diff options
author | rebortg <github@ghlr.de> | 2024-08-05 22:14:16 +0200 |
---|---|---|
committer | rebortg <github@ghlr.de> | 2024-08-05 22:14:16 +0200 |
commit | 73bacacd6f69d0e4339ccd4585958da01c1ad67d (patch) | |
tree | 362e11267f3773ab9fe11496b3079fffc668e673 /docs/changelog | |
parent | 011b52540d51c4e1de553039dbabcde6e7ef6b5f (diff) | |
download | vyos-documentation-73bacacd6f69d0e4339ccd4585958da01c1ad67d.tar.gz vyos-documentation-73bacacd6f69d0e4339ccd4585958da01c1ad67d.zip |
add release notes of eqquleus and sagitta
Diffstat (limited to 'docs/changelog')
-rw-r--r-- | docs/changelog/1.3.rst | 6805 | ||||
-rw-r--r-- | docs/changelog/1.4.rst | 6449 |
2 files changed, 1303 insertions, 11951 deletions
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index dc1b4620..42a94a63 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -1,5 +1,6 @@ + ############ -1.3 Equuleus +1.3 Eqquleus ############ .. @@ -8,5971 +9,933 @@ _ext/releasenotes.py -2024-04-25 -========== - -* :vytask:`T6249` ``(default): ISO builder fails because of changed buster-backport repository`` - - -2024-04-23 -========== - -* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` - - -2024-04-17 -========== - -* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` - - -2024-04-12 -========== - -* :vytask:`T3437` ``(bug): BGP Confederation Addition Causes Error`` - - -2024-04-10 -========== - -* :vytask:`T6124` ``(bug): Docker equuleus build image doesn't build due to fpm`` - - -2024-04-08 -========== - -* :vytask:`T6196` ``(bug): Route-map and summary-only do not work in BGP aggregation at the same time`` - - -2024-04-07 -========== - -* :vytask:`T1244` ``(default): Support for StartupResync in conntrackd`` - - -2024-04-05 -========== - -* :vytask:`T2590` ``(bug): DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` - - -2024-04-04 -========== - -* :vytask:`T4146` ``(bug): Nginx should not listen on port 80`` -* :vytask:`T1976` ``(default): deleting address-family under neighbor will disable neighbor`` -* :vytask:`T5625` ``(default): "restart vpn" does not work if ipsec-interfaces is not set`` -* :vytask:`T3020` ``(bug): The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location"`` -* :vytask:`T2250` ``(default): vyos-build "make iso" error if configure was ran outside of the docker container`` -* :vytask:`T2139` ``(default): openvpn: allow "dh-file none" to disable DH for ECDH keys`` -* :vytask:`T2014` ``(default): Use vendor specific NTP Pool hostname`` -* :vytask:`T1118` ``(bug): Obsolete "utc" option in time selector in firewall`` -* :vytask:`T948` ``(feature): integrate aws cloud watch scripts into AMI`` - - -2024-04-02 -========== - -* :vytask:`T6150` ``(bug): Impossible to set a static IP address via Radius in IPoE`` - - -2024-04-01 -========== - -* :vytask:`T6193` ``(bug): dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` - - -2024-03-22 -========== - -* :vytask:`T6110` ``(bug): dhcp server - If failover is defined, range is required`` -* :vytask:`T5624` ``(default): Remove /etc/debian_version from the image`` - - -2024-03-11 -========== - -* :vytask:`T2998` ``(bug): SNMP v3 oid "exclude" option doesn't work`` -* :vytask:`T6096` ``(bug): Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` -* :vytask:`T6057` ``(feature): Add ability to disable syslog for conntrackd`` -* :vytask:`T5504` ``(feature): Keepalived VRRP ability to set more than one peer-address`` - - -2024-03-07 -========== - -* :vytask:`T3992` ``(bug): Traceback on adding interface to bridge with configured ip address`` - - -2024-03-06 -========== - -* :vytask:`T6088` ``(bug): Configuration corrupted after saving and powercut or force reboot`` - - -2024-02-16 -========== - -* :vytask:`T2113` ``(bug): OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` -* :vytask:`T5418` ``(bug): PPPoE-Server Client IP pool Subnet`` - - -2024-02-15 -========== - -* :vytask:`T2612` ``(bug): HTTPS API, changing API key fails but goes through`` -* :vytask:`T656` ``(enhancment): Rewrite wirelessmodem in new style XML interface definition`` - - -2024-02-14 -========== - -* :vytask:`T2044` ``(bug): RPKI doesn't boot properly`` - - -2024-02-08 -========== - -* :vytask:`T6014` ``(feature): Bump keepalived version`` - - -2024-02-07 -========== - -* :vytask:`T6017` ``(bug): Update vyos-http-api-tools for security advisory`` - - -2024-02-02 -========== - -* :vytask:`T5914` ``(bug): CVE-2023-48795 - Terrapin vulnerability`` -* :vytask:`T5739` ``(bug): Password recovery does not work if public keys are configured`` - - -2024-02-01 -========== - -* :vytask:`T5967` ``(bug): Multi-hop BFD connections can't be established; please add minimum-ttl option.`` - - -2024-01-22 -========== - -* :vytask:`T4721` ``(feature): Static IPv6 Route Tags Missing`` - - -2024-01-20 -========== - -* :vytask:`T5187` ``(bug): Update Realtek r8152 driver`` -* :vytask:`T5182` ``(bug): Update Intel ice driver`` -* :vytask:`T5180` ``(bug): initramfs-tools ignores firmware from updates directory`` -* :vytask:`T4990` ``(bug): Commit results may not be properly saved if power is cut immediately after a successful commit`` -* :vytask:`T4039` ``(feature): Rsyslog to use 'protocol23format' for protocol UDP`` -* :vytask:`T3813` ``(bug): Some custom sysctl parameters can't be applied bug`` -* :vytask:`T2579` ``(feature): The root task for VRF features`` -* :vytask:`T2546` ``(feature): The root task for rewriting [op-mode] to XML`` -* :vytask:`T2452` ``(default): Serial console related issues`` - - -2024-01-19 -========== - -* :vytask:`T5543` ``(bug): Fix source address handling in static joins`` - - -2024-01-14 -========== - -* :vytask:`T5715` ``(bug): IPSec VPN: restart vpn is not working`` - - -2024-01-13 -========== - -* :vytask:`T5924` ``(bug): Build cannot pass the smoketest dialup-router-medium-vpn`` - - -2024-01-11 -========== - -* :vytask:`T5275` ``(default): Add op mode commands for exporting certificates to PEM files with correct headers`` -* :vytask:`T5274` ``(default): Add a deprecation warning for OpenVPN site-to-site with pre-shared secret`` -* :vytask:`T3191` ``(bug): PAM RADIUS freezing when accounting does not configured on RADIUS server`` - - -2024-01-10 -========== - -* :vytask:`T4646` ``(bug): USB serial output console does not work`` -* :vytask:`T4466` ``(bug): intel i225-v nic does not detect link after boot`` -* :vytask:`T4222` ``(feature): Support for TWAMP as round-trip metric`` -* :vytask:`T1369` ``(bug): GCP Networking Failure`` - - -2024-01-09 -========== - -* :vytask:`T3242` ``(bug): PPPoE Server overhead on virtual interfaces creation`` -* :vytask:`T2755` ``(default): Requirements for partial interface setup`` -* :vytask:`T2494` ``(bug): systemd dependencies issues`` -* :vytask:`T2343` ``(feature): Disable memory ballooning in VM templates`` -* :vytask:`T2254` ``(default): Provide more information on the build branch in the version data`` -* :vytask:`T2223` ``(feature): convert operational show interfaces to python/XML`` -* :vytask:`T1925` ``(bug): DMVPN is always listed as down in "show vpn ipsec sa"`` -* :vytask:`T1297` ``(feature): Add GARP settings to VRRP/keepalived`` - - -2024-01-08 -========== - -* :vytask:`T5318` ``(bug): Security Vulnerabilities for VyOS 1.3.3`` -* :vytask:`T3980` ``(bug): vrrp transition-script validator makes warning fatal and also causes a python NameError exception`` -* :vytask:`T2799` ``(feature): VyOS Certificates Manager`` - - -2023-12-29 -========== - -* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` - - -2023-12-22 -========== - -* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients`` - - -2023-12-21 -========== - -* :vytask:`T5714` ``(bug): IPSec VPN: op-mode: "show log vpn" does not show results`` -* :vytask:`T3039` ``(feature): Resize a root partition and filesystem automatically during deployment in virtual environments`` -* :vytask:`T2404` ``(bug): Cannot change MTU`` -* :vytask:`T2353` ``(bug): Interface [conf_mode] errors parent task`` -* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` - - -2023-12-19 -========== - -* :vytask:`T2116` ``(feature): Processing configuration via Cloud-init User-Data`` - - -2023-12-18 -========== - -* :vytask:`T2191` ``(feature): Using tallow to block sshd probes`` - - -2023-12-15 -========== - -* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` - - -2023-12-12 -========== - -* :vytask:`T5817` ``(bug): Show openvpn server fails in some cases`` -* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` - - -2023-11-30 -========== - -* :vytask:`T4601` ``(bug): dhcp : relay agent IP address issue.`` - - -2023-11-28 -========== - -* :vytask:`T5777` ``(bug): frr: backport and upstream recent bgpd daemon crashes`` - - -2023-11-27 -========== - -* :vytask:`T5763` ``(bug): Fix imprecise check for remote file name in vyos-load-config.py`` - - -2023-11-25 -========== - -* :vytask:`T5655` ``(bug): commit-archive: Ctrl+C should not eror out with stack trace, signal should be cought`` - - -2023-11-24 -========== - -* :vytask:`T5402` ``(bug): VRRP router with rfc3768-compatibility sends multiple ARP replies`` - - -2023-11-22 -========== - -* :vytask:`T5578` ``(bug): "ikev2-reauth" description contains outdated information`` - - -2023-11-15 -========== - -* :vytask:`T5661` ``(enhancment): Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection`` -* :vytask:`T1276` ``(bug): dhcp relay + VLAN fails`` - - -2023-11-07 -========== - -* :vytask:`T5586` ``(feature): Disable by default SNMP for Keepalived VRRP`` - - -2023-11-06 -========== - -* :vytask:`T4269` ``(feature): node.def generator should automatically add default values`` - - -2023-10-26 -========== - -* :vytask:`T5684` ``(bug): services using VRF generates the error "Failed to load BPF prog: 'Operation not permitted'" when the system boots.`` -* :vytask:`T5594` ``(bug): VRRP - Error if using IPv6 Link Local as hello source address`` - - -2023-10-21 -========== - -* :vytask:`T5670` ``(bug): bridge: missing member interface validator`` -* :vytask:`T5191` ``(default): Replace underscores with hyphens in command-line options generated by vyos.opmode`` -* :vytask:`T4402` ``(bug): OpenVPN client-ip-pool option is broken`` -* :vytask:`T2719` ``(feature): Standardized op mode script structure`` - - -2023-10-19 -========== - -* :vytask:`T5669` ``(bug): VXLAN interface changing port does not work`` - - -2023-10-17 -========== - -* :vytask:`T5235` ``(bug): SSH keys with special characters cannot be applied via Cloud-init`` - - -2023-10-08 -========== - -* :vytask:`T5630` ``(feature): pppoe: allow to specify MRU in addition to already configurable MTU`` - - -2023-10-06 -========== - -* :vytask:`T5576` ``(feature): Add bgp remove-private-as all option`` - - -2023-10-04 -========== - -* :vytask:`T5632` ``(feature): Add jq package to parse JSON files`` - - -2023-09-25 -========== - -* :vytask:`T5533` ``(bug): Keepalived VRRP IPv6 group enters in FAULT state`` - - -2023-09-20 -========== - -* :vytask:`T5271` ``(default): Add support for peer-fingerprint to OpenVPN`` - - -2023-09-11 -========== - -* :vytask:`T5557` ``(bug): bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802`` -* :vytask:`T3424` ``(default): PPPoE IA-PD doesn't work in VRF`` - - -2023-09-10 -========== - -* :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)`` -* :vytask:`T5545` ``(bug): sflow is not working`` - - -2023-09-08 -========== - -* :vytask:`T4426` ``(default): Add arpwatch to the image`` - - -2023-09-05 -========== - -* :vytask:`T5524` ``(feature): Add config directory to liveCD`` -* :vytask:`T2958` ``(bug): DHCP server doesn't work from a live CD`` -* :vytask:`T5428` ``(bug): dhcp: client renewal fails when running inside VRF`` - - -2023-09-04 -========== - -* :vytask:`T5506` ``(bug): Container bridge interfaces do not have a link-local address`` - - -2023-08-31 -========== - -* :vytask:`T5190` ``(feature): Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0`` -* :vytask:`T5140` ``(bug): Firewall network-group problems`` -* :vytask:`T4895` ``(bug): Tag nodes are overwritten when configured by Cloud-Init from User-Data`` -* :vytask:`T4874` ``(default): Add Warning message to Equuleus`` -* :vytask:`T4855` ``(bug): Trying to create more than one tunnel of the same type to the same address causes unhandled exception`` -* :vytask:`T4776` ``(bug): NVME storage is not detected properly during installation`` -* :vytask:`T3546` ``(feature): Add support for running scripts on PPPoE server session events`` -* :vytask:`T738` ``(feature): Add local-port and resolver port options for powerdns in CLI configuration tree`` - - -2023-08-30 -========== - -* :vytask:`T5221` ``(bug): BGP as-override behavior differs from new FRR and other vendors`` -* :vytask:`T4933` ``(default): Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error`` -* :vytask:`T4790` ``(bug): RADIUS login does not work if sum of timeouts more than 50s`` -* :vytask:`T4475` ``(bug): route-map does not support ipv6 peer`` -* :vytask:`T4459` ``(bug): API service with VRF doesn't work in 1.3.1`` -* :vytask:`T4407` ``(bug): Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3`` -* :vytask:`T4113` ``(bug): Incorrect GRUB configuration parsing`` -* :vytask:`T1764` ``(bug): Use lists instead of whitespace-separated strings in vyos.config`` -* :vytask:`T4121` ``(bug): Nameservers from DHCP client cannot be used in specific cases`` -* :vytask:`T4151` ``(feature): IPV6 local PBR Support`` -* :vytask:`T4306` ``(default): Do not check for ditry repository when building release images`` - - -2023-08-29 -========== - -* :vytask:`T3940` ``(bug): DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook`` -* :vytask:`T3713` ``(default): Create a meta-package for user utilities`` -* :vytask:`T3339` ``(bug): Cloud-Init domain search setting not applied`` -* :vytask:`T2640` ``(feature): Running VyOS inside Docker containers`` -* :vytask:`T3577` ``(bug): Generating vpn x509 key pair fails with command not found`` - - -2023-08-28 -========== - -* :vytask:`T4745` ``(bug): CLI TAB issue with values with '-' at the beginning in conf mode`` -* :vytask:`T2611` ``(bug): Prefix list names are shared between ipv4 and ipv6`` -* :vytask:`T2296` ``(default): Upgrade WALinux to 2.2.41`` -* :vytask:`T2123` ``(default): Configure 3 NTP servers`` -* :vytask:`T469` ``(bug): Problem after commit with errors`` - - -2023-08-25 -========== - -* :vytask:`T4412` ``(bug): commit archive: reboot not working with sftp`` -* :vytask:`T3702` ``(feature): Policy: Allow routing by fwmark`` -* :vytask:`T3536` ``(default): Unable to list all available routes`` - - -2023-08-24 -========== - -* :vytask:`T5006` ``(bug): Http api segfault with concurrent requests`` -* :vytask:`T5305` ``(bug): REST API configure operation should not be defined as async`` - - -2023-08-23 -========== - -* :vytask:`T5387` ``(feature): dhcp6c: add a no release option`` - - -2023-08-20 -========== - -* :vytask:`T5470` ``(bug): wlan: can not disable interface if SSID is not configured`` - - -2023-08-17 -========== - -* :vytask:`T5486` ``(bug): Service dns dynamic cannot pass the smoketest`` -* :vytask:`T5223` ``(bug): tunnel key doesn't clear`` - - -2023-08-15 -========== - -* :vytask:`T5273` ``(default): Add op mode commands for displaying certificate details and fingerprints`` -* :vytask:`T5270` ``(default): Make OpenVPN `tls dh-params` optional`` - - -2023-08-10 -========== - -* :vytask:`T5329` ``(bug): Wireguard interface as GRE tunnel source causes configuration error on boot`` - - -2023-07-24 -========== - -* :vytask:`T5354` ``(feature): Add sshguard to protect against brut-forces for 1.3`` - - -2023-07-17 -========== - -* :vytask:`T2051` ``(bug): Throughput anomalies`` - - -2023-07-14 -========== - -* :vytask:`T305` ``(default): loadbalancing does not work with one pppoe connection and another connection of either dhcp or static`` - - -2023-07-13 -========== - -* :vytask:`T3045` ``(bug): Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP)`` -* :vytask:`T971` ``(bug): authentication public-keys options quoting issue`` - - -2023-07-12 -========== - -* :vytask:`T5009` ``(bug): op-mode command: restart dhcp relay-agent not working`` -* :vytask:`T4927` ``(bug): Need to change restart to reload-or-restart in Webproxy module`` -* :vytask:`T3835` ``(bug): vyos router 1.2.7 snmp Dos bug`` -* :vytask:`T4959` ``(feature): Add container registry authentication config for containers`` -* :vytask:`T425` ``(feature): AWS CloudWatch monitoring scripts`` - - -2023-07-11 -========== - -* :vytask:`T4862` ``(bug): webproxy domain-block does not work`` -* :vytask:`T4844` ``(bug): Incorrect permissions of the safeguard DB directory`` -* :vytask:`T4262` ``(bug): install image doesn't respect chosen root partition size`` -* :vytask:`T3810` ``(bug): webproxy squidguard rules don't work properly after rewriting to python.`` -* :vytask:`T1928` ``(bug): Is the 'Welcome to VyOS' message when using SSH an information leak?`` -* :vytask:`T4737` ``(bug): FRRouting/zebra 7.5.1 does not redistribute routes to other protocols`` -* :vytask:`T3852` ``(bug): DHCP client issue - interface has two dhclient processes when link is unpluged and then plug again`` -* :vytask:`T2118` ``(bug): Failure to boot after power outage due to dirty filesystem and no fsck in initramfs`` - - -2023-07-05 -========== - -* :vytask:`T5331` ``(bug): ath10k_pci not functioning`` - - -2023-06-30 -========== - -* :vytask:`T5315` ``(feature): vrrp: add support for version 3`` -* :vytask:`T5313` ``(bug): UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned`` - - -2023-06-26 -========== - -* :vytask:`T5272` ``(default): Upgrade OpenVPN to 2.6 in Equuleus`` -* :vytask:`T5265` ``(bug): WAN load-balancing: missing completion helpers`` - - -2023-06-25 -========== - -* :vytask:`T5240` ``(bug): Service router-advert failed to start radvd with more then 3 name-servers`` - - -2023-06-21 -========== - -* :vytask:`T5280` ``(bug): Update Expired keys (2023-06-08) for PowerDNS`` - - -2023-06-13 -========== - -* :vytask:`T5213` ``(feature): Accel-ppp sending accounting interim updates acct-interim-interval option`` - - -2023-05-29 -========== - -* :vytask:`T5243` ``(bug): Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus`` - - -2023-05-19 -========== - -* :vytask:`T5186` ``(bug): QoS test cannot pass for 1.3`` - - -2023-05-12 -========== - -* :vytask:`T2769` ``(feature): Add VRF support for syslog`` - - -2023-05-08 -========== - -* :vytask:`T5212` ``(bug): snmp community name -error with special carracter`` - - -2023-04-27 -========== - -* :vytask:`T5175` ``(bug): http-api: error in MultiPart parser for FastAPI version >= 0.91.0`` -* :vytask:`T5176` ``(bug): http-api: update vyos-http-api-tools for FastAPI security vulnerability`` - - -2023-04-13 -========== - -* :vytask:`T5152` ``(bug): Telegraf agent hostname isn't qualified`` -* :vytask:`T4727` ``(feature): Add RADIUS rate limit support to PPTP server`` -* :vytask:`T4939` ``(bug): VRRP command no-preempt not work as expected`` -* :vytask:`T3608` ``(default): Standardize warnings from configure scripts`` - - -2023-04-05 -========== - -* :vytask:`T4975` ``(bug): CLI does not work after cutting off the power or reset`` -* :vytask:`T5136` ``(bug): Possible config corruption on upgrade`` - - -2023-04-01 -========== - -* :vytask:`T5047` ``(bug): Recreate only a specific container`` - - -2023-03-31 -========== - -* :vytask:`T5111` ``(bug): pppd-dns.service startup failed`` - - -2023-03-29 -========== - -* :vytask:`T5033` ``(bug): generate-public-key command fails for address with multiple public keys like GitHub`` -* :vytask:`T5097` ``(bug): the operational command "show interfaces ethernet ethx" doesn't reflect a call to 'clear counters'`` - - -2023-03-21 -========== - -* :vytask:`T5098` ``(feature): PPPoE client holdoff configuration`` - - -2023-03-19 -========== - -* :vytask:`T4925` ``(feature): Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2`` - - -2023-03-16 -========== - -* :vytask:`T3083` ``(feature): Add feature event-handler`` -* :vytask:`T2516` ``(bug): vyos-container: cannot configure ethernet interface`` - - -2023-03-09 -========== - -* :vytask:`T5066` ``(bug): Different GRE tunnel but same tunnel keys error`` - - -2023-03-08 -========== - -* :vytask:`T4381` ``(default): OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command`` -* :vytask:`T4872` ``(bug): Op-mode show openvpn misses a case when parsing for tunnel IP`` - - -2023-03-07 -========== - -* :vytask:`T2838` ``(bug): Ethernet device names changing, multiple hw-id being added`` -* :vytask:`T2649` ``(default): Ensure configration mode scripts conform to coding guidelines`` -* :vytask:`T4900` ``(default): Cache intermediary results of get_config_diff in Config instance`` - - -2023-03-03 -========== - -* :vytask:`T4625` ``(enhancment): Update ocserv to current revision (1.1.6)`` - - -2023-02-28 -========== - -* :vytask:`T4955` ``(bug): Openconnect radiusclient.conf generating with extra authserver`` -* :vytask:`T4219` ``(feature): support incoming-interface (iif) in local PBR`` - - -2023-02-25 -========== - -* :vytask:`T5008` ``(bug): MACsec CKN of 32 chars is not allowed in CLI, but works fine`` -* :vytask:`T5007` ``(bug): Interface multicast setting is invalid`` -* :vytask:`T5017` ``(bug): Bug with validator interface-name`` -* :vytask:`T4992` ``(bug): Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set`` -* :vytask:`T4978` ``(bug): KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536`` -* :vytask:`T4948` ``(feature): pppoe: add CLI option to allow definition of host-uniq flag`` - - -2023-02-22 -========== - -* :vytask:`T5011` ``(bug): Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped`` - - -2023-02-18 -========== - -* :vytask:`T4743` ``(feature): Enable IPv6 address for Dynamic DNS`` - - -2023-02-16 -========== - -* :vytask:`T4971` ``(feature): Radius attribute "Framed-Pool" for PPPoE`` - - -2023-02-15 -========== - -* :vytask:`T4993` ``(bug): Can't delete conntrack ignore rule`` - - -2023-02-14 -========== - -* :vytask:`T4999` ``(feature): vyos.util backport dict_search_recursive`` -* :vytask:`T1993` ``(feature): Extended pppoe rate-limiter`` - - -2023-02-13 -========== - -* :vytask:`T4153` ``(bug): Monitor bandwidth-test initiate not working`` - - -2023-02-11 -========== - -* :vytask:`T2603` ``(feature): pppoe-server: reduce min MTU`` - - -2023-02-08 -========== - -* :vytask:`T1288` ``(feature): FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)`` - - -2023-02-07 -========== - -* :vytask:`T4117` ``(bug): Does not possible to configure PoD/CoA for L2TP vpn`` - - -2023-02-01 -========== - -* :vytask:`T4970` ``(default): pin OCaml pcre package to avoid JIT support`` - - -2023-01-30 -========== - -* :vytask:`T4954` ``(bug): DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init`` - - -2023-01-24 -========== - -* :vytask:`T4949` ``(feature): Backport "monitor log" and "show log" op-mode definitions from current to equuleus`` -* :vytask:`T4947` ``(feature): Support mounting container volumes as ro or rw`` - - -2023-01-23 -========== - -* :vytask:`T4798` ``(default): Migrate the file-exists validator away from Python`` -* :vytask:`T4683` ``(enhancment): Add kitty-terminfo package to build`` -* :vytask:`T4875` ``(default): Replace Python validator 'interface-name' to avoid Python startup cost`` -* :vytask:`T4664` ``(bug): Add validation to reject whitespace in tag node value names`` - - -2023-01-22 -========== - -* :vytask:`T4906` ``(bug): ipsec connections shows only one connection as up`` - - -2023-01-21 -========== - -* :vytask:`T4896` ``(bug): ospfv3: Fix broken not-advertise option`` -* :vytask:`T4799` ``(bug): PowerDNS >= 4.7 does not get reloaded by vyos-hostsd`` - - -2023-01-17 -========== - -* :vytask:`T4902` ``(bug): snmpd: exclude container storage from monitoring`` - - -2023-01-15 -========== - -* :vytask:`T4832` ``(feature): dhcp: Add IPv6-only dhcp option support (RFC 8925)`` -* :vytask:`T4918` ``(bug): Odd show interface behavior`` - - -2023-01-09 -========== - -* :vytask:`T4922` ``(feature): Add ssh-client source-interface CLI option`` - - -2023-01-07 -========== - -* :vytask:`T4884` ``(bug): Missing a community6 in snmpd config`` - - -2023-01-05 -========== - -* :vytask:`T3937` ``(default): Rewrite "show system memory" in Python to make it usable as a library function`` - - -2023-01-03 -========== - -* :vytask:`T4869` ``(bug): A network with `/32` or `/128` mask cannot be removed from a network-group`` - - -2022-12-31 -========== - -* :vytask:`T4898` ``(feature): Add mtu config option for dummy interfaces`` - - -2022-12-26 -========== - -* :vytask:`T4511` ``(bug): IPv6 DNS lookup`` -* :vytask:`T4809` ``(feature): radvd: Allow use of AdvRASrcAddress`` - - -2022-12-18 -========== - -* :vytask:`T4709` ``(bug): TCP MSS clamping broken in equuleus`` - - -2022-12-15 -========== - -* :vytask:`T4671` ``(bug): linux-firmware package is missing symlinks defined in WHENCE file`` - - -2022-12-04 -========== - -* :vytask:`T4825` ``(feature): interfaces veth/veth-pairs -standalone used`` - - -2022-12-02 -========== - -* :vytask:`T4122` ``(bug): interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)`` -* :vytask:`T1024` ``(feature): Policy Based Routing by DSCP`` - - -2022-11-23 -========== - -* :vytask:`T4793` ``(feature): Create warning message about disable-route-autoinstall when ipsec vti is used`` - - -2022-11-21 -========== - -* :vytask:`T4812` ``(feature): IPsec ability to show all configured connections`` - - -2022-11-06 -========== - -* :vytask:`T2913` ``(bug): Failure to install fpm while building builder docker image`` - - -2022-11-04 -========== - -* :vytask:`T2417` ``(feature): Python validator cleanup`` - - -2022-11-01 -========== - -* :vytask:`T4177` ``(bug): Strip-private doesn't work for service monitoring`` - - -2022-10-31 -========== - -* :vytask:`T1875` ``(feature): Add the ability to use network address as BGP neighbor (bgp listen range)`` -* :vytask:`T4785` ``(feature): snmp: Allow !, @, * and # in community name`` - - -2022-10-21 -========== - -* :vytask:`T2189` ``(bug): Adding a large port-range will take ~ 20 minutes to commit`` - - -2022-10-18 -========== - -* :vytask:`T4533` ``(bug): Radius clients don’t have simple permissions`` - - -2022-10-13 -========== - -* :vytask:`T4312` ``(bug): Telegraf configuration doesn't accept IPs for URL`` - - -2022-10-12 -========== - -* :vytask:`T4730` ``(bug): Conntrack-sync error - listen-address is not the correct type in config as it should be`` - - -2022-10-11 -========== - -* :vytask:`T4680` ``(bug): Telegraf prometheus-client listen-address invalid format`` - - -2022-10-04 -========== - -* :vytask:`T4702` ``(bug): Wireguard peers configuration is not synchronized with CLI`` -* :vytask:`T4652` ``(feature): Upgrade PowerDNS recursor to 4.7 series`` -* :vytask:`T4648` ``(default): PPPoE: Ignore default router from RA when PPPoE default-route is set to none`` -* :vytask:`T4582` ``(default): Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs`` - - -2022-09-17 -========== - -* :vytask:`T4666` ``(bug): EAP-TLS no longer allows TLSv1.0 after T4537, T4584`` - - -2022-09-15 -========== - -* :vytask:`T4679` ``(bug): OpenVPN site-to-site incorrect check for IPv6 local and remote address`` -* :vytask:`T4630` ``(bug): Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time`` - - -2022-09-12 -========== - -* :vytask:`T4647` ``(feature): Add Google Virtual NIC (gVNIC) support`` - - -2022-09-05 -========== - -* :vytask:`T4668` ``(bug): Adding/removing members from bond doesn't work/results in incorrect interface state`` -* :vytask:`T4628` ``(bug): ConfigTree() throws ValueError() if tagNode contains whitespaces`` - - -2022-08-29 -========== - -* :vytask:`T4653` ``(bug): Interface offload options are not applied correctly`` -* :vytask:`T4061` ``(default): Add util function to check for completion of boot config`` -* :vytask:`T4654` ``(bug): RPKI cache incorrect description`` -* :vytask:`T4572` ``(bug): Add an option to force interface MTU to the value received from DHCP`` - - -2022-08-26 -========== - -* :vytask:`T4642` ``(bug): proxy: hyphen not allowed in proxy URL`` - - -2022-08-23 -========== - -* :vytask:`T4618` ``(bug): Traffic policy not set on virtual interfaces`` -* :vytask:`T4538` ``(bug): Macsec does not work correctly when the interface status changes.`` - - -2022-08-22 -========== - -* :vytask:`T4629` ``(bug): Raised ConfigErrors contain dict instead of only the dict key`` -* :vytask:`T4632` ``(bug): VLAN-aware bridge not working`` - - -2022-08-19 -========== - -* :vytask:`T4616` ``(bug): openconnect: KeyError: 'local_users'`` -* :vytask:`T4614` ``(feature): OpenConnect split-dns directive`` - - -2022-08-16 -========== - -* :vytask:`T4592` ``(bug): macsec: can not create two interfaces using the same source-interface`` -* :vytask:`T4584` ``(bug): hostap: create custom package build`` -* :vytask:`T4537` ``(bug): MACsec not working with cipher gcm-aes-256`` - - -2022-08-15 -========== - -* :vytask:`T4565` ``(bug): vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249`` -* :vytask:`T4206` ``(bug): Policy Based Routing with DHCP Interface Issue`` -* :vytask:`T2763` ``(feature): New SNMP resource request - SNMP over TCP`` - - -2022-08-14 -========== - -* :vytask:`T4579` ``(bug): bridge: can not delete member interface CLI option when VLAN is enabled`` -* :vytask:`T4421` ``(default): Add support for floating point numbers in the numeric validator`` -* :vytask:`T4415` ``(bug): Include license/copyright files in the image but remove user documentation from /usr/share/doc to reduce its size`` -* :vytask:`T4313` ``(bug): "generate public-key-command" throws unhandled exceptions when it cannot retrieve the key`` -* :vytask:`T4082` ``(bug): Add op mode command to restart ldpd`` -* :vytask:`T3714` ``(bug): Some sysctl custom parameters disappear after reboot`` -* :vytask:`T4260` ``(bug): Extend vyos.configdict.node_changed() to support recursiveness`` -* :vytask:`T3785` ``(default): Add unicode support to configtree backend`` -* :vytask:`T3507` ``(bug): Bond with mode LACP show u/u in show interfaces even if peer is not configured`` - - -2022-08-11 -========== - -* :vytask:`T4476` ``(default): Next steps after installation is not communicated properly to new users`` - - -2022-08-02 -========== - -* :vytask:`T4515` ``(default): Reduce telegraf binary size`` - - -2022-07-30 -========== - -* :vytask:`T4575` ``(feature): vyos.utill add new wrapper "rc_cmd" to get the return code and output`` -* :vytask:`T4532` ``(bug): Flow-accounting IPv6 server/receiver bug`` - - -2022-07-27 -========== - -* :vytask:`T4571` ``(bug): Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces`` - - -2022-07-18 -========== - -* :vytask:`T4228` ``(bug): bond: OS error thrown when two bonds use the same member`` -* :vytask:`T4534` ``(bug): bond: bridge: error out if member interface is assigned to a VRF instance`` -* :vytask:`T4525` ``(bug): Delete interface from VRF and add it to bonding error`` -* :vytask:`T4522` ``(feature): bond: add ability to specify mii monitor interval via CLI`` -* :vytask:`T4521` ``(bug): bond: ARP monitor interval is not configured despite set via CLI`` - - -2022-07-14 -========== - -* :vytask:`T4491` ``(bug): Use empty string for internal name of root node of config_tree`` - - -2022-07-13 -========== - -* :vytask:`T1375` ``(feature): Add clear dhcp server lease function`` - - -2022-07-12 -========== - -* :vytask:`T4527` ``(bug): Prevent to create VRF name default`` -* :vytask:`T4084` ``(default): Dehardcode the default login banner`` -* :vytask:`T3864` ``(enhancment): Add Edgecore build to VyOS 1.3 Equuleus`` - - -2022-07-09 -========== - -* :vytask:`T4507` ``(feature): IPoE-server add multiplier option for shaper`` -* :vytask:`T4468` ``(bug): web-proxy source group cannot start with a number bug`` -* :vytask:`T4373` ``(feature): PPPoE-server add multiplier option for shaper`` - - -2022-07-07 -========== - -* :vytask:`T4456` ``(bug): NTP client in VRF tries to bind to interfaces outside VRF, logs many messages`` -* :vytask:`T4509` ``(feature): Feature Request: DNS64`` - - -2022-07-06 -========== - -* :vytask:`T4513` ``(bug): Webproxy monitor commands do not work`` - - -2022-07-05 -========== - -* :vytask:`T4510` ``(bug): set system static-host-mapping doesn't allow IPv4 and IPv6 for same name.`` -* :vytask:`T2654` ``(bug): Multiple names unable to be assigned to the same static mapping`` -* :vytask:`T2683` ``(default): no dual stack in system static-host-mapping host-name`` - - -2022-07-01 -========== - -* :vytask:`T4489` ``(bug): MPLS sysctl not persistent for tunnel interfaces`` - - -2022-06-20 -========== - -* :vytask:`T1856` ``(feature): Support configuring IPSec SA bytes`` - - -2022-06-16 -========== - -* :vytask:`T3866` ``(bug): Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax`` - - -2022-06-15 -========== - -* :vytask:`T1890` ``(feature): Metatask: rewrite flow-accounting to XML and Python`` - - -2022-06-09 -========== - -* :vytask:`T2580` ``(feature): Support for ip pools for ippoe`` - - -2022-06-08 -========== - -* :vytask:`T4447` ``(bug): DHCPv6 prefix delegation `sla-id` limited to 128`` -* :vytask:`T4350` ``(bug): DMVPN opennhrp spokes dont work behind NAT`` - - -2022-05-30 -========== - -* :vytask:`T4315` ``(feature): Telegraf - Output to prometheus`` - - -2022-05-27 -========== - -* :vytask:`T4441` ``(bug): wwan: connection not possible after a change added after 1.3.1-S1 release`` - - -2022-05-26 -========== - -* :vytask:`T4442` ``(feature): HTTP API add action "reset"`` - - -2022-05-25 -========== - -* :vytask:`T2194` ``(default): "show firewall" garbled output`` - - -2022-05-19 -========== - -* :vytask:`T4430` ``(bug): Show firewall output with visual shift default rule`` - - -2022-05-16 -========== - -* :vytask:`T4377` ``(default): generate tech-support archive includes previous archives`` - - -2022-05-12 -========== - -* :vytask:`T4100` ``(feature): Firewall increase maximum number of rules`` - - -2022-05-11 -========== - -* :vytask:`T4405` ``(bug): DHCP client sometimes ignores `no-default-route` option of an interface`` - - -2022-05-10 -========== - -* :vytask:`T1972` ``(feature): Allow setting interface name for virtual_ipaddress in VRRP VRID`` - - -2022-05-07 -========== - -* :vytask:`T4361` ``(bug): `vyos.config.exists()` does not work for nodes with multiple values`` -* :vytask:`T4354` ``(bug): Slave interfaces fall out from bonding during configuration change`` - - -2022-05-03 -========== - -* :vytask:`T4395` ``(feature): Extend show vpn debug`` - - -2022-05-01 -========== - -* :vytask:`T4369` ``(bug): OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node`` -* :vytask:`T4363` ``(bug): salt-minion: default mine_interval option is not set`` - - -2022-04-29 -========== - -* :vytask:`T4388` ``(bug): dhcp-server: missing constraint on tftp-server-name option`` -* :vytask:`T4366` ``(bug): geneve: interface is removed on changes to e.g. description`` - - -2022-04-26 -========== - -* :vytask:`T4235` ``(default): Add config tree diff algorithm`` - - -2022-04-19 -========== - -* :vytask:`T4344` ``(bug): DHCP statistics not matching, conf-mode generates incorrect pool name with dash`` -* :vytask:`T4268` ``(bug): Elevated LA while using VyOS monitoring feature`` - - -2022-04-08 -========== - -* :vytask:`T4331` ``(bug): IPv6 link local addresses are not configured when an interface is in a VRF`` -* :vytask:`T4339` ``(bug): wwan: tab-completion results in "No such file or directory" if there is no WWAN interface`` -* :vytask:`T4338` ``(bug): wwan: changing interface description should not trigger reconnect`` -* :vytask:`T4324` ``(bug): wwan: check alive script should only be run via cron if a wwan interface is configured at all`` - - -2022-04-07 -========== - -* :vytask:`T4330` ``(bug): MTU settings cannot be applied when IPv6 is disabled`` -* :vytask:`T4346` ``(feature): Deprecate "system ipv6 disable" option to disable address family within OS kernel`` -* :vytask:`T4337` ``(bug): isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError`` -* :vytask:`T4319` ``(bug): The command "set system ipv6 disable" doesn't work as expected.`` -* :vytask:`T4341` ``(feature): login: disable user-account prior to deletion and wait until deletion is complete`` -* :vytask:`T4336` ``(feature): isis: add support for MD5 authentication password on a circuit`` - - -2022-04-06 -========== - -* :vytask:`T4308` ``(feature): Op-comm "Show log frr" to view specific protocol logs`` - - -2022-03-29 -========== - -* :vytask:`T3686` ``(bug): Bridging OpenVPN tap with no local-address breaks`` - - -2022-03-24 -========== - -* :vytask:`T4294` ``(bug): Adding a new openvpn-option does not restart the OpenVPN process`` -* :vytask:`T4230` ``(bug): OpenVPN server configuration deleted after reboot when using a VRRP virtual-address`` - - -2022-03-21 -========== - -* :vytask:`T4311` ``(bug): CVE-2021-4034: local privilege escalation in PolKit`` -* :vytask:`T4310` ``(bug): CVE-2022-0778: infinite loop in OpenSSL certificate parsing`` - - -2022-03-12 -========== - -* :vytask:`T4296` ``(bug): Interface config injected by Cloud-Init may interfere with VyOS native`` -* :vytask:`T4002` ``(default): firewall group network-group long names restriction incorrect behavior`` - - -2022-03-11 -========== - -* :vytask:`T4297` ``(bug): Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings`` - - -2022-03-05 -========== - -* :vytask:`T4259` ``(bug): The conntrackd daemon can be started wrongly`` - - -2022-02-28 -========== - -* :vytask:`T4273` ``(bug): ssh: Upgrade from 1.2.X to 1.3.0 breaks config`` -* :vytask:`T4115` ``(bug): reboot in <x> not working as expected`` - - -2022-02-24 -========== - -* :vytask:`T4267` ``(bug): Error - Missing required "ip key" parameter`` - - -2022-02-23 -========== - -* :vytask:`T4264` ``(bug): vxlan: interface is destroyed and rebuild on description change`` -* :vytask:`T4263` ``(bug): vyos.util.leaf_node_changed() dos not honor valueLess nodes`` - - -2022-02-21 -========== - -* :vytask:`T4120` ``(feature): [VXLAN] add ability to set multiple unicast-remotes`` - - -2022-02-20 -========== - -* :vytask:`T4261` ``(feature): MACsec: add DHCP client support`` -* :vytask:`T4203` ``(bug): Reconfigure DHCP client interface causes brief outages`` - - -2022-02-19 -========== - -* :vytask:`T4258` ``(bug): [DHCP-SERVER] error parameter on Failover`` - - -2022-02-17 -========== - -* :vytask:`T4241` ``(bug): ocserv openconnect looks broken in recent bulds of 1.3 Equuleus`` -* :vytask:`T4255` ``(bug): Unexpected print of dict bridge on delete`` -* :vytask:`T4240` ``(bug): Cannot add wlan0 to bridge via configure`` -* :vytask:`T4154` ``(bug): Error add second gre tunnel with the same source interface`` - - -2022-02-16 -========== - -* :vytask:`T4237` ``(bug): Conntrack-sync error - error adding listen-address command`` - - -2022-02-15 -========== - -* :vytask:`T4201` ``(bug): Firewall - ICMPv6 matches not working as expected on 1.3.0`` -* :vytask:`T3006` ``(bug): Accel-PPP & vlan-mon config get invalid VLAN`` -* :vytask:`T3494` ``(bug): DHCPv6 leases traceback when PD using`` - - -2022-02-13 -========== - -* :vytask:`T4242` ``(bug): ethernet speed/duplex can never be switched back to auto/auto`` -* :vytask:`T4191` ``(bug): Lost access to host after VRF re-creating`` - - -2022-02-11 -========== - -* :vytask:`T3872` ``(feature): Add configurable telegraf monitoring service`` -* :vytask:`T4234` ``(bug): Show firewall partly broken in 1.3.x`` - - -2022-02-10 -========== - -* :vytask:`T4165` ``(bug): Custom conntrack rules cannot be deleted`` - - -2022-02-08 -========== - -* :vytask:`T4227` ``(bug): Typo in help completion of hello-time option of bridge interface`` - - -2022-02-07 -========== - -* :vytask:`T4233` ``(bug): ssh: sync regex for allow/deny usernames to "system login"`` -* :vytask:`T4087` ``(feature): IPsec IKE-group proposals limit of 10 pieces`` - - -2022-02-05 -========== - -* :vytask:`T4226` ``(bug): VRRP transition-script does not work for groups name which contains -(minus) sign`` - - -2022-02-04 -========== - -* :vytask:`T4196` ``(bug): DHCP server client-prefix-length parameter results in non-functional leases`` - - -2022-02-03 -========== - -* :vytask:`T3643` ``(bug): show vpn ipsec sa doesn't show tunnels in "down" state`` - - -2022-02-01 -========== - -* :vytask:`T4198` ``(bug): Error shown on commit`` - - -2022-01-28 -========== - -* :vytask:`T4184` ``(bug): NTP allow-clients address doesn't work it allows to use ntp server for all addresses`` - - -2022-01-24 -========== - -* :vytask:`T4204` ``(feature): Update Accel-PPP to a newer revision`` - - -2022-01-17 -========== - -* :vytask:`T3164` ``(bug): console-server ssh does not work with RADIUS PAM auth`` - - -2022-01-15 -========== - -* :vytask:`T4183` ``(feature): IPv6 link-local address not accepted as wireguard peer`` -* :vytask:`T4110` ``(feature): [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0`` - - -2022-01-12 -========== - -* :vytask:`T4168` ``(bug): IPsec VPN is impossible to restart when DMVPN is configured`` -* :vytask:`T4167` ``(bug): DMVPN apply wrong param on the first configuration`` -* :vytask:`T4152` ``(bug): NHRP shortcut-target holding-time does not work`` - - -2022-01-10 -========== - -* :vytask:`T3299` ``(bug): Allow the web proxy service to listen on all IP addresses`` -* :vytask:`T3115` ``(feature): Add support for firewall on L3 VIF bridge interface`` - - -2022-01-09 -========== - -* :vytask:`T3822` ``(bug): OpenVPN processes do not have permission to read key files generated with `run generate openvpn key``` -* :vytask:`T4142` ``(bug): Input ifbX interfaces not displayed in op-mode`` -* :vytask:`T3914` ``(bug): VRRP rfc3768-compatibility doesn't work with unicast peers`` - - -2022-01-07 -========== - -* :vytask:`T3924` ``(bug): VRRP stops working with VRF`` - - -2022-01-06 -========== - -* :vytask:`T4141` ``(bug): Set high-availability vrrp sync-group without members error`` - - -2022-01-03 -========== - -* :vytask:`T4065` ``(bug): IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory`` -* :vytask:`T4052` ``(bug): Validator return traceback on VRRP configuration with the script path not in config dir`` -* :vytask:`T4128` ``(bug): keepalived: Upgrade package to add VRF support`` - - -2021-12-31 -========== - -* :vytask:`T4081` ``(bug): VRRP health-check script stops working when setting up a sync group`` - - -2021-12-29 -========== - -* :vytask:`T2922` ``(bug): The `vpn ipsec logging log-modes` miss the IPSec daemons state check`` -* :vytask:`T2695` ``(bug): Flow-accounting bug with subinterfaces`` -* :vytask:`T2400` ``(default): OpenVPN: dont restart server if no need`` -* :vytask:`T4086` ``(default): system login banner is not removed on deletion.`` - - -2021-12-28 -========== - -* :vytask:`T3380` ``(bug): "show vpn ike sa" does not display IPv6 peers`` -* :vytask:`T2933` ``(feature): VRRP add option virtual_ipaddress_excluded`` - - -2021-12-27 -========== - -* :vytask:`T2566` ``(bug): sstp not able to run tunnels ipv6 only`` -* :vytask:`T4093` ``(bug): SNMPv3 snmpd.conf generation bug`` -* :vytask:`T2764` ``(enhancment): Increase maximum number of NAT rules`` - - -2021-12-26 -========== - -* :vytask:`T4104` ``(bug): RAID1: "add raid md0 member sda1" does not restore boot sector`` - - -2021-12-25 -========== - -* :vytask:`T4101` ``(bug): commit-archive: Use of uninitialized value $source_address in concatenation`` -* :vytask:`T4055` ``(feature): Add VRF support for HTTP(S) API service`` - - -2021-12-24 -========== - -* :vytask:`T3854` ``(bug): Missing op-mode commands for conntrack-sync`` - - -2021-12-23 -========== - -* :vytask:`T4092` ``(bug): IKEv2 mobike commit failed with DMVPN nhrp`` -* :vytask:`T3354` ``(default): Convert strip-private script from Perl to Python`` - - -2021-12-22 -========== - -* :vytask:`T3356` ``(feature): Script for remote file transfers`` - - -2021-12-21 -========== - -* :vytask:`T4053` ``(bug): VRRP impossible to set scripts out of the /config directory`` -* :vytask:`T4013` ``(bug): Add pkg cloudwatch for AWS images`` -* :vytask:`T3913` ``(bug): VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2`` - - -2021-12-20 -========== - -* :vytask:`T4088` ``(default): Fix typo in login banner`` - - -2021-12-19 -========== - -* :vytask:`T3912` ``(default): Use a more informative default post-login banner`` - - -2021-12-17 -========== - -* :vytask:`T3176` ``(bug): Ordering of ports on EdgeCore SAF51015I is mixed up?`` -* :vytask:`T4059` ``(bug): VRRP sync-group transition script does not persist after reboot`` - - -2021-12-16 -========== - -* :vytask:`T4046` ``(feature): Sflow - Add Source address parameter`` -* :vytask:`T2615` ``(default): Provide an explicit option for server fingerprint in commit archive, and make insecure the default`` -* :vytask:`T4076` ``(enhancment): Allow setting CORS options in HTTP API`` -* :vytask:`T3378` ``(bug): commit-archive source-address broken for IPv6 addresses`` - - -2021-12-15 -========== - -* :vytask:`T4077` ``(bug): op-mode: bfd: drop "show protocols bfd" in favour of "show bfd"`` -* :vytask:`T4073` ``(bug): "show protocols bfd peer <>" shows incorrect peer information.`` - - -2021-12-14 -========== - -* :vytask:`T4071` ``(feature): Allow HTTP API to bind to unix domain socket`` - - -2021-12-12 -========== - -* :vytask:`T4036` ``(bug): VXLAN incorrect raiseError if set multicast network instead of singe address`` - - -2021-12-10 -========== - -* :vytask:`T4068` ``(feature): Python: ConfigError should insert line breaks into the error message`` - - -2021-12-09 -========== - -* :vytask:`T4033` ``(bug): VRRP - Error security when setting scripts`` -* :vytask:`T4064` ``(bug): IP address for vif is not removed from the system when deleted in configuration`` -* :vytask:`T4063` ``(bug): VRRP log error - /usr/libexec/vyos/vyos-vrrp-conntracksync.sh - No such file or directory`` -* :vytask:`T4060` ``(enhancment): Extend configquery for use before boot configuration is complete`` - - -2021-12-08 -========== - -* :vytask:`T4024` ``(bug): Access-lists and prefix-lists disappear when setting ldp hello-ipv4-interval`` - - -2021-12-07 -========== - -* :vytask:`T4041` ``(servicerequest): "transition-script" doesn't work on "sync-group"`` - - -2021-12-06 -========== - -* :vytask:`T4012` ``(feature): Add VRF support for TFTP`` - - -2021-12-05 -========== - -* :vytask:`T4034` ``(bug): "make xcp-ng-iso" still includes vyos-xe-guest-utilities`` -* :vytask:`T2076` ``(feature): RAID install: sfdisk change-id is deprecated in favor of --part-type`` -* :vytask:`T1126` ``(bug): Reusing a RAID from a BIOS install in an EFI install causes a failure to boot`` - - -2021-12-04 -========== - -* :vytask:`T4049` ``(feature): support command-style output with compare command`` -* :vytask:`T4047` ``(bug): Wrong regex validation in XML definitions`` -* :vytask:`T4045` ``(bug): Unable to "format disk <new> like <old>"`` - - -2021-12-02 -========== - -* :vytask:`T4035` ``(bug): Geneve interfaces aren't displayed by operational mode commands`` - - -2021-12-01 -========== - -* :vytask:`T3695` ``(bug): OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues`` - - -2021-11-30 -========== - -* :vytask:`T3725` ``(feature): show configuration in json format`` - - -2021-11-29 -========== - -* :vytask:`T2661` ``(bug): SSTP wrong certificates check`` -* :vytask:`T3946` ``(enhancment): Automatically resize the root partition if the drive has extra space`` - - -2021-11-28 -========== - -* :vytask:`T3999` ``(bug): show lldp neighbor Traceback error`` - - -2021-11-26 -========== - -* :vytask:`T4019` ``(bug): Smoketests for SSTP and openconnect fails`` - - -2021-11-25 -========== - -* :vytask:`T4005` ``(feature): Feature Request: IPsec IKEv1 + IKEv2 for one peer`` - - -2021-11-24 -========== - -* :vytask:`T4015` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T1083` ``(feature): Implement persistent/random address and port mapping options for NAT rules`` - - -2021-11-23 -========== - -* :vytask:`T3990` ``(bug): WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)`` - - -2021-11-20 -========== - -* :vytask:`T4004` ``(bug): IPsec ike-group parameters are not saved correctly (after reboot)`` - - -2021-11-19 -========== - -* :vytask:`T4003` ``(bug): API for "show interfaces ethernet" does not include the interface description`` -* :vytask:`T4011` ``(bug): ethernet: deleting interface should place interface in admin down state`` - - -2021-11-18 -========== - -* :vytask:`T3995` ``(feature): OpenVPN: do not stop/start service on configuration change`` -* :vytask:`T4008` ``(feature): dhcp: change client retry interval form 300 -> 60 seconds`` -* :vytask:`T3795` ``(bug): WWAN: issues with non connected interface / no signal`` - - -2021-11-17 -========== - -* :vytask:`T3350` ``(bug): OpenVPN config file generation broken`` -* :vytask:`T3996` ``(bug): SNMP service error in log`` - - -2021-11-15 -========== - -* :vytask:`T3934` ``(bug): Openconnect VPN broken: ocserv-worker general protection fault on client connect`` -* :vytask:`T3724` ``(feature): Allow setting host-name in l2tp section of accel-ppp`` - - -2021-11-14 -========== - -* :vytask:`T3974` ``(bug): route-map commit fails if interface does not exist`` - - -2021-11-11 -========== - -* :vytask:`T1349` ``(bug): L2TP remote-access vpn terminated and not showing as connected`` -* :vytask:`T1058` ``(default): hw-id is ignored when naming interfaces`` -* :vytask:`T914` ``(feature): Extend list_interfaces.py to support multiple interface types`` -* :vytask:`T688` ``(enhancment): Move component versions used for config migration purposes into vyos-1x`` - - -2021-11-10 -========== - -* :vytask:`T3982` ``(bug): DHCP server commit fails if static-mapping contains + or .`` - - -2021-11-09 -========== - -* :vytask:`T3962` ``(bug): Image cannot be built without open-vm-tools`` -* :vytask:`T2088` ``(bug): Increased boot time from 1.2.4 -> 1.3 rolling by 100%`` -* :vytask:`T2136` ``(bug): XML command definition convertor doesn't disallow tag nodes with multi flag on`` - - -2021-11-07 -========== - -* :vytask:`T2874` ``(feature): Add MTU and TCP-MSS discovery tool`` -* :vytask:`T3626` ``(bug): Configuring and disabling DHCP Server`` - - -2021-11-06 -========== - -* :vytask:`T3971` ``(feature): Ability to build ISO images for XCP-NG hypervisor`` -* :vytask:`T3514` ``(bug): NIC flap at any interface change`` - - -2021-11-05 -========== - -* :vytask:`T3972` ``(bug): Removing vif-c interface raises KeyError`` - - -2021-11-04 -========== - -* :vytask:`T3964` ``(bug): SSTP: local-user static-ip CLI node accepts invalid IPv4 addresses`` - - -2021-11-03 -========== - -* :vytask:`T3610` ``(bug): DHCP-Server creation for not primary IP address fails`` - - -2021-11-01 -========== - -* :vytask:`T3846` ``(bug): dmvpn configuration not reapllied after "restart vpn"`` -* :vytask:`T3956` ``(bug): GRE tunnel - unable to move from source-interface to source-address, commit error`` - - -2021-10-31 -========== - -* :vytask:`T3945` ``(feature): Add route-map for bgp aggregate-address`` -* :vytask:`T3341` ``(bug): Wrong behavior of the "reset vpn ipsec-peer XXX tunnel XXX" command`` -* :vytask:`T3954` ``(bug): FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error`` -* :vytask:`T3943` ``(bug): "netflow source-ip" prevents image upgrades if IP address does not exist locally`` - - -2021-10-29 -========== - -* :vytask:`T3942` ``(feature): Generate IPSec debug archive from op-mode`` - - -2021-10-28 -========== - -* :vytask:`T3941` ``(bug): "show vpn ipsec sa" shows established time of parent SA not child SA's`` - - -2021-10-27 -========== - -* :vytask:`T3944` ``(bug): VRRP fails over when adding new group to master`` - - -2021-10-25 -========== - -* :vytask:`T3935` ``(bug): Update from rc5 to EPA2 failed`` - - -2021-10-22 -========== - -* :vytask:`T3188` ``(bug): Tunnel local-ip to dhcp-interface Change Fails to Update`` - - -2021-10-21 -========== - -* :vytask:`T3920` ``(bug): dhclient exit hook script 01-vyos-cleanup causes too many arguments error`` -* :vytask:`T3926` ``(bug): strip-private does not sanitize "cisco-authentication" from NHRP configuration`` -* :vytask:`T3925` ``(feature): Tunnel: dhcp-interface not implemented - use source-interface instead`` -* :vytask:`T3927` ``(feature): Kernel: Enable kernel support for HW offload of the TLS protocol`` - - -2021-10-20 -========== - -* :vytask:`T3922` ``(bug): NHRP: delete fails`` -* :vytask:`T3918` ``(bug): DHCPv6 prefix delegation incorrect verify error`` -* :vytask:`T3921` ``(bug): tunnel: KeyError when using dhcp-interface`` - - -2021-10-19 -========== - -* :vytask:`T3396` ``(bug): syslog can't be configured with an ipv6 literal destination in 1.2.x`` -* :vytask:`T690` ``(feature): Allow OpenVPN servers to push routes with custom metric values`` - - -2021-10-17 -========== - -* :vytask:`T3786` ``(bug): GRE tunnel source address 0.0.0.0 error`` -* :vytask:`T3425` ``(bug): Scripts from the /config/scripts/ folder do not run on live system`` -* :vytask:`T3217` ``(default): Save FRR configuration on each commit`` -* :vytask:`T3076` ``(bug): Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration`` -* :vytask:`T2800` ``(bug): Pseudo-Ethernet: source-interface must not be member of a bridge`` -* :vytask:`T3422` ``(bug): Dynamic DNS doesn't allow zone field with cloudflare protocol`` -* :vytask:`T3381` ``(bug): Change GRE tunnel failed`` -* :vytask:`T3254` ``(bug): Dynamic DNS status shows incorrect last update time`` -* :vytask:`T3253` ``(bug): rpki: multiple peers cannot be configured`` -* :vytask:`T3219` ``(default): Typo in openvpn server client config for IPv6 iroute`` -* :vytask:`T2100` ``(feature): BGP route adverisement wih checks rib`` -* :vytask:`T1663` ``(enhancment): T1656 equuleus: buster: arm64/aarch64: ipaddrcheck does not complete testing`` -* :vytask:`T1243` ``(bug): BGP local-as accept wrong values`` -* :vytask:`T770` ``(bug): Bonded interfaces get updated with incorrect hw-id in config.`` -* :vytask:`T697` ``(bug): Clean up and sanitize package dependencies`` -* :vytask:`T3837` ``(default): OpenConnect: Fix typo in help property`` -* :vytask:`T1440` ``(bug): Creating two DHCPv6 shared-network-names with the same subnet is allowed, causes dhcpd to fail to start.`` -* :vytask:`T578` ``(feature): Support Linux Container`` - - -2021-10-16 -========== - -* :vytask:`T3879` ``(bug): GPG key verification fails when upgrading from a 1.3 beta version`` -* :vytask:`T3851` ``(bug): Missing ospf and rip options for bridge vifs`` - - -2021-10-13 -========== - -* :vytask:`T3904` ``(bug): NTP pool associations silently fail`` -* :vytask:`T3277` ``(feature): DNS Forwarding - reverse zones`` - - -2021-10-11 -========== - -* :vytask:`T2607` ``(feature): Support for pppoe-server radius mode auth and config radius accouting port`` - - -2021-10-10 -========== - -* :vytask:`T3750` ``(bug): pdns-recursor 4.4 issue with dont-query and private DNS servers`` -* :vytask:`T3885` ``(default): dhcpv6-pd: randomly generated DUID is not persisted`` -* :vytask:`T3899` ``(enhancment): Add support for hd44780 LCD displays`` - - -2021-10-09 -========== - -* :vytask:`T3894` ``(bug): Tunnel Commit Failed if system does not have `eth0``` - - -2021-10-08 -========== - -* :vytask:`T3893` ``(bug): MGRE Tunnel commit crash If sit tunnel available`` - - -2021-10-04 -========== - -* :vytask:`T3888` ``(bug): Incorrect warning when poweroff command executed from configure mode.`` -* :vytask:`T3890` ``(feature): dhcp(v6): provide op-mode commands to retrieve both server and client logfiles`` -* :vytask:`T3889` ``(feature): Migrate to journalctl when reading daemon logs`` - - -2021-10-03 -========== - -* :vytask:`T3880` ``(bug): EFI boot shows error on display`` - - -2021-10-02 -========== - -* :vytask:`T3882` ``(feature): Upgrade PowerDNs recursor to 4.5 series`` -* :vytask:`T3883` ``(bug): VRF - Delette vrf config on interface`` - - -2021-10-01 -========== - -* :vytask:`T3877` ``(bug): VRRP always enabled rfc3768-compatibility even when not specified`` - - -2021-09-30 -========== - -* :vytask:`T3874` ``(bug): D-Link Ethernet Interface not working.