1.3 Equuleus


  • T4653 (bug): Interface offload options not being applied correctly

  • T4061 (default): Add util function to check for completion of boot config

  • T4654 (bug): RPKI cache incorrect description

  • T4572 (bug): Add an option to force interface MTU to the value received from DHCP


  • T4647 (feature): Add Google Virtual NIC (gVNIC) support


  • T4642 (bug): proxy: hyphen not allowed in proxy URL


  • T4618 (bug): Traffic policy not set on virtual interfaces

  • T4538 (bug): Macsec does not work correctly when the interface status changes.


  • T4629 (bug): Raised ConfigErrors contain dict instead of only the dict key

  • T4632 (bug): Vlan aware bridge not working


  • T4616 (bug): openconnect: KeyError: ‘local_users’

  • T4614 (feature): OpenConnect split-dns directive


  • T4592 (bug): macsec: can not create two interfaces using the same source-interface

  • T4584 (bug): hostap: create custom package build

  • T4537 (bug): MACsec not working with cipher gcm-aes-256


  • T4565 (bug): vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249

  • T4206 (bug): Policy Based Routing with DHCP Interface Issue

  • T2763 (feature): New SNMP resource request - SNMP over TCP


  • T4579 (bug): bridge: can not delete member interface CLI option when VLAN is enabled

  • T4421 (default): Add support for floating point numbers in the numeric validator

  • T4415 (bug): Include license/copyright files in the image but remove user documentation from /usr/share/doc to reduce its size

  • T4313 (bug): “generate public-key-command” throws unhandled exceptions when it cannot retrieve the key

  • T4082 (bug): Add op mode command to restart ldpd

  • T3714 (bug): Some sysctl custom parameters disappear after reboot

  • T4260 (bug): Extend vyos.configdict.node_changed() to support recursiveness

  • T3785 (default): Add unicode support to configtree backend

  • T3507 (bug): Bond with mode LACP show u/u in show interfaces even if peer is not configured


  • T4476 (default): Next steps after installation is not communicated properly to new users


  • T4515 (default): Reduce telegraf binary size


  • T4532 (bug): Flow-accounting IPv6 server/receiver bug


  • T4571 (bug): Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces


  • T4228 (bug): bond: OS error thrown when two bonds use the same member

  • T4534 (bug): bond: bridge: error out if member interface is assigned to a VRF instance

  • T4525 (bug): Delete interface from VRF and add it to bonding error

  • T4522 (feature): bond: add ability to specify mii monitor interval via CLI

  • T4521 (bug): bond: ARP monitor interval is not configured despite set via CLI


  • T4491 (bug): Use empty string for internal name of root node of config_tree


  • T1375 (feature): Add clear dhcp server lease function


  • T4527 (bug): Prevent to create VRF name default

  • T4084 (default): Dehardcode the default login banner

  • T3864 (enhancment): Add Edgecore build to VyOS 1.3 Equuleus


  • T4507 (feature): IPoE-server add multiplier option for shaper

  • T4468 (bug): web-proxy source group cannot start with a number bug

  • T4373 (feature): PPPoE-server add multiplier option for shaper


  • T4456 (bug): NTP client in VRF tries to bind to interfaces outside VRF, logs many messages

  • T4509 (feature): Feature Request: DNS64


  • T4513 (bug): Webproxy monitor commands do not work


  • T4510 (bug): set system static-host-mapping doesn’t allow IPv4 and IPv6 for same name.

  • T2654 (bug): Multiple names unable to be assigned to the same static mapping

  • T2683 (default): no dual stack in system static-host-mapping host-name


  • T4489 (bug): MPLS sysctl not persistent for tunnel interfaces


  • T1856 (feature): Support configuring IPSec SA bytes


  • T3866 (bug): Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax


  • T1890 (feature): Metatask: rewrite flow-accounting to XML and Python


  • T2580 (feature): Support for ip pools for ippoe


  • T4447 (bug): DHCPv6 prefix delegation sla-id limited to 128

  • T4350 (bug): DMVPN opennhrp spokes dont work behind NAT


  • T4315 (feature): Telegraf - Output to prometheus


  • T4441 (bug): wwan: connection not possible after a change added after 1.3.1-S1 release


  • T4442 (feature): HTTP API add action “reset”


  • T2194 (default): “show firewall” garbled output


  • T4430 (bug): Show firewall output with visual shift default rule


  • T4377 (default): generate tech-support archive includes previous archives


  • T4100 (feature): Firewall increase maximum number of rules


  • T4405 (bug): DHCP client sometimes ignores no-default-route option of an interface


  • T1972 (feature): Allow setting interface name for virtual_ipaddress in VRRP VRID


  • T4361 (bug): vyos.config.exists() does not work for nodes with multiple values

  • T4354 (bug): Slave interfaces fall out from bonding during configuration change


  • T4395 (feature): Extend show vpn debug


  • T4369 (bug): OpenVPN: daemon not restarted on changes to “openvpn-option” CLI node

  • T4363 (bug): salt-minion: default mine_interval option is not set


  • T4388 (bug): dhcp-server: missing constraint on tftp-server-name option

  • T4366 (bug): geneve: interface is removed on changes to e.g. description


  • T4235 (default): Add config tree diff algorithm


  • T4344 (bug): DHCP statistics not matching, conf-mode generates incorrect pool name with dash

  • T4268 (bug): Elevated LA while using VyOS monitoring feature


  • T4331 (bug): IPv6 link local addresses are not configured when an interface is in a VRF

  • T4339 (bug): wwan: tab-completion results in “No such file or directory” if there is no WWAN interface

  • T4338 (bug): wwan: changing interface description should not trigger reconnect

  • T4324 (bug): wwan: check alive script should only be run via cron if a wwan interface is configured at all


  • T4330 (bug): MTU settings cannot be applied when IPv6 is disabled

  • T4346 (feature): Deprecate “system ipv6 disable” option to disable address family within OS kernel

  • T4337 (bug): isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError

  • T4319 (bug): The command “set system ipv6 disable” doesn’t work as expected.

  • T4341 (feature): login: disable user-account prior to deletion and wait until deletion is complete

  • T4336 (feature): isis: add support for MD5 authentication password on a circuit


  • T4308 (feature): Op-comm “Show log frr” to view specific protocol logs


  • T3686 (bug): Bridging OpenVPN tap with no local-address breaks


  • T4294 (bug): Adding a new openvpn-option does not restart the OpenVPN process

  • T4230 (bug): OpenVPN server configuration deleted after reboot when using a VRRP virtual-address


  • T4311 (bug): CVE-2021-4034: local privilege escalation in PolKit

  • T4310 (bug): CVE-2022-0778: infinite loop in OpenSSL certificate parsing


  • T4296 (bug): Interface config injected by Cloud-Init may interfere with VyOS native

  • T4002 (default): firewall group network-group long names restriction incorrect behavior


  • T4297 (bug): Interface configuration saving fails for ice/iavf based interfaces because they can’t change speed/duplex settings


  • T4259 (bug): The conntrackd daemon can be started wrongly


  • T4273 (bug): ssh: Upgrade from 1.2.X to 1.3.0 breaks config

  • T4115 (bug): reboot in <x> not working as expected


  • T4267 (bug): Error - Missing required “ip key” parameter


  • T4264 (bug): vxlan: interface is destroyed and rebuild on description change

  • T4263 (bug): vyos.util.leaf_node_changed() dos not honor valueLess nodes


  • T4120 (feature): [VXLAN] add ability to set multiple unicast-remotes


  • T4261 (feature): MACsec: add DHCP client support

  • T4203 (bug): Reconfigure DHCP client interface causes brief outages


  • T4258 (bug): [DHCP-SERVER] error parameter on Failover


  • T4241 (bug): ocserv openconnect looks broken in recent bulds of 1.3 Equuleus

  • T4255 (bug): Unexpected print of dict bridge on delete

  • T4240 (bug): Cannot add wlan0 to bridge via configure

  • T4154 (bug): Error add second gre tunnel with the same source interface


  • T4237 (bug): Conntrack-sync error - error adding listen-address command


  • T4201 (bug): Firewall - ICMPv6 matches not working as expected on 1.3.0

  • T3006 (bug): Accel-PPP & vlan-mon config get invalid VLAN

  • T3494 (bug): DHCPv6 leases traceback when PD using


  • T4242 (bug): ethernet speed/duplex can never be switched back to auto/auto

  • T4191 (bug): Lost access to host after VRF re-creating


  • T3872 (feature): Add configurable telegraf monitoring service

  • T4234 (bug): Show firewall partly broken in 1.3.x


  • T4165 (bug): Custom conntrack rules cannot be deleted


  • T4227 (bug): Typo in help completion of hello-time option of bridge interface


  • T4233 (bug): ssh: sync regex for allow/deny usernames to “system login”

  • T4087 (feature): IPsec IKE-group proposals limit of 10 pieces


  • T4226 (bug): VRRP transition-script does not work for groups name which contains -(minus) sign


  • T4196 (bug): DHCP server client-prefix-length parameter results in non-functional leases


  • T3643 (bug): show vpn ipsec sa doesn’t show tunnels in “down” state


  • T4198 (bug): Error shown on commit


  • T4153 (bug): Monitor bandwidth-test initiate not working


  • T4184 (bug): NTP allow-clients address doesn’t work it allows to use ntp server for all addresses


  • T4204 (feature): Update Accel-PPP to a newer revision


  • T3164 (bug): console-server ssh does not work with RADIUS PAM auth


  • T4183 (feature): IPv6 link-local address not accepted as wireguard peer

  • T4110 (feature): [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0


  • T4168 (bug): IPsec VPN is impossible to restart when DMVPN is configured

  • T4167 (bug): DMVPN apply wrong param on the first configuration

  • T4152 (bug): NHRP shortcut-target holding-time does not work


  • T3299 (bug): Allow the web proxy service to listen on all IP addresses

  • T3115 (feature): Add support for firewall on L3 VIF bridge interface


  • T3822 (bug): OpenVPN processes do not have permission to read key files generated with run generate openvpn key

  • T4142 (bug): Input ifbX interfaces not displayed in op-mode

  • T3914 (bug): VRRP rfc3768-compatibility doesn’t work with unicast peers


  • T3924 (bug): VRRP stops working with VRF


  • T4141 (bug): Set high-availability vrrp sync-group without members error


  • T4065 (bug): IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory

  • T4052 (bug): Validator return traceback on VRRP configuration with the script path not in config dir

  • T4128 (bug): keepalived: Upgrade package to add VRF support


  • T4081 (bug): VRRP health-check script stops working when setting up a sync group


  • T2922 (bug): The vpn ipsec logging log-modes miss the IPSec daemons state check

  • T2695 (bug): Flow-accounting bug with subinterfaces

  • T2400 (default): OpenVPN: dont restart server if no need

  • T4086 (default): system login banner is not removed on deletion.


  • T3380 (bug): “show vpn ike sa” does not display IPv6 peers

  • T2933 (feature): VRRP add option virtual_ipaddress_excluded


  • T2566 (bug): sstp not able to run tunnels ipv6 only

  • T4093 (bug): SNMPv3 snmpd.conf generation bug

  • T2764 (enhancment): Increase maximum number of NAT rules


  • T4104 (bug): RAID1: “add raid md0 member sda1” does not restore boot sector


  • T4101 (bug): commit-archive: Use of uninitialized value $source_address in concatenation

  • T4055 (feature): Add VRF support for HTTP(S) API service


  • T3854 (bug): Missing op-mode commands for conntrack-sync


  • T4092 (bug): IKEv2 mobike commit failed with DMVPN nhrp

  • T3354 (default): Convert strip-private script from Perl to Python


  • T3356 (feature): Script for remote file transfers


  • T4053 (bug): VRRP impossible to set scripts out of the /config directory

  • T4013 (bug): Add pkg cloudwatch for AWS images

  • T3913 (bug): VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2


  • T4088 (default): Fix typo in login banner


  • T3912 (default): Use a more informative default post-login banner


  • T3176 (bug): Ordering of ports on EdgeCore SAF51015I is mixed up?

  • T4059 (bug): VRRP sync-group transition script does not persist after reboot


  • T4046 (feature): Sflow - Add Source address parameter

  • T2615 (default): Provide an explicit option for server fingerprint in commit archive, and make insecure the default

  • T4076 (enhancment): Allow setting CORS options in HTTP API

  • T3378 (bug): commit-archive source-address broken for IPv6 addresses


  • T4077 (bug): op-mode: bfd: drop “show protocols bfd” in favour of “show bfd”

  • T4073 (bug): “show protocols bfd peer <>” shows incorrect peer information.


  • T4071 (feature): Allow HTTP API to bind to unix domain socket


  • T4036 (bug): VXLAN incorrect raiseError if set multicast network instead of singe address


  • T4068 (feature): Python: ConfigError should insert line breaks into the error message


  • T4033 (bug): VRRP - Error security when setting scripts

  • T4064 (bug): IP address for vif is not removed from the system when deleted in configuration

  • T4063 (bug): VRRP log error - /usr/libexec/vyos/vyos-vrrp-conntracksync.sh - No such file or directory

  • T4060 (enhancment): Extend configquery for use before boot configuration is complete


  • T4024 (bug): Access-lists and prefix-lists disappear when setting ldp hello-ipv4-interval


  • T4041 (servicerequest): “transition-script” doesn’t work on “sync-group”


  • T4012 (feature): Add VRF support for TFTP


  • T4034 (bug): “make xcp-ng-iso” still includes vyos-xe-guest-utilities

  • T2076 (feature): RAID install: sfdisk change-id is deprecated in favor of –part-type

  • T1126 (bug): Reusing a RAID from a BIOS install in an EFI install causes a failure to boot


  • T4049 (feature): support command-style output with compare command

  • T4047 (bug): Wrong regex validation in XML definitions

  • T4045 (bug): Unable to “format disk <new> like <old>”


  • T4035 (bug): Geneve interfaces aren’t displayed by operational mode commands


  • T3695 (bug): OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues


  • T3725 (feature): show configuration in json format


  • T2661 (bug): SSTP wrong certificates check

  • T3946 (enhancment): Automatically resize the root partition if the drive has extra space


  • T3999 (bug): show lldp neighbor Traceback error


  • T4019 (bug): Smoketests for SSTP and openconnect fails


  • T4005 (feature): Feature Request: IPsec IKEv1 + IKEv2 for one peer


  • T4015 (feature): Update Accel-PPP to a newer revision

  • T1083 (feature): Implement persistent/random address and port mapping options for NAT rules


  • T3990 (bug): WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)


  • T4004 (bug): IPsec ike-group parameters are not saved correctly (after reboot)


  • T4003 (bug): API for “show interfaces ethernet” does not include the interface description

  • T4011 (bug): ethernet: deleting interface should place interface in admin down state


  • T3995 (feature): OpenVPN: do not stop/start service on configuration change

  • T4008 (feature): dhcp: change client retry interval form 300 -> 60 seconds

  • T3795 (bug): WWAN: issues with non connected interface / no signal


  • T3350 (bug): OpenVPN config file generation broken

  • T3996 (bug): SNMP service error in log


  • T3934 (bug): Openconnect VPN broken: ocserv-worker general protection fault on client connect

  • T3724 (feature): Allow setting host-name in l2tp section of accel-ppp


  • T3974 (bug): route-map commit fails if interface does not exist


  • T1349 (bug): L2TP remote-access vpn terminated and not showing as connected

  • T1058 (default): hw-id is ignored when naming interfaces

  • T914 (feature): Extend list_interfaces.py to support multiple interface types

  • T688 (enhancment): Move component versions used for config migration purposes into vyos-1x


  • T3982 (bug): DHCP server commit fails if static-mapping contains + or .


