diff options
Diffstat (limited to 'docs/changelog/1.4.rst')
| -rw-r--r-- | docs/changelog/1.4.rst | 6449 |
1 files changed, 419 insertions, 6030 deletions
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 0ad129e1..260020cc 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -1,3 +1,4 @@ + ########### 1.4 Sagitta ########### @@ -8,6037 +9,425 @@ _ext/releasenotes.py -2024-04-25 -========== - -* :vytask:`T6263` ``(bug): Multicast: Could not commit multicast config with multicast join group using source-address`` -* :vytask:`T5833` ``(bug): Not all AFIs compatible with VRF`` - - -2024-04-24 -========== - -* :vytask:`T6255` ``(bug): Static table description should not contain white-space`` -* :vytask:`T6226` ``(feature): add HAPROXY `tcp-request content accept` related block to load-balancing reverse proxy config`` -* :vytask:`T6109` ``(bug): remote syslog do not get all the logs`` -* :vytask:`T6217` ``(feature): VRRP contrack-sync script change name of the logger`` -* :vytask:`T6244` ``(feature): Spacing of "Show System Uptime" hard to parse`` - - -2024-04-23 -========== - -* :vytask:`T6260` ``(bug): image-tools: remove failed image directory if 'No space left on device' error`` -* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` -* :vytask:`T6237` ``(feature): IPSec remote access VPN: ability to set EAP ID of clients`` - - -2024-04-22 -========== - -* :vytask:`T5996` ``(bug): unescape backslashes for config save, compare commands`` -* :vytask:`T6103` ``(bug): DHCP-server bootfile-name double slash syntax weird behaviour`` -* :vytask:`T6080` ``(default): Default NTP server settings`` -* :vytask:`T5986` ``(bug): Container: Error on commit when environment variable value contains \n line break`` - - -2024-04-21 -========== - -* :vytask:`T6191` ``(bug): Policy Route TCP-MSS Behavior Different from 1.3.x`` -* :vytask:`T5535` ``(feature): disable-directed-broadcast should be moved to firewall global-options`` - - -2024-04-20 -========== - -* :vytask:`T6252` ``(bug): gre tunnel - doesn't allow configure jumbo frame more than 8024`` - - -2024-04-19 -========== - -* :vytask:`T6221` ``(bug): Enabling VRF breaks connectivity`` -* :vytask:`T6035` ``(bug): QoS policy shaper queue-type random-detect requires limit avpkt`` -* :vytask:`T6246` ``(feature): Enable basic haproxy http-check configuration options`` -* :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` - - -2024-04-17 -========== - -* :vytask:`T6168` ``(bug): add system image does not set default boot to current console type in compatibility mode`` -* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` -* :vytask:`T6154` ``(enhancment): Installer should ask for password twice`` -* :vytask:`T5966` ``(default): Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments`` -* :vytask:`T5723` ``(default): mdns repeater: Always reload systemd daemon before applying changes`` -* :vytask:`T5722` ``(bug): Failing to add route in failover if gateway not in the same interface network`` -* :vytask:`T5612` ``(default): Miscellaneous improvements and fixes for dynamic DNS configuration`` -* :vytask:`T5574` ``(default): Support per-service cache management for dynamic dns providers`` -* :vytask:`T5360` ``(bug): ddclient generating abuse`` - - -2024-04-15 -========== - -* :vytask:`T6100` ``(bug): NAT config migration error in 1.4.0-epa1 if invalid address/network defined in 1.3.6 version`` -* :vytask:`T5734` ``(bug): OpenVPN server dh-params that are not in PKI error`` - - -2024-04-14 -========== - -* :vytask:`T6210` ``(feature): Add container ability to configure capability sys-nice`` - - -2024-04-13 -========== - -* :vytask:`T6173` ``(bug): Build Causes Errors When "--version" Contains Slashes ("/")`` -* :vytask:`T2518` ``(feature): Support NAT for ipv6(NPT)`` -* :vytask:`T6238` ``(default): vyos-build Check pull request title requires the python script`` -* :vytask:`T6235` ``(default): Git check PR status: conflicts and resolution`` - - -2024-04-12 -========== - -* :vytask:`T5872` ``(default): ipsec remote access VPN: support dhcp-interface`` -* :vytask:`T6216` ``(bug): Upgrade error from 1.3 to 1.4 - Firewall using character '+'`` -* :vytask:`T6214` ``(bug): Error when using some constraints`` -* :vytask:`T6213` ``(bug): Firewall group constraints`` -* :vytask:`T6148` ``(bug): Reset vpn ipsec command breaks tunnel and does not reset SAs that are down`` -* :vytask:`T1487` ``(default): DNS (pdns_recursor) stats logs not saved to disk`` -* :vytask:`T6222` ``(bug): VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters`` -* :vytask:`T6218` ``(bug): Container network interface in VRF fails to generate IPv6 link-local address`` -* :vytask:`T5959` ``(default): Streamline dns forwarding service`` -* :vytask:`T5846` ``(default): Refactor and simplify DUID definition in conf-mode`` -* :vytask:`T5631` ``(feature): Ability to export the current configuration in JSON format`` -* :vytask:`T5615` ``(default): Narrow