`` - - -2021-09-27 -========== - -* :vytask:`T3858` ``(bug): Deleting OSPFv3 process yields: Unknown command: no router-id`` - - -2021-09-26 -========== - -* :vytask:`T3860` ``(bug): Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses`` -* :vytask:`T3857` ``(feature): reboot: send wall message to all users for information`` -* :vytask:`T3867` ``(bug): vxlan: multicast group address is not validated`` -* :vytask:`T3859` ``(bug): Add "log-adjacency-changes" to ospfv3 process`` - - -2021-09-23 -========== - -* :vytask:`T3850` ``(bug): Dots are no longer allowed in SSH public key names`` - - -2021-09-21 -========== - -* :vytask:`T2602` ``(bug): pptp/sstp/l2tp add possibility enable or disable CCP`` - - -2021-09-19 -========== - -* :vytask:`T3841` ``(feature): dhcp-server: add ping-check option to CLI`` -* :vytask:`T2738` ``(bug): Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization`` -* :vytask:`T3842` ``(feature): Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus`` -* :vytask:`T3840` ``(feature): dns forwarding: Cache size should allow values > 10k`` -* :vytask:`T3672` ``(bug): DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output`` - - -2021-09-11 -========== - -* :vytask:`T3402` ``(feature): Add VyOS programming library for operational level commands`` - - -2021-09-10 -========== - -* :vytask:`T3802` ``(bug): Commit fails if ethernet interface doesn't support flow control`` -* :vytask:`T3819` ``(bug): Upgrade Salt Stack 3002.3 -> 3003 release train`` -* :vytask:`T3421` ``(bug): MTR/Traceroute broken in 1.3-beta`` -* :vytask:`T3820` ``(feature): PowerDNS recursor - update from 4.3 -> 4.4 to sync with current`` -* :vytask:`T1770` ``(bug): webproxy breaks commit and http access on routed client`` -* :vytask:`T915` ``(feature): MPLS Support`` - - -2021-09-09 -========== - -* :vytask:`T3816` ``(bug): Error after entering outbound-interface command in NAT`` -* :vytask:`T3814` ``(bug): wireguard: commit error showing incorrect peer name from the configured name`` -* :vytask:`T3805` ``(bug): OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface`` - - -2021-09-07 -========== - -* :vytask:`T2322` ``(bug): CLI [op-mode] bugs. Root task`` -* :vytask:`T1894` ``(bug): FRR config not loaded after daemons segfault or restart`` -* :vytask:`T3807` ``(bug): Op Command "show interfaces wireguard" does not show the output`` -* :vytask:`T3808` ``(default): ipsec is mistakenly restarted after delete`` - - -2021-09-06 -========== - -* :vytask:`T3806` ``(bug): Don't set link local ipv6 address if MTU less then 1280`` -* :vytask:`T3803` ``(default): Add source-address option to the ping CLI`` -* :vytask:`T3431` ``(bug): Show version all bug`` -* :vytask:`T3362` ``(bug): 1.3 - RC1 ifb redirect failing to commit`` -* :vytask:`T3291` ``(bug): Fault on setting offload RPS with single-core CPU`` -* :vytask:`T2920` ``(bug): Commit crash when adding the second mGRE tunnel with the same key`` -* :vytask:`T2895` ``(bug): VPN IPsec "leftsubnet" declared 2 times`` -* :vytask:`T2019` ``(bug): LLDP wrong config generation for interface 'all'`` - - -2021-09-05 -========== - -* :vytask:`T3804` ``(feature): cli: Migrate and merge "system name-servers-dhcp" into "system name-server"`` - - -2021-09-04 -========== - -* :vytask:`T3697` ``(bug): Impossible to delete IPsec completely`` -* :vytask:`T3619` ``(bug): Performance Degradation 1.2 --> 1.3 | High ksoftirqd CPU usage`` -* :vytask:`T1785` ``(bug): Deleting partitions on disks (Raid1) with default value 'no'`` - - -2021-09-03 -========== - -* :vytask:`T3788` ``(bug): Keys are not allowed with ipip and sit tunnels`` -* :vytask:`T3683` ``(bug): VXLAN not accept ipv6 and source-interface options and mtu bug`` -* :vytask:`T3634` ``(feature): Add op command option for ping for do not fragment bit to be set`` - - -2021-09-02 -========== - -* :vytask:`T3792` ``(bug): login: A hypen present in a username from "system login user" is replaced by an underscore`` -* :vytask:`T3790` ``(bug): Does not possible to configure PPTP static ip-address to users`` - - -2021-09-01 -========== - -* :vytask:`T2434` ``(bug): Duplicate Address Detection Breaks Interfaces`` - - -2021-08-31 -========== - -* :vytask:`T3789` ``(feature): Add custom validator for base64 encoded CLI data`` -* :vytask:`T3782` ``(default): Ingress Shaping with IFB No Longer Functional with 1.3`` - - -2021-08-30 -========== - -* :vytask:`T3777` ``(bug): adding IPv6 EUI64 address fails commit in 1.3.0-rc6`` -* :vytask:`T3768` ``(default): Remove early syntaxVersion implementation`` -* :vytask:`T2558` ``(feature): Add some CPU information to `show version` + fix broken hypervisor detection`` -* :vytask:`T2430` ``(default): cannot delete specific route static next-hop`` -* :vytask:`T1350` ``(bug): VRRP transition script will be executed once only`` -* :vytask:`T2941` ``(default): Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py`` -* :vytask:`T3787` ``(bug): Remove deprecated UDP fragmentation offloading option`` -* :vytask:`T3677` ``(feature): "sipcalc" not included in 1.3`` - - -2021-08-29 -========== - -* :vytask:`T3708` ``(bug): isisd and gre-bridge commit error`` -* :vytask:`T3783` ``(bug): "set protocols isis spf-delay-ietf" is not working`` -* :vytask:`T2750` ``(default): Use m4 as a template processor`` - - -2021-08-27 -========== - -* :vytask:`T3182` ``(bug): Main blocker Task for FRR 7.4/7.5 series update`` -* :vytask:`T2108` ``(default): Use minisign/signify instead of GPG for release signing`` - - -2021-08-26 -========== - -* :vytask:`T3781` ``(bug): Revert the NAT implementation in 1.3 back to iptables`` -* :vytask:`T3776` ``(default): Rename FRR daemon restart op-mode commands`` -* :vytask:`T3779` ``(feature): Backport all 1.4 IS-IS features and configuration to 1.3 except VRF`` - - -2021-08-25 -========== - -* :vytask:`T3773` ``(bug): Delete the "show system integrity" command (to prepare for a re-implementation)`` -* :vytask:`T1514` ``(default): Add ability to restart frr processes`` - - -2021-08-24 -========== - -* :vytask:`T3772` ``(bug): VRRP virtual interfaces are not shown in show interfaces`` - - -2021-08-23 -========== - -* :vytask:`T2555` ``(bug): XML op-mode generation scripts silently discard XML nodes`` - - -2021-08-21 -========== - -* :vytask:`T3682` ``(bug): Remove running dhclient from ether-resume.py`` - - -2021-08-20 -========== - -* :vytask:`T1950` ``(default): Store VyOS configuration syntax version data in JSON file`` - - -2021-08-19 -========== - -* :vytask:`T2759` ``(bug): validate-value prints error messages from validators that fail even if overall validation succeeds`` -* :vytask:`T3234` ``(bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions`` -* :vytask:`T3732` ``(feature): override-default helper should support adding defaultValues to default less nodes`` -* :vytask:`T1962` ``(default): Add syntax version to schema`` - - -2021-08-17 -========== - -* :vytask:`T2525` ``(bug): OSPFv3 missing route map, not establishing`` -* :vytask:`T508` ``(bug): ISC DHCP incorrect UDP checksum generation`` -* :vytask:`T1643` ``(bug): Deleting all firewall zones failed and locked out box`` -* :vytask:`T1550` ``(bug): Add support for Large BGP Community show commands`` - - -2021-08-16 -========== - -* :vytask:`T3738` ``(default): openvpn fails if server and authentication are configured`` -* :vytask:`T1594` ``(bug): l2tpv3 error on IPv6 local-ip`` - - -2021-08-15 -========== - -* :vytask:`T3756` ``(default): VyOS generates invalid QR code for wireguard clients`` - - -2021-08-14 -========== - -* :vytask:`T3745` ``(feature): op-mode IPSec show vpn ipse sa sorting`` -* :vytask:`T521` ``(bug): Network services may fail if vyatta-router.service startup takes longer than a few seconds`` - - -2021-08-13 -========== - -* :vytask:`T3740` ``(bug): HTTPs API breaks when the address is IPv6`` - - -2021-08-12 -========== - -* :vytask:`T3731` ``(bug): verify_accel_ppp_base_service return wrong config error for SSP`` -* :vytask:`T3405` ``(feature): PPPoE server unit-cache`` -* :vytask:`T2432` ``(default): dhcpd: Can't create new lease file: Permission denied`` -* :vytask:`T3746` ``(feature): Inform users logging into the system about a pending reboot`` -* :vytask:`T3744` ``(default): Dns forwarding statistics formatting missing a new line`` - - -2021-08-10 -========== - -* :vytask:`T3730` ``(bug): op-mode conntrack-sync miss some functions`` - - -2021-08-09 -========== - -* :vytask:`T1501` ``(bug): VPN Commit Errors`` - - -2021-08-08 -========== - -* :vytask:`T2027` ``(bug): get_config_dict is failing when the configuration section is empty/missing`` -* :vytask:`T169` ``(feature): Image install should put correct serial console device in created GRUB menu entry`` - - -2021-08-07 -========== - -* :vytask:`T548` ``(feature): BGP IPv6 multipath support`` - - -2021-08-06 -========== - -* :vytask:`T1153` ``(bug): VyOS 1.2.0RC10, RAID-1, fresh install, unable to save config`` - - -2021-08-05 -========== - -* :vytask:`T696` ``(feature): Rewrite conntrack sync to XML`` - - -2021-08-04 -========== - -* :vytask:`T3704` ``(feature): Add ability to interact with Areca RAID adapers`` -* :vytask:`T320` ``(default): OSPF does not redistribute connected routes associated with virtual tunnel interfaces`` - - -2021-08-02 -========== - -* :vytask:`T2623` ``(bug): Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”`` -* :vytask:`T2161` ``(default): snmpd cannot start if ipv6 disabled`` -* :vytask:`T3601` ``(default): Error in ssh keys for vmware cloud-init if ssh keys is left empty.`` - - -2021-08-01 -========== - -* :vytask:`T3707` ``(bug): Ping incorrect ip host checks`` - - -2021-07-31 -========== - -* :vytask:`T3716` ``(feature): Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections`` -* :vytask:`T1626` ``(bug): BGP exchanges prefixes without specified address-family`` - - -2021-07-30 -========== - -* :vytask:`T1176` ``(default): FRR - BGP replicating routes`` -* :vytask:`T1123` ``(bug): Inconsistency in community-list naming validation`` - - -2021-07-29 -========== - -* :vytask:`T2931` ``(bug): Unicode decode error causes vyos.configd service to restart`` -* :vytask:`T2727` ``(bug): Add a dotted decimal value validator`` -* :vytask:`T2328` ``(default): dhcpv6 server not starting (disable check reversed?)`` -* :vytask:`T1758` ``(default): Switch vyos.config to libvyosconfig`` -* :vytask:`T954` ``(bug): Using the 10.255.255.0/24 subnet on other interfaces breaks L2TP/IPSec`` - - -2021-07-23 -========== - -* :vytask:`T3699` ``(bug): login: verify selected "system login user" name is not already used by the base system.`` - - -2021-07-21 -========== - -* :vytask:`T3689` ``(bug): static ipv6 route doesn't deleted in some cases`` -* :vytask:`T3685` ``(feature): IPv6 PBR doesn't allow setting of an egress interface`` - - -2021-07-20 -========== - -* :vytask:`T3691` ``(bug): GRETAP: key is not applied when interface is created`` - - -2021-07-13 -========== - -* :vytask:`T3679` ``(default): Point the unexpected exception message link to the new rolling release location`` - - -2021-07-11 -========== - -* :vytask:`T3665` ``(bug): Missing VRF support for VxLAN but already documented`` - - -2021-07-06 -========== - -* :vytask:`T3660` ``(feature): Conntrack-Sync configuration command to specify destination udp port for peer`` - - -2021-07-01 -========== - -* :vytask:`T3658` ``(feature): Add support for dhcpdv6 fixed-prefix6`` - - -2021-06-29 -========== - -* :vytask:`T3593` ``(bug): PPPoE server called-sid format does not work`` - - -2021-06-25 -========== - -* :vytask:`T3650` ``(bug): OpenVPN: Upgrade package to 2.5.1 before releasing VyOS 1.3.0`` -* :vytask:`T3649` ``(feature): Add bonding additional hash-policy`` - - -2021-06-24 -========== - -* :vytask:`T2722` ``(bug): get_config_dict() and key_mangling=('-', '_') will alter CLI data for tagNodes`` - - -2021-06-22 -========== - -* :vytask:`T3629` ``(bug): IPoE server shifting address in the range`` - - -2021-06-20 -========== - -* :vytask:`T3637` ``(bug): vrf: bind-to-all didn't work properly`` - - -2021-06-19 -========== - -* :vytask:`T3633` ``(feature): Add LRO offload for interface ethernet`` - - -2021-06-17 -========== - -* :vytask:`T3631` ``(feature): route-map: migrate "set extcommunity-rt" and "set extcommunity-soo" to "set extcommunity rt|soo" to match FRR syntax`` - - -2021-06-16 -========== - -* :vytask:`T2425` ``(feature): Rewrite all policy zebra filters to XML/Python style`` -* :vytask:`T3630` ``(feature): op-mode: add "show version kernel" command`` - - -2021-06-13 -========== - -* :vytask:`T3620` ``(feature): Rename WWAN interface from wirelessmodem to wwan to use QMI interface`` -* :vytask:`T3622` ``(feature): WWAN: add support for APN authentication`` -* :vytask:`T3621` ``(bug): PPPoE interface does not validate if password is supplied when username is set`` - - -2021-06-10 -========== - -* :vytask:`T3250` ``(bug): PPPoE server: wrong local usernames`` -* :vytask:`T3138` ``(bug): ddclient improperly updated when apply rfc2136 config`` -* :vytask:`T2645` ``(default): Editing route-map action requires adding a new rule`` - - -2021-06-09 -========== - -* :vytask:`T3602` ``(bug): Renaming BGP Peer Groups Leaves Router Broken`` -* :vytask:`T2916` ``(bug): A state of VTI interface in a configuration does not being processing properly`` - - -2021-06-08 -========== - -* :vytask:`T3605` ``(default): Allow to set prefer-global for ipv6-next-hop`` -* :vytask:`T3607` ``(feature): [route-map] set ipv6 next-hop prefer-global`` - - -2021-06-07 -========== - -* :vytask:`T3581` ``(bug): Incomplete command `show ipv6 ospfv3 linkstate``` -* :vytask:`T3516` ``(bug): FRR 7.5 adds a second route when you attempt to change a static route distance instead of overwriting the old route`` -* :vytask:`T3461` ``(bug): OpenConnect Server redundancy check`` -* :vytask:`T3455` ``(bug): system users can not be added in "edit"`` - - -2021-06-04 -========== - -* :vytask:`T3592` ``(feature): Set default TTL 64 for tunnels`` - - -2021-06-01 -========== - -* :vytask:`T406` ``(bug): VPN configuration error: IPv6 over IPv4 IPsec is not supported when using IPv6 ONLY tunnel.`` - - -2021-05-30 -========== - -* :vytask:`T1866` ``(bug): Commit archive over SFTP doesn't work with non-standard ports`` -* :vytask:`T3589` ``(feature): op-mode: support clearing out logfiles from CLI`` -* :vytask:`T3508` ``(bug): Check if there's enough drive space for an upgrade before downloading an image`` -* :vytask:`T1506` ``(enhancment): commit-archive scp/sftp public key authentication`` - - -2021-05-29 -========== - -* :vytask:`T3135` ``(bug): BFD configurations fail to be applied`` -* :vytask:`T3103` ``(default): Rewrite parts of vyos\frr.py for readability, logging and to fix mulitiline regex "bugs"`` -* :vytask:`T2739` ``(default): vyos-utils is not compiled with a Jenkins pipeline.`` -* :vytask:`T2451` ``(bug): Cannot use !tcp or !tcp_udp while adding firewall rule`` -* :vytask:`T2436` ``(default): equuleus: Testing: vyos-1x: syntax checking Python scripts in PR`` -* :vytask:`T2184` ``(bug): OpenVPN op_mode tools broken`` -* :vytask:`T1944` ``(bug): FRR: Invalid route in BGP causes update storm, memory leak, and failure of Zebra`` - - -2021-05-28 -========== - -* :vytask:`T1579` ``(feature): Rewrite all interface types in new XML/Python style`` - - -2021-05-27 -========== - -* :vytask:`T2629` ``(bug): VXLAN interfaces don't actually allow you to configure most settings`` -* :vytask:`T2617` ``(feature): Rewrite vyatta-op-quagga "show" to XML`` -* :vytask:`T2512` ``(feature): vyatta-op-quagga [show ip] to XML format`` -* :vytask:`T1905` ``(default): Update to Keepalived 2.0.19`` -* :vytask:`T2669` ``(bug): DHCP-server overlapping ranges.`` - - -2021-05-26 -========== - -* :vytask:`T3558` ``(default): autocomplete options for dhcp-interface is not showing for the static route command`` -* :vytask:`T3540` ``(bug): Keepalived memory utilisation issue when constantly getting its state in JSON format`` -* :vytask:`T2807` ``(feature): IPv6 Link-Local Address - Automatically generation/configuration on GRE Interfaces`` - - -2021-05-24 -========== - -* :vytask:`T3575` ``(bug): pseudo-ethernet: must check source-interface MTU`` -* :vytask:`T3571` ``(bug): Broken Show Tab Complete`` -* :vytask:`T3576` ``(bug): ISIS does not support IPV6`` - - -2021-05-23 -========== - -* :vytask:`T3570` ``(default): Prevent setting of a larger MTU on child interfaces`` -* :vytask:`T3572` ``(feature): Basic Drive Diagnostic Tools`` - - -2021-05-20 -========== - -* :vytask:`T3554` ``(feature): Add area-type stub for ospfv3`` - - -2021-05-19 -========== - -* :vytask:`T3562` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T3559` ``(feature): Add restart op-command for OpenConnect Server`` - - -2021-05-18 -========== - -* :vytask:`T3525` ``(default): VMWare resume script syntax errors`` -* :vytask:`T2462` ``(default): LLDP op-mode exception: IndexError: list index out of range`` - - -2021-05-15 -========== - -* :vytask:`T3549` ``(bug): DHCPv6 "service dhcpv6-server global-parameters name-server" is not correctly exported to dhcpdv6.conf when multiple name-server entries are present`` -* :vytask:`T3532` ``(bug): Not possible to change ethertype after interface creation`` -* :vytask:`T3550` ``(bug): Router-advert completion typo`` -* :vytask:`T3547` ``(feature): conntrackd: remove deprecated config options`` -* :vytask:`T3535` ``(feature): Rewrite vyatta-conntrack-sync in new XML and Python flavor`` -* :vytask:`T2049` ``(feature): Update strongSwan cipher suites list for IPSec settings`` - - -2021-05-14 -========== - -* :vytask:`T3346` ``(bug): nat 4-to-5 migration script fails when a 'source' or 'destination' node exists but there are no rules`` -* :vytask:`T3248` ``(default): Deal with VRRP mode-force command that exists in 1.2 but not in 1.3`` -* :vytask:`T3426` ``(default): add support for script arguments to vyos-configd`` - - -2021-05-13 -========== - -* :vytask:`T3544` ``(feature): DHCP server should validate configuration before applying it`` -* :vytask:`T3543` ``(feature): Support for setting lacp_rate on LACP bonded interfaces`` - - -2021-05-12 -========== - -* :vytask:`T3302` ``(default): Make vyos-configd relay stdout from scripts to the user's console`` - - -2021-05-11 -========== - -* :vytask:`T3526` ``(bug): Smoketest policy fail in CI`` - - -2021-05-10 -========== - -* :vytask:`T3528` ``(bug): Frr 7.5.1 uses 'seq' for community-lists`` - - -2021-05-08 -========== - -* :vytask:`T3517` ``(bug): FRR 7.5 bfd behavior for 1.3`` - - -2021-05-07 -========== - -* :vytask:`T1171` ``(bug): 1.2.0 epa2 - IPsec VPN initiation`` - - -2021-05-06 -========== - -* :vytask:`T3519` ``(bug): Cannot add / assign L2TPv3 to vrf`` - - -2021-05-01 -========== - -* :vytask:`T3379` ``(feature): Add global-parameters name-server for dhcpv6-server`` -* :vytask:`T3491` ``(default): Change Kernel HZ to 1000`` - - -2021-04-30 -========== - -* :vytask:`T3170` ``(default): Add a sanity check for empty node.def files`` - - -2021-04-29 -========== - -* :vytask:`T3502` ``(bug): "system ip multipath layer4-hashing" doesn't work`` -* :vytask:`T3029` ``(bug): Generated NGINX configuration is wrong for the redirection (http -> https)`` -* :vytask:`T3156` ``(feature): Add op and additional conf commands for ISIS`` -* :vytask:`T2012` ``(feature): Global PBR`` -* :vytask:`T1314` ``(feature): Allow BGP on unnumbered interfaces`` - - -2021-04-27 -========== - -* :vytask:`T2946` ``(bug): Calling 'stty_size' causes show interfaces API to fail`` - - -2021-04-25 -========== - -* :vytask:`T3468` ``(bug): Tunnel interfaces aren't suggested as being available for bridging (regression)`` -* :vytask:`T1802` ``(feature): Wireguard QR code in cli for mobile devices`` - - -2021-04-23 -========== - -* :vytask:`T3290` ``(bug): Disabling GRE conntrack module fails`` - - -2021-04-18 -========== - -* :vytask:`T3481` ``(default): Exclude tag node values from key mangling`` -* :vytask:`T3475` ``(bug): XML dictionary cache unable to process syntaxVersion elements`` - - -2021-04-15 -========== - -* :vytask:`T3386` ``(bug): PPPoE-server don't start with local authentication`` - - -2021-04-14 -========== - -* :vytask:`T3055` ``(bug): op-mode incorrect naming for ipsec policy-based tunnels`` - - -2021-04-12 -========== - -* :vytask:`T3454` ``(enhancment): dhclient reject option`` - - -2021-04-05 -========== - -* :vytask:`T1612` ``(default): dhcp-server time-offset fails to validate`` -* :vytask:`T3438` ``(bug): VRF: removing vif which belongs to a vrf, will delete the entire vrf from the operating system`` -* :vytask:`T3418` ``(bug): BGP: system wide known interface can not be used as neighbor`` - - -2021-04-04 -========== - -* :vytask:`T3457` ``(feature): Output the "monitor log" command in a colorful way`` - - -2021-03-31 -========== - -* :vytask:`T3445` ``(bug): vyos-1x build include not all nodes`` - - -2021-03-25 -========== - -* :vytask:`T2639` ``(feature): sort output of show vpn ipsec sa`` - - -2021-03-22 -========== - -* :vytask:`T3284` ``(bug): merge/load fail silently if unable to resolve host`` - - -2021-03-21 -========== - -* :vytask:`T3416` ``(bug): NTP: when running inside a VRF op-mode commands do not work`` - - -2021-03-20 -========== - -* :vytask:`T3392` ``(bug): vrrp over dhcp default route bug (unexpected vrf)`` -* :vytask:`T3373` ``(feature): Upgrade to SaltStack version 3002.5`` -* :vytask:`T3329` ``(default): "system conntrack ignore" rules can no longer be created due to an iptables syntax change`` -* :vytask:`T3300` ``(feature): Add DHCP default route distance`` -* :vytask:`T3306` ``(feature): Extend set route-map aggregator as to 4 Bytes`` - - -2021-03-18 -========== - -* :vytask:`T3411` ``(default): Extend the redirect_stdout context manager in vyos-configd to redirect stdout from subprocesses`` -* :vytask:`T3271` ``(bug): qemu-kvm grub issue`` - - -2021-03-17 -========== - -* :vytask:`T3413` ``(bug): Configuring invalid IPv6 EUI64 address results in "OSError: illegal IP address string passed to inet_pton"`` - - -2021-03-14 -========== - -* :vytask:`T2271` ``(feature): OSPF: add per VRF instance support`` -* :vytask:`T175` ``(feature): Add source route option to VTI interfaces`` - - -2021-03-13 -========== - -* :vytask:`T3406` ``(bug): tunnel: interface no longer supports specifying encaplimit none - or migrator is missing`` -* :vytask:`T3407` ``(bug): console-server: do not allow to spawn a console-server session on serial port used by "system console"`` - - -2021-03-11 -========== - -* :vytask:`T3399` ``(bug): RPKI: dashes in hostnames are replaced with underscores when rendering the FRR config`` -* :vytask:`T3305` ``(bug): Ingress qdisc does not work anymore in 1.3-rolling-202101 snapshot`` -* :vytask:`T2927` ``(bug): isc-dhcpd release and expiry events never execute`` -* :vytask:`T899` ``(bug): Tunnels cannot be moved from one bridge to another`` -* :vytask:`T786` ``(feature): new style xml and conf-mode scripts: posibillity to add tagNode value as parameter to conf-script`` - - -2021-03-09 -========== - -* :vytask:`T3382` ``(bug): Error creating Console Server`` - - -2021-03-08 -========== - -* :vytask:`T3387` ``(bug): Command "Monitor vpn ipsec" is not working`` - - -2021-03-07 -========== - -* :vytask:`T3319` ``(bug): VXLAN uses ttl 1 (auto) by default`` -* :vytask:`T3391` ``(feature): Add CLI support for specifying maximum-paths per address family ipv4 unicast and ipv6 unicast`` -* :vytask:`T3211` ``(feature): ability to redistribute ISIS into other routing protocols`` - - -2021-03-05 -========== - -* :vytask:`T2659` ``(feature): Add fastnetmon (DDoS detection) support`` - - -2021-03-04 -========== - -* :vytask:`T2861` ``(bug): route-map "set community additive" not working correctly`` - - -2021-03-03 -========== - -* :vytask:`T2966` ``(feature): tunnel: add new encapsulation types ip6tnl and ip6gretap`` - - -2021-03-01 -========== - -* :vytask:`T3342` ``(bug): On xen-netback interfaces must set "scattergather" offload before MTU>1500`` - - -2021-02-28 -========== - -* :vytask:`T3370` ``(bug): dhcp: Invalid domain name "private"`` -* :vytask:`T3369` ``(feature): VXLAN: add IPv6 underlay support`` - - -2021-02-27 -========== - -* :vytask:`T2291` ``(bug): Bad hostnames in /etc/hosts with static-mapping in dhcp server config`` -* :vytask:`T3364` ``(feature): tunnel: cleanup/rename CLI nodes`` -* :vytask:`T3368` ``(feature): macsec: add support for gcm-aes-256 cipher`` -* :vytask:`T3366` ``(bug): tunnel: can not change local / remote ip address for gre-bridge tunnel`` -* :vytask:`T3173` ``(feature): Need 'nopmtudisc' option for tunnel interface`` - - -2021-02-26 -========== - -* :vytask:`T3357` ``(default): HTTP-API redirect from http correct https port`` - - -2021-02-24 -========== - -* :vytask:`T3303` ``(feature): Change welcome message on boot`` - - -2021-02-21 -========== - -* :vytask:`T3163` ``(feature): ethernet ring-buffer can be set with an invalid value`` - - -2021-02-19 -========== - -* :vytask:`T3326` ``(bug): OSPFv3: Cannot add L2TPv3 interface`` - - -2021-02-18 -========== - -* :vytask:`T3259` ``(default): many dnat rules makes the vyos http api crash, even showConfig op timeouts`` - - -2021-02-17 -========== - -* :vytask:`T3047` ``(bug): OSPF : virtual-link and passive-interface default parameters does not work together`` -* :vytask:`T3312` ``(feature): SolarFlare NICs support`` - - -2021-02-16 -========== - -* :vytask:`T3318` ``(feature): Update Linux Kernel to v5.4.208 / 5.10.142`` - - -2021-02-14 -========== - -* :vytask:`T2152` ``(bug): ddclient has bug which prevents use_web from being used`` -* :vytask:`T3308` ``(feature): BGP: add gracefull shutdown support`` - - -2021-02-13 -========== - -* :vytask:`T3028` ``(feature): Create a default user when metadata is not available (for Cloud-init builds)`` -* :vytask:`T2867` ``(feature): Cleanup DataSourceOVF.py in the Cloud-init`` -* :vytask:`T2726` ``(feature): Allow to use all supported SSH key types in Cloud-init`` -* :vytask:`T2403` ``(feature): Full support for networking config in Cloud-init`` -* :vytask:`T2387` ``(feature): Create XML scheme for [conf_mode] BGP`` -* :vytask:`T2174` ``(feature): Rewrite protocol BGP to new XML/Python style`` -* :vytask:`T1987` ``(bug): A default route can be deleted by dhclient-script in some cases`` -* :vytask:`T723` ``(feature): Add support for first boot or installation time saved config modification`` -* :vytask:`T1775` ``(bug): Cloud-init not running userdata runcmd`` -* :vytask:`T1389` ``(feature): Add support for NoCloud cloud-init datasource`` -* :vytask:`T1315` ``(feature): Allow BGP to use address-family l2vpn evpn`` - - -2021-02-11 -========== - -* :vytask:`T2638` ``(default): FRR: New framework for configuring FRR`` - - -2021-02-08 -========== - -* :vytask:`T3295` ``(feature): Update Linux Kernel to v5.4.96 / 5.10.14`` - - -2021-02-07 -========== - -* :vytask:`T3293` ``(bug): RPKI migration script errors out after CLI rewrite`` - - -2021-02-06 -========== - -* :vytask:`T3285` ``(feature): Schedule reboots through systemd-shutdownd instead of atd`` -* :vytask:`T661` ``(feature): Show a warning if the router is going to reboot soon (due to "commit-confirm" command)`` - - -2021-02-05 -========== - -* :vytask:`T2450` ``(feature): Rewrite "protocols vrf" tree in XML and Python`` -* :vytask:`T208` ``(feature): Ability to ignore default-route from dhcpcd per interface`` - - -2021-02-03 -========== - -* :vytask:`T3239` ``(default): XML: override 'defaultValue' for mtu of certain interfaces; remove workarounds`` -* :vytask:`T2910` ``(feature): XML: generator should support override of variables`` -* :vytask:`T2873` ``(bug): "show nat destination translation address" doesn't filter at all`` - - -2021-02-02 -========== - -* :vytask:`T3018` ``(bug): Unclear behaviour when configuring vif and vif-s interfaces`` -* :vytask:`T3255` ``(default): Rewrite protocol RPKI to new XML/Python style`` - - -2021-02-01 -========== - -* :vytask:`T3268` ``(feature): Add VRF support to VIF-S interfaces`` -* :vytask:`T3274` ``(default): ask_yes_no() doesn't handle EOFError`` - - -2021-01-31 -========== - -* :vytask:`T3276` ``(feature): Update Linux Kernel to v5.4.94 / 5.10.12`` - - -2021-01-30 -========== - -* :vytask:`T3269` ``(bug): VIF-C interfaces don't verify configuration`` -* :vytask:`T3240` ``(feature): Support per-interface DHCPv6 DUIDs`` -* :vytask:`T3273` ``(default): PPPoE static default-routes deleted on interface down when not added by interface up`` - - -2021-01-29 -========== - -* :vytask:`T3262` ``(bug): DHCPv6 client runs when dhcpv6-options is configured without requesting an address or PD`` -* :vytask:`T3261` ``(bug): Does not possible to disable pppoe client interface.`` - - -2021-01-27 -========== - -* :vytask:`T3257` ``(feature): tcpdump supporting complete protocol`` -* :vytask:`T3110` ``(bug): Broken pipe in show interfaces`` -* :vytask:`T651` ``(enhancment): Split CI'ed, VyOS-specific packages and other packages into separate repos`` -* :vytask:`T597` ``(enhancment): Code testing on sonarcloud.com`` -* :vytask:`T516` ``(default): Make Python / XML code development more testable`` -* :vytask:`T625` ``(default): Lack of IKEv1 lifetime negotiation`` -* :vytask:`T613` ``(bug): Missing linux-kbuild`` -* :vytask:`T505` ``(bug): Hostapd cannot log`` - - -2021-01-26 -========== - -* :vytask:`T3251` ``(bug): PPPoE client trying to authorize with the wrong username`` -* :vytask:`T2859` ``(bug): show nat source translation - Errors out`` - - -2021-01-25 -========== - -* :vytask:`T3249` ``(feature): Support operation mode forwarding table output`` - - -2021-01-24 -========== - -* :vytask:`T3230` ``(bug): RPKI can't be deleted`` -* :vytask:`T3243` ``(feature): Update Linux Kernel to v5.4.92 / 5.10.10`` - - -2021-01-18 -========== - -* :vytask:`T2761` ``(feature): Extend "show vrrp" op-mode command with router priority`` -* :vytask:`T2679` ``(feature): VRRP with BFD Failure Detection`` -* :vytask:`T3212` ``(bug): SSH: configuration directory is not always created on boot`` -* :vytask:`T3231` ``(bug): "system option ctrl-alt-delete" has no effect`` - - -2021-01-17 -========== - -* :vytask:`T3222` ``(bug): Typo in BGP dampening description`` -* :vytask:`T2944` ``(bug): NTP by default listen on any address/interface`` -* :vytask:`T3226` ``(bug): Repair bridge smoke test damage`` -* :vytask:`T2442` ``(enhancment): Move application of STP settings for bridge members from interfaces-bridge.py to Interface.add_to_bridge()`` -* :vytask:`T2381` ``(bug): OpenVPN: openvpn-option parsed/rendered improperly`` - - -2021-01-16 -========== - -* :vytask:`T3215` ``(bug): Operational command "show ipv6 route" is broken`` -* :vytask:`T3172` ``(bug): Builds sometime after 2020-12-17 have broken routing after reboot`` -* :vytask:`T3157` ``(bug): salt-minion fails to start due to permission error accessing /root/.salt/minion.log`` -* :vytask:`T3167` ``(default): Recurring bugs in Intel NIC drivers`` -* :vytask:`T3151` ``(default): Decide on the final list of packages for 1.3`` -* :vytask:`T3137` ``(feature): Let VLAN aware bridge approach the behavior of professional equipment`` -* :vytask:`T3223` ``(feature): Update Linux Kernel to v5.4.89 / 5.10.7`` - - -2021-01-15 -========== - -* :vytask:`T3210` ``(feature): ISIS three-way-handshake`` -* :vytask:`T3184` ``(feature): Add correct desctiptions for BGP neighbors`` -* :vytask:`T2850` ``(feature): Add BGP template for FRR`` - - -2021-01-14 -========== - -* :vytask:`T3218` ``(feature): Replace Intel out-of-tree drivers with Linux Kernel stock drivers.`` - - -2021-01-13 -========== - -* :vytask:`T3186` ``(bug): NAT: Commit failed when applying negated(!) addresses`` - - -2021-01-12 -========== - -* :vytask:`T3205` ``(bug): Does not possible to configure tunnel mode gre-bridge`` - - -2021-01-11 -========== - -* :vytask:`T3208` ``(bug): Does not possible to change user password`` -* :vytask:`T3198` ``(bug): OSPF database filtering issue`` -* :vytask:`T3206` ``(bug): Unable to delete destination NAT rule`` -* :vytask:`T3193` ``(bug): DHCPv6 PD verification issues`` -* :vytask:`T3201` ``(bug): Operational command "show log all" is not working for RADIUS users`` - - -2021-01-10 -========== - -* :vytask:`T3178` ``(feature): Migrate vyatta-op-quagga to vyos-1x`` - - -2021-01-09 -========== - -* :vytask:`T2467` ``(bug): Restarting flow accounting fails with systemd error`` -* :vytask:`T3199` ``(feature): Update Linux Kernel to v5.4.88 / 5.10.6`` - - -2021-01-07 -========== - -* :vytask:`T3192` ``(feature): login: radius: add support for IPv6 RADIUS servers`` - - -2021-01-05 -========== - -* :vytask:`T3169` ``(enhancment): Reimplement smoke test of span (mirror)`` -* :vytask:`T3161` ``(default): Consider removing ConfigLoad.pm`` -* :vytask:`T1398` ``(default): Remove vyatta-config-migrate package`` -* :vytask:`T805` ``(enhancment): Drop config compatibility with Vyatta Core older than 6.5`` - - -2021-01-04 -========== - -* :vytask:`T3185` ``(bug): [conf-mode] Wrong CompletionHelp for Tunnel local-ip`` -* :vytask:`T2601` ``(bug): pppoe-server: Cannot disable CCP`` - - -2021-01-03 -========== - -* :vytask:`T3180` ``(bug): DHCP server raises NameError`` - - -2021-01-02 -========== - -* :vytask:`T2321` ``(feature): VRF support for SSH, NTP, SNMP service`` -* :vytask:`T3177` ``(bug): Rolling Release no longer reports VMware UUID`` - - -2021-01-01 -========== - -* :vytask:`T3171` ``(feature): Add CLI option to enable RPS (Receive Packet Steering)`` - - -2020-12-31 -========== - -* :vytask:`T3162` ``(bug): Wrong PPPoE server pado-delay parameter added to config`` -* :vytask:`T3160` ``(bug): PPPoE server called-sid option defined in wrong section`` -* :vytask:`T3168` ``(feature): Update Linux Kernel to v5.4.86`` - - -2020-12-29 -========== - -* :vytask:`T3082` ``(bug): multi_to_list must distinguish between values and defaults`` -* :vytask:`T1466` ``(feature): Add EAPOL login support`` - - -2020-12-28 -========== - -* :vytask:`T1732` ``(feature): Removing vyatta-webproxy module`` -* :vytask:`T2666` ``(feature): Packet Processing with eBPF and XDP`` -* :vytask:`T2581` ``(default): webproxy: implement proxy chaining`` -* :vytask:`T563` ``(feature): webproxy: migrate 'service webproxy' to get_config_dict()`` - - -2020-12-27 -========== - -* :vytask:`T3150` ``(bug): When configuring QoS, the setting procedure of port mirroring is wrong`` - - -2020-12-23 -========== - -* :vytask:`T3143` ``(bug): OpenVPN server: Push route config format is wrong`` -* :vytask:`T3146` ``(feature): Upgrade FRR from 7.4 -> 7.5 version incl. new libyang`` -* :vytask:`T3145` ``(feature): Update Linux Kernel to v5.4.85`` -* :vytask:`T3147` ``(feature): Upgrade to SaltStack version 3002.2`` - - -2020-12-22 -========== - -* :vytask:`T3142` ``(bug): OpenVPN op-command completion fails due to missing status file`` -* :vytask:`T2940` ``(feature): Update FRR to 7.4`` -* :vytask:`T2573` ``(bug): BFD op-mode commands are broken`` -* :vytask:`T2495` ``(feature): Add xml for ISIS [conf_mode]`` -* :vytask:`T1316` ``(feature): Support for IS-IS`` - - -2020-12-21 -========== - -* :vytask:`T2619` ``(bug): Bug: Changes in NAT or ZONES from 1.2 to 1.3`` - - -2020-12-20 -========== - -* :vytask:`T3131` ``(bug): Typo in ipsec preshared-secret help`` -* :vytask:`T3134` ``(bug): DHCPv6 DUID configuration node missing`` -* :vytask:`T3140` ``(feature): Relax "ethernet offload-options" CLI definition`` -* :vytask:`T3132` ``(feature): Enable egress flow accounting`` - - -2020-12-17 -========== - -* :vytask:`T2810` ``(default): Docs for vpn anyconnect-server`` -* :vytask:`T2036` ``(default): Open Connect VPN Server () support`` - - -2020-12-14 -========== - -* :vytask:`T3128` ``(bug): pppoe smoke test failed`` -* :vytask:`T3129` ``(feature): Update Linux Kernel to v5.4.83`` -* :vytask:`T3089` ``(feature): Migrate port mirroring to vyos-1x and support two-way traffic mirroring`` -* :vytask:`T3130` ``(feature): Replace vyos-netplug with upstream debian version`` - - -2020-12-13 -========== - -* :vytask:`T3114` ``(bug): When the bridge member is a non-ethernet interface, setting VLAN-aware bridge parameters fails`` - - -2020-12-11 -========== - -* :vytask:`T3123` ``(bug): Configuration of vti interface impossible`` - - -2020-12-10 -========== - -* :vytask:`T3117` ``(bug): OpenVPN config migration errors upgrading from 1.3-rolling-202010280217 to 1.3-rolling-202012060217`` - - -2020-12-09 -========== - -* :vytask:`T3122` ``(feature): Update Linux Kernel to v4.19.162`` -* :vytask:`T3121` ``(bug): get_config_dict() and key_mangling=('-', '_') Broke PowerDNS dns_forwarding config file`` - - -2020-12-08 -========== - -* :vytask:`T2562` ``(bug): VyOS can't be used as a DHCP server for a DHCP relay`` - - -2020-12-07 -========== - -* :vytask:`T3120` ``(bug): Python error when deleting nat rule`` -* :vytask:`T3119` ``(feature): migrate "system ip" to get_config_dict() and provide smoketest`` - - -2020-12-05 -========== - -* :vytask:`T2744` ``(bug): igmp-proxy issue: Address already in use`` - - -2020-12-04 -========== - -* :vytask:`T3108` ``(bug): Section config overlapped match with FRRConfig`` -* :vytask:`T3112` ``(feature): PPPoE IPv6: remove "enable" node`` -* :vytask:`T3100` ``(feature): Migrate DHCP/DHCPv6 server to get_config_dict()`` - - -2020-12-03 -========== - -* :vytask:`T3105` ``(bug): static-host-mapping writing in one line`` -* :vytask:`T3107` ``(feature): Update Linux Kernel to v4.19.161`` -* :vytask:`T3104` ``(bug): LLDP Traceback error`` - - -2020-12-01 -========== - -* :vytask:`T3102` ``(bug): Destination NAT fails to commit`` -* :vytask:`T2713` ``(bug): VyOS must not change permissions on files in /config/auth`` - - -2020-11-30 -========== - -* :vytask:`T3091` ``(feature): Add "tag" for static route`` -* :vytask:`T1207` ``(feature): DMVPN behind NAT`` - - -2020-11-29 -========== - -* :vytask:`T3095` ``(feature): Migrate dhcp-relay and dhcpv6-relay to get_config_dict()`` - - -2020-11-28 -========== - -* :vytask:`T2890` ``(bug): NAT error adding translation address range`` -* :vytask:`T2868` ``(bug): Tcp-mss option in policy calls kernel-panic`` -* :vytask:`T3092` ``(feature): nat: migrate to get_config_dict()`` - - -2020-11-27 -========== - -* :vytask:`T2715` ``(feature): Duplicate address detection option supporting ARP`` -* :vytask:`T2714` ``(feature): A collection of utilities supporting IPv6 or ipv4`` -* :vytask:`T3088` ``(feature): Migrate IGMP-Proxy over to get_config_dict() and add smoketests`` - - -2020-11-24 -========== - -* :vytask:`T3087` ``(feature): Update Linux Kernel to v4.19.160`` - - -2020-11-23 -========== - -* :vytask:`T2177` ``(default): Commit fails on adding disabled interface to bridge`` -* :vytask:`T3066` ``(bug): reboot in - Invalid time`` -* :vytask:`T2802` ``(bug): Tunnel interface does not apply EUI-64 IPv6 Address`` -* :vytask:`T2359` ``(bug): Adding IPIP6 tun interface to bridge [conf_mode] errors`` -* :vytask:`T2357` ``(bug): GRE-bridge conf_mode errors`` -* :vytask:`T2259` ``(feature): Support for bind vif-c interfaces into VRFs`` -* :vytask:`T2205` ``(bug): "set interface ethernet" fails on Hyper-V`` -* :vytask:`T2182` ``(bug): Failure to commit an IPv6 address on a tunnel interface`` -* :vytask:`T2155` ``(bug): Cannot set anything on Intel 82599ES 10-Gigabit SFI/SFP+`` -* :vytask:`T2153` ``(bug): traceroute circular reference`` -* :vytask:`T3081` ``(bug): get_config_dict() does not honor whitespaces in the CLI values field`` -* :vytask:`T3080` ``(bug): OpenVPN failing silently for a number of reasons in rolling post Nov/02`` -* :vytask:`T3074` ``(bug): OpenVPN site-to-site creates wrong peer address`` -* :vytask:`T2542` ``(bug): OpenVPN client tap interfaces not coming up`` -* :vytask:`T3084` ``(bug): wifi: TypeError on "show interfaces wireless info"`` - - -2020-11-21 -========== - -* :vytask:`T3079` ``(bug): Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge`` -* :vytask:`T3060` ``(bug): OpenVPN virtual interface not coming up after upgrade`` - - -2020-11-20 -========== - -* :vytask:`T3078` ``(feature): CLI cleanup: rename "system options" -> "system option"`` -* :vytask:`T2997` ``(feature): DHCP: disallow/do-not-request certain options when requesting IP address from server`` -* :vytask:`T3077` ``(feature): WireGuard: automatically create link-local IPv6 adresses`` -* :vytask:`T2550` ``(default): OpenVPN: IPv4 not working in client mode`` -* :vytask:`T3072` ``(feature): Migrate tunnel interfaces to new get_config_dict() approach`` -* :vytask:`T3065` ``(feature): Add "interfaces wirelessmodem" IPv6 support`` -* :vytask:`T3048` ``(feature): Drop static smp-affinity for a more dynamic way using tuned`` - - -2020-11-19 -========== - -* :vytask:`T3067` ``(bug): Wireless interface can no longer be added to the bridge after bridge VLAN support`` -* :vytask:`T3075` ``(feature): Update Linux Kernel to v4.19.158`` - - -2020-11-16 -========== - -* :vytask:`T3003` ``(enhancment): Extend smoketest framework to allow loading an arbitrary config file`` - - -2020-11-15 -========== - -* :vytask:`T3069` ``(bug): OpenVPN routed networks not available`` -* :vytask:`T3038` ``(feature): Supporting AZERTY keyboards`` -* :vytask:`T2993` ``(bug): op-mode: lldp: show lldp neighbors - AttributeError: 'str' object has no attribute 'items'`` - - -2020-11-14 -========== - -* :vytask:`T3041` ``(bug): Intel QAT: vyos-1.3-rolling-202011020217-amd64 kernel panic during configure`` - - -2020-11-13 -========== - -* :vytask:`T3063` ``(feature): Add support for Huawei LTE Module ME909s-120`` -* :vytask:`T3059` ``(bug): L2TPv3 interface: Enforced to shutdown but no command to enable interface permanently`` - - -2020-11-12 -========== - -* :vytask:`T3064` ``(feature): Update Linux Kernel to v4.19.157`` - - -2020-11-10 -========== - -* :vytask:`T2103` ``(bug): Abnormal interface names if VIF present`` - - -2020-11-08 -========== - -* :vytask:`T3050` ``(bug): Broken address/subnet validation on NAT configuration`` - - -2020-11-07 -========== - -* :vytask:`T2914` ``(bug): OpenVPN: Fix for IPv4 remote-host hostname in client mode:`` -* :vytask:`T2653` ``(feature): "set interfaces" Python handler code improvements - next iteration`` -* :vytask:`T311` ``(feature): DHCP: set client-hostname via CLI`` - - -2020-11-06 -========== - -* :vytask:`T3051` ``(bug): OpenVPN: multiple client routes do not work in server mode`` -* :vytask:`T3046` ``(bug): openvpn directory is not auto-created`` -* :vytask:`T3052` ``(feature): Update Linux firmware files to 20201022 version`` -* :vytask:`T2731` ``(bug): "show interfaces" returns invalid state when link is down`` - - -2020-11-05 -========== - -* :vytask:`T3049` ``(feature): Update Linux Kernel to v4.19.155`` -* :vytask:`T2994` ``(feature): Migrate OpenVPN interfaces to get_config_dict() syntax`` - - -2020-11-03 -========== - -* :vytask:`T3043` ``(feature): Wireless: Refactor CLI`` -* :vytask:`T3034` ``(feature): Add WiFi WPA 3 support`` -* :vytask:`T2967` ``(bug): Duplicate IPv6 BFD peers created`` -* :vytask:`T2483` ``(bug): DHCP most likely not restarting pdns_recursor`` - - -2020-11-02 -========== - -* :vytask:`T3024` ``(bug): DHCPv6 PD configuration doesn't really render an expected behavior`` - - -2020-11-01 -========== - -* :vytask:`T3036` ``(feature): OpenVPN remote-address does not accept IPv6 address`` -* :vytask:`T2193` ``(feature): Display disabled VRRP instances in a `show vrrp` output`` - - -2020-10-30 -========== - -* :vytask:`T2790` ``(feature): Add ability to set ipv6 protocol route-map for OSPFv3`` -* :vytask:`T3033` ``(feature): Update Linux Kernel to v4.19.154`` -* :vytask:`T2969` ``(bug): OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit`` - - -2020-10-28 -========== - -* :vytask:`T2631` ``(default): l2tp, sstp, pptp add option to disable radius accounting`` -* :vytask:`T2630` ``(feature): Allow Interface MTU over 9000`` -* :vytask:`T3027` ``(bug): Unable to update system Signature check FAILED`` -* :vytask:`T2995` ``(bug): Enhancements/bugfixes for vyos_dict_search()`` -* :vytask:`T2968` ``(feature): Add support for Intel Atom C2000 series QAT`` - - -2020-10-27 -========== - -* :vytask:`T3026` ``(default): qemu: update script for deprecated ssh_host_port_min/max`` -* :vytask:`T2938` ``(feature): Adding remote Syslog RFC5424 compatibility`` -* :vytask:`T2924` ``(bug): Using 'set src' in a route-map invalidates it as part of a subsequent boot-up`` -* :vytask:`T2587` ``(bug): Cannot enable the interface when the MTU is set to less than 1280`` -* :vytask:`T2885` ``(default): configd: print commit errors to config session terminal`` -* :vytask:`T2808` ``(default): Add smoketest to ensure script consistency with config daemon`` -* :vytask:`T2582` ``(default): Script daemon to offload processing during commit`` -* :vytask:`T1721` ``(bug): Recursive Next Hop not updated for static routes`` - - -2020-10-24 -========== - -* :vytask:`T3007` ``(default): HTTP-API should use config load script, not backend config load`` -* :vytask:`T3009` ``(bug): vpn l2tp remoteaccess require option broken`` -* :vytask:`T3010` ``(bug): ttl option of gre-bridge`` -* :vytask:`T3005` ``(bug): Intel: update out-of-tree drivers, i40e driver warning`` -* :vytask:`T3004` ``(feature): ConfigSession should (optionally) use config load script`` -* :vytask:`T2723` ``(feature): Support tcptraceroute`` - - -2020-10-22 -========== - -* :vytask:`T2978` ``(bug): IPoE service does not work on shared mode`` -* :vytask:`T2906` ``(bug): OpenVPN: tls-auth missing key direction`` - - -2020-10-21 -========== - -* :vytask:`T2828` ``(bug): BGP conf_mode error enforce-first-as`` -* :vytask:`T2749` ``(bug): Setting ethx configuration takes a long time`` -* :vytask:`T2138` ``(default): Can't load archived configs as they are gzipped`` - - -2020-10-20 -========== - -* :vytask:`T2987` ``(bug): VxLAN not working properly after upgrading to latest October build and with a new installation`` -* :vytask:`T2989` ``(default): MPLS documentation expansion`` - - -2020-10-19 -========== - -* :vytask:`T1588` ``(bug): VRRP failed to start if any of its interaces not exist`` -* :vytask:`T1385` ``(feature): Allow bonding interfaces to have pseudo-ethernet interfaces`` -* :vytask:`T3000` ``(bug): Mismatch between "prefix-length" and "preference" in dhcp6-server syntax`` -* :vytask:`T2992` ``(feature): Automatically verify sha256 checksum on ISO download`` -* :vytask:`T752` ``(feature): Add an option to disable IPv4 forwarding on specific interface only`` - - -2020-10-18 -========== - -* :vytask:`T2965` ``(feature): Brief BFD Peer Info`` -* :vytask:`T2907` ``(feature): OpenVPN: Option to disable encryption`` -* :vytask:`T2985` ``(feature): Add glue code to create bridge interface on demand`` - - -2020-10-17 -========== - -* :vytask:`T2980` ``(bug): FRR bfdd crash due to invalid length`` -* :vytask:`T2991` ``(feature): Update WireGuard to 1.0.20200908`` -* :vytask:`T2990` ``(feature): Update Linux Kernel to v4.19.152`` -* :vytask:`T2981` ``(feature): MPLS LDP neighbor session clear capability`` -* :vytask:`T2792` ``(default): Failed to run `sudo make qemu` with vyos-build container due to the change of packer`` - - -2020-10-13 -========== - -* :vytask:`T2976` ``(bug): Client IP pool does not work for PPPoE local users`` - - -2020-10-12 -========== - -* :vytask:`T2951` ``(bug): Cannot enable logging for monitor nat`` -* :vytask:`T2782` ``(bug): Changing timezone, does not restart rsyslog`` - - -2020-10-06 -========== - -* :vytask:`T2957` ``(bug): show openvpn not printing anything`` - - -2020-10-05 -========== - -* :vytask:`T2963` ``(bug): Wireless: WIFI is not password protected when security wpa mode is not defined but passphrase is`` - - -2020-10-04 -========== - -* :vytask:`T2953` ``(feature): Accel-PPP services CLI config cleanup (SSTP, L2TP, PPPoE, IPoE)`` -* :vytask:`T2829` ``(bug): PPPoE server: mppe setting is implemented as node instead of leafNode`` -* :vytask:`T2960` ``(feature): sstp: migrate to get_config_dict()`` - - -2020-10-03 -========== - -* :vytask:`T2956` ``(feature): Add support for list of defaultValues`` -* :vytask:`T2955` ``(feature): Update Linux Kernel to v4.19.149`` - - -2020-10-02 -========== - -* :vytask:`T2952` ``(bug): configd: timeout breaks synchronization of messages, causing freeze`` - - -2020-10-01 -========== - -* :vytask:`T2945` ``(bug): Interface removed from bridge on setting change`` -* :vytask:`T2948` ``(bug): NAT: OSError when configuring translation address range`` -* :vytask:`T2936` ``(feature): Migrate PPPoE server to get_config_dict() do reduce boilerplate code`` - - -2020-09-30 -========== - -* :vytask:`T2939` ``(bug): Wireguard Remove Peer Fails`` - - -2020-09-29 -========== - -* :vytask:`T2919` ``(feature): PPPoE server: Called-Station-Id attribute`` -* :vytask:`T2918` ``(feature): Accounting interim jitter for pppoe, l2tp, pptp, ipoe`` -* :vytask:`T2917` ``(feature): PPPoE server: Preallocate NAS-Port-Id`` -* :vytask:`T2937` ``(feature): Update Linux Kernel to v4.19.148`` - - -2020-09-27 -========== - -* :vytask:`T2930` ``(feature): Support configuration of MAC address for VXLAN and GENEVE tunnel`` - - -2020-09-26 -========== - -* :vytask:`T2856` ``(bug): equuleus: `show version all` throws broken pipe exception on abort`` -* :vytask:`T2929` ``(bug): Upgrading from 1.2 (crux) to 1.3 rolling causes vyos.configtree.ConfigTreeError for RADIUS settings`` -* :vytask:`T2928` ``(bug): MTU less then 1280 bytes and IPv6 will raise FileNotFoundError`` -* :vytask:`T2926` ``(bug): snmp.py missing an import`` -* :vytask:`T2912` ``(feature): When setting MTU check for hardware maximum supported MTU size`` - - -2020-09-25 -========== - -* :vytask:`T2915` ``(bug): Lost "proxy-arp-pvlan" option for vlan`` -* :vytask:`T2925` ``(feature): Update Linux Kernel to v4.19.147`` -* :vytask:`T2921` ``(feature): Migrate "service dns forwarding" to get_config_dict() for ease of source maintenance`` - - -2020-09-24 -========== - -* :vytask:`T2896` ``(bug): set ip route 0.0.0.0/0 dhcp-interface eth0`` -* :vytask:`T2923` ``(bug): Configuring DHCPv6-PD without a interface to delegate to raises TypeError`` - - -2020-09-23 -========== - -* :vytask:`T2846` ``(bug): ip route doesn't show longer-prefixes`` - - -2020-09-20 -========== - -* :vytask:`T2904` ``(feature): 802.1ad / Q-in-Q ethertype default not utilized`` -* :vytask:`T2905` ``(feature): Sync CLI nodes between PPPoE and WWAN interface`` -* :vytask:`T2903` ``(feature): Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value`` - - -2020-09-19 -========== - -* :vytask:`T2894` ``(bug): bond: lacp: member interfaces get removed once bond interface has vlans configured`` -* :vytask:`T2901` ``(feature): Update Linux Kernel to v4.19.146`` -* :vytask:`T2900` ``(bug): DNS forwarding: invalid warning is shown for "system name-server" or "system name-servers-dhcp" even if present`` - - -2020-09-18 -========== - -* :vytask:`T945` ``(bug): Unable to change configuration after changing it from script (vbash + script-template)`` - - -2020-09-16 -========== - -* :vytask:`T2886` ``(bug): RADIUS authentication broken only returns operator level`` -* :vytask:`T2887` ``(bug): WiFi ht40+ channel width is not set in hostaptd.conf`` - - -2020-09-15 -========== - -* :vytask:`T2515` ``(bug): Ethernet interface is automatically disabled when removing it from bond`` - - -2020-09-14 -========== - -* :vytask:`T2872` ``(bug): "Show log" for nat and openvpn got intermixed`` -* :vytask:`T2301` ``(bug): Cannot delete PBR`` -* :vytask:`T2880` ``(feature): Update Linux Kernel to v4.19.145`` -* :vytask:`T2879` ``(feature): Cleanup 4.19.144 kernel configuration`` - - -2020-09-13 -========== - -* :vytask:`T2858` ``(feature): Rewrite dynamic dns client to get_config_dict()`` -* :vytask:`T2857` ``(feature): Cleanup Intel QAT configuration script`` -* :vytask:`T2877` ``(feature): LACP / bonding: support configuration of minimum number of links`` - - -2020-09-12 -========== - -* :vytask:`T2863` ``(default): Wireguard IPv6 Link-Local Addresses Are Not Unique`` -* :vytask:`T2876` ``(feature): Update Linux Kernel to v4.19.144`` - - -2020-09-10 -========== - -* :vytask:`T2870` ``(feature): Update Linux Kernel to v5.8.8`` - - -2020-09-09 -========== - -* :vytask:`T2728` ``(bug): Protocol option ignored for IPSec peers in transport mode`` -* :vytask:`T1934` ``(default): Change default hostname when deploy from OVA without params.`` -* :vytask:`T1953` ``(bug): DDNS service name validation rejects valid service names`` - - -2020-09-07 -========== - -* :vytask:`T1729` ``(default): PIM (Protocol Independent Multicast) implementation`` - - -2020-09-06 -========== - -* :vytask:`T2860` ``(bug): Update Accel-PPP to fix l2tp CVE`` - - -2020-09-02 -========== - -* :vytask:`T2833` ``(bug): RIP outgoing update filter list no longer operational`` -* :vytask:`T2849` ``(bug): vyos.xml.defaults should return a list on multi nodes, by default`` - - -2020-08-31 -========== - -* :vytask:`T2636` ``(bug): get_config_dict() shall always return a list on <multi/> nodes`` - - -2020-08-30 -========== - -* :vytask:`T2843` ``(feature): Upgrade Linux Kernel to 5.8 series`` -* :vytask:`T2814` ``(default): kernel 5.1+ : NAT : module `nft_chain_nat_ipv4` renamed`` -* :vytask:`T2839` ``(feature): Upgrade WireGuard user-space tools and Kernel module`` -* :vytask:`T2842` ``(feature): Replace custom "wireguard, wireguard-tools" package with debian-backports version`` - - -2020-08-29 -========== - -* :vytask:`T2836` ``(default): show system integrity broken in 1.3`` - - -2020-08-28 -========== - -* :vytask:`T2126` ``(bug): show vpn ipsec sa IPSec - Process NOT Running`` -* :vytask:`T2813` ``(bug): NAT: possible to commit illegal source nat without translation`` -* :vytask:`T1463` ``(bug): Missing command `show ip bgp scan` appears in command completion`` - - -2020-08-27 -========== - -* :vytask:`T2832` ``(feature): Migrate vyos-smoketest content into vyos-1x`` - - -2020-08-26 -========== - -* :vytask:`T2830` ``(default): Migrate "service https" to use get_config_dict()`` -* :vytask:`T2831` ``(feature): Update Linux Kernel to v4.19.142`` - - -2020-08-25 -========== - -* :vytask:`T2826` ``(bug): frr: frr python lib error in replace_section`` - - -2020-08-24 -========== - -* :vytask:`T2423` ``(bug): Loadkey scp ssh key errors`` - - -2020-08-23 -========== - -* :vytask:`T2811` ``(bug): Cannot delete vpn anyconnect`` -* :vytask:`T2823` ``(bug): VXLAN has state A/D after configuration`` -* :vytask:`T2812` ``(default): Add basic smoketest for anyconnect`` - - -2020-08-22 -========== - -* :vytask:`T2822` ``(feature): Update Linux Kernel to v4.19.141`` -* :vytask:`T2821` ``(feature): Support DHCPv6-PD without "address dhcpv6"`` -* :vytask:`T2677` ``(feature): Proposal for clearer DHCPv6-PD configuration options`` - - -2020-08-20 -========== - -* :vytask:`T2209` ``(bug): Documentation has reference to the old 'user x level admin' option`` -* :vytask:`T1665` ``(default): prefix-list and prefix-list6 rules incorrectly accept a host address where prefix is required`` -* :vytask:`T2815` ``(default): Move certbot config directory under /config/auth`` - - -2020-08-19 -========== - -* :vytask:`T2794` ``(bug): op-mode: lldp: "show lldp neighbors" IndexError: list index out of range`` -* :vytask:`T2791` ``(feature): "monitor traceroute" has no explicit IPv4/IPv6 support`` -* :vytask:`T1515` ``(bug): FRR ospf6d crashes when performing: "show ipv6 ospfv3 database"`` - - -2020-08-16 -========== - -* :vytask:`T2277` ``(bug): dhclient-script-vyos does not support VRFs`` -* :vytask:`T2090` ``(default): Deleting 'service salt-minion' causes python TypeError`` - - -2020-08-15 -========== - -* :vytask:`T2797` ``(feature): Update Linux Kernel to v4.19.139`` -* :vytask:`T2796` ``(bug): PPPoE-Server: listen interface is mandatory but validation check is missing`` - - -2020-08-14 -========== - -* :vytask:`T2795` ``(bug): console server fails to commit`` - - -2020-08-12 -========== - -* :vytask:`T2786` ``(bug): OSPF Interface Cost`` -* :vytask:`T2325` ``(bug): NHRP op-mode errors with missing daemon socket`` -* :vytask:`T2227` ``(feature): MPLS documentation`` -* :vytask:`T2767` ``(bug): The interface cannot be disabled for network enabled configuration`` -* :vytask:`T2316` ``(bug): DHCP-server op-mode errors`` - - -2020-08-11 -========== - -* :vytask:`T2779` ``(bug): LLDP: "show lldp neighbors interface" does not yield any result`` -* :vytask:`T2379` ``(bug): DHCPv6 address for interface deletion triggers a script error`` -* :vytask:`T2784` ``(default): Remove unused arg from host_name.py functions verify and get_config`` - - -2020-08-10 -========== - -* :vytask:`T2780` ``(feature): Update Linux Kernel to v4.19.138`` - - -2020-08-08 -========== - -* :vytask:`T2716` ``(bug): Shaper-HFSC shapes but does not control latency correctly`` -* :vytask:`T2497` ``(default): Cache config string during commit`` -* :vytask:`T2501` ``(bug): Cannot recover from failed boot config load`` -* :vytask:`T1974` ``(feature): Allow route-map to set administrative distance`` -* :vytask:`T1949` ``(bug): Multihop IPv6 BFD is unconfigurable`` - - -2020-08-04 -========== - -* :vytask:`T2758` ``(bug): router-advert: 'infinity' is not a valid integer number`` -* :vytask:`T2637` ``(bug): Vlan is not removed from the system`` -* :vytask:`T1287` ``(bug): No DHCPv6 leases reported for "show dhcpv6 client leases"`` - - -2020-08-03 -========== - -* :vytask:`T2241` ``(default): Changing settings on an interface causes it to fall out of bridge`` -* :vytask:`T2757` ``(bug): "show system image version" contains additional new-line character breaking output`` -* :vytask:`T1826` ``(bug): Misleading message on "reboot at" command`` -* :vytask:`T1511` ``(default): Rewrite ethernet setup scripts to python`` -* :vytask:`T1600` ``(default): Convert 'ping' operation from vyatta-op to new syntax`` -* :vytask:`T1486` ``(bug): Unknown LLDP version reported to peers`` -* :vytask:`T1414` ``(enhancment): equuleus: buster: 10-unmountfs.chroot fail under apply`` -* :vytask:`T1076` ``(bug): SSH: make configuration (sshd_config) volatile and store it to /run`` -* :vytask:`T2724` ``(feature): Support for IPv6 Toolset`` -* :vytask:`T2323` ``(bug): LLDP: "show lldp neighbors detail" returns warnings when service is not configured`` -* :vytask:`T1754` ``(bug): DHCPv6 client is impossible to restart`` - - -2020-08-02 -========== - -* :vytask:`T2756` ``(feature): Accel-PPP: make RADIUS accounting port configurable`` - - -2020-08-01 -========== - -* :vytask:`T2752` ``(bug): Exception when configuring unavailable ethernet interface`` -* :vytask:`T2751` ``(feature): Update Linux Kernel to v4.19.136`` -* :vytask:`T2753` ``(feature): Rewrite "add system image" op mode commands in XML`` -* :vytask:`T2690` ``(feature): Add VRF support to the add system image command`` - - -2020-07-30 -========== - -* :vytask:`T2746` ``(feature): IPv6 link-local addresses not configured`` -* :vytask:`T2678` ``(bug): High RAM usage on SSH logins with lots of IPv6 routes in the routing table.