  • T3962 (bug): Image cannot be built without open-vm-tools

  • T2088 (bug): Increased boot time from 1.2.4 -> 1.3 rolling by 100%

  • T2136 (bug): XML command definition convertor doesn’t disallow tag nodes with multi flag on


  • T2874 (feature): Add MTU and TCP-MSS discovery tool

  • T3626 (bug): Configuring and disabling DHCP Server


  • T3971 (feature): Ability to build ISO images for XCP-NG hypervisor

  • T3514 (bug): NIC flap at any interface change


  • T3972 (bug): Removing vif-c interface raises KeyError


  • T3964 (bug): SSTP: local-user static-ip CLI node accepts invalid IPv4 addresses


  • T3610 (bug): DHCP-Server creation for not primary IP address fails


  • T3846 (bug): dmvpn configuration not reapllied after “restart vpn”

  • T3956 (bug): GRE tunnel - unable to move from source-interface to source-address, commit error


  • T3945 (feature): Add route-map for bgp aggregate-address

  • T3341 (bug): Wrong behavior of the “reset vpn ipsec-peer XXX tunnel XXX” command

  • T3954 (bug): FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error

  • T3943 (bug): “netflow source-ip” prevents image upgrades if IP address does not exist locally


  • T3942 (feature): Generate IPSec debug archive from op-mode


  • T3941 (bug): “show vpn ipsec sa” shows established time of parent SA not child SA’s


  • T3944 (bug): VRRP fails over when adding new group to master


  • T3935 (bug): Update from rc5 to EPA2 failed


  • T3188 (bug): Tunnel local-ip to dhcp-interface Change Fails to Update


  • T3920 (bug): dhclient exit hook script 01-vyos-cleanup causes too many arguments error

  • T3926 (bug): strip-private does not sanitize “cisco-authentication” from NHRP configuration

  • T3925 (feature): Tunnel: dhcp-interface not implemented - use source-interface instead

  • T3927 (feature): Kernel: Enable kernel support for HW offload of the TLS protocol


  • T3922 (bug): NHRP: delete fails

  • T3918 (bug): DHCPv6 prefix delegation incorrect verify error

  • T3921 (bug): tunnel: KeyError when using dhcp-interface


  • T3396 (bug): syslog can’t be configured with an ipv6 literal destination in 1.2.x

  • T690 (feature): Allow OpenVPN servers to push routes with custom metric values


  • T3786 (bug): GRE tunnel source address error

  • T3425 (bug): Scripts from the /config/scripts/ folder do not run on live system

  • T3217 (default): Save FRR configuration on each commit

  • T3076 (bug): Router reboot adds unwanted ‘conntrack-sync mcast-group ‘’’ line to configuration

  • T2800 (bug): Pseudo-Ethernet: source-interface must not be member of a bridge

  • T3422 (bug): Dynamic DNS doesn’t allow zone field with cloudflare protocol

  • T3381 (bug): Change GRE tunnel failed

  • T3254 (bug): Dynamic DNS status shows incorrect last update time

  • T3253 (bug): rpki: multiple peers cannot be configured

  • T3219 (default): Typo in openvpn server client config for IPv6 iroute

  • T2100 (feature): BGP route adverisement wih checks rib

  • T1663 (enhancment): T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing

  • T1243 (bug): BGP local-as accept wrong values

  • T770 (bug): Bonded interfaces get updated with incorrect hw-id in config.

  • T697 (bug): Clean up and sanitize package dependencies

  • T3837 (default): OpenConnect: Fix typo in help property

  • T1440 (bug): Creating two DHCPv6 shared-network-names with the same subnet is allowed, causes dhcpd to fail to start.


  • T3879 (bug): GPG key verification fails when upgrading from a 1.3 beta version

  • T3851 (bug): Missing ospf and rip options for bridge vifs


  • T3904 (bug): NTP pool associations silently fail

  • T3277 (feature): DNS Forwarding - reverse zones


  • T2607 (feature): Support for pppoe-server radius mode auth and config radius accouting port


  • T3750 (bug): pdns-recursor 4.4 issue with dont-query and private DNS servers

  • T3885 (default): dhcpv6-pd: randomly generated DUID is not persisted

  • T3899 (enhancment): Add support for hd44780 LCD displays


  • T3894 (bug): Tunnel Commit Failed if system does not have eth0


  • T3893 (bug): MGRE Tunnel commit crash If sit tunnel available


  • T3888 (bug): Incorrect warning when poweroff command executed from configure mode.

  • T3890 (feature): dhcp(v6): provide op-mode commands to retrieve both server and client logfiles

  • T3889 (feature): Migrate to journalctl when reading daemon logs


  • T3880 (bug): EFI boot shows error on display


  • T3882 (feature): Upgrade PowerDNs recursor to 4.5 series

  • T3883 (bug): VRF - Delette vrf config on interface


  • T3877 (bug): VRRP always enabled rfc3768-compatibility even when not specified


  • T3874 (bug): D-Link Ethernet Interface not working.


  • T3858 (bug): Deleting OSPFv3 process yields: Unknown command: no router-id


  • T3860 (bug): Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses

  • T3857 (feature): reboot: send wall message to all users for information

  • T3867 (bug): vxlan: multicast group address is not validated

  • T3859 (bug): Add “log-adjacency-changes” to ospfv3 process


  • T3850 (bug): Dots are no longer allowed in SSH public key names


  • T2602 (bug): pptp/sstp/l2tp add possibility enable or disable CCP


  • T3841 (feature): dhcp-server: add ping-check option to CLI

  • T2738 (bug): Modifying configuration in the “interfaces” section from VRRP transition scripts causes configuration lockup and high CPU utilization

  • T3842 (feature): Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus

  • T3840 (feature): dns forwarding: Cache size should allow values > 10k

  • T3672 (bug): DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output


  • T3402 (feature): Add VyOS programming library for operational level commands

  • T3275 (default): Disable conntrack helpers by default


  • T3802 (bug): Commit fails if ethernet interface doesn’t support flow control

  • T3819 (bug): Upgrade Salt Stack 3002.3 -> 3003 release train

  • T3421 (bug): MTR/Traceroute broken in 1.3-beta

  • T3820 (feature): PowerDNS recursor - update from 4.3 -> 4.4 to sync with current

  • T1770 (bug): webproxy breaks commit and http access on routed client

  • T915 (feature): MPLS Support


  • T3816 (bug): Error after entering outbound-interface command in NAT

  • T3814 (bug): wireguard: commit error showing incorrect peer name from the configured name

  • T3805 (bug): OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface


  • T2322 (bug): CLI [op-mode] bugs. Root task

  • T1894 (bug): FRR config not loaded after daemons segfault or restart

  • T3807 (bug): Op Command “show interfaces wireguard” does not show the output

  • T3808 (default): ipsec is mistakenly restarted after delete


  • T3806 (bug): Don’t set link local ipv6 address if MTU less then 1280

  • T3803 (default): Add source-address option to the ping CLI

  • T3431 (bug): Show version all bug

  • T3362 (bug): 1.3 - RC1 ifb redirect failing to commit

  • T3291 (bug): Fault on setting offload RPS with single-core CPU

  • T2920 (bug): Commit crash when adding the second mGRE tunnel with the same key

  • T2895 (bug): VPN IPsec “leftsubnet” declared 2 times

  • T2019 (bug): LLDP wrong config generation for interface ‘all’


  • T3804 (feature): cli: Migrate and merge “system name-servers-dhcp” into “system name-server”


  • T3697 (bug): Impossible to delete IPsec completely

  • T3619 (bug): Performance Degradation 1.2 –> 1.3 | High ksoftirqd CPU usage

  • T1785 (bug): Deleting partitions on disks (Raid1) with default value ‘no’


  • T3788 (bug): Keys are not allowed with ipip and sit tunnels

  • T3683 (bug): VXLAN not accept ipv6 and source-interface options and mtu bug

  • T3634 (feature): Add op command option for ping for do not fragment bit to be set


  • T3792 (bug): login: A hypen present in a username from “system login user” is replaced by an underscore

  • T3790 (bug): Does not possible to configure PPTP static ip-address to users


  • T2434 (bug): Duplicate Address Detection Breaks Interfaces


  • T3789 (feature): Add custom validator for base64 encoded CLI data

  • T3782 (default): Ingress Shaping with IFB No Longer Functional with 1.3


  • T3777 (bug): adding IPv6 EUI64 address fails commit in 1.3.0-rc6

  • T3768 (default): Remove early syntaxVersion implementation

  • T2558 (feature): Add some CPU information to show version + fix broken hypervisor detection

  • T2430 (default): cannot delete specific route static next-hop

  • T1350 (bug): VRRP transition script will be executed once only

  • T2941 (default): Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py

  • T3787 (bug): Remove deprecated UDP fragmentation offloading option

  • T3677 (feature): “sipcalc” not included in 1.3


  • T3708 (bug): isisd and gre-bridge commit error

  • T3783 (bug): “set protocols isis spf-delay-ietf” is not working

  • T2750 (default): Use m4 as a template processor


  • T3182 (bug): Main blocker Task for FRR 7.4/7.5 series update

  • T2108 (default): Use minisign/signify instead of GPG for release signing


  • T3781 (bug): Revert the NAT implementation in 1.3 back to iptables

  • T3776 (default): Rename FRR daemon restart op-mode commands

  • T3779 (feature): Backport all 1.4 IS-IS features and configuration to 1.3 except VRF


  • T3773 (bug): Delete the “show system integrity” command (to prepare for a re-implementation)

  • T1514 (default): Add ability to restart frr processes


  • T3772 (bug): VRRP virtual interfaces are not shown in show interfaces


  • T2555 (bug): XML op-mode generation scripts silently discard XML nodes


  • T3682 (bug): Remove running dhclient from ether-resume.py

  • T3681 (default): The VMware Tools resume script did not run successfully in this virtual machine.


  • T1950 (default): Store VyOS configuration syntax version data in JSON file


  • T2759 (bug): validate-value prints error messages from validators that fail even if overall validation succeeds

  • T3234 (bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions

  • T3732 (feature): override-default helper should support adding defaultValues to default less nodes

  • T3574 (default): Add constraintGroup for combining validators with logical AND

  • T1962 (default): Add syntax version to schema


  • T2525 (bug): OSPFv3 missing route map, not establishing

  • T508 (bug): ISC DHCP incorrect UDP checksum generation

  • T1643 (bug): Deleting all firewall zones failed and locked out box

  • T1550 (bug): Add support for Large BGP Community show commands


  • T3738 (default): openvpn fails if server and authentication are configured

  • T1594 (bug): l2tpv3 error on IPv6 local-ip


  • T3756 (default): VyOS generates invalid QR code for wireguard clients


  • T3745 (feature): op-mode IPSec show vpn ipse sa sorting

  • T521 (bug): Network services may fail if vyatta-router.service startup takes longer than a few seconds


  • T3740 (bug): HTTPs API breaks when the address is IPv6


  • T3731 (bug): verify_accel_ppp_base_service return wrong config error for SSP

  • T3405 (feature): PPPoE server unit-cache

  • T2432 (default): dhcpd: Can’t create new lease file: Permission denied

  • T3746 (feature): Inform users logging into the system about a pending reboot

  • T3744 (default): Dns forwarding statistics formatting missing a new line


  • T3730 (bug): op-mode conntrack-sync miss some functions


  • T1501 (bug): VPN Commit Errors


  • T2027 (bug): get_config_dict is failing when the configuration section is empty/missing

  • T169 (feature): Image install should put correct serial console device in created GRUB menu entry


  • T548 (feature): BGP IPv6 multipath support


  • T1153 (bug): VyOS 1.2.0RC10, RAID-1, fresh install, unable to save config


  • T696 (feature): Rewrite conntrack sync to XML


  • T3704 (feature): Add ability to interact with Areca RAID adapers

  • T320 (default): OSPF does not redistribute connected routes associated with virtual tunnel interfaces


  • T2623 (bug): Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”

  • T2161 (default): snmpd cannot start if ipv6 disabled

  • T3601 (default): Error in ssh keys for vmware cloud-init if ssh keys is left empty.


  • T3707 (bug): Ping incorrect ip host checks


  • T3716 (feature): Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections

  • T1626 (bug): BGP exchanges prefixes without specified address-family


  • T1176 (default): FRR - BGP replicating routes

  • T1123 (bug): Inconsistency in community-list naming validation


  • T2931 (bug): Unicode decode error causes vyos.configd service to restart

  • T2727 (bug): Add a dotted decimal value validator

  • T2328 (default): dhcpv6 server not starting (disable check reversed?)

  • T1758 (default): Switch vyos.config to libvyosconfig

  • T954 (bug): Using the subnet on other interfaces breaks L2TP/IPSec


  • T3699 (bug): login: verify selected “system login user” name is not already used by the base system.


