1.2.4 is a maintenance release made in December 2019.
- T258 Can not configure wan load-balancing on vyos-1.2
- T818 SNMP v3 - remove required engineid from user node
- T1030 Upgrade ddclient from 3.8.2 to 3.9.0 (support Cloudflare API v4)
- T1183 BFD Support via FRR
- T1299 Allow SNMPd to be extended with custom scripts
- T1351 accel-pppoe adding CIDR based IP pool option
- T1391 In route-map set community additive
- T1394 syslog systemd and host_name.py race condition
- T1401 Copying files with the FTP protocol fails if the password contains special characters
- T1421 OpenVPN client push-route stopped working, needs added quotes to fix
- T1447 Python subprocess called without import in host_name.py
- T1470 improve output of “show dhcpv6 server leases”
- T1485 Enable ‘AdvIntervalOpt’ option in for radvd.conf
- T1496 Separate rolling release and LTS kernel builds
- T1560 “set load-balancing wan rule 0” causes segfault and prevents load balancing from starting
- T1568 strip-private command improvement for additional masking of IPv6 and MAC address
- T1578 completion offers “show table”, but show table does not exist
- T1593 Support ip6gre
- T1597 /usr/sbin/rsyslogd after deleting “system syslog”
- T1638 vyos-hostsd not setting system domain name
- T1678 hostfile-update missing line feed
- T1694 NTPd: Do not listen on all interfaces by default
- T1701 Delete domain-name and domain-search won’t work
- T1705 High CPU usage by bgpd when snmp is active
- T1707 DHCP static mapping and exclude address not working
- T1708 Update Rolling Release Kernel to 4.19.76
- T1709 Update WireGuard to 0.0.20190913
- T1716 Update Intel NIC drivers to recent versions
- T1726 Update Linux Firmware binaries to a more recent version 2019-03-14 -> 2019-10-07
- T1728 Update Linux Kernel to 4.19.79
- T1737 SNMP tab completion missing
- T1738 Copy SNMP configuration from node to node raises exception
- T1740 Broken OSPFv2 virtual-link authentication
- T1742 NHRP unable to commit.
- T1745 dhcp-server commit fails with “DHCP range stop address x must be greater or equal to the range start address y!” when static mapping has same IP as range stop
- T1749 numeric validator doesn’t support multiple ranges
- T1769 Remove complex SNMPv3 Transport Security Model (TSM)
- T1772 <regex> constraints in XML are partially broken
- T1778 Kilobits/Megabits difference in configuration Vyos/FRR
- T1780 Adding ipsec ike closeaction
- T1786 disable-dhcp-nameservers is missed in current host_name.py implementation
- T1788 Intel QAT (QuickAssist Technology ) implementation
- T1792 Update WireGuard to Debian release 0.0.20191012-1
- T1800 Update Linux Kernel to v4.19.84
- T1809 Wireless: SSID scan does not work in AP mode
- T1811 Upgrade from 1.1.8: Config file migration failed: module=l2tp
- T1812 DHCP: hostnames of clients not resolving after update v1.2.3 -> 1.2-rolling
- T1819 Reboot kills SNMPv3 configuration
- T1822 Priority inversion wireless interface dhcpv6
- T1836 import-conf-mode-commands in vyos-1x/scripts fails to create an xml
- T1839 LLDP shows “VyOS unknown” instead of “VyOS”
- T1841 PPP ipv6-up.d direcotry missing
- T1893 igmp-proxy: Do not allow adding unknown interface
- T1904 update eth1 and eth2 link files for the vep4600
1.2.3 is a maintenance and feature backport release made in September 2019.
- HTTP API
- “set service dns forwarding allow-from <IPv4 net|IPv6 net>” option for limiting queries to specific client networks (T1524)
- Functions for checking if a commit is in progress (T1503)
- “set system contig-mangement commit-archive source-address” option (T1543)
- Intel NIC drivers now support receive side scaling and multiqueue (T1554)
- OSPF max-metric values over 100 no longer causes commit errors (T1209)
- Fixes issue with DNS forwarding not performing recursive lookups on domain specific forwarders (T1333)
- Special characters in VRRP passwords are handled correctly (T1362)
- BGP weight is applied properly (T1377)
- Fixed permission for log files (T1420)
- Wireguard interfaces now support /31 addresses (T1425)
- Wireguard correctly handles firewall marks (T1428)
- DHCPv6 static mappings now work correctly (T1439)
- Flood ping commands now works correctly (T1450)
- Op mode “show firewall” commands now support counters longer than 8 digits (T1460)
- Fixed priority inversion in VTI commands (T1465)
- Fixed remote-as check in the BGP route-reflector-client option (T1468)
- It’s now possible to re-create VRRP groups with RFC compatibility mode enabled (T1472)
- Fixed a typo in DHCPv6 server help strings (T1527)
- Unnumbered BGP peers now support VLAN interfaces (T1529)
- Fixed “set system syslog global archive file” command (T1530)
- Multiple fixes in cluster configuration scripts (T1531)
- Fixed missing help text for “service dns” (T1537)
- Fixed input validation in DHCPv6 relay options (T1541)
- It’s now possible to create a QinQ interface and a firewall assigned to it in one commit (T1551)
- URL filtering now uses correct rule database path and works again (T1559)
- “show log vpn ipsec” command works again (T1579)
- “show arp interface <intf>” command works again (T1576)
- Fixed regression in L2TP/IPsec server (T1605)
- Netflow/sFlow captures IPv6 traffic correctly (T1613)
- “renew dhcpv6” command now works from op mode (T1616)
- BGP remove-private-as option iBGP vs eBGP check works correctly now (T1642)
- Multiple improvements in name servers and hosts configuration handling (T1540, T1360, T1264, T1623)
/etc/resolv.conf and /etc/hosts files are now managed by the vyos-hostsd service that listens on a ZMQ socket for update messages.