`` -* :vytask:`T2701` ``(bug): `vpn ipsec pfs enable` doesn't work with IKE groups`` -* :vytask:`T2745` ``(feature): router-advert: migrate to get_config_dict()`` - - -2020-07-29 -========== - -* :vytask:`T2743` ``(feature): WireGuard: move key migration from config script to migration script`` -* :vytask:`T2742` ``(feature): mDNS repeater: migrate to get_config_dict()`` - - -2020-07-28 -========== - -* :vytask:`T1117` ``(feature): 'show ipv6 bgp route-map' missing`` -* :vytask:`T928` ``(feature): Add support for PIM (Protocol-Independent Multicast)`` - - -2020-07-27 -========== - -* :vytask:`T2729` ``(feature): Pseudo-ethernet replace fail message`` -* :vytask:`T1249` ``(feature): multiple PBR rules can set to a single interface`` -* :vytask:`T1956` ``(feature): PPPoE server: support PADO-delay`` -* :vytask:`T1295` ``(feature): FRR: update documentation`` -* :vytask:`T1222` ``(bug): OSPF routing problem - route looping`` -* :vytask:`T1158` ``(bug): Route-Map configuration dropped updating rc11 to epa2`` -* :vytask:`T1130` ``(bug): Deleting BGP communities from prefix does not work`` -* :vytask:`T2067` ``(feature): pppoe-server: Add possibility set multiple service-name`` - - -2020-07-26 -========== - -* :vytask:`T2734` ``(feature): WireGuard: fwmark CLI definition is inconsistent`` -* :vytask:`T2733` ``(feature): Support MTU configuration on pseudo ethernet devices`` -* :vytask:`T2644` ``(default): Bonding interfaces cannot be disabled`` -* :vytask:`T2476` ``(bug): Bond member description change leads to network outage`` -* :vytask:`T2443` ``(feature): NHRP: Add debugging information to syslog`` -* :vytask:`T2021` ``(bug): OSPFv3 doesn't support decimal area syntax`` -* :vytask:`T1901` ``(bug): Semicolon in values is interpreted as a part of the shell command by validators`` -* :vytask:`T2000` ``(bug): strongSwan does not install routes to table 220 in certain cases`` -* :vytask:`T2091` ``(bug): swanctl.conf file is not generated properly if more than one IPsec profile is used`` -* :vytask:`T1983` ``(feature): Expose route-map when BGP routes are programmed in to FIB`` -* :vytask:`T1973` ``(feature): Allow route-map to match on BGP local preference value`` -* :vytask:`T1853` ``(bug): wireguard - disable peer doesn't work`` -* :vytask:`T1985` ``(feature): pppoe: Enable ipv6 modules without configured ipv6 pools`` - - -2020-07-25 -========== - -* :vytask:`T2730` ``(feature): Update Linux Kernel to v4.19.134`` -* :vytask:`T2106` ``(bug): Wrong interface states after reboot`` -* :vytask:`T1507` ``(default): cli: logical redundancy with boolean type`` - - -2020-07-24 -========== - -* :vytask:`T2097` ``(bug): Problems when using <path> as completion helper in op-mode`` -* :vytask:`T2092` ``(bug): dhcp-server rfc3442 static route should add default route`` -* :vytask:`T1817` ``(bug): BGP next-hop-self not working.`` -* :vytask:`T1462` ``(bug): Upgrade path errors 1.1.8 to 1.2.1-S2`` -* :vytask:`T1372` ``(bug): Diff functionality behaves incorrectly in some cases`` -* :vytask:`T2073` ``(feature): ipoe-server: reset op-mode command for sessions`` -* :vytask:`T1715` ``(bug): System DNS Server Order Incorrect`` - - -2020-07-23 -========== - -* :vytask:`T2673` ``(bug): After the bridge is configured with Mac, bridge is automatically disabled`` -* :vytask:`T2626` ``(bug): Changing pseudo-ethernet mode, throws CLI error`` -* :vytask:`T2608` ``(bug): delete pseudo-ethernet failed (another error type)`` -* :vytask:`T2527` ``(bug): bonding: the last slave interface is not deleted`` -* :vytask:`T2358` ``(bug): ip6ip6 bridge conf_mode errors`` -* :vytask:`T2346` ``(bug): Setting hostname yields temporary file error`` -* :vytask:`T2330` ``(bug): Vpn op-mode syntax`` -* :vytask:`T2188` ``(default): NTP op-mode commands don't work`` - - -2020-07-22 -========== - -* :vytask:`T2718` ``(bug): ntp.conf updated incorrectly`` -* :vytask:`T2658` ``(bug): Interface description comment display error`` -* :vytask:`T2643` ``(bug): show interfaces does not scale with terminal width`` -* :vytask:`T2725` ``(bug): Config fails to load if user has no password`` -* :vytask:`T2707` ``(default): Allow alternative initialization data for Config`` - - -2020-07-20 -========== - -* :vytask:`T2709` ``(bug): Destination NAT translation port without address fails to commit`` -* :vytask:`T2519` ``(bug): Broadcast address does not add automatically`` - - -2020-07-19 -========== - -* :vytask:`T2708` ``(bug): "show flow-accounting" should not display script's "usage" help`` -* :vytask:`T2592` ``(default): dhcp-relay discarding packets on valid interfaces`` -* :vytask:`T2712` ``(feature): udp-broadcast-relay: serivce no longer starts`` -* :vytask:`T2706` ``(feature): Support NDP protocol monitoring`` - - -2020-07-18 -========== - -* :vytask:`T2704` ``(bug): connect/disconnect Missing newline in op-mode tab completion helper`` -* :vytask:`T2689` ``(feature): Add helper functions to query changes between session and effective configs`` -* :vytask:`T2585` ``(bug): Unable to access the Internet after opening PPPoE on-demand dialing`` - - -2020-07-15 -========== - -* :vytask:`T2675` ``(bug): DNS service failed to start`` -* :vytask:`T2596` ``(feature): Allow specifying source IP for 'add system image'`` - - -2020-07-12 -========== - -* :vytask:`T1575` ``(default): `show snmp mib ifmib` crashes with IndexError`` -* :vytask:`T2696` ``(bug): Some bugfixes of vyatta-wanloadbalance`` - - -2020-07-11 -========== - -* :vytask:`T2687` ``(feature): SNMP: change logic on v3 password encryption`` -* :vytask:`T2693` ``(bug): Dhcp6c cannot be restarted after PPPoE link is reset`` - - -2020-07-08 -========== - -* :vytask:`T2692` ``(bug): Evaluate Setting Default Hash Policy to L3+L4`` -* :vytask:`T2646` ``(bug): Sysctl for IPv4 ECMP Hash Policy Not Set`` - - -2020-07-07 -========== - -* :vytask:`T2691` ``(bug): Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch`` -* :vytask:`T2389` ``(bug): BGP community-list unknown command`` -* :vytask:`T2686` ``(bug): FRR: BGP: large-community configuration is not applied properly after upgrading FRR to 7.3.x series`` - - -2020-07-06 -========== - -* :vytask:`T2680` ``(bug): dhcp6c service cannot recover when it fails`` - - -2020-07-05 -========== - -* :vytask:`T2684` ``(feature): Update Linux Kernel to v4.19.131`` -* :vytask:`T2685` ``(feature): Update Accel-PPP to fix SSTP client issues`` -* :vytask:`T2681` ``(bug): PPPoE stops negotiating IPv6`` - - -2020-07-04 -========== - -* :vytask:`T2682` ``(bug): VRF aware services - connection no longer possible after system reboot`` - - -2020-07-03 -========== - -* :vytask:`T2670` ``(default): Remove dependency on show_config from get_config_dict`` -* :vytask:`T2676` ``(feature): NTP: migrate to get_config_dict() implementation`` - - -2020-07-02 -========== - -* :vytask:`T2668` ``(default): get_config_dict: add get_first_key arg to utility function get_sub_dict`` - - -2020-07-01 -========== - -* :vytask:`T2662` ``(default): get_config_dict includes node name as key only for tag and leaf nodes`` -* :vytask:`T2667` ``(feature): get_config_dict: Use utility function for non-empty path argument`` - - -2020-06-28 -========== - -* :vytask:`T2660` ``(bug): XML: Python default dictionary does not obey underscore (_) when flat is False`` - - -2020-06-27 -========== - -* :vytask:`T2656` ``(bug): XML: Python default dictionary returns wrong dictionary level(s)`` - - -2020-06-26 -========== - -* :vytask:`T2642` ``(bug): sshd fails to start due to configuration error`` -* :vytask:`T2588` ``(default): Add support for default values to the interface-definition format`` -* :vytask:`T2622` ``(bug): Pseudo-ethernet interface config disappears across versions`` -* :vytask:`T2057` ``(feature): Generalised Interface configuration`` -* :vytask:`T2625` ``(feature): Provide generic Library for package builds`` - - -2020-06-25 -========== - -* :vytask:`T2487` ``(bug): VRRP does not display info when group disabled`` -* :vytask:`T2329` ``(bug): Show remote config openvpn`` -* :vytask:`T2165` ``(bug): When trying to add route to ripng it complains that ip address should be IPv4 format`` -* :vytask:`T2159` ``(default): webproxy log read from wrong file`` -* :vytask:`T2101` ``(feature): Fix VXLAN config option parsing`` -* :vytask:`T2062` ``(bug): Wrong dhcp-server static route subnet bytes`` -* :vytask:`T1986` ``(bug): Python configuration manipulation library leaks open files`` -* :vytask:`T1762` ``(bug): VLAN interface configuration fails after internal representation of edit level was switched from a string to a list`` -* :vytask:`T1538` ``(bug): Update conntrack-sync packages to fix VRRP issues`` -* :vytask:`T1808` ``(feature): add package nftables`` - - -2020-06-24 -========== - -* :vytask:`T2634` ``(feature): remove autogeneration of interface "ip section" from vyatta-cfg-system`` -* :vytask:`T2633` ``(bug): Error with arp_accept on tun interface`` -* :vytask:`T2595` ``(feature): Update Linux Kernel to v4.19.128`` -* :vytask:`T1938` ``(bug): syslog doesn't start automatically`` - - -2020-06-23 -========== - -* :vytask:`T2632` ``(bug): WireGuard: Cannot use only one preshared-key for one peer`` -* :vytask:`T1829` ``(bug): Install Image script does not respect size of partition greater than 2G but less than disk size`` -* :vytask:`T2635` ``(feature): SSH: migrate to get_config_dict()`` - - -2020-06-22 -========== - -* :vytask:`T2486` ``(bug): DNS records set via 'system static-host-mapping' return NXDOMAIN from 'service dns forwarding' after a request to a forwarded zone`` -* :vytask:`T2463` ``(bug): DHCP-received nameserver not added to vyos-hostsd`` -* :vytask:`T2534` ``(bug): pdns-recursor override.conf error`` -* :vytask:`T2054` ``(bug): Changing "system name-server" doesn't update dns forwarding config, neither does "restart dns forwarding"`` -* :vytask:`T2225` ``(default): PIM/IGMP documentation`` - - -2020-06-21 -========== - -* :vytask:`T2624` ``(feature): Serial Console: fix migration script for configured powersave and no console`` -* :vytask:`T2610` ``(bug): default-lifetime is not reflected in the RA message`` -* :vytask:`T2299` ``(feature): login radius-server priority`` -* :vytask:`T1739` ``(bug): Serial interface seems not to be deleted properly`` -* :vytask:`T480` ``(bug): Error if no serial interface is present (/dev/ttyS0: not a tty)`` - - -2020-06-20 -========== - -* :vytask:`T2621` ``(bug): show interfaces repeats interface description if it is longer then an arbitrary number of characters`` -* :vytask:`T2618` ``(default): Conversion from 1.2 to 1.3 lost RADVD prefix autonomous-flag setting`` - - -2020-06-19 -========== - -* :vytask:`T2589` ``(bug): delete pseudo-ethernet failed`` -* :vytask:`T2490` ``(feature): Add serial (rs232) to ssh bridge service`` - - -2020-06-18 -========== - -* :vytask:`T2614` ``(default): Add an option to mangle dict keys to vyos.config.get_config_dict()`` -* :vytask:`T2026` ``(default): Make cli-shell-api correctly exit with non-zero code on failures`` -* :vytask:`T1868` ``(default): Add opportunity to get current values from API`` - - -2020-06-17 -========== - -* :vytask:`T2478` ``(feature): login radius: use NAS-IP-Address if defined source address`` -* :vytask:`T2141` ``(bug): Static ARP is not applied on boot`` -* :vytask:`T2609` ``(bug): router-advert: radvd does not start when lifetime is improperly configured`` -* :vytask:`T1720` ``(feature): support for more 'show ip route' commands`` - - -2020-06-16 -========== - -* :vytask:`T2604` ``(default): Remove use of is_tag in system-syslog.py`` -* :vytask:`T2605` ``(bug): SNMP service is not disabled by default`` -* :vytask:`T2568` ``(bug): Add some missing checks in config`` -* :vytask:`T2156` ``(default): PIM op-mode commands`` - - -2020-06-15 -========== - -* :vytask:`T2600` ``(bug): RADIUS system login configuration rendered wrongly`` -* :vytask:`T2599` ``(bug): "show interfaces" does not list VIF interfaces in ascending order`` -* :vytask:`T2591` ``(bug): show command has wrong interfaces ordering`` -* :vytask:`T2576` ``(bug): "show interfaces" does not return VTI`` - - -2020-06-14 -========== - -* :vytask:`T2354` ``(bug): Wireless conf_mode errors`` -* :vytask:`T2593` ``(bug): source NAT translation port can not be set when translation address is set to masquerade`` -* :vytask:`T2594` ``(default): Missing firmware for iwlwifi`` - - -2020-06-11 -========== - -* :vytask:`T2578` ``(bug): ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses`` -* :vytask:`T2571` ``(bug): NAT destination port with ! results in error`` -* :vytask:`T2570` ``(feature): Drop support for "system console device <device> modem"`` -* :vytask:`T2586` ``(bug): WWAN default route is not installed into VRF`` -* :vytask:`T2561` ``(feature): Drop support for "system console netconsole"`` -* :vytask:`T2569` ``(feature): Migrate "set system console" to XML and Python representation`` - - -2020-06-10 -========== - -* :vytask:`T2575` ``(bug): pppoe-server: does not possibly assign IP address`` -* :vytask:`T2565` ``(bug): Cannot connect to l2tp server with radius auth`` -* :vytask:`T2553` ``(bug): set interface ethN vif-s nnnn does not commit`` - - -2020-06-08 -========== - -* :vytask:`T2559` ``(feature): Add operational mode command to retrieve hardware sensor data`` - - -2020-06-07 -========== - -* :vytask:`T2529` ``(feature): WWAN: migrate from ttyUSB device to new device in /dev/serial/by-bus`` -* :vytask:`T2560` ``(feature): New op-mode command to display information about USB interfaces`` - - -2020-06-05 -========== - -* :vytask:`T2548` ``(bug): Interfaces allowing inappropriate network addresses to be assigned`` -* :vytask:`T1958` ``(default): Include only firmware we actually need`` - - -2020-06-04 -========== - -* :vytask:`T2514` ``(enhancment): "mac" setting for bond members`` - - -2020-06-02 -========== - -* :vytask:`T2129` ``(feature): XML schema: tagNode not allowed on first level in new XML op-mode definition`` -* :vytask:`T2545` ``(feature): Show physical device offloading capabilities for specified ethernet interface`` -* :vytask:`T2544` ``(feature): Enable Kernel KONFIG_KALLSYMS`` -* :vytask:`T2543` ``(feature): Kernel: always build perf binary but ship as additional deb package to not bloat the image`` -* :vytask:`T1096` ``(bug): BGP process memory leak`` - - -2020-06-01 -========== - -* :vytask:`T2535` ``(feature): Update Intel QAT drivers to 1.7.l.4.9.0-00008`` -* :vytask:`T2537` ``(feature): Migrate "show log dns" from vyatta-op to vyos-1x`` -* :vytask:`T2536` ``(bug): "show log dns forwarding" still refers to dnsmasq`` -* :vytask:`T2538` ``(feature): Update Intel NIC drivers to recent release (preparation for Kernel >=5.4)`` -* :vytask:`T2526` ``(feature): Wake-On-Lan CLI implementation`` - - -2020-05-31 -========== - -* :vytask:`T2532` ``(feature): VRF aware OpenVPN`` - - -2020-05-30 -========== - -* :vytask:`T2388` ``(feature): template rendering should create folder and set permission`` -* :vytask:`T2531` ``(feature): Update Linux Kernel to v4.19.125`` -* :vytask:`T2530` ``(bug): Error creating VRF with a name of exactly 16 characters`` - - -2020-05-29 -========== - -* :vytask:`T2528` ``(bug): "update dns dynamic" throws FileNotFoundError excepton`` - - -2020-05-28 -========== - -* :vytask:`T1291` ``(default): Under certain conditions the VTI will stay forever down`` - - -2020-05-27 -========== - -* :vytask:`T2395` ``(feature): HTTP API move to flask/flask-restx as microframework`` -* :vytask:`T1121` ``(bug): Can't search for prefixes by community: Community malformed: AA:NN`` - - -2020-05-26 -========== - -* :vytask:`T2520` ``(bug): show conntrack fails with Perl error`` -* :vytask:`T2502` ``(bug): PPPoE default route not installed for IPv6 when "default-route auto"`` -* :vytask:`T2458` ``(feature): Update FRR to 7.3.1`` -* :vytask:`T2506` ``(feature): DHCPv6-PD add prefix hint CLI option`` - - -2020-05-25 -========== - -* :vytask:`T2391` ``(bug): pppoe-server session-control does not work`` -* :vytask:`T2269` ``(feature): SSTP specify tunnels names`` -* :vytask:`T1137` ``(bug): 'sh ip bgp sum' being truncated`` - - -2020-05-22 -========== - -* :vytask:`T2491` ``(feature): MACsec: create CLI for replay protection`` -* :vytask:`T2489` ``(feature): Add MACsec interfaces to "show interfaces" output`` -* :vytask:`T2201` ``(feature): Rewrite protocol BGP [op-mode] to new XML/Python style`` -* :vytask:`T2492` ``(feature): Do not set encrypted user password when it is not changed`` -* :vytask:`T2496` ``(feature): Set default to new syntax for config file component versions`` -* :vytask:`T2493` ``(feature): Update Linux Kernel to v4.19.124`` -* :vytask:`T2380` ``(bug): After PPPoE 0 is restarted, the default static route is lost`` - - -2020-05-21 -========== - -* :vytask:`T1876` ``(bug): IPSec VTI tunnels are deleted after rekey and dangling around as A/D`` -* :vytask:`T2488` ``(feature): Remove logfile for dialup interfaces like pppoe and wwan`` -* :vytask:`T2475` ``(bug): linting`` -* :vytask:`T1820` ``(bug): VRRP transition scripts for sync-groups are not supported in VyOS (anymore)`` -* :vytask:`T2364` ``(default): Add CLI command for mroute`` -* :vytask:`T2023` ``(feature): Add support for 802.1ae MACsec`` - - -2020-05-20 -========== - -* :vytask:`T2480` ``(bug): NAT: after rewrite commit tells that dnat IP address is not locally connected`` - - -2020-05-19 -========== - -* :vytask:`T2481` ``(feature): WireGuard: support tunnel via IPv6 underlay`` -* :vytask:`T421` ``(bug): Add Pv6 prefix delegation support`` -* :vytask:`T815` ``(feature): Add DHCPv6 server prefix-delegation support`` - - -2020-05-17 -========== - -* :vytask:`T2471` ``(feature): PPPoE server: always add AdvAutonomousFlag when IPv6 is configured`` -* :vytask:`T2409` ``(default): At boot, effective config should not be equal to current config`` - - -2020-05-16 -========== - -* :vytask:`T2466` ``(bug): live-build encounters apt dependency problem when building with local packages`` -* :vytask:`T2470` ``(feature): Update to PowerDNS recursor 4.3`` -* :vytask:`T2469` ``(feature): Update Linux Kernel to v4.19.123`` -* :vytask:`T2198` ``(default): Rewrite NAT in new XML/Python style`` - - -2020-05-15 -========== - -* :vytask:`T2449` ``(bug): 'ipv6 address autoconf' and 'address dhcpv6' don't work because interfaces have accept_ra=1 (they should have accept_ra=2 when forwarding=1)`` - - -2020-05-14 -========== - -* :vytask:`T2456` ``(bug): netflow source-ip cannot be configured`` - - -2020-05-13 -========== - -* :vytask:`T2435` ``(bug): Pseudo-ethernet Interfaces Broken`` -* :vytask:`T2294` ``(bug): ipoe-server broken (jinja2 template issue)`` - - -2020-05-12 -========== - -* :vytask:`T2454` ``(feature): Update Linux Kernel to v4.19.122`` -* :vytask:`T2392` ``(bug): SSTP with ipv6`` - - -2020-05-10 -========== - -* :vytask:`T2445` ``(bug): VRF route leaking for ipv4 not working`` -* :vytask:`T2372` ``(bug): VLAN: error on commit if main interface is disabled`` -* :vytask:`T2439` ``(bug): Configuration dependency problem, unable to load complex configuration after reboot`` - - -2020-05-09 -========== - -* :vytask:`T2427` ``(default): Interface addressing broken since fix for T2372 was merged`` -* :vytask:`T2438` ``(default): isc-dhcp-server(6).service reports startup success immediately even if dhcpd fails to start up`` -* :vytask:`T2367` ``(default): Flush addresses from bridge members`` - - -2020-05-08 -========== - -* :vytask:`T2441` ``(bug): TZ validator has a parse error`` -* :vytask:`T2429` ``(bug): Vyos cannot apply VLAN sub interface to bridge`` - - -2020-05-06 -========== - -* :vytask:`T2402` ``(bug): Live ISO should warn when configuring that changes won't persist`` - - -2020-05-05 -========== - -* :vytask:`T1899` ``(bug): Unionfs metadata folder is copied to the active configuration directory`` - - -2020-05-04 -========== - -* :vytask:`T2412` ``(bug): ping flood does not work as unprivileged user`` -* :vytask:`T701` ``(bug): LTE interface dosen't come up`` -* :vytask:`T951` ``(bug): command 'isolate-stations true/false' does not make any changes in the hostapd.conf`` - - -2020-05-03 -========== - -* :vytask:`T2420` ``(feature): Update Linux Kernel to v4.19.120`` -* :vytask:`T2406` ``(feature): DHCPv6 CLI improvements`` -* :vytask:`T2421` ``(feature): Update WireGuard to Debian release 1.0.20200429-2_bpo10+1`` - - -2020-05-02 -========== - -* :vytask:`T2414` ``(feature): Improve runtime from Python numeric validator`` -* :vytask:`T2413` ``(feature): Update Linux Kernel to v4.19.119`` - - -2020-05-01 -========== - -* :vytask:`T2411` ``(feature): op-mode: make "monitor traceroute" VRF aware`` -* :vytask:`T2347` ``(bug): During commit, any script output directed to stdout will contain path`` -* :vytask:`T2239` ``(default): build-vmware-image script ignores the predefined file path, uses the environment variable unconditionally.`` - - -2020-04-29 -========== - -* :vytask:`T2399` ``(bug): op-mode "dhcp client leases" does not return leases`` -* :vytask:`T2398` ``(bug): op-mode "dhcp client leases interface" completion helper misses interfaces`` -* :vytask:`T2394` ``(feature): dhcpv6 client does not start`` -* :vytask:`T2393` ``(feature): dhclient: migrate from SysVinit to systemd`` -* :vytask:`T2268` ``(bug): DHCPv6 is broken`` - - -2020-04-28 -========== - -* :vytask:`T1227` ``(bug): rip PW can't be set at interface config`` - - -2020-04-27 -========== - -* :vytask:`T2373` ``(feature): Required auth options for pppoe-server`` -* :vytask:`T1381` ``(feature): Enable DHCP option 121 processing`` -* :vytask:`T2010` ``(bug): Reboot at reports wrong time or missing timezone`` - - -2020-04-26 -========== - -* :vytask:`T2386` ``(bug): salt: upgrade to 2019.2 packages`` -* :vytask:`T2385` ``(bug): salt-minion: improve completion helpers`` -* :vytask:`T2384` ``(bug): salt-minion: log to syslog and remove custom logging option`` -* :vytask:`T2383` ``(feature): Update Linux Kernel to v4.19.118`` -* :vytask:`T2382` ``(bug): salt-minion: Throws KeyError on commit`` -* :vytask:`T2350` ``(bug): Interface geneve conf-mode error`` - - -2020-04-25 -========== - -* :vytask:`T2304` ``(feature): "system login" add RADIUS VRF support`` -* :vytask:`T1842` ``(bug): Equuleus: "reboot at 04:00" command not working`` - - -2020-04-24 -========== - -* :vytask:`T2375` ``(feature): WireGuard: throw exception if address and port are not given as both are mandatory`` -* :vytask:`T2348` ``(bug): On IPv6 address distribution and DHCPv6 bugs`` - - -2020-04-23 -========== - -* :vytask:`T2369` ``(feature): VRF: can not leak interface route from default VRf to any other VRF`` -* :vytask:`T2368` ``(bug): VRF: missing completion helper when leaking to default table`` -* :vytask:`T2374` ``(bug): Tunnel interface can not be disabled`` -* :vytask:`T2362` ``(default): IPv6 link-local addresses missing due to EUI64 address code, causing router-advert not to work`` -* :vytask:`T2345` ``(default): IPv6 router-advert not working`` - - -2020-04-22 -========== - -* :vytask:`T2361` ``(bug): Unable to delete VLAN vif interface`` -* :vytask:`T2339` ``(bug): OpenVPN: IPv4 no longer working after adding IPv6 support`` -* :vytask:`T2331` ``(bug): VRRP op-mode errors`` -* :vytask:`T2320` ``(bug): Wireguard creates non-existing interfaces in [op-mode].`` -* :vytask:`T2096` ``(feature): Provide "generate" and "show" commands via the http API`` -* :vytask:`T2351` ``(feature): Cleanup PPTP server implementation and CLI commands`` - - -2020-04-21 -========== - -* :vytask:`T2341` ``(bug): Pseudo-ethernet Interfaces Not Loaded on Boot`` -* :vytask:`T2270` ``(bug): using load with scp/sftp and a username and password does not work`` -* :vytask:`T2255` ``(bug): DNS forwarding op-mode error`` -* :vytask:`T1907` ``(bug): Traceback on a non-existent interface.`` -* :vytask:`T2204` ``(feature): Support tunnel source-interface`` - - -2020-04-20 -========== - -* :vytask:`T2335` ``(bug): Unable to assign IPv6 from ISP`` -* :vytask:`T2317` ``(bug): l2tp overwriting ipsec config files`` -* :vytask:`T2292` ``(bug): Ensure graceful shutdown of vyos-http-api`` -* :vytask:`T2344` ``(bug): PPPoE server client static IP assignment silently fails`` - - -2020-04-19 -========== - -* :vytask:`T2337` ``(default): hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028`` -* :vytask:`T2340` ``(feature): Remove informational "sg" messages from syslog`` -* :vytask:`T2338` ``(bug): Can't delete static IPv6 route on vrf`` -* :vytask:`T2336` ``(bug): OpenVPN service fails to start`` -* :vytask:`T2308` ``(default): openvpn op-mode scripts broken after migrating to systemd service`` -* :vytask:`T2185` ``(default): Start daemons with systemd units instead of with start-stop-daemon`` - - -2020-04-18 -========== - -* :vytask:`T2318` ``(bug): dns-forwarding migration script breaks with invalid interface name`` -* :vytask:`T2319` ``(feature): Update Linux Kernel to v4.19.116`` -* :vytask:`T2314` ``(feature): Cleanup PPPoE server implementation and CLI commands`` -* :vytask:`T2313` ``(bug): Accel-PPP / PPPoEserver raises "Floating point exception" when not all limits are defined`` -* :vytask:`T2312` ``(feature): Use LED modules to enable more visible feedback on VyOS hardware chassis`` -* :vytask:`T2306` ``(feature): Add new cipher suites to the WiFi configuration`` -* :vytask:`T2286` ``(default): IPoE server vulnerability`` -* :vytask:`T2224` ``(feature): Update Linux Kernel to v4.19.114`` -* :vytask:`T2110` ``(feature): RADIUS: supply include file for radius config to have a uniform CLI`` -* :vytask:`T2324` ``(feature): Cleanup IPoE server implementation and CLI commands`` - - -2020-04-17 -========== - -* :vytask:`T2275` ``(bug): flow-accounting broken in rolling`` -* :vytask:`T2256` ``(feature): Accel-ppp op-mode syntax`` - - -2020-04-16 -========== - -* :vytask:`T2295` ``(bug): Passwords with Special Characters Broken`` -* :vytask:`T2305` ``(feature): Add release name to "show version" command`` -* :vytask:`T2235` ``(default): OpenVPN server client IP doesn't reserve that IP in the pool`` -* :vytask:`T149` ``(feature): IPv6 support in OpenVPN tunnel`` - - -2020-04-15 -========== - -* :vytask:`T2293` ``(bug): OpenVPN: UnboundLocalError after merging server_network PullRequest`` -* :vytask:`T2298` ``(bug): Errors PDNS with name-server set`` - - -2020-04-14 -========== - -* :vytask:`T2213` ``(bug): vyos-1x: WiFi mode ieee80211ac should also activate ieee80211n`` - - -2020-04-13 -========== - -* :vytask:`T2283` ``(default): openvpn not starting: ccd path in template not moved to /run/openvpn/ccd`` -* :vytask:`T2236` ``(bug): DMVPN broken after tunnel rewrite to XML/Python`` -* :vytask:`T2284` ``(default): Upgrade ddclient to 3.9.1 which also brings systemd files`` -* :vytask:`T2282` ``(feature): Clarify hw-id in ethernet and wireless interface nodes`` -* :vytask:`T611` ``(feature): Static route syntax should reflect `ip` command routing capabilities, if possible.`` - - -2020-04-12 -========== - -* :vytask:`T2273` ``(default): OpenVPN no longer starts in latest rolling, migrate to systemd`` -* :vytask:`T2263` ``(feature): Reset feature for SSTP sessions`` -* :vytask:`T2262` ``(bug): Broken reset commands for pptp and l2tp`` -* :vytask:`T2031` ``(bug): pseudo-ethernet link interface cannot be changed`` - - -2020-04-11 -========== - -* :vytask:`T2264` ``(feature): l2tp: cleanup CLI definition`` -* :vytask:`T2233` ``(bug): Typos in wlanX.cfg`` -* :vytask:`T2238` ``(bug): After re-writing list_interfaces.py to use Interfaces() pseudo-ethernet is missing`` - - -2020-04-10 -========== - -* :vytask:`T2265` ``(feature): DHCP to be an attribute of the class instead of a inheritance`` -* :vytask:`T2261` ``(bug): "client-config-dir" not being set for openvpn`` -* :vytask:`T2248` ``(bug): PPPoE Broken in Latest 1.3 Rolling (1.3-rolling-202004070629)`` -* :vytask:`T1629` ``(bug): IP addresses configured on vif-s interfaces are not added to the system`` -* :vytask:`T2266` ``(default): openvpn bridged client-server doesn't work (validation error)`` -* :vytask:`T2253` ``(default): Fix use of cmd in merge config and remote function helpers`` - - -2020-04-09 -========== - -* :vytask:`T2260` ``(feature): vxlan, pseudo-ethernet: convert link nodes to source-interface`` -* :vytask:`T2172` ``(feature): Enable conf VXLAN without remote address`` -* :vytask:`T2237` ``(bug): l2tp, pptp, pppoe wrong chap-secrets file`` - - -2020-04-08 -========== - -* :vytask:`T2244` ``(feature): WireGuard: cleanup Python implementation and reduce amount of boilerplate code`` -* :vytask:`T2186` ``(feature): Provide more information to the user when a traceback is reported to the user`` -* :vytask:`T2246` ``(bug): LLDP op-mode error`` -* :vytask:`T2240` ``(feature): Support for bind vif-c interfaces into VRFs`` -* :vytask:`T2160` ``(feature): Allow restricting HTTP API to specific virtual hosts`` -* :vytask:`T2247` ``(feature): WireGuard: add VRF support`` - - -2020-04-05 -========== - -* :vytask:`T2212` ``(bug): vyos-1x: WiFi card antenna count not set accordingly`` -* :vytask:`T2230` ``(feature): Split out inlined Jina2 template to data/templates folder`` -* :vytask:`T2206` ``(feature): Split WireGuard endpoint into proper host and port nodes`` - - -2020-04-04 -========== - -* :vytask:`T2158` ``(bug): Commit fails if ethernet interface doesn't support flow control (pause)`` -* :vytask:`T2221` ``(bug): Ability to remove a VRF that has a next-hop-vrf as target`` -* :vytask:`T2211` ``(bug): vyos-1x: VHT channel width not set accordingly`` -* :vytask:`T2208` ``(bug): vyos-1x: commit on interfaces wireless wlanX capabilities vht link-adaptation (both|unsolicited) fails`` -* :vytask:`T2183` ``(bug): A number of bugs with wireguard script due to interface rearrangement`` -* :vytask:`T2104` ``(default): ifconfig.py size`` -* :vytask:`T2028` ``(feature): Convert "interfaces tunnel" to new XML/Python representation`` -* :vytask:`T2219` ``(bug): VRF default route of PPPoE and WWAN interfaces do not get added into proper routing table`` -* :vytask:`T2222` ``(default): openvpn: requires "multihome" option to listen on all addresses with udp protocol`` - - -2020-04-02 -========== - -* :vytask:`T2072` ``(bug): Shell autocomplete of option (config node) with quoted value doesn't work`` -* :vytask:`T1823` ``(feature): l2tpv3 interface migration fails`` -* :vytask:`T2202` ``(feature): Update PowerDNS recursor to 4.2 series`` -* :vytask:`T2200` ``(feature): Add VRF support on wirelessmodem interfaces`` - - -2020-03-31 -========== - -* :vytask:`T2166` ``(bug): Broken proxy-arp on vif`` -* :vytask:`T2180` ``(bug): get_config_dict should be independent of CLI edit level`` -* :vytask:`T2053` ``(default): Update vyos-load-config.py for version string syntax change`` -* :vytask:`T2052` ``(default): Update vyos-merge-config.py for version string syntax change`` -* :vytask:`T2144` ``(default): vyos-build: docker: selection of text in the terminal still selects it in vim (mouse isn't completely disabled)`` - - -2020-03-30 -========== - -* :vytask:`T2176` ``(default): 'WiFiIf' object has no attribute 'set_state'`` -* :vytask:`T2029` ``(feature): Switch to new syntax for config file component versions`` - - -2020-03-29 -========== - -* :vytask:`T2178` ``(bug): VRF interface don't get removed when VRF is deleted`` -* :vytask:`T2170` ``(feature): Add ability to create static route from default to VRF`` -* :vytask:`T1831` ``(feature): Denest IPv6 router-advert from Interfaces to general service`` - - -2020-03-28 -========== - -* :vytask:`T2167` ``(bug): vyos.ifconfig.get_mac() broken`` -* :vytask:`T2151` ``(default): wireless: can't delete interface present in config but not present in system`` -* :vytask:`T1988` ``(feature): Migrate wirelessmodem to new XML/Python style interface`` - - -2020-03-27 -========== - -* :vytask:`T2164` ``(bug): Package libstrongswan-standard-plugins missing from image`` -* :vytask:`T2105` ``(bug): wireless: not possible to disabled wlan0`` -* :vytask:`T2169` ``(default): Remove redundant use of show_config in vyos-merge-config`` - - -2020-03-26 -========== - -* :vytask:`T2162` ``(default): migration script for router-advert sets link-mtu 0 on bridge interfaces`` -* :vytask:`T1735` ``(bug): Issue in "show vpn ipsec/ike sa" output with ipsec encryption algorithm aes128gcm128/aes256gcm128/chacha etc`` - - -2020-03-25 -========== - -* :vytask:`T2148` ``(default): openvpn: setting "server client" config without "server client ip" results in ValueError: '' does not appear to be an IPv4 or IPv6 address`` -* :vytask:`T2146` ``(default): openvpn: "delete server client" doesn't delete the corresponding ccd configs`` - - -2020-03-24 -========== - -* :vytask:`T2157` ``(default): Organize service https listen-address/listen-port/server-name under 'virtual-host' node`` -* :vytask:`T1845` ``(bug): syslog host no longer accepts a port`` - - -2020-03-22 -========== - -* :vytask:`T2150` ``(feature): SSTP ssl certificates can only be stored in /config/user-data/sstp`` -* :vytask:`T2149` ``(feature): Update Linux Kernel to v4.19.112`` -* :vytask:`T476` ``(enhancment): Update the base system to Debian 10 (Buster)`` - - -2020-03-21 -========== - -* :vytask:`T2142` ``(bug): vyos-build: Add required packages and step to build-GCE-image script`` -* :vytask:`T1870` ``(feature): Extend Pipeline scripts to support PullRequests`` - - -2020-03-20 -========== - -* :vytask:`T2006` ``(bug): SSTP RADIUS CLI accepts invalid values`` -* :vytask:`T2140` ``(default): openvpn: tls file check function checkCertHeader returns True even when no match is found`` -* :vytask:`T2007` ``(feature): SSTP accepts client MTU up to 16384 bytes`` -* :vytask:`T2008` ``(feature): Adjustment of SSTP CLI to be more consistent to the rest of VyOS`` - - -2020-03-19 -========== - -* :vytask:`T2135` ``(bug): Login banner missing spacing now`` -* :vytask:`T2132` ``(feature): Document kernel boot parameter 'vyos-config-debug'`` -* :vytask:`T1744` ``(default): Config load fails in ConfigTree with ValueError: Failed to parse config: lexing: empty token`` - - -2020-03-17 -========== - -* :vytask:`T2134` ``(bug): VXLAN: `NameError: name 'config' is not defined``` - - -2020-03-16 -========== - -* :vytask:`T2131` ``(feature): Improve syslog remote host CLI definition`` - - -2020-03-15 -========== - -* :vytask:`T2122` ``(feature): Update Intel out-of-tree drivers to latest version(s)`` -* :vytask:`T2121` ``(feature): Update Linux Kernel to v4.19.109`` -* :vytask:`T2119` ``(bug): Error on boot when removing ethernet interface from VM`` - - -2020-03-14 -========== - -* :vytask:`T834` ``(feature): New L2TP server implementation based on accel-ppp`` - - -2020-03-13 -========== - -* :vytask:`T1622` ``(default): Add failsafe and back trace to boot config loader`` - - -2020-03-11 -========== - -* :vytask:`T1961` ``(bug): VXLAN - fails to commit due to non-existent variable, broken MTU`` -* :vytask:`T2084` ``(default): conntrack-tools package build error for current/equuleus`` - - -2020-03-10 -========== - -* :vytask:`T1331` ``(bug): DNS stops working`` - - -2020-03-09 -========== - -* :vytask:`T2111` ``(feature): VRF add route leaking support`` -* :vytask:`T2109` ``(bug): Ping by name broken in VyOS 1.3-rolling-202003080217`` -* :vytask:`T2065` ``(bug): VyOS 1.3 Don't set daemon in openvpn-{intf}.conf file`` -* :vytask:`T31` ``(feature): Add VRF support`` - - -2020-03-08 -========== - -* :vytask:`T1954` ``(bug): Having `system login radius` configured causes exponentially long boot times`` -* :vytask:`T1760` ``(bug): RADIUS shared secret is not redacted from "show configuration" op mode command`` - - -2020-03-07 -========== - -* :vytask:`T2107` ``(bug): Wireless interfaces do not work in station mode without security`` - - -2020-03-05 -========== - -* :vytask:`T2074` ``(bug): VyOS docker container: Cannot configure ethernet interface`` - - -2020-03-04 -========== - -* :vytask:`T2098` ``(bug): Wrong call to cli-shell-api in generated op-mode templates for path completion helper`` - - -2020-03-03 -========== - -* :vytask:`T2095` ``(bug): Copy command errors out`` - - -2020-03-01 -========== - -* :vytask:`T2082` ``(bug): WireGuard broken after merging T2057`` -* :vytask:`T2089` ``(feature): RADIUS: do not query servers when commit is running started from a non RADIUS user`` -* :vytask:`T2086` ``(feature): Move sudo session open/close log entries to auth.log`` - - -2020-02-29 -========== - -* :vytask:`T2046` ``(feature): allowing sub-classes of Interface to redefine how the interface is created`` - - -2020-02-28 -========== - -* :vytask:`T2083` ``(default): vyos-build: build-packages fails at mdns-repeater due to wrong branch`` -* :vytask:`T2080` ``(default): traffic-policy shaper error when setting bandwidth`` - - -2020-02-27 -========== - -* :vytask:`T2075` ``(feature): Add support for OpenVPN tls-crypt file option`` -* :vytask:`T2068` ``(feature): Update Linux Kernel to v4.19.105`` -* :vytask:`T1703` ``(default): Macvlan PPPoE support`` -* :vytask:`T2078` ``(feature): Kernel: remove unused RAID functions 5,6,10,jbod,dm`` - - -2020-02-25 -========== - -* :vytask:`T2070` ``(feature): Rewrite (dis-)connect op-mode commands in XML and Python`` -* :vytask:`T2071` ``(feature): Add possibility to temporary disable a RADIUS server used for system login`` - - -2020-02-23 -========== - -* :vytask:`T2055` ``(feature): Remove IPv6 router-advert options for PPPoE`` -* :vytask:`T1318` ``(feature): PPPoE client CLI redesign`` - - -2020-02-22 -========== - -* :vytask:`T2063` ``(feature): vyos-salt-minion package is missing from vyos-world`` - - -2020-02-20 -========== - -* :vytask:`T1969` ``(default): OSPF with WireGuard cause Route Inactive`` - - -2020-02-18 -========== - -* :vytask:`T2034` ``(default): Removal of interfaces loopback lo removed 127.0.0.1 and ::1`` - - -2020-02-17 -========== - -* :vytask:`T2047` ``(feature): Update Linux Kernel to v4.19.104`` -* :vytask:`T2048` ``(bug): ISO boot fails when wireless adapter is present`` - - -2020-02-16 -========== - -* :vytask:`T2043` ``(bug): Bond VLANs can't be extended on the fly`` -* :vytask:`T2030` ``(bug): Bond doesn't survive reboot`` -* :vytask:`T1992` ``(bug): Adding vlan on a bond resets all BGP connections on same bond`` -* :vytask:`T1908` ``(feature): Add zone option for Cloudflare DDNS`` -* :vytask:`T1246` ``(bug): VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values`` - - -2020-02-15 -========== - -* :vytask:`T2042` ``(bug): Error on reboot after deleting "service snmp" and not "service lldp snmp enable"`` -* :vytask:`T2041` ``(bug): Adding non existent bond interface raises exception`` - - -2020-02-14 -========== - -* :vytask:`T2039` ``(bug): Wrong system type displayed in show version`` -* :vytask:`T2040` ``(bug): vyos-http-api-server should reload Config in all routes`` - - -2020-02-13 -========== - -* :vytask:`T2033` ``(feature): Drop vyos-replace package`` -* :vytask:`T1635` ``(feature): Rewrite interface pseudo-ethernet in new XML/Python style`` - - -2020-02-10 -========== - -* :vytask:`T2024` ``(feature): Migrate "system login banner" to XML/Python`` - - -2020-02-09 -========== - -* :vytask:`T2022` ``(bug): When RADIUS config is active, local logins won't work`` -* :vytask:`T2020` ``(default): Unable to log in after upgrade to 1.3-rolling-202002080217`` -* :vytask:`T1931` ``(bug): Enabling SNMP commit error`` - - -2020-02-05 -========== - -* :vytask:`T1948` ``(bug): RADIUS login broken in 1.3`` -* :vytask:`T1990` ``(feature): Migrate "system login" to XML/Python representation`` -* :vytask:`T1585` ``(default): Add letsencrypt/certbot support for 'service https'`` - - -2020-02-04 -========== - -* :vytask:`T1965` ``(bug): VyOS-1.3: ping no longer supports specifying interface or source`` - - -2020-02-02 -========== - -* :vytask:`T2011` ``(feature): Update Linux Kernel to v4.19.101`` -* :vytask:`T640` ``(bug): Images no longer work when built without "recommended" packages`` - - -2020-02-01 -========== - -* :vytask:`T2009` ``(bug): Ethernet Interface always stays down`` -* :vytask:`T1989` ``(bug): conf.get_config_dict() throws exception`` - - -2020-01-31 -========== - -* :vytask:`T1768` ``(bug): PPtP - vyos.config rewrite`` -* :vytask:`T2002` ``(bug): VLAN interfaces try to be enabled even if parent interface is A/D`` - - -2020-01-30 -========== - -* :vytask:`T1994` ``(default): lldpd not bound to specified interfaces - Fix jinja template`` -* :vytask:`T1896` ``(enhancment): Remove LLDP-MED civic_based location information`` -* :vytask:`T1724` ``(feature): wireguard - add endpoint check in verify()`` - - -2020-01-29 -========== - -* :vytask:`T1996` ``(feature): Update Linux Kernel to 4.19.99`` -* :vytask:`T1862` ``(default): Use regex pattern \s+ to split strings on whitespace in Python 3.7`` -* :vytask:`T1755` ``(bug): Python KeyError exceptions raised with 'show vpn ipsec sa' command under use of certain IPSEC cipher suites`` -* :vytask:`T1747` ``(bug): L2TP breaks after upgrading to VyOS 1.2-rolling-201910180117 [issue report and proposed solution]`` -* :vytask:`T1664` ``(bug): Ipoe with bond per vlan don't work`` -* :vytask:`T1895` ``(feature): There is not restriction on selection of syslog facility`` -* :vytask:`T1670` ``(feature): OpenVPN option for tls-auth`` - - -2020-01-26 -========== - -* :vytask:`T1937` ``(bug): snmpd throwing a tremendous amount of errors`` -* :vytask:`T1767` ``(bug): IPoE - vyos.config rewrite`` -* :vytask:`T1765` ``(bug): wireguard - vyos.config rewrite`` - - -2020-01-24 -========== - -* :vytask:`T1975` ``(bug): OpenVPN tap devices won't come up automatically`` - - -2020-01-23 -========== - -* :vytask:`T1766` ``(bug): service-pppoe - vyos.config rewrite`` - - -2020-01-21 -========== - -* :vytask:`T1784` ``(bug): DMVPN with IPSec does not work in HUB mode`` -* :vytask:`T1977` ``(bug): webproxy error on fresh install`` - - -2020-01-18 -========== - -* :vytask:`T1830` ``(feature): 1.3-rolling boots to GRUB prompt post-install on UEFI systems`` -* :vytask:`T1940` ``(bug): EFI Fresh Install fails to boot, 4K Sector Drives Fail to boot EFI`` - - -2020-01-16 -========== - -* :vytask:`T1880` ``(default): "A stop job is running for live-tools - System Support Scripts" hangs, times out when shutting down equuleus live iso`` - - -2020-01-15 -========== - -* :vytask:`T1959` ``(bug): Error message when adding IPSec VPN`` - - -2020-01-09 -========== - -* :vytask:`T1955` ``(feature): snmp - cli config val_help missing`` -* :vytask:`T1813` ``(bug): error in generated /etc/hosts file`` - - -2020-01-08 -========== - -* :vytask:`T1946` ``(bug): Recovery ifname for PPtP remote-access`` - - -2020-01-03 -========== - -* :vytask:`T1939` ``(feature): Provide abstraction for interface "ip" options`` - - -2020-01-01 -========== - -* :vytask:`T1779` ``(bug): Tunnel interfaces aren't suggested as being available for bridging`` - - -2019-12-31 -========== - -* :vytask:`T1654` ``(bug): sFlow: multiple "sflow server" not work, and "disable-imt" could break configuration`` -* :vytask:`T1923` ``(feature): Migrate L2TPv3 interface to XML/Python`` - - -2019-12-30 -========== - -* :vytask:`T1920` ``(bug): beep: Error: Running under sudo, which is not supported for security reasons.`` -* :vytask:`T1918` ``(bug): l2tp / ipsec config broken in latest daily`` -* :vytask:`T1897` ``(bug): IPSec - 1.2 to 1.3 migration failed`` -* :vytask:`T1921` ``(bug): snmp: VyOS options no longer recognized`` -* :vytask:`T1922` ``(feature): Add VXLAN IPv6 support`` -* :vytask:`T1919` ``(feature): Migrate "system options" to XML/Python representation`` - - -2019-12-28 -========== - -* :vytask:`T1916` ``(feature): Update Linux Kernel to v4.19.91`` -* :vytask:`T1915` ``(bug): Remove "system ipv6 blacklist" option`` -* :vytask:`T1912` ``(feature): Migrate "system (ip|ipv6)" to XML/Python representation`` - - -2019-12-27 -========== - -* :vytask:`T1910` ``(bug): Invalid parmissions on latest 1.3 rolling ISO images`` - - -2019-12-26 -========== - -* :vytask:`T1794` ``(bug): Interface description can't contain a colon`` -* :vytask:`T1906` ``(feature): Migrate "system time-zone" configuration to XML/Python`` - - -2019-12-23 -========== - -* :vytask:`T1898` ``(enhancment): Support multiple IPv4/IPv6 LLDP management addresses`` -* :vytask:`T1878` ``(bug): accel-ppp: pppoe single-session option implementation`` - - -2019-12-22 -========== - -* :vytask:`T393` ``(enhancment): Migrate vyatta-lldpd to vyos-1x`` - - -2019-12-20 -========== - -* :vytask:`T1892` ``(default): vyos-build: Do not install recommends in docker image [enhancement]`` -* :vytask:`T1411` ``(enhancment): equuleus: buster: vyatta-ravpn: libfreeradius-client2 is missing in buster`` - - -2019-12-19 -========== - -* :vytask:`T1873` ``(default): DHCP server fails to start due to a change in isc-dhcp-server init scripts`` - - -2019-12-18 -========== - -* :vytask:`T1889` ``(bug): Error building docker build image`` -* :vytask:`T1132` ``(default): Build on Debian Buster`` - - -2019-12-17 -========== - -* :vytask:`T1886` ``(feature): Update Linux Kernel to v4.19.89`` -* :vytask:`T1887` ``(feature): Update WireGuard to Debian release 0.0.20191212-1`` - - -2019-12-13 -========== - -* :vytask:`T1861` ``(default): hosts lost after modified static-host-mapping`` - - -2019-12-10 -========== - -* :vytask:`T1843` ``(feature): Add GCC preprocessor support for XML files`` - - -2019-12-08 -========== - -* :vytask:`T1566` ``(feature): Extend L2TP/IPSec server with IPv6`` - - -2019-12-07 -========== - -* :vytask:`T1714` ``(bug): Disable DHCP Nameservers Not Working`` - - -2019-12-06 -========== - -* :vytask:`T1860` ``(feature): Update WireGuard to Debian release 0.0.20191127-2`` -* :vytask:`T1859` ``(feature): Update Linux Kernel to v4.19.88`` -* :vytask:`T1854` ``(bug): Dynamic DNS configuration cannot be deleted`` -* :vytask:`T1849` ``(bug): DHCPv6 client does not start`` -* :vytask:`T1169` ``(bug): LLDP potentially broken`` -* :vytask:`T586` ``(bug): Cannot add ethernet vif-s vif-c interface to bridge-group`` - - -2019-12-05 -========== - -* :vytask:`T1847` ``(bug): set_level incorrectly handles path given as empty string`` - - -2019-12-04 -========== - -* :vytask:`T1787` ``(default): Failed config migration from V1.2.3 to 1.2-rolling-201911030217`` -* :vytask:`T1212` ``(bug): IPSec Tunnel to Cisco ASA drops reliably after 4.2GB transferred`` -* :vytask:`T1704` ``(feature): OpenVPN - Add support for ncp-ciphers`` - - -2019-12-03 -========== - -* :vytask:`T1782` ``(bug): pppoe0: showing as "Coming up"`` -* :vytask:`T1801` ``(bug): Unescaped backslashes in config values cause configuration failure`` - - -2019-12-02 -========== - -* :vytask:`T1840` ``(bug): PPPoE doesn't not rename pppX to pppoeX`` - - -2019-11-25 -========== - -* :vytask:`T1824` ``(bug): Permission denied: '/opt/vyatta/etc/config/vyos-migrate.log'`` - - -2019-11-24 -========== - -* :vytask:`T1673` ``(bug): vif bridge-group not migrated to bridge member interface`` -* :vytask:`T1799` ``(feature): Add support for GENEVE (Generic Network Virtualization Encapsulation)`` - - -2019-11-23 -========== - -* :vytask:`T1627` ``(feature): Rewrite wireless interface in new style XML syntax`` - - -2019-11-21 -========== - -* :vytask:`T1818` ``(default): Print name of migration script on failure`` -* :vytask:`T1814` ``(default): Add log of migration scripts run during config migration`` - - -2019-11-14 -========== - -* :vytask:`T1710` ``(default): [equuleus] buster: add patch to fix live-build missing key error`` -* :vytask:`T1804` ``(default): Add python3-psutil to docker image`` -* :vytask:`T1736` ``(default): Decide on best practice for patching live-team packages for VyOS build system`` -* :vytask:`T1424` ``(default): Rewrite the config load script`` - - -2019-11-11 -========== - -* :vytask:`T1793` ``(feature): Editing description on an interface causes BGP sessions to reset on commit`` - - -2019-11-10 -========== - -* :vytask:`T1791` ``(feature): Update Linux Kernel to 4.19.82`` - - -2019-11-08 -========== - -* :vytask:`T1789` ``(bug): ddclient not working with generated RFC2136 / nsupdate config`` - - -2019-11-03 -========== - -* :vytask:`T1777` ``(bug): Bonding interface MAC address mismatch after reboot`` -* :vytask:`T1752` ``(bug): PPPoE does not automatically start on boot`` - - -2019-11-02 -========== - -* :vytask:`T1783` ``(bug): Interface can't unpin from bridge`` - - -2019-10-22 -========== - -* :vytask:`T1756` ``(feature): Modify output to be more useful - Wireguard`` - - -2019-10-21 -========== - -* :vytask:`T1741` ``(feature): Add system wide proxy setting`` - - -2019-10-19 -========== - -* :vytask:`T1746` ``(bug): 201910180117 fails startup with 'Permission Denied' errors`` -* :vytask:`T1743` ``(default): equuleus: remove references to SSH key type "rsa1" deprecated in Debian Buster`` - - -2019-10-18 -========== - -* :vytask:`T1712` ``(default): DHCP client sometimes doesn't start`` -* :vytask:`T1604` ``(enhancment): equuleus: buster: vbash: tab completion breaks`` - - -2019-10-11 -========== - -* :vytask:`T1723` ``(bug): wireguard - Interface wg01 could not be brought up in time`` - - -2019-10-09 -========== - -* :vytask:`T1719` ``(feature): ssh deprecated options`` -* :vytask:`T1718` ``(bug): ISO check in /opt/vyatta/sbin/install-image faulty`` -* :vytask:`T1682` ``(feature): Migrate to new Jenkins Pipeline script`` - - -2019-10-08 -========== - -* :vytask:`T1717` ``(bug): disable multiple daemons to autostart at boot`` - - -2019-10-06 -========== - -* :vytask:`T1713` ``(feature): Remove deprecated packages no longer required after migration to Accel-PPP`` - - -2019-10-03 -========== - -* :vytask:`T1689` ``(feature): "reset openvpn" op-mode command should terminate and restart OpenVPN process`` - - -2019-10-01 -========== - -* :vytask:`T1706` ``(bug): wireguard broken in latest rolling`` - - -2019-09-30 -========== - -* :vytask:`T1688` ``(feature): OpenVPN - Add new cipher aes-(128|192|256)-gcm`` - - -2019-09-28 -========== - -* :vytask:`T1696` ``(bug): NTP - Tests fail when building vyos-1x`` -* :vytask:`T1512` ``(bug): vyos 1.2 openvpn client names with spaces created incorrectly`` - - -2019-09-27 -========== - -* :vytask:`T1681` ``(feature): cleanup wireguard code since tagnodes are now visible`` -* :vytask:`T1695` ``(bug): Syntax error in interface-dummy.py`` - - -2019-09-26 -========== - -* :vytask:`T1692` ``(bug): ipoe-server verify function error`` -* :vytask:`T1691` ``(bug): OpenVPN - Commiting config when OpenVPN peer/server not available makes commit hang`` -* :vytask:`T1690` ``(feature): restart op-mode commands for 'service (pppoe|ipoe)-server'`` - - -2019-09-25 -========== - -* :vytask:`T1672` ``(bug): Wireguard keys not automatically moved`` - - -2019-09-23 -========== - -* :vytask:`T1679` ``(bug): during bootup: invalid literal for int() with base 10`` -* :vytask:`T1680` ``(feature): DHCP client does not release IP address on exit/deletion`` - - -2019-09-21 -========== - -* :vytask:`T1676` ``(default): [equuleus] buster: update GRUB boot parameters during upgrade`` -* :vytask:`T1637` ``(feature): Rewrite ethernet interface in new style XML syntax`` -* :vytask:`T1675` ``(feature): OpenVPN - Specify minimum TLS version`` - - -2019-09-20 -========== - -* :vytask:`T1602` ``(default): equuleus: buster: add live build apt options for choosing vyos packages`` - - -2019-09-19 -========== - -* :vytask:`T1666` ``(feature): Deleting a bond will place member interfaces into A/D state`` - - -2019-09-17 -========== - -* :vytask:`T239` ``(bug): Improve documentation for the firewall all-ping setting`` - - -2019-09-16 -========== - -* :vytask:`T1040` ``(default): rc.local is executed too early`` - - -2019-09-15 -========== - -* :vytask:`T1662` ``(default): openvpn: 'show openvpn client' error`` -* :vytask:`T1661` ``(default): openvpn: wrong checking for existence cert files`` -* :vytask:`T1630` ``(bug): OpenVPN after changing it from root to nobody (unprivileged user) cant add routes`` - - -2019-09-13 -========== - -* :vytask:`T1660` ``(bug): Bonding dont’t work on VyOS 1.2-rolling-201909120338`` -* :vytask:`T1655` ``(enhancment): equuleus: buster: arm: vyos-accel-ppp build failes because of filename hardcoded as x86_64 in debian/rules`` - - -2019-09-12 -========== - -* :vytask:`T1572` ``(feature): Wireguard keyPair per interface`` -* :vytask:`T1545` ``(bug): IPSEC vti issue`` - - -2019-09-10 -========== - -* :vytask:`T1650` ``(feature): implement wireguard default key removal`` -* :vytask:`T1649` ``(feature): feature documentation different keypairs per interface`` -* :vytask:`T1648` ``(feature): add cli command 'delete wireguard named-key <key>'`` - - -2019-09-09 -========== - -* :vytask:`T1639` ``(bug): wireguard pubkey change error`` - - -2019-09-07 -========== - -* :vytask:`T1640` ``(feature): Update Linux Kernel to v4.19.70`` - - -2019-09-06 -========== - -* :vytask:`T1624` ``(bug): Failed to set up config session`` -* :vytask:`T1636` ``(feature): Rewrite VXLAN in new style XML/Python`` -* :vytask:`T1479` ``(bug): libvyosconfig error reporting doesn't include line numbers`` -* :vytask:`T808` ``(feature): replace lighthttpd with nginx`` -* :vytask:`T1478` ``(bug): libvyosconfig parser does not support escaped quotes inside single-quoted strings`` - - -2019-09-04 -========== - -* :vytask:`T1632` ``(bug): OpenVPN 'push' options with quotes`` -* :vytask:`T1631` ``(bug): Multiple push-route options cause error generating openvpn configuration`` -* :vytask:`T1557` ``(feature): Create generic abstraction for configuring interfaces e.g. IP address`` -* :vytask:`T1628` ``(feature): Adopt WireGuard configuration script to new vyos.ifconfig class`` -* :vytask:`T1614` ``(feature): Rewrite bonding interface in new style XML syntax`` - - -2019-09-02 -========== - -* :vytask:`T1621` ``(default): Rewrite the rest of trivial vyatta-op commands to new syntax`` - - -2019-08-31 -========== - -* :vytask:`T1456` ``(bug): Port group cannot be configured if the same port is configured as standalone and inside a range`` - - -2019-08-28 -========== - -* :vytask:`T1615` ``(feature): After migration to pyroute2 the address DHCP statement is no longer covered`` - - -2019-08-27 -========== - -* :vytask:`T1617` ``(default): OpenVPN push route failure`` -* :vytask:`T1250` ``(bug): FRR not setting default gateway from DHCP`` - - -2019-08-26 -========== - -* :vytask:`T1591` ``(bug): OpenVPN "run show openvpn client status" does not work`` -* :vytask:`T1608` ``(feature): bridge: Bridge adding non existing interfaces is allowed but does not work`` -* :vytask:`T1548` ``(feature): Rewrite OpenVPN interface/op-commands in new style XML/Python`` -* :vytask:`T1607` ``(default): Convert 'reset conntrack' and 'reset ip[v6] cache' operations from vyatta-op to new syntax`` - - -2019-08-25 -========== - -* :vytask:`T1611` ``(default): Migration to latest rolling fails with vyos.configtree.ConfigTreeError: Path [b'interfaces bridge br0 igmp-snooping querier'] doesn't exist`` - - -2019-08-23 -========== - -* :vytask:`T1606` ``(bug): Rolling release no longer boots after adding hostname daemon`` - - -2019-08-21 -========== - -* :vytask:`T1601` ``(feature): Rewrite loopback interface type with new style XML/Python interface`` -* :vytask:`T1596` ``(default): Convert 'telnet' and 'traceroute' vyatta-op commands to new syntax`` - - -2019-08-20 -========== - -* :vytask:`T1595` ``(feature): Migrate deprecated "service dns forwarding listen-on" to listen-address`` - - -2019-08-19 -========== - -* :vytask:`T1580` ``(feature): Rewrite dummy interface type with new style XML/Python interface`` -* :vytask:`T1590` ``(default): Convert 'show system' operations from vyatta-op to python/xml syntax`` - - -2019-08-17 -========== - -* :vytask:`T1592` ``(feature): Update Linux Kernel to v4.19.67`` - - -2019-08-15 -========== - -* :vytask:`T1584` ``(default): equuleus: buster: add consistent grub options for predictable interface names`` - - -2019-08-13 -========== - -* :vytask:`T1556` ``(feature): Rewrite Bridge in new style XML syntax`` - - -2019-08-09 -========== - -* :vytask:`T1569` ``(feature): interfaceconfig class documetation`` - - -2019-08-05 -========== - -* :vytask:`T1562` ``(feature): Change version scheme on current branch used for rolling releases`` - - -2019-08-04 -========== - -* :vytask:`T1561` ``(bug): VyOS rolling ISO cluttered with vyatta-ravpn Git Repo`` - - -2019-08-02 -========== - -* :vytask:`T853` ``(feature): Add SSTP server support`` -* :vytask:`T742` ``(feature): Replace poptop and xl2tpd with accel-ppp`` - - -2019-08-01 -========== - -* :vytask:`T1544` ``(feature): L2TP documentation`` - - -2019-07-31 -========== - -* :vytask:`T1552` ``(feature): accel-ppp: SSTP documentation`` -* :vytask:`T1553` ``(default): equuleus: buster: add 'noautologin' to boot parameters`` - - -2019-07-29 -========== - -* :vytask:`T1532` ``(default): [equuleus] buster: GPG error on vyos package repository`` - - -2019-07-28 -========== - -* :vytask:`T1547` ``(feature): accel-ppp/L2TP restructure CLI`` -* :vytask:`T1546` ``(bug): accel-ppp/L2TP radius-source address is not honored`` - - -2019-07-23 -========== - -* :vytask:`T1533` ``(bug): Rolling builds broken!