  • T3689 (bug): static ipv6 route doesn’t deleted in some cases

  • T3685 (feature): IPv6 PBR doesn’t allow setting of an egress interface


  • T3691 (bug): GRETAP: key is not applied when interface is created


  • T3679 (default): Point the unexpected exception message link to the new rolling release location


  • T3665 (bug): Missing VRF support for VxLAN but already documented


  • T3660 (feature): Conntrack-Sync configuration command to specify destination udp port for peer


  • T3658 (feature): Add support for dhcpdv6 fixed-prefix6


  • T3593 (bug): PPPoE server called-sid format does not work


  • T3650 (bug): OpenVPN: Upgrade package to 2.5.1 before releasing VyOS 1.3.0

  • T3649 (feature): Add bonding additional hash-policy


  • T2722 (bug): get_config_dict() and key_mangling=(‘-’, ‘_’) will alter CLI data for tagNodes


  • T3629 (bug): IPoE server shifting address in the range


  • T3637 (bug): vrf: bind-to-all didn’t work properly


  • T3633 (feature): Add LRO offload for interface ethernet


  • T3631 (feature): route-map: migrate “set extcommunity-rt” and “set extcommunity-soo” to “set extcommunity rt|soo” to match FRR syntax


  • T2425 (feature): Rewrite all policy zebra filters to XML/Python style

  • T3630 (feature): op-mode: add “show version kernel” command


  • T3620 (feature): Rename WWAN interface from wirelessmodem to wwan to use QMI interface

  • T3622 (feature): WWAN: add support for APN authentication

  • T3621 (bug): PPPoE interface does not validate if password is supplied when username is set


  • T3250 (bug): PPPoE server: wrong local usernames

  • T3138 (bug): ddclient improperly updated when apply rfc2136 config

  • T2645 (default): Editing route-map action requires adding a new rule


  • T3602 (bug): Renaming BGP Peer Groups Leaves Router Broken

  • T2916 (bug): A state of VTI interface in a configuration does not being processing properly


  • T3605 (default): Allow to set prefer-global for ipv6-next-hop

  • T3607 (feature): [route-map] set ipv6 next-hop prefer-global


  • T3581 (bug): Incomplete command show ipv6 ospfv3 linkstate

  • T3516 (bug): FRR 7.5 adds a second route when you attempt to change a static route distance instead of overwriting the old route

  • T3461 (bug): OpenConnect Server redundancy check

  • T3455 (bug): system users can not be added in “edit”


  • T3592 (feature): Set default TTL 64 for tunnels


  • T406 (bug): VPN configuration error: IPv6 over IPv4 IPsec is not supported when using IPv6 ONLY tunnel.


  • T1866 (bug): Commit archive over SFTP doesn’t work with non-standard ports

  • T3589 (feature): op-mode: support clearing out logfiles from CLI

  • T3508 (bug): Check if there’s enough drive space for an upgrade before downloading an image

  • T1506 (enhancment): commit-archive scp/sftp public key authentication


  • T3135 (bug): BFD configurations fail to be applied

  • T3103 (default): Rewrite parts of vyosfrr.py for readability, logging and to fix mulitiline regex “bugs”

  • T2739 (default): vyos-utils is not compiled with a Jenkins pipeline.

  • T2451 (bug): Cannot use !tcp or !tcp_udp while adding firewall rule

  • T2436 (default): equuleus: Testing: vyos-1x: syntax checking Python scripts in PR

  • T2184 (bug): OpenVPN op_mode tools broken

  • T1944 (bug): FRR: Invalid route in BGP causes update storm, memory leak, and failure of Zebra


  • T1579 (feature): Rewrite all interface types in new XML/Python style


  • T2629 (bug): VXLAN interfaces don’t actually allow you to configure most settings

  • T2617 (feature): Rewrite vyatta-op-quagga “show” to XML

  • T2512 (feature): vyatta-op-quagga [show ip] to XML format

  • T1905 (default): Update to Keepalived 2.0.19

  • T2669 (bug): DHCP-server overlapping ranges.


  • T3558 (default): autocomplete options for dhcp-interface is not showing for the static route command

  • T3540 (bug): Keepalived memory utilisation issue when constantly getting its state in JSON format

  • T2807 (feature): IPv6 Link-Local Address - Automatically generation/configuration on GRE Interfaces


  • T3575 (bug): pseudo-ethernet: must check source-interface MTU

  • T3571 (bug): Broken Show Tab Complete

  • T3576 (bug): ISIS does not support IPV6


  • T3570 (default): Prevent setting of a larger MTU on child interfaces

  • T3572 (feature): Basic Drive Diagnostic Tools


  • T3554 (feature): Add area-type stub for ospfv3


  • T3562 (feature): Update Accel-PPP to a newer revision

  • T3559 (feature): Add restart op-command for OpenConnect Server


  • T3525 (default): VMWare resume script syntax errors

  • T2462 (default): LLDP op-mode exception: IndexError: list index out of range


  • T3549 (bug): DHCPv6 “service dhcpv6-server global-parameters name-server” is not correctly exported to dhcpdv6.conf when multiple name-server entries are present

  • T3532 (bug): Not possible to change ethertype after interface creation

  • T3550 (bug): Router-advert completion typo

  • T3547 (feature): conntrackd: remove deprecated config options

  • T3535 (feature): Rewrite vyatta-conntrack-sync in new XML and Python flavor

  • T2049 (feature): Update strongSwan cipher suites list for IPSec settings


  • T3346 (bug): nat 4-to-5 migration script fails when a ‘source’ or ‘destination’ node exists but there are no rules

  • T3248 (default): Deal with VRRP mode-force command that exists in 1.2 but not in 1.3

  • T3426 (default): add support for script arguments to vyos-configd


  • T3544 (feature): DHCP server should validate configuration before applying it

  • T3543 (feature): Support for setting lacp_rate on LACP bonded interfaces


  • T3302 (default): Make vyos-configd relay stdout from scripts to the user’s console


  • T3526 (bug): Smoketest policy fail in CI


  • T3528 (bug): Frr 7.5.1 uses ‘seq’ for community-lists


  • T3517 (bug): FRR 7.5 bfd behavior for 1.3


  • T1171 (bug): 1.2.0 epa2 - IPsec VPN initiation


  • T3519 (bug): Cannot add / assign L2TPv3 to vrf


  • T3379 (feature): Add global-parameters name-server for dhcpv6-server

  • T3491 (default): Change Kernel HZ to 1000


  • T3170 (default): Add a sanity check for empty node.def files


  • T3502 (bug): “system ip multipath layer4-hashing” doesn’t work

  • T3029 (bug): Generated NGINX configuration is wrong for the redirection (http -> https)

  • T3156 (feature): Add op and additional conf commands for ISIS

  • T2012 (feature): Global PBR

  • T1314 (feature): Allow BGP on unnumbered interfaces


  • T2946 (bug): Calling ‘stty_size’ causes show interfaces API to fail


  • T3468 (bug): Tunnel interfaces aren’t suggested as being available for bridging (regression)

  • T1802 (feature): Wireguard QR code in cli for mobile devices


  • T3290 (bug): Disabling GRE conntrack module fails


  • T3481 (default): Exclude tag node values from key mangling

  • T3475 (bug): XML dictionary cache unable to process syntaxVersion elements


  • T3386 (bug): PPPoE-server don’t start with local authentication


  • T3055 (bug): op-mode incorrect naming for ipsec policy-based tunnels


  • T3454 (enhancment): dhclient reject option


  • T1612 (default): dhcp-server time-offset fails to validate

  • T3438 (bug): VRF: removing vif which belongs to a vrf, will delete the entire vrf from the operating system

  • T3418 (bug): BGP: system wide known interface can not be used as neighbor


  • T3457 (feature): Output the “monitor log” command in a colorful way


  • T3445 (bug): vyos-1x build include not all nodes


  • T2639 (feature): sort output of show vpn ipsec sa


  • T3284 (bug): merge/load fail silently if unable to resolve host


  • T3416 (bug): NTP: when running inside a VRF op-mode commands do not work


  • T3392 (bug): vrrp over dhcp default route bug (unexpected vrf)

  • T3373 (feature): Upgrade to SaltStack version 3002.5

  • T3329 (default): “system conntrack ignore” rules can no longer be created due to an iptables syntax change

  • T3300 (feature): Add DHCP default route distance

  • T3306 (feature): Extend set route-map aggregator as to 4 Bytes


  • T3411 (default): Extend the redirect_stdout context manager in vyos-configd to redirect stdout from subprocesses

  • T3271 (bug): qemu-kvm grub issue


  • T3413 (bug): Configuring invalid IPv6 EUI64 address results in “OSError: illegal IP address string passed to inet_pton”


  • T2271 (feature): OSPF: add per VRF instance support

  • T175 (feature): Add source route option to VTI interfaces


  • T3406 (bug): tunnel: interface no longer supports specifying encaplimit none - or migrator is missing

  • T3407 (bug): console-server: do not allow to spawn a console-server session on serial port used by “system console”


  • T3399 (bug): RPKI: dashes in hostnames are replaced with underscores when rendering the FRR config

  • T3305 (bug): Ingress qdisc does not work anymore in 1.3-rolling-202101 snapshot

  • T2927 (bug): isc-dhcpd release and expiry events never execute

  • T899 (bug): Tunnels cannot be moved from one bridge to another

  • T786 (feature): new style xml and conf-mode scripts: posibillity to add tagNode value as parameter to conf-script


  • T3382 (bug): Error creating Console Server


  • T3387 (bug): Command “Monitor vpn ipsec” is not working


  • T3319 (bug): VXLAN uses ttl 1 (auto) by default

  • T3391 (feature): Add CLI support for specifying maximum-paths per address family ipv4 unicast and ipv6 unicast

  • T3211 (feature): ability to redistribute ISIS into other routing protocols


  • T2659 (feature): Add fastnetmon (DDoS detection) support


  • T2861 (bug): route-map “set community additive” not working correctly


  • T2966 (feature): tunnel: add new encapsulation types ip6tnl and ip6gretap


  • T3342 (bug): On xen-netback interfaces must set “scattergather” offload before MTU>1500


  • T3370 (bug): dhcp: Invalid domain name “private”

  • T3369 (feature): VXLAN: add IPv6 underlay support


  • T2291 (bug): Bad hostnames in /etc/hosts with static-mapping in dhcp server config

  • T3364 (feature): tunnel: cleanup/rename CLI nodes

  • T3368 (feature): macsec: add support for gcm-aes-256 cipher

  • T3366 (bug): tunnel: can not change local / remote ip address for gre-bridge tunnel

  • T3173 (feature): Need ‘nopmtudisc’ option for tunnel interface


  • T3357 (default): HTTP-API redirect from http correct https port


  • T3303 (feature): Change welcome message on boot


  • T3163 (feature): ethernet ring-buffer can be set with an invalid value


  • T3326 (bug): OSPFv3: Cannot add L2TPv3 interface


  • T3259 (default): many dnat rules makes the vyos http api crash, even showConfig op timeouts


  • T3047 (bug): OSPF : virtual-link and passive-interface default parameters does not work together

  • T3312 (feature): SolarFlare NICs support


  • T3318 (feature): Update Linux Kernel to v5.4.208 / 5.10.135


  • T2152 (bug): ddclient has bug which prevents use_web from being used

  • T3308 (feature): BGP: add gracefull shutdown support


  • T3028 (feature): Create a default user when metadata is not available (for Cloud-init builds)

  • T2867 (feature): Cleanup DataSourceOVF.py in the Cloud-init

  • T2726 (feature): Allow to use all supported SSH key types in Cloud-init

  • T2403 (feature): Full support for networking config in Cloud-init

  • T2387 (feature): Create XML scheme for [conf_mode] BGP

  • T2174 (feature): Rewrite protocol BGP to new XML/Python style

  • T1987 (bug): A default route can be deleted by dhclient-script in some cases

  • T723 (feature): Add support for first boot or installation time saved config modification

  • T1775 (bug): Cloud-init not running userdata runcmd

  • T1389 (feature): Add support for NoCloud cloud-init datasource

  • T1315 (feature): Allow BGP to use address-family l2vpn evpn


  • T2638 (default): FRR: New framework for configuring FRR


  • T3295 (feature): Update Linux Kernel to v5.4.96 / 5.10.14


  • T3293 (bug): RPKI migration script errors out after CLI rewrite


  • T3285 (feature): Schedule reboots through systemd-shutdownd instead of atd

  • T661 (feature): Show a warning if the router is going to reboot soon (due to “commit-confirm” command)


  • T2450 (feature): Rewrite “protocols vrf” tree in XML and Python

  • T208 (feature): Ability to ignore default-route from dhcpcd per interface


  • T3239 (default): XML: override ‘defaultValue’ for mtu of certain interfaces; remove workarounds

  • T2910 (feature): XML: generator should support override of variables

  • T2873 (bug): “show nat destination translation address” doesn’t filter at all


  • T3018 (bug): Unclear behaviour when configuring vif and vif-s interfaces

  • T3255 (default): Rewrite protocol RPKI to new XML/Python style


  • T3268 (feature): Add VRF support to VIF-S interfaces

  • T3274 (default): ask_yes_no() doesn’t handle EOFError


  • T3276 (feature): Update Linux Kernel to v5.4.94 / 5.10.12


  • T3269 (bug): VIF-C interfaces don’t verify configuration

  • T3240 (feature): Support per-interface DHCPv6 DUIDs

  • T3273 (default): PPPoE static default-routes deleted on interface down when not added by interface up


  • T3262 (bug): DHCPv6 client runs when dhcpv6-options is configured without requesting an address or PD

  • T3261 (bug): Does not possible to disable pppoe client interface.


