1.2.3

1.2.3 is a maintenance and feature backport release made in September 2019.

New features

  • HTTP API
  • T1524 “set service dns forwarding allow-from <IPv4 net|IPv6 net>” option for limiting queries to specific client networks
  • T1503 Functions for checking if a commit is in progress
  • T1543 “set system contig-mangement commit-archive source-address” option
  • T1554 Intel NIC drivers now support receive side scaling and multiqueue

Resolved issues

  • T1209 OSPF max-metric values over 100 no longer causes commit errors
  • T1333 Fixes issue with DNS forwarding not performing recursive lookups on domain specific forwarders
  • T1362 Special characters in VRRP passwords are handled correctly
  • T1377 BGP weight is applied properly
  • T1420 Fixed permission for log files
  • T1425 Wireguard interfaces now support /31 addresses
  • T1428 Wireguard correctly handles firewall marks
  • T1439 DHCPv6 static mappings now work correctly
  • T1450 Flood ping commands now works correctly
  • T1460 Op mode “show firewall” commands now support counters longer than 8 digits (T1460)
  • T1465 Fixed priority inversion in VTI commands
  • T1468 Fixed remote-as check in the BGP route-reflector-client option
  • T1472 It’s now possible to re-create VRRP groups with RFC compatibility mode enabled
  • T1527 Fixed a typo in DHCPv6 server help strings
  • T1529 Unnumbered BGP peers now support VLAN interfaces
  • T1530 Fixed “set system syslog global archive file” command
  • T1531 Multiple fixes in cluster configuration scripts
  • T1537 Fixed missing help text for “service dns”
  • T1541 Fixed input validation in DHCPv6 relay options
  • T1551 It’s now possible to create a QinQ interface and a firewall assigned to it in one commit
  • T1559 URL filtering now uses correct rule database path and works again
  • T1579 “show log vpn ipsec” command works again
  • T1576 “show arp interface <intf>” command works again
  • T1605 Fixed regression in L2TP/IPsec server
  • T1613 Netflow/sFlow captures IPv6 traffic correctly
  • T1616 “renew dhcpv6” command now works from op mode
  • T1642 BGP remove-private-as option iBGP vs eBGP check works correctly now
  • T1540, T1360, T1264, T1623 Multiple improvements in name servers and hosts configuration handling

Internals

/etc/resolv.conf and /etc/hosts files are now managed by the vyos-hostsd service that listens on a ZMQ socket for update messages.