`` -* :vytask:`T1489` ``(feature): Add vlan_mon usage at Accel`` - - -2019-07-22 -========== - -* :vytask:`T1435` ``(enhancment): Make ip-address [OPTIONAL] (in dhcp-server -> static-mapping) to cope with "unfriendly" client-hostnames of IoT-Devices`` - - -2019-07-21 -========== - -* :vytask:`T823` ``(feature): Rewrite DHCP op mode in the new style`` - - -2019-07-18 -========== - -* :vytask:`T1497` ``(bug): "set system name-server" generates invalid/incorrect resolv.conf`` -* :vytask:`T533` ``(feature): Support for PPPoE MTU greater than 1492`` - - -2019-07-08 -========== - -* :vytask:`T1510` ``(feature): [IPoE] vlan-mon option implementation`` -* :vytask:`T1508` ``(feature): [pppoe] migration script for service pppoe-server interface`` -* :vytask:`T1494` ``(feature): accel-ppp: IPoE update documentation`` -* :vytask:`T989` ``(feature): Add support for IPoE server`` - - -2019-07-03 -========== - -* :vytask:`T1502` ``(feature): Add build sanity checking tools to the dev builds`` - - -2019-07-02 -========== - -* :vytask:`T1099` ``(default): Openvpn: use config files instead of one long command.`` -* :vytask:`T1495` ``(feature): accel-ppp: IPoE implement IPv6 PD`` - - -2019-07-01 -========== - -* :vytask:`T1498` ``(bug): Nameservers are not propagated into resolv.conf`` - - -2019-06-24 -========== - -* :vytask:`T1482` ``(feature): Add OpenVPN SHA384 hashing algorithm`` - - -2019-06-23 -========== - -* :vytask:`T1476` ``(bug): Update PowerDNS recursor to 4.2 series`` - - -2019-06-22 -========== - -* :vytask:`T1313` ``(feature): Add support for reusable build flavours`` -* :vytask:`T1202` ``(bug): Add `hvinfo` to the packages directory`` - - -2019-06-20 -========== - -* :vytask:`T1413` ``(enhancment): equuleus: buster: vyos-xe-guest-utilities is not installable and breaks live-build`` -* :vytask:`T1412` ``(enhancment): equuleus: buster: vyos-netplug is not installable and breaks live-build`` - - -2019-06-19 -========== - -* :vytask:`T1334` ``(feature): Migration script runner rewrite`` -* :vytask:`T1327` ``(bug): Set the serial console speed to 115200 by default`` - - -2019-06-18 -========== - -* :vytask:`T1451` ``(bug): Intel e1000e driver missing in lates rolling release`` - - -2019-06-17 -========== - -* :vytask:`T1408` ``(feature): pppoe-server - implement local-ipv6 for pure IPv6 based deployments`` - - -2019-06-12 -========== - -* :vytask:`T1397` ``(default): Rewrite the config merge script`` - - -2019-06-05 -========== - -* :vytask:`T1426` ``(default): Update the script that checks conntrack hash-size on reboot`` - - -2019-06-03 -========== - -* :vytask:`T1423` ``(default): When merging remote config files, create known_hosts file if not present.`` - - -2019-05-28 -========== - -* :vytask:`T1410` ``(feature): Upgrade Linux Kernel to 4.19.46`` - - -2019-05-26 -========== - -* :vytask:`T1404` ``(feature): Update iproute2 package to 4.19`` - - -2019-05-24 -========== - -* :vytask:`T1407` ``(bug): pppoe IPv6 PD documention by practical example`` - - -2019-05-23 -========== - -* :vytask:`T1402` ``(feature): Update Linux Kernel to 4.19.45`` - - -2019-05-22 -========== - -* :vytask:`T1399` ``(bug): accel-ppp kernel modules missing in rolling build 20190522`` -* :vytask:`T1393` ``(bug): pppoe IPv6 pool doesn't work`` - - -2019-05-21 -========== - -* :vytask:`T592` ``(bug): lldpcli: unknown command from argument 1: `#``` - - -2019-05-16 -========== - -* :vytask:`T1267` ``(feature): FRR: Add interface name for static routes`` -* :vytask:`T1148` ``(bug): epa2 BGP peers initiate before config is fully loaded, routes leak.`` +1.3.9 (future release) +====================== -2019-05-06 -========== -* :vytask:`T1368` ``(feature): Enable MPLS support in Linux Kernel`` -2019-05-04 -========== +**Bug fixes** -* :vytask:`T1365` ``(bug): Cannot configure syslog on 1.2.0-rolling+201904260337`` +* :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed`` -2019-04-29 -========== +**Other resolved issues** -* :vytask:`T1352` ``(feature): vyos-documentaion: accel-pppoe adding CIDR based IP pool option`` +* :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled`` -2019-04-21 -========== +1.3.8 (25th June 2024) +====================== -* :vytask:`T1348` ``(feature): Upgrade WireGuard to 0.0.20190406-1`` -* :vytask:`T1347` ``(feature): Upgrade Linux Kernel to 4.19.36`` -2019-04-20 -========== -* :vytask:`T1344` ``(feature): Unclutter "system login radius" configuration nodes`` +**Bug fixes** -2019-04-19 -========== -* :vytask:`T1325` ``(default): GRE tunnel to Cisco router fails in 1.2.0 - works in 1.1.8`` +* :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address`` +* :vytask:`T6337` ``Upgrade from 1.3.5 fails if ssh public key name has a space in it`` +* :vytask:`T6359` ``Multicast does not forward after reboot`` -2019-04-16 -========== +1.3.7 (13th May 2024) +===================== -* :vytask:`T1184` ``(feature): wireguard - extend documentation with the show interface wireguard commands`` +**Security** -2019-04-15 -========== +* :vytask:`T6324` ``CVE-2024-2961`` -* :vytask:`T1260` ``(feature): VICI-based implementation of "run show vpn ipsec sa"`` -* :vytask:`T1248` ``(default): Add a function for copying nodes to the vyos.configtree library`` -2019-04-05 -========== +**New features and improvements** -* :vytask:`T1324` ``(feature): update documtation for 'set system login user level'`` +* :vytask:`T1244` ``Add support for StartupResync in conntrack-sync`` +* :vytask:`T5364` ``Make it possible to set the PADO delay to 0`` +* :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools`` +* :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP`` +* :vytask:`T6057` ``Add ability to disable syslog for conntrackd`` -2019-04-04 -========== +**Bug fixes** -* :vytask:`T1323` ``(feature): migrate operator accounts to admin accounts and remove the option to setup an operator account`` +* :vytask:`T1751` ``DNS server addresses from DHCPv6 are not added to resolv.conf`` +* :vytask:`T1976` ``deleting address-family under neighbor will disable neighbor`` +* :vytask:`T2044` ``RPKI doesn't boot properly`` +* :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` +* :vytask:`T2279` ``Router resolves as 127.0.1.1 when using Router's Recursive DNS`` +* :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` +* :vytask:`T2612` ``HTTPS API, changing API key fails but goes through`` +* :vytask:`T2801` ``conntrack-tools flooding logs`` +* :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work`` +* :vytask:`T3437` ``BGP Confederation Addition Causes Error`` +* :vytask:`T3992` ``Unhandled exception when trying to add an interface with an assigned address to a bridge`` +* :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service`` +* :vytask:`T4453` ``dhclient fails to renew DHCP lease with VRF`` +* :vytask:`T5239` ``Host name and domain name missing from the FRR configuration`` +* :vytask:`T5982` ``Isolated interfaces smoketest fail`` +* :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading`` +* :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart`` +* :vytask:`T6088` ``Configuration corrupted after saving and powercut or force reboot`` +* :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` +* :vytask:`T6110` ``Insufficient validation of range option with failover in DHCP server`` +* :vytask:`T6124` ``Docker equuleus build image doesn't build due to fpm`` +* :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure`` +* :vytask:`T6150` ``Impossible to set a static IP address via RADIUS in IPoE`` +* :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` +* :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time`` +* :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory`` -2019-03-20 -========== +**Other resolved issues** -* :vytask:`T405` ``(feature): Add binaries for lcdproc`` +* :vytask:`T1198` ``Extra hyphen in suggested image name on upgrade`` +* :vytask:`T3584` ``Migrate NTP server addresses from *.pool.ntp.org to our own`` +* :vytask:`T6261` ``Typo in the operational mode connect and disconnect command output`` -2019-03-12 -========== +1.3.6 (14th February 2024) +========================== -* :vytask:`T1284` ``(feature): accel-ppp: pptp implementation documention`` -* :vytask:`T833` ``(feature): New PPTP server implementation based on accel-ppp`` +**Security** -2019-02-22 -========== +* :vytask:`T5318` ``Security Vulnerabilities for VyOS 1.3.3`` -* :vytask:`T1257` ``(bug): implement 'set system static-host-mapping' in host_name.py and remove old function calls`` +**Configuration syntax changes (automatically migrated)** -2019-02-21 -========== -* :vytask:`T1214` ``(bug): Add `ipaddrcheck` to the packages directory`` +* :vytask:`T2060` ``source-validation will be configured at different locations and could lead to massive confusion`` +* :vytask:`T2289` ``Denest cerbot certificate configuration from service https`` +**New features and improvements** -2019-02-10 -========== -* :vytask:`T1154` ``(default): use of local cache to build iso`` +* :vytask:`T1929` ``ipset in firewall`` +* :vytask:`T2060` ``source-validation will be configured at different locations and could lead to massive confusion`` +* :vytask:`T2116` ``Processing configuration via Cloud-init User-Data`` +* :vytask:`T2191` ``Using tallow to block sshd probes`` +* :vytask:`T2289` ``Denest cerbot certificate configuration from service https`` +* :vytask:`T3039` ``Resize a root partition and filesystem automatically during deployment in virtual environments`` +* :vytask:`T4039` ``Rsyslog to use 'protocol23format' for protocol UDP`` +* :vytask:`T4078` ``A hybrid of "network-group" and "address-group".`` +* :vytask:`T5182` ``Update Intel ice driver`` +* :vytask:`T5187` ``Update Realtek r8152 driver`` +* :vytask:`T5275` ``Add op mode commands for exporting certificates to PEM files with correct headers`` +* :vytask:`T5796` ``Openconnect - HTTPS security headers are missing`` +**Bug fixes** -2019-02-09 -========== -* :vytask:`T1236` ``(feature): Update Linux Kernel`` +* :vytask:`T117` ``Cannot install from ISO via serial console on ttyS1`` +* :vytask:`T1925` ``DMVPN is always listed as down in "show vpn ipsec sa"`` +* :vytask:`T2085` ``Building some packages with vyos-build no longer works for Equuleus/current`` +* :vytask:`T2163` ``Disabled vif interface with "address dhcp" requests DHCP address`` +* :vytask:`T2404` ``Cannot change MTU`` +* :vytask:`T2509` ``No inotify notifications from /`` +* :vytask:`T2574` ``wan-load-balance snat bug and route problem`` +* :vytask:`T2793` ``compare + TAB completion does not show proper username if user contains _`` +* :vytask:`T2837` ``make-version-file executed too early during build process`` +* :vytask:`T3154` ``route-map CLI allows 32-bit ASNs in community options even though FRR doesn't`` +* :vytask:`T3980` ``vrrp transition-script validator makes warning fatal and also causes a python NameError exception`` +* :vytask:`T4062` ``VRRP IPSEC-AH : sequence number xxxxxxx already processed. Packet dropped. Local(xxxxxxx)`` +* :vytask:`T4566` ``Cannot log in on serial console on Equuleus v1.3.1`` +* :vytask:`T4752` ``ICMP redirects not working / not properly configured`` +* :vytask:`T4760` ``VyOS does not support running multiple instances of DHCPv6 clients`` +* :vytask:`T4990` ``Commit results may not be properly saved if power is cut immediately after a successful commit`` +* :vytask:`T5180` ``initramfs-tools ignores firmware from updates directory`` +* :vytask:`T5543` ``Fix source address handling in static joins`` +* :vytask:`T5625` ``"restart vpn" does not work if ipsec-interfaces is not set`` +* :vytask:`T5739` ``Password recovery does not work if public keys are configured`` +* :vytask:`T5800` ``HTTPS API unavailable after delete VRF`` +* :vytask:`T5852` ``Reboots fail with eapol WAN interface`` +* :vytask:`T5914` ``CVE-2023-48795 - Terrapin vulnerability`` +* :vytask:`T5924` ``Build cannot pass the smoketest dialup-router-medium-vpn`` +* :vytask:`T5967` ``Multi-hop BFD connections can't be established; please add minimum-ttl option.`` +* :vytask:`T6017` ``Update vyos-http-api-tools for security advisory`` + +**Other resolved issues** + + +* :vytask:`T922` ``OSPF - Process Crash after peer reboot`` +* :vytask:`T1297` ``Add GARP settings to VRRP/keepalived`` +* :vytask:`T1369` ``GCP Networking Failure`` +* :vytask:`T1500` ``Slow boot/load and CLI response times`` +* :vytask:`T1667` ``Add a tool for automatically importing old style command definitions into XML`` +* :vytask:`T1671` ``rewrite udev script logic /lib/udev/vyatta_net_name`` +* :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6`` +* :vytask:`T2223` ``convert operational show interfaces to python/XML`` +* :vytask:`T2353` ``Interface [conf_mode] errors parent task`` +* :vytask:`T2431` ``Python validators are slow`` +* :vytask:`T2452` ``Serial console related issues`` +* :vytask:`T2546` ``The root task for rewriting [op-mode] to XML`` +* :vytask:`T2579` ``The root task for VRF features`` +* :vytask:`T2655` ``ConfigError formatting issue`` +* :vytask:`T2720` ``Rework vyos.template Python module to make future extension easier`` +* :vytask:`T2755` ``Requirements for partial interface setup`` +* :vytask:`T2799` ``VyOS Certificates Manager`` +* :vytask:`T3191` ``PAM RADIUS freezing when accounting does not configured on RADIUS server`` +* :vytask:`T3348` ``dhcpd: Can't create new lease file: Permission denied`` +* :vytask:`T3403` ``Error on interrupting list of pppoe sessions`` +* :vytask:`T3513` ``Attempting to remove firewall rule results in error`` +* :vytask:`T3688` ``Fail to save configuration via scp/sftp`` +* :vytask:`T3737` ``openvpn-option needs to be able to support quotes as since openvpn 2.4.`` +* :vytask:`T3813` ``Some custom sysctl parameters can't be applied bug`` +* :vytask:`T4222` ``Support for TWAMP as round-trip metric`` +* :vytask:`T4646` ``USB serial output console does not work`` +* :vytask:`T5274` ``Add a deprecation warning for OpenVPN site-to-site with pre-shared secret`` +* :vytask:`T5714` ``IPSec VPN: op-mode: "show log vpn" does not show results`` +* :vytask:`T5715` ``IPSec VPN: restart vpn is not working`` +* :vytask:`T6014` ``Bump keepalived version`` +* :vytask:`T6249` ``ISO builder fails because of changed buster-backport repository`` + +1.3.5 (15th December 2023) +========================== + + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T2139` ``openvpn: allow "dh-file none" to disable DH for ECDH keys`` + +**New features and improvements** + + +* :vytask:`T1118` ``Obsolete "utc" option in time selector in firewall`` +* :vytask:`T2014` ``Use vendor specific NTP Pool hostname`` +* :vytask:`T2139` ``openvpn: allow "dh-file none" to disable DH for ECDH keys`` +* :vytask:`T4269` ``node.def generator should automatically add default values`` +* :vytask:`T5213` ``Accel-ppp sending accounting interim updates acct-interim-interval option`` +* :vytask:`T5270` ``Make OpenVPN `tls dh-params` optional`` +* :vytask:`T5271` ``Add support for peer-fingerprint to OpenVPN`` +* :vytask:`T5273` ``Add op mode commands for displaying certificate details and fingerprints`` +* :vytask:`T5387` ``dhcp6c: add a no release option`` +* :vytask:`T5576` ``Add bgp remove-private-as all option`` +* :vytask:`T5586` ``Disable by default SNMP for Keepalived VRRP`` +* :vytask:`T5630` ``pppoe: allow to specify MRU in addition to already configurable MTU`` +* :vytask:`T5661` ``Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection`` + +**Bug fixes** + + +* :vytask:`T305` ``loadbalancing does not work with one pppoe connection and another connection of either dhcp or static`` +* :vytask:`T971` ``authentication public-keys options quoting issue`` +* :vytask:`T1012` ``vyos-build configure script should check /etc/issue to avoid confusion`` +* :vytask:`T2051` ``Throughput anomalies`` +* :vytask:`T2250` ``vyos-build "make iso" error if configure was ran outside of the docker container`` +* :vytask:`T3020` ``The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location"`` +* :vytask:`T3045` ``Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP)`` +* :vytask:`T3940` ``DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook`` +* :vytask:`T4146` ``Nginx should not listen on port 80`` +* :vytask:`T4328` ``Large MTU on 1.3.1-S1`` +* :vytask:`T4402` ``OpenVPN client-ip-pool option is broken`` +* :vytask:`T4601` ``dhcp : relay agent IP address issue.`` +* :vytask:`T4776` ``NVME storage is not detected properly during installation`` +* :vytask:`T5223` ``tunnel key doesn't clear`` +* :vytask:`T5235` ``SSH keys with special characters cannot be applied via Cloud-init`` +* :vytask:`T5402` ``VRRP router with rfc3768-compatibility sends multiple ARP replies`` +* :vytask:`T5413` ``Deny the opportunity to use one public/private key pair on both wireguard peers.`` +* :vytask:`T5486` ``Service dns dynamic cannot pass the smoketest`` +* :vytask:`T5669` ``VXLAN interface changing port does not work`` +* :vytask:`T5670` ``bridge: missing member interface validator`` +* :vytask:`T5763` ``Fix imprecise check for remote file name in vyos-load-config.py`` +* :vytask:`T5777` ``frr: backport and upstream recent bgpd daemon crashes`` + +**Other resolved issues** + + +* :vytask:`T1276` ``dhcp relay + VLAN fails`` +* :vytask:`T2719` ``Standardized op mode script structure`` +* :vytask:`T3536` ``Unable to list all available routes`` +* :vytask:`T3702` ``Policy: Allow routing by fwmark`` +* :vytask:`T5191` ``Replace underscores with hyphens in command-line options generated by vyos.opmode`` +* :vytask:`T5268` ``OpenVPN: upgrade package to 2.6 series`` +* :vytask:`T5280` ``Update Expired keys (2023-06-08) for PowerDNS`` +* :vytask:`T5578` ``"ikev2-reauth" description contains outdated information`` +* :vytask:`T5624` ``Remove /etc/debian_version from the image`` +* :vytask:`T5632` ``Add jq package to parse JSON files`` +* :vytask:`T5817` ``Show openvpn server fails in some cases`` + +1.3.4 (17th October 2023) +========================= + + + + +**New features and improvements** + + +* :vytask:`T738` ``Add local-port and resolver port options for powerdns in CLI configuration tree`` +* :vytask:`T2123` ``Configure 3 NTP servers`` +* :vytask:`T2424` ``Ability to choose the direction of Mirroring`` +* :vytask:`T3144` ``Support op-mode command to release DHCP leases`` +* :vytask:`T3546` ``Add support for running scripts on PPPoE server session events`` +* :vytask:`T4151` ``IPV6 local PBR Support`` +* :vytask:`T4426` ``Add arpwatch to the image`` +* :vytask:`T4475` ``route-map does not support ipv6 peer`` +* :vytask:`T4825` ``interfaces veth/veth-pairs -standalone used`` +* :vytask:`T5190` ``Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0`` +* :vytask:`T5265` ``WAN load-balancing: missing completion helpers`` +* :vytask:`T5315` ``vrrp: add support for version 3`` +* :vytask:`T5354` ``Add sshguard to protect against brut-forces for 1.3`` + +**Bug fixes** + + +* :vytask:`T2611` ``Prefix list names are shared between ipv4 and ipv6`` +* :vytask:`T2908` ``VRF and bridge membership isn’t mutually exclusive`` +* :vytask:`T2958` ``DHCP server doesn't work from a live CD`` +* :vytask:`T3070` ``Firewall going OOM, possible related to nftables migration`` +* :vytask:`T3098` ``Cannot talk to rtnetlink: Message too long Command failed -:1`` +* :vytask:`T3339` ``Cloud-Init domain search setting not applied`` +* :vytask:`T4113` ``Incorrect GRUB configuration parsing`` +* :vytask:`T4121` ``Nameservers from DHCP client cannot be used in specific cases`` +* :vytask:`T4407` ``Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3`` +* :vytask:`T4412` ``commit archive: reboot not working with sftp`` +* :vytask:`T4459` ``API service with VRF doesn't work in 1.3.1`` +* :vytask:`T4745` ``CLI TAB issue with values with '-' at the beginning in conf mode`` +* :vytask:`T4790` ``RADIUS login does not work if sum of timeouts more than 50s`` +* :vytask:`T4855` ``Trying to create more than one tunnel of the same type to the same address causes unhandled exception`` +* :vytask:`T4869` ``A network with `/32` or `/128` mask cannot be removed from a network-group`` +* :vytask:`T4895` ``Tag nodes are overwritten when configured by Cloud-Init from User-Data`` +* :vytask:`T5006` ``Http api segfault with concurrent requests`` +* :vytask:`T5140` ``Firewall network-group problems`` +* :vytask:`T5221` ``BGP as-override behavior differs from new FRR and other vendors`` +* :vytask:`T5240` ``Service router-advert failed to start radvd with more then 3 name-servers`` +* :vytask:`T5305` ``REST API configure operation should not be defined as async`` +* :vytask:`T5313` ``UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned`` +* :vytask:`T5329` ``Wireguard interface as GRE tunnel source causes configuration error on boot`` +* :vytask:`T5428` ``dhcp: client renewal fails when running inside VRF`` +* :vytask:`T5506` ``Container bridge interfaces do not have a link-local address`` +* :vytask:`T5524` ``Add config directory to liveCD`` +* :vytask:`T5533` ``Keepalived VRRP IPv6 group enters in FAULT state`` +* :vytask:`T5545` ``sflow is not working`` +* :vytask:`T5555` ``Fix timezone migrator (system 13-to-14)`` +* :vytask:`T5594` ``VRRP - Error if using IPv6 Link Local as hello source address`` + +**Other resolved issues** + + +* :vytask:`T469` ``Problem after commit with errors`` +* :vytask:`T2296` ``Upgrade WALinux to 2.2.41`` +* :vytask:`T3424` ``PPPoE IA-PD doesn't work in VRF`` +* :vytask:`T3577` ``Generating vpn x509 key pair fails with command not found`` +* :vytask:`T3713` ``Create a meta-package for user utilities`` +* :vytask:`T4306` ``Do not check for ditry repository when building release images`` +* :vytask:`T4874` ``Add Warning message to Equuleus`` +* :vytask:`T4933` ``Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error`` +* :vytask:`T5272` ``Upgrade OpenVPN to 2.6 in Equuleus`` +* :vytask:`T5470` ``wlan: can not disable interface if SSID is not configured`` +* :vytask:`T5557` ``bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802`` + +1.3.3 (22th June 2023) +====================== + +**Security** + + +* :vytask:`T3835` ``vyos router 1.2.7 snmp Dos bug`` +* :vytask:`T4970` ``pin OCaml pcre package to avoid JIT support`` + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T4628` ``ConfigTree() throws ValueError() if tagNode contains whitespaces`` + +**New features and improvements** + + +* :vytask:`T1024` ``Policy Based Routing by DSCP`` +* :vytask:`T1928` ``Is the 'Welcome to VyOS' message when using SSH an information leak?`` +* :vytask:`T1993` ``Extended pppoe rate-limiter`` +* :vytask:`T2603` ``pppoe-server: reduce min MTU`` +* :vytask:`T2640` ``Running VyOS inside Docker containers`` +* :vytask:`T2769` ``Add VRF support for syslog`` +* :vytask:`T3937` ``Rewrite "show system memory" in Python to make it usable as a library function`` +* :vytask:`T4219` ``support incoming-interface (iif) in local PBR`` +* :vytask:`T4575` ``vyos.utill add new wrapper "rc_cmd" to get the return code and output`` +* :vytask:`T4683` ``Add kitty-terminfo package to build`` +* :vytask:`T4727` ``Add RADIUS rate limit support to PPTP server`` +* :vytask:`T4743` ``Enable IPv6 address for Dynamic DNS`` +* :vytask:`T4785` ``snmp: Allow !, @, * and # in community name`` +* :vytask:`T4812` ``IPsec ability to show all configured connections`` +* :vytask:`T4898` ``Add mtu config option for dummy interfaces`` +* :vytask:`T4922` ``Add ssh-client source-interface CLI option`` +* :vytask:`T4947` ``Support mounting container volumes as ro or rw`` +* :vytask:`T4948` ``pppoe: add CLI option to allow definition of host-uniq flag`` +* :vytask:`T4949` ``Backport "monitor log" and "show log" op-mode definitions from current to equuleus`` +* :vytask:`T4959` ``Add container registry authentication config for containers`` +* :vytask:`T4971` ``Radius attribute "Framed-Pool" for PPPoE`` +* :vytask:`T5033` ``generate-public-key command fails for address with multiple public keys like GitHub`` +* :vytask:`T5098` ``PPPoE client holdoff configuration`` + +**Bug fixes** + + +* :vytask:`T2118` ``Failure to boot after power outage due to dirty filesystem and no fsck in initramfs`` +* :vytask:`T2189` ``Adding a large port-range will take ~ 20 minutes to commit`` +* :vytask:`T2516` ``vyos-container: cannot configure ethernet interface`` +* :vytask:`T2838` ``Ethernet device names changing, multiple hw-id being added`` +* :vytask:`T3852` ``DHCP client issue - interface has two dhclient processes when link is unpluged and then plug again`` +* :vytask:`T4117` ``Does not possible to configure PoD/CoA for L2TP vpn`` +* :vytask:`T4153` ``Monitor bandwidth-test initiate not working`` +* :vytask:`T4177` ``Strip-private doesn't work for service monitoring`` +* :vytask:`T4312` ``Telegraf configuration doesn't accept IPs for URL`` +* :vytask:`T4533` ``Radius clients don’t have simple permissions`` +* :vytask:`T4582` ``Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs`` +* :vytask:`T4628` ``ConfigTree() throws ValueError() if tagNode contains whitespaces`` +* :vytask:`T4630` ``Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time`` +* :vytask:`T4642` ``proxy: hyphen not allowed in proxy URL`` +* :vytask:`T4648` ``PPPoE: Ignore default router from RA when PPPoE default-route is set to none`` +* :vytask:`T4664` ``Add validation to reject whitespace in tag node value names`` +* :vytask:`T4668` ``Adding/removing members from bond doesn't work/results in incorrect interface state`` +* :vytask:`T4671` ``linux-firmware package is missing symlinks defined in WHENCE file`` +* :vytask:`T4679` ``OpenVPN site-to-site incorrect check for IPv6 local and remote address`` +* :vytask:`T4680` ``Telegraf prometheus-client listen-address invalid format`` +* :vytask:`T4702` ``Wireguard peers configuration is not synchronized with CLI`` +* :vytask:`T4709` ``TCP MSS clamping broken in equuleus`` +* :vytask:`T4730` ``Conntrack-sync error - listen-address is not the correct type in config as it should be`` +* :vytask:`T4737` ``FRRouting/zebra 7.5.1 does not redistribute routes to other protocols`` +* :vytask:`T4799` ``PowerDNS >= 4.7 does not get reloaded by vyos-hostsd`` +* :vytask:`T4872` ``Op-mode show openvpn misses a case when parsing for tunnel IP`` +* :vytask:`T4884` ``Missing a community6 in snmpd config`` +* :vytask:`T4896` ``ospfv3: Fix broken not-advertise option`` +* :vytask:`T4902` ``snmpd: exclude container storage from monitoring`` +* :vytask:`T4918` ``Odd show interface behavior`` +* :vytask:`T4939` ``VRRP command no-preempt not work as expected`` +* :vytask:`T4955` ``Openconnect radiusclient.conf generating with extra authserver`` +* :vytask:`T4975` ``CLI does not work after cutting off the power or reset`` +* :vytask:`T4978` ``KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536`` +* :vytask:`T4992` ``Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set`` +* :vytask:`T4993` ``Can't delete conntrack ignore rule`` +* :vytask:`T5009` ``op-mode command: restart dhcp relay-agent not working`` +* :vytask:`T5011` ``Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped`` +* :vytask:`T5017` ``Bug with validator interface-name`` +* :vytask:`T5047` ``Recreate only a specific container`` +* :vytask:`T5066` ``Different GRE tunnel but same tunnel keys error`` +* :vytask:`T5136` ``Possible config corruption on upgrade`` +* :vytask:`T5152` ``Telegraf agent hostname isn't qualified`` +* :vytask:`T5175` ``http-api: error in MultiPart parser for FastAPI version >= 0.91.0`` +* :vytask:`T5176` ``http-api: update vyos-http-api-tools for FastAPI security vulnerability`` +* :vytask:`T5186` ``QoS test cannot pass for 1.3`` + +**Other resolved issues** + + +* :vytask:`T1288` ``FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)`` +* :vytask:`T1875` ``Add the ability to use network address as BGP neighbor (bgp listen range)`` +* :vytask:`T2913` ``Failure to install fpm while building builder docker image`` +* :vytask:`T3083` ``Add feature event-handler`` +* :vytask:`T3608` ``Standardize warnings from configure scripts`` +* :vytask:`T3810` ``webproxy squidguard rules don't work properly after rewriting to python.`` +* :vytask:`T4122` ``interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)`` +* :vytask:`T4262` ``install image doesn't respect chosen root partition size`` +* :vytask:`T4381` ``OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command`` +* :vytask:`T4511` ``IPv6 DNS lookup`` +* :vytask:`T4625` ``Update ocserv to current revision (1.1.6)`` +* :vytask:`T4652` ``Upgrade PowerDNS recursor to 4.7 series`` +* :vytask:`T4798` ``Migrate the file-exists validator away from Python`` +* :vytask:`T4832` ``dhcp: Add IPv6-only dhcp option support (RFC 8925)`` +* :vytask:`T4875` ``Replace Python validator 'interface-name' to avoid Python startup cost`` +* :vytask:`T4900` ``Cache intermediary results of get_config_diff in Config instance`` +* :vytask:`T4906` ``ipsec connections shows only one connection as up`` +* :vytask:`T4925` ``Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2`` +* :vytask:`T4999` ``vyos.util backport dict_search_recursive`` +* :vytask:`T5007` ``Interface multicast setting is invalid`` +* :vytask:`T5008` ``MACsec CKN of 32 chars is not allowed in CLI, but works fine`` +* :vytask:`T5111` ``pppd-dns.service startup failed`` +* :vytask:`T5243` ``Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus`` + +1.3.2 (7th November 2022) +========================= + + + + +**New features and improvements** + + +* :vytask:`T1375` ``Add clear dhcp server lease function`` +* :vytask:`T2580` ``Support for ip pools for ippoe`` +* :vytask:`T2683` ``no dual stack in system static-host-mapping host-name`` +* :vytask:`T2763` ``New SNMP resource request - SNMP over TCP`` +* :vytask:`T3318` ``Update Linux Kernel to v5.4.208 / 5.10.142`` +* :vytask:`T3785` ``Add unicode support to configtree backend`` +* :vytask:`T4260` ``Extend vyos.configdict.node_changed() to support recursiveness`` +* :vytask:`T4315` ``Telegraf - Output to prometheus`` +* :vytask:`T4336` ``isis: add support for MD5 authentication password on a circuit`` +* :vytask:`T4346` ``Deprecate "system ipv6 disable" option to disable address family within OS kernel`` +* :vytask:`T4373` ``PPPoE-server add multiplier option for shaper`` +* :vytask:`T4395` ``Extend show vpn debug`` +* :vytask:`T4421` ``Add support for floating point numbers in the numeric validator`` +* :vytask:`T4442` ``HTTP API add action "reset"`` +* :vytask:`T4456` ``NTP client in VRF tries to bind to interfaces outside VRF, logs many messages`` +* :vytask:`T4489` ``MPLS sysctl not persistent for tunnel interfaces`` +* :vytask:`T4507` ``IPoE-server add multiplier option for shaper`` +* :vytask:`T4509` ``Feature Request: DNS64`` +* :vytask:`T4515` ``Reduce telegraf binary size`` +* :vytask:`T4522` ``bond: add ability to specify mii monitor interval via CLI`` +* :vytask:`T4584` ``hostap: create custom package build`` +* :vytask:`T4614` ``OpenConnect split-dns directive`` +* :vytask:`T4647` ``Add Google Virtual NIC (gVNIC) support`` + +**Bug fixes** + + +* :vytask:`T2194` ``"show firewall" garbled output`` +* :vytask:`T2654` ``Multiple names unable to be assigned to the same static mapping`` +* :vytask:`T3507` ``Bond with mode LACP show u/u in show interfaces even if peer is not configured`` +* :vytask:`T3714` ``Some sysctl custom parameters disappear after reboot`` +* :vytask:`T4206` ``Policy Based Routing with DHCP Interface Issue`` +* :vytask:`T4230` ``OpenVPN server configuration deleted after reboot when using a VRRP virtual-address`` +* :vytask:`T4294` ``Adding a new openvpn-option does not restart the OpenVPN process`` +* :vytask:`T4313` ``"generate public-key-command" throws unhandled exceptions when it cannot retrieve the key`` +* :vytask:`T4319` ``The command "set system ipv6 disable" doesn't work as expected.`` +* :vytask:`T4324` ``wwan: check alive script should only be run via cron if a wwan interface is configured at all`` +* :vytask:`T4330` ``MTU settings cannot be applied when IPv6 is disabled`` +* :vytask:`T4331` ``IPv6 link local addresses are not configured when an interface is in a VRF`` +* :vytask:`T4337` ``isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError`` +* :vytask:`T4338` ``wwan: changing interface description should not trigger reconnect`` +* :vytask:`T4339` ``wwan: tab-completion results in "No such file or directory" if there is no WWAN interface`` +* :vytask:`T4341` ``login: disable user-account prior to deletion and wait until deletion is complete`` +* :vytask:`T4350` ``DMVPN opennhrp spokes dont work behind NAT`` +* :vytask:`T4354` ``Slave interfaces fall out from bonding during configuration change`` +* :vytask:`T4361` ```vyos.config.exists()` does not work for nodes with multiple values`` +* :vytask:`T4363` ``salt-minion: default mine_interval option is not set`` +* :vytask:`T4366` ``geneve: interface is removed on changes to e.g. description`` +* :vytask:`T4369` ``OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node`` +* :vytask:`T4388` ``dhcp-server: missing constraint on tftp-server-name option`` +* :vytask:`T4405` ``DHCP client sometimes ignores `no-default-route` option of an interface`` +* :vytask:`T4441` ``wwan: connection not possible after a change added after 1.3.1-S1 release`` +* :vytask:`T4447` ``DHCPv6 prefix delegation `sla-id` limited to 128`` +* :vytask:`T4468` ``web-proxy source group cannot start with a number bug`` +* :vytask:`T4510` ``set system static-host-mapping doesn't allow IPv4 and IPv6 for same name.`` +* :vytask:`T4513` ``Webproxy monitor commands do not work`` +* :vytask:`T4521` ``bond: ARP monitor interval is not configured despite set via CLI`` +* :vytask:`T4525` ``Delete interface from VRF and add it to bonding error`` +* :vytask:`T4527` ``Prevent to create VRF name default`` +* :vytask:`T4532` ``Flow-accounting IPv6 server/receiver bug`` +* :vytask:`T4534` ``bond: bridge: error out if member interface is assigned to a VRF instance`` +* :vytask:`T4537` ``MACsec not working with cipher gcm-aes-256`` +* :vytask:`T4538` ``Macsec does not work correctly when the interface status changes.`` +* :vytask:`T4565` ``vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249`` +* :vytask:`T4572` ``Add an option to force interface MTU to the value received from DHCP`` +* :vytask:`T4579` ``bridge: can not delete member interface CLI option when VLAN is enabled`` +* :vytask:`T4592` ``macsec: can not create two interfaces using the same source-interface`` +* :vytask:`T4616` ``openconnect: KeyError: 'local_users'`` +* :vytask:`T4618` ``Traffic policy not set on virtual interfaces`` +* :vytask:`T4632` ``VLAN-aware bridge not working`` +* :vytask:`T4653` ``Interface offload options are not applied correctly`` +* :vytask:`T4666` ``EAP-TLS no longer allows TLSv1.0 after T4537, T4584`` + +**Other resolved issues** + + +* :vytask:`T4415` ``Include license/copyright files in the image but remove user documentation from /usr/share/doc to reduce its size`` +* :vytask:`T4430` ``Show firewall output with visual shift default rule`` +* :vytask:`T4629` ``Raised ConfigErrors contain dict instead of only the dict key`` +* :vytask:`T4654` ``RPKI cache incorrect description`` + +1.3.1 (21th March 2022) +======================= + +**Security** + + +* :vytask:`T4204` ``Update Accel-PPP to a newer revision`` +* :vytask:`T4310` ``CVE-2022-0778: infinite loop in OpenSSL certificate parsing`` +* :vytask:`T4311` ``CVE-2021-4034: local privilege escalation in PolKit`` + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T1972` ``Allow setting interface name for virtual_ipaddress in VRRP VRID`` +* :vytask:`T4273` ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config`` + +**New features and improvements** + + +* :vytask:`T1972` ``Allow setting interface name for virtual_ipaddress in VRRP VRID`` +* :vytask:`T2400` ``OpenVPN: dont restart server if no need`` +* :vytask:`T2764` ``Increase maximum number of NAT rules`` +* :vytask:`T3164` ``console-server ssh does not work with RADIUS PAM auth`` +* :vytask:`T3299` ``Allow the web proxy service to listen on all IP addresses`` +* :vytask:`T3854` ``Missing op-mode commands for conntrack-sync`` +* :vytask:`T3872` ``Add configurable telegraf monitoring service`` +* :vytask:`T4055` ``Add VRF support for HTTP(S) API service`` +* :vytask:`T4100` ``Firewall increase maximum number of rules`` +* :vytask:`T4120` ``[VXLAN] add ability to set multiple unicast-remotes`` +* :vytask:`T4128` ``keepalived: Upgrade package to add VRF support`` +* :vytask:`T4261` ``MACsec: add DHCP client support`` + +**Bug fixes** + + +* :vytask:`T2922` ``The `vpn ipsec logging log-modes` miss the IPSec daemons state check`` +* :vytask:`T3380` ``"show vpn ike sa" does not display IPv6 peers`` +* :vytask:`T3686` ``Bridging OpenVPN tap with no local-address breaks`` +* :vytask:`T3914` ``VRRP rfc3768-compatibility doesn't work with unicast peers`` +* :vytask:`T3924` ``VRRP stops working with VRF`` +* :vytask:`T4002` ``firewall group network-group long names restriction incorrect behavior`` +* :vytask:`T4081` ``VRRP health-check script stops working when setting up a sync group`` +* :vytask:`T4087` ``IPsec IKE-group proposals limit of 10 pieces`` +* :vytask:`T4092` ``IKEv2 mobike commit failed with DMVPN nhrp`` +* :vytask:`T4093` ``SNMPv3 snmpd.conf generation bug`` +* :vytask:`T4101` ``commit-archive: Use of uninitialized value $source_address in concatenation`` +* :vytask:`T4104` ``RAID1: "add raid md0 member sda1" does not restore boot sector`` +* :vytask:`T4110` ``[IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0`` +* :vytask:`T4141` ``Set high-availability vrrp sync-group without members error`` +* :vytask:`T4142` ``Input ifbX interfaces not displayed in op-mode`` +* :vytask:`T4152` ``NHRP shortcut-target holding-time does not work`` +* :vytask:`T4154` ``Error add second gre tunnel with the same source interface`` +* :vytask:`T4165` ``Custom conntrack rules cannot be deleted`` +* :vytask:`T4168` ``IPsec VPN is impossible to restart when DMVPN is configured`` +* :vytask:`T4183` ``IPv6 link-local address not accepted as wireguard peer`` +* :vytask:`T4184` ``NTP allow-clients address doesn't work it allows to use ntp server for all addresses`` +* :vytask:`T4191` ``Lost access to host after VRF re-creating`` +* :vytask:`T4196` ``DHCP server client-prefix-length parameter results in non-functional leases`` +* :vytask:`T4203` ``Reconfigure DHCP client interface causes brief outages`` +* :vytask:`T4226` ``VRRP transition-script does not work for groups name which contains -(minus) sign`` +* :vytask:`T4228` ``bond: OS error thrown when two bonds use the same member`` +* :vytask:`T4233` ``ssh: sync regex for allow/deny usernames to "system login"`` +* :vytask:`T4234` ``Show firewall partly broken in 1.3.x`` +* :vytask:`T4237` ``Conntrack-sync error - error adding listen-address command`` +* :vytask:`T4240` ``Cannot add wlan0 to bridge via configure`` +* :vytask:`T4241` ``ocserv openconnect looks broken in recent bulds of 1.3 Equuleus`` +* :vytask:`T4242` ``ethernet speed/duplex can never be switched back to auto/auto`` +* :vytask:`T4258` ``[DHCP-SERVER] error parameter on Failover`` +* :vytask:`T4259` ``The conntrackd daemon can be started wrongly`` +* :vytask:`T4263` ``vyos.util.leaf_node_changed() dos not honor valueLess nodes`` +* :vytask:`T4264` ``vxlan: interface is destroyed and rebuild on description change`` +* :vytask:`T4267` ``Error - Missing required "ip key" parameter`` +* :vytask:`T4273` ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config`` +* :vytask:`T4297` ``Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings`` +* :vytask:`T4377` ``generate tech-support archive includes previous archives`` + +**Other resolved issues** + + +* :vytask:`T4227` ``Typo in help completion of hello-time option of bridge interface`` +* :vytask:`T4255` ``Unexpected print of dict bridge on delete`` +* :vytask:`T4476` ``Next steps after installation is not communicated properly to new users`` + +1.3.0 (21th December 2021) +========================== + + +**Breaking changes** + + +* :vytask:`T3350` ``OpenVPN config file generation broken`` +* :vytask:`T3866` ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax`` + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T2162` ``migration script for router-advert sets link-mtu 0 on bridge interfaces`` +* :vytask:`T2691` ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch`` +* :vytask:`T3293` ``RPKI migration script errors out after CLI rewrite`` + +**New features and improvements** + + +* :vytask:`T3704` ``Add ability to interact with Areca RAID adapers`` +* :vytask:`T3745` ``op-mode IPSec show vpn ipse sa sorting`` +* :vytask:`T3912` ``Use a more informative default post-login banner`` +* :vytask:`T3945` ``Add route-map for bgp aggregate-address`` +* :vytask:`T3971` ``Ability to build ISO images for XCP-NG hypervisor`` +* :vytask:`T4012` ``Add VRF support for TFTP`` +* :vytask:`T4013` ``Add pkg cloudwatch for AWS images`` +* :vytask:`T4046` ``Sflow - Add Source address parameter`` +* :vytask:`T4049` ``support command-style output with compare command`` +* :vytask:`T4082` ``Add op mode command to restart ldpd`` +* :vytask:`T4084` ``Dehardcode the default login banner`` + +**Bug fixes** + + +* :vytask:`T1624` ``Failed to set up config session`` +* :vytask:`T1710` ``[equuleus] buster: add patch to fix live-build missing key error`` +* :vytask:`T1847` ``set_level incorrectly handles path given as empty string`` +* :vytask:`T1876` ``IPSec VTI tunnels are deleted after rekey and dangling around as A/D`` +* :vytask:`T2009` ``Ethernet Interface always stays down`` +* :vytask:`T2022` ``When RADIUS config is active, local logins won't work`` +* :vytask:`T2082` ``WireGuard broken after merging T2057`` +* :vytask:`T2158` ``Commit fails if ethernet interface doesn't support flow control (pause)`` +* :vytask:`T2162` ``migration script for router-advert sets link-mtu 0 on bridge interfaces`` +* :vytask:`T2164` ``Package libstrongswan-standard-plugins missing from image`` +* :vytask:`T2167` ``vyos.ifconfig.get_mac() broken`` +* :vytask:`T2176` ``'WiFiIf' object has no attribute 'set_state'`` +* :vytask:`T2177` ``Commit fails on adding disabled interface to bridge`` +* :vytask:`T2241` ``Changing settings on an interface causes it to fall out of bridge`` +* :vytask:`T2273` ``OpenVPN no longer starts in latest rolling, migrate to systemd`` +* :vytask:`T2283` ``openvpn not starting: ccd path in template not moved to /run/openvpn/ccd`` +* :vytask:`T2293` ``OpenVPN: UnboundLocalError after merging server_network PullRequest`` +* :vytask:`T2318` ``dns-forwarding migration script breaks with invalid interface name`` +* :vytask:`T2337` ``hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028`` +* :vytask:`T2427` ``Interface addressing broken since fix for T2372 was merged`` +* :vytask:`T2466` ``live-build encounters apt dependency problem when building with local packages`` +* :vytask:`T2578` ``ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses`` +* :vytask:`T2600` ``RADIUS system login configuration rendered wrongly`` +* :vytask:`T2624` ``Serial Console: fix migration script for configured powersave and no console`` +* :vytask:`T2642` ``sshd fails to start due to configuration error`` +* :vytask:`T2678` ``High RAM usage on SSH logins with lots of IPv6 routes in the routing table.`` +* :vytask:`T2682` ``VRF aware services - connection no longer possible after system reboot`` +* :vytask:`T2691` ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch`` +* :vytask:`T2746` ``IPv6 link-local addresses not configured`` +* :vytask:`T2758` ``router-advert: 'infinity' is not a valid integer number`` +* :vytask:`T2886` ``RADIUS authentication broken only returns operator level`` +* :vytask:`T2894` ``bond: lacp: member interfaces get removed once bond interface has vlans configured`` +* :vytask:`T2952` ``configd: timeout breaks synchronization of messages, causing freeze`` +* :vytask:`T3208` ``Does not possible to change user password`` +* :vytask:`T3350` ``OpenVPN config file generation broken`` +* :vytask:`T3370` ``dhcp: Invalid domain name "private"`` +* :vytask:`T3699` ``login: verify selected "system login user" name is not already used by the base system.`` +* :vytask:`T3707` ``Ping incorrect ip host checks`` +* :vytask:`T3822` ``OpenVPN processes do not have permission to read key files generated with `run generate openvpn key``` +* :vytask:`T3866` ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax`` +* :vytask:`T3886` ``DHCP server can not start`` +* :vytask:`T3887` ``Removal of IPv6 BGP-peer with peer-group may trigger problems`` +* :vytask:`T3913` ``VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2`` +* :vytask:`T3934` ``Openconnect VPN broken: ocserv-worker general protection fault on client connect`` +* :vytask:`T3962` ``Image cannot be built without open-vm-tools`` +* :vytask:`T3972` ``Removing vif-c interface raises KeyError`` +* :vytask:`T4015` ``Update Accel-PPP to a newer revision`` +* :vytask:`T4019` ``Smoketests for SSTP and openconnect fails`` +* :vytask:`T4033` ``VRRP - Error security when setting scripts`` +* :vytask:`T4035` ``Geneve interfaces aren't displayed by operational mode commands`` +* :vytask:`T4052` ``Validator return traceback on VRRP configuration with the script path not in config dir`` +* :vytask:`T4053` ``VRRP impossible to set scripts out of the /config directory`` +* :vytask:`T4167` ``DMVPN apply wrong param on the first configuration`` +* :vytask:`T4201` ``Firewall - ICMPv6 matches not working as expected on 1.3.0`` +* :vytask:`T4268` ``Elevated LA while using VyOS monitoring feature`` +* :vytask:`T4296` ``Interface config injected by Cloud-Init may interfere with VyOS native`` +* :vytask:`T4344` ``DHCP statistics not matching, conf-mode generates incorrect pool name with dash`` +* :vytask:`T4571` ``Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces`` + +**Other resolved issues** + + +* :vytask:`T1497` ``"set system name-server" generates invalid/incorrect resolv.conf`` +* :vytask:`T1606` ``Rolling release no longer boots after adding hostname daemon`` +* :vytask:`T1676` ``[equuleus] buster: update GRUB boot parameters during upgrade`` +* :vytask:`T2129` ``XML schema: tagNode not allowed on first level in new XML op-mode definition`` +* :vytask:`T2389` ``BGP community-list unknown command`` +* :vytask:`T2722` ``get_config_dict() and key_mangling=('-', '_') will alter CLI data for tagNodes`` +* :vytask:`T3182` ``Main blocker Task for FRR 7.4/7.5 series update`` +* :vytask:`T3293` ``RPKI migration script errors out after CLI rewrite`` +* :vytask:`T3302` ``Make vyos-configd relay stdout from scripts to the user's console`` +* :vytask:`T3687` ``IS-IS is missing IPv6 support`` +* :vytask:`T3689` ``static ipv6 route doesn't deleted in some cases`` +* :vytask:`T3695` ``OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues`` +* :vytask:`T3697` ``Impossible to delete IPsec completely`` +* :vytask:`T3711` ``service router-advert interface <name> dnssl option has no effects`` +* :vytask:`T3725` ``show configuration in json format`` +* :vytask:`T3735` ``Configuration with multiple network addresses of firewall network-group via colud-init fails`` +* :vytask:`T4065` ``IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory`` +* :vytask:`T4088` ``Fix typo in login banner`` +* :vytask:`T4115` ``reboot in <x> not working as expected`` +* :vytask:`T4198` ``Error shown on commit`` + +1.3.0-epa3 (5th November 2021) +============================== + + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T3925` ``Tunnel: dhcp-interface not implemented - use source-interface instead`` + +**New features and improvements** + + +* :vytask:`T3927` ``Kernel: Enable kernel support for HW offload of the TLS protocol`` +* :vytask:`T3942` ``Generate IPSec debug archive from op-mode`` + +**Bug fixes** + + +* :vytask:`T3610` ``DHCP-Server creation for not primary IP address fails`` +* :vytask:`T3846` ``dmvpn configuration not reapllied after "restart vpn"`` +* :vytask:`T3921` ``tunnel: KeyError when using dhcp-interface`` +* :vytask:`T3922` ``NHRP: delete fails`` +* :vytask:`T3925` ``Tunnel: dhcp-interface not implemented - use source-interface instead`` +* :vytask:`T3926` ``strip-private does not sanitize "cisco-authentication" from NHRP configuration`` +* :vytask:`T3941` ``"show vpn ipsec sa" shows established time of parent SA not child SA's`` +* :vytask:`T3943` ``"netflow source-ip" prevents image upgrades if IP address does not exist locally`` +* :vytask:`T3944` ``VRRP fails over when adding new group to master`` +* :vytask:`T3954` ``FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error`` +* :vytask:`T3956` ``GRE tunnel - unable to move from source-interface to source-address, commit error`` +* :vytask:`T4004` ``IPsec ike-group parameters are not saved correctly (after reboot)`` +* :vytask:`T4034` ``"make xcp-ng-iso" still includes vyos-xe-guest-utilities`` + +**Other resolved issues** + + +* :vytask:`T3188` ``Tunnel local-ip to dhcp-interface Change Fails to Update`` +* :vytask:`T3341` ``Wrong behavior of the "reset vpn ipsec-peer XXX tunnel XXX" command`` +* :vytask:`T3626` ``Configuring and disabling DHCP Server`` +* :vytask:`T3918` ``DHCPv6 prefix delegation incorrect verify error`` +* :vytask:`T3920` ``dhclient exit hook script 01-vyos-cleanup causes too many arguments error`` +* :vytask:`T3990` ``WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)`` +* :vytask:`T4005` ``Feature Request: IPsec IKEv1 + IKEv2 for one peer`` + +1.3.0-epa2 (18th October 2021) +============================== + + + + +**New features and improvements** + + +* :vytask:`T3277` ``DNS Forwarding - reverse zones`` +* :vytask:`T3885` ``dhcpv6-pd: randomly generated DUID is not persisted`` +* :vytask:`T3890` ``dhcp(v6): provide op-mode commands to retrieve both server and client logfiles`` +* :vytask:`T3899` ``Add support for hd44780 LCD displays`` + +**Bug fixes** + + +* :vytask:`T3750` ``pdns-recursor 4.4 issue with dont-query and private DNS servers`` +* :vytask:`T3874` ``D-Link Ethernet Interface not working.`` +* :vytask:`T3877` ``VRRP always enabled rfc3768-compatibility even when not specified`` +* :vytask:`T3878` ``get_config_dict() no_tag_node_value_mangle has no effect`` +* :vytask:`T3879` ``GPG key verification fails when upgrading from a 1.3 beta version`` +* :vytask:`T3883` ``VRF - Delette vrf config on interface`` +* :vytask:`T3893` ``MGRE Tunnel commit crash If sit tunnel available`` +* :vytask:`T3894` ``Tunnel Commit Failed if system does not have `eth0``` +* :vytask:`T3904` ``NTP pool associations silently fail`` + +**Other resolved issues** + + +* :vytask:`T3422` ``Dynamic DNS doesn't allow zone field with cloudflare protocol`` +* :vytask:`T3425` ``Scripts from the /config/scripts/ folder do not run on live system`` +* :vytask:`T3880` ``EFI boot shows error on display`` +* :vytask:`T3882` ``Upgrade PowerDNs recursor to 4.5 series`` +* :vytask:`T3888` ``Incorrect warning when poweroff command executed from configure mode.`` +* :vytask:`T3889` ``Migrate to journalctl when reading daemon logs`` + +1.3.0-epa1 (30th September 2021) +================================ + + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T3672` ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output`` +* :vytask:`T3779` ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF`` +* :vytask:`T3804` ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"`` +* :vytask:`T3842` ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus`` + +**New features and improvements** + + +* :vytask:`T1099` ``Openvpn: use config files instead of one long command.`` +* :vytask:`T1154` ``use of local cache to build iso`` +* :vytask:`T1176` ``FRR - BGP replicating routes`` +* :vytask:`T1350` ``VRRP transition script will be executed once only`` +* :vytask:`T3716` ``Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections`` +* :vytask:`T3779` ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF`` +* :vytask:`T3789` ``Add custom validator for base64 encoded CLI data`` +* :vytask:`T3803` ``Add source-address option to the ping CLI`` +* :vytask:`T3804` ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"`` +* :vytask:`T3840` ``dns forwarding: Cache size should allow values > 10k`` +* :vytask:`T3841` ``dhcp-server: add ping-check option to CLI`` +* :vytask:`T3842` ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus`` +* :vytask:`T3857` ``reboot: send wall message to all users for information`` +* :vytask:`T3859` ``Add "log-adjacency-changes" to ospfv3 process`` + +**Bug fixes** + + +* :vytask:`T945` ``Unable to change configuration after changing it from script (vbash + script-template)`` +* :vytask:`T1148` ``epa2 BGP peers initiate before config is fully loaded, routes leak.`` +* :vytask:`T1249` ``multiple PBR rules can set to a single interface`` +* :vytask:`T1894` ``FRR config not loaded after daemons segfault or restart`` +* :vytask:`T2019` ``LLDP wrong config generation for interface 'all'`` +* :vytask:`T2127` ``restart dhcp server reports a failure`` +* :vytask:`T2161` ``snmpd cannot start if ipv6 disabled`` +* :vytask:`T2328` ``dhcpv6 server not starting (disable check reversed?)`` +* :vytask:`T2430` ``cannot delete specific route static next-hop`` +* :vytask:`T2432` ``dhcpd: Can't create new lease file: Permission denied`` +* :vytask:`T2434` ``Duplicate Address Detection Breaks Interfaces`` +* :vytask:`T2525` ``OSPFv3 missing route map, not establishing`` +* :vytask:`T2623` ``Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”`` +* :vytask:`T2738` ``Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization`` +* :vytask:`T2759` ``validate-value prints error messages from validators that fail even if overall validation succeeds`` +* :vytask:`T2800` ``Pseudo-Ethernet: source-interface must not be member of a bridge`` +* :vytask:`T2895` ``VPN IPsec "leftsubnet" declared 2 times`` +* :vytask:`T2920` ``Commit crash when adding the second mGRE tunnel with the same key`` +* :vytask:`T2931` ``Unicode decode error causes vyos.configd service to restart`` +* :vytask:`T2941` ``Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py`` +* :vytask:`T3076` ``Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration`` +* :vytask:`T3196` ``No NAT translations showing up`` +* :vytask:`T3219` ``Typo in openvpn server client config for IPv6 iroute`` +* :vytask:`T3601` ``Error in ssh keys for vmware cloud-init if ssh keys is left empty.