  • T3257 (feature): tcpdump supporting complete protocol

  • T3110 (bug): Broken pipe in show interfaces

  • T651 (enhancment): Split CI’ed, VyOS-specific packages and other packages into separate repos

  • T597 (enhancment): Code testing on sonarcloud.com

  • T516 (default): Make Python / XML code development more testable

  • T625 (default): Lack of IKEv1 lifetime negotiation

  • T613 (bug): Missing linux-kbuild

  • T505 (bug): Hostapd cannot log


  • T3251 (bug): PPPoE client trying to authorize with the wrong username

  • T2859 (bug): show nat source translation - Errors out


  • T3249 (feature): Support operation mode forwarding table output


  • T3230 (bug): RPKI can’t be deleted

  • T3243 (feature): Update Linux Kernel to v5.4.92 / 5.10.10


  • T2761 (feature): Extend “show vrrp” op-mode command with router priority

  • T2679 (feature): VRRP with BFD Failure Detection

  • T3212 (bug): SSH: configuration directory is not always created on boot

  • T3231 (bug): “system option ctrl-alt-delete” has no effect


  • T3222 (bug): Typo in BGP dampening description

  • T2944 (bug): NTP by default listen on any address/interface

  • T3226 (bug): Repair bridge smoke test damage

  • T2442 (enhancment): Move application of STP settings for bridge members from interfaces-bridge.py to Interface.add_to_bridge()

  • T2381 (bug): OpenVPN: openvpn-option parsed/rendered improperly


  • T3215 (bug): Operational command “show ipv6 route” is broken

  • T3172 (bug): Builds sometime after 2020-12-17 have broken routing after reboot

  • T3157 (bug): salt-minion fails to start due to permission error accessing /root/.salt/minion.log

  • T3167 (default): Recurring bugs in Intel NIC drivers

  • T3151 (default): Decide on the final list of packages for 1.3

  • T3137 (feature): Let VLAN aware bridge approach the behavior of professional equipment

  • T3223 (feature): Update Linux Kernel to v5.4.89 / 5.10.7


  • T3210 (feature): ISIS three-way-handshake

  • T3184 (feature): Add correct desctiptions for BGP neighbors

  • T2850 (feature): Add BGP template for FRR


  • T3218 (feature): Replace Intel out-of-tree drivers with Linux Kernel stock drivers.


  • T3186 (bug): NAT: Commit failed when applying negated(!) addresses


  • T3205 (bug): Does not possible to configure tunnel mode gre-bridge


  • T3208 (bug): Does not possible to change user password

  • T3198 (bug): OSPF database filtering issue

  • T3206 (bug): Unable to delete destination NAT rule

  • T3193 (bug): DHCPv6 PD verification issues

  • T3201 (bug): Operational command “show log all” is not working for RADIUS users


  • T3178 (feature): Migrate vyatta-op-quagga to vyos-1x


  • T2467 (bug): Restarting flow accounting fails with systemd error

  • T3199 (feature): Update Linux Kernel to v5.4.88 / 5.10.6


  • T3192 (feature): login: radius: add support for IPv6 RADIUS servers


  • T3169 (enhancment): Reimplement smoke test of span (mirror)

  • T3161 (default): Consider removing ConfigLoad.pm

  • T1398 (default): Remove vyatta-config-migrate package

  • T805 (enhancment): Drop config compatibility with Vyatta Core older than 6.5


  • T3185 (bug): [conf-mode] Wrong CompletionHelp for Tunnel local-ip

  • T2601 (bug): pppoe-server: Cannot disable CCP


  • T3180 (bug): DHCP server raises NameError


  • T2321 (feature): VRF support for SSH, NTP, SNMP service

  • T3177 (bug): Rolling Release no longer reports VMware UUID


  • T3171 (feature): Add CLI option to enable RPS (Receive Packet Steering)


  • T3162 (bug): Wrong PPPoE server pado-delay parameter added to config

  • T3160 (bug): PPPoE server called-sid option defined in wrong section

  • T3168 (feature): Update Linux Kernel to v5.4.86


  • T3082 (bug): multi_to_list must distinguish between values and defaults

  • T1466 (feature): Add EAPOL login support


  • T1732 (feature): Removing vyatta-webproxy module

  • T2666 (feature): Packet Processing with eBPF and XDP

  • T2581 (default): webproxy: implement proxy chaining

  • T563 (feature): webproxy: migrate ‘service webproxy’ to get_config_dict()


  • T3150 (bug): When configuring QoS, the setting procedure of port mirroring is wrong


  • T3143 (bug): OpenVPN server: Push route config format is wrong

  • T3146 (feature): Upgrade FRR from 7.4 -> 7.5 version incl. new libyang

  • T3145 (feature): Update Linux Kernel to v5.4.85

  • T3147 (feature): Upgrade to SaltStack version 3002.2


  • T3142 (bug): OpenVPN op-command completion fails due to missing status file

  • T2940 (feature): Update FRR to 7.4

  • T2573 (bug): BFD op-mode commands are broken

  • T2495 (feature): Add xml for ISIS [conf_mode]

  • T1316 (feature): Support for IS-IS


  • T2619 (bug): Bug: Changes in NAT or ZONES from 1.2 to 1.3


  • T3131 (bug): Typo in ipsec preshared-secret help

  • T3134 (bug): DHCPv6 DUID configuration node missing

  • T3140 (feature): Relax “ethernet offload-options” CLI definition

  • T3132 (feature): Enable egress flow accounting


  • T2810 (default): Docs for vpn anyconnect-server

  • T2036 (default): Open Connect VPN Server () support


  • T3128 (bug): pppoe smoke test failed

  • T3129 (feature): Update Linux Kernel to v5.4.83

  • T3089 (feature): Migrate port mirroring to vyos-1x and support two-way traffic mirroring

  • T3130 (feature): Replace vyos-netplug with upstream debian version


  • T3114 (bug): When the bridge member is a non-ethernet interface, setting VLAN-aware bridge parameters fails


  • T3123 (bug): Configuration of vti interface impossible


  • T3117 (bug): OpenVPN config migration errors upgrading from 1.3-rolling-202010280217 to 1.3-rolling-202012060217


  • T3122 (feature): Update Linux Kernel to v4.19.162

  • T3121 (bug): get_config_dict() and key_mangling=(‘-’, ‘_’) Broke PowerDNS dns_forwarding config file


  • T2562 (bug): VyOS can’t be used as a DHCP server for a DHCP relay


  • T3120 (bug): Python error when deleting nat rule

  • T3119 (feature): migrate “system ip” to get_config_dict() and provide smoketest


  • T2744 (bug): igmp-proxy issue: Address already in use


  • T3108 (bug): Section config overlapped match with FRRConfig

  • T3112 (feature): PPPoE IPv6: remove “enable” node

  • T3100 (feature): Migrate DHCP/DHCPv6 server to get_config_dict()


  • T3105 (bug): static-host-mapping writing in one line

  • T3107 (feature): Update Linux Kernel to v4.19.161

  • T3104 (bug): LLDP Traceback error


  • T3102 (bug): Destination NAT fails to commit

  • T2713 (bug): VyOS must not change permissions on files in /config/auth


  • T3091 (feature): Add “tag” for static route

  • T1207 (feature): DMVPN behind NAT


  • T3095 (feature): Migrate dhcp-relay and dhcpv6-relay to get_config_dict()


  • T2890 (bug): NAT error adding translation address range

  • T2868 (bug): Tcp-mss option in policy calls kernel-panic

  • T3092 (feature): nat: migrate to get_config_dict()


  • T2715 (feature): Duplicate address detection option supporting ARP

  • T2714 (feature): A collection of utilities supporting IPv6 or ipv4

  • T3088 (feature): Migrate IGMP-Proxy over to get_config_dict() and add smoketests


  • T3087 (feature): Update Linux Kernel to v4.19.160


  • T2177 (default): Commit fails on adding disabled interface to bridge

  • T3066 (bug): reboot in - Invalid time

  • T2802 (bug): Tunnel interface does not apply EUI-64 IPv6 Address

  • T2359 (bug): Adding IPIP6 tun interface to bridge [conf_mode] errors

  • T2357 (bug): GRE-bridge conf_mode errors

  • T2259 (feature): Support for bind vif-c interfaces into VRFs

  • T2205 (bug): “set interface ethernet” fails on Hyper-V

  • T2182 (bug): Failure to commit an IPv6 address on a tunnel interface

  • T2155 (bug): Cannot set anything on Intel 82599ES 10-Gigabit SFI/SFP+

  • T2153 (bug): traceroute circular reference

  • T3081 (bug): get_config_dict() does not honor whitespaces in the CLI values field

  • T3080 (bug): OpenVPN failing silently for a number of reasons in rolling post Nov/02

  • T3074 (bug): OpenVPN site-to-site creates wrong peer address

  • T2542 (bug): OpenVPN client tap interfaces not coming up

  • T3084 (bug): wifi: TypeError on “show interfaces wireless info”


  • T3079 (bug): Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge

  • T3060 (bug): OpenVPN virtual interface not coming up after upgrade


  • T3078 (feature): CLI cleanup: rename “system options” -> “system option”

  • T2997 (feature): DHCP: disallow/do-not-request certain options when requesting IP address from server

  • T3077 (feature): WireGuard: automatically create link-local IPv6 adresses

  • T2550 (default): OpenVPN: IPv4 not working in client mode

  • T3072 (feature): Migrate tunnel interfaces to new get_config_dict() approach

  • T3065 (feature): Add “interfaces wirelessmodem” IPv6 support

  • T3048 (feature): Drop static smp-affinity for a more dynamic way using tuned


  • T3067 (bug): Wireless interface can no longer be added to the bridge after bridge VLAN support

  • T3075 (feature): Update Linux Kernel to v4.19.158


  • T3003 (enhancment): Extend smoketest framework to allow loading an arbitrary config file


  • T3069 (bug): OpenVPN routed networks not available

  • T3038 (feature): Supporting AZERTY keyboards

  • T2993 (bug): op-mode: lldp: show lldp neighbors - AttributeError: ‘str’ object has no attribute ‘items’


  • T3041 (bug): Intel QAT: vyos-1.3-rolling-202011020217-amd64 kernel panic during configure


  • T3063 (feature): Add support for Huawei LTE Module ME909s-120

  • T3059 (bug): L2TPv3 interface: Enforced to shutdown but no command to enable interface permanently


  • T3064 (feature): Update Linux Kernel to v4.19.157


  • T2103 (bug): Abnormal interface names if VIF present


  • T3050 (bug): Broken address/subnet validation on NAT configuration


  • T2914 (bug): OpenVPN: Fix for IPv4 remote-host hostname in client mode:

  • T2653 (feature): “set interfaces” Python handler code improvements - next iteration

  • T311 (feature): DHCP: set client-hostname via CLI


  • T3051 (bug): OpenVPN: multiple client routes do not work in server mode

  • T3046 (bug): openvpn directory is not auto-created

  • T3052 (feature): Update Linux firmware files to 20201022 version

  • T2731 (bug): “show interfaces” returns invalid state when link is down


  • T3049 (feature): Update Linux Kernel to v4.19.155

  • T2994 (feature): Migrate OpenVPN interfaces to get_config_dict() syntax


  • T3043 (feature): Wireless: Refactor CLI

  • T3034 (feature): Add WiFi WPA 3 support

  • T2967 (bug): Duplicate IPv6 BFD peers created

  • T2483 (bug): DHCP most likely not restarting pdns_recursor


  • T3024 (bug): DHCPv6 PD configuration doesn’t really render an expected behavior


  • T3036 (feature): OpenVPN remote-address does not accept IPv6 address

  • T2193 (feature): Display disabled VRRP instances in a show vrrp output


  • T2790 (feature): Add ability to set ipv6 protocol route-map for OSPFv3

  • T3033 (feature): Update Linux Kernel to v4.19.154

  • T2969 (bug): OpenVPN: command_set on interface is not applied, if interface doesn’t come up in commit


  • T2631 (default): l2tp, sstp, pptp add option to disable radius accounting

  • T2630 (feature): Allow Interface MTU over 9000

  • T3027 (bug): Unable to update system Signature check FAILED

  • T2995 (bug): Enhancements/bugfixes for vyos_dict_search()

  • T2968 (feature): Add support for Intel Atom C2000 series QAT


  • T3026 (default): qemu: update script for deprecated ssh_host_port_min/max

  • T2938 (feature): Adding remote Syslog RFC5424 compatibility

  • T2924 (bug): Using ‘set src’ in a route-map invalidates it as part of a subsequent boot-up

  • T2587 (bug): Cannot enable the interface when the MTU is set to less than 1280

  • T2885 (default): configd: print commit errors to config session terminal

  • T2808 (default): Add smoketest to ensure script consistency with config daemon

  • T2582 (default): Script daemon to offload processing during commit

  • T1721 (bug): Recursive Next Hop not updated for static routes


  • T3007 (default): HTTP-API should use config load script, not backend config load

  • T3009 (bug): vpn l2tp remoteaccess require option broken

  • T3010 (bug): ttl option of gre-bridge

  • T3005 (bug): Intel: update out-of-tree drivers, i40e driver warning

  • T3004 (feature): ConfigSession should (optionally) use config load script

  • T2723 (feature): Support tcptraceroute


  • T2978 (bug): IPoE service does not work on shared mode

  • T2906 (bug): OpenVPN: tls-auth missing key direction


  • T2828 (bug): BGP conf_mode error enforce-first-as

  • T2749 (bug): Setting ethx configuration takes a long time

  • T2138 (default): Can’t load archived configs as they are gzipped


  • T2987 (bug): VxLAN not working properly after upgrading to latest October build and with a new installation

  • T2989 (default): MPLS documentation expansion


  • T1588 (bug): VRRP failed to start if any of its interaces not exist

  • T1385 (feature): Allow bonding interfaces to have pseudo-ethernet interfaces

  • T3000 (bug): Mismatch between “prefix-length” and “preference” in dhcp6-server syntax

  • T2992 (feature): Automatically verify sha256 checksum on ISO download

  • T752 (feature): Add an option to disable IPv4 forwarding on specific interface only


  • T2965 (feature): Brief BFD Peer Info

  • T2907 (feature): OpenVPN: Option to disable encryption

  • T2985 (feature): Add glue code to create bridge interface on demand


  • T2980 (bug): FRR bfdd crash due to invalid length

  • T2991 (feature): Update WireGuard to 1.0.20200908

  • T2990 (feature): Update Linux Kernel to v4.19.152

  • T2981 (feature): MPLS LDP neighbor session clear capability

  • T2792 (default): Failed to run sudo make qemu with vyos-build container due to the change of packer