1.2.2 is a maintenance release made in July 2019.
- Options for per-interface MSS clamping.
- BGP extended next-hop capability
- Relaxed BGP multipath option
- Internal and external options for “remote-as” (accept any AS as long as it’s the same to this router or different, respectively)
- “Unnumbered” (interface-based) BGP peers
- BGP no-prepend option
- Additive BGP community option
- OSPFv3 network type option
- Custom arguments for VRRP scripts
- A script for querying values from config files
- Linux kernel 4.19.54, including a fix for the TCP SACK vulnerability
- VRRP health-check scripts now can use arguments (T1371)
- DNS server addresses coming from a DHCP server are now correctly propagated to resolv.conf (T1497)
- Domain-specific name servers in DNS forwarding are now used for recursive queries (T1469)
- “run show dhcpv6 server leases” now display leases correctly (T1433)
- Deleting “firewall options” node no longer causes errors (T1461)
- Correct hostname is sent to remote syslog again (T1458)
- Board serial number from DMI is correctly displayed in “show version” (T1438)
- Multiple corrections in remote syslog config (T1358, T1355, T1294)
- Fixed missing newline in /etc/hosts (T1255)
- “system domain-name” is correctly included in /etc/resolv.conf (T1174)
- Fixed priority inversion in “interfaces vti vtiX ip” settings (T1465)
- Fixed errors when installing with RAID1 on UEFI machines (T1446)
- Fixed an error on disabling an interfaces that has no address (T1387)
- Fixed deleting VLAN interface with non-default MTU (T1367)
- vyos.config return_effective_values() function now correctly returns a list rather than a string (T1505)
VyOS 1.2.1 is a maintenance release made in April 2019.
- Package updates: kernel 4.19.32, open-vm-tools 10.3, latest Intel NIC drivers.
- The kernel now includes drivers for various USB serial adapters, which allows people to add a serial console to a machine without onboard RS232, or connect to something else from the router (T1326).
- The collection of network card firmware is now much more extensive.
- VRRP now correctly uses a virtual rather than physical MAC addresses in the RFC-compliant mode (T1271).
- DHCP WPAD URL option works correctly again (T1330)
- Many to many NAT rules now can use source/destination and translation networks of non-matching size (T1312). If 1:1 network bits translation is desired, it’s now user’s responsibility to check if prefix length matches.
- IPv6 network prefix translation is fixed (T1290).
- Non-alphanumeric characters such as “>” can now be safely used in PPPoE passwords (T1308).
- “show | commands” no longer fails when a config section ends with a leaf node such as “timezone” in “show system | commands” (T1305).
- “show | commands” correctly works in config mode now (T1235).
- VTI is now compatible with the DHCP-interface IPsec option (T1298).
- “show dhcp server statistics” command was broken in latest Crux (T1277).
- An issue with TFTP server refusing to listen on addresses other than loopback was fixed (T1261).
- Template issue that might cause UDP broadcast relay fail to start is fixed (T1224).
- VXLAN value validation is improved (T1067).
- Blank hostnames in DHCP updates no longer can crash DNS forwarding (T1211).
- Correct configuration is now generated for DHCPv6 relays with more than one upstream interface (T1322).
- “relay-agents-packets” option works correctly now (T1234).
- Dynamic DNS data is now cleaned on configuration change (T1231).
- Remote Syslog can now use a fully qualified domain name (T1282).
- ACPI power off works again (T1279).
- Negation in WAN load balancing rules works again (T1247).
- FRR’s staticd now starts on boot correctly (T1218).
- The installer now correctly detects SD card devices (T1296).
- Wireguard peers can be disabled now (T1225).
- The issue with wireguard interfaces impossible to delete is fixed (T1217).
- Unintended IPv6 access is fixed in SNMP configuration (T1160).
- It’s now possible to exclude hosts from the transparent web proxy (T1060).
- An issue with rules impossible to delete from the zone-based firewall is fixed (T484).