`` +* :vytask:`T3637` ``vrf: bind-to-all didn't work properly`` +* :vytask:`T3672` ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output`` +* :vytask:`T3708` ``isisd and gre-bridge commit error`` +* :vytask:`T3731` ``verify_accel_ppp_base_service return wrong config error for SSP`` +* :vytask:`T3738` ``openvpn fails if server and authentication are configured`` +* :vytask:`T3740` ``HTTPs API breaks when the address is IPv6`` +* :vytask:`T3756` ``VyOS generates invalid QR code for wireguard clients`` +* :vytask:`T3772` ``VRRP virtual interfaces are not shown in show interfaces`` +* :vytask:`T3773` ``Delete the "show system integrity" command (to prepare for a re-implementation)`` +* :vytask:`T3777` ``adding IPv6 EUI64 address fails commit in 1.3.0-rc6`` +* :vytask:`T3781` ``Revert the NAT implementation in 1.3 back to iptables`` +* :vytask:`T3782` ``Ingress Shaping with IFB No Longer Functional with 1.3`` +* :vytask:`T3783` ``"set protocols isis spf-delay-ietf" is not working`` +* :vytask:`T3786` ``GRE tunnel source address 0.0.0.0 error`` +* :vytask:`T3788` ``Keys are not allowed with ipip and sit tunnels`` +* :vytask:`T3790` ``Does not possible to configure PPTP static ip-address to users`` +* :vytask:`T3792` ``login: A hypen present in a username from "system login user" is replaced by an underscore`` +* :vytask:`T3797` ``show interface errors with vrrp configuration`` +* :vytask:`T3802` ``Commit fails if ethernet interface doesn't support flow control`` +* :vytask:`T3805` ``OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface`` +* :vytask:`T3806` ``Don't set link local ipv6 address if MTU less then 1280`` +* :vytask:`T3807` ``Op Command "show interfaces wireguard" does not show the output`` +* :vytask:`T3808` ``ipsec is mistakenly restarted after delete`` +* :vytask:`T3816` ``Error after entering outbound-interface command in NAT`` +* :vytask:`T3850` ``Dots are no longer allowed in SSH public key names`` +* :vytask:`T3860` ``Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses`` +* :vytask:`T3867` ``vxlan: multicast group address is not validated`` + +**Other resolved issues** + + +* :vytask:`T1202` ``Add `hvinfo` to the packages directory`` +* :vytask:`T1214` ``Add `ipaddrcheck` to the packages directory`` +* :vytask:`T1236` ``Update Linux Kernel`` +* :vytask:`T2027` ``get_config_dict is failing when the configuration section is empty/missing`` +* :vytask:`T2555` ``XML op-mode generation scripts silently discard XML nodes`` +* :vytask:`T2727` ``Add a dotted decimal value validator`` +* :vytask:`T2927` ``isc-dhcpd release and expiry events never execute`` +* :vytask:`T3217` ``Save FRR configuration on each commit`` +* :vytask:`T3234` ``multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions`` +* :vytask:`T3254` ``Dynamic DNS status shows incorrect last update time`` +* :vytask:`T3291` ``Fault on setting offload RPS with single-core CPU`` +* :vytask:`T3362` ``1.3 - RC1 ifb redirect failing to commit`` +* :vytask:`T3381` ``Change GRE tunnel failed`` +* :vytask:`T3396` ``syslog can't be configured with an ipv6 literal destination in 1.2.x`` +* :vytask:`T3431` ``Show version all bug`` +* :vytask:`T3537` ``Unable to override the default OSPFv3 link cost for wireguard interface`` +* :vytask:`T3634` ``Add op command option for ping for do not fragment bit to be set`` +* :vytask:`T3683` ``VXLAN not accept ipv6 and source-interface options and mtu bug`` +* :vytask:`T3730` ``op-mode conntrack-sync miss some functions`` +* :vytask:`T3732` ``override-default helper should support adding defaultValues to default less nodes`` +* :vytask:`T3768` ``Remove early syntaxVersion implementation`` +* :vytask:`T3776` ``Rename FRR daemon restart op-mode commands`` +* :vytask:`T3814` ``wireguard: commit error showing incorrect peer name from the configured name`` +* :vytask:`T3819` ``Upgrade Salt Stack 3002.3 -> 3003 release train`` +* :vytask:`T3820` ``PowerDNS recursor - update from 4.3 -> 4.4 to sync with current`` diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 0ad129e1..260020cc 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -1,3 +1,4 @@ + ########### 1.4 Sagitta ########### @@ -8,6037 +9,425 @@ _ext/releasenotes.py -2024-04-25 -========== - -* :vytask:`T6263` ``(bug): Multicast: Could not commit multicast config with multicast join group using source-address`` -* :vytask:`T5833` ``(bug): Not all AFIs compatible with VRF`` - - -2024-04-24 -========== - -* :vytask:`T6255` ``(bug): Static table description should not contain white-space`` -* :vytask:`T6226` ``(feature): add HAPROXY `tcp-request content accept` related block to load-balancing reverse proxy config`` -* :vytask:`T6109` ``(bug): remote syslog do not get all the logs`` -* :vytask:`T6217` ``(feature): VRRP contrack-sync script change name of the logger`` -* :vytask:`T6244` ``(feature): Spacing of "Show System Uptime" hard to parse`` - - -2024-04-23 -========== - -* :vytask:`T6260` ``(bug): image-tools: remove failed image directory if 'No space left on device' error`` -* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` -* :vytask:`T6237` ``(feature): IPSec remote access VPN: ability to set EAP ID of clients`` - - -2024-04-22 -========== - -* :vytask:`T5996` ``(bug): unescape backslashes for config save, compare commands`` -* :vytask:`T6103` ``(bug): DHCP-server bootfile-name double slash syntax weird behaviour`` -* :vytask:`T6080` ``(default): Default NTP server settings`` -* :vytask:`T5986` ``(bug): Container: Error on commit when environment variable value contains \n line break`` - - -2024-04-21 -========== - -* :vytask:`T6191` ``(bug): Policy Route TCP-MSS Behavior Different from 1.3.x`` -* :vytask:`T5535` ``(feature): disable-directed-broadcast should be moved to firewall global-options`` - - -2024-04-20 -========== - -* :vytask:`T6252` ``(bug): gre tunnel - doesn't allow configure jumbo frame more than 8024`` - - -2024-04-19 -========== - -* :vytask:`T6221` ``(bug): Enabling VRF breaks connectivity`` -* :vytask:`T6035` ``(bug): QoS policy shaper queue-type random-detect requires limit avpkt`` -* :vytask:`T6246` ``(feature): Enable basic haproxy http-check configuration options`` -* :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` - - -2024-04-17 -========== - -* :vytask:`T6168` ``(bug): add system image does not set default boot to current console type in compatibility mode`` -* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` -* :vytask:`T6154` ``(enhancment): Installer should ask for password twice`` -* :vytask:`T5966` ``(default): Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments`` -* :vytask:`T5723` ``(default): mdns repeater: Always reload systemd daemon before applying changes`` -* :vytask:`T5722` ``(bug): Failing to add route in failover if gateway not in the same interface network`` -* :vytask:`T5612` ``(default): Miscellaneous improvements and fixes for dynamic DNS configuration`` -* :vytask:`T5574` ``(default): Support per-service cache management for dynamic dns providers`` -* :vytask:`T5360` ``(bug): ddclient generating abuse`` - - -2024-04-15 -========== - -* :vytask:`T6100` ``(bug): NAT config migration error in 1.4.0-epa1 if invalid address/network defined in 1.3.6 version`` -* :vytask:`T5734` ``(bug): OpenVPN server dh-params that are not in PKI error`` - - -2024-04-14 -========== - -* :vytask:`T6210` ``(feature): Add container ability to configure capability sys-nice`` - - -2024-04-13 -========== - -* :vytask:`T6173` ``(bug): Build Causes Errors When "--version" Contains Slashes ("/")`` -* :vytask:`T2518` ``(feature): Support NAT for ipv6(NPT)`` -* :vytask:`T6238` ``(default): vyos-build Check pull request title requires the python script`` -* :vytask:`T6235` ``(default): Git check PR status: conflicts and resolution`` - - -2024-04-12 -========== - -* :vytask:`T5872` ``(default): ipsec remote access VPN: support dhcp-interface`` -* :vytask:`T6216` ``(bug): Upgrade error from 1.3 to 1.4 - Firewall using character '+'`` -* :vytask:`T6214` ``(bug): Error when using some constraints`` -* :vytask:`T6213` ``(bug): Firewall group constraints`` -* :vytask:`T6148` ``(bug): Reset vpn ipsec command breaks tunnel and does not reset SAs that are down`` -* :vytask:`T1487` ``(default): DNS (pdns_recursor) stats logs not saved to disk`` -* :vytask:`T6222` ``(bug): VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters`` -* :vytask:`T6218` ``(bug): Container network interface in VRF fails to generate IPv6 link-local address`` -* :vytask:`T5959` ``(default): Streamline dns forwarding service`` -* :vytask:`T5846` ``(default): Refactor and simplify DUID definition in conf-mode`` -* :vytask:`T5631` ``(feature): Ability to export the current configuration in JSON format`` -* :vytask:`T5615` ``(default): Narrow down spurious name conflict with mdns`` -* :vytask:`T5530` ``(default): Add LFA to IS-IS`` -* :vytask:`T5195` ``(default): Break up the vyos.util module`` -* :vytask:`T5124` ``(bug): Python3 deprecation distutils.version import LooseVersion`` -* :vytask:`T1871` ``(feature): add MTU option when configure limiter traffic-policy`` -* :vytask:`T874` ``(feature): Support for Two Factor Authentication for CLI access via Google Authenticator/OTP`` -* :vytask:`T6204` ``(default): Remove shebang lines from Python modules`` -* :vytask:`T6166` ``(bug): Tech support generation error for custom output location`` -* :vytask:`T6062` ``(feature): container: add support for image manipulation based on tag name`` -* :vytask:`T5877` ``(default): Reduce unnecessary nesting in system domain-search path and improve smoketest`` -* :vytask:`T5871` ``(default): ipsec remote access VPN: specify "cacerts" to disambiguate mulitple remote access configurations`` -* :vytask:`T5870` ``(default): ipsec remote access VPN: add x509 ("pubkey") authentication`` -* :vytask:`T5772` ``(default): Require HTTPS API server configurations to include at least one key if key-based auth is used`` -* :vytask:`T5447` ``(feature): Allow static MACsec keys with peers`` -* :vytask:`T4221` ``(default): Add a template filter for converting scalars to single-item lists`` -* :vytask:`T3766` ``(feature): containers: Expanding options for networking and building containers`` - - -2024-04-11 -========== - -* :vytask:`T4516` ``(feature): Rewrite system image manipulation tools in Python`` -* :vytask:`T4548` ``(feature): GRUB loader configuration rework`` -* :vytask:`T3774` ``(bug): atop logs are not limited in size`` -* :vytask:`T3574` ``(default): Add constraintGroup for combining validators with logical AND`` -* :vytask:`T3474` ``(default): Revisit storing syntax version of interface definitions in XML file`` -* :vytask:`T160` ``(feature): Support NAT64`` -* :vytask:`T6228` ``(bug): Cleanup of not existing units`` - - -2024-04-10 -========== - -* :vytask:`T6207` ``(bug): image-tools: restore ability to copy config.boot.default on image install`` -* :vytask:`T5750` ``(bug): Upgrade from 1.3.4 to 1.4 Rolling fails QoS`` -* :vytask:`T5858` ``(bug): Show conntrack statistics formatting is all over the place`` -* :vytask:`T4734` ``(feature): Feature Request: openvpn: add OTP 2FA support`` - - -2024-04-09 -========== - -* :vytask:`T3409` ``(feature): Add back TCP-MSS Clamp to PMTU`` -* :vytask:`T6121` ``(feature): Extend service config-sync for sections vpn, policy, vrf`` - - -2024-04-08 -========== - -* :vytask:`T6197` ``(bug): IPoE-server interface client-subnet looks broken or works with the wrong logic`` -* :vytask:`T6196` ``(bug): Route-map and summary-only do not work in BGP aggregation at the same time`` -* :vytask:`T6068` ``(feature): dhcp server: allow switching between load-balanced and hotspare mode`` - - -2024-04-07 -========== - -* :vytask:`T6205` ``(bug): ipoe: error in migration script logic while renaming mac-address to mac node`` -* :vytask:`T6039` ``(bug): cloud-init DNS search-domain causes configuration migration/validation error`` -* :vytask:`T5862` ``(bug): Default MTU is not acceptable in some environments`` -* :vytask:`T6208` ``(feature): container: rename "cap-add" CLI node to "capability"`` -* :vytask:`T6188` ``(feature): Add Firewall Rule Description to "show firewall" commands`` -* :vytask:`T1244` ``(default): Support for StartupResync in conntrackd`` - - -2024-04-06 -========== - -* :vytask:`T6203` ``(enhancment): Remove obsoleted xml lib`` -* :vytask:`T6202` ``(bug): Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1`` - - -2024-04-05 -========== - -* :vytask:`T6089` ``(bug): [1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added`` -* :vytask:`T2590` ``(bug): DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` -* :vytask:`T6199` ``(feature): spring cleaning - drop unused Python imports`` - - -2024-04-04 -========== - -* :vytask:`T6119` ``(default): Use a compliant TOML parser`` -* :vytask:`T6171` ``(feature): dhcp server fail-over - Rename fail-over node`` -* :vytask:`T6115` ``(bug): Build from Git tags fail`` -* :vytask:`T5122` ``(feature): Move "archive-areas" to defaults.toml to support "non-free-firmware" repository`` -* :vytask:`T5121` ``(bug): Incorrect "architecture" config loaded`` -* :vytask:`T4951` ``(default): Add an op mode exception for cases when operations fail due to insufficient system resources`` -* :vytask:`T4883` ``(default): Add a description field for routing tables`` -* :vytask:`T4796` ``(bug): build-vyos-image ignores multiple options`` -* :vytask:`T4795` ``(feature): Cleanup custom python validators`` -* :vytask:`T4761` ``(default): Add a generic URL validator`` -* :vytask:`T3843` ``(bug): l2tp configuration not cleared after delete`` -* :vytask:`T3681` ``(default): The VMware Tools resume script did not run successfully in this virtual machine.`` -* :vytask:`T1991` ``(feature): Rework time services`` -* :vytask:`T5711` ``(default): Put the version data file inside the ISO image`` -* :vytask:`T5672` ``(default): Remove the old-style command definition importer`` -* :vytask:`T5639` ``(default): Group vyos-1x dependencies by their VyOS components and specify their purpose`` -* :vytask:`T5638` ``(default): Add support for requiring numeric values to be ranges rather than single numbers`` -* :vytask:`T5634` ``(default): Remove support for Blowfish and DES from OpenVPN`` -* :vytask:`T5605` ``(default): Do not generate keysize option in OpenVPN configs`` -* :vytask:`T5582` ``(default): Add a command to force NTP sync`` -* :vytask:`T5449` ``(default): Add options for TCP MSS probing`` -* :vytask:`T4440` ``(default): Add OCI compliant image labels to vyos-build and vyos containers`` -* :vytask:`T671` ``(enhancment): Identify and remove dead code`` -* :vytask:`T5109` ``(feature): Improve OCaml XML validator`` -* :vytask:`T1449` ``(feature): Add opportunity to include custom default configs (few) at building`` - - -2024-04-03 -========== - -* :vytask:`T6198` ``(feature): configverify: add common helper for PKI certificate validation`` -* :vytask:`T6192` ``(feature): Multi VRF support for SSH`` - - -2024-04-02 -========== - -* :vytask:`T6167` ``(bug): VNI not set on VRF after reboot`` -* :vytask:`T6151` ``(default): BGP VRF - Route-leaking not work when the next-hop is a recursive route.`` -* :vytask:`T6033` ``(bug): hsflowd fails to start when using a tunnel interface`` - - -2024-04-01 -========== - -* :vytask:`T6195` ``(feature): dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1`` -* :vytask:`T6193` ``(bug): dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` -* :vytask:`T6178` ``(bug): Reverse-proxy should check that certificate exists during commit`` - - -2024-03-31 -========== - -* :vytask:`T6186` ``(bug): Fix regression in 'set system image default-boot'`` -* :vytask:`T5832` ``(feature): Keepalived: Allow using the 'dev' statement on excluded-addresses`` - - -2024-03-28 -========== - -* :vytask:`T6147` ``(bug): Conntrack not working as expected with global state-policy`` -* :vytask:`T6175` ``(bug): op-mode: "renew dhcp interface <name>" does not check if it's an actual DHCP interface`` - - -2024-03-26 -========== - -* :vytask:`T6066` ``(bug): Setting same network in different ospf area will raise exception`` - - -2024-03-25 -========== - -* :vytask:`T6145` ``(bug): Service config-sync does not rely on priorities but must`` - - -2024-03-24 -========== - -* :vytask:`T6161` ``(feature): Output container images as JSON`` -* :vytask:`T6165` ``(bug): grub: vyos-grub-update failed to start on "slow" systems`` -* :vytask:`T6085` ``(bug): VTI interfaces are in UP state by default`` -* :vytask:`T6152` ``(bug): Kernel panic for ZimaBoard 232`` - - -2024-03-23 -========== - -* :vytask:`T6160` ``(bug): isis: NameError: name 'process' is not defined`` -* :vytask:`T6131` ``(bug): Disabling openvpn interface(s) causes OSPF to fail to load on reboot`` -* :vytask:`T4022` ``(feature): Add package nat-rtsp-dkms`` - - -2024-03-22 -========== - -* :vytask:`T6136` ``(bug): Configuring a dynamic address group, config script did not check whether the group was created`` -* :vytask:`T6130` ``(bug): [1.3.6->1.4.0-epa2 Migration] BGP "set community" missing`` -* :vytask:`T6090` ``(bug): [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity`` -* :vytask:`T6155` ``(default): ixgbe: failed to initialize because an unsupported SFP+ module type was detected.`` -* :vytask:`T6125` ``(feature): Support 802.1ad (0x88a8) vlan filtering for bridge`` -* :vytask:`T5624` ``(default): Remove /etc/debian_version from the image`` - - -2024-03-21 -========== - -* :vytask:`T6143` ``(feature): Increase configuration timeout range for service config-sync`` - - -2024-03-20 -========== - -* :vytask:`T6133` ``(feature): Add domain-name to commit-archive`` -* :vytask:`T6129` ``(feature): bgp: add route-map option "as-path exclude all"`` - - -2024-03-19 -========== - -* :vytask:`T6127` ``(bug): Ability to view logs for rules with Offload not functional`` -* :vytask:`T6138` ``(bug): Conntrack table op-mode fails with flowtable offload entries`` - - -2024-03-15 -========== - -* :vytask:`T6118` ``(feature): radvd: RFC8781: add nat64prefix support`` - - -2024-03-12 -========== - -* :vytask:`T6020` ``(bug): VRRP health-check script is not applied correctly in keepalived.conf`` -* :vytask:`T5646` ``(bug): QoS policy limiter broken if class without match`` -* :vytask:`T2433` ``(feature): Improve CLI value validator performance`` -* :vytask:`T1436` ``(bug): Config entries with default values do not correctly show as changed`` - - -2024-03-11 -========== - -* :vytask:`T6098` ``(bug): Description doesnt seem to allow for non international characters`` -* :vytask:`T6070` ``(bug): bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading`` -* :vytask:`T2998` ``(bug): SNMP v3 oid "exclude" option doesn't work`` -* :vytask:`T6107` ``(bug): Nginx does not allow big config queries for configure endpoint API`` -* :vytask:`T6096` ``(bug): Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` -* :vytask:`T6093` ``(bug): Incorrect dhcp-options vendor-class-id regex`` -* :vytask:`T6083` ``(feature): ethtool: move string parsing to JSON parsing`` -* :vytask:`T6069` ``(bug): HTTP API segfault during concurrent configuration requests`` -* :vytask:`T6057` ``(feature): Add ability to disable syslog for conntrackd`` -* :vytask:`T5504` ``(feature): Keepalived VRRP ability to set more than one peer-address`` -* :vytask:`T5717` ``(feature): ospfv3 - add allow to set metric-type to ospf redistribution while frr docs says its possible.`` -* :vytask:`T6071` ``(bug): firewall: CLI description limit of 256 characters cause config upgrade issues`` - - -2024-03-08 -========== - -* :vytask:`T6086` ``(bug): NAT does not work with network-groups`` -* :vytask:`T6094` ``(bug): Destination Nat not Making Firewall Rules`` -* :vytask:`T6061` ``(bug): connection-status nat destination firewall filter not working in 1.4.0-epa1`` -* :vytask:`T6075` ``(bug): Applying firewall rules with a non-existent interface group`` - - -2024-03-07 -========== - -* :vytask:`T6104` ``(bug): Regression in commit-archive for non-interactive configuration`` -* :vytask:`T6084` ``(bug): OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration`` -* :vytask:`T5348` ``(bug): Service config-sync can freeze the secondary router if it has commit-archive location`` -* :vytask:`T6073` ``(bug): Conntrack/NAT not being disabled when VRFs are defined`` -* :vytask:`T6095` ``(default): Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"`` - - -2024-03-06 -========== - -* :vytask:`T6079` ``(bug): dhcp: migration fails for duplicate static-mapping`` - - -2024-03-05 -========== - -* :vytask:`T5903` ``(bug): NHRP don´t start on reboot from version 1.5-rolling-202401010026`` -* :vytask:`T2447` ``(feature): Additional Boot Argument Configuration to limit CPU C-States`` - - -2024-03-04 -========== - -* :vytask:`T6054` ``(bug): load-balancing wan - doesn't configure a list of ports`` -* :vytask:`T6087` ``(feature): ospfv3: add support to redistribute IS-IS routes`` - - -2024-03-02 -========== - -* :vytask:`T6081` ``(bug): QoS policy shaper target and interval wrong calcuations`` - - -2024-02-29 -========== - -* :vytask:`T6078` ``(feature): Update ethtool to 6.6`` -* :vytask:`T6077` ``(feature): banner: implement ASCII contest winner default logo`` -* :vytask:`T6074` ``(feature): container: do not allow deleting images which have a container running`` - - -2024-02-28 -========== - -* :vytask:`T6055` ``(bug): PKI error: "failed to install x value" when executed the command from conf mode`` -* :vytask:`T4270` ``(bug): dns forwarding - When "ignore-hosts-file" is unset, local hostname of router resolves to 127.0.1.1`` - - -2024-02-27 -========== - -* :vytask:`T6065` ``(bug): Duplicate lines in build-vyos-image script cause sagitta build to fail`` -* :vytask:`T5080` ``(bug): Conntrack enabled by default`` - - -2024-02-26 -========== - -* :vytask:`T6064` ``(bug): Can not build VyOS if repository it not cloned to a branch`` -* :vytask:`T5754` ``(default): Update to StrongSwan 5.9.11`` - - -2024-02-25 -========== - -* :vytask:`T6060` ``(feature): op-mode: container: support removing all container images at once`` - - -2024-02-24 -========== - -* :vytask:`T5909` ``(bug): Container registry with authentication prevents config load (section container) after reboot`` - - -2024-02-23 -========== - -* :vytask:`T5376` ``(bug): Conntrack FTP helper does not work properly`` -* :vytask:`T970` ``(feature): Hostname Support in NAT and Firewall Rules`` -* :vytask:`T4940` ``(feature): Interface debugging`` - - -2024-02-22 -========== - -* :vytask:`T6048` ``(bug): Exception in event handler script`` -* :vytask:`T3902` ``(bug): Firewall does not load on boot, address-group not found, even though it exists`` - - -2024-02-21 -========== - -* :vytask:`T6050` ``(bug): Wrong scripting commands descriptions in accel-ppp services`` - - -2024-02-19 -========== - -* :vytask:`T5971` ``(default): Create the same view of ppp section for all accel-ppp services`` -* :vytask:`T6029` ``(default): Rewrite Accel-PPP services to an identical feature set`` -* :vytask:`T3722` ``(bug): op-mode IPSec show vpn ike sa always shows L-TIME 0`` - - -2024-02-18 -========== - -* :vytask:`T6043` ``(bug): VxLAN and bridge error bug`` -* :vytask:`T6041` ``(bug): image-tools: install fails from PXE boot into live iso due to restrictive logic`` - - -2024-02-17 -========== - -* :vytask:`T5972` ``(feature): login: add possibility to disable individual local user accounts`` - - -2024-02-16 -========== - -* :vytask:`T6009` ``(bug): Firewall - Time not working properly when not using UTC`` -* :vytask:`T6005` ``(bug): Error on adding a wireguard interface to OSPFv3`` -* :vytask:`T2113` ``(bug): OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` -* :vytask:`T6019` ``(feature): Bump nftables and libnftnl version`` -* :vytask:`T3471` ``(bug): DHCP hook is not able to detect all running DHCP instances`` -* :vytask:`T6015` ``(default): "journalctl_charon" file does not contain data in the generated "ipsec debug-archive" file`` -* :vytask:`T6001` ``(default): Add option to enable resolve-via-default`` -* :vytask:`T5965` ``(bug): WWAN modems using raw-ip do not work with dhclient/dhcp6c`` -* :vytask:`T5418` ``(bug): PPPoE-Server Client IP pool Subnet`` -* :vytask:`T5245` ``(bug): Wireless interfaces do not get IPv6 link-local address assigned`` - - -2024-02-15 -========== - -* :vytask:`T5977` ``(bug): nftables: Operation not supported when using match-ipsec in outbound firewall`` -* :vytask:`T2612` ``(bug): HTTPS API, changing API key fails but goes through`` -* :vytask:`T5989` ``(bug): IP subnets not usable in UPnP ACLs`` -* :vytask:`T5890` ``(default): OTP key generation is broken`` -* :vytask:`T5719` ``(default): mdns repeater: Add op-mode commands`` -* :vytask:`T4839` ``(feature): Dynamic Firewall groups`` -* :vytask:`T4801` ``(feature): Support for building AWS-ready ISO`` -* :vytask:`T3993` ``(enhancment): Extend HTTP API GraphQL support`` -* :vytask:`T3991` ``(bug): PKI operational command return traceback`` -* :vytask:`T3780` ``(bug): VTI not being brought down when tunnel is down`` -* :vytask:`T3001` ``(feature): Disable spectre mitigation patches from CLI`` -* :vytask:`T562` ``(feature): PDNS: Add support for authoritative dns server`` -* :vytask:`T71` ``(feature): Add virtual IP and route installation policy options for IPsec`` -* :vytask:`T5496` ``(default): `show firewall` error`` -* :vytask:`T4038` ``(default): Rewrite `vyatta-image-tools.pl` in Python`` -* :vytask:`T4997` ``(default): Add DHCP client user hooks dir`` -* :vytask:`T775` ``(feature): Config Sync between two VyOS routers`` -* :vytask:`T381` ``(feature): config nodes for EasyRSA CAs`` -* :vytask:`T118` ``(feature): Native Zabbix Support`` - - -2024-02-14 -========== - -* :vytask:`T6034` ``(feature): rpki: move file based SSH keys for authentication to PKI subsystem`` -* :vytask:`T5981` ``(bug): IPsec site-to-site migrated PKI ca certificates are created with an '@'`` -* :vytask:`T5930` ``(bug): vrf - route-leak not work using route-target both command.`` -* :vytask:`T5709` ``(bug): IPoE-server fails if next pool mentioned but not defined`` -* :vytask:`T4119` ``(bug): Issue with l2tp remote-access ipv6 configuration`` -* :vytask:`T2044` ``(bug): RPKI doesn't boot properly`` -* :vytask:`T6032` ``(feature): bgp: add EVPN MAC-VRF Site-of-Origin support`` -* :vytask:`T5960` ``(default): Rewriting authentication section in accel-ppp services`` - - -2024-02-13 -========== - -* :vytask:`T5928` ``(bug): Configuration fails to load on boot if offloading has VLAN interfaces defined`` -* :vytask:`T5482` ``(bug): Chrony NTP Server Fails To Sync Time`` -* :vytask:`T5064` ``(bug): Value validation for domain-groups seems to be broken`` - - -2024-02-12 -========== - -* :vytask:`T6010` ``(bug): Support setting multiple values in BGP path-attribute`` -* :vytask:`T6004` ``(bug): RPKI is not configured`` -* :vytask:`T5952` ``(default): DHCP allow same MAC Address on same subnet`` -* :vytask:`T5849` ``(feature): Add SRv6 route commands`` - - -2024-02-10 -========== - -* :vytask:`T6023` ``(bug): rpki: add support for CLI knobs expire-interval and retry-interval`` -* :vytask:`T1090` ``(default): Webproxy overhaul`` - - -2024-02-09 -========== - -* :vytask:`T6028` ``(bug): QoS policy shaper wrong class_id_max and default_minor_id`` -* :vytask:`T6026` ``(bug): QoS hide attempts to delete qdisc from devices`` -* :vytask:`T5788` ``(feature): frr: update to 9.1 release`` -* :vytask:`T5703` ``(bug): QoS config on pppoe interface resets back to fq_codel after tunnel reboots`` -* :vytask:`T5685` ``(feature): Keepalived VRRP prefix is not necessary for the virtual address`` - - -2024-02-08 -========== - -* :vytask:`T6014` ``(feature): Bump keepalived version`` -* :vytask:`T5910` ``(bug): Grub problem(?) Serial Console no longer working`` -* :vytask:`T6021` ``(bug): QoS r2q wrong calculation`` - - -2024-02-07 -========== - -* :vytask:`T6017` ``(bug): Update vyos-http-api-tools for security advisory`` -* :vytask:`T6016` ``(bug): Resolve intermittent failures in cleanup function after failed image install`` -* :vytask:`T6024` ``(feature): bgp: add additional missing FRR features`` -* :vytask:`T6011` ``(feature): rpki: known-hosts-file is no longer supported by FRR CLI - remove VyOS CLI node`` -* :vytask:`T5998` ``(feature): replay_window setting under vpn in config`` - - -2024-02-06 -========== - -* :vytask:`T6018` ``(default): smoketest: updating http-api framework requires a pause before test`` -* :vytask:`T5921` ``(bug): Trying to commit an OpenConnect configuration without any local users results in an exception`` -* :vytask:`T5687` ``(feature): Implement ECS settings for PowerDNS recursor`` - - -2024-02-05 -========== - -* :vytask:`T5974` ``(bug): QoS policy shaper is currently miscalculating bandwidth and ceil values for the default class`` -* :vytask:`T5865` ``(feature): Rewrite ipv6 pool section to ipv6 named pools in Accel-ppp services`` - - -2024-02-02 -========== - -* :vytask:`T5739` ``(bug): Password recovery does not work if public keys are configured`` -* :vytask:`T5955` ``(feature): Rootless containers/set uid/gid for container`` -* :vytask:`T5941` ``(bug): [1.3.5 -> 1.4.0-RC1 Migration] Orphaned Configuration Nodes Cause Issues`` -* :vytask:`T6003` ``(feature): Add 'show rpki as-number' and 'show rpki prefix'`` -* :vytask:`T5848` ``(feature): Add triple-isolate flow isolation option to CAKE QoS policy`` - - -2024-02-01 -========== - -* :vytask:`T5995` ``(bug): Kernel NIC-drivers for Huawei NICs are not properly enabled`` -* :vytask:`T5978` ``(bug): ethernet: hw-tc-offload does not actually get enabled on the NIC`` -* :vytask:`T5979` ``(enhancment): Add configurable kernel boot parameters`` -* :vytask:`T5973` ``(bug): vrf: RTNETLINK answers: File exists`` -* :vytask:`T5967` ``(bug): Multi-hop BFD connections can't be established; please add minimum-ttl option.`` -* :vytask:`T5619` ``(default): Update the Intel ixgbe driver due to issues with Intel X533`` - - -2024-01-31 -========== - -* :vytask:`T6000` ``(bug): [1.3.x -> 1.5.x] migrating threw exception in /opt/vyatta/etc/config-migrate/migrate/https/5-to-6, performed workaround`` -* :vytask:`T5999` ``(bug): load-balancing reverse-proxy can't configure root as a redirect`` - - -2024-01-30 -========== - -* :vytask:`T5980` ``(feature): Add image-tools support for configurable kernel boot options`` - - -2024-01-29 -========== - -* :vytask:`T5988` ``(bug): image-tools: a check of valid image name is missing from 'add image'`` -* :vytask:`T5994` ``(bug): Fix typo in 'remote' module preventing 'add system image' via ftp`` - - -2024-01-26 -========== - -* :vytask:`T5957` ``(bug): Firewall fails to delete inbound-interface name`` -* :vytask:`T5779` ``(bug): custom conntrack timeout rule not applicable`` -* :vytask:`T5984` ``(feature): Add user util numactl`` - - -2024-01-25 -========== - -* :vytask:`T5983` ``(bug): image-tools: minor regression in pruning version files in compatibility mode`` -* :vytask:`T5927` ``(bug): QoS policy shaper-hfsc class does not have a `bandwidth` node but requires one in the check`` -* :vytask:`T5834` ``(bug): Rename 'enable-default-log' to 'default-log'`` - - -2024-01-22 -========== - -* :vytask:`T5968` ``(feature): hsflowd: add VRF support`` -* :vytask:`T5975` ``(bug): GraphQL expects script otp.py that does not exists in 1.4`` -* :vytask:`T5961` ``(bug): QoS policy shaper vif with ceiling fails on commit`` -* :vytask:`T5958` ``(bug): QoS policy shaper-hfsc is not implemented`` -* :vytask:`T5160` ``(feature): Firewall refactor`` -* :vytask:`T5969` ``(feature): op-mode: list multicast group membership`` - - -2024-01-21 -========== - -* :vytask:`T5799` ``(bug): vyos unbootable after 1.4-rolling-202308240020 to 1.5-rolling-202312010026 upgrade`` -* :vytask:`T5787` ``(bug): dhcp-server allows duplicate static-mapping for the same IP address`` -* :vytask:`T5692` ``(enhancment): NTP leap smear`` -* :vytask:`T5954` ``(feature): Enable nvme_hwmon and drivetemp in KERNEL`` - - -2024-01-20 -========== - -* :vytask:`T5915` ``(bug): Firewall zone - Re add op-mode commands`` -* :vytask:`T5805` ``(bug): Missed per-interface statistic in telegraf`` -* :vytask:`T5724` ``(feature): About dhcp client hooks`` -* :vytask:`T5577` ``(bug): Optimize PAM configs for RADIUS/TACACS+`` -* :vytask:`T5550` ``(bug): Source validation on interface does not work properly`` -* :vytask:`T5267` ``(bug): Another corruption on upgrade`` -* :vytask:`T5239` ``(bug): frr 'hostname' missing or incorrect, and domain-name missing totally`` -* :vytask:`T5219` ``(bug): ddclient: Cloudflare doesn't require login`` -* :vytask:`T5217` ``(feature): Add firewall SYNPROXY`` -* :vytask:`T5203` ``(feature): load-balancing wan add systemd unit instead of old vyatta-wanloadbalance.init`` -* :vytask:`T5199` ``(bug): Salt-minion cannot connect to server in python 3.10 and up`` -* :vytask:`T5138` ``(feature): Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID`` -* :vytask:`T5054` ``(bug): ipsec: "show vpn ipsec remote-access" does not list active connections`` -* :vytask:`T5053` ``(bug): Vyatta-cfg Post-Removal Hook Tries to Disable Deleted Service`` -* :vytask:`T5035` ``(feature): Add more actions to policy route rule`` -* :vytask:`T4990` ``(bug): Commit results may not be properly saved if power is cut immediately after a successful commit`` -* :vytask:`T4988` ``(default): Expose time and size conversion functions as Jinja2 filters`` -* :vytask:`T4986` ``(feature): Ability to filter traffic originating from the router itself via firewall`` -* :vytask:`T4963` ``(default): vyos.ethtool: improve/fix driver name detection`` -* :vytask:`T4935` ``(bug): ospfv3: "not-advertise" and "advertise" conflict`` -* :vytask:`T4897` ``(bug): Setting 'source-address' or `source-interface` on existing vxlan interface doesn't work`` -* :vytask:`T4888` ``(default): Rewrite the conntrack sync script using vyos.opmode`` -* :vytask:`T4863` ``(feature): need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting)`` -* :vytask:`T4817` ``(feature): Please add support for RFC 9234`` -* :vytask:`T4765` ``(default): Normalize field names in op mode JSON outputs`` -* :vytask:`T4751` ``(enhancment): Feature Request: system login: 2FA OTP key generator in VyOS CLI`` -* :vytask:`T4726` ``(default): Add completion and validation for the accel-ppp RADIUS vendor option`` -* :vytask:`T4722` ``(default): Improve abbreviation/acronym consistency`` -* :vytask:`T4172` ``(feature): Patch ndppd to not read route table if there are no auto prefixes`` -* :vytask:`T4085` ``(feature): Rewrite L2TP/PPTP/SSTP/PPPoE services to get_config_dict`` -* :vytask:`T4031` ``(feature): Ability to configure DMVPN in vrf`` -* :vytask:`T4030` ``(bug): SR-IOV and interface renaming bug`` -* :vytask:`T4014` ``(feature): Add “command” and “arg” configuration options for containers`` -* :vytask:`T3965` ``(default): arm: Extend configure scripts to allow for arm builds`` -* :vytask:`T3813` ``(bug): Some custom sysctl parameters can't be applied bug`` -* :vytask:`T3778` ``(bug): Abnormal network communication and settings`` -* :vytask:`T3591` ``(bug): OpenVPN with/without VRF not working (NordVPN)`` -* :vytask:`T3372` ``(feature): Support public HTTPS repos in live-build`` -* :vytask:`T5963` ``(bug): QoS policy shaper rate calculations could be wrong for some ethernet devices`` -* :vytask:`T5962` ``(feature): QoS policy set default speed to 100mbit or 1gbit instead of 10mbit`` -* :vytask:`T5697` ``(bug): event-handler keep failing`` -* :vytask:`T4779` ``(default): Make raw op mode command outputs use bytes for data amount values`` - - -2024-01-19 -========== - -* :vytask:`T5897` ``(bug): VyOS with Cloud-init and VRF stucks at reboot/shutdown process`` -* :vytask:`T5554` ``(bug): Disable sudo for PAM RADIUS`` -* :vytask:`T4754` ``(default): Improvement: system login: show configured 2FA OTP key`` -* :vytask:`T5857` ``(bug): show interfaces wireless info`` -* :vytask:`T5841` ``(default): Remove old ssh-session-cleanup.service`` -* :vytask:`T5543` ``(bug): Fix source address handling in static joins`` -* :vytask:`T5884` ``(default): Minor description fix (op-mode: generate wireguard)`` -* :vytask:`T5781` ``(default): Add ability to add additional minisign keys`` - - -2024-01-18 -========== - -* :vytask:`T5863` ``(bug): Failure to Load Config on Recent 1.5 Versions`` -* :vytask:`T4638` ``(bug): Deleting a parent interface does not delete its underlying VLAN interfaces`` -* :vytask:`T5953` ``(default): Rename 'close_action' value from `hold` to `trap` in IPSEC IKE`` -* :vytask:`T905` ``(bug): The command show remote-config does not work for remote-platform openvpn`` - - -2024-01-17 -========== - -* :vytask:`T5923` ``(bug): Config mode system_console.py is not aware of revised GRUB file structure`` -* :vytask:`T4658` ``(feature): Rename DPD action `hold` to `trap``` -* :vytask:`T5932` ``(bug): 1.4-rolling-202304120317 to 1.4.0-rc1: dynamic dns migration fail`` - - -2024-01-16 -========== - -* :vytask:`T5951` ``(bug): [1.4.0-RC2] show hardware dmi Operational Mode Command Broken`` -* :vytask:`T5937` ``(bug): [1.3.5 -> 1.4.0-RC1 Migration] IPv6 BGP Neighbor Peer Groups Missing / Not Migrated`` -* :vytask:`T5889` ``(bug): Migration NAT 5-to-6 bug`` -* :vytask:`T5859` ``(bug): Invalid format of pool range in accel-ppp services`` -* :vytask:`T5842` ``(feature): Rewrite PPTP service to get_config_dict`` -* :vytask:`T5801` ``(feature): Rewrite L2TP service to get_config_dict`` -* :vytask:`T5688` ``(default): Create the same view of pool configuration for all accel-ppp services`` - - -2024-01-15 -========== - -* :vytask:`T5944` ``(bug): "reboot in 1" not working`` -* :vytask:`T5936` ``(bug): [1.3.5 -> 1.4.0-RC1 Migration] OSPF Passive Interface Configuration Not Working Correctly`` -* :vytask:`T5247` ``(bug): the bug of the command "show interfaces system"`` -* :vytask:`T5901` ``(bug): Cloud-init and DHCP exit hook errors`` -* :vytask:`T4856` ``(bug): DHCP-client exit hook for IPsec is incorrect`` -* :vytask:`T2556` ``(bug): "show interfaces vrrp" does not return any interface`` - - -2024-01-14 -========== - -* :vytask:`T4428` ``(feature): Update ddclient to newer version`` - - -2024-01-12 -========== - -* :vytask:`T5925` ``(feature): Containers change systemd KillMode`` -* :vytask:`T5920` ``(bug): Quick Start documentation contains error`` -* :vytask:`T5919` ``(bug): Firewall - opmode for ipv6`` -* :vytask:`T5306` ``(default): bgp config migration failed with v6only option configured with peer-group`` -* :vytask:`T3429` ``(bug): Hyper-V integration services not working on VyOS 1.4 (sagitta/current)`` - - -2024-01-11 -========== - -* :vytask:`T5896` ``(bug): Config Error on Boot with Podman and Firewall`` -* :vytask:`T5532` ``(bug): After add system image the boot stuck and works again after the second reboot`` -* :vytask:`T5512` ``(bug): build linux-firmware script cannot expand asterisks if firmware name is a glob string`` -* :vytask:`T5379` ``(bug): show system updates doesnt seem to be working`` -* :vytask:`T5275` ``(default): Add op mode commands for exporting certificates to PEM files with correct headers`` -* :vytask:`T5274` ``(default): Add a deprecation warning for OpenVPN site-to-site with pre-shared secret`` -* :vytask:`T5262` ``(default): Warn the user about unsaved config on reboot/shutdown attempts`` -* :vytask:`T5257` ``(feature): Cannont assign netflow source ip to ip in non default VRF`` -* :vytask:`T5026` ``(feature): Python3 modules crypt and spwd are deprecated`` -* :vytask:`T5814` ``(bug): VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration`` -* :vytask:`T4610` ``(bug): Firewall with 20K entries cannot load after reboot`` -* :vytask:`T3191` ``(bug): PAM RADIUS freezing when accounting does not configured on RADIUS server`` -* :vytask:`T5917` ``(feature): Restore annotations of (running)/(default boot) in select image list`` -* :vytask:`T5916` ``(default): Added segment routing check for index size and SRGB size`` -* :vytask:`T5913` ``(feature): Allow for Peer-Groups in ipv4-labeled-unicast SAFI`` - - -2024-01-10 -========== - -* :vytask:`T5918` ``(bug): Verification problem for `set vpn ipsec interface``` -* :vytask:`T5911` ``(bug): pki: service update ignored if certificate name contains a hyphen (-)`` -* :vytask:`T5886` ``(feature): Add support for ACME protocol (LetsEncrypt)`` -* :vytask:`T5766` ``(bug): http: rewrite conf-mode script to get_config_dict()`` -* :vytask:`T5144` ``(default): Modernize dynamic dns operation`` -* :vytask:`T4689` ``(feature): Support RFS(Receive Flow Steering)`` -* :vytask:`T4659` ``(feature): Use vtysh to display bridge and some interface parameter information`` -* :vytask:`T4646` ``(bug): USB serial output console does not work`` -* :vytask:`T4577` ``(bug): WWAN commit failed which simple config`` -* :vytask:`T4502` ``(feature): Consider implementing (NAT/other) flow table offload`` -* :vytask:`T4446` ``(default): Unified CLI for displaying neithbors (ARP, IP, and NDP)`` -* :vytask:`T4427` ``(default): Remove the vyos-utils package list from vyos-build`` -* :vytask:`T4300` ``(feature): Extend list of supported interfaces for Cloud-init Network Configuration`` -* :vytask:`T4250` ``(bug): Organize logrotate settings to avoid duplicates`` -* :vytask:`T4236` ``(feature): Generate ovpn openvpn client configuration files`` -* :vytask:`T4222` ``(feature): Support for TWAMP as round-trip metric`` -* :vytask:`T3833` ``(bug): Cloud-init not finding data source in OpenStack`` -* :vytask:`T5902` ``(bug): http: remove virtual-host configuration in webserver`` -* :vytask:`T3499` ``(bug): Podman is not compatible with nat rules`` -* :vytask:`T3430` ``(bug): Cloud-init failing with “Unable to render networking” on VyOS 1.3`` -* :vytask:`T3011` ``(bug): router becomes unreachable for few minutes when vti interfaces goes down`` -* :vytask:`T5791` ``(default): Update dynamic dns configuration path to be consistent with other areas of VyOS`` -* :vytask:`T5708` ``(default): Additional dynamic dns improvements to align with ddclient 3.11.1 release`` -* :vytask:`T5573` ``(bug): Fix ddclient cache entries`` -* :vytask:`T5012` ``(feature): Control network configuration from Cloud-Init config`` -* :vytask:`T3116` ``(feature): Support back-end L4 level load balancing`` -* :vytask:`T5614` ``(default): Add conntrack helper matching on firewall`` -* :vytask:`T4782` ``(enhancment): Allow multiple CA certificates (on e.g. EAPoL)`` -* :vytask:`T2199` ``(default): Rewrite firewall in new XML/Python style`` - - -2024-01-09 -========== - -* :vytask:`T5898` ``(bug): Replace partprobe with partx due to unable to install VyOS`` -* :vytask:`T5838` ``(feature): Add Infiniband kernel modules`` -* :vytask:`T5785` ``(bug): API output of show container image broken`` -* :vytask:`T5410` ``(feature): Improve `utils.convert.convert_data()` to process all stdtypes`` -* :vytask:`T5269` ``(default): OpenVPN non-TLS site-to-site mode deprecation`` -* :vytask:`T5249` ``(feature): Add rollback-soft feature to rollback without a reboot`` -* :vytask:`T4944` ``(default): Prevent op mode functions from returning bare literals in raw output`` -* :vytask:`T4910` ``(default): Rewrite the remote access VPN op mode in the new style`` -* :vytask:`T4470` ``(feature): Rewrite load-balancing wan to XML/Python`` -* :vytask:`T3763` ``(bug): wireguard checks if port already binding`` -* :vytask:`T3489` ``(bug): NUMA has been disabled for the past few years and no-one has noticed`` -* :vytask:`T3476` ``(feature): Update availability check`` -* :vytask:`T2845` ``(bug): BGP conf_mode unable to delete configuration with peer-group`` -* :vytask:`T2844` ``(bug): BGP conf_mode errors disable-send-community`` -* :vytask:`T2755` ``(default): Requirements for partial interface setup`` -* :vytask:`T2721` ``(enhancment): Set FQ-CoDel as the default queueing mechanism for every class in Shaper`` -* :vytask:`T2511` ``(feature): Migrate vyatta-op-quagga to new XML format`` -* :vytask:`T2302` ``(default): Convert configuration scripts from executables to modules and use a script runner`` -* :vytask:`T2281` ``(feature): DHCP and Static IPs on Same Interface`` -* :vytask:`T2216` ``(default): Containerized third-party applications for VyOS`` -* :vytask:`T2171` ``(feature): Unify creation and manipulation of interfaces`` -* :vytask:`T1759` ``(feature): Replacing Vyatta::Interface perl`` -* :vytask:`T2408` ``(enhancment): DHCP Relay upstream and downstream interfaces`` -* :vytask:`T1297` ``(feature): Add GARP settings to VRRP/keepalived`` - - -2024-01-08 -========== - -* :vytask:`T5888` ``(bug): Firewall upgrade fails because of icmpv6`` -* :vytask:`T5844` ``(bug): HTTPS API doesn't start without configured keys even when GraphQL authentication type is set to token`` -* :vytask:`T5664` ``(bug): 1.4 user has no permissions?`` -* :vytask:`T5215` ``(default): Add a built-in ICMP health check for VRRP groups`` -* :vytask:`T5045` ``(bug): BFD is not starting after upgrade to 1.4-rolling-202302150317`` -* :vytask:`T4193` ``(default): Add support for transparent firewall`` -* :vytask:`T3754` ``(default): Make config scripts more testable`` -* :vytask:`T3663` ``(default): Use inotify file watching where applicable`` -* :vytask:`T3480` ``(bug): Does not possible to change console baud-rate`` -* :vytask:`T2897` ``(default): Remove cluster command`` -* :vytask:`T5904` ``(feature): op-mode: add "show ipv6 route vrf <name> <prefix>" command`` - - -2024-01-07 -========== - -* :vytask:`T5891` ``(bug): OpenVPN IPv6 config issue with 1.4-rc1`` -* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)`` - - -2024-01-06 -========== - -* :vytask:`T3670` ``(feature): Option to disable HTTP port 80 redirect`` - - -2024-01-05 -========== - -* :vytask:`T3642` ``(feature): PKI configuration`` -* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False`` - - -2024-01-04 -========== - -* :vytask:`T4072` ``(feature): Feature Request: Firewall on bridge interfaces`` -* :vytask:`T3459` ``(default): Inform the user when unable to install outdated image`` - - -2024-01-03 -========== - -* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces`` -* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots`` -* :vytask:`T4500` ``(bug): Missing firewall logs`` - - -2024-01-02 -========== - -* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64`` - - -2024-01-01 -========== - -* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image`` -* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands`` - - -2023-12-30 -========== - -* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work`` -* :vytask:`T5653` ``(feature): Command to display fingerprint`` - - -2023-12-29 -========== - -* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers`` -* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` -* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1`` - - -2023-12-28 -========== - -* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature`` -* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x`` -* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon`` -* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages`` -* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings`` -* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release`` - - -2023-12-25 -========== - -* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"`` -* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding`` -* :vytask:`T5856` ``(bug): SNMP service removal fails`` - - -2023-12-24 -========== - -* :vytask:`T5853` ``(default): Typo interfaces-virtual-ethernet.xml.in`` - - -2023-12-22 -========== - -* :vytask:`T5804` ``(bug): SNAT "any" interface error`` -* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients`` - - -2023-12-21 -========== - -* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected`` -* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config`` -* :vytask:`T5637` ``(bug): Firewall default-action log`` -* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` -* :vytask:`T3580` ``(feature): Refactoring firewall ipv6 rule icmpv6`` -* :vytask:`T2898` ``(feature): Support NDP proxy`` -* :vytask:`T2229` ``(feature): PPPOE Default Queue type selection`` - - -2023-12-20 -========== - -* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary`` -* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend`` - - -2023-12-19 -========== - -* :vytask:`T5828` ``(default): Fix GRUB installation on arm64`` - - -2023-12-18 -========== - -* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use`` -* :vytask:`T5831` ``(feature): show system image should reverse order by addition date`` -* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'`` -* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'`` -* :vytask:`T5819` ``(bug): Don't echo password on install image`` -* :vytask:`T5806` ``(bug): Clear old raid data on new install image`` -* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update`` -* :vytask:`T5758` ``(default): Restore scanning configs when live installing`` - - -2023-12-15 -========== - -* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` -* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` - - -2023-12-14 -========== - -* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` -* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` -* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` -* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` -* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` -* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` -* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` - - -2023-12-13 -========== - -* :vytask:`T591` ``(feature): Support SRv6`` - - -2023-12-12 -========== - -* :vytask:`T4704` ``(feature): Allow to set metric (MED) to rtt with rtt,+rtt or -rtt`` -* :vytask:`T5815` ``(enhancment): Add load_config module`` -* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` - - -2023-12-11 -========== - -* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` - - -2023-12-10 -========== - -* :vytask:`T5658` ``(default): Add VRF support for mtr`` - - -2023-12-09 -========== - -* :vytask:`T5808` ``(bug): op-mode: ipv6 ospfv3 graceful-restart description contains incorrect info`` -* :vytask:`T5802` ``(bug): ping (ip or hostname) interface <tab> produces error`` -* :vytask:`T5747` ``(feature): op-mode add MAC VRF and MTU for show interfaces summary`` -* :vytask:`T3983` ``(bug): show pki certificate Doesnt show x509 certificates`` - - -2023-12-08 -========== - -* :vytask:`T5782` ``(enhancment): Use a single config mode script for https and http-api`` -* :vytask:`T5768` ``(enhancment): Remove auxiliary http-api.conf for simplification of http-api config mode script`` -* :vytask:`T5809` ``(default): Enable GRUB support for gzip compressed kernels`` - - -2023-12-04 -========== - -* :vytask:`T5769` ``(bug): VTI tunnels lose their v6 Link Local addresses when set down/up`` - - -2023-12-03 -========== - -* :vytask:`T5753` ``(feature): Add VXLAN vnifilter support`` -* :vytask:`T5759` ``(feature): Change VXLAN default MTU to 1500 bytes`` - - -2023-11-30 -========== - -* :vytask:`T4601` ``(bug): dhcp : relay agent IP address issue.`` - - -2023-11-28 -========== - -* :vytask:`T4276` ``(bug): IPsec peers dh-group negotiation issue with pfs enabled and multiple proposals configured with IKEv1`` - - -2023-11-27 -========== - -* :vytask:`T5763` ``(bug): Fix imprecise check for remote file name in vyos-load-config.py`` -* :vytask:`T5783` ``(feature): frr: smoketests must notice any daemon crash`` - - -2023-11-26 -========== - -* :vytask:`T5760` ``(feature): DHCP client custom dhcp-options`` -* :vytask:`T2405` ``(feature): archive to GIT or other platform`` - - -2023-11-25 -========== - -* :vytask:`T5655` ``(bug): commit-archive: Ctrl+C should not eror out with stack trace, signal should be cought`` -* :vytask:`T4946` ``(default): Rewrite "add system image" in the new op-mode`` -* :vytask:`T4454` ``(default): `install-image` should check free storage`` - - -2023-11-24 -========== - -* :vytask:`T5776` ``(feature): Enable VFIO support`` -* :vytask:`T5402` ``(bug): VRRP router with rfc3768-compatibility sends multiple ARP replies`` -* :vytask:`T3895` ``(default): VYOS firewall rules do not adhere to time schedule unless placed in UTC mode.