  • T2976 (bug): Client IP pool does not work for PPPoE local users


  • T2951 (bug): Cannot enable logging for monitor nat

  • T2782 (bug): Changing timezone, does not restart rsyslog


  • T2957 (bug): show openvpn not printing anything


  • T2963 (bug): Wireless: WIFI is not password protected when security wpa mode is not defined but passphrase is


  • T2953 (feature): Accel-PPP services CLI config cleanup (SSTP, L2TP, PPPoE, IPoE)

  • T2829 (bug): PPPoE server: mppe setting is implemented as node instead of leafNode

  • T2960 (feature): sstp: migrate to get_config_dict()


  • T2956 (feature): Add support for list of defaultValues

  • T2955 (feature): Update Linux Kernel to v4.19.149


  • T2952 (bug): configd: timeout breaks synchronization of messages, causing freeze


  • T2945 (bug): Interface removed from bridge on setting change

  • T2948 (bug): NAT: OSError when configuring translation address range

  • T2936 (feature): Migrate PPPoE server to get_config_dict() do reduce boilerplate code


  • T2939 (bug): Wireguard Remove Peer Fails


  • T2919 (feature): PPPoE server: Called-Station-Id attribute

  • T2918 (feature): Accounting interim jitter for pppoe, l2tp, pptp, ipoe

  • T2917 (feature): PPPoE server: Preallocate NAS-Port-Id

  • T2937 (feature): Update Linux Kernel to v4.19.148


  • T2930 (feature): Support configuration of MAC address for VXLAN and GENEVE tunnel


  • T2856 (bug): equuleus: show version all throws broken pipe exception on abort

  • T2929 (bug): Upgrading from 1.2 (crux) to 1.3 rolling causes vyos.configtree.ConfigTreeError for RADIUS settings

  • T2928 (bug): MTU less then 1280 bytes and IPv6 will raise FileNotFoundError

  • T2926 (bug): snmp.py missing an import

  • T2912 (feature): When setting MTU check for hardware maximum supported MTU size


  • T2915 (bug): Lost “proxy-arp-pvlan” option for vlan

  • T2925 (feature): Update Linux Kernel to v4.19.147

  • T2921 (feature): Migrate “service dns forwarding” to get_config_dict() for ease of source maintenance


  • T2896 (bug): set ip route dhcp-interface eth0

  • T2923 (bug): Configuring DHCPv6-PD without a interface to delegate to raises TypeError


  • T2846 (bug): ip route doesn’t show longer-prefixes


  • T2904 (feature): 802.1ad / Q-in-Q ethertype default not utilized

  • T2905 (feature): Sync CLI nodes between PPPoE and WWAN interface

  • T2903 (feature): Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value


  • T2894 (bug): bond: lacp: member interfaces get removed once bond interface has vlans configured

  • T2901 (feature): Update Linux Kernel to v4.19.146

  • T2900 (bug): DNS forwarding: invalid warning is shown for “system name-server” or “system name-servers-dhcp” even if present


  • T945 (bug): Unable to change configuration after changing it from script (vbash + script-template)


  • T2886 (bug): RADIUS authentication broken only returns operator level

  • T2887 (bug): WiFi ht40+ channel width is not set in hostaptd.conf


  • T2515 (bug): Ethernet interface is automatically disabled when removing it from bond


  • T2872 (bug): “Show log” for nat and openvpn got intermixed

  • T2301 (bug): Cannot delete PBR

  • T2880 (feature): Update Linux Kernel to v4.19.145

  • T2879 (feature): Cleanup 4.19.144 kernel configuration


  • T2858 (feature): Rewrite dynamic dns client to get_config_dict()

  • T2857 (feature): Cleanup Intel QAT configuration script

  • T2877 (feature): LACP / bonding: support configuration of minimum number of links


  • T2863 (default): Wireguard IPv6 Link-Local Addresses Are Not Unique

  • T2876 (feature): Update Linux Kernel to v4.19.144


  • T2870 (feature): Update Linux Kernel to v5.8.8


  • T2728 (bug): Protocol option ignored for IPSec peers in transport mode

  • T1934 (default): Change default hostname when deploy from OVA without params.

  • T1953 (bug): DDNS service name validation rejects valid service names


  • T1729 (default): PIM (Protocol Independent Multicast) implementation


  • T2860 (bug): Update Accel-PPP to fix l2tp CVE


  • T2833 (bug): RIP outgoing update filter list no longer operational

  • T2849 (bug): vyos.xml.defaults should return a list on multi nodes, by default


  • T2636 (bug): get_config_dict() shall always return a list on <multi/> nodes


  • T2843 (feature): Upgrade Linux Kernel to 5.8 series

  • T2814 (default): kernel 5.1+ : NAT : module nft_chain_nat_ipv4 renamed

  • T2839 (feature): Upgrade WireGuard user-space tools and Kernel module

  • T2842 (feature): Replace custom “wireguard, wireguard-tools” package with debian-backports version


  • T2836 (default): show system integrity broken in 1.3


  • T2126 (bug): show vpn ipsec sa IPSec - Process NOT Running

  • T2813 (bug): NAT: possible to commit illegal source nat without translation

  • T1463 (bug): Missing command show ip bgp scan appears in command completion


  • T2832 (feature): Migrate vyos-smoketest content into vyos-1x


  • T2830 (default): Migrate “service https” to use get_config_dict()

  • T2831 (feature): Update Linux Kernel to v4.19.142


  • T2826 (bug): frr: frr python lib error in replace_section


  • T2423 (bug): Loadkey scp ssh key errors


  • T2811 (bug): Cannot delete vpn anyconnect

  • T2823 (bug): VXLAN has state A/D after configuration

  • T2812 (default): Add basic smoketest for anyconnect


  • T2822 (feature): Update Linux Kernel to v4.19.141

  • T2821 (feature): Support DHCPv6-PD without “address dhcpv6”

  • T2677 (feature): Proposal for clearer DHCPv6-PD configuration options


  • T2209 (bug): Documentation has reference to the old ‘user x level admin’ option

  • T1665 (default): prefix-list and prefix-list6 rules incorrectly accept a host address where prefix is required

  • T2815 (default): Move certbot config directory under /config/auth


  • T2794 (bug): op-mode: lldp: “show lldp neighbors” IndexError: list index out of range

  • T2791 (feature): “monitor traceroute” has no explicit IPv4/IPv6 support

  • T1515 (bug): FRR ospf6d crashes when performing: “show ipv6 ospfv3 database”


  • T2277 (bug): dhclient-script-vyos does not support VRFs

  • T2090 (default): Deleting ‘service salt-minion’ causes python TypeError


  • T2797 (feature): Update Linux Kernel to v4.19.139

  • T2796 (bug): PPPoE-Server: listen interface is mandatory but validation check is missing


  • T2795 (bug): console server fails to commit


  • T2786 (bug): OSPF Interface Cost

  • T2325 (bug): NHRP op-mode errors with missing daemon socket

  • T2227 (feature): MPLS documentation

  • T2767 (bug): The interface cannot be disabled for network enabled configuration

  • T2316 (bug): DHCP-server op-mode errors


  • T2779 (bug): LLDP: “show lldp neighbors interface” does not yield any result

  • T2379 (bug): DHCPv6 address for interface deletion triggers a script error

  • T2784 (default): Remove unused arg from host_name.py functions verify and get_config


  • T2780 (feature): Update Linux Kernel to v4.19.138


  • T2716 (bug): Shaper-HFSC shapes but does not control latency correctly

  • T2497 (default): Cache config string during commit

  • T2501 (bug): Cannot recover from failed boot config load

  • T1974 (feature): Allow route-map to set administrative distance

  • T1949 (bug): Multihop IPv6 BFD is unconfigurable


  • T2758 (bug): router-advert: ‘infinity’ is not a valid integer number

  • T2637 (bug): Vlan is not removed from the system

  • T1287 (bug): No DHCPv6 leases reported for “show dhcpv6 client leases”


  • T2241 (default): Changing settings on an interface causes it to fall out of bridge

  • T2757 (bug): “show system image version” contains additional new-line character breaking output

  • T1826 (bug): Misleading message on “reboot at” command

  • T1511 (default): Rewrite ethernet setup scripts to python

  • T1600 (default): Convert ‘ping’ operation from vyatta-op to new syntax

  • T1486 (bug): Unknown LLDP version reported to peers

  • T1414 (enhancment): equuleus: buster: 10-unmountfs.chroot fail under apply

  • T1076 (bug): SSH: make configuration (sshd_config) volatile and store it to /run

  • T2724 (feature): Support for IPv6 Toolset

  • T2323 (bug): LLDP: “show lldp neighbors detail” returns warnings when service is not configured

  • T1754 (bug): DHCPv6 client is impossible to restart


  • T2756 (feature): Accel-PPP: make RADIUS accounting port configurable


  • T2752 (bug): Exception when configuring unavailable ethernet interface

  • T2751 (feature): Update Linux Kernel to v4.19.136

  • T2753 (feature): Rewrite “add system image” op mode commands in XML

  • T2690 (feature): Add VRF support to the add system image command


  • T2746 (feature): IPv6 link-local addresses not configured

  • T2678 (bug): High RAM usage on SSH logins with lots of IPv6 routes in the routing table.

  • T2701 (bug): vpn ipsec pfs enable doesn’t work with IKE groups

  • T2745 (feature): router-advert: migrate to get_config_dict()


  • T2743 (feature): WireGuard: move key migration from config script to migration script

  • T2742 (feature): mDNS repeater: migrate to get_config_dict()


  • T1117 (feature): ‘show ipv6 bgp route-map’ missing

  • T928 (feature): Add support for PIM (Protocol-Independent Multicast)


  • T2729 (feature): Pseudo-ethernet replace fail message

  • T1249 (feature): multiple PBR rules can set to a single interface

  • T1956 (feature): PPPoE server: support PADO-delay

  • T1295 (feature): FRR: update documentation

  • T1222 (bug): OSPF routing problem - route looping

  • T1158 (bug): Route-Map configuration dropped updating rc11 to epa2

  • T1130 (bug): Deleting BGP communities from prefix does not work

  • T2067 (feature): pppoe-server: Add possibility set multiple service-name


  • T2734 (feature): WireGuard: fwmark CLI definition is inconsistent

  • T2733 (feature): Support MTU configuration on pseudo ethernet devices

  • T2644 (default): Bonding interfaces cannot be disabled

  • T2476 (bug): Bond member description change leads to network outage

  • T2443 (feature): NHRP: Add debugging information to syslog

  • T2021 (bug): OSPFv3 doesn’t support decimal area syntax

  • T1901 (bug): Semicolon in values is interpreted as a part of the shell command by validators

  • T2000 (bug): strongSwan does not install routes to table 220 in certain cases

  • T2091 (bug): swanctl.conf file is not generated properly if more than one IPsec profile is used

  • T1983 (feature): Expose route-map when BGP routes are programmed in to FIB

  • T1973 (feature): Allow route-map to match on BGP local preference value

  • T1853 (bug): wireguard - disable peer doesn’t work

  • T1985 (feature): pppoe: Enable ipv6 modules without configured ipv6 pools


  • T2730 (feature): Update Linux Kernel to v4.19.134

  • T2106 (bug): Wrong interface states after reboot

  • T1507 (default): cli: logical redundancy with boolean type


  • T2097 (bug): Problems when using <path> as completion helper in op-mode

  • T2092 (bug): dhcp-server rfc3442 static route should add default route

  • T1817 (bug): BGP next-hop-self not working.

  • T1462 (bug): Upgrade path errors 1.1.8 to 1.2.1-S2

  • T1372 (bug): Diff functionality behaves incorrectly in some cases

  • T2073 (feature): ipoe-server: reset op-mode command for sessions

  • T1715 (bug): System DNS Server Order Incorrect


  • T2673 (bug): After the bridge is configured with Mac, bridge is automatically disabled

  • T2626 (bug): Changing pseudo-ethernet mode, throws CLI error

  • T2608 (bug): delete pseudo-ethernet failed (another error type)

  • T2527 (bug): bonding: the last slave interface is not deleted

  • T2358 (bug): ip6ip6 bridge conf_mode errors

  • T2346 (bug): Setting hostname yields temporary file error

  • T2330 (bug): Vpn op-mode syntax

  • T2188 (default): NTP op-mode commands don’t work


  • T2718 (bug): ntp.conf updated incorrectly

  • T2658 (bug): Interface description comment display error

  • T2643 (bug): show interfaces does not scale with terminal width

  • T2725 (bug): Config fails to load if user has no password

  • T2707 (default): Allow alternative initialization data for Config


  • T2709 (bug): Destination NAT translation port without address fails to commit

  • T2519 (bug): Broadcast address does not add automatically


  • T2708 (bug): “show flow-accounting” should not display script’s “usage” help

  • T2592 (default): dhcp-relay discarding packets on valid interfaces

  • T2712 (feature): udp-broadcast-relay: serivce no longer starts

  • T2706 (feature): Support NDP protocol monitoring


  • T2704 (bug): connect/disconnect Missing newline in op-mode tab completion helper

  • T2689 (feature): Add helper functions to query changes between session and effective configs

  • T2585 (bug): Unable to access the Internet after opening PPPoE on-demand dialing


  • T2675 (bug): DNS service failed to start

  • T2596 (feature): Allow specifying source IP for ‘add system image’


  • T1575 (default): show snmp mib ifmib crashes with IndexError

  • T2696 (bug): Some bugfixes of vyatta-wanloadbalance


  • T2687 (feature): SNMP: change logic on v3 password encryption

  • T2693 (bug): Dhcp6c cannot be restarted after PPPoE link is reset


  • T2692 (bug): Evaluate Setting Default Hash Policy to L3+L4

  • T2646 (bug): Sysctl for IPv4 ECMP Hash Policy Not Set


  • T2691 (bug): Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch

  • T2389 (bug): BGP community-list unknown command

  • T2686 (bug): FRR: BGP: large-community configuration is not applied properly after upgrading FRR to 7.3.x series


