1.2.3 is a maintenance and feature backport release made in September 2019.

New features


  • T1524 “set service dns forwarding allow-from <IPv4 net|IPv6 net>” option for limiting queries to specific client networks

  • T1503 Functions for checking if a commit is in progress

  • T1543 “set system contig-mangement commit-archive source-address” option

  • T1554 Intel NIC drivers now support receive side scaling and multiqueue

Resolved issues

  • T1209 OSPF max-metric values over 100 no longer causes commit errors

  • T1333 Fixes issue with DNS forwarding not performing recursive lookups on domain specific forwarders

  • T1362 Special characters in VRRP passwords are handled correctly

  • T1377 BGP weight is applied properly

  • T1420 Fixed permission for log files

  • T1425 Wireguard interfaces now support /31 addresses

  • T1428 Wireguard correctly handles firewall marks

  • T1439 DHCPv6 static mappings now work correctly

  • T1450 Flood ping commands now works correctly

  • T1460 Op mode “show firewall” commands now support counters longer than 8 digits (T1460)

  • T1465 Fixed priority inversion in VTI commands

  • T1468 Fixed remote-as check in the BGP route-reflector-client option

  • T1472 It’s now possible to re-create VRRP groups with RFC compatibility mode enabled

  • T1527 Fixed a typo in DHCPv6 server help strings

  • T1529 Unnumbered BGP peers now support VLAN interfaces

  • T1530 Fixed “set system syslog global archive file” command

  • T1531 Multiple fixes in cluster configuration scripts

  • T1537 Fixed missing help text for “service dns”

  • T1541 Fixed input validation in DHCPv6 relay options

  • T1551 It’s now possible to create a QinQ interface and a firewall assigned to it in one commit

  • T1559 URL filtering now uses correct rule database path and works again

  • T1579 “show log vpn ipsec” command works again

  • T1576 “show arp interface <intf>” command works again

  • T1605 Fixed regression in L2TP/IPsec server

  • T1613 Netflow/sFlow captures IPv6 traffic correctly

  • T1616 “renew dhcpv6” command now works from op mode

  • T1642 BGP remove-private-as option iBGP vs eBGP check works correctly now

  • T1540, T1360, T1264, T1623 Multiple improvements in name servers and hosts configuration handling


/etc/resolv.conf and /etc/hosts files are now managed by the vyos-hostsd service that listens on a ZMQ socket for update messages.