`` - - -2023-11-23 -========== - -* :vytask:`T4891` ``(bug): BFD flapping loop`` -* :vytask:`T4867` ``(bug): "show bgp neighbors ... advertised-routes" and some other commands fail for IPv4 neighbors`` - - -2023-11-22 -========== - -* :vytask:`T5767` ``(feature): Add reboot and poweroff the system via API`` -* :vytask:`T5729` ``(bug): Firewall, nat and policy route - Switch to valueless`` -* :vytask:`T5681` ``(feature): Interface match - Simplified and unified cli`` -* :vytask:`T4877` ``(bug): Need verification in using import vrf and import vpn, export vpn commands`` -* :vytask:`T4021` ``(bug): Long commit time on bridge interface with 1-4094 allowed VLAN tags`` -* :vytask:`T5338` ``(feature): Add 'mpls bgp forwarding' feature`` -* :vytask:`T3818` ``(bug): BGP export route-map only works after bgpd restart`` -* :vytask:`T5590` ``(default): Firewall "log enable" logs every packet`` -* :vytask:`T5426` ``(default): Add exceptions in vici functions calls`` - - -2023-11-21 -========== - -* :vytask:`T5762` ``(bug): http: api: smoketests fail as they can not establish IPv6 connection to uvicorn backend server`` - - -2023-11-20 -========== - -* :vytask:`T2816` ``(default): Rewrite IPsec scripts with the new XML/Python approach`` - - -2023-11-18 -========== - -* :vytask:`T1354` ``(feature): Add support for VLAN-Aware bridges`` - - -2023-11-16 -========== - -* :vytask:`T5726` ``(bug): HTTPS API image cannot be updated`` -* :vytask:`T5738` ``(feature): Extend XML building blocks`` -* :vytask:`T5736` ``(feature): igmp: migrate "protocols igmp" to "protocols pim"`` -* :vytask:`T5733` ``(feature): pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features`` -* :vytask:`T5689` ``(default): FRR 9.0.1 in VyOS current segfaults on show rpki prefix $prefix`` -* :vytask:`T5595` ``(feature): Multicast - PIM bfd feature enable`` -* :vytask:`T3638` ``(bug): Passwords With Dollar Sign Set Incorrectly`` - - -2023-11-15 -========== - -* :vytask:`T5695` ``(feature): Build FRR with LUA scripts --enable-scripting option`` -* :vytask:`T5665` ``(bug): radius user not working`` -* :vytask:`T5728` ``(bug): Improve compatibility between OpenVPN on VyOS 1.5 and OpenVPN Connect Client`` -* :vytask:`T5732` ``(bug): generate firewall rule-resequence drops geoip country-code from output`` -* :vytask:`T5661` ``(enhancment): Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection`` -* :vytask:`T1276` ``(bug): dhcp relay + VLAN fails`` - - -2023-11-13 -========== - -* :vytask:`T5698` ``(feature): EVPN ESI Multihoming`` -* :vytask:`T5563` ``(bug): container: Container environment variable cannot be set`` -* :vytask:`T5706` ``(bug): Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces`` - - -2023-11-10 -========== - -* :vytask:`T5727` ``(bug): validator: Use native URL validator instead of regex-based validator`` - - -2023-11-08 -========== - -* :vytask:`T5720` ``(bug): PPPoE-server adding new interface does not work`` -* :vytask:`T5716` ``(bug): PPPoE-server shaper template bug down-limiter option does not rely on fwmark`` -* :vytask:`T5702` ``(feature): Add ability to set include_ifmib_iface_prefix and ifmib_max_num_ifaces for SNMP`` -* :vytask:`T5648` ``(bug): ldpd neighbour template errors`` -* :vytask:`T5564` ``(bug): Both show firewall group and show firewall summary fails`` -* :vytask:`T5559` ``(feature): Selective proxy-arp/proxy-ndp when doing SNAT/DNAT`` -* :vytask:`T5541` ``(bug): Zone-Based Firewalling in VyOS Sagitta 1.4`` -* :vytask:`T5513` ``(bug): Anomalies in show firewall command after refactoring`` -* :vytask:`T4864` ``(bug): `show firewall` command errors`` - - -2023-11-07 -========== - -* :vytask:`T5586` ``(feature): Disable by default SNMP for Keepalived VRRP`` - - -2023-11-06 -========== - -* :vytask:`T5705` ``(bug): rsyslog - Not working when using facility=all`` -* :vytask:`T5704` ``(feature): PPPoE-server add max-starting option`` -* :vytask:`T5707` ``(bug): Wireguard peer public key update leaves redundant peers and breaks connectivity`` -* :vytask:`T4269` ``(feature): node.def generator should automatically add default values`` - - -2023-11-05 -========== - -* :vytask:`T4020` ``(feature): Add ability to control FRR daemons options`` - - -2023-11-03 -========== - -* :vytask:`T5700` ``(bug): Monitoring telegraf deprecated plugins inputs outputs`` -* :vytask:`T5018` ``(bug): Redirect to IFB removed after change in qos policy`` - - -2023-11-02 -========== - -* :vytask:`T5701` ``(feature): Update telegraf package`` - - -2023-11-01 -========== - -* :vytask:`T5690` ``(bug): Change to definition of environment variable 'vyos_rootfs_dir' is incorrect`` - - -2023-10-31 -========== - -* :vytask:`T5699` ``(feature): vxlan: migrate "external" CLI know to "parameters external"`` -* :vytask:`T5668` ``(feature): Disable VXLAN bridge learning and enable neigh_suppress when using EVPN`` - - -2023-10-27 -========== - -* :vytask:`T5652` ``(bug): Config migrate to image upgrade does not properly generate home directory`` -* :vytask:`T4057` ``(bug): Commit time for deleting sflow configuration ~1.5 min`` - - -2023-10-26 -========== - -* :vytask:`T5683` ``(bug): reverse-proxy pki filenames mismatch`` -* :vytask:`T4903` ``(bug): conntrack ignore does not suppotr IPv6 addresses`` -* :vytask:`T4309` ``(feature): Support network/address-groups and ipv6-network/ipv6-address-groups in conntrack ignore`` -* :vytask:`T5606` ``(feature): IPSec VPN: Allow multiple CAs certificates`` -* :vytask:`T5650` ``(default): Progressbars suffer from staircasing effect`` -* :vytask:`T5568` ``(default): Install image from live ISO always defaults boot to KVM entry`` -* :vytask:`T3509` ``(default): No BCP38 for IPv6 on VyOS`` - - -2023-10-23 -========== - -* :vytask:`T5299` ``(bug): QoS shaper ceiling does not work`` -* :vytask:`T5667` ``(feature): BGP label-unicast - enable ecmp`` -* :vytask:`T5337` ``(bug): MPLS/BGP: Route leak does not happen from the VPNv4 table to specific vrf`` - - -2023-10-22 -========== - -* :vytask:`T5254` ``(bug): Modification of any interface setting sets MTU back to default when MTU has been inherited from a bond`` -* :vytask:`T5671` ``(feature): vxlan: change port to IANA assigned default port`` - - -2023-10-21 -========== - -* :vytask:`T5670` ``(bug): bridge: missing member interface validator`` -* :vytask:`T5617` ``(feature): Add an option to exclude single values to the numeric validator`` -* :vytask:`T5414` ``(bug): dhcp-server does not allow valid bootfile-names`` -* :vytask:`T5261` ``(feature): Add AWS gateway load-balanceing tunnel handler (gwlbtun)`` -* :vytask:`T5260` ``(bug): Python3 module crypt is deprecated`` -* :vytask:`T5191` ``(default): Replace underscores with hyphens in command-line options generated by vyos.opmode`` -* :vytask:`T5172` ``(default): Set Python3 version dependency for vyos-1x to 3.10`` -* :vytask:`T4956` ``(default): 'show hardware cpu' issue on arm64`` -* :vytask:`T4837` ``(default): Expose "show ip route summary" in the op mode API`` -* :vytask:`T4770` ``(feature): Rewrite OpenVPN op-mode to vyos.opmode format`` -* :vytask:`T4657` ``(bug): op-mode scripts with type hints in `return` do not work`` -* :vytask:`T4604` ``(bug): bgpd eats huge amount of memory (about 500Megs a day)`` -* :vytask:`T4432` ``(default): Display load average normalized according to the number of CPU cores`` -* :vytask:`T4416` ``(default): Convert 'traceroute' operation to the new syntax and expand available options using python`` -* :vytask:`T4402` ``(bug): OpenVPN client-ip-pool option is broken`` -* :vytask:`T3433` ``(default): A review of the use of racist language in VyOS`` -* :vytask:`T2719` ``(feature): Standardized op mode script structure`` - - -2023-10-20 -========== - -* :vytask:`T5233` ``(bug): Op-mode flow-accounting netflow with disable-imt errors`` -* :vytask:`T5232` ``(bug): Flow-accounting uacctd.service cannot restart correctly`` - - -2023-10-19 -========== - -* :vytask:`T4913` ``(default): Rewrite the wireless op mode in the new style`` - - -2023-10-18 -========== - -* :vytask:`T5642` ``(bug): op cmd: generate tech-support archive: does not work`` -* :vytask:`T5521` ``(bug): Home owner directory changed to vyos for the user after reboot`` - - -2023-10-17 -========== - -* :vytask:`T5662` ``(bug): Fix indexing error in configdep script organization`` -* :vytask:`T5235` ``(bug): SSH keys with special characters cannot be applied via Cloud-init`` - - -2023-10-16 -========== - -* :vytask:`T5165` ``(feature): Policy local-route ability set protocol and port`` - - -2023-10-14 -========== - -* :vytask:`T5629` ``(bug): Policy local-route bug after migration to destination node address`` - - -2023-10-13 -========== - -* :vytask:`T5227` ``(feature): mDNS reflector should allow additional domains to browse and allow filtering services`` -* :vytask:`T5166` ``(feature): Remove local minisign package from build repo for 1.4`` -* :vytask:`T5118` ``(bug): Cleanup vestigial ntp completion script`` -* :vytask:`T5115` ``(default): Support custom port for name servers for forwarding zones`` -* :vytask:`T5113` ``(default): PDNS: Support custom port for DNS forwarders`` -* :vytask:`T5112` ``(feature): Enable support for Network Time Security (NTS) for chrony`` -* :vytask:`T5143` ``(enhancment): Apply constraint on powerdns forward-zones configuration`` - - -2023-10-12 -========== - -* :vytask:`T5649` ``(bug): vyos-1x should generate XML cache after building command templates for less cryptic error on typo`` - - -2023-10-10 -========== - -* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option`` -* :vytask:`T5479` ``(bug): Helper leftovers found in nftables (firewall) even with all helpers disabled`` -* :vytask:`T5436` ``(bug): vyos-preconfig-bootup.script is missing`` -* :vytask:`T5014` ``(feature): Destination NAT - Add Load Balancing capabilities`` - - -2023-10-08 -========== - -* :vytask:`T5630` ``(feature): pppoe: allow to specify MRU in addition to already configurable MTU`` - - -2023-10-06 -========== - -* :vytask:`T5096` ``(feature): Change 'accept' firewall rule action from 'return' to 'accept'`` -* :vytask:`T5576` ``(feature): Add bgp remove-private-as all option`` -* :vytask:`T3506` ``(default): Migrate loadkey command to op-mode`` - - -2023-10-05 -========== - -* :vytask:`T4320` ``(default): Remove legacy version files in vyatta-cfg-system/cfg-version`` - - -2023-10-04 -========== - -* :vytask:`T5632` ``(feature): Add jq package to parse JSON files`` -* :vytask:`T3655` ``(bug): NAT Problem with VRF`` -* :vytask:`T5585` ``(bug): Fix file access mode for dynamic dns configuration`` - - -2023-10-03 -========== - -* :vytask:`T5618` ``(bug): Flow-accounting crushes when IMT is enabled`` -* :vytask:`T5561` ``(feature): NAT - Inbound or outbound interface should not be mandatory`` -* :vytask:`T5553` ``(feature): Firewall - Add action continue`` -* :vytask:`T5250` ``(bug): Firewall - show firewall group`` -* :vytask:`T4383` ``(bug): Flow Accounting returns permission error and fails to start`` -* :vytask:`T5626` ``(feature): Only select required Kernel CGROUP controllers`` -* :vytask:`T5628` ``(feature): op-mode: login: DeprecationWarning: 'spwd'`` - - -2023-10-01 -========== - -* :vytask:`T936` ``(feature): Reimplementation of tech-support diagnostic file generation`` - - -2023-09-30 -========== - -* :vytask:`T5048` ``(bug): QoS doesn't work correctly root task`` -* :vytask:`T4989` ``(bug): QoS Policy Limiter - classes for marked traffic do not work`` - - -2023-09-28 -========== - -* :vytask:`T5596` ``(feature): bgp: add new features from FRR 9`` -* :vytask:`T5412` ``(feature): Add support for extending config-mode dependencies in supplemental package`` - - -2023-09-26 -========== - -* :vytask:`T5480` ``(bug): Ability to disable SNMP for VRRP keepalived service`` - - -2023-09-25 -========== - -* :vytask:`T5533` ``(bug): Keepalived VRRP IPv6 group enters in FAULT state`` - - -2023-09-24 -========== - -* :vytask:`T5511` ``(feature): Cleanup of unused directories (and files) in order to shrink image-size`` - - -2023-09-23 -========== - -* :vytask:`T5518` ``(default): Add MLD protocol support`` - - -2023-09-22 -========== - -* :vytask:`T5602` ``(feature): For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration`` -* :vytask:`T5609` ``(enhancment): Add util to get drive device name from id`` -* :vytask:`T5608` ``(enhancment): Rewrite add/delete raid member to Python and remove from vyatta-op`` -* :vytask:`T5607` ``(bug): Adjust RAID smoketest for non-deterministic SCSI device probing`` - - -2023-09-20 -========== - -* :vytask:`T5588` ``(bug): Add kernel conntrack_bridge module`` -* :vytask:`T5271` ``(default): Add support for peer-fingerprint to OpenVPN`` -* :vytask:`T5241` ``(feature): Support veth interfaces to working with netns`` -* :vytask:`T5238` ``(default): interface virtual-etherne - error when it doesn't use a peer`` -* :vytask:`T5592` ``(feature): salt: upgrade minion to 3005.2`` - - -2023-09-19 -========== - -* :vytask:`T5597` ``(feature): isis: add new features from FRR 9.`` -* :vytask:`T4284` ``(feature): QoS: rewrite to XML and Python`` - - -2023-09-18 -========== - -* :vytask:`T5419` ``(feature): Software/Hardware fastpath with nftables flowtable`` - - -2023-09-15 -========== - -* :vytask:`T5581` ``(feature): Add "show ip nht" op-mode command (IPv4 nexthop tracking table)`` - - -2023-09-11 -========== - -* :vytask:`T5567` ``(bug): vyos-1x: webproxy: maximum-object-size allowed ranges not in sync with Equuleus`` -* :vytask:`T5551` ``(bug): Missing check for boot_configuration_complete raises error in vyos-save-config.py`` -* :vytask:`T5353` ``(bug): config-mgmt: normalize archive updates and commit log entries`` -* :vytask:`T3424` ``(default): PPPoE IA-PD doesn't work in VRF`` -* :vytask:`T2773` ``(feature): EIGRP support for VRF`` - - -2023-09-10 -========== - -* :vytask:`T5565` ``(bug): Builds as vyos-999-timestamp instead of vyos-1.4-rolling-timestamp`` -* :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)`` -* :vytask:`T5529` ``(bug): Missing symbolic link in linux-firmware package.`` - - -2023-09-09 -========== - -* :vytask:`T5540` ``(bug): vyos-1x: Wrong VHT configuration for WiFi 802.11ac`` -* :vytask:`T5423` ``(bug): ipsec: no output for op-cmd "show vpn ike secrets"`` -* :vytask:`T3700` ``(feature): Support VLAN tunnel mapping of VLAN aware bridges`` - - -2023-09-08 -========== - -* :vytask:`T5502` ``(bug): Firewall - wrong parser for inbound and/or outbound interface`` -* :vytask:`T5460` ``(feature): Firewall - remove config-trap`` -* :vytask:`T5450` ``(feature): Firewall interface group - Allow inverted matcher`` -* :vytask:`T4426` ``(default): Add arpwatch to the image`` -* :vytask:`T4356` ``(bug): DHCP v6 client only supports single interface configuration`` - - -2023-09-07 -========== - -* :vytask:`T5510` ``(feature): Shrink imagesize and improve read performance by changing mksquashfs syntax`` - - -2023-09-06 -========== - -* :vytask:`T5542` ``(bug): ipoe-server: external-dhcp(dhcp-relay) not woking / not implemented`` -* :vytask:`T5548` ``(bug): HAProxy renders timeouts incorrectly`` -* :vytask:`T5544` ``(feature): Allow CAP_SYS_MODULE to be set on containers`` - - -2023-09-05 -========== - -* :vytask:`T5524` ``(feature): Add config directory to liveCD`` -* :vytask:`T5519` ``(bug): Function `call` sometimes hangs`` -* :vytask:`T5508` ``(bug): Configuration Migration Fails to New Netfilter Firewall Syntax`` -* :vytask:`T5495` ``(feature): Enable snmp module also for frr/ldpd`` -* :vytask:`T2958` ``(bug): DHCP server doesn't work from a live CD`` -* :vytask:`T5428` ``(bug): dhcp: client renewal fails when running inside VRF`` - - -2023-09-04 -========== - -* :vytask:`T5536` ``(bug): show dhcp client leases caues No module named 'vyos.validate'`` -* :vytask:`T5506` ``(bug): Container bridge interfaces do not have a link-local address`` - - -2023-09-03 -========== - -* :vytask:`T5538` ``(bug): Change order within variable lb_config_tmpl to fit order of manpage and fix some typos`` -* :vytask:`T4612` ``(feature): Support arbitrary netmasks in firewall rules`` - - -2023-08-31 -========== - -* :vytask:`T5190` ``(feature): Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0`` -* :vytask:`T4895` ``(bug): Tag nodes are overwritten when configured by Cloud-Init from User-Data`` -* :vytask:`T4776` ``(bug): NVME storage is not detected properly during installation`` -* :vytask:`T5531` ``(feature): Containers add label option`` -* :vytask:`T5525` ``(default): Change dev.packages.vyos.net repo to rolling-packages.vyos.net vyos-build:current uses`` - - -2023-08-30 -========== - -* :vytask:`T4933` ``(default): Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error`` -* :vytask:`T4790` ``(bug): RADIUS login does not work if sum of timeouts more than 50s`` -* :vytask:`T4113` ``(bug): Incorrect GRUB configuration parsing`` -* :vytask:`T5520` ``(bug): Likely source of corruption on system update exposed by change in coreutils for Bookworm`` -* :vytask:`T4151` ``(feature): IPV6 local PBR Support`` -* :vytask:`T4485` ``(default): OpenVPN: Allow multiple CAs certificates`` - - -2023-08-29 -========== - -* :vytask:`T3940` ``(bug): DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook`` -* :vytask:`T3713` ``(default): Create a meta-package for user utilities`` -* :vytask:`T3339` ``(bug): Cloud-Init domain search setting not applied`` -* :vytask:`T3577` ``(bug): Generating vpn x509 key pair fails with command not found`` - - -2023-08-28 -========== - -* :vytask:`T4745` ``(bug): CLI TAB issue with values with '-' at the beginning in conf mode`` -* :vytask:`T5472` ``(bug): NAT redirect should not require port`` - - -2023-08-27 -========== - -* :vytask:`T4759` ``(bug): domain-group on policy route not working`` -* :vytask:`T1097` ``(feature): Make firewall groups work everywhere that's appropropriate`` - - -2023-08-26 -========== - -* :vytask:`T5039` ``(bug): Can't add new local user`` -* :vytask:`T5023` ``(bug): PKI commit fails to update dependents`` -* :vytask:`T4512` ``(feature): enable-default-log on zone-policy`` -* :vytask:`T5003` ``(default): Upgrade base system to Debian 12 "Bookworm"`` - - -2023-08-25 -========== - -* :vytask:`T5468` ``(feature): Remove unused manpages to free up space`` -* :vytask:`T5463` ``(feature): Containers allow publish IPv6 address port`` -* :vytask:`T4412` ``(bug): commit archive: reboot not working with sftp`` -* :vytask:`T3702` ``(feature): Policy: Allow routing by fwmark`` -* :vytask:`T3536` ``(default): Unable to list all available routes`` - - -2023-08-24 -========== - -* :vytask:`T5448` ``(feature): Add service zabbix-agent`` -* :vytask:`T5006` ``(bug): Http api segfault with concurrent requests`` -* :vytask:`T5505` ``(feature): system: zebra route-map is not removed from FRR`` -* :vytask:`T5305` ``(bug): REST API configure operation should not be defined as async`` -* :vytask:`T4292` ``(feature): Rewrite vyatta-save-config.pl to Python`` - - -2023-08-23 -========== - -* :vytask:`T5478` ``(bug): Cannot configure resolver-cache options for firewall`` -* :vytask:`T5466` ``(feature): L3VPN - label allocation mode`` -* :vytask:`T5453` ``(bug): Fix nat66 - broken after load-balance was introduced in nat`` -* :vytask:`T5446` ``(bug): bgp: validity check for bestpath med option`` -* :vytask:`T5500` ``(feature): Minor fixes to configtree render`` -* :vytask:`T5469` ``(default): Incorrect dependency set in the openvpn-dco package when building VyOS for arm64`` -* :vytask:`T5387` ``(feature): dhcp6c: add a no release option`` -* :vytask:`T5491` ``(feature): Hostapd - AP-Mode - allow white-/blacklisting of Clients`` -* :vytask:`T4889` ``(default): Add nftables NAT REDIRECT [to localhost] to CLI`` - - -2023-08-22 -========== - -* :vytask:`T5407` ``(bug): Static routes pointed to container networks fail to persist after reboot`` - - -2023-08-20 -========== - -* :vytask:`T5470` ``(bug): wlan: can not disable interface if SSID is not configured`` - - -2023-08-18 -========== - -* :vytask:`T5488` ``(bug): System conntrack ignore does not take any effect`` - - -2023-08-17 -========== - -* :vytask:`T4202` ``(bug): NFT: Zone policies fail to apply when "l2tp+" is in the interface list`` -* :vytask:`T5409` ``(feature): Add 'set interfaces wireguard wgX threaded'`` -* :vytask:`T5476` ``(feature): netplug: replace Perl helper scripts with a Python equivalent`` -* :vytask:`T5223` ``(bug): tunnel key doesn't clear`` -* :vytask:`T5490` ``(feature): login: add missing regex for home direcotry and radius server key`` - - -2023-08-16 -========== - -* :vytask:`T5483` ``(bug): Residual dhcp-server test file causing zabbix-agent smoketest to fail`` - - -2023-08-15 -========== - -* :vytask:`T5293` ``(feature): Support for Floating Rules (Global Firewall-Rules that are automatically applied before all other Zone Rules)`` -* :vytask:`T5273` ``(default): Add op mode commands for displaying certificate details and fingerprints`` -* :vytask:`T5270` ``(default): Make OpenVPN `tls dh-params` optional`` - - -2023-08-14 -========== - -* :vytask:`T5477` ``(bug): op-mode pki.py should use Config for defaults`` -* :vytask:`T5461` ``(feature): Improve rootfs directory variable`` -* :vytask:`T5457` ``(feature): Add environmental variable pointing to current rootfs directory`` -* :vytask:`T5440` ``(bug): Restore pre/postconfig scripts if user deleted them`` - - -2023-08-12 -========== - -* :vytask:`T5467` ``(bug): ospf(v3): removing an interface from the OSPF process does not clear FRR configuration`` - - -2023-08-11 -========== - -* :vytask:`T5465` ``(feature): adjust-mss: config migration fails if applied to a VLAN or Q-in-Q interface`` -* :vytask:`T2665` ``(bug): vyos.xml.defaults for tag nodes`` -* :vytask:`T5434` ``(enhancment): Replace remaining calls of vyos.xml library`` -* :vytask:`T5319` ``(enhancment): Remove remaining workarounds for incorrect defaults`` -* :vytask:`T5464` ``(feature): ipv6: add support for per-interface dad (duplicate address detection) setting`` - - -2023-08-10 -========== - -* :vytask:`T5416` ``(bug): Ignoring "ipsec match-none" for firewall`` -* :vytask:`T5329` ``(bug): Wireguard interface as GRE tunnel source causes configuration error on boot`` - - -2023-08-09 -========== - -* :vytask:`T5452` ``(bug): Uncaught error in generate_cache during vyos-1x build`` -* :vytask:`T5443` ``(enhancment): Add merge_defaults as Config method`` -* :vytask:`T5435` ``(enhancment): Expose utility function for default values at path`` - - -2023-08-07 -========== - -* :vytask:`T5406` ``(bug): "update webproxy blacklists" fails when vrf is being configured`` -* :vytask:`T5302` ``(bug): QoS class with multiple matches generates one filter rule but expects several rules`` -* :vytask:`T5266` ``(bug): QoS- HTB error when match with a dscp parameter for queue-type 'priority'`` -* :vytask:`T5071` ``(bug): QOS-Rewrite: DSCP match missing`` - - -2023-08-06 -========== - -* :vytask:`T5420` ``(feature): nftables - upgrade to latest 1.0.8`` -* :vytask:`T5445` ``(feature): dyndns: add possibility to specify update interval (timeout)`` - - -2023-08-05 -========== - -* :vytask:`T5291` ``(bug): vyatta-cfg-cmd-wrapper missing ${vyos_libexec_dir} variable`` -* :vytask:`T5290` ``(bug): Failing commits for SR-IOV interfaces using ixgbevf driver due to change speed/duplex settings`` -* :vytask:`T5439` ``(bug): Upgrade to FRR version 9.0 added new daemons which must be adjusted`` - - -2023-08-04 -========== - -* :vytask:`T5427` ``(bug): Change migration script len arguments checking`` - - -2023-08-03 -========== - -* :vytask:`T5301` ``(bug): NTP: chrony only allows one bind address`` -* :vytask:`T5154` ``(bug): Chrony - multiple listen addresses`` - - -2023-08-02 -========== - -* :vytask:`T5374` ``(feature): Ability to set 24-hour time format`` -* :vytask:`T5350` ``(bug): Confusing warning message when committing VRRP config`` -* :vytask:`T5430` ``(bug): bridge: vxlan interfaces are not listed as bridgable in completion helpers`` -* :vytask:`T5429` ``(bug): vxlan: source-interface is not honored and throws config error`` -* :vytask:`T5415` ``(feature): Upgrade FRR to version 9.0`` -* :vytask:`T5422` ``(feature): Support LXD Agent`` - - -2023-08-01 -========== - -* :vytask:`T5399` ``(bug): "show ntp" fails when vrf is being configured`` -* :vytask:`T5346` ``(bug): MPLS sysctl not persistent for L2TP interfaces`` -* :vytask:`T5343` ``(feature): BGP peer group VPNv4 & VPNv6 Address Family Support`` -* :vytask:`T5339` ``(feature): Geneve interface - option to use IPv4 as inner protocol`` -* :vytask:`T5335` ``(bug): ISIS: error when loading config from file`` - - -2023-07-31 -========== - -* :vytask:`T5421` ``(feature): Add arg to completion helper 'list_interfaces' to filter out vlan subinterfaces`` - - -2023-07-29 -========== - -* :vytask:`T5403` ``(feature): Add support for extending xml cache`` - - -2023-07-28 -========== - -* :vytask:`T4602` ``(bug): DHCP `ping-check` enabled by default`` -* :vytask:`T5411` ``(feature): Remove old background monitoring implementation`` -* :vytask:`T5317` ``(enhancment): configtree: remove mutable references`` -* :vytask:`T5316` ``(enhancment): configtree: use a single pass of the diff algorithm`` - - -2023-07-27 -========== - -* :vytask:`T5368` ``(feature): FastNetmon service ids ddos-protection add support sflow mode`` - - -2023-07-26 -========== - -* :vytask:`T5398` ``(bug): FRR mangles container network interface names`` -* :vytask:`T5365` ``(bug): Container systemd units require authentication`` -* :vytask:`T4974` ``(feature): OpenVPN- Data Channel Offload(DCO)`` - - -2023-07-25 -========== - -* :vytask:`T5377` ``(feature): ospf: add graceful restart FRR feature (RFC 3623)`` - - -2023-07-21 -========== - -* :vytask:`T5373` ``(bug): LLDP seems to be running even if its disabled on all interfaces`` -* :vytask:`T5328` ``(default): bgp: Incorrect warning showed for address-family configured with neighbor as interface`` -* :vytask:`T5363` ``(bug): Bash history file does not exists after reboot and ony other file in home directory`` -* :vytask:`T5385` ``(bug): reference_tree: catch parse error on non-transcluded files`` -* :vytask:`T5361` ``(bug): "monitor log" behaves like "show log"`` - - -2023-07-20 -========== - -* :vytask:`T5362` ``(bug): `set high-availability vrrp global-parameters version 3` seems to have no effect`` -* :vytask:`T5355` ``(bug): IPSec: OP cmd : "show vpn ike sa" does not show output`` -* :vytask:`T5330` ``(enhancment): Keep track of source of config dict value when merging defaults`` -* :vytask:`T4497` ``(feature): ping cannot force ipv4 or ipv6`` -* :vytask:`T4288` ``(bug): IPsec tunnel will break when ESP timeout`` - - -2023-07-19 -========== - -* :vytask:`T5340` ``(bug): SNMP and VRF`` -* :vytask:`T5059` ``(feature): add 'disable' option to DHCP relay config`` - - -2023-07-17 -========== - -* :vytask:`T2051` ``(bug): Throughput anomalies`` - - -2023-07-16 -========== - -* :vytask:`T141` ``(feature): TACACS+ Support`` - - -2023-07-15 -========== - -* :vytask:`T5341` ``(feature): Improve CLI for high-availability virtual-server to work with multiple ports`` - - -2023-07-14 -========== - -* :vytask:`T5358` ``(bug): 99-ipsec-dhclient-hook prevents DHCP stateless routes from being installed in VRF table`` -* :vytask:`T4376` ``(bug): DNAT with multiwan and policy routing, incoming connections only work on primary interface`` -* :vytask:`T305` ``(default): loadbalancing does not work with one pppoe connection and another connection of either dhcp or static`` - - -2023-07-13 -========== - -* :vytask:`T4713` ``(bug): vyos@vyos:~$ show nat destination rules | doesn't work`` -* :vytask:`T2315` ``(feature): Ability to have right address-family for BGP peers.`` - - -2023-07-12 -========== - -* :vytask:`T5347` ``(bug): Compare commit revision bug`` -* :vytask:`T5161` ``(default): BFD Static Route Monitoring`` -* :vytask:`T5105` ``(bug): DHCP Server - Wrong error message`` -* :vytask:`T4927` ``(bug): Need to change restart to reload-or-restart in Webproxy module`` -* :vytask:`T3835` ``(bug): vyos router 1.2.7 snmp Dos bug`` -* :vytask:`T5352` ``(default): Fix missing dependency for netavark`` -* :vytask:`T4959` ``(feature): Add container registry authentication config for containers`` - - -2023-07-11 -========== - -* :vytask:`T5314` ``(bug): QOS Default classes are not configured with correct qdisc`` -* :vytask:`T4862` ``(bug): webproxy domain-block does not work`` -* :vytask:`T4844` ``(bug): Incorrect permissions of the safeguard DB directory`` -* :vytask:`T4815` ``(bug): Fix various name server config issues`` -* :vytask:`T4810` ``(bug): Op-mode show/monitor log pppoe interface does not show any logs`` -* :vytask:`T4758` ``(feature): Rewrite show dhcp server to vyos.opmode format`` -* :vytask:`T4262` ``(bug): install image doesn't respect chosen root partition size`` -* :vytask:`T3810` ``(bug): webproxy squidguard rules don't work properly after rewriting to python.`` -* :vytask:`T1928` ``(bug): Is the 'Welcome to VyOS' message when using SSH an information leak?`` -* :vytask:`T1877` ``(default): Feature Request: Allow NAT to use network and address groups`` -* :vytask:`T4813` ``(feature): L3VPN over GRE Tunnels`` -* :vytask:`T4943` ``(bug): Radius SSH login displays "permission denied" on 1.4 rolling release`` -* :vytask:`T4542` ``(default): route-map: "match prefix-len" incorrect behavior`` -* :vytask:`T4392` ``(default): Multiline login banner text reports error on commit`` - - -2023-07-10 -========== - -* :vytask:`T5345` ``(bug): Error incorrectly raised in revised multi_to_list when tag node value name == tag node name`` -* :vytask:`T3578` ``(bug): Prefix-List(6) update cause empty prefix-list(6)`` -* :vytask:`T762` ``(feature): Include rulseset in firewall`` - - -2023-07-06 -========== - -* :vytask:`T5336` ``(feature): Add Swedish keyboard-layout`` - - -2023-07-04 -========== - -* :vytask:`T5333` ``(bug): Policy base routing PBR generetes incorrect rules with name POSTROUTING`` -* :vytask:`T5081` ``(feature): ISIS and OSPF syncronization with IGP-LDP sync`` - - -2023-07-03 -========== - -* :vytask:`T5295` ``(bug): QoS shaper incorrect rate limit the traffic`` -* :vytask:`T5334` ``(feature): ospf: add support for External Route Summarisation Type-5 and Type-7`` - - -2023-07-02 -========== - -* :vytask:`T5332` ``(bug): Show policy route not working when no interface is configured`` - - -2023-07-01 -========== - -* :vytask:`T5304` ``(feature): Containers add bind-propagation option rshared`` -* :vytask:`T5296` ``(bug): QoS class cannot calculate correctly the default bandwidth auto`` -* :vytask:`T5210` ``(bug): IPSec cosmetic bug for Warning vti inrerface`` -* :vytask:`T5277` ``(bug): Dhcpv6-relay does not start on boot`` - - -2023-06-30 -========== - -* :vytask:`T5315` ``(feature): vrrp: add support for version 3`` -* :vytask:`T5283` ``(bug): IPoE server assigns network address`` -* :vytask:`T5313` ``(bug): UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned`` - - -2023-06-29 -========== - -* :vytask:`T5320` ``(enhancment): Add warning when entering config mode after a boot configuration error`` - - -2023-06-28 -========== - -* :vytask:`T1237` ``(feature): Static Route Path Monitoring, failover`` - - -2023-06-26 -========== - -* :vytask:`T5159` ``(bug): DHCPv6-server leases op-command shows warning message even if configured`` - - -2023-06-25 -========== - -* :vytask:`T5240` ``(bug): Service router-advert failed to start radvd with more then 3 name-servers`` -* :vytask:`T5312` ``(bug): Nonescaped special character in help text`` - - -2023-06-24 -========== - -* :vytask:`T5303` ``(bug): Rsyslog.service is not working`` -* :vytask:`T5298` ``(bug): Add RFKILL support into kernel.`` -* :vytask:`T5308` ``(enhancment): Remove workarounds for incorrect defaults in get_interface_dict`` -* :vytask:`T5228` ``(enhancment): Simplify get_config_dict and add argument with_defaults`` -* :vytask:`T5310` ``(bug): Need some help troubleshooting NIC detection.`` - - -2023-06-22 -========== - -* :vytask:`T5297` ``(default): Utility function to check if config under node has been changed between revisions`` - - -2023-06-20 -========== - -* :vytask:`T5300` ``(bug): verification of port availability can return false negative on boot`` -* :vytask:`T5248` ``(feature): Ability to load config via API in JSON format`` - - -2023-06-19 -========== - -* :vytask:`T5281` ``(feature): Add kernel options for vhost-net`` -* :vytask:`T5072` ``(default): QOS-Rewrite: protocol name used literally`` -* :vytask:`T4969` ``(bug): QoS Policy - Unable to set class match mark number`` - - -2023-06-18 -========== - -* :vytask:`T5256` ``(bug): QoS expects protocol number but not protocol name`` - - -2023-06-13 -========== - -* :vytask:`T5258` ``(bug): git Actions use ubuntu-22.04 instead of deprecated ubuntu-18.04 for PR conflicts checker`` -* :vytask:`T5222` ``(feature): Add load-balancing reverse-proxy based on haproxy`` -* :vytask:`T5213` ``(feature): Accel-ppp sending accounting interim updates acct-interim-interval option`` -* :vytask:`T5171` ``(feature): Use XML for conf-mode "load-balancing wan" instead of legacy templates`` - - -2023-06-12 -========== - -* :vytask:`T5282` ``(bug): Poweroff now does not work`` -* :vytask:`T5264` ``(feature): Add Mellanox Technologies firmware flash module mlxfw to kernel`` -* :vytask:`T5286` ``(feature): Remove XDP support`` - - -2023-06-10 -========== - -* :vytask:`T5231` ``(feature): Add op-mode for load-balancing reverse-proxy`` - - -2023-06-09 -========== - -* :vytask:`T5253` ``(bug): MPLS config removed at boot when wireguard interfaces present`` - - -2023-06-05 -========== - -* :vytask:`T5259` ``(bug): Openconnect cannot pass migration 1-to-2`` - - -2023-06-02 -========== - -* :vytask:`T5252` ``(bug): Route distinguisher and route targets changing upon adding interface to new VRF`` -* :vytask:`T5251` ``(bug): Uncaught errors for functions delete/delete_value in Python module configtree.py`` - - -2023-06-01 -========== - -* :vytask:`T5127` ``(bug): VPNv4/VPNv6 routes are not reinstalled following link flap`` - - -2023-05-28 -========== - -* :vytask:`T5244` ``(feature): dropbear: update to 2022.83`` -* :vytask:`T5242` ``(feature): interfaces: smoketest: automatically detect "capabilities"`` -* :vytask:`T5234` ``(feature): Add bash identifier for given VRF instance`` - - -2023-05-25 -========== - -* :vytask:`T5237` ``(feature): interfaces virtual-ethernet - Extend capabilitys of Vlans/QinQ`` -* :vytask:`T4686` ``(feature): Provides support for veth`` - - -2023-05-24 -========== - -* :vytask:`T4605` ``(feature): Firewall change default table names`` -* :vytask:`T4550` ``(feature): router-advert: Add deprecate-prefix & decrement-lifetimes options`` - - -2023-05-23 -========== - -* :vytask:`T4916` ``(feature): Rewrite IPsec authentication`` - - -2023-05-22 -========== - -* :vytask:`T5214` ``(bug): PPPoE-server incorrect warning if a named pool is defined`` -* :vytask:`T4977` ``(feature): Babel routing protocol support`` - - -2023-05-21 -========== - -* :vytask:`T4733` ``(default): Feature Request: dhcp server: add VRF support`` -* :vytask:`T5218` ``(enhancment): Revise vyos xml lib for bug fixes and extensions`` - - -2023-05-17 -========== - -* :vytask:`T5226` ``(default): Deduplicate and standardize validators and constraints for hostname and IP address`` -* :vytask:`T5225` ``(bug): BGP allowas-in unusable`` -* :vytask:`T5208` ``(bug): Failed to start nvmf-autoconnect.service during the boot`` - - -2023-05-16 -========== - -* :vytask:`T5194` ``(default): Add reference tree to vyos1x-config`` - - -2023-05-15 -========== - -* :vytask:`T3896` ``(feature): Extend ocserv support to allow for per-group configs`` - - -2023-05-12 -========== - -* :vytask:`T2778` ``(feature): Migrate "system syslog" to get_config_dict() to support new features`` -* :vytask:`T2769` ``(feature): Add VRF support for syslog`` - - -2023-05-10 -========== - -* :vytask:`T5209` ``(bug): dhclient load-balancing exit hook 04-dhcp-wanlb returned non-zero exit status`` -* :vytask:`T5065` ``(bug): Mixing `destination port xxx` and `destination group port-group yyy` in firewall rules doesn't work, but can be commited`` -* :vytask:`T5060` ``(feature): add a VRRP 'maintenance mode'`` - - -2023-05-09 -========== - -* :vytask:`T5202` ``(bug): After removal load-balancing a pid remained which used in dhclient-exit-hooks`` - - -2023-05-06 -========== - -* :vytask:`T5206` ``(bug): ethtool.py:Ethtool.__init__ has always true conditional due to typo`` - - -2023-05-05 -========== - -* :vytask:`T5082` ``(feature): container: switch to netavark network stack`` - - -2023-05-04 -========== - -* :vytask:`T5193` ``(feature): Ability to specify NS records to specify NS servers for subdomains`` -* :vytask:`T3891` ``(bug): X550-T2/Possibly other X550/X540 cards no link on VyOS`` -* :vytask:`T5010` ``(bug): bgp: EVPN route-target not honored`` -* :vytask:`T5196` ``(feature): wwan: op-mode should inform user if there is no WWAN interface`` - - -2023-05-03 -========== - -* :vytask:`T5163` ``(feature): Policy route-map add match source-protocol`` - - -2023-05-02 -========== - -* :vytask:`T5042` ``(bug): Command 'show vpn ipsec remote-access' does not work`` - - -2023-04-27 -========== - -* :vytask:`T5185` ``(bug): Static IPv6 route with blackhole fails`` -* :vytask:`T5175` ``(bug): http-api: error in MultiPart parser for FastAPI version >= 0.91.0`` -* :vytask:`T5183` ``(bug): IPv6 route6 problem`` -* :vytask:`T5181` ``(bug): Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd`` -* :vytask:`T5128` ``(feature): Policy route - Allow wildcard interfaces`` -* :vytask:`T5055` ``(feature): Firewall - Add packet type matcher (pkttype)`` -* :vytask:`T5050` ``(feature): Firewall - Add options for logging packets`` -* :vytask:`T5037` ``(feature): Firewall - Add queue action`` -* :vytask:`T5176` ``(bug): http-api: update vyos-http-api-tools for FastAPI security vulnerability`` -* :vytask:`T5174` ``(bug): vrf: ensure no duplicate VNIs can be created`` -* :vytask:`T5123` ``(default): Display route originator in show ospf table command`` - - -2023-04-25 -========== - -* :vytask:`T5179` ``(bug): multi nodes defined in XML are not properly represented as list in get_config_dict()`` - - -2023-04-17 -========== - -* :vytask:`T5052` ``(bug): Error displaying dhcpv6 prefix delegation leases`` -* :vytask:`T5150` ``(feature): Rework CLI definitions to apply route-maps between routing daemons and zebra/kernel`` -* :vytask:`T3734` ``(bug): Move EVPN VRF up in FRR config`` - - -2023-04-13 -========== - -* :vytask:`T5152` ``(bug): Telegraf agent hostname isn't qualified`` -* :vytask:`T4727` ``(feature): Add RADIUS rate limit support to PPTP server`` -* :vytask:`T4939` ``(bug): VRRP command no-preempt not work as expected`` -* :vytask:`T4791` ``(default): Consistent normalization of 'raw' output of op-mode scripts for CLI and API`` -* :vytask:`T3608` ``(default): Standardize warnings from configure scripts`` - - -2023-04-11 -========== - -* :vytask:`T4924` ``(bug): Systemctl strongswan.service for some reason is not disabled`` -* :vytask:`T4197` ``(bug): Vyos arm64-latest build issue with telegraf pkg`` -* :vytask:`T4051` ``(bug): Connected routes strange / not working`` - - -2023-04-10 -========== - -* :vytask:`T5151` ``(bug): EAP-TLS TLSv1.0/1.1 regression after T5003`` -* :vytask:`T5148` ``(bug): OpenVPN cannot start due to could not load plugin shared object /openvpn-otp.so`` -* :vytask:`T5110` ``(bug): Show frr op-mode vtysh_pam: Failed in account validation`` -* :vytask:`T5078` ``(feature): VyOS BGP does not support 'show bgp neighbors $NB filtered-routes'`` -* :vytask:`T5070` ``(feature): show bgp nexthop unavailable in VRF`` -* :vytask:`T5061` ``(bug): All containers restart on config change`` - - -2023-04-07 -========== - -* :vytask:`T5149` ``(bug): op-mode openvpn should not raise error in case interface is disabled`` - - -2023-04-06 -========== - -* :vytask:`T5147` ``(bug): Can't Commit with Container Network`` -* :vytask:`T5142` ``(feature): One of the requirements is to use a system auditing tool to monitor and log all security-relevant events.`` -* :vytask:`T5125` ``(feature): Add op-mode commands for hsflowd based sflow`` - - -2023-04-05 -========== - -* :vytask:`T5145` ``(feature): Add maxsyslogins maximum number of all logins on system`` -* :vytask:`T5135` ``(default): Rewrite opennhrp script using vyos.ipsec library`` -* :vytask:`T4975` ``(bug): CLI does not work after cutting off the power or reset`` -* :vytask:`T5136` ``(bug): Possible config corruption on upgrade`` - - -2023-04-04 -========== - -* :vytask:`T5141` ``(feature): Add numbers for dhclient-exit-hooks.d to enforce script order execution`` -* :vytask:`T5093` ``(bug): Command 'reset vpn ipsec-profile' doesn't work`` -* :vytask:`T4362` ``(bug): Wan Load Balancing - Can't create routing tables`` - - -2023-04-03 -========== - -* :vytask:`T5139` ``(feature): IKE life-time should start from 0 for disable rekey`` -* :vytask:`T4173` ``(bug): Wan Load Balancing - Error on firewall NAT rules`` - - -2023-04-02 -========== - -* :vytask:`T5134` ``(feature): Try if netavark networks can be moved to a VRF instance`` - - -2023-04-01 -========== - -* :vytask:`T5047` ``(bug): Recreate only a specific container`` -* :vytask:`T5132` ``(default): Operational command "show isis vrf XXX route | neighbord" aren't working`` - - -2023-03-31 -========== - -* :vytask:`T5129` ``(feature): Add AWS build flavour`` -* :vytask:`T5126` ``(feature): http-api: add 'allow-client' to restrict IP address of client connections`` - - -2023-03-30 -========== - -* :vytask:`T5130` ``(bug): op-mode: drop remaining reference to obsoleted 'show_interfaces.py'`` -* :vytask:`T4866` ``(feature): Rewrite show_interfaces to standardized form`` -* :vytask:`T366` ``(bug): SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only`` - - -2023-03-29 -========== - -* :vytask:`T5100` ``(feature): Update FRR to 8.5`` -* :vytask:`T5094` ``(bug): FRR systemd logs unknow key LimitNOFILESoft`` -* :vytask:`T5085` ``(bug): ospfv3 route-map not applied in FRR configuration`` -* :vytask:`T5056` ``(bug): IPoE server vlan-mon is not working`` -* :vytask:`T5033` ``(bug): generate-public-key command fails for address with multiple public keys like GitHub`` -* :vytask:`T4876` ``(bug): mpls - LSP broken on FRR 8.4.1`` -* :vytask:`T5097` ``(bug): the operational command "show interfaces ethernet ethx" doesn't reflect a call to 'clear counters'`` -* :vytask:`T5089` ``(enhancment): Add unit test of config_diff`` -* :vytask:`T5088` ``(enhancment): Add lexicographical-numeric compare function for vytree/configtree`` -* :vytask:`T5087` ``(enhancment): Add support for lexical ordering of nodes in config_tree`` -* :vytask:`T4885` ``(feature): Rewrite 'clear interfaces counters' from Perl to Python`` -* :vytask:`T4846` ``(bug): L3VPN- network command doesn't install direct connected prefix`` - - -2023-03-28 -========== - -* :vytask:`T5043` ``(feature): Need to create reset command for IKEv2 remote-access vpn connections`` - - -2023-03-27 -========== - -* :vytask:`T5099` ``(feature): IPoE server add option 'next-pool' for named ip pools`` -* :vytask:`T5106` ``(feature): Extend generation of API client requests to configsession native functions and composite requests`` -* :vytask:`T5104` ``(bug): DHCP default route issues with static routes in VRFs`` -* :vytask:`T5079` ``(feature): xml: schema extension to support defaultValues on tagNodes`` -* :vytask:`T5114` ``(feature): bgp: implement new CLI commands introduced in FRR 8.5`` - - -2023-03-23 -========== - -* :vytask:`T5108` ``(feature): Get rate limit for L2TP/PPTP/SSTP/IPoE in raw format`` -* :vytask:`T5086` ``(feature): Integrate hsflowd for sflow accounting`` -* :vytask:`T5107` ``(bug): Raise error in op-mode dns.py instead of calling exit`` - - -2023-03-22 -========== - -* :vytask:`T5068` ``(feature): Generate op-mode API client requests along with schema generation`` - - -2023-03-21 -========== - -* :vytask:`T5098` ``(feature): PPPoE client holdoff configuration`` -* :vytask:`T3694` ``(bug): Static routes not installed into kernel nor frr`` -* :vytask:`T5102` ``(feature): ospf: "redistribute babel" is always set`` - - -2023-03-20 -========== - -* :vytask:`T5057` ``(bug): IPoE server incorrect interface regex`` -* :vytask:`T5095` ``(feature): Return list instead of dict for 'raw' output of op-mode openvpn`` - - -2023-03-19 -========== - -* :vytask:`T4925` ``(feature): Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2`` - - -2023-03-17 -========== - -* :vytask:`T5092` ``(bug): IPoE-server named pool must not rely on the authentication type`` -* :vytask:`T5091` ``(bug): IPoE server with RADIUS authentication does not verify radius configuration`` - - -2023-03-16 -========== - -* :vytask:`T5073` ``(bug): IPoE-server interface option failed to parse`` -* :vytask:`T5063` ``(bug): IPoE-server ethX vlan must not be used with client-subnet`` -* :vytask:`T5058` ``(feature): Extend template filter range_to_regex`` -* :vytask:`T3083` ``(feature): Add feature event-handler`` -* :vytask:`T2516` ``(bug): vyos-container: cannot configure ethernet interface`` - - -2023-03-13 -========== - -* :vytask:`T5074` ``(bug): Show IPSEC SA failed if remote access IKEv2 vpn is used.`` -* :vytask:`T4973` ``(bug): show dhcp server leases error for lease time 4294967295`` - - -2023-03-11 -========== - -* :vytask:`T5076` ``(feature): CI/CD: Docker container is bloated by legacy and conflicting dependencies`` - - -2023-03-09 -========== - -* :vytask:`T5066` ``(bug): Different GRE tunnel but same tunnel keys error`` -* :vytask:`T4952` ``(feature): Improve interface completion helper CLI experience`` - - -2023-03-08 -========== - -* :vytask:`T4381` ``(default): OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command`` -* :vytask:`T4872` ``(bug): Op-mode show openvpn misses a case when parsing for tunnel IP`` - - -2023-03-07 -========== - -* :vytask:`T2838` ``(bug): Ethernet device names changing, multiple hw-id being added`` -* :vytask:`T5051` ``(feature): Use Literal types to provide op-mode CLI choices and API enums`` -* :vytask:`T4900` ``(default): Cache intermediary results of get_config_diff in Config instance`` - - -2023-03-05 -========== - -* :vytask:`T5040` ``(default): Generate API GraphQL schema on installation, rather than dynamically`` - - -2023-03-03 -========== - -* :vytask:`T4625` ``(enhancment): Update ocserv to current revision (1.1.6)`` - - -2023-03-02 -========== - -* :vytask:`T4967` ``(feature): Ability to set hostname for the container`` - - -2023-03-01 -========== - -* :vytask:`T5015` ``(bug): Invalid format character error at hfsc class settings help text`` - - -2023-02-28 -========== - -* :vytask:`T5029` ``(feature): Nginx change default root directory and fix regex`` -* :vytask:`T5025` ``(bug): Time-zone validation failed`` -* :vytask:`T4955` ``(bug): Openconnect radiusclient.conf generating with extra authserver`` -* :vytask:`T4843` ``(feature): Command-line arguments in container config`` -* :vytask:`T4219` ``(feature): support incoming-interface (iif) in local PBR`` -* :vytask:`T3903` ``(bug): Containers: after command "reboot" the host system will reboot after 1.5 minutes`` - - -2023-02-27 -========== - -* :vytask:`T5028` ``(feature): Add package exfatprogs to VyOS`` -* :vytask:`T4985` ``(bug): reset vpn ipsec-peer command with peer name does not work`` - - -2023-02-26 -========== - -* :vytask:`T4979` ``(feature): Add API request 'show_user_info' for UI`` - - -2023-02-25 -========== - -* :vytask:`T5008` ``(bug): MACsec CKN of 32 chars is not allowed in CLI, but works fine`` -* :vytask:`T5007` ``(bug): Interface multicast setting is invalid`` -* :vytask:`T5027` ``(bug): OpenVPN options and site-to-site cannot pass smoketest`` -* :vytask:`T4978` ``(bug): KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536`` -* :vytask:`T5034` ``(bug): Migrate multicast CLI node to valueLess`` -* :vytask:`T4948` ``(feature): pppoe: add CLI option to allow definition of host-uniq flag`` - - -2023-02-24 -========== - -* :vytask:`T5030` ``(bug): HTTPS-API delete key without id error`` - - -2023-02-23 -========== - -* :vytask:`T5013` ``(feature): Extend accelppp.py op-mode to get subnet start stop info from config`` -* :vytask:`T5002` ``(feature): Add uk (United Kingdom) keymap`` - - -2023-02-22 -========== - -* :vytask:`T5024` ``(bug): check-qemu-install VM is not shutdown the first time`` -* :vytask:`T5011` ``(bug): Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped`` - - -2023-02-21 -========== - -* :vytask:`T5021` ``(bug): IPsec SA is closed before negotiating a new one or it is negotiated on every second if big life-time is set in swanctl.conf`` -* :vytask:`T5020` ``(feature): Extend openvpn.py op-mode to get a list of configured clients`` - - -2023-02-20 -========== - -* :vytask:`T5005` ``(feature): Skip user authentication for PPPoE Server with noauth option`` - - -2023-02-16 -========== - -* :vytask:`T4971` ``(feature): Radius attribute "Framed-Pool" for PPPoE`` - - -2023-02-15 -========== - -* :vytask:`T4991` ``(bug): Restore path level information to compare output`` - - -2023-02-14 -========== - -* :vytask:`T4968` ``(bug): VPN IPsec check dpd and close action for empty values`` -* :vytask:`T1993` ``(feature): Extended pppoe rate-limiter`` - - -2023-02-13 -========== - -* :vytask:`T4905` ``(feature): Convert show nhrp tunnel to tabulate format`` -* :vytask:`T4153` ``(bug): Monitor bandwidth-test initiate not working`` - - -2023-02-12 -========== - -* :vytask:`T4998` ``(bug): pppoe username validation too restrictive (regression)`` - - -2023-02-11 -========== - -* :vytask:`T2603` ``(feature): pppoe-server: reduce min MTU`` - - -2023-02-10 -========== - -* :vytask:`T4857` ``(feature): SNMP - Implement FRR SNMP recommendations`` -* :vytask:`T4995` ``(feature): pppoe, wwan and sstp-client - rename user -> username on authentication`` - - -2023-02-07 -========== - -* :vytask:`T4980` ``(bug): chrony not listening as a server`` -* :vytask:`T4868` ``(bug): L2TP ppp-options ipv6 does not work without ipv6 pool but should`` -* :vytask:`T4117` ``(bug): Does not possible to configure PoD/CoA for L2TP vpn`` - - -2023-02-01 -========== - -* :vytask:`T4970` ``(default): pin OCaml pcre package to avoid JIT support`` - - -2023-01-31 -========== - -* :vytask:`T4964` ``(bug): FRR bgp address-family l2vpn-evpn route-target export/import not working`` -* :vytask:`T4780` ``(feature): Firewall - Add interface group`` -* :vytask:`T4157` ``(default): Add jinja2 to pip test requirements`` - - -2023-01-30 -========== - -* :vytask:`T4958` ``(feature): Add OpenConnect RADIUS Accounting support`` -* :vytask:`T4954` ``(bug): DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init`` -* :vytask:`T4118` ``(default): IPsec syntax overhaul`` - - -2023-01-29 -========== - -* :vytask:`T4965` ``(default): empty description in firewall group causes configuration error on migration`` - - -2023-01-28 -========== - -* :vytask:`T4961` ``(bug): Uncaught configtree error allows ntp migration 1-to-2 to fail silentlly on config.boot.default`` - - -2023-01-27 -========== - -* :vytask:`T4960` ``(bug): Bugs in `cc_vyos.py` code (Cloud-Init)`` - - -2023-01-26 -========== - -* :vytask:`T4886` ``(feature): Firewall and Policy - Add connection mark`` -* :vytask:`T4957` ``(bug): config-mgmt should not attempt to archive config at boot`` -* :vytask:`T4962` ``(bug): Fix typo in regex in vyos.config_mgmt compare function`` -* :vytask:`T4912` ``(default): Rewrite the IGMP op mode in the new style`` - - -2023-01-25 -========== - -* :vytask:`T4941` ``(bug): Accel-ppp IPoE incompatibility with kernel 6.1`` - - -2023-01-24 -========== - -* :vytask:`T4947` ``(feature): Support mounting container volumes as ro or rw`` - - -2023-01-23 -========== - -* :vytask:`T4798` ``(default): Migrate the file-exists validator away from Python`` -* :vytask:`T4683` ``(enhancment): Add kitty-terminfo package to build`` -* :vytask:`T4953` ``(bug): Remove convert_kwargs_to_snake_case decorator in dynamic generation of GraphQL resolvers`` -* :vytask:`T4875` ``(default): Replace Python validator 'interface-name' to avoid Python startup cost`` -* :vytask:`T4664` ``(bug): Add validation to reject whitespace in tag node value names`` - - -2023-01-22 -========== - -* :vytask:`T4906` ``(bug): ipsec connections shows only one connection as up`` - - -2023-01-21 -========== - -* :vytask:`T4799` ``(bug): PowerDNS >= 4.7 does not get reloaded by vyos-hostsd`` -* :vytask:`T4878` ``(bug): Any interface bonding changes cause interface flapping`` -* :vytask:`T4387` ``(default): Create additional smoketests for multiwan PBR & load-balanced configurations`` - - -2023-01-20 -========== - -* :vytask:`T4551` ``(bug): IPsec rekeying collisions bug`` -* :vytask:`T4942` ``(feature): Rewrite vyatta-config-mgmt to Python/XML`` - - -2023-01-17 -========== - -* :vytask:`T4938` ``(bug): Interface input ifb does not work`` -* :vytask:`T4902` ``(bug): snmpd: exclude container storage from monitoring`` -* :vytask:`T4140` ``(bug): Lack of SNMP IANA mibs`` - - -2023-01-15 -========== - -* :vytask:`T4832` ``(feature): dhcp: Add IPv6-only dhcp option support (RFC 8925)`` -* :vytask:`T4937` ``(feature): ocserv: upgrade package to version 1.1.6`` -* :vytask:`T4918` ``(bug): Odd show interface behavior`` -* :vytask:`T3008` ``(feature): Migrate from ntpd to chronyd`` - - -2023-01-13 -========== - -* :vytask:`T4911` ``(default): Rewrite the LLDP op mode in the new format`` -* :vytask:`T4928` ``(feature): Upgrade Linux Kernel to 6.1.y (2022 LTS edition)`` - - -2023-01-12 -========== - -* :vytask:`T4934` ``(bug): ospf: Fix inter-area route summarization`` -* :vytask:`T4929` ``(feature): Update Intel QAT drivers to 4.20.0-00001`` - - -2023-01-10 -========== - -* :vytask:`T4880` ``(feature): Expose 'add/delete container image' in HTTP-API`` - - -2023-01-09 -========== - -* :vytask:`T4922` ``(feature): Add ssh-client source-interface CLI option`` -* :vytask:`T4524` ``(bug): Squid webproxy not working properly`` - - -2023-01-08 -========== - -* :vytask:`T4920` ``(bug): ospf: Fix `passive-interface default` option`` - - -2023-01-07 -========== - -* :vytask:`T4884` ``(bug): Missing a community6 in snmpd config`` - - -2023-01-05 -========== - -* :vytask:`T4904` ``(feature): Allow multiple ports for high-availability virtual-server`` -* :vytask:`T4789` ``(feature): Ability to get L2TP/PPTP/SSTP sessions info in a machine readable format`` -* :vytask:`T3937` ``(default): Rewrite "show system memory" in Python to make it usable as a library function`` - - -2023-01-04 -========== - -* :vytask:`T4848` ``(bug): Minor bug in OpenConnect server with default route`` -* :vytask:`T4656` ``(feature): Support the listen-host config field of openconnect server`` - - -2023-01-03 -========== - -* :vytask:`T4907` ``(bug): nat source translations couldn't show metrics`` - - -2023-01-02 -========== - -* :vytask:`T4893` ``(feature): l2tp add ppp-options IPv6 interface identifier`` -* :vytask:`T4717` ``(feature): Connect to console server by name`` -* :vytask:`T725` ``(feature): Cake and FQ-PIE`` - - -2022-12-31 -========== - -* :vytask:`T4898` ``(feature): Add mtu config option for dummy interfaces`` - - -2022-12-30 -========== - -* :vytask:`T4834` ``(bug): Limit container network name to 15 characters`` -* :vytask:`T4901` ``(bug): Update Podman to v4.3.1`` -* :vytask:`T4899` ``(bug): Podman systemd services not being installed correctly`` - - -2022-12-28 -========== - -* :vytask:`T4593` ``(feature): Upgrade strongswan to 5.9.8`` - - -2022-12-26 -========== - -* :vytask:`T4511` ``(bug): IPv6 DNS lookup`` -* :vytask:`T4809` ``(feature): radvd: Allow use of AdvRASrcAddress`` - - -2022-12-25 -========== - -* :vytask:`T3579` ``(feature): Rewrite vyatta-conntrack in new XML and Python flavour`` - - -2022-12-24 -========== - -* :vytask:`T4890` ``(bug): show conntrack table ipv4 fail`` -* :vytask:`T4879` ``(bug): IPSec migration failed with missing remote-id`` -* :vytask:`T4870` ``(feature): Containers switch to using overlay driver for podman storage`` - - -2022-12-23 -========== - -* :vytask:`T4792` ``(feature): Add SSTP VPN client`` - - -2022-12-21 -========== - -* :vytask:`T4887` ``(bug): Schema generation from op-mode functions should set default 'false' on boolean arguments`` - - -2022-12-18 -========== - -* :vytask:`T4882` ``(bug): Missing ICMPv6 type names in firewall configuration`` - - -2022-12-15 -========== - -* :vytask:`T4671` ``(bug): linux-firmware package is missing symlinks defined in WHENCE file`` - - -2022-12-14 -========== - -* :vytask:`T4881` ``(bug): Return opmode.Error on openconnect.py show_sessions`` - - -2022-12-12 -========== - -* :vytask:`T4861` ``(feature): Openconnect restart on adding users - Aborts all active connections`` - - -2022-12-09 -========== - -* :vytask:`T4865` ``(bug): container impossible to generate local image from a file if it requires install some pkgs`` - - -2022-12-05 -========== - -* :vytask:`T4860` ``(bug): Openconnect server incorrect unconfigured check`` -* :vytask:`T4804` ``(bug): PPPoE server incorrect unconfigured check`` -* :vytask:`T4854` ``(feature): BGP-route reflector allows to apply route-maps`` - - -2022-12-04 -========== - -* :vytask:`T4825` ``(feature): interfaces veth/veth-pairs -standalone used`` -* :vytask:`T4805` ``(bug): PPPoE server does not restart service if pool was changed`` - - -2022-12-02 -========== - -* :vytask:`T4830` ``(bug): nat66 - Error in port translation rules`` -* :vytask:`T4859` ``(bug): Correct calling of config mode script dependencies from http-api.py`` -* :vytask:`T4820` ``(enhancment): Support for inter-config-mode script dependencies`` -* :vytask:`T4858` ``(bug): L3VPN- Route Distinguisher notations`` -* :vytask:`T1024` ``(feature): Policy Based Routing by DSCP`` - - -2022-12-01 -========== - -* :vytask:`T4841` ``(feature): add fan control`` -* :vytask:`T4847` ``(bug): Correct calling of config mode script dependencies from pki.py`` - - -2022-11-29 -========== - -* :vytask:`T4842` ``(bug): Routing config broken if mpls config exists`` -* :vytask:`T4845` ``(default): Add smoketest to detect cycles in config-mode script dependency calls`` - - -2022-11-27 -========== - -* :vytask:`T4739` ``(feature): ISIS and OSPF segment routing being refactored`` - - -2022-11-24 -========== - -* :vytask:`T4794` ``(bug): show firewall name <name> - Can't use .items() on a list`` -* :vytask:`T4714` ``(feature): Delete unused ipset from the filecaps`` -* :vytask:`T3541` ``(bug): Route Map large community set additive is missing`` - - -2022-11-23 -========== - -* :vytask:`T4836` ``(feature): Kernel: enable new features like switchdev, ESP in TCP and HSR`` -* :vytask:`T4835` ``(bug): SNMPD configuration incorrect for IPv6`` -* :vytask:`T4819` ``(feature): Allow printing Warning messages in multiple lines with \n`` -* :vytask:`T4807` ``(feature): Need to fix traceroute help completion`` -* :vytask:`T4660` ``(feature): Reorganize route map set community CLI`` -* :vytask:`T4526` ``(bug): keepalived-fifo.py unable to load config`` -* :vytask:`T4793` ``(feature): Create warning message about disable-route-autoinstall when ipsec vti is used`` -* :vytask:`T4492` ``(bug): Incorrect list of neighbors in help for "show bgp vrf VRF neighbors"`` -* :vytask:`T4496` ``(feature): ping vrf help does not list VRFs`` - - -2022-11-22 -========== - -* :vytask:`T4823` ``(bug): swanctl.conf is broken when ipsec site-to-site peer set.