  • T2680 (bug): dhcp6c service cannot recover when it fails


  • T2684 (feature): Update Linux Kernel to v4.19.131

  • T2685 (feature): Update Accel-PPP to fix SSTP client issues

  • T2681 (bug): PPPoE stops negotiating IPv6


  • T2682 (bug): VRF aware services - connection no longer possible after system reboot


  • T2670 (default): Remove dependency on show_config from get_config_dict

  • T2676 (feature): NTP: migrate to get_config_dict() implementation


  • T2668 (default): get_config_dict: add get_first_key arg to utility function get_sub_dict


  • T2662 (default): get_config_dict includes node name as key only for tag and leaf nodes

  • T2667 (feature): get_config_dict: Use utility function for non-empty path argument


  • T2660 (bug): XML: Python default dictionary does not obey underscore (_) when flat is False


  • T2656 (bug): XML: Python default dictionary returns wrong dictionary level(s)


  • T2642 (bug): sshd fails to start due to configuration error

  • T2588 (default): Add support for default values to the interface-definition format

  • T2622 (bug): Pseudo-ethernet interface config disappears across versions

  • T2057 (feature): Generalised Interface configuration

  • T2625 (feature): Provide generic Library for package builds


  • T2487 (bug): VRRP does not display info when group disabled

  • T2329 (bug): Show remote config openvpn

  • T2165 (bug): When trying to add route to ripng it complains that ip address should be IPv4 format

  • T2159 (default): webproxy log read from wrong file

  • T2101 (feature): Fix VXLAN config option parsing

  • T2062 (bug): Wrong dhcp-server static route subnet bytes

  • T1986 (bug): Python configuration manipulation library leaks open files

  • T1762 (bug): VLAN interface configuration fails after internal representation of edit level was switched from a string to a list

  • T1538 (bug): Update conntrack-sync packages to fix VRRP issues

  • T1808 (feature): add package nftables


  • T2634 (feature): remove autogeneration of interface “ip section” from vyatta-cfg-system

  • T2633 (bug): Error with arp_accept on tun interface

  • T2595 (feature): Update Linux Kernel to v4.19.128

  • T1938 (bug): syslog doesn’t start automatically


  • T2632 (bug): WireGuard: Cannot use only one preshared-key for one peer

  • T1829 (bug): Install Image script does not respect size of partition greater than 2G but less than disk size

  • T2635 (feature): SSH: migrate to get_config_dict()


  • T2486 (bug): DNS records set via ‘system static-host-mapping’ return NXDOMAIN from ‘service dns forwarding’ after a request to a forwarded zone

  • T2463 (bug): DHCP-received nameserver not added to vyos-hostsd

  • T2534 (bug): pdns-recursor override.conf error

  • T2054 (bug): Changing “system name-server” doesn’t update dns forwarding config, neither does “restart dns forwarding”

  • T2225 (default): PIM/IGMP documentation


  • T2624 (feature): Serial Console: fix migration script for configured powersave and no console

  • T2610 (bug): default-lifetime is not reflected in the RA message

  • T2299 (feature): login radius-server priority

  • T1739 (bug): Serial interface seems not to be deleted properly

  • T480 (bug): Error if no serial interface is present (/dev/ttyS0: not a tty)


  • T2621 (bug): show interfaces repeats interface description if it is longer then an arbitrary number of characters

  • T2618 (default): Conversion from 1.2 to 1.3 lost RADVD prefix autonomous-flag setting


  • T2589 (bug): delete pseudo-ethernet failed

  • T2490 (feature): Add serial (rs232) to ssh bridge service


  • T2614 (default): Add an option to mangle dict keys to vyos.config.get_config_dict()

  • T2026 (default): Make cli-shell-api correctly exit with non-zero code on failures

  • T1868 (default): Add opportunity to get current values from API


  • T2478 (feature): login radius: use NAS-IP-Address if defined source address

  • T2141 (bug): Static ARP is not applied on boot

  • T2609 (bug): router-advert: radvd does not start when lifetime is improperly configured

  • T1720 (feature): support for more ‘show ip route’ commands


  • T2604 (default): Remove use of is_tag in system-syslog.py

  • T2605 (bug): SNMP service is not disabled by default

  • T2568 (bug): Add some missing checks in config

  • T2156 (default): PIM op-mode commands


  • T2600 (bug): RADIUS system login configuration rendered wrongly

  • T2599 (bug): “show interfaces” does not list VIF interfaces in ascending order

  • T2591 (bug): show command has wrong interfaces ordering

  • T2576 (bug): “show interfaces” does not return VTI


  • T2354 (bug): Wireless conf_mode errors

  • T2593 (bug): source NAT translation port can not be set when translation address is set to masquerade

  • T2594 (default): Missing firmware for iwlwifi


  • T2578 (bug): ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses

  • T2571 (bug): NAT destination port with ! results in error

  • T2570 (feature): Drop support for “system console device <device> modem”

  • T2586 (bug): WWAN default route is not installed into VRF

  • T2561 (feature): Drop support for “system console netconsole”

  • T2569 (feature): Migrate “set system console” to XML and Python representation


  • T2575 (bug): pppoe-server: does not possibly assign IP address

  • T2565 (bug): Cannot connect to l2tp server with radius auth

  • T2553 (bug): set interface ethN vif-s nnnn does not commit


  • T2559 (feature): Add operational mode command to retrieve hardware sensor data


  • T2529 (feature): WWAN: migrate from ttyUSB device to new device in /dev/serial/by-bus

  • T2560 (feature): New op-mode command to display information about USB interfaces


  • T2548 (bug): Interfaces allowing inappropriate network addresses to be assigned

  • T1958 (default): Include only firmware we actually need


  • T2514 (enhancment): “mac” setting for bond members


  • T2129 (feature): XML schema: tagNode not allowed on first level in new XML op-mode definition

  • T2545 (feature): Show physical device offloading capabilities for specified ethernet interface

  • T2544 (feature): Enable Kernel KONFIG_KALLSYMS

  • T2543 (feature): Kernel: always build perf binary but ship as additional deb package to not bloat the image

  • T1096 (bug): BGP process memory leak


  • T2535 (feature): Update Intel QAT drivers to 1.7.l.4.9.0-00008

  • T2537 (feature): Migrate “show log dns” from vyatta-op to vyos-1x

  • T2536 (bug): “show log dns forwarding” still refers to dnsmasq

  • T2538 (feature): Update Intel NIC drivers to recent release (preparation for Kernel >=5.4)

  • T2526 (feature): Wake-On-Lan CLI implementation


  • T2532 (feature): VRF aware OpenVPN


  • T2388 (feature): template rendering should create folder and set permission

  • T2531 (feature): Update Linux Kernel to v4.19.125

  • T2530 (bug): Error creating VRF with a name of exactly 16 characters


  • T2528 (bug): “update dns dynamic” throws FileNotFoundError excepton


  • T1291 (default): Under certain conditions the VTI will stay forever down


  • T2395 (feature): HTTP API move to flask/flask-restx as microframework

  • T1121 (bug): Can’t search for prefixes by community: Community malformed: AA:NN


  • T2520 (bug): show conntrack fails with Perl error

  • T2502 (bug): PPPoE default route not installed for IPv6 when “default-route auto”

  • T2458 (feature): Update FRR to 7.3.1

  • T2506 (feature): DHCPv6-PD add prefix hint CLI option


  • T2391 (bug): pppoe-server session-control does not work

  • T2269 (feature): SSTP specify tunnels names

  • T1137 (bug): ‘sh ip bgp sum’ being truncated


  • T2491 (feature): MACsec: create CLI for replay protection

  • T2489 (feature): Add MACsec interfaces to “show interfaces” output

  • T2201 (feature): Rewrite protocol BGP [op-mode] to new XML/Python style

  • T2492 (feature): Do not set encrypted user password when it is not changed

  • T2496 (feature): Set default to new syntax for config file component versions

  • T2493 (feature): Update Linux Kernel to v4.19.124

  • T2380 (bug): After PPPoE 0 is restarted, the default static route is lost


  • T1876 (bug): IPSec VTI tunnels are deleted after rekey and dangling around as A/D

  • T2488 (feature): Remove logfile for dialup interfaces like pppoe and wwan

  • T2475 (bug): linting

  • T1820 (bug): VRRP transition scripts for sync-groups are not supported in VyOS (anymore)

  • T2364 (default): Add CLI command for mroute

  • T2023 (feature): Add support for 802.1ae MACsec


  • T2480 (bug): NAT: after rewrite commit tells that dnat IP address is not locally connected


  • T2481 (feature): WireGuard: support tunnel via IPv6 underlay

  • T421 (bug): Add Pv6 prefix delegation support

  • T815 (feature): Add DHCPv6 server prefix-delegation support


  • T2471 (feature): PPPoE server: always add AdvAutonomousFlag when IPv6 is configured

  • T2409 (default): At boot, effective config should not be equal to current config


  • T2466 (bug): live-build encounters apt dependency problem when building with local packages

  • T2470 (feature): Update to PowerDNS recursor 4.3

  • T2469 (feature): Update Linux Kernel to v4.19.123

  • T2198 (default): Rewrite NAT in new XML/Python style


  • T2449 (bug): ‘ipv6 address autoconf’ and ‘address dhcpv6’ don’t work because interfaces have accept_ra=1 (they should have accept_ra=2 when forwarding=1)


  • T2456 (bug): netflow source-ip cannot be configured


  • T2435 (bug): Pseudo-ethernet Interfaces Broken

  • T2294 (bug): ipoe-server broken (jinja2 template issue)


  • T2454 (feature): Update Linux Kernel to v4.19.122

  • T2392 (bug): SSTP with ipv6


  • T2445 (bug): VRF route leaking for ipv4 not working

  • T2372 (bug): VLAN: error on commit if main interface is disabled

  • T2439 (bug): Configuration dependency problem, unable to load complex configuration after reboot


  • T2427 (default): Interface addressing broken since fix for T2372 was merged

  • T2438 (default): isc-dhcp-server(6).service reports startup success immediately even if dhcpd fails to start up

  • T2367 (default): Flush addresses from bridge members


  • T2441 (bug): TZ validator has a parse error

  • T2429 (bug): Vyos cannot apply VLAN sub interface to bridge


  • T2402 (bug): Live ISO should warn when configuring that changes won’t persist


  • T1899 (bug): Unionfs metadata folder is copied to the active configuration directory


  • T2412 (bug): ping flood does not work as unprivileged user

  • T701 (bug): LTE interface dosen’t come up

  • T951 (bug): command ‘isolate-stations true/false’ does not make any changes in the hostapd.conf


  • T2420 (feature): Update Linux Kernel to v4.19.120

  • T2406 (feature): DHCPv6 CLI improvements

  • T2421 (feature): Update WireGuard to Debian release 1.0.20200429-2_bpo10+1


  • T2414 (feature): Improve runtime from Python numeric validator

  • T2413 (feature): Update Linux Kernel to v4.19.119


  • T2411 (feature): op-mode: make “monitor traceroute” VRF aware

  • T2347 (bug): During commit, any script output directed to stdout will contain path

  • T2239 (default): build-vmware-image script ignores the predefined file path, uses the environment variable unconditionally.


  • T2399 (bug): op-mode “dhcp client leases” does not return leases

  • T2398 (bug): op-mode “dhcp client leases interface” completion helper misses interfaces

  • T2394 (feature): dhcpv6 client does not start

  • T2393 (feature): dhclient: migrate from SysVinit to systemd

  • T2268 (bug): DHCPv6 is broken


  • T1227 (bug): rip PW can’t be set at interface config


  • T2373 (feature): Required auth options for pppoe-server

  • T1381 (feature): Enable DHCP option 121 processing

  • T2010 (bug): Reboot at reports wrong time or missing timezone


  • T2386 (bug): salt: upgrade to 2019.2 packages

  • T2385 (bug): salt-minion: improve completion helpers

  • T2384 (bug): salt-minion: log to syslog and remove custom logging option

  • T2383 (feature): Update Linux Kernel to v4.19.118

  • T2382 (bug): salt-minion: Throws KeyError on commit

  • T2350 (bug): Interface geneve conf-mode error


  • T2304 (feature): “system login” add RADIUS VRF support

  • T1842 (bug): Equuleus: “reboot at 04:00” command not working


  • T2375 (feature): WireGuard: throw exception if address and port are not given as both are mandatory

  • T2348 (bug): On IPv6 address distribution and DHCPv6 bugs


  • T2369 (feature): VRF: can not leak interface route from default VRf to any other VRF

  • T2368 (bug): VRF: missing completion helper when leaking to default table

  • T2374 (bug): Tunnel interface can not be disabled

  • T2362 (default): IPv6 link-local addresses missing due to EUI64 address code, causing router-advert not to work

  • T2345 (default): IPv6 router-advert not working


  • T2361 (bug): Unable to delete VLAN vif interface

  • T2339 (bug): OpenVPN: IPv4 no longer working after adding IPv6 support

  • T2331 (bug): VRRP op-mode errors

  • T2320 (bug): Wireguard creates non-existing interfaces in [op-mode].

  • T2096 (feature): Provide “generate” and “show” commands via the http API

  • T2351 (feature): Cleanup PPTP server implementation and CLI commands


  • T2341 (bug): Pseudo-ethernet Interfaces Not Loaded on Boot

  • T2270 (bug): using load with scp/sftp and a username and password does not work

  • T2255 (bug): DNS forwarding op-mode error

  • T1907 (bug): Traceback on a non-existent interface.

