1.2.3¶
1.2.3 is a maintenance and feature backport release made in September 2019.
New features¶
- HTTP API
- T1524 “set service dns forwarding allow-from <IPv4 net|IPv6 net>” option for limiting queries to specific client networks
- T1503 Functions for checking if a commit is in progress
- T1543 “set system contig-mangement commit-archive source-address” option
- T1554 Intel NIC drivers now support receive side scaling and multiqueue
Resolved issues¶
- T1209 OSPF max-metric values over 100 no longer causes commit errors
- T1333 Fixes issue with DNS forwarding not performing recursive lookups on domain specific forwarders
- T1362 Special characters in VRRP passwords are handled correctly
- T1377 BGP weight is applied properly
- T1420 Fixed permission for log files
- T1425 Wireguard interfaces now support /31 addresses
- T1428 Wireguard correctly handles firewall marks
- T1439 DHCPv6 static mappings now work correctly
- T1450 Flood ping commands now works correctly
- T1460 Op mode “show firewall” commands now support counters longer than 8 digits (T1460)
- T1465 Fixed priority inversion in VTI commands
- T1468 Fixed remote-as check in the BGP route-reflector-client option
- T1472 It’s now possible to re-create VRRP groups with RFC compatibility mode enabled
- T1527 Fixed a typo in DHCPv6 server help strings
- T1529 Unnumbered BGP peers now support VLAN interfaces
- T1530 Fixed “set system syslog global archive file” command
- T1531 Multiple fixes in cluster configuration scripts
- T1537 Fixed missing help text for “service dns”
- T1541 Fixed input validation in DHCPv6 relay options
- T1551 It’s now possible to create a QinQ interface and a firewall assigned to it in one commit
- T1559 URL filtering now uses correct rule database path and works again
- T1579 “show log vpn ipsec” command works again
- T1576 “show arp interface <intf>” command works again
- T1605 Fixed regression in L2TP/IPsec server
- T1613 Netflow/sFlow captures IPv6 traffic correctly
- T1616 “renew dhcpv6” command now works from op mode
- T1642 BGP remove-private-as option iBGP vs eBGP check works correctly now
- T1540, T1360, T1264, T1623 Multiple improvements in name servers and hosts configuration handling
Internals¶
/etc/resolv.conf
and /etc/hosts
files are now managed by the
vyos-hostsd service that listens on a ZMQ socket for update messages.