`` -* :vytask:`T4706` ``(bug): NAT and NAT66 issues`` -* :vytask:`T4670` ``(feature): policy route - Update matching criteria`` - - -2022-11-21 -========== - -* :vytask:`T4812` ``(feature): IPsec ability to show all configured connections`` -* :vytask:`T4829` ``(default): Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional`` - - -2022-11-20 -========== - -* :vytask:`T4827` ``(bug): route-map issues , not load configuration FRR`` - - -2022-11-19 -========== - -* :vytask:`T4826` ``(bug): Wrong key type is used for SSH SK public keys`` -* :vytask:`T4720` ``(feature): Ability to configure SSH HostKeyAlgorithms`` -* :vytask:`T4828` ``(default): Raise appropriate op-mode errors in ipsec.py 'reset_peer'`` - - -2022-11-18 -========== - -* :vytask:`T4821` ``(bug): Correct calling of config mode script dependencies from firewall.py`` - - -2022-11-17 -========== - -* :vytask:`T4750` ``(feature): Support of higher level SSH keys (sk-ssh-ed25519)`` - - -2022-11-15 -========== - -* :vytask:`T4808` ``(feature): Add details of configtree operations to migration log`` - - -2022-11-12 -========== - -* :vytask:`T4814` ``(bug): Regression in bundled powerdns version`` - - -2022-11-09 -========== - -* :vytask:`T4800` ``(bug): undefined var includes_chroot_dir in build-vyos-image`` - - -2022-11-08 -========== - -* :vytask:`T4771` ``(feature): Rewrite protocol BGP op-mode to vyos.opmode format`` -* :vytask:`T4806` ``(default): Update FRR to 8.4 in 1.4 version`` - - -2022-11-06 -========== - -* :vytask:`T4803` ``(bug): The header 'Authorization' needs to be explictly allowed in http-api CORS middleware`` - - -2022-11-05 -========== - -* :vytask:`T4802` ``(feature): Ability to define per container shared-memory size`` - - -2022-11-01 -========== - -* :vytask:`T4764` ``(bug): NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat`` -* :vytask:`T4177` ``(bug): Strip-private doesn't work for service monitoring`` - - -2022-10-31 -========== - -* :vytask:`T4786` ``(feature): Add package python3-pyhumps`` -* :vytask:`T1875` ``(feature): Add the ability to use network address as BGP neighbor (bgp listen range)`` -* :vytask:`T4785` ``(feature): snmp: Allow !, @, * and # in community name`` -* :vytask:`T4787` ``(feature): ipsec: add support for road-warrior/remote-access RADIUS timeout`` - - -2022-10-29 -========== - -* :vytask:`T4783` ``(default): Add support for stunnel`` -* :vytask:`T4784` ``(feature): Add description node for static route/route6 tagNodes`` - - -2022-10-28 -========== - -* :vytask:`T4291` ``(default): Consolidate component version read/write functions`` - - -2022-10-27 -========== - -* :vytask:`T4763` ``(feature): Change XML for Show nat destination statistics`` -* :vytask:`T4762` ``(bug): Show nat rules with empty rules incorrect error`` -* :vytask:`T4778` ``(bug): Raise error UnconfiguredSubsystem if op-mode ipsec.py fails initialization`` - - -2022-10-26 -========== - -* :vytask:`T4773` ``(default): Add camel_case to snake_case conversion utility`` - - -2022-10-25 -========== - -* :vytask:`T4574` ``(default): Add token based authentication to GraphQL API`` - - -2022-10-24 -========== - -* :vytask:`T4772` ``(default): Return list of dicts in 'raw' output of route.py instead of dict with redundant information`` - - -2022-10-23 -========== - -* :vytask:`T3723` ``(bug): op-mode IPSec show vpn ipsec sa output with underscores`` - - -2022-10-21 -========== - -* :vytask:`T4768` ``(default): Change name of api child node from 'gql' to 'graphql'`` - - -2022-10-18 -========== - -* :vytask:`T4684` ``(feature): Rewrite show ip route by protocol to vyos.opmode format`` -* :vytask:`T4533` ``(bug): Radius clients don’t have simple permissions`` -* :vytask:`T4753` ``(enhancment): Extend automatic generation of schema to query SystemStatus`` - - -2022-10-17 -========== - -* :vytask:`T4725` ``(bug): Unable to reset vpn IPsec peer`` - - -2022-10-14 -========== - -* :vytask:`T4672` ``(bug): RADIUS server disable does not work`` -* :vytask:`T4749` ``(enhancment): Use config_dict for conf_mode http-api.py`` - - -2022-10-13 -========== - -* :vytask:`T4746` ``(bug): Monitoring nft. table vyos_filter by default does not exist but telegraf checks this table`` -* :vytask:`T4744` ``(bug): BGP directly connected neighbors don't compatible with ebgp-multihop`` -* :vytask:`T4716` ``(feature): SSH ability to configure RekeyLimit`` -* :vytask:`T4343` ``(default): Expose powerdns network-timeout for service dns forwarding`` -* :vytask:`T4312` ``(bug): Telegraf configuration doesn't accept IPs for URL`` -* :vytask:`T4274` ``(default): Extend OpenConnect RADIUS Timeout to Permit 2FA Entry`` - - -2022-10-12 -========== - -* :vytask:`T4747` ``(bug): Monitoring influxdb template input exec plugin does not work`` -* :vytask:`T4740` ``(bug): Show conntrack table ipv6 fail`` -* :vytask:`T4730` ``(bug): Conntrack-sync error - listen-address is not the correct type in config as it should be`` - - -2022-10-11 -========== - -* :vytask:`T4742` ``(bug): Autocomplete in policy route rule x set table / does not show the tables created in the static protocols`` -* :vytask:`T4741` ``(bug): set firewall zone Local local-zone failed`` -* :vytask:`T4680` ``(bug): Telegraf prometheus-client listen-address invalid format`` - - -2022-10-10 -========== - -* :vytask:`T538` ``(feature): Support for network mapping in NAT`` - - -2022-10-09 -========== - -* :vytask:`T4738` ``(enhancment): Extend automatic generation of schema definition files to native configsession functions; use single resolver/directive`` - - -2022-10-08 -========== - -* :vytask:`T4707` ``(feature): Enable OSPF segment routing`` - - -2022-10-07 -========== - -* :vytask:`T4736` ``(bug): Error on JSON output of API query ShowConfig`` - - -2022-10-04 -========== - -* :vytask:`T4708` ``(bug): 'show nat destination rules' throwing an error`` -* :vytask:`T4700` ``(feature): Firewall - Add interface match criteria`` -* :vytask:`T4699` ``(feature): Firewall - Add jump action - Add return action`` -* :vytask:`T4651` ``(feature): Firewall - Add options to match packet size`` -* :vytask:`T4702` ``(bug): Wireguard peers configuration is not synchronized with CLI`` -* :vytask:`T4685` ``(bug): Interface does not exist on boot when used as inbound-interface for local policy route`` -* :vytask:`T4652` ``(feature): Upgrade PowerDNS recursor to 4.7 series`` -* :vytask:`T4582` ``(default): Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs`` - - -2022-09-29 -========== - -* :vytask:`T4715` ``(feature): Auto logout user after a period of inactivity`` -* :vytask:`T4697` ``(bug): policy route: Generating ConfigError failes when tcp flag is missing on set tcp-mss rule commit`` - - -2022-09-27 -========== - -* :vytask:`T4711` ``(feature): Ability to terminate user TTY and PTS sessions`` -* :vytask:`T4557` ``(feature): fastnetmon: allow configure limits per protocol (tcp, udp, icmp)`` - - -2022-09-21 -========== - -* :vytask:`T4678` ``(feature): Rewrite service ipoe-server to get_config_dict`` -* :vytask:`T4703` ``(feature): accel-ppp: combine vlan-id and vlan-range into single CLI node`` - - -2022-09-20 -========== - -* :vytask:`T4693` ``(bug): ISIS segment routing was broken...`` - - -2022-09-17 -========== - -* :vytask:`T4666` ``(bug): EAP-TLS no longer allows TLSv1.0 after T4537, T4584`` -* :vytask:`T4665` ``(bug): Keepalived cannot use same VRID for VRRPv2 and VRRPv3`` - - -2022-09-16 -========== - -* :vytask:`T4698` ``(enhancment): Drop validator name="range" and replace it with numeric`` -* :vytask:`T4695` ``(feature): Add 'es' and 'jp106' keymap option keyboard-layout`` -* :vytask:`T4669` ``(enhancment): Extend numeric.ml for inversion of values and range values`` - - -2022-09-15 -========== - -* :vytask:`T4679` ``(bug): OpenVPN site-to-site incorrect check for IPv6 local and remote address`` -* :vytask:`T4691` ``(feature): Upgrade Linux Kernel to latest 5.15.y train`` -* :vytask:`T4630` ``(bug): Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time`` -* :vytask:`T4696` ``(default): Extend bgp parameters for bgp bestpath peer-type multipath-relax`` - - -2022-09-12 -========== - -* :vytask:`T4617` ``(feature): VRF specification is needed for telegraf prometheus-client listen-address <address>`` -* :vytask:`T4690` ``(bug): Update GraphQL resolver for 'SystemStatus' following changes to 'show_uptime' op-mode script`` -* :vytask:`T4647` ``(feature): Add Google Virtual NIC (gVNIC) support`` -* :vytask:`T4170` ``(feature): Rename "policy ipv6-route" -> "policy route6"`` - - -2022-09-09 -========== - -* :vytask:`T4682` ``(feature): Rewrite 'show system storage' in standardized format`` -* :vytask:`T4681` ``(feature): Complete standardization of show_uptime.py`` - - -2022-09-06 -========== - -* :vytask:`T4640` ``(enhancment): Integrate op-mode exception hierarchy into API`` -* :vytask:`T4597` ``(bug): Check bind port before assign service HTTPS API and openconnect`` -* :vytask:`T4674` ``(bug): API should show op-mode error message, if present`` -* :vytask:`T4673` ``(bug): op-mode bridge.py should raise error on show_fdb for nonexistent bridge interface`` - - -2022-09-05 -========== - -* :vytask:`T4668` ``(bug): Adding/removing members from bond doesn't work/results in incorrect interface state`` -* :vytask:`T4663` ``(bug): Interface pseudo-ethernet does not change mode`` -* :vytask:`T4655` ``(bug): Firewall in 1.4 sets the default action 'accept' instead of 'drop'`` -* :vytask:`T4628` ``(bug): ConfigTree() throws ValueError() if tagNode contains whitespaces`` - - -2022-09-01 -========== - -* :vytask:`T4606` ``(bug): monitor nat destination translation shows missing script`` -* :vytask:`T4435` ``(bug): Policy route and firewall - error when using undefined group`` -* :vytask:`T4147` ``(bug): New Firewall Implementation - proposed changes on group implementation`` - - -2022-08-31 -========== - -* :vytask:`T4650` ``(feature): Rewire show nat translation to vyos.opmode format`` -* :vytask:`T4644` ``(bug): Check bind port before assign vpn sstp`` -* :vytask:`T4643` ``(bug): Smoketest exclude either sstp or openconnect from pki-misc default listen port`` -* :vytask:`T4569` ``(feature): Rewrite show bridge to new format`` -* :vytask:`T4547` ``(bug): Show vpn ipsec sa show unexpected prefix 'B' in packets`` -* :vytask:`T4367` ``(bug): NAT - Config tmp file not available`` - - -2022-08-29 -========== - -* :vytask:`T4645` ``(bug): show nat source statistics lack argument --family`` -* :vytask:`T4634` ``(bug): Bgp neighbor disable-connected-check does not work`` -* :vytask:`T4631` ``(feature): Add port and protocol to nat66`` -* :vytask:`T4623` ``(feature): Add show conntrack statistics`` -* :vytask:`T4595` ``(bug): DPD interval and timeout do not work in DMVPN`` -* :vytask:`T4594` ``(feature): Rewrite op-mode IPsec to vyos.opmode format`` -* :vytask:`T4508` ``(bug): Problem with values of the same environment in different event handlers`` -* :vytask:`T4653` ``(bug): Interface offload options are not applied correctly`` -* :vytask:`T4546` ``(bug): Does not connect Cisco spoke to VyOS hub.`` -* :vytask:`T4061` ``(default): Add util function to check for completion of boot config`` -* :vytask:`T4654` ``(bug): RPKI cache incorrect description`` -* :vytask:`T4572` ``(bug): Add an option to force interface MTU to the value received from DHCP`` - - -2022-08-26 -========== - -* :vytask:`T4642` ``(bug): proxy: hyphen not allowed in proxy URL`` - - -2022-08-25 -========== - -* :vytask:`T4626` ``(bug): Error showing nat66 source and destination`` -* :vytask:`T4622` ``(feature): Firewall allow drop packets by TCP MSS size`` - - -2022-08-24 -========== - -* :vytask:`T4641` ``(bug): prefix-list allows ipv6 prefix as input`` -* :vytask:`T4633` ``(feature): Change keepalived to v2.2.7`` - - -2022-08-23 -========== - -* :vytask:`T4618` ``(bug): Traffic policy not set on virtual interfaces`` -* :vytask:`T4538` ``(bug): Macsec does not work correctly when the interface status changes.`` - - -2022-08-22 -========== - -* :vytask:`T4089` ``(bug): Show nat destination rules shows ip address instead of interface 'any'`` -* :vytask:`T4632` ``(bug): VLAN-aware bridge not working`` -* :vytask:`T4637` ``(feature): Upgrade to podman 4.2.0`` - - -2022-08-20 -========== - -* :vytask:`T4596` ``(bug): "show openconnect-server sessions" command does not work in the openconnect module`` - - -2022-08-19 -========== - -* :vytask:`T4620` ``(bug): UPnP does not work due to incorrect template`` -* :vytask:`T4619` ``(bug): Static arp is not set if another entry is present`` -* :vytask:`T4611` ``(bug): UPnP rule IP should be a prefix instead of an address`` -* :vytask:`T4614` ``(feature): OpenConnect split-dns directive`` - - -2022-08-18 -========== - -* :vytask:`T4613` ``(bug): UPnP configuration without listen option fail`` -* :vytask:`T4570` ``(bug): Exception when trying to set up VXLAN over Wireguard`` - - -2022-08-17 -========== - -* :vytask:`T4598` ``(feature): nat66 - Add exclude options`` -* :vytask:`T4480` ``(default): add an ability to configure squid acl safe ports and acl ssl safe ports`` - - -2022-08-16 -========== - -* :vytask:`T4592` ``(bug): macsec: can not create two interfaces using the same source-interface`` -* :vytask:`T4584` ``(bug): hostap: create custom package build`` -* :vytask:`T4413` ``(default): Add an API endpoint with basic system stats`` -* :vytask:`T4537` ``(bug): MACsec not working with cipher gcm-aes-256`` - - -2022-08-15 -========== - -* :vytask:`T4609` ``(bug): Unable to Restart Container VyOS 1.4`` -* :vytask:`T4565` ``(bug): vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249`` -* :vytask:`T3988` ``(default): Feature Request: IPsec Multiple local/remote prefix for the tunnel`` -* :vytask:`T2763` ``(feature): New SNMP resource request - SNMP over TCP`` - - -2022-08-14 -========== - -* :vytask:`T4579` ``(bug): bridge: can not delete member interface CLI option when VLAN is enabled`` -* :vytask:`T4421` ``(default): Add support for floating point numbers in the numeric validator`` -* :vytask:`T3507` ``(bug): Bond with mode LACP show u/u in show interfaces even if peer is not configured`` - - -2022-08-12 -========== - -* :vytask:`T4603` ``(feature): Need a config option to specify NAS-IP-Address for vpn l2tp`` - - -2022-08-10 -========== - -* :vytask:`T4408` ``(feature): Add sshguard to protect against brut-forces`` - - -2022-08-08 -========== - -* :vytask:`T4586` ``(feature): Add to NAT66: SNAT destination address and DNAT source address.`` - - -2022-08-04 -========== - -* :vytask:`T4257` ``(feature): Discussion on changing BGP autonomous system number syntax`` - - -2022-08-02 -========== - -* :vytask:`T4585` ``(feature): Rewrite op-mode containers to vyos.opmode`` -* :vytask:`T4515` ``(default): Reduce telegraf binary size`` - - -2022-08-01 -========== - -* :vytask:`T4581` ``(bug): 'show system cpu' not working`` -* :vytask:`T4578` ``(feature): Rewrite show dns forwarding statistics to new format`` - - -2022-07-31 -========== - -* :vytask:`T4580` ``(bug): Handle the case of op-mode file names with hyphens in GraphQL schema/resolver generation`` - - -2022-07-30 -========== - -* :vytask:`T4575` ``(feature): vyos.utill add new wrapper "rc_cmd" to get the return code and output`` -* :vytask:`T4562` ``(feature): Rewrite show vrf to new format`` -* :vytask:`T4545` ``(feature): Rewrite show nat source rules`` -* :vytask:`T4543` ``(bug): Show source nat statistics shows incorrect interface`` -* :vytask:`T4503` ``(default): Prevent op mode scripts from restarting services if there's a commit in progress`` -* :vytask:`T4411` ``(feature): Add migration for service monitoring telegraf influxdb`` - - -2022-07-29 -========== - -* :vytask:`T4554` ``(enhancment): Implement GraphQL resolvers for standardized op-mode scripts`` -* :vytask:`T4518` ``(feature): Add XML for CLI conf mode load-balancing wan`` -* :vytask:`T4544` ``(enhancment): Generate schema definitions from standardized op-mode scripts`` - - -2022-07-28 -========== - -* :vytask:`T4531` ``(bug): NAT op-mode errors with exclude rules`` -* :vytask:`T3435` ``(bug): NAT rules show corruption`` - - -2022-07-27 -========== - -* :vytask:`T4571` ``(bug): Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces`` -* :vytask:`T4552` ``(bug): Unable to reset IPsec IPv6 peer`` - - -2022-07-26 -========== - -* :vytask:`T4568` ``(bug): show vpn debug peer doesn't work`` -* :vytask:`T4556` ``(feature): fastnetmon: Allow configure white_list_path and populate with hosts/networks that should be ignored.`` -* :vytask:`T4495` ``(feature): Combine BGP reset op commands`` - - -2022-07-25 -========== - -* :vytask:`T4567` ``(default): Merge experimental branch of GraphQL development`` -* :vytask:`T4560` ``(bug): VRF and BGP neighbor local-as error`` -* :vytask:`T4493` ``(bug): Incorrect help for "show bgp neighbors"`` -* :vytask:`T1233` ``(bug): ipsec vpn sa showing down`` - - -2022-07-22 -========== - -* :vytask:`T4145` ``(bug): Conntrack table not showing after firewall rewriting`` - - -2022-07-21 -========== - -* :vytask:`T4555` ``(feature): fastnetmon: add IPv6 support`` -* :vytask:`T4553` ``(default): Allow to set ban time on ddos-protection configuration`` - - -2022-07-20 -========== - -* :vytask:`T4056` ``(bug): Traffic policy not set in live configuration`` - - -2022-07-18 -========== - -* :vytask:`T4523` ``(feature): OP-mode Extend conntrack output to get marks, zones and directions`` -* :vytask:`T4228` ``(bug): bond: OS error thrown when two bonds use the same member`` -* :vytask:`T4539` ``(feature): qat: update Intel QuickAssist release version 1.7.L.4.16.0-00017`` -* :vytask:`T4534` ``(bug): bond: bridge: error out if member interface is assigned to a VRF instance`` -* :vytask:`T4525` ``(bug): Delete interface from VRF and add it to bonding error`` -* :vytask:`T4522` ``(feature): bond: add ability to specify mii monitor interval via CLI`` -* :vytask:`T4535` ``(feature): FRR: upgrade to stable/8.3 version`` -* :vytask:`T4521` ``(bug): bond: ARP monitor interval is not configured despite set via CLI`` -* :vytask:`T4540` ``(feature): firmware: update to Linux release 20220708`` - - -2022-07-17 -========== - -* :vytask:`T4028` ``(bug): FRR 8.1 routes not being applied to routing table after reboot if an interface has 2 ip addresses`` - - -2022-07-15 -========== - -* :vytask:`T4494` ``(bug): Cannot reset BGP peer within VRF`` -* :vytask:`T4536` ``(feature): FRR: move to systemd for daemon control`` - - -2022-07-14 -========== - -* :vytask:`T4491` ``(bug): Use empty string for internal name of root node of config_tree`` - - -2022-07-13 -========== - -* :vytask:`T1375` ``(feature): Add clear dhcp server lease function`` - - -2022-07-12 -========== - -* :vytask:`T4527` ``(bug): Prevent to create VRF name default`` -* :vytask:`T4084` ``(default): Dehardcode the default login banner`` -* :vytask:`T3948` ``(feature): IPSec VPN: Add a new option "none" for the connection-type`` -* :vytask:`T235` ``(feature): Ability to configure manual IP Rules`` - - -2022-07-10 -========== - -* :vytask:`T3836` ``(bug): Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway`` - - -2022-07-09 -========== - -* :vytask:`T4507` ``(feature): IPoE-server add multiplier option for shaper`` -* :vytask:`T4499` ``(bug): NAT source translation not showing a single output`` -* :vytask:`T4468` ``(bug): web-proxy source group cannot start with a number bug`` -* :vytask:`T4373` ``(feature): PPPoE-server add multiplier option for shaper`` -* :vytask:`T3353` ``(bug): PPPoE server wrong vlan-range generating config`` -* :vytask:`T3648` ``(bug): op-mode: nat rules broken`` -* :vytask:`T4517` ``(feature): ip: Add options to enable directed broadcast forwarding`` - - -2022-07-07 -========== - -* :vytask:`T4456` ``(bug): NTP client in VRF tries to bind to interfaces outside VRF, logs many messages`` -* :vytask:`T4509` ``(feature): Feature Request: DNS64`` - - -2022-07-06 -========== - -* :vytask:`T4513` ``(bug): Webproxy monitor commands do not work`` -* :vytask:`T4299` ``(feature): Firewall - GeoIP filtering`` - - -2022-07-05 -========== - -* :vytask:`T4378` ``(bug): Unable to submit wildcard ("*.example.com") A or AAAA records in dns forwarder`` -* :vytask:`T2683` ``(default): no dual stack in system static-host-mapping host-name`` -* :vytask:`T478` ``(feature): Firewall address group (multi and nesting)`` - - -2022-07-04 -========== - -* :vytask:`T4501` ``(bug): Syslog-identifier does not work in event handler`` -* :vytask:`T3600` ``(bug): DHCP Interface static route breaks PBR`` -* :vytask:`T4498` ``(feature): bridge: Add option to enable/disable IGMP/MLD snooping`` - - -2022-07-01 -========== - -* :vytask:`T2455` ``(bug): No support for the IPv6 VTI`` -* :vytask:`T4490` ``(feature): BGP- warning message that AFI/SAFI is needed to establish the neighborship`` -* :vytask:`T4489` ``(bug): MPLS sysctl not persistent for tunnel interfaces`` - - -2022-06-29 -========== - -* :vytask:`T4477` ``(feature): router-advert: support RDNSS lifetime option`` - - -2022-06-28 -========== - -* :vytask:`T4486` ``(bug): Container can't be deleted`` -* :vytask:`T4473` ``(bug): Use container network without network declaration error`` -* :vytask:`T4458` ``(feature): Firewall - add support for matching ip ttl in firewall rules`` -* :vytask:`T3907` ``(feature): Firewall - Set log levels`` - - -2022-06-27 -========== - -* :vytask:`T4484` ``(default): Firewall op-mode summary doesn't correctly handle address group containing ranges`` - - -2022-06-25 -========== - -* :vytask:`T4482` ``(bug): dhcp: toggle of "dhcp-options no-default-route" has no effect`` -* :vytask:`T4483` ``(feature): Upgrade fastnetmon to v1.2.2 community edition`` - - -2022-06-22 -========== - -* :vytask:`T1748` ``(feature): vbash: beautify tab completion output/line breaks`` - - -2022-06-20 -========== - -* :vytask:`T1856` ``(feature): Support configuring IPSec SA bytes`` - - -2022-06-18 -========== - -* :vytask:`T4467` ``(bug): Validator Does Not Accept Signed Numbers`` - - -2022-06-17 -========== - -* :vytask:`T4209` ``(bug): Firewall incorrect handler for recent count and time`` - - -2022-06-16 -========== - -* :vytask:`T4352` ``(bug): wan-load balance - priority traffic rule doesn't work`` - - -2022-06-15 -========== - -* :vytask:`T4450` ``(feature): Route-map - Extend options for ip|ipv6 address match`` -* :vytask:`T4449` ``(feature): Route-map - Extend options for ip next-hop match`` -* :vytask:`T990` ``(feature): Make DNAT/SNAT a valid state in firewall rules.`` - - -2022-06-12 -========== - -* :vytask:`T4420` ``(feature): Feature Request: ocserv: show configured 2FA OTP key`` -* :vytask:`T4380` ``(default): Feature Request: ocserv: 2FA OTP key generator in VyOS CLI`` - - -2022-06-10 -========== - -* :vytask:`T4365` ``(bug): NAT - Error on setting up tables`` -* :vytask:`T4465` ``(feature): node.def generation misses whitespace on multiple use of <path>`` - - -2022-06-09 -========== - -* :vytask:`T4444` ``(default): sstp: Feature request. Port number changing support`` -* :vytask:`T2580` ``(feature): Support for ip pools for ippoe`` - - -2022-06-08 -========== - -* :vytask:`T4447` ``(bug): DHCPv6 prefix delegation `sla-id` limited to 128`` - - -2022-05-31 -========== - -* :vytask:`T4212` ``(default): PermissionError when generating/installing server Certificate (generate pki certificate sign ...)`` -* :vytask:`T4199` ``(bug): Commit failed when setting icmpv6 type any`` -* :vytask:`T4148` ``(bug): Firewall - Error messages not that clear as it were in old firewall`` -* :vytask:`T3659` ``(bug): Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors`` - - -2022-05-30 -========== - -* :vytask:`T4315` ``(feature): Telegraf - Output to prometheus`` - - -2022-05-29 -========== - -* :vytask:`T2473` ``(feature): Xml for EIGRP [conf_mode]`` - - -2022-05-28 -========== - -* :vytask:`T4448` ``(feature): rip: add support for explicit version selection`` - - -2022-05-26 -========== - -* :vytask:`T4442` ``(feature): HTTP API add action "reset"`` - - -2022-05-25 -========== - -* :vytask:`T4410` ``(feature): Telegraf - Output to Splunk`` -* :vytask:`T4382` ``(bug): Replacing legacy loadFile exposes missing steps in migration scripts and other errors`` - - -2022-05-21 -========== - -* :vytask:`T4437` ``(bug): flow-accounting: support IPv6 flow collectors`` - - -2022-05-20 -========== - -* :vytask:`T4418` ``(feature): Telegraf - output Plugin azure-data-explorer`` - - -2022-05-19 -========== - -* :vytask:`T4434` ``(bug): DMVPN: cisco-authentication password length is 8 characters`` -* :vytask:`T3938` ``(default): Rewrite the uptime script in Python to allow using it as a library`` -* :vytask:`T4334` ``(default): Make the config lexer reentrant`` - - -2022-05-17 -========== - -* :vytask:`T4424` ``(bug): policy local-route6 shows ipv4 format`` - - -2022-05-16 -========== - -* :vytask:`T4377` ``(default): generate tech-support archive includes previous archives`` - - -2022-05-12 -========== - -* :vytask:`T4417` ``(bug): VRRP doesn't start with conntrack-sync`` -* :vytask:`T4100` ``(feature): Firewall increase maximum number of rules`` - - -2022-05-11 -========== - -* :vytask:`T4405` ``(bug): DHCP client sometimes ignores `no-default-route` option of an interface`` - - -2022-05-10 -========== - -* :vytask:`T4156` ``(default): Adding DHCP Option 13 (bootfile-size)`` -* :vytask:`T1972` ``(feature): Allow setting interface name for virtual_ipaddress in VRRP VRID`` - - -2022-05-07 -========== - -* :vytask:`T4361` ``(bug): `vyos.config.exists()` does not work for nodes with multiple values`` -* :vytask:`T4354` ``(bug): Slave interfaces fall out from bonding during configuration change`` -* :vytask:`T4419` ``(feature): vrf: support to disable IP forwarding within a given VRF`` - - -2022-05-06 -========== - -* :vytask:`T4385` ``(bug): bgp: peer-group member cannot override remote-as of peer-group`` - - -2022-05-05 -========== - -* :vytask:`T4414` ``(feature): Add route-map "as-path prepend last-as x" option`` - - -2022-05-03 -========== - -* :vytask:`T4395` ``(feature): Extend show vpn debug`` - - -2022-05-01 -========== - -* :vytask:`T4369` ``(bug): OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node`` -* :vytask:`T4363` ``(bug): salt-minion: default mine_interval option is not set`` -* :vytask:`T4353` ``(feature): Add Jinja2 linter to vyos-1x build process`` - - -2022-04-29 -========== - -* :vytask:`T4388` ``(bug): dhcp-server: missing constraint on tftp-server-name option`` -* :vytask:`T4366` ``(bug): geneve: interface is removed on changes to e.g. description`` - - -2022-04-28 -========== - -* :vytask:`T4400` ``(bug): Container OP mode has delete where show and update should be`` - - -2022-04-27 -========== - -* :vytask:`T4398` ``(bug): IPSec site-to-site generates unexpected passthrough option`` -* :vytask:`T4397` ``(feature): arp: migrate static ARP entry configuration to get_config_dict() and make it VRF aware`` -* :vytask:`T4357` ``(feature): Allow free-form setting of DHCPv6 server options`` - - -2022-04-26 -========== - -* :vytask:`T4210` ``(bug): NAT source/destination negated ports throws an error`` -* :vytask:`T4235` ``(default): Add config tree diff algorithm`` - - -2022-04-25 -========== - -* :vytask:`T4390` ``(feature): op-mode: extend "show log" and "monitor log" with additional daemons/subsystems to read journalctl logs`` -* :vytask:`T4391` ``(bug): PPPoE: IPv6 not working after system boot`` - - -2022-04-24 -========== - -* :vytask:`T4342` ``(bug): "show ip ospf neighbor address x.x.x.x" gives "unknown command" error`` - - -2022-04-23 -========== - -* :vytask:`T4386` ``(default): Applying limiter on traffic-policy "in" fails, incorrectly reports mirror or redirect policy in use`` - - -2022-04-22 -========== - -* :vytask:`T4389` ``(feature): dhcp: add vendor option support for Ubiquity Unifi controller`` - - -2022-04-21 -========== - -* :vytask:`T4384` ``(feature): pppoe: replace default-route CLI option with common CLI nodes already present for DHCP`` - - -2022-04-20 -========== - -* :vytask:`T4345` ``(bug): New firewall code does not accept "rate/time interval" syntax used in old config`` -* :vytask:`T4231` ``(feature): Feature Request: ocserv: 2FA (password+OTP) support in Openconnect`` - - -2022-04-19 -========== - -* :vytask:`T4379` ``(bug): PPPoE: default-route lost after applying additional static routes`` -* :vytask:`T4344` ``(bug): DHCP statistics not matching, conf-mode generates incorrect pool name with dash`` -* :vytask:`T4268` ``(bug): Elevated LA while using VyOS monitoring feature`` - - -2022-04-18 -========== - -* :vytask:`T4351` ``(bug): Openvpn conf-mode "openvpn-option" is not respected`` -* :vytask:`T4278` ``(default): vyos-vm-images: fix vagrant libvirt box`` -* :vytask:`T4368` ``(bug): bgp: AS specified for local as is the same as the remote as and this is not allowed.`` -* :vytask:`T4370` ``(feature): vxlan: geneve: support configuration of df bit option`` - - -2022-04-15 -========== - -* :vytask:`T4327` ``(default): Ethernet interface configuration fails on Hyper-V due to speed/duplex/autoneg ethtool command error`` -* :vytask:`T4364` ``(feature): salt-minion: Upgrade to 3004 and migrate to get_config_dict()`` - - -2022-04-13 -========== - -* :vytask:`T4333` ``(feature): Jinja2: add plugin to test if a variable is defined and not none to reduce template complexity`` - - -2022-04-08 -========== - -* :vytask:`T4331` ``(bug): IPv6 link local addresses are not configured when an interface is in a VRF`` -* :vytask:`T4347` ``(default): Return complete and consistent error codes from HTTP API`` -* :vytask:`T4339` ``(bug): wwan: tab-completion results in "No such file or directory" if there is no WWAN interface`` -* :vytask:`T4338` ``(bug): wwan: changing interface description should not trigger reconnect`` -* :vytask:`T4324` ``(bug): wwan: check alive script should only be run via cron if a wwan interface is configured at all`` - - -2022-04-07 -========== - -* :vytask:`T4330` ``(bug): MTU settings cannot be applied when IPv6 is disabled`` -* :vytask:`T4346` ``(feature): Deprecate "system ipv6 disable" option to disable address family within OS kernel`` -* :vytask:`T4319` ``(bug): The command "set system ipv6 disable" doesn't work as expected.`` -* :vytask:`T4341` ``(feature): login: disable user-account prior to deletion and wait until deletion is complete`` -* :vytask:`T4336` ``(feature): isis: add support for MD5 authentication password on a circuit`` - - -2022-04-06 -========== - -* :vytask:`T4308` ``(feature): Op-comm "Show log frr" to view specific protocol logs`` - - -2022-04-04 -========== - -* :vytask:`T4329` ``(bug): Bgp policy route-map bug with set several extcommunity rt`` - - -2022-04-02 -========== - -* :vytask:`T4335` ``(bug): open-vmdk fails to build under gcc-10.+`` - - -2022-04-01 -========== - -* :vytask:`T4332` ``(bug): bgp: deterministic-med cannot be disabled while addpath-tx-bestpath-per-AS is in use`` - - -2022-03-31 -========== - -* :vytask:`T4326` ``(feature): Add bgp option no-suppress-duplicates`` -* :vytask:`T4323` ``(default): ospf6d crashes on latest vyos nightly`` - - -2022-03-29 -========== - -* :vytask:`T3686` ``(bug): Bridging OpenVPN tap with no local-address breaks`` -* :vytask:`T3635` ``(default): Add ability to use mDNS repeater with VRRP`` - - -2022-03-26 -========== - -* :vytask:`T4321` ``(default): Allow BGP neighbors between different VIFs on the same VyOS`` - - -2022-03-24 -========== - -* :vytask:`T4301` ``(bug): The "arp-monitor" option in bonding interface settings does not work`` -* :vytask:`T4294` ``(bug): Adding a new openvpn-option does not restart the OpenVPN process`` -* :vytask:`T4290` ``(bug): BGP source-interface fails to commit`` -* :vytask:`T4230` ``(bug): OpenVPN server configuration deleted after reboot when using a VRRP virtual-address`` - - -2022-03-23 -========== - -* :vytask:`T4314` ``(bug): Latest 1.4 Rolling release config migration error`` - - -2022-03-21 -========== - -* :vytask:`T4304` ``(feature): [OSPF]import/export filter inter-area prefix`` - - -2022-03-20 -========== - -* :vytask:`T4298` ``(default): vyos-vm-images: fix ansible group name and remove obsolete empty command`` - - -2022-03-18 -========== - -* :vytask:`T4286` ``(bug): Fix for firewall ipv6 name address validator`` - - -2022-03-15 -========== - -* :vytask:`T4302` ``(feature): FRRouting upgrade to release 8.2.2`` -* :vytask:`T4293` ``(default): Add "set ip-next-hop unchanged" in route-map`` - - -2022-03-14 -========== - -* :vytask:`T4275` ``(default): Incorrect val_help for local/remote prefix in ipsec vpn`` - - -2022-03-12 -========== - -* :vytask:`T4296` ``(bug): Interface config injected by Cloud-Init may interfere with VyOS native`` -* :vytask:`T4265` ``(feature): Add op-mode for bgp flowspec state and routes`` - - -2022-03-11 -========== - -* :vytask:`T4297` ``(bug): Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings`` - - -2022-03-09 -========== - -* :vytask:`T3981` ``(feature): VRF support for flow-accounting`` - - -2022-03-05 -========== - -* :vytask:`T4259` ``(bug): The conntrackd daemon can be started wrongly`` - - -2022-03-03 -========== - -* :vytask:`T4283` ``(feature): Add support to "reject" routes - emit an ICMP unreachable when matched`` - - -2022-03-01 -========== - -* :vytask:`T4277` ``(feature): flow-accounting: support sending flow-data via VRF interface`` - - -2022-02-28 -========== - -* :vytask:`T4273` ``(bug): ssh: Upgrade from 1.2.X to 1.3.0 breaks config`` -* :vytask:`T4115` ``(bug): reboot in <x> not working as expected`` -* :vytask:`T3656` ``(bug): IPSec 1.4 : "show vpn ike sa" does not show the correct default ike version`` - - -2022-02-26 -========== - -* :vytask:`T4272` ``(feature): lldp: migrate Python script to use get_config_dict()`` - - -2022-02-24 -========== - -* :vytask:`T4267` ``(bug): Error - Missing required "ip key" parameter`` - - -2022-02-23 -========== - -* :vytask:`T4194` ``(bug): prefix-list no check for duplicate entries`` -* :vytask:`T4264` ``(bug): vxlan: interface is destroyed and rebuild on description change`` -* :vytask:`T4263` ``(bug): vyos.util.leaf_node_changed() dos not honor valueLess nodes`` - - -2022-02-21 -========== - -* :vytask:`T4120` ``(feature): [VXLAN] add ability to set multiple unicast-remotes`` - - -2022-02-20 -========== - -* :vytask:`T4254` ``(feature): VPN IPSec charon add options cisco_flexvpn and install_virtual_ip_on`` -* :vytask:`T4249` ``(feature): Add support for device mapping in containers`` -* :vytask:`T3617` ``(bug): IPSec 1.4 generate invalid configuration`` -* :vytask:`T4261` ``(feature): MACsec: add DHCP client support`` -* :vytask:`T4203` ``(bug): Reconfigure DHCP client interface causes brief outages`` - - -2022-02-19 -========== - -* :vytask:`T4258` ``(bug): [DHCP-SERVER] error parameter on Failover`` - - -2022-02-17 -========== - -* :vytask:`T4255` ``(bug): Unexpected print of dict bridge on delete`` -* :vytask:`T4240` ``(bug): Cannot add wlan0 to bridge via configure`` -* :vytask:`T4154` ``(bug): Error add second gre tunnel with the same source interface`` - - -2022-02-16 -========== - -* :vytask:`T4237` ``(bug): Conntrack-sync error - error adding listen-address command`` - - -2022-02-15 -========== - -* :vytask:`T4160` ``(bug): Firewall - Error in rules that matches everything except something`` -* :vytask:`T3006` ``(bug): Accel-PPP & vlan-mon config get invalid VLAN`` -* :vytask:`T3494` ``(bug): DHCPv6 leases traceback when PD using`` -* :vytask:`T1292` ``(bug): Issues while deleting all rules from a firewall`` - - -2022-02-13 -========== - -* :vytask:`T4242` ``(bug): ethernet speed/duplex can never be switched back to auto/auto`` -* :vytask:`T4191` ``(bug): Lost access to host after VRF re-creating`` - - -2022-02-11 -========== - -* :vytask:`T3872` ``(feature): Add configurable telegraf monitoring service`` - - -2022-02-08 -========== - -* :vytask:`T4227` ``(bug): Typo in help completion of hello-time option of bridge interface`` - - -2022-02-07 -========== - -* :vytask:`T4233` ``(bug): ssh: sync regex for allow/deny usernames to "system login"`` - - -2022-02-06 -========== - -* :vytask:`T4223` ``(bug): policy route cannot have several entries with the same table`` -* :vytask:`T4216` ``(bug): Firewall: can't use negated groups in firewall rules`` -* :vytask:`T4178` ``(bug): policy based routing tcp flags issue`` -* :vytask:`T4164` ``(bug): PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf``` -* :vytask:`T3970` ``(feature): Add support for op-mode PKI direct install into an active config session`` -* :vytask:`T3828` ``(bug): ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta`` - - -2022-02-05 -========== - -* :vytask:`T4226` ``(bug): VRRP transition-script does not work for groups name which contains -(minus) sign`` - - -2022-02-04 -========== - -* :vytask:`T4196` ``(bug): DHCP server client-prefix-length parameter results in non-functional leases`` - - -2022-02-03 -========== - -* :vytask:`T4218` ``(bug): firewall: rule name is not allowed to start with a number`` -* :vytask:`T3643` ``(bug): show vpn ipsec sa doesn't show tunnels in "down" state`` - - -2022-02-01 -========== - -* :vytask:`T4224` ``(bug): Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso)`` -* :vytask:`T4225` ``(bug): Performance degration with latest rolling release`` -* :vytask:`T4220` ``(bug): Commit broke dhclient 78b247b724f74bdabab0706aaa7f5b00e5809bc1`` -* :vytask:`T4138` ``(bug): NAT configuration allows to set incorrect port range and invalid port`` - - -2022-01-28 -========== - -* :vytask:`T4184` ``(bug): NTP allow-clients address doesn't work it allows to use ntp server for all addresses`` -* :vytask:`T4217` ``(bug): firewall: port-group requires protocol to be set - but not in VyOS 1.3`` - - -2022-01-27 -========== - -* :vytask:`T4213` ``(default): ipv6 policy routing not working anymore`` -* :vytask:`T4188` ``(bug): Firewall does not correctly handle conntracking`` -* :vytask:`T3762` ``(feature): Support network and address groups for policy ipv6-route`` -* :vytask:`T3560` ``(feature): Ability to create groups of MAC addresses`` -* :vytask:`T3495` ``(feature): Modernising port/protocol definitions`` - - -2022-01-25 -========== - -* :vytask:`T4205` ``(feature): Disable Debian Version in SSH (DebianBanner->no)`` -* :vytask:`T4131` ``(bug): Show firewall group incorrect format members`` - - -2022-01-24 -========== - -* :vytask:`T4204` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T1795` ``(default): Commit rollback by timeout`` - - -2022-01-23 -========== - -* :vytask:`T4186` ``(bug): Firewall icmp type - Offered options not supported`` -* :vytask:`T4181` ``(bug): Firewall ipv6-network-group - incorrect description on helper`` - - -2022-01-21 -========== - -* :vytask:`T4200` ``(bug): Assigning ipv6-name to interface is not generating nftables rules`` -* :vytask:`T4144` ``(bug): Firewall address-group - Improve error messages`` -* :vytask:`T4137` ``(bug): Firewall group configuration allows to set incorrect port range and invalid port`` -* :vytask:`T4133` ``(bug): Firewall network group error with zone-based firewall rules`` - - -2022-01-20 -========== - -* :vytask:`T4171` ``(bug): Interface config migration error on 1.2.8 -> 1.4 upgrade`` - - -2022-01-19 -========== - -* :vytask:`T4195` ``(feature): [OSPF-ECMP]enable set maximun-path`` - - -2022-01-18 -========== - -* :vytask:`T4159` ``(bug): Empty firewall group (address, network & port) generates invalid nftables config, commit fails`` -* :vytask:`T4155` ``(bug): PBR: `set table main` fails in `firewall.py` with newer rolling releases`` -* :vytask:`T3873` ``(feature): Zone based Firewall - Filter traffic in same zone`` -* :vytask:`T3286` ``(feature): Switch the firewall from iptables to nftables`` -* :vytask:`T292` ``(feature): [ZBF] Allow filtering intra zone traffic`` - - -2022-01-17 -========== - -* :vytask:`T3164` ``(bug): console-server ssh does not work with RADIUS PAM auth`` - - -2022-01-15 -========== - -* :vytask:`T4183` ``(feature): IPv6 link-local address not accepted as wireguard peer`` -* :vytask:`T4150` ``(bug): VRRP with conntrack-sync does not work`` -* :vytask:`T4110` ``(feature): [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0`` - - -2022-01-14 -========== - -* :vytask:`T4182` ``(bug): Show vrrp if vrrp not configured bug`` -* :vytask:`T4179` ``(feature): Add op-mode CLI for show high-availability virtual-server`` - - -2022-01-13 -========== - -* :vytask:`T4175` ``(bug): BGP configuration failed`` -* :vytask:`T4109` ``(feature): Extend high-availability/keepalived for support virtual-server lb`` - - -2022-01-12 -========== - -* :vytask:`T4174` ``(bug): Validation fails when entering port range with upper port 65535`` -* :vytask:`T4162` ``(bug): VPN ipsec ike-group - Incorrect value help for ikev2-reauth`` -* :vytask:`T4161` ``(bug): Policy route-map - Incorrect value help for local preference`` -* :vytask:`T4152` ``(bug): NHRP shortcut-target holding-time does not work`` - - -2022-01-11 -========== - -* :vytask:`T4149` ``(bug): [Firewall-IPV6] Error delete Fw rules on VIF/INT`` -* :vytask:`T3950` ``(bug): CLI backtrace on update if DNS not defined`` -* :vytask:`T4166` ``(bug): Debug output missing when frr.py called under vyos-configd`` - - -2022-01-10 -========== - -* :vytask:`T3299` ``(bug): Allow the web proxy service to listen on all IP addresses`` -* :vytask:`T3115` ``(feature): Add support for firewall on L3 VIF bridge interface`` - - -2022-01-09 -========== - -* :vytask:`T4142` ``(bug): Input ifbX interfaces not displayed in op-mode`` -* :vytask:`T3914` ``(bug): VRRP rfc3768-compatibility doesn't work with unicast peers`` - - -2022-01-08 -========== - -* :vytask:`T4116` ``(bug): Webproxy/Squid not working with IPv6 listen-address`` - - -2022-01-07 -========== - -* :vytask:`T3924` ``(bug): VRRP stops working with VRF`` - - -2022-01-06 -========== - -* :vytask:`T4135` ``(bug): Declare zone policy firewall without local zone errors`` -* :vytask:`T4130` ``(bug): Firewall state policy errors chain`` -* :vytask:`T4141` ``(bug): Set high-availability vrrp sync-group without members error`` - - -2022-01-04 -========== - -* :vytask:`T4134` ``(bug): Incorrect firewall protocol completion help uppercase and duplicates`` -* :vytask:`T4132` ``(bug): Impossible to show a specific firewall group`` - - -2022-01-03 -========== - -* :vytask:`T4126` ``(feature): Ability to set priority to site to site IPSec vpn tunnels`` -* :vytask:`T4052` ``(bug): Validator return traceback on VRRP configuration with the script path not in config dir`` -* :vytask:`T4128` ``(bug): keepalived: Upgrade package to add VRF support`` - - -2021-12-31 -========== - -* :vytask:`T4081` ``(bug): VRRP health-check script stops working when setting up a sync group`` - - -2021-12-30 -========== - -* :vytask:`T4124` ``(feature): snmp: migrate to get_config_dict()`` - - -2021-12-29 -========== - -* :vytask:`T4111` ``(bug): IPSec generates wrong configuration colons for IPv6 peers`` -* :vytask:`T4023` ``(feature): Add grepcidr or similar functionality`` -* :vytask:`T4086` ``(default): system login banner is not removed on deletion.`` - - -2021-12-28 -========== - -* :vytask:`T3380` ``(bug): "show vpn ike sa" does not display IPv6 peers`` - - -2021-12-27 -========== - -* :vytask:`T3979` ``(bug): vyos-hostd unable to hostfile-update`` -* :vytask:`T2566` ``(bug): sstp not able to run tunnels ipv6 only`` -* :vytask:`T4093` ``(bug): SNMPv3 snmpd.conf generation bug`` -* :vytask:`T2764` ``(enhancment): Increase maximum number of NAT rules`` - - -2021-12-26 -========== - -* :vytask:`T4104` ``(bug): RAID1: "add raid md0 member sda1" does not restore boot sector`` -* :vytask:`T4108` ``(default): OSPFv3: add support for auto-cost parameter`` -* :vytask:`T4107` ``(default): OSPFv3: add support for "default-information originate"`` - - -2021-12-25 -========== - -* :vytask:`T4101` ``(bug): commit-archive: Use of uninitialized value $source_address in concatenation`` -* :vytask:`T4099` ``(feature): flow-accounting: sync "source-ip" and "source-address" between netflow and sflow ion CLI`` -* :vytask:`T4097` ``(feature): flow-accounting: migrate implementation to get_config_dict()`` -* :vytask:`T4105` ``(feature): flow-accounting: drop "sflow agent-address auto"`` -* :vytask:`T4106` ``(feature): flow-accounting: support specification of capture packet lenght`` -* :vytask:`T4102` ``(feature): OSPFv3: add support for NSSA area-type`` -* :vytask:`T4055` ``(feature): Add VRF support for HTTP(S) API service`` - - -2021-12-24 -========== - -* :vytask:`T3854` ``(bug): Missing op-mode commands for conntrack-sync`` - - -2021-12-23 -========== - -* :vytask:`T3354` ``(default): Convert strip-private script from Perl to Python`` - - -2021-12-22 -========== - -* :vytask:`T3678` ``(bug): VyOS 1.4: Invalid error message while deleting ipsec vpn configuration`` -* :vytask:`T3356` ``(feature): Script for remote file transfers`` - - -2021-12-21 -========== - -* :vytask:`T4083` ``(bug): Cluster heartbeat doesn't start b.c lack of directory /run/heartbeat/`` -* :vytask:`T4070` ``(bug): NATv4 : inbound-interface type "any" is missing.`` -* :vytask:`T4053` ``(bug): VRRP impossible to set scripts out of the /config directory`` -* :vytask:`T3931` ``(bug): SSTP doesn't work after rewriting to PKI`` - - -2021-12-20 -========== - -* :vytask:`T4088` ``(default): Fix typo in login banner`` - - -2021-12-19 -========== - -* :vytask:`T3912` ``(default): Use a more informative default post-login banner`` - - -2021-12-17 -========== - -* :vytask:`T4059` ``(bug): VRRP sync-group transition script does not persist after reboot`` - - -2021-12-16 -========== - -* :vytask:`T4046` ``(feature): Sflow - Add Source address parameter`` -* :vytask:`T3556` ``(bug): Commit-archive via scp causes 100% CPU on boot`` -* :vytask:`T4076` ``(enhancment): Allow setting CORS options in HTTP API`` -* :vytask:`T4037` ``(default): HTTP transfers do not follow redirects`` -* :vytask:`T4029` ``(default): Broken SFTP uploads`` - - -2021-12-15 -========== - -* :vytask:`T4077` ``(bug): op-mode: bfd: drop "show protocols bfd" in favour of "show bfd"`` -* :vytask:`T4073` ``(bug): "show protocols bfd peer <>" shows incorrect peer information.`` - - -2021-12-14 -========== - -* :vytask:`T4071` ``(feature): Allow HTTP API to bind to unix domain socket`` - - -2021-12-12 -========== - -* :vytask:`T4069` ``(feature): BGP: add additional available parameters to VyOS CLI`` -* :vytask:`T4036` ``(bug): VXLAN incorrect raiseError if set multicast network instead of singe address`` - - -2021-12-10 -========== - -* :vytask:`T4068` ``(feature): Python: ConfigError should insert line breaks into the error message`` - - -2021-12-09 -========== - -* :vytask:`T4033` ``(bug): VRRP - Error security when setting scripts`` -* :vytask:`T4064` ``(bug): IP address for vif is not removed from the system when deleted in configuration`` -* :vytask:`T4060` ``(enhancment): Extend configquery for use before boot configuration is complete`` -* :vytask:`T4058` ``(bug): BFD: add BGP and OSPF "bfd profile" support`` -* :vytask:`T4054` ``(bug): BFD profiles configuration incorrect behavior.`` - - -2021-12-07 -========== - -* :vytask:`T4041` ``(servicerequest): "transition-script" doesn't work on "sync-group"`` - - -2021-12-06 -========== - -* :vytask:`T4012` ``(feature): Add VRF support for TFTP`` - - -2021-12-04 -========== - -* :vytask:`T4049` ``(feature): support command-style output with compare command`` -* :vytask:`T4047` ``(bug): Wrong regex validation in XML definitions`` -* :vytask:`T4042` ``(bug): BGP L2VPN / EVPN and RD type 0 set`` -* :vytask:`T4048` ``(bug): BGP: L2VPN/EVPN and individual RD and RT settings for each VNI`` -* :vytask:`T4045` ``(bug): Unable to "format disk <new> like <old>"`` -* :vytask:`T4044` ``(feature): BFD: add vrf support`` -* :vytask:`T4043` ``(feature): BFD: add support for passive mode`` - - -2021-12-02 -========== - -* :vytask:`T4035` ``(bug): Geneve interfaces aren't displayed by operational mode commands`` - - -2021-12-01 -========== - -* :vytask:`T3695` ``(bug): OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues`` - - -2021-11-30 -========== - -* :vytask:`T4010` ``(bug): DMVPN generates incorrect configuration life_time for swanctl.conf`` -* :vytask:`T3725` ``(feature): show configuration in json format`` - - -2021-11-29 -========== - -* :vytask:`T3946` ``(enhancment): Automatically resize the root partition if the drive has extra space`` - - -2021-11-28 -========== - -* :vytask:`T3999` ``(bug): show lldp neighbor Traceback error`` -* :vytask:`T3928` ``(feature): Add OSPFv3 VRF support`` - - -2021-11-27 -========== - -* :vytask:`T3755` ``(feature): ospf: adjust to new FRR 8 syntax where "no passive-interface " moved to interface section`` -* :vytask:`T3753` ``(feature): frr: upgrade to stable/8.1 release train`` - - -2021-11-26 -========== - -* :vytask:`T3978` ``(bug): containers add network without declaring prefix raise ConfigError`` - - -2021-11-25 -========== - -* :vytask:`T4006` ``(default): Add additional Linux capabilities to container configuration`` -* :vytask:`T3986` ``(bug): Incorrect description for vpn ipsec site-to-site authentication and connection`` - - -2021-11-24 -========== - -* :vytask:`T4015` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T3865` ``(bug): loadkey command help text missing escape sequence`` -* :vytask:`T1083` ``(feature): Implement persistent/random address and port mapping options for NAT rules`` - - -2021-11-23 -========== - -* :vytask:`T3990` ``(bug): WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)`` - - -2021-11-20 -========== - -* :vytask:`T3998` ``(bug): route-target completion incorrect description`` - - -2021-11-19 -========== - -* :vytask:`T4003` ``(bug): API for "show interfaces ethernet" does not include the interface description`` -* :vytask:`T4011` ``(bug): ethernet: deleting interface should place interface in admin down state`` - - -2021-11-18 -========== - -* :vytask:`T3612` ``(bug): IPoE Server address pool issues.`` -* :vytask:`T3995` ``(feature): OpenVPN: do not stop/start service on configuration change`` -* :vytask:`T4008` ``(feature): dhcp: change client retry interval form 300 -> 60 seconds`` -* :vytask:`T3795` ``(bug): WWAN: issues with non connected interface / no signal`` -* :vytask:`T3510` ``(bug): RADIUS usersname is not shown on CLI`` - - -2021-11-17 -========== - -* :vytask:`T3350` ``(bug): OpenVPN config file generation broken`` -* :vytask:`T3996` ``(bug): SNMP service error in log`` - - -2021-11-15 -========== - -* :vytask:`T3994` ``(bug): VRF: unable to delete vrf when name contains numbers, hyphen or underscore`` -* :vytask:`T3960` ``(bug): FRR Misconfig when using multiple VRF VNI`` -* :vytask:`T3724` ``(feature): Allow setting host-name in l2tp section of accel-ppp`` -* :vytask:`T645` ``(feature): Allow multiple prefixes in ipsec tunnel`` - - -2021-11-10 -========== - -* :vytask:`T3966` ``(default): OpenVPN fix the smoketests`` -* :vytask:`T3834` ``(default): [OPENVPN] Support for Two Factor Authentication totp.`` -* :vytask:`T3982` ``(bug): DHCP server commit fails if static-mapping contains + or .`` - - -2021-11-09 -========== - -* :vytask:`T3962` ``(bug): Image cannot be built without open-vm-tools`` - - -2021-11-07 -========== - -* :vytask:`T3626` ``(bug): Configuring and disabling DHCP Server`` - - -2021-11-06 -========== - -* :vytask:`T3514` ``(bug): NIC flap at any interface change`` - - -2021-11-05 -========== - -* :vytask:`T3972` ``(bug): Removing vif-c interface raises KeyError`` - - -2021-11-04 -========== - -* :vytask:`T3969` ``(bug): Container incorrect raiseError format if network doesn't exist`` -* :vytask:`T3662` ``(bug): Container configuration upgrade destroys system`` -* :vytask:`T3964` ``(bug): SSTP: local-user static-ip CLI node accepts invalid IPv4 addresses`` - - -2021-11-03 -========== - -* :vytask:`T3952` ``(default): Add sh bgp ipv4/ipv6 vpn command`` -* :vytask:`T3610` ``(bug): DHCP-Server creation for not primary IP address fails`` - - -2021-11-01 -========== - -* :vytask:`T3958` ``(default): OpenVPN breaks the smoketests`` -* :vytask:`T3956` ``(bug): GRE tunnel - unable to move from source-interface to source-address, commit error`` - - -2021-10-31 -========== - -* :vytask:`T3945` ``(feature): Add route-map for bgp aggregate-address`` -* :vytask:`T3954` ``(bug): FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error`` -* :vytask:`T3943` ``(bug): "netflow source-ip" prevents image upgrades if IP address does not exist locally`` - - -2021-10-29 -========== - -* :vytask:`T3942` ``(feature): Generate IPSec debug archive from op-mode`` - - -2021-10-28 -========== - -* :vytask:`T3951` ``(bug): After resetting vti ipsec tunnel old child SA still active`` -* :vytask:`T3941` ``(bug): "show vpn ipsec sa" shows established time of parent SA not child SA's`` -* :vytask:`T3916` ``(feature): Add additional Linux capabilities to container configuration`` - - -2021-10-27 -========== - -* :vytask:`T3944` ``(bug): VRRP fails over when adding new group to master`` - - -2021-10-22 -========== - -* :vytask:`T3897` ``(feature): Dynamic DNS doesn't work with IPv6 addresses`` -* :vytask:`T3832` ``(feature): Allow to set DHCP client-id in hexadecimal format`` -* :vytask:`T3188` ``(bug): Tunnel local-ip to dhcp-interface Change Fails to Update`` -* :vytask:`T3917` ``(default): Use Avahi as mDNS repeater for IPv6 support`` - - -2021-10-21 -========== - -* :vytask:`T3926` ``(bug): strip-private does not sanitize "cisco-authentication" from NHRP configuration`` -* :vytask:`T3925` ``(feature): Tunnel: dhcp-interface not implemented - use source-interface instead`` -* :vytask:`T3923` ``(feature): Kernel: Enable TLS/IPSec offload support for Mellanox ConnectX NICs`` -* :vytask:`T3927` ``(feature): Kernel: Enable kernel support for HW offload of the TLS protocol`` - - -2021-10-20 -========== - -* :vytask:`T3918` ``(bug): DHCPv6 prefix delegation incorrect verify error`` -* :vytask:`T3921` ``(bug): tunnel: KeyError when using dhcp-interface`` - - -2021-10-19 -========== - -* :vytask:`T3396` ``(bug): syslog can't be configured with an ipv6 literal destination in 1.2.x`` - - -2021-10-18 -========== - -* :vytask:`T3002` ``(default): VRRP change on IPSec interface causes packet routing issues`` - - -2021-10-17 -========== - -* :vytask:`T3786` ``(bug): GRE tunnel source address 0.0.0.0 error`` -* :vytask:`T3217` ``(default): Save FRR configuration on each commit`` -* :vytask:`T3381` ``(bug): Change GRE tunnel failed`` -* :vytask:`T3254` ``(bug): Dynamic DNS status shows incorrect last update time`` -* :vytask:`T1243` ``(bug): BGP local-as accept wrong values`` -* :vytask:`T697` ``(bug): Clean up and sanitize package dependencies`` -* :vytask:`T578` ``(feature): Support Linux Container`` - - -2021-10-16 -========== - -* :vytask:`T3879` ``(bug): GPG key verification fails when upgrading from a 1.3 beta version`` - - -2021-10-15 -========== - -* :vytask:`T3748` ``(bug): Container deletion bug`` -* :vytask:`T3693` ``(feature): ISIS Route redistribution ipv6 support missing`` -* :vytask:`T3676` ``(feature): Container option to add Linux capabilities`` -* :vytask:`T3613` ``(feature): Selectors for route-based IPsec tunnel (vti)`` -* :vytask:`T3692` ``(bug): VyOS build failing due to repo.saltstack.com`` -* :vytask:`T3673` ``(feature): BGP large-community del operation missing`` - - -2021-10-14 -========== - -* :vytask:`T3811` ``(bug): NAT (op_mode): NAT op_mode command fails.`` -* :vytask:`T3801` ``(feature): containers: do not use podman CLI to create container networks`` - - -2021-10-13 -========== - -* :vytask:`T3904` ``(bug): NTP pool associations silently fail`` -* :vytask:`T3277` ``(feature): DNS Forwarding - reverse zones`` - - -2021-10-12 -========== - -* :vytask:`T3216` ``(bug): Removal of restricted-shell broke configure mode for RADIUS users`` -* :vytask:`T3881` ``(bug): Wrong description for container section restart`` -* :vytask:`T3868` ``(bug): Regex and/or wildcard not accepted with large-community-list`` -* :vytask:`T3701` ``(bug): ipoe server fails to start when configuring radius dynamic-author on ipoe`` - - -2021-10-10 -========== - -* :vytask:`T3750` ``(bug): pdns-recursor 4.4 issue with dont-query and private DNS servers`` -* :vytask:`T3885` ``(default): dhcpv6-pd: randomly generated DUID is not persisted`` -* :vytask:`T3899` ``(enhancment): Add support for hd44780 LCD displays`` - - -2021-10-09 -========== - -* :vytask:`T3894` ``(bug): Tunnel Commit Failed if system does not have `eth0``` - - -2021-10-08 -========== - -* :vytask:`T3893` ``(bug): MGRE Tunnel commit crash If sit tunnel available`` - - -2021-10-05 -========== - -* :vytask:`T3741` ``(feature): [BGP] default no-ipv4-unicast - by default`` - - -2021-10-04 -========== - -* :vytask:`T3888` ``(bug): Incorrect warning when poweroff command executed from configure mode.`` -* :vytask:`T3890` ``(feature): dhcp(v6): provide op-mode commands to retrieve both server and client logfiles`` -* :vytask:`T3889` ``(feature): Migrate to journalctl when reading daemon logs`` - - -2021-10-03 -========== - -* :vytask:`T3880` ``(bug): EFI boot shows error on display`` - - -2021-10-02 -========== - -* :vytask:`T3882` ``(feature): Upgrade PowerDNs recursor to 4.5 series`` -* :vytask:`T3883` ``(bug): VRF - Delette vrf config on interface`` - - -2021-09-30 -========== - -* :vytask:`T3874` ``(bug): D-Link Ethernet Interface not working.