  • T2204 (feature): Support tunnel source-interface


  • T2335 (bug): Unable to assign IPv6 from ISP

  • T2317 (bug): l2tp overwriting ipsec config files

  • T2292 (bug): Ensure graceful shutdown of vyos-http-api

  • T2344 (bug): PPPoE server client static IP assignment silently fails


  • T2337 (default): hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028

  • T2340 (feature): Remove informational “sg” messages from syslog

  • T2338 (bug): Can’t delete static IPv6 route on vrf

  • T2336 (bug): OpenVPN service fails to start

  • T2308 (default): openvpn op-mode scripts broken after migrating to systemd service

  • T2185 (default): Start daemons with systemd units instead of with start-stop-daemon


  • T2318 (bug): dns-forwarding migration script breaks with invalid interface name

  • T2319 (feature): Update Linux Kernel to v4.19.116

  • T2314 (feature): Cleanup PPPoE server implementation and CLI commands

  • T2313 (bug): Accel-PPP / PPPoEserver raises “Floating point exception” when not all limits are defined

  • T2312 (feature): Use LED modules to enable more visible feedback on VyOS hardware chassis

  • T2306 (feature): Add new cipher suites to the WiFi configuration

  • T2286 (default): IPoE server vulnerability

  • T2224 (feature): Update Linux Kernel to v4.19.114

  • T2110 (feature): RADIUS: supply include file for radius config to have a uniform CLI

  • T2324 (feature): Cleanup IPoE server implementation and CLI commands


  • T2275 (bug): flow-accounting broken in rolling

  • T2256 (feature): Accel-ppp op-mode syntax


  • T2295 (bug): Passwords with Special Characters Broken

  • T2305 (feature): Add release name to “show version” command

  • T2235 (default): OpenVPN server client IP doesn’t reserve that IP in the pool

  • T149 (feature): IPv6 support in OpenVPN tunnel


  • T2293 (bug): OpenVPN: UnboundLocalError after merging server_network PullRequest

  • T2298 (bug): Errors PDNS with name-server set


  • T2213 (bug): vyos-1x: WiFi mode ieee80211ac should also activate ieee80211n


  • T2283 (default): openvpn not starting: ccd path in template not moved to /run/openvpn/ccd

  • T2236 (bug): DMVPN broken after tunnel rewrite to XML/Python

  • T2284 (default): Upgrade ddclient to 3.9.1 which also brings systemd files

  • T2282 (feature): Clarify hw-id in ethernet and wireless interface nodes

  • T611 (feature): Static route syntax should reflect ip command routing capabilities, if possible.


  • T2273 (default): OpenVPN no longer starts in latest rolling, migrate to systemd

  • T2263 (feature): Reset feature for SSTP sessions

  • T2262 (bug): Broken reset commands for pptp and l2tp

  • T2031 (bug): pseudo-ethernet link interface cannot be changed


  • T2264 (feature): l2tp: cleanup CLI definition

  • T2233 (bug): Typos in wlanX.cfg

  • T2238 (bug): After re-writing list_interfaces.py to use Interfaces() pseudo-ethernet is missing


  • T2265 (feature): DHCP to be an attribute of the class instead of a inheritance

  • T2261 (bug): “client-config-dir” not being set for openvpn

  • T2248 (bug): PPPoE Broken in Latest 1.3 Rolling (1.3-rolling-202004070629)

  • T1629 (bug): IP addresses configured on vif-s interfaces are not added to the system

  • T2266 (default): openvpn bridged client-server doesn’t work (validation error)

  • T2253 (default): Fix use of cmd in merge config and remote function helpers


  • T2260 (feature): vxlan, pseudo-ethernet: convert link nodes to source-interface

  • T2172 (feature): Enable conf VXLAN without remote address

  • T2237 (bug): l2tp, pptp, pppoe wrong chap-secrets file


  • T2244 (feature): WireGuard: cleanup Python implementation and reduce amount of boilerplate code

  • T2186 (feature): Provide more information to the user when a traceback is reported to the user

  • T2246 (bug): LLDP op-mode error

  • T2240 (feature): Support for bind vif-c interfaces into VRFs

  • T2160 (feature): Allow restricting HTTP API to specific virtual hosts

  • T2247 (feature): WireGuard: add VRF support


  • T2212 (bug): vyos-1x: WiFi card antenna count not set accordingly

  • T2230 (feature): Split out inlined Jina2 template to data/templates folder

  • T2206 (feature): Split WireGuard endpoint into proper host and port nodes


  • T2158 (bug): Commit fails if ethernet interface doesn’t support flow control (pause)

  • T2221 (bug): Ability to remove a VRF that has a next-hop-vrf as target

  • T2211 (bug): vyos-1x: VHT channel width not set accordingly

  • T2208 (bug): vyos-1x: commit on interfaces wireless wlanX capabilities vht link-adaptation (both|unsolicited) fails

  • T2183 (bug): A number of bugs with wireguard script due to interface rearrangement

  • T2104 (default): ifconfig.py size

  • T2028 (feature): Convert “interfaces tunnel” to new XML/Python representation

  • T2219 (bug): VRF default route of PPPoE and WWAN interfaces do not get added into proper routing table

  • T2222 (default): openvpn: requires “multihome” option to listen on all addresses with udp protocol


  • T2072 (bug): Shell autocomplete of option (config node) with quoted value doesn’t work

  • T1823 (feature): l2tpv3 interface migration fails

  • T2202 (feature): Update PowerDNS recursor to 4.2 series

  • T2200 (feature): Add VRF support on wirelessmodem interfaces


  • T2166 (bug): Broken proxy-arp on vif

  • T2180 (bug): get_config_dict should be independent of CLI edit level

  • T2053 (default): Update vyos-load-config.py for version string syntax change

  • T2052 (default): Update vyos-merge-config.py for version string syntax change

  • T2144 (default): vyos-build: docker: selection of text in the terminal still selects it in vim (mouse isn’t completely disabled)


  • T2176 (default): ‘WiFiIf’ object has no attribute ‘set_state’

  • T2029 (feature): Switch to new syntax for config file component versions


  • T2178 (bug): VRF interface don’t get removed when VRF is deleted

  • T2170 (feature): Add ability to create static route from default to VRF

  • T1831 (feature): Denest IPv6 router-advert from Interfaces to general service


  • T2167 (bug): vyos.ifconfig.get_mac() broken

  • T2151 (default): wireless: can’t delete interface present in config but not present in system

  • T1988 (feature): Migrate wirelessmodem to new XML/Python style interface


  • T2164 (bug): Package libstrongswan-standard-plugins missing from image

  • T2105 (bug): wireless: not possible to disabled wlan0

  • T2169 (default): Remove redundant use of show_config in vyos-merge-config


  • T2162 (default): migration script for router-advert sets link-mtu 0 on bridge interfaces

  • T1735 (bug): Issue in “show vpn ipsec/ike sa” output with ipsec encryption algorithm aes128gcm128/aes256gcm128/chacha etc


  • T2148 (default): openvpn: setting “server client” config without “server client ip” results in ValueError: ‘’ does not appear to be an IPv4 or IPv6 address

  • T2146 (default): openvpn: “delete server client” doesn’t delete the corresponding ccd configs


  • T2157 (default): Organize service https listen-address/listen-port/server-name under ‘virtual-host’ node

  • T1845 (bug): syslog host no longer accepts a port


  • T2150 (feature): SSTP ssl certificates can only be stored in /config/user-data/sstp

  • T2149 (feature): Update Linux Kernel to v4.19.112

  • T476 (enhancment): Update the base system to Debian 10 (Buster)


  • T2142 (bug): vyos-build: Add required packages and step to build-GCE-image script

  • T1870 (feature): Extend Pipeline scripts to support PullRequests


  • T2006 (bug): SSTP RADIUS CLI accepts invalid values

  • T2140 (default): openvpn: tls file check function checkCertHeader returns True even when no match is found

  • T2007 (feature): SSTP accepts client MTU up to 16384 bytes

  • T2008 (feature): Adjustment of SSTP CLI to be more consistent to the rest of VyOS


  • T2135 (bug): Login banner missing spacing now

  • T2132 (feature): Document kernel boot parameter ‘vyos-config-debug’

  • T1744 (default): Config load fails in ConfigTree with ValueError: Failed to parse config: lexing: empty token


  • T2134 (bug): VXLAN: NameError: name ‘config’ is not defined


  • T2131 (feature): Improve syslog remote host CLI definition


  • T2122 (feature): Update Intel out-of-tree drivers to latest version(s)

  • T2121 (feature): Update Linux Kernel to v4.19.109

  • T2119 (bug): Error on boot when removing ethernet interface from VM


  • T834 (feature): New L2TP server implementation based on accel-ppp


  • T1622 (default): Add failsafe and back trace to boot config loader


  • T1961 (bug): VXLAN - fails to commit due to non-existent variable, broken MTU

  • T2084 (default): conntrack-tools package build error for current/equuleus


  • T1331 (bug): DNS stops working


  • T2111 (feature): VRF add route leaking support

  • T2109 (bug): Ping by name broken in VyOS 1.3-rolling-202003080217

  • T2065 (bug): VyOS 1.3 Don’t set daemon in openvpn-{intf}.conf file

  • T31 (feature): Add VRF support


  • T1954 (bug): Having system login radius configured causes exponentially long boot times

  • T1760 (bug): RADIUS shared secret is not redacted from “show configuration” op mode command


  • T2107 (bug): Wireless interfaces do not work in station mode without security


  • T2074 (bug): VyOS docker container: Cannot configure ethernet interface


  • T2098 (bug): Wrong call to cli-shell-api in generated op-mode templates for path completion helper


  • T2095 (bug): Copy command errors out


  • T2082 (bug): WireGuard broken after merging T2057

  • T2089 (feature): RADIUS: do not query servers when commit is running started from a non RADIUS user

  • T2086 (feature): Move sudo session open/close log entries to auth.log


  • T2046 (feature): allowing sub-classes of Interface to redefine how the interface is created


  • T2083 (default): vyos-build: build-packages fails at mdns-repeater due to wrong branch

  • T2080 (default): traffic-policy shaper error when setting bandwidth


  • T2075 (feature): Add support for OpenVPN tls-crypt file option

  • T2068 (feature): Update Linux Kernel to v4.19.105

  • T1703 (default): Macvlan PPPoE support

  • T2078 (feature): Kernel: remove unused RAID functions 5,6,10,jbod,dm


  • T2070 (feature): Rewrite (dis-)connect op-mode commands in XML and Python

  • T2071 (feature): Add possibility to temporary disable a RADIUS server used for system login


  • T2055 (feature): Remove IPv6 router-advert options for PPPoE

  • T1318 (feature): PPPoE client CLI redesign


  • T2063 (feature): vyos-salt-minion package is missing from vyos-world


  • T1969 (default): OSPF with WireGuard cause Route Inactive


  • T2034 (default): Removal of interfaces loopback lo removed and ::1


  • T2047 (feature): Update Linux Kernel to v4.19.104

  • T2048 (bug): ISO boot fails when wireless adapter is present


  • T2043 (bug): Bond VLANs can’t be extended on the fly

  • T2030 (bug): Bond doesn’t survive reboot

  • T1992 (bug): Adding vlan on a bond resets all BGP connections on same bond

  • T1908 (feature): Add zone option for Cloudflare DDNS

  • T1246 (bug): VyOS 1.2.0 “openvpn-options” configuration does not allow quotes in values


  • T2042 (bug): Error on reboot after deleting “service snmp” and not “service lldp snmp enable”

  • T2041 (bug): Adding non existent bond interface raises exception


  • T2039 (bug): Wrong system type displayed in show version

  • T2040 (bug): vyos-http-api-server should reload Config in all routes


  • T2033 (feature): Drop vyos-replace package

  • T1635 (feature): Rewrite interface pseudo-ethernet in new XML/Python style


  • T2024 (feature): Migrate “system login banner” to XML/Python


  • T2022 (bug): When RADIUS config is active, local logins won’t work

  • T2020 (default): Unable to log in after upgrade to 1.3-rolling-202002080217

  • T1931 (bug): Enabling SNMP commit error


  • T1948 (bug): RADIUS login broken in 1.3

  • T1990 (feature): Migrate “system login” to XML/Python representation

  • T1585 (default): Add letsencrypt/certbot support for ‘service https’


  • T1965 (bug): VyOS-1.3: ping no longer supports specifying interface or source


  • T2011 (feature): Update Linux Kernel to v4.19.101

  • T640 (bug): Images no longer work when built without “recommended” packages


  • T2009 (bug): Ethernet Interface always stays down

  • T1989 (bug): conf.get_config_dict() throws exception


  • T1768 (bug): PPtP - vyos.config rewrite

  • T2002 (bug): VLAN interfaces try to be enabled even if parent interface is A/D


  • T1994 (default): lldpd not bound to specified interfaces - Fix jinja template

  • T1896 (enhancment): Remove LLDP-MED civic_based location information

  • T1724 (feature): wireguard - add endpoint check in verify()


  • T1996 (feature): Update Linux Kernel to 4.19.99

  • T1862 (default): Use regex pattern s+ to split strings on whitespace in Python 3.7

  • T1755 (bug): Python KeyError exceptions raised with ‘show vpn ipsec sa’ command under use of certain IPSEC cipher suites

  • T1747 (bug): L2TP breaks after upgrading to VyOS 1.2-rolling-201910180117 [issue report and proposed solution]

  • T1664 (bug): Ipoe with bond per vlan don’t work

  • T1895 (feature): There is not restriction on selection of syslog facility

  • T1670 (feature): OpenVPN option for tls-auth


  • T1937 (bug): snmpd throwing a tremendous amount of errors

  • T1767 (bug): IPoE - vyos.config rewrite

  • T1765 (bug): wireguard - vyos.config rewrite


  • T1975 (bug): OpenVPN tap devices won’t come up automatically


  • T1766 (bug): service-pppoe - vyos.config rewrite


  • T1784 (bug): DMVPN with IPSec does not work in HUB mode

  • T1977 (bug): webproxy error on fresh install


  • T1830 (feature): 1.3-rolling boots to GRUB prompt post-install on UEFI systems

  • T1940 (bug): EFI Fresh Install fails to boot, 4K Sector Drives Fail to boot EFI


  • T1880 (default): “A stop job is running for live-tools - System Support Scripts” hangs, times out when shutting down equuleus live iso


  • T1959 (bug): Error message when adding IPSec VPN


  • T1955 (feature): snmp - cli config val_help missing

  • T1813 (bug): error in generated /etc/hosts file


  • T1946 (bug): Recovery ifname for PPtP remote-access


  • T1939 (feature): Provide abstraction for interface “ip” options


  • T1779 (bug): Tunnel interfaces aren’t suggested as being available for bridging


  • T1654 (bug): sFlow: multiple “sflow server” not work, and “disable-imt” could break configuration

  • T1923 (feature): Migrate L2TPv3 interface to XML/Python


  • T1920 (bug): beep: Error: Running under sudo, which is not supported for security reasons.

