files
  • T1425 Wireguard interfaces now support /31 addresses
  • T1428 Wireguard correctly handles firewall marks
  • T1439 DHCPv6 static mappings now work correctly
  • T1450 Flood ping commands now works correctly
  • T1460 Op mode “show firewall” commands now support counters longer than 8 digits (T1460)
  • T1465 Fixed priority inversion in VTI commands
  • T1468 Fixed remote-as check in the BGP route-reflector-client option
  • T1472 It’s now possible to re-create VRRP groups with RFC compatibility mode enabled
  • T1527 Fixed a typo in DHCPv6 server help strings
  • T1529 Unnumbered BGP peers now support VLAN interfaces
  • T1530 Fixed “set system syslog global archive file” command
  • T1531 Multiple fixes in cluster configuration scripts
  • T1537 Fixed missing help text for “service dns”
  • T1541 Fixed input validation in DHCPv6 relay options
  • T1551 It’s now possible to create a QinQ interface and a firewall assigned to it in one commit
  • T1559 URL filtering now uses correct rule database path and works again
  • T1579 “show log vpn ipsec” command works again
  • T1576 “show arp interface <intf>” command works again
  • T1605 Fixed regression in L2TP/IPsec server
  • T1613 Netflow/sFlow captures IPv6 traffic correctly
  • T1616 “renew dhcpv6” command now works from op mode
  • T1642 BGP remove-private-as option iBGP vs eBGP check works correctly now
  • T1540, T1360, T1264, T1623 Multiple improvements in name servers and hosts configuration handling

Internals

/etc/resolv.conf and /etc/hosts files are now managed by the vyos-hostsd service that listens on a ZMQ socket for update messages.

1.2.2

1.2.2 is a maintenance release made in July 2019.

New features

  • Options for per-interface MSS clamping.
  • BGP extended next-hop capability
  • Relaxed BGP multipath option
  • Internal and external options for “remote-as” (accept any AS as long as it’s the same to this router or different, respectively)
  • “Unnumbered” (interface-based) BGP peers
  • BGP no-prepend option
  • Additive BGP community option
  • OSPFv3 network type option
  • Custom arguments for VRRP scripts
  • A script for querying values from config files

Resolved issues

  • Linux kernel 4.19.54, including a fix for the TCP SACK vulnerability
  • T1371 VRRP health-check scripts now can use arguments
  • T1497 DNS server addresses coming from a DHCP server are now correctly propagated to resolv.conf
  • T1469 Domain-specific name servers in DNS forwarding are now used for recursive queries
  • T1433 run show dhcpv6 server leases now display leases correctly
  • T1461 Deleting firewall options node no longer causes errors
  • T1458 Correct hostname is sent to remote syslog again
  • T1438 Board serial number from DMI is correctly displayed in show version
  • T1358, T1355, T1294 Multiple corrections in remote syslog config
  • T1255 Fixed missing newline in /etc/hosts
  • T1174 system domain-name is correctly included in /etc/resolv.conf
  • T1465 Fixed priority inversion in interfaces vti vtiX ip settings
  • T1446 Fixed errors when installing with RAID1 on UEFI machines
  • T1387 Fixed an error on disabling an interfaces that has no address
  • T1367 Fixed deleting VLAN interface with non-default MTU
  • T1505 vyos.config return_effective_values() function now correctly returns a list rather than a string

1.2.1

VyOS 1.2.1 is a maintenance release made in April 2019.

Resolved issues

  • Package updates: kernel 4.19.32, open-vm-tools 10.3, latest Intel NIC drivers
  • T1326 The kernel now includes drivers for various USB serial adapters, which allows people to add a serial console to a machine without onboard RS232, or connect to something else from the router
  • The collection of network card firmware is now much more extensive
  • T1271 VRRP now correctly uses a virtual rather than physical MAC addresses in the RFC-compliant mode
  • T1330 DHCP WPAD URL option works correctly again
  • T1312 Many to many NAT rules now can use source/destination and translation networks of non-matching size. If 1:1 network bits translation is desired, it’s now users responsibility to check if prefix length matches.
  • T1290 IPv6 network prefix translation is fixed
  • T1308 Non-alphanumeric characters such as > can now be safely used in PPPoE passwords
  • T1305 show | commands no longer fails when a config section ends with a leaf node such as timezone in show system | commands
  • T1235 show | commands correctly works in config mode now
  • T1298 VTI is now compatible with the DHCP-interface IPsec option
  • T1277 show dhcp server statistics command was broken in latest Crux
  • T1261 An issue with TFTP server refusing to listen on addresses other than loopback was fixed
  • T1224 Template issue that might cause UDP broadcast relay fail to start is fixed
  • T1067 VXLAN value validation is improved
  • T1211 Blank hostnames in DHCP updates no longer can crash DNS forwarding
  • T1322 Correct configuration is now generated for DHCPv6 relays with more than one upstream interface
  • T1234 relay-agents-packets option works correctly now
  • T1231 Dynamic DNS data is now cleaned on configuration change
  • T1282 Remote Syslog can now use a fully qualified domain name
  • T1279 ACPI power off works again
  • T1247 Negation in WAN load balancing rules works again
  • T1218 FRR staticd now starts on boot correctly
  • T1296 The installer now correctly detects SD card devices
  • T1225 Wireguard peers can be disabled now
  • T1217 The issue with Wireguard interfaces impossible to delete is fixed
  • T1160 Unintended IPv6 access is fixed in SNMP configuration
  • T1060 It’s now possible to exclude hosts from the transparent web proxy
  • T484 An issue with rules impossible to delete from the zone-based firewall is fixed

Earlier releases

See the wiki.