`` -* :vytask:`T3869` ``(default): Rewrite vyatta_net_name/vyatta_interface_rescan in Python`` - - -2021-09-28 -========== - -* :vytask:`T3853` ``(default): nat66 rules gets deleted on reboot in 1.4-rolling-202109240217`` - - -2021-09-27 -========== - -* :vytask:`T3863` ``(default): nat66: commit fails/hangs on non existing interface`` - - -2021-09-26 -========== - -* :vytask:`T3860` ``(bug): Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses`` -* :vytask:`T3857` ``(feature): reboot: send wall message to all users for information`` -* :vytask:`T3867` ``(bug): vxlan: multicast group address is not validated`` -* :vytask:`T3859` ``(bug): Add "log-adjacency-changes" to ospfv3 process`` -* :vytask:`T3826` ``(bug): PKI: op-mode - do input validation when listing certificates`` - - -2021-09-25 -========== - -* :vytask:`T3657` ``(default): BGP neighbors ipv6 not able to establish with IPv6 link-local addresses`` - - -2021-09-23 -========== - -* :vytask:`T3850` ``(bug): Dots are no longer allowed in SSH public key names`` - - -2021-09-21 -========== - -* :vytask:`T3847` ``(feature): keepalived/vrrp: migrate to get_config_dict() - cleanup`` - - -2021-09-20 -========== - -* :vytask:`T3823` ``(bug): strip-private does not filter public IPv6 addresses`` - - -2021-09-19 -========== - -* :vytask:`T3841` ``(feature): dhcp-server: add ping-check option to CLI`` -* :vytask:`T2738` ``(bug): Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization`` -* :vytask:`T3840` ``(feature): dns forwarding: Cache size should allow values > 10k`` -* :vytask:`T3672` ``(bug): DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output`` - - -2021-09-18 -========== - -* :vytask:`T3831` ``(bug): External traffic stops routing when IPSEC tunnel comes up with interface vti0`` -* :vytask:`T1968` ``(default): Allow multiple static routes in dhcp-server`` -* :vytask:`T3838` ``(feature): dhcp-server - sync cli for name-servers to other subsystems`` -* :vytask:`T3839` ``(feature): dhcp-server: Allow configuration of a DNS server and domain name on the shared-network level`` - - -2021-09-17 -========== - -* :vytask:`T3830` ``(bug): ipsec: remote-id no longer included in IKE AUTH if not explicitly specified`` - - -2021-09-11 -========== - -* :vytask:`T3402` ``(feature): Add VyOS programming library for operational level commands`` - - -2021-09-10 -========== - -* :vytask:`T3802` ``(bug): Commit fails if ethernet interface doesn't support flow control`` -* :vytask:`T3819` ``(bug): Upgrade Salt Stack 3002.3 -> 3003 release train`` -* :vytask:`T915` ``(feature): MPLS Support`` - - -2021-09-09 -========== - -* :vytask:`T3812` ``(bug): Vyos and frr route-map config out of sync`` -* :vytask:`T3814` ``(bug): wireguard: commit error showing incorrect peer name from the configured name`` -* :vytask:`T3805` ``(bug): OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface`` -* :vytask:`T3815` ``(bug): pki : the file command 'generate pki wireguard key-pair file' is not working`` - - -2021-09-07 -========== - -* :vytask:`T1894` ``(bug): FRR config not loaded after daemons segfault or restart`` -* :vytask:`T3807` ``(bug): Op Command "show interfaces wireguard" does not show the output`` - - -2021-09-06 -========== - -* :vytask:`T3806` ``(bug): Don't set link local ipv6 address if MTU less then 1280`` -* :vytask:`T3803` ``(default): Add source-address option to the ping CLI`` -* :vytask:`T3431` ``(bug): Show version all bug`` -* :vytask:`T2920` ``(bug): Commit crash when adding the second mGRE tunnel with the same key`` - - -2021-09-05 -========== - -* :vytask:`T3804` ``(feature): cli: Migrate and merge "system name-servers-dhcp" into "system name-server"`` - - -2021-09-04 -========== - -* :vytask:`T3619` ``(bug): Performance Degradation 1.2 --> 1.3 | High ksoftirqd CPU usage`` - - -2021-09-03 -========== - -* :vytask:`T3788` ``(bug): Keys are not allowed with ipip and sit tunnels`` -* :vytask:`T3634` ``(feature): Add op command option for ping for do not fragment bit to be set`` -* :vytask:`T3798` ``(feature): bgp: add support for "neighbor <X> local-as replace-as" option`` - - -2021-09-02 -========== - -* :vytask:`T3792` ``(bug): login: A hypen present in a username from "system login user" is replaced by an underscore`` -* :vytask:`T3790` ``(bug): Does not possible to configure PPTP static ip-address to users`` -* :vytask:`T2947` ``(bug): Nat translation many-many with prefix does not map 1-1.`` - - -2021-08-31 -========== - -* :vytask:`T3789` ``(feature): Add custom validator for base64 encoded CLI data`` -* :vytask:`T3782` ``(default): Ingress Shaping with IFB No Longer Functional with 1.3`` - - -2021-08-30 -========== - -* :vytask:`T3768` ``(default): Remove early syntaxVersion implementation`` -* :vytask:`T2941` ``(default): Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py`` -* :vytask:`T3787` ``(bug): Remove deprecated UDP fragmentation offloading option`` - - -2021-08-29 -========== - -* :vytask:`T3708` ``(bug): isisd and gre-bridge commit error`` -* :vytask:`T3783` ``(bug): "set protocols isis spf-delay-ietf" is not working`` -* :vytask:`T2750` ``(default): Use m4 as a template processor`` - - -2021-08-28 -========== - -* :vytask:`T3743` ``(bug): l2tp doesn't work after reboot if outside-address not 0.0.0.0`` - - -2021-08-27 -========== - -* :vytask:`T3182` ``(bug): Main blocker Task for FRR 7.4/7.5 series update`` -* :vytask:`T3568` ``(feature): Add XML for firewall conf-mode`` -* :vytask:`T2108` ``(default): Use minisign/signify instead of GPG for release signing`` - - -2021-08-26 -========== - -* :vytask:`T3776` ``(default): Rename FRR daemon restart op-mode commands`` -* :vytask:`T3739` ``(feature): policy: route-map: add EVPN match support`` - - -2021-08-25 -========== - -* :vytask:`T3773` ``(bug): Delete the "show system integrity" command (to prepare for a re-implementation)`` -* :vytask:`T3775` ``(bug): Typo in generated Strongswan VPN-config`` - - -2021-08-24 -========== - -* :vytask:`T3772` ``(bug): VRRP virtual interfaces are not shown in show interfaces`` - - -2021-08-23 -========== - -* :vytask:`T3769` ``(feature): Containers: Network Bridging`` - - -2021-08-22 -========== - -* :vytask:`T3090` ``(feature): Move 'adjust-mss' firewall options to the interface section.`` -* :vytask:`T3765` ``(default): container: additional op-mode commands`` - - -2021-08-20 -========== - -* :vytask:`T1950` ``(default): Store VyOS configuration syntax version data in JSON file`` - - -2021-08-19 -========== - -* :vytask:`T3751` ``(bug): pki generate ca add new line after passphrase`` -* :vytask:`T3764` ``(bug): Unconfigurable IKE and ESP lifetime`` -* :vytask:`T3234` ``(bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions`` -* :vytask:`T3732` ``(feature): override-default helper should support adding defaultValues to default less nodes`` -* :vytask:`T3759` ``(default): [L3VPN] VPNv4/VPNv6 add commands`` - - -2021-08-18 -========== - -* :vytask:`T3752` ``(bug): generate pki certificate file xxx doesn't touch file`` - - -2021-08-16 -========== - -* :vytask:`T3738` ``(default): openvpn fails if server and authentication are configured`` -* :vytask:`T1594` ``(bug): l2tpv3 error on IPv6 local-ip`` - - -2021-08-15 -========== - -* :vytask:`T3756` ``(default): VyOS generates invalid QR code for wireguard clients`` -* :vytask:`T3757` ``(default): OSPF: add support to configure the area at an interface level`` - - -2021-08-14 -========== - -* :vytask:`T3745` ``(feature): op-mode IPSec show vpn ipse sa sorting`` - - -2021-08-13 -========== - -* :vytask:`T3749` ``(bug): V4/V6 Counters in network container validation aren't being reset`` -* :vytask:`T3728` ``(bug): FRR not respect configured RD and RT for L3VNI`` -* :vytask:`T3727` ``(bug): VPN IPsec ESP proposal and ESP presented in config missmatch`` -* :vytask:`T3740` ``(bug): HTTPs API breaks when the address is IPv6`` - - -2021-08-12 -========== - -* :vytask:`T3731` ``(bug): verify_accel_ppp_base_service return wrong config error for SSP`` -* :vytask:`T3405` ``(feature): PPPoE server unit-cache`` -* :vytask:`T2432` ``(default): dhcpd: Can't create new lease file: Permission denied`` -* :vytask:`T3746` ``(feature): Inform users logging into the system about a pending reboot`` -* :vytask:`T3744` ``(default): Dns forwarding statistics formatting missing a new line`` - - -2021-08-11 -========== - -* :vytask:`T3709` ``(feature): Snmp: Allow enable MIDs/OIDs ipCidrRouteTable`` - - -2021-08-09 -========== - -* :vytask:`T3720` ``(bug): IPSec set vti secondary address cause interface disable`` - - -2021-08-08 -========== - -* :vytask:`T3705` ``(bug): IPSec: VTI interface does not honor default-esp-group`` -* :vytask:`T2027` ``(bug): get_config_dict is failing when the configuration section is empty/missing`` - - -2021-08-05 -========== - -* :vytask:`T3719` ``(bug): Restart vpn shows some missed files`` - - -2021-08-04 -========== - -* :vytask:`T3704` ``(feature): Add ability to interact with Areca RAID adapers`` -* :vytask:`T3718` ``(bug): VPN IPsec IKE group by default not use DH-group 2`` - - -2021-08-02 -========== - -* :vytask:`T3601` ``(default): Error in ssh keys for vmware cloud-init if ssh keys is left empty.`` - - -2021-08-01 -========== - -* :vytask:`T3707` ``(bug): Ping incorrect ip host checks`` - - -2021-07-31 -========== - -* :vytask:`T3716` ``(feature): Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections`` - - -2021-07-30 -========== - -* :vytask:`T1176` ``(default): FRR - BGP replicating routes`` -* :vytask:`T1210` ``(feature): About IKEv2 IPSec VPN remote access`` - - -2021-07-23 -========== - -* :vytask:`T3699` ``(bug): login: verify selected "system login user" name is not already used by the base system.`` -* :vytask:`T3698` ``(default): Support bridge monitoring`` - - -2021-07-13 -========== - -* :vytask:`T3679` ``(default): Point the unexpected exception message link to the new rolling release location`` - - -2021-07-11 -========== - -* :vytask:`T3665` ``(bug): Missing VRF support for VxLAN but already documented`` - - -2021-07-10 -========== - -* :vytask:`T3636` ``(feature): SSTP / L2TP ipv6 support broken`` - - -2021-07-09 -========== - -* :vytask:`T3667` ``(bug): brctl is damaged`` - - -2021-07-06 -========== - -* :vytask:`T3660` ``(feature): Conntrack-Sync configuration command to specify destination udp port for peer`` - - -2021-07-03 -========== - -* :vytask:`T57` ``(enhancment): Make it possible to disable the entire IPsec peer`` - - -2021-07-01 -========== - -* :vytask:`T3658` ``(feature): Add support for dhcpdv6 fixed-prefix6`` -* :vytask:`T2035` ``(bug): Executing vyos-smoketest multiple times makes ssh test fail on execution`` - - -2021-06-29 -========== - -* :vytask:`T3593` ``(bug): PPPoE server called-sid format does not work`` -* :vytask:`T1441` ``(feature): Add support for IPSec XFRM interfaces`` - - -2021-06-25 -========== - -* :vytask:`T3641` ``(feature): Upgrade base system from Debian Buster -> Debian Bullseye`` -* :vytask:`T3649` ``(feature): Add bonding additional hash-policy`` - - -2021-06-23 -========== - -* :vytask:`T3647` ``(feature): Bullseye: gcc defaults to passing --as-needed to linker`` - - -2021-06-22 -========== - -* :vytask:`T3629` ``(bug): IPoE server shifting address in the range`` -* :vytask:`T3645` ``(feature): Bullseye: ethtool changed output for ring-buffer information`` - - -2021-06-21 -========== - -* :vytask:`T3563` ``(default): commit-archive breaks with IPv6 source addresses`` - - -2021-06-20 -========== - -* :vytask:`T3637` ``(bug): vrf: bind-to-all didn't work properly`` -* :vytask:`T3639` ``(default): GCC preprocessor clobbers C comments`` - - -2021-06-19 -========== - -* :vytask:`T3633` ``(feature): Add LRO offload for interface ethernet`` - - -2021-06-18 -========== - -* :vytask:`T3599` ``(default): Migrate NHRP to XML/Python`` - - -2021-06-17 -========== - -* :vytask:`T3624` ``(feature): BGP: add support for extended community bandwidth definition`` - - -2021-06-16 -========== - -* :vytask:`T3623` ``(default): Fix for dummy interface option in the operational command "clear interfaces dummy"`` -* :vytask:`T3630` ``(feature): op-mode: add "show version kernel" command`` - - -2021-06-13 -========== - -* :vytask:`T3620` ``(feature): Rename WWAN interface from wirelessmodem to wwan to use QMI interface`` -* :vytask:`T2173` ``(feature): Add the ability to use VRF on VTI interfaces`` -* :vytask:`T3622` ``(feature): WWAN: add support for APN authentication`` -* :vytask:`T3606` ``(bug): SNMP unknown notification OID`` -* :vytask:`T3621` ``(bug): PPPoE interface does not validate if password is supplied when username is set`` - - -2021-06-12 -========== - -* :vytask:`T3611` ``(bug): WWAN interface (MC7710) no longer works on Kernel 5.10`` -* :vytask:`T1534` ``(bug): IPSec w/ IKEv2 Invalid local-address "any"`` -* :vytask:`T3616` ``(bug): Update to FastAPI causes regression in vyos-http-api-server`` - - -2021-06-11 -========== - -* :vytask:`T3614` ``(bug): Container network name with hyphen fail`` - - -2021-06-10 -========== - -* :vytask:`T3250` ``(bug): PPPoE server: wrong local usernames`` -* :vytask:`T3138` ``(bug): ddclient improperly updated when apply rfc2136 config`` -* :vytask:`T2645` ``(default): Editing route-map action requires adding a new rule`` - - -2021-06-08 -========== - -* :vytask:`T3605` ``(default): Allow to set prefer-global for ipv6-next-hop`` -* :vytask:`T3607` ``(feature): [route-map] set ipv6 next-hop prefer-global`` -* :vytask:`T3289` ``(bug): No description for node "service" conf-mode`` - - -2021-06-07 -========== - -* :vytask:`T3461` ``(bug): OpenConnect Server redundancy check`` -* :vytask:`T3455` ``(bug): system users can not be added in "edit"`` -* :vytask:`T3588` ``(default): IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan`` - - -2021-06-06 -========== - -* :vytask:`T842` ``(feature): Adopt VyOS CLI to latest StrongSwan options and deprecated Keywords`` - - -2021-06-04 -========== - -* :vytask:`T3595` ``(default): Cannot create new VTI interface`` -* :vytask:`T3592` ``(feature): Set default TTL 64 for tunnels`` - - -2021-06-03 -========== - -* :vytask:`T3384` ``(feature): Support UDP bandwidth testing`` - - -2021-06-02 -========== - -* :vytask:`T3233` ``(bug): Interface redirect to dum0`` - - -2021-06-01 -========== - -* :vytask:`T3585` ``(default): Fix NHRP module for updated interfaces tunnel syntax`` -* :vytask:`T3594` ``(bug): Disable by default service strongswan-starter`` - - -2021-05-30 -========== - -* :vytask:`T3518` ``(bug): Warning messages when using SCP commit-archive`` -* :vytask:`T3093` ``(default): Add xml for vpn ipsec`` -* :vytask:`T1866` ``(bug): Commit archive over SFTP doesn't work with non-standard ports`` -* :vytask:`T3590` ``(feature): bgp: add option for limiting maximum number of prefixes to be sent to a peer`` -* :vytask:`T3589` ``(feature): op-mode: support clearing out logfiles from CLI`` -* :vytask:`T2641` ``(feature): Rewrite vpn ipsec OP commands in new style XML syntax`` -* :vytask:`T3351` ``(feature): Installer checking MD5 checksums on the ISO image`` - - -2021-05-29 -========== - -* :vytask:`T1944` ``(bug): FRR: Invalid route in BGP causes update storm, memory leak, and failure of Zebra`` -* :vytask:`T1888` ``(feature): Update to StrongSwan 5.9.1`` - - -2021-05-27 -========== - -* :vytask:`T3561` ``(feature): router-advert: support advertising specific routes`` -* :vytask:`T2669` ``(bug): DHCP-server overlapping ranges.`` - - -2021-05-26 -========== - -* :vytask:`T3540` ``(bug): Keepalived memory utilisation issue when constantly getting its state in JSON format`` - - -2021-05-24 -========== - -* :vytask:`T3575` ``(bug): pseudo-ethernet: must check source-interface MTU`` -* :vytask:`T3571` ``(bug): Broken Show Tab Complete`` -* :vytask:`T3555` ``(bug): GRE TAP tunnel does not silent fragment packets / kernel fix available`` -* :vytask:`T3576` ``(bug): ISIS does not support IPV6`` - - -2021-05-23 -========== - -* :vytask:`T3570` ``(default): Prevent setting of a larger MTU on child interfaces`` -* :vytask:`T3573` ``(bug): as-path-prepend Description Invalid`` -* :vytask:`T3572` ``(feature): Basic Drive Diagnostic Tools`` - - -2021-05-22 -========== - -* :vytask:`T3564` ``(default): Multiple BGP Confederation Peers Not Allowed`` - - -2021-05-21 -========== - -* :vytask:`T3551` ``(bug): QoS control failure of VLAN sub interface`` - - -2021-05-20 -========== - -* :vytask:`T3554` ``(feature): Add area-type stub for ospfv3`` -* :vytask:`T3565` ``(feature): sysctl: rewrite in XML and Python and drop from vyatta-cfg-system`` - - -2021-05-19 -========== - -* :vytask:`T3562` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T3559` ``(feature): Add restart op-command for OpenConnect Server`` - - -2021-05-18 -========== - -* :vytask:`T3525` ``(default): VMWare resume script syntax errors`` - - -2021-05-15 -========== - -* :vytask:`T3549` ``(bug): DHCPv6 "service dhcpv6-server global-parameters name-server" is not correctly exported to dhcpdv6.conf when multiple name-server entries are present`` -* :vytask:`T3532` ``(bug): Not possible to change ethertype after interface creation`` -* :vytask:`T3550` ``(bug): Router-advert completion typo`` -* :vytask:`T3547` ``(feature): conntrackd: remove deprecated config options`` -* :vytask:`T3535` ``(feature): Rewrite vyatta-conntrack-sync in new XML and Python flavor`` - - -2021-05-14 -========== - -* :vytask:`T3346` ``(bug): nat 4-to-5 migration script fails when a 'source' or 'destination' node exists but there are no rules`` -* :vytask:`T3248` ``(default): Deal with VRRP mode-force command that exists in 1.2 but not in 1.3`` -* :vytask:`T3426` ``(default): add support for script arguments to vyos-configd`` - - -2021-05-13 -========== - -* :vytask:`T3539` ``(bug): Typo in RPKI interface definition`` -* :vytask:`T439` ``(feature): local PBR support`` -* :vytask:`T3544` ``(feature): DHCP server should validate configuration before applying it`` -* :vytask:`T3543` ``(feature): Support for setting lacp_rate on LACP bonded interfaces`` - - -2021-05-12 -========== - -* :vytask:`T3302` ``(default): Make vyos-configd relay stdout from scripts to the user's console`` -* :vytask:`T3542` ``(bug): udev net.rules not installed in image since may 2nd`` - - -2021-05-10 -========== - -* :vytask:`T3374` ``(bug): IPv6 GRE Tunnel issues`` - - -2021-05-09 -========== - -* :vytask:`T3530` ``(bug): BGP peer-group can't contain a hyphen`` - - -2021-05-06 -========== - -* :vytask:`T3523` ``(bug): VRF BGP daemon route-map command missing`` -* :vytask:`T3519` ``(bug): Cannot add / assign L2TPv3 to vrf`` - - -2021-05-05 -========== - -* :vytask:`T3520` ``(bug): Cannot add tunnel interface to isis within vrf`` -* :vytask:`T3335` ``(bug): Some OSPFv3 show commands do not work`` - - -2021-05-04 -========== - -* :vytask:`T3504` ``(feature): BGP Per Peer Graceful Restart`` - - -2021-05-02 -========== - -* :vytask:`T3511` ``(bug): Update libnss-mapuser and libpam-radius packages from CUMULUS Linux`` - - -2021-05-01 -========== - -* :vytask:`T3379` ``(feature): Add global-parameters name-server for dhcpv6-server`` -* :vytask:`T3491` ``(default): Change Kernel HZ to 1000`` - - -2021-04-29 -========== - -* :vytask:`T3503` ``(bug): "route-reflector-client" fails when "remote-as" is "internal"`` -* :vytask:`T3502` ``(bug): "system ip multipath layer4-hashing" doesn't work`` - - -2021-04-28 -========== - -* :vytask:`T3473` ``(bug): IPSec op-mode show sa error`` - - -2021-04-27 -========== - -* :vytask:`T2946` ``(bug): Calling 'stty_size' causes show interfaces API to fail`` - - -2021-04-25 -========== - -* :vytask:`T3490` ``(bug): priority inversion on PBR "policy route" create, breaks default route from dhcp (live iso)`` -* :vytask:`T3468` ``(bug): Tunnel interfaces aren't suggested as being available for bridging (regression)`` -* :vytask:`T3497` ``(bug): Prefix list with rule containing only action is not detected as error during parse`` -* :vytask:`T3492` ``(bug): BGP Configuration Migration failed (badly!) from rolling 202102240218 to rolling 202104221210`` -* :vytask:`T1802` ``(feature): Wireguard QR code in cli for mobile devices`` - - -2021-04-24 -========== - -* :vytask:`T3472` ``(bug): commit-confirm script not found`` -* :vytask:`T3439` ``(bug): Commit-archive location not working for scp`` - - -2021-04-23 -========== - -* :vytask:`T3395` ``(bug): WAN load-balancing fails with nexthop dhcp`` -* :vytask:`T3290` ``(bug): Disabling GRE conntrack module fails`` - - -2021-04-20 -========== - -* :vytask:`T3488` ``(bug): Specifying an invalid "interface address" like dhcph leads to commit error`` - - -2021-04-18 -========== - -* :vytask:`T3481` ``(default): Exclude tag node values from key mangling`` -* :vytask:`T3475` ``(bug): XML dictionary cache unable to process syntaxVersion elements`` - - -2021-04-17 -========== - -* :vytask:`T3470` ``(bug): as-override isn't applied to frr`` - - -2021-04-15 -========== - -* :vytask:`T3386` ``(bug): PPPoE-server don't start with local authentication`` -* :vytask:`T3190` ``(feature): Unable to subtract value from local-preference in route-map`` - - -2021-04-14 -========== - -* :vytask:`T3398` ``(bug): Can't commit`` -* :vytask:`T3055` ``(bug): op-mode incorrect naming for ipsec policy-based tunnels`` - - -2021-04-13 -========== - -* :vytask:`T3436` ``(feature): Refactoring ospf op-mode for support vrf`` -* :vytask:`T3434` ``(feature): Refactoring bgp op-mode for support vrf`` - - -2021-04-12 -========== - -* :vytask:`T3454` ``(enhancment): dhclient reject option`` -* :vytask:`T3328` ``(bug): Bgp not possible to delete bgp route-map`` - - -2021-04-10 -========== - -* :vytask:`T3460` ``(bug): bgp, Configuration FRR failed while commiting code`` - - -2021-04-09 -========== - -* :vytask:`T3464` ``(bug): OSPF: route-map names containing a hypen are not "found"`` - - -2021-04-08 -========== - -* :vytask:`T3462` ``(default): show ipv6 bgp -- missing`` -* :vytask:`T3463` ``(bug): Prevent IPv4 Route exchange with IPv6 neighbors`` - - -2021-04-05 -========== - -* :vytask:`T3438` ``(bug): VRF: removing vif which belongs to a vrf, will delete the entire vrf from the operating system`` -* :vytask:`T3418` ``(bug): BGP: system wide known interface can not be used as neighbor`` - - -2021-04-04 -========== - -* :vytask:`T3457` ``(feature): Output the "monitor log" command in a colorful way`` - - -2021-03-31 -========== - -* :vytask:`T3445` ``(bug): vyos-1x build include not all nodes`` - - -2021-03-30 -========== - -* :vytask:`T3448` ``(bug): Loading vyos on a system without xdp installed fails`` - - -2021-03-29 -========== - -* :vytask:`T3415` ``(feature): bridge: add support for isolated interfaces (private-vlan)`` -* :vytask:`T1711` ``(feature): BGP - migrate from tagNode to node (remove ASN from tagNode)`` - - -2021-03-28 -========== - -* :vytask:`T3440` ``(bug): HTTP API: give uvicorn time to initialize before restarting Nginx proxy`` - - -2021-03-27 -========== - -* :vytask:`T3423` ``(bug): Cannot create ipv4 static route for default gateway in vrf`` - - -2021-03-26 -========== - -* :vytask:`T3412` ``(default): HTTP API: move to FastAPI as web framework`` -* :vytask:`T2397` ``(feature): HTTP API: export OpenAPI definition`` - - -2021-03-24 -========== - -* :vytask:`T3419` ``(bug): show interfaces | strip-private fails`` - - -2021-03-22 -========== - -* :vytask:`T3284` ``(bug): merge/load fail silently if unable to resolve host`` - - -2021-03-21 -========== - -* :vytask:`T3417` ``(default): ISIS: provide per VRF instance support`` -* :vytask:`T3416` ``(bug): NTP: when running inside a VRF op-mode commands do not work`` - - -2021-03-20 -========== - -* :vytask:`T3392` ``(bug): vrrp over dhcp default route bug (unexpected vrf)`` -* :vytask:`T3373` ``(feature): Upgrade to SaltStack version 3002.5`` -* :vytask:`T3329` ``(default): "system conntrack ignore" rules can no longer be created due to an iptables syntax change`` -* :vytask:`T3300` ``(feature): Add DHCP default route distance`` -* :vytask:`T3306` ``(feature): Extend set route-map aggregator as to 4 Bytes`` - - -2021-03-18 -========== - -* :vytask:`T3411` ``(default): Extend the redirect_stdout context manager in vyos-configd to redirect stdout from subprocesses`` -* :vytask:`T3271` ``(bug): qemu-kvm grub issue`` - - -2021-03-17 -========== - -* :vytask:`T3413` ``(bug): Configuring invalid IPv6 EUI64 address results in "OSError: illegal IP address string passed to inet_pton"`` - - -2021-03-14 -========== - -* :vytask:`T3345` ``(default): BGP: add per VRF instance support`` -* :vytask:`T3344` ``(default): Per VRF dynamic routing support`` -* :vytask:`T3325` ``(bug): Bgp listen-range wrong commit message`` -* :vytask:`T1513` ``(default): Move OSPF and RIP interface configuration under protocols`` - - -2021-03-13 -========== - -* :vytask:`T3406` ``(bug): tunnel: interface no longer supports specifying encaplimit none - or migrator is missing`` -* :vytask:`T3407` ``(bug): console-server: do not allow to spawn a console-server session on serial port used by "system console"`` - - -2021-03-11 -========== - -* :vytask:`T3305` ``(bug): Ingress qdisc does not work anymore in 1.3-rolling-202101 snapshot`` -* :vytask:`T2927` ``(bug): isc-dhcpd release and expiry events never execute`` - - -2021-03-09 -========== - -* :vytask:`T3382` ``(bug): Error creating Console Server`` - - -2021-03-08 -========== - -* :vytask:`T3387` ``(bug): Command "Monitor vpn ipsec" is not working`` - - -2021-03-07 -========== - -* :vytask:`T3388` ``(bug): show interfaces doesn't display pppoeX`` -* :vytask:`T3211` ``(feature): ability to redistribute ISIS into other routing protocols`` - - -2021-03-04 -========== - -* :vytask:`T3377` ``(bug): show interfaces throws error`` - - -2021-03-02 -========== - -* :vytask:`T3375` ``(bug): Interface becomes up at boot even when disabled`` - - -2021-02-28 -========== - -* :vytask:`T3370` ``(bug): dhcp: Invalid domain name "private"`` -* :vytask:`T3369` ``(feature): VXLAN: add IPv6 underlay support`` -* :vytask:`T3363` ``(bug): VyOS-Build interactive prompt when using Podman`` -* :vytask:`T3320` ``(bug): Bgp neighbor peer-group without peer-group fail`` - - -2021-02-27 -========== - -* :vytask:`T3365` ``(bug): Bgp neighbor interface ordering for remote-as`` -* :vytask:`T3225` ``(bug): Adding a BGP neighbor with an address on a local interface throws a vyos.frr.CommitError: Configuration FRR failed while committing code: ''`` -* :vytask:`T3368` ``(feature): macsec: add support for gcm-aes-256 cipher`` -* :vytask:`T3173` ``(feature): Need 'nopmtudisc' option for tunnel interface`` - - -2021-02-26 -========== - -* :vytask:`T3324` ``(bug): Bgp space in the password`` -* :vytask:`T3357` ``(default): HTTP-API redirect from http correct https port`` -* :vytask:`T3323` ``(bug): Bgp ttl-security and ebgp-multihop fail`` - - -2021-02-24 -========== - -* :vytask:`T3303` ``(feature): Change welcome message on boot`` - - -2021-02-22 -========== - -* :vytask:`T3322` ``(bug): Bgp neighbor timers not applyed to FRR config`` -* :vytask:`T3327` ``(bug): OSPFv3: Cannot add dummy interface`` - - -2021-02-21 -========== - -* :vytask:`T3331` ``(bug): Bgp unsuppress-map should be as "value leafNode"`` -* :vytask:`T3330` ``(bug): Bgp capability orf prefix-list fail`` -* :vytask:`T3163` ``(feature): ethernet ring-buffer can be set with an invalid value`` - - -2021-02-19 -========== - -* :vytask:`T3326` ``(bug): OSPFv3: Cannot add L2TPv3 interface`` -* :vytask:`T3332` ``(bug): BGP unnumbered - UnboundLocalError: local variable 'peer_group' referenced before assignment`` - - -2021-02-18 -========== - -* :vytask:`T3259` ``(default): many dnat rules makes the vyos http api crash, even showConfig op timeouts`` - - -2021-02-17 -========== - -* :vytask:`T3312` ``(feature): SolarFlare NICs support`` - - -2021-02-16 -========== - -* :vytask:`T3313` ``(bug): ospfv3 interface missing options`` -* :vytask:`T3318` ``(feature): Update Linux Kernel to v5.4.208 / 5.10.142`` - - -2021-02-15 -========== - -* :vytask:`T3311` ``(bug): BGP Error: Remote AS must be set for neighbor or peer-group`` - - -2021-02-14 -========== - -* :vytask:`T2848` ``(feature): bgp-add-path configuration options`` - - -2021-02-12 -========== - -* :vytask:`T3301` ``(bug): Wrong format and valueHelp for policy as-path-list regex`` - - -2021-02-11 -========== - -* :vytask:`T3281` ``(default): Rewrite protocol RIPng [conf-mode] to new XML/Python style`` -* :vytask:`T3282` ``(default): Add XML for [conf-mode] RIPng`` -* :vytask:`T3279` ``(default): Rewrite protocol STATIC [op-mode] to new XML/Python style`` -* :vytask:`T3297` ``(bug): Optimize irrelevant error stack hints`` - - -2021-02-08 -========== - -* :vytask:`T3295` ``(feature): Update Linux Kernel to v5.4.96 / 5.10.14`` - - -2021-02-05 -========== - -* :vytask:`T3030` ``(feature): Support ERSPAN Tunnel Protocol`` - - -2021-02-04 -========== - -* :vytask:`T3283` ``(feature): Support for IPv4 neigh tables`` -* :vytask:`T3280` ``(default): Add XML for [conf-mode] STATIC`` - - -2021-02-03 -========== - -* :vytask:`T3278` ``(feature): Add XML for "protocols vrf" [conf-mode]`` -* :vytask:`T3239` ``(default): XML: override 'defaultValue' for mtu of certain interfaces; remove workarounds`` -* :vytask:`T2910` ``(feature): XML: generator should support override of variables`` - - -2021-02-02 -========== - -* :vytask:`T3018` ``(bug): Unclear behaviour when configuring vif and vif-s interfaces`` -* :vytask:`T3255` ``(default): Rewrite protocol RPKI to new XML/Python style`` -* :vytask:`T3263` ``(feature): OSPF Hello subsecond timer`` - - -2021-01-31 -========== - -* :vytask:`T3276` ``(feature): Update Linux Kernel to v5.4.94 / 5.10.12`` - - -2021-01-30 -========== - -* :vytask:`T3240` ``(feature): Support per-interface DHCPv6 DUIDs`` -* :vytask:`T3273` ``(default): PPPoE static default-routes deleted on interface down when not added by interface up`` - - -2021-01-29 -========== - -* :vytask:`T3261` ``(bug): Does not possible to disable pppoe client interface.`` -* :vytask:`T3272` ``(default): OSPF: interface config is not removed`` - - -2021-01-27 -========== - -* :vytask:`T3257` ``(feature): tcpdump supporting complete protocol`` -* :vytask:`T3244` ``(default): Rewrite protocol OSPFv3 to new XML/Python style`` - - -2021-01-26 -========== - -* :vytask:`T3251` ``(bug): PPPoE client trying to authorize with the wrong username`` -* :vytask:`T3256` ``(default): Add XML for protocol RPKI [conf-mode]`` - - -2021-01-25 -========== - -* :vytask:`T3249` ``(feature): Support operation mode forwarding table output`` - - -2021-01-24 -========== - -* :vytask:`T3227` ``(bug): Latest releases don't work with RPKI (crash)`` -* :vytask:`T3230` ``(bug): RPKI can't be deleted`` -* :vytask:`T3221` ``(bug): FRR config`` -* :vytask:`T3245` ``(default): Add XML for protocol ospfv3 [conf-mode]`` - - -2021-01-23 -========== - -* :vytask:`T3236` ``(default): Add XML for [conf-mode] OSPF`` - - -2021-01-17 -========== - -* :vytask:`T3222` ``(bug): Typo in BGP dampening description`` -* :vytask:`T3226` ``(bug): Repair bridge smoke test damage`` - - -2021-01-16 -========== - -* :vytask:`T3215` ``(bug): Operational command "show ipv6 route" is broken`` -* :vytask:`T3157` ``(bug): salt-minion fails to start due to permission error accessing /root/.salt/minion.log`` -* :vytask:`T3137` ``(feature): Let VLAN aware bridge approach the behavior of professional equipment`` - - -2021-01-15 -========== - -* :vytask:`T3210` ``(feature): ISIS three-way-handshake`` -* :vytask:`T3184` ``(feature): Add correct desctiptions for BGP neighbors`` - - -2021-01-14 -========== - -* :vytask:`T3213` ``(bug): show interface command python error`` - - -2021-01-12 -========== - -* :vytask:`T3205` ``(bug): Does not possible to configure tunnel mode gre-bridge`` - - -2020-12-20 -========== +1.4.1 (future release) +====================== -* :vytask:`T3132` ``(feature): Enable egress flow accounting`` -2020-11-29 -========== +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI`` + +**New features and improvements** + + +* :vytask:`T5878` ``Make the list of SSH server ciphers configurable`` +* :vytask:`T5949` ``Disable USB autosuspend`` +* :vytask:`T6320` ``WiFi: Enable support for 6GHz AccesPoints`` +* :vytask:`T6423` ``Require command definition nodes that have an owner to also have a priority`` +* :vytask:`T6424` ``ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate`` +* :vytask:`T6454` ``Explicitly set the default reverse proxy mode to HTTP`` +* :vytask:`T6462` ``wireless: add op-mode command for hostapd and wpa_supplicant logs`` +* :vytask:`T6473` ``bgp: missing completion helper for peer-groups inside a VRF`` +* :vytask:`T6477` ``Adding Loki plugin to Telegraf`` +* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI`` +* :vytask:`T6538` ``Allow adding a geneve interface to the vrf.`` +* :vytask:`T6539` ``Add logging options to load-balancer reverse-proxy`` +* :vytask:`T6566` ``op-mode: "monitor bandwidth" add support for listing all interfaces concurrently`` +* :vytask:`T6576` ``op-mode: ntp: add support for NTP service restart via CLI`` +* :vytask:`T6614` ``Initial support for smoketesting op-mode commands`` + +**Bug fixes** + + +* :vytask:`T2145` ``openvpn: server default topology net30 is incompatible with static client IPs for Windows clients`` +* :vytask:`T4287` ``wireless: cannot set regulatory domain`` +* :vytask:`T5514` ``Improve error handling when/if config.boot is deleted or missing`` +* :vytask:`T5552` ``'set system option performance throughput' enables IPv6 forwarding even if it's explicitly disabled with 'set system ipv6 disable-forwarding'`` +* :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address`` +* :vytask:`T5947` ``[1.3.2 -> 1.4.0-RC1 Migration] Static ipv6 routes dropped`` +* :vytask:`T6148` ``Reset vpn ipsec command breaks tunnel and does not reset SAs that are down`` +* :vytask:`T6332` ``IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr`` +* :vytask:`T6401` ``Attempts to delete vlan-to-vni option causes an unhandled exception`` +* :vytask:`T6429` ``bug - isis metric-style not applied configuration`` +* :vytask:`T6431` ``monitor traceroute broken VRF support`` +* :vytask:`T6453` ``GRUB variables with `=` in a value are parsed improperly`` +* :vytask:`T6460` ``Showing DHCPv6 leases can fail due to DUID parsing issues`` +* :vytask:`T6463` ``reverse-proxy: service not reloaded when updating SSL certificate via PKI`` +* :vytask:`T6464` ``sstpc: interface not restarted when updating SSL certificate via PKI`` +* :vytask:`T6480` ``PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/..../cert.pem`` +* :vytask:`T6484` ``Smoketest fails: fastnetmon killed due to OOM`` +* :vytask:`T6503` ``Command 'restart ssh' not working`` +* :vytask:`T6519` ``interfaces: 20-to-21 -> migration fails if new system has less ethernet interfaces`` +* :vytask:`T6523` ``Error: "nft table ip vyos_filter not found" when commiting prometheus-client`` +* :vytask:`T6559` ``vyos-configd should return commit error on config dependency error`` +* :vytask:`T6584` ``Revert addition of Linux Kernel MT7921 driver`` +* :vytask:`T6593` ``Release DHCP interface does not work`` +* :vytask:`T6600` ``ospf: smoketest "router ospf' not found in" for ldp sync`` +* :vytask:`T6602` ``interfaces: verify supplied VRF name on all interface types`` +* :vytask:`T6603` ``vrf: nftables conntrack ct_iface_map contains multiple identical entries`` +* :vytask:`T6605` ```ConfigError()` behavior is wrong with running `vyos-configd``` +* :vytask:`T6610` ``Missing minisign pub key from image`` -* :vytask:`T2297` ``(feature): NTP add support for pool configuration`` +**Other resolved issues** + + +* :vytask:`T4026` ``PKI: generate pki certificate sign <ca-name> is not working`` +* :vytask:`T5570` ``PAM config RADIUS ignore for default and success`` +* :vytask:`T6290` ``SNMPD show logs systemstats_linux: unexpected header length`` +* :vytask:`T6379` ``"generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients`` +* :vytask:`T6446` ``Display the support URL from image build data in LTS builds`` +* :vytask:`T6486` ``Generate openvpn client-config ignores configured protocol type`` +* :vytask:`T6500` ``openconnect: add support for new multi ca-certificate CLI node`` +* :vytask:`T6524` ``Rewrite "release dhcp interface <interface>" to Python to drop remaining Perl dependencies`` +* :vytask:`T6592` ``Changing VRF on interface fails`` +* :vytask:`T6594` ``IPoE-server extended-scripts do not work`` +* :vytask:`T6597` ``wireless: hostapd occationly gets deactivated via systemd and causes loss in connectivity`` +* :vytask:`T6598` ``Unexpected podman version 4.3.1`` + +1.4.0 (4th June 2024) +===================== + + + + +**New features and improvements** + + +* :vytask:`T3202` ``Enable wireguard debug messages by default`` +* :vytask:`T4022` ``Add package nat-rtsp-dkms`` +* :vytask:`T4393` ``sstp: add support for configuring host-name (SNI)`` +* :vytask:`T5386` ``Execute VRRP transition script when `set high-availability disable` is commited`` +* :vytask:`T5752` ``Check compatibility of new image tools with XCP-NG images`` +* :vytask:`T6293` ``add Mediatek MT7921 to defconfig`` +* :vytask:`T6339` ``Display the flavor name and build comment in "show version"`` +* :vytask:`T6395` ``Enable VFIO No-IOMMU support in kernel config`` + +**Bug fixes** + + +* :vytask:`T4576` ``vpn l2tp logging level configuration`` +* :vytask:`T5527` ``Adjust for change in coreutils behavior on overlayfs`` +* :vytask:`T5939` ``[1.3.5 -> 1.4.0-RC1 Migration] as-path-list Entries Get Messed Up`` +* :vytask:`T5940` ``[1.3.5 -> 1.4.0-RC1 Migration] commit-archive Fails to Migrate`` +* :vytask:`T6038` ``Losing default route after first reboot (cloud-init & DHCP)`` +* :vytask:`T6094` ``Destination Nat not Making Firewall Rules`` +* :vytask:`T6225` ``Unhandled exception when configuring random-detect QoS policy`` +* :vytask:`T6348` ``SNAT op-mode fails with flowtable offload entries`` +* :vytask:`T6356` ``Correct the syntax of config.boot.default [..., 'ntp', 'server'] from leaf node with value to tag node`` +* :vytask:`T6365` ``Negating interface names in NAT configuration causes invalid warnings`` +* :vytask:`T6377` ``PermissionError on /config/auth/letsencrypt/live/ when running show pki`` +* :vytask:`T6400` ``pki: unable to generate fingerprint for ACME issued certificates`` +* :vytask:`T6402` ``Invalid variables referenced in reverse proxy validation`` +* :vytask:`T6404` ``Include constraintGroup element in reference tree`` +* :vytask:`T6407` ``Generate ipsec profile error`` +* :vytask:`T6419` ``reverse-proxy: full CA chain is not build when verifying backend server`` +* :vytask:`T6421` ``host-name has no explicit priority to be set on system boot`` + +**Other resolved issues** + + +* :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6`` +* :vytask:`T3493` ``DHCPv6 does not have prefix range validation`` +* :vytask:`T4519` ``DHCPv6: "set show dhcpv6 server leases" should show DUID instead of IAID_DUID`` +* :vytask:`T4909` ``Rewrite the NTP op mode in the new format`` +* :vytask:`T5351` ``VyOS deployed with cloud-init improperly saves config.boot`` +* :vytask:`T6022` ``set system image default-boot`` +* :vytask:`T6048` ``Exception in event handler script`` +* :vytask:`T6328` ``Add a warning message about deprecation of web proxy URL filtering`` +* :vytask:`T6333` ``non-free-firmware to trixie`` +* :vytask:`T6345` ``Source NAT Port Mapping setting of Fully-Random is superfluous in Kernels 5.0 onwards`` +* :vytask:`T6346` ``Boot to multi-user.target instead of graphical.target`` +* :vytask:`T6358` ``Container config option to enable host pid`` +* :vytask:`T6367` ``op-mode: commit-archive: TypeError: attribute name must be string, not 'NoneType'`` +* :vytask:`T6383` ``Incorrect completion for rollback-soft`` +* :vytask:`T6384` ``rollback-soft should tell the user to compare and commit`` +* :vytask:`T6391` ``load-balancing reverse-proxy: typo in timeout help`` +* :vytask:`T6396` ``MINOR Typo: set system conntrack timeout custom ipv4 rule X`` +* :vytask:`T6409` ``Remove unused parameter node from reverse-proxy backend`` + +1.4.0-epa3 (14th May 2024) +========================== + +**Security** + + +* :vytask:`T6324` ``CVE-2024-2961`` + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options`` +* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"`` +* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"`` +* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config`` +* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta`` + +**New features and improvements** + + +* :vytask:`T4309` ``Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore"`` +* :vytask:`T4903` ``Support IPv6 addresses in "set system conntrack ignore"`` +* :vytask:`T5364` ``Make it possible to set the PADO delay to 0`` +* :vytask:`T6127` ``Ability to view logs for rules with Offload not functional`` +* :vytask:`T6133` ``Add domain-name to commit-archive`` +* :vytask:`T6143` ``Increase configuration timeout range for service config-sync`` +* :vytask:`T6154` ``Installer should ask for password twice`` +* :vytask:`T6161` ``Add support for displaying container image data in JSON`` +* :vytask:`T6162` ``ixgbe: Add 1000BASE-BX support`` +* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"`` +* :vytask:`T6176` ``image-tools: rationalize setting of console type`` +* :vytask:`T6184` ``image-tools: add op-mode command to set default boot console type`` +* :vytask:`T6192` ``Support running SSH server in more than one VRF`` +* :vytask:`T6226` ``Add "tcp-requece inspect-delay" to reverse proxy`` +* :vytask:`T6257` ``Add op mode commands for dynamic firewall address groups`` +* :vytask:`T6258` ``Add IPv6 base-reachable-time option to interfaces`` +* :vytask:`T6260` ``image-tools: remove the image directory if it fails to install due to insufficient drive space`` +* :vytask:`T6267` ``Improve commit failure messages for wireless interface configuration`` +* :vytask:`T6278` ``Attempt hint for console type during image install`` +* :vytask:`T6291` ``Add op mode commands for displaying LACP information for bonding interfaces`` +* :vytask:`T6306` ``EVPN-MH - missing options in uplink ports`` + +**Bug fixes** + + +* :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` +* :vytask:`T3655` ``NAT doesn't work correctly with VRF`` +* :vytask:`T4718` ``DHCP server listen-address doesn't take effect if the interface is in a VRF`` +* :vytask:`T5164` ``op cmd: "show dhcp server leases state" with available options does not show any result`` +* :vytask:`T5862` ``Default MTU is not acceptable in some environments`` +* :vytask:`T5875` ``login: removing and re-adding a user keeps the home directory but changes the UID, thus SSH keys no longer work`` +* :vytask:`T5996` ``Incorrect behavior for backslash escapes in config save and compare commands`` +* :vytask:`T6082` ``BGP doesn't allow the same local AS and remote AS in peer groups`` +* :vytask:`T6085` ``VTI interfaces are in UP state by default`` +* :vytask:`T6089` ``[1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added`` +* :vytask:`T6090` ``Migration of "policy route" configs fails due to TCP flag case sensitivity`` +* :vytask:`T6100` ``NAT config migration error in 1.4.0-epa1 if invalid address/network defined in 1.3.6 version`` +* :vytask:`T6106` ``Improve the commit error message for the case when route-reflector-client option is defined in a peer-group`` +* :vytask:`T6119` ``Use a compliant TOML parser`` +* :vytask:`T6130` ``[1.3.6->1.4.0-epa2 Migration] BGP "set community" missing`` +* :vytask:`T6131` ``Disabling openvpn interface(s) causes OSPF to fail to load on reboot`` +* :vytask:`T6136` ``Configuring a dynamic address group, config script did not check whether the group was created`` +* :vytask:`T6138` ``Conntrack table op-mode fails with flowtable offload entries`` +* :vytask:`T6145` ``Service config-sync does not rely on priorities`` +* :vytask:`T6147` ``Conntrack not working as expected with global state-policy`` +* :vytask:`T6149` ``Update node_data when merging nodes in reference tree generation`` +* :vytask:`T6152` ``Kernel panic for ZimaBoard 232`` +* :vytask:`T6160` ``Unhandled exception when configuring IS-IS`` +* :vytask:`T6165` ``grub: vyos-grub-update failed to start on "slow" systems`` +* :vytask:`T6167` ``VNI not set on VRF after reboot`` +* :vytask:`T6168` ``"add system image" does not set the default boot image to the current console type in compatibility mode`` +* :vytask:`T6169` ``DNS forwarding configuration rejects underscores in SRV records`` +* :vytask:`T6173` ``Build Causes Errors When "--version" Contains Slashes ("/")`` +* :vytask:`T6175` ``op-mode: "renew dhcp interface <name>" does not check if it's an actual DHCP interface`` +* :vytask:`T6178` ``reverse-proxy doesn't check that a certificate exists at set time`` +* :vytask:`T6179` ``Incorrect HAProxy config generated for reverse-proxy rules with url-path`` +* :vytask:`T6186` ``'set system image default-boot' fails to find images that actually do exist in the system`` +* :vytask:`T6189` ``BGP L3VPN connectivity is broken after re-enabling VRF`` +* :vytask:`T6191` ``Policy route set-mss option is not working correctly`` +* :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` +* :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time`` +* :vytask:`T6197` ``Validation error in the IPoE server interface client-subnet option`` +* :vytask:`T6202` ``Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1`` +* :vytask:`T6205` ``ipoe: error in migration script logic while renaming mac-address to mac`` +* :vytask:`T6206` ``L2tp smoketest fails if vyos-configd is running`` +* :vytask:`T6207` ``image-tools: restore ability to copy config.boot.default on image install`` +* :vytask:`T6213` ``Validations in firewall groups mistakenly reject correct configurations`` +* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config`` +* :vytask:`T6218` ``Container network interface in VRF fails to generate IPv6 link-local address`` +* :vytask:`T6221` ``Enabling VRF breaks connectivity`` +* :vytask:`T6222` ``VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters`` +* :vytask:`T6241` ``Updating CRL in "pki" config does not update OpenVPN`` +* :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory`` +* :vytask:`T6250` ``"policy route-map set table" cannot be deleted from the rule`` +* :vytask:`T6252` ``GRE tunnels don't allow configuring MTU larger than 8024`` +* :vytask:`T6255` ``Static table description should not contain white-space`` +* :vytask:`T6263` ``Commit failures when trying to set an IGMP group with source address on an interface`` +* :vytask:`T6269` ``Polixy route "set table" option is not working correctly`` +* :vytask:`T6272` ``PPPoE configuration does not load after deleting a PPPoE interface from the system`` +* :vytask:`T6276` ``Do not call config dependencies on script error`` +* :vytask:`T6283` ``Cannot delete as-path prepend from policy when it contains more than one AS`` +* :vytask:`T6284` ``IPoE server op mode commands do not show IPv6 addresses`` +* :vytask:`T6299` ``Building VyOS (Dockerized) current ISO fails dues to unmet dependencies podman : Depends: libgpgme11t64 (>= 1.4.1) but it is not installable`` +* :vytask:`T6305` ``IPoE interface wildcard validation error in firewall rules`` +* :vytask:`T6307` ``procps is missing from vyos-1x build dependencies`` +* :vytask:`T6317` ``VLAN doesn't work on a bridge with a wireless interface member`` +* :vytask:`T6329` ``Firewall - Error while printing groups`` + +**Other resolved issues** + + +* :vytask:`T4516` ``Rewrite system image manipulation tools in Python`` +* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options`` +* :vytask:`T6146` ``Add python script to get all priorities of service or section from XML`` +* :vytask:`T6159` ``"show openvpn server" prints a superfluous "OpenVPN status on vtunx" message for every client connection`` +* :vytask:`T6180` ``Add application of mask to configtree`` +* :vytask:`T6185` ``Simplify marshalling of section and config data for config-sync`` +* :vytask:`T6187` ``Use correct CPU counts adjusted for SMT when necessary`` +* :vytask:`T6195` ``dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1`` +* :vytask:`T6198` ``configverify: add common helper for PKI certificate validation`` +* :vytask:`T6203` ``Remove references to the obsolete vyos.xml module (superseded by vyos.xml_ref)`` +* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"`` +* :vytask:`T6234` ``PPPoE-server pado-delay refactoring`` +* :vytask:`T6245` ``Unhandled exception in "show openvpn server"`` +* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta`` +* :vytask:`T6327` ``Drop boot console type ttyUSB (USB serial)`` +* :vytask:`T6330` ``release.pref.chroot indentation broken`` + +1.4.0-epa2 (15th March 2024) +============================ + + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping`` + +**New features and improvements** + + +* :vytask:`T4977` ``Babel routing protocol support`` +* :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP`` +* :vytask:`T5530` ``Add LFA to IS-IS`` +* :vytask:`T5631` ``Ability to export the current configuration in JSON format`` +* :vytask:`T5717` ``ospfv3 - add allow to set metric-type to ospf redistribution while frr docs says its possible.`` +* :vytask:`T5772` ``Require HTTPS API server configurations to include at least one key if key-based auth is used`` +* :vytask:`T5781` ``Add ability to add additional minisign keys`` +* :vytask:`T6057` ``Add ability to disable syslog for conntrackd`` +* :vytask:`T6060` ``op-mode: container: support removing all container images at once`` +* :vytask:`T6087` ``ospfv3: add support to redistribute IS-IS routes`` + +**Bug fixes** + + +* :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work`` +* :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service`` +* :vytask:`T5121` ``Incorrect "architecture" config loaded`` +* :vytask:`T5646` ``QoS policy limiter broken if class without match`` +* :vytask:`T5909` ``Container registry with authentication prevents config load (section container) after reboot`` +* :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading`` +* :vytask:`T6020` ``VRRP health-check script is not applied correctly in keepalived.conf`` +* :vytask:`T6054` ``load-balancing wan - doesn't configure a list of ports`` +* :vytask:`T6055` ``PKI error: "failed to install x value" when executed the command from conf mode`` +* :vytask:`T6061` ``connection-status nat destination firewall filter not working in 1.4.0-epa1`` +* :vytask:`T6069` ``HTTP API segfault during concurrent configuration requests`` +* :vytask:`T6070` ``bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading`` +* :vytask:`T6073` ``Conntrack/NAT not being disabled when VRFs are defined`` +* :vytask:`T6074` ``container: do not allow deleting images which have a container running`` +* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping`` +* :vytask:`T6081` ``QoS policy shaper target and interval wrong calcuations`` +* :vytask:`T6084` ``OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration`` +* :vytask:`T6086` ``NAT does not work with network-groups`` +* :vytask:`T6093` ``Incorrect dhcp-options vendor-class-id regex`` +* :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` +* :vytask:`T6098` ``Description doesnt seem to allow for non international characters`` +* :vytask:`T6104` ``Regression in commit-archive for non-interactive configuration`` +* :vytask:`T6107` ``Nginx does not allow big config queries for configure endpoint API`` +* :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure`` + +**Other resolved issues** + + +* :vytask:`T2199` ``Rewrite firewall in new XML/Python style`` +* :vytask:`T5738` ``Extend XML building blocks`` +* :vytask:`T5870` ``ipsec remote access VPN: add x509 ("pubkey") authentication`` +* :vytask:`T5959` ``Streamline dns forwarding service`` +* :vytask:`T6071` ``firewall: CLI description limit of 256 characters cause config upgrade issues`` +* :vytask:`T6075` ``Applying firewall rules with a non-existent interface group`` +* :vytask:`T6077` ``banner: implement ASCII contest winner default logo`` +* :vytask:`T6083` ``ethtool: move string parsing to JSON parsing`` +* :vytask:`T6095` ``Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"`` +* :vytask:`T6214` ``Error when using some constraints`` + +1.4.0-epa1 (22th February 2024) +=============================== + +**Security** + + +* :vytask:`T4915` ``Minisign verification failure == pass??`` + +**Breaking changes** + + +* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs`` + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T1991` ``Rework time services`` +* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest`` + +**New features and improvements** + + +* :vytask:`T160` ``Support NAT64`` +* :vytask:`T1991` ``Rework time services`` +* :vytask:`T4221` ``Add a template filter for converting scalars to single-item lists`` +* :vytask:`T4883` ``Add a description field for routing tables`` +* :vytask:`T4940` ``Interface debugging`` +* :vytask:`T5122` ``Move "archive-areas" to defaults.toml to support "non-free-firmware" repository`` +* :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools`` +* :vytask:`T5449` ``Add options for TCP MSS probing`` +* :vytask:`T5497` ``Add ability to resequence rule numbers for firewall`` +* :vytask:`T5615` ``Narrow down spurious name conflict with mdns`` +* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest`` +* :vytask:`T5965` ``WWAN modems using raw-ip do not work with dhclient/dhcp6c`` +* :vytask:`T5972` ``login: add possibility to disable individual local user accounts`` + +**Bug fixes** + + +* :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` +* :vytask:`T2700` ``Redirecting traffic from PPPoE interface to IFB fails`` +* :vytask:`T2801` ``conntrack-tools flooding logs`` +* :vytask:`T3681` ``The VMware Tools resume script did not run successfully in this virtual machine.`` +* :vytask:`T3774` ``atop logs are not limited in size`` +* :vytask:`T3902` ``Firewall does not load on boot, address-group not found, even though it exists`` +* :vytask:`T4796` ``build-vyos-image ignores multiple options`` +* :vytask:`T5239` ``Host name and domain name missing from the FRR configuration`` +* :vytask:`T5245` ``Wireless interfaces do not get IPv6 link-local address assigned`` +* :vytask:`T5376` ``Conntrack FTP helper does not work properly`` +* :vytask:`T5890` ``OTP key generation is broken`` +* :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed`` +* :vytask:`T5977` ``nftables: Operation not supported when using match-ipsec in outbound firewall`` +* :vytask:`T6005` ``Error on adding a wireguard interface to OSPFv3`` +* :vytask:`T6043` ``VxLAN and bridge error bug`` +* :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart`` +* :vytask:`T6064` ``Can not build VyOS if repository it not cloned to a branch`` + +**Other resolved issues** + + +* :vytask:`T671` ``Identify and remove dead code`` +* :vytask:`T874` ``Support for Two Factor Authentication for CLI access via Google Authenticator/OTP`` +* :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled`` +* :vytask:`T1436` ``Config entries with default values do not correctly show as changed`` +* :vytask:`T1487` ``DNS (pdns_recursor) stats logs not saved to disk`` +* :vytask:`T2433` ``Improve CLI value validator performance`` +* :vytask:`T3337` ``Add possibility to serve static DNS zones from the router`` +* :vytask:`T3471` ``DHCP hook is not able to detect all running DHCP instances`` +* :vytask:`T3474` ``Revisit storing syntax version of interface definitions in XML file`` +* :vytask:`T3522` ``policy based routing not working`` +* :vytask:`T3574` ``Add constraintGroup for combining validators with logical AND`` +* :vytask:`T3642` ``PKI configuration`` +* :vytask:`T3722` ``op-mode IPSec show vpn ike sa always shows L-TIME 0`` +* :vytask:`T3766` ``containers: Expanding options for networking and building containers`` +* :vytask:`T4723` ``Error when issuing 'show flow-accounting interface pppoe0'`` +* :vytask:`T4761` ``Add a generic URL validator`` +* :vytask:`T4795` ``Cleanup custom python validators`` +* :vytask:`T4951` ``Add an op mode exception for cases when operations fail due to insufficient system resources`` +* :vytask:`T5109` ``Improve OCaml XML validator`` +* :vytask:`T5195` ``Break up the vyos.util module`` +* :vytask:`T5348` ``Service config-sync can freeze the secondary router if it has commit-archive location`` +* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs`` +* :vytask:`T5754` ``Update to StrongSwan 5.9.11`` +* :vytask:`T5846` ``Refactor and simplify DUID definition in conf-mode`` +* :vytask:`T5903` ``NHRP don´t start on reboot from version 1.5-rolling-202401010026`` +* :vytask:`T6001` ``Add option to enable resolve-via-default`` +* :vytask:`T6015` ``"journalctl_charon" file does not contain data in the generated "ipsec debug-archive" file`` +* :vytask:`T6050` ``Wrong scripting commands descriptions in accel-ppp services`` +* :vytask:`T6078` ``Update ethtool to 6.6`` |