  • T1918 (bug): l2tp / ipsec config broken in latest daily

  • T1897 (bug): IPSec - 1.2 to 1.3 migration failed

  • T1921 (bug): snmp: VyOS options no longer recognized

  • T1922 (feature): Add VXLAN IPv6 support

  • T1919 (feature): Migrate “system options” to XML/Python representation


  • T1916 (feature): Update Linux Kernel to v4.19.91

  • T1915 (bug): Remove “system ipv6 blacklist” option

  • T1912 (feature): Migrate “system (ip|ipv6)” to XML/Python representation


  • T1910 (bug): Invalid parmissions on latest 1.3 rolling ISO images


  • T1794 (bug): Interface description can’t contain a colon

  • T1906 (feature): Migrate “system time-zone” configuration to XML/Python


  • T1898 (enhancment): Support multiple IPv4/IPv6 LLDP management addresses

  • T1878 (bug): accel-ppp: pppoe single-session option implementation


  • T393 (enhancment): Migrate vyatta-lldpd to vyos-1x


  • T1892 (default): vyos-build: Do not install recommends in docker image [enhancement]

  • T1411 (enhancment): equuleus: buster: vyatta-ravpn: libfreeradius-client2 is missing in buster


  • T1873 (default): DHCP server fails to start due to a change in isc-dhcp-server init scripts


  • T1889 (bug): Error building docker build image

  • T1132 (default): Build on Debian Buster


  • T1886 (feature): Update Linux Kernel to v4.19.89

  • T1887 (feature): Update WireGuard to Debian release 0.0.20191212-1


  • T1861 (default): hosts lost after modified static-host-mapping


  • T1843 (feature): Add GCC preprocessor support for XML files


  • T1566 (feature): Extend L2TP/IPSec server with IPv6


  • T1714 (bug): Disable DHCP Nameservers Not Working


  • T1860 (feature): Update WireGuard to Debian release 0.0.20191127-2

  • T1859 (feature): Update Linux Kernel to v4.19.88

  • T1854 (bug): Dynamic DNS configuration cannot be deleted

  • T1849 (bug): DHCPv6 client does not start

  • T1169 (bug): LLDP potentially broken

  • T586 (bug): Cannot add ethernet vif-s vif-c interface to bridge-group


  • T1847 (bug): set_level incorrectly handles path given as empty string


  • T1787 (default): Failed config migration from V1.2.3 to 1.2-rolling-201911030217

  • T1212 (bug): IPSec Tunnel to Cisco ASA drops reliably after 4.2GB transferred

  • T1704 (feature): OpenVPN - Add support for ncp-ciphers


  • T1782 (bug): pppoe0: showing as “Coming up”

  • T1801 (bug): Unescaped backslashes in config values cause configuration failure


  • T1840 (bug): PPPoE doesn’t not rename pppX to pppoeX


  • T1824 (bug): Permission denied: ‘/opt/vyatta/etc/config/vyos-migrate.log’


  • T1673 (bug): vif bridge-group not migrated to bridge member interface

  • T1799 (feature): Add support for GENEVE (Generic Network Virtualization Encapsulation)


  • T1627 (feature): Rewrite wireless interface in new style XML syntax


  • T1818 (default): Print name of migration script on failure

  • T1814 (default): Add log of migration scripts run during config migration


  • T1710 (default): [equuleus] buster: add patch to fix live-build missing key error

  • T1804 (default): Add python3-psutil to docker image

  • T1736 (default): Decide on best practice for patching live-team packages for VyOS build system

  • T1424 (default): Rewrite the config load script


  • T1793 (feature): Editing description on an interface causes BGP sessions to reset on commit


  • T1791 (feature): Update Linux Kernel to 4.19.82


  • T1789 (bug): ddclient not working with generated RFC2136 / nsupdate config


  • T1777 (bug): Bonding interface MAC address mismatch after reboot

  • T1752 (bug): PPPoE does not automatically start on boot


  • T1783 (bug): Interface can’t unpin from bridge


  • T1756 (feature): Modify output to be more useful - Wireguard


  • T1741 (feature): Add system wide proxy setting


  • T1746 (bug): 201910180117 fails startup with ‘Permission Denied’ errors

  • T1743 (default): equuleus: remove references to SSH key type “rsa1” deprecated in Debian Buster


  • T1712 (default): DHCP client sometimes doesn’t start

  • T1604 (enhancment): equuleus: buster: vbash: tab completion breaks


  • T1723 (bug): wireguard - Interface wg01 could not be brought up in time


  • T1719 (feature): ssh deprecated options

  • T1718 (bug): ISO check in /opt/vyatta/sbin/install-image faulty

  • T1682 (feature): Migrate to new Jenkins Pipeline script


  • T1717 (bug): disable multiple daemons to autostart at boot


  • T1713 (feature): Remove deprecated packages no longer required after migration to Accel-PPP


  • T1689 (feature): “reset openvpn” op-mode command should terminate and restart OpenVPN process


  • T1706 (bug): wireguard broken in latest rolling


  • T1688 (feature): OpenVPN - Add new cipher aes-(128|192|256)-gcm


  • T1696 (bug): NTP - Tests fail when building vyos-1x

  • T1512 (bug): vyos 1.2 openvpn client names with spaces created incorrectly


  • T1681 (feature): cleanup wireguard code since tagnodes are now visible

  • T1695 (bug): Syntax error in interface-dummy.py


  • T1692 (bug): ipoe-server verify function error

  • T1691 (bug): OpenVPN - Commiting config when OpenVPN peer/server not available makes commit hang

  • T1690 (feature): restart op-mode commands for ‘service (pppoe|ipoe)-server’


  • T1672 (bug): Wireguard keys not automatically moved


  • T1679 (bug): during bootup: invalid literal for int() with base 10

  • T1680 (feature): DHCP client does not release IP address on exit/deletion


  • T1676 (default): [equuleus] buster: update GRUB boot parameters during upgrade

  • T1637 (feature): Rewrite ethernet interface in new style XML syntax

  • T1675 (feature): OpenVPN - Specify minimum TLS version


  • T1602 (default): equuleus: buster: add live build apt options for choosing vyos packages


  • T1666 (feature): Deleting a bond will place member interfaces into A/D state


  • T239 (bug): Improve documentation for the firewall all-ping setting


  • T1040 (default): rc.local is executed too early


  • T1662 (default): openvpn: ‘show openvpn client’ error

  • T1661 (default): openvpn: wrong checking for existence cert files

  • T1630 (bug): OpenVPN after changing it from root to nobody (unprivileged user) cant add routes


  • T1660 (bug): Bonding dont’t work on VyOS 1.2-rolling-201909120338

  • T1655 (enhancment): equuleus: buster: arm: vyos-accel-ppp build failes because of filename hardcoded as x86_64 in debian/rules


  • T1572 (feature): Wireguard keyPair per interface

  • T1545 (bug): IPSEC vti issue


  • T1650 (feature): implement wireguard default key removal

  • T1649 (feature): feature documentation different keypairs per interface

  • T1648 (feature): add cli command ‘delete wireguard named-key <key>’


  • T1639 (bug): wireguard pubkey change error


  • T1640 (feature): Update Linux Kernel to v4.19.70


  • T1624 (bug): Failed to set up config session

  • T1636 (feature): Rewrite VXLAN in new style XML/Python

  • T1479 (bug): libvyosconfig error reporting doesn’t include line numbers

  • T808 (feature): replace lighthttpd with nginx

  • T1478 (bug): libvyosconfig parser does not support escaped quotes inside single-quoted strings


  • T1632 (bug): OpenVPN ‘push’ options with quotes

  • T1631 (bug): Multiple push-route options cause error generating openvpn configuration

  • T1557 (feature): Create generic abstraction for configuring interfaces e.g. IP address

  • T1628 (feature): Adopt WireGuard configuration script to new vyos.ifconfig class

  • T1614 (feature): Rewrite bonding interface in new style XML syntax


  • T1621 (default): Rewrite the rest of trivial vyatta-op commands to new syntax


  • T1456 (bug): Port group cannot be configured if the same port is configured as standalone and inside a range


  • T1615 (feature): After migration to pyroute2 the address DHCP statement is no longer covered


  • T1617 (default): OpenVPN push route failure

  • T1250 (bug): FRR not setting default gateway from DHCP


  • T1591 (bug): OpenVPN “run show openvpn client status” does not work

  • T1608 (feature): bridge: Bridge adding non existing interfaces is allowed but does not work

  • T1548 (feature): Rewrite OpenVPN interface/op-commands in new style XML/Python

  • T1607 (default): Convert ‘reset conntrack’ and ‘reset ip[v6] cache’ operations from vyatta-op to new syntax


  • T1611 (default): Migration to latest rolling fails with vyos.configtree.ConfigTreeError: Path [b’interfaces bridge br0 igmp-snooping querier’] doesn’t exist


  • T1606 (bug): Rolling release no longer boots after adding hostname daemon


  • T1601 (feature): Rewrite loopback interface type with new style XML/Python interface

  • T1596 (default): Convert ‘telnet’ and ‘traceroute’ vyatta-op commands to new syntax


  • T1595 (feature): Migrate deprecated “service dns forwarding listen-on” to listen-address


  • T1580 (feature): Rewrite dummy interface type with new style XML/Python interface

  • T1590 (default): Convert ‘show system’ operations from vyatta-op to python/xml syntax


  • T1592 (feature): Update Linux Kernel to v4.19.67


  • T1584 (default): equuleus: buster: add consistent grub options for predictable interface names


  • T1556 (feature): Rewrite Bridge in new style XML syntax


  • T1569 (feature): interfaceconfig class documetation


  • T1562 (feature): Change version scheme on current branch used for rolling releases


  • T1561 (bug): VyOS rolling ISO cluttered with vyatta-ravpn Git Repo


  • T853 (feature): Add SSTP server support

  • T742 (feature): Replace poptop and xl2tpd with accel-ppp


  • T1544 (feature): L2TP documentation


  • T1552 (feature): accel-ppp: SSTP documentation

  • T1553 (default): equuleus: buster: add ‘noautologin’ to boot parameters


  • T1532 (default): [equuleus] buster: GPG error on vyos package repository


  • T1547 (feature): accel-ppp/L2TP restructure CLI

  • T1546 (bug): accel-ppp/L2TP radius-source address is not honored


  • T1533 (bug): Rolling builds broken!

  • T1489 (feature): Add vlan_mon usage at Accel


  • T1435 (enhancment): Make ip-address [OPTIONAL] (in dhcp-server -> static-mapping) to cope with “unfriendly” client-hostnames of IoT-Devices


  • T823 (feature): Rewrite DHCP op mode in the new style


  • T1497 (bug): “set system name-server” generates invalid/incorrect resolv.conf

  • T533 (feature): Support for PPPoE MTU greater than 1492


  • T1510 (feature): [IPoE] vlan-mon option implementation

  • T1508 (feature): [pppoe] migration script for service pppoe-server interface

  • T1494 (feature): accel-ppp: IPoE update documentation

  • T989 (feature): Add support for IPoE server


  • T1502 (feature): Add build sanity checking tools to the dev builds


  • T1099 (default): Openvpn: use config files instead of one long command.

  • T1495 (feature): accel-ppp: IPoE implement IPv6 PD


  • T1498 (bug): Nameservers are not propagated into resolv.conf


  • T1482 (feature): Add OpenVPN SHA384 hashing algorithm


  • T1476 (bug): Update PowerDNS recursor to 4.2 series


  • T1313 (feature): Add support for reusable build flavours

  • T1202 (bug): Add hvinfo to the packages directory


  • T1413 (enhancment): equuleus: buster: vyos-xe-guest-utilities is not installable and breaks live-build

  • T1412 (enhancment): equuleus: buster: vyos-netplug is not installable and breaks live-build


  • T1334 (feature): Migration script runner rewrite

  • T1327 (bug): Set the serial console speed to 115200 by default


  • T1451 (bug): Intel e1000e driver missing in lates rolling release


  • T1408 (feature): pppoe-server - implement local-ipv6 for pure IPv6 based deployments


  • T1397 (default): Rewrite the config merge script


  • T1426 (default): Update the script that checks conntrack hash-size on reboot


  • T1423 (default): When merging remote config files, create known_hosts file if not present.


  • T1410 (feature): Upgrade Linux Kernel to 4.19.46


  • T1404 (feature): Update iproute2 package to 4.19


  • T1407 (bug): pppoe IPv6 PD documention by practical example


  • T1402 (feature): Update Linux Kernel to 4.19.45


  • T1399 (bug): accel-ppp kernel modules missing in rolling build 20190522

  • T1393 (bug): pppoe IPv6 pool doesn’t work


  • T592 (bug): lldpcli: unknown command from argument 1: #


  • T1267 (feature): FRR: Add interface name for static routes

  • T1148 (bug): epa2 BGP peers initiate before config is fully loaded, routes leak.


  • T1368 (feature): Enable MPLS support in Linux Kernel


  • T1365 (bug): Cannot configure syslog on 1.2.0-rolling+201904260337


  • T1352 (feature): vyos-documentaion: accel-pppoe adding CIDR based IP pool option


  • T1348 (feature): Upgrade WireGuard to 0.0.20190406-1

  • T1347 (feature): Upgrade Linux Kernel to 4.19.36


  • T1344 (feature): Unclutter “system login radius” configuration nodes


  • T1325 (default): GRE tunnel to Cisco router fails in 1.2.0 - works in 1.1.8


  • T1184 (feature): wireguard - extend documentation with the show interface wireguard commands


  • T1260 (feature): VICI-based implementation of “run show vpn ipsec sa”

  • T1248 (default): Add a function for copying nodes to the vyos.configtree library


  • T1324 (feature): update documtation for ‘set system login user level’


  • T1323 (feature): migrate operator accounts to admin accounts and remove the option to setup an operator account


  • T405 (feature): Add binaries for lcdproc


  • T1284 (feature): accel-ppp: pptp implementation documention

  • T833 (feature): New PPTP server implementation based on accel-ppp


  • T1257 (bug): implement ‘set system static-host-mapping’ in host_name.py and remove old function calls


  • T1214 (bug): Add ipaddrcheck to the packages directory


  • T1154 (default): use of local cache to build iso


  • T1236 (feature): Update Linux Kernel