down spurious name conflict with mdns`` -* :vytask:`T5530` ``(default): Add LFA to IS-IS`` -* :vytask:`T5195` ``(default): Break up the vyos.util module`` -* :vytask:`T5124` ``(bug): Python3 deprecation distutils.version import LooseVersion`` -* :vytask:`T1871` ``(feature): add MTU option when configure limiter traffic-policy`` -* :vytask:`T874` ``(feature): Support for Two Factor Authentication for CLI access via Google Authenticator/OTP`` -* :vytask:`T6204` ``(default): Remove shebang lines from Python modules`` -* :vytask:`T6166` ``(bug): Tech support generation error for custom output location`` -* :vytask:`T6062` ``(feature): container: add support for image manipulation based on tag name`` -* :vytask:`T5877` ``(default): Reduce unnecessary nesting in system domain-search path and improve smoketest`` -* :vytask:`T5871` ``(default): ipsec remote access VPN: specify "cacerts" to disambiguate mulitple remote access configurations`` -* :vytask:`T5870` ``(default): ipsec remote access VPN: add x509 ("pubkey") authentication`` -* :vytask:`T5772` ``(default): Require HTTPS API server configurations to include at least one key if key-based auth is used`` -* :vytask:`T5447` ``(feature): Allow static MACsec keys with peers`` -* :vytask:`T4221` ``(default): Add a template filter for converting scalars to single-item lists`` -* :vytask:`T3766` ``(feature): containers: Expanding options for networking and building containers`` - - -2024-04-11 -========== - -* :vytask:`T4516` ``(feature): Rewrite system image manipulation tools in Python`` -* :vytask:`T4548` ``(feature): GRUB loader configuration rework`` -* :vytask:`T3774` ``(bug): atop logs are not limited in size`` -* :vytask:`T3574` ``(default): Add constraintGroup for combining validators with logical AND`` -* :vytask:`T3474` ``(default): Revisit storing syntax version of interface definitions in XML file`` -* :vytask:`T160` ``(feature): Support NAT64`` -* :vytask:`T6228` ``(bug): Cleanup of not existing units`` - - -2024-04-10 -========== - -* :vytask:`T6207` ``(bug): image-tools: restore ability to copy config.boot.default on image install`` -* :vytask:`T5750` ``(bug): Upgrade from 1.3.4 to 1.4 Rolling fails QoS`` -* :vytask:`T5858` ``(bug): Show conntrack statistics formatting is all over the place`` -* :vytask:`T4734` ``(feature): Feature Request: openvpn: add OTP 2FA support`` - - -2024-04-09 -========== - -* :vytask:`T3409` ``(feature): Add back TCP-MSS Clamp to PMTU`` -* :vytask:`T6121` ``(feature): Extend service config-sync for sections vpn, policy, vrf`` - - -2024-04-08 -========== - -* :vytask:`T6197` ``(bug): IPoE-server interface client-subnet looks broken or works with the wrong logic`` -* :vytask:`T6196` ``(bug): Route-map and summary-only do not work in BGP aggregation at the same time`` -* :vytask:`T6068` ``(feature): dhcp server: allow switching between load-balanced and hotspare mode`` - - -2024-04-07 -========== - -* :vytask:`T6205` ``(bug): ipoe: error in migration script logic while renaming mac-address to mac node`` -* :vytask:`T6039` ``(bug): cloud-init DNS search-domain causes configuration migration/validation error`` -* :vytask:`T5862` ``(bug): Default MTU is not acceptable in some environments`` -* :vytask:`T6208` ``(feature): container: rename "cap-add" CLI node to "capability"`` -* :vytask:`T6188` ``(feature): Add Firewall Rule Description to "show firewall" commands`` -* :vytask:`T1244` ``(default): Support for StartupResync in conntrackd`` - - -2024-04-06 -========== - -* :vytask:`T6203` ``(enhancment): Remove obsoleted xml lib`` -* :vytask:`T6202` ``(bug): Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1`` - - -2024-04-05 -========== - -* :vytask:`T6089` ``(bug): [1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added`` -* :vytask:`T2590` ``(bug): DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` -* :vytask:`T6199` ``(feature): spring cleaning - drop unused Python imports`` - - -2024-04-04 -========== - -* :vytask:`T6119` ``(default): Use a compliant TOML parser`` -* :vytask:`T6171` ``(feature): dhcp server fail-over - Rename fail-over node`` -* :vytask:`T6115` ``(bug): Build from Git tags fail`` -* :vytask:`T5122` ``(feature): Move "archive-areas" to defaults.toml to support "non-free-firmware" repository`` -* :vytask:`T5121` ``(bug): Incorrect "architecture" config loaded`` -* :vytask:`T4951` ``(default): Add an op mode exception for cases when operations fail due to insufficient system resources`` -* :vytask:`T4883` ``(default): Add a description field for routing tables`` -* :vytask:`T4796` ``(bug): build-vyos-image ignores multiple options`` -* :vytask:`T4795` ``(feature): Cleanup custom python validators`` -* :vytask:`T4761` ``(default): Add a generic URL validator`` -* :vytask:`T3843` ``(bug): l2tp configuration not cleared after delete`` -* :vytask:`T3681` ``(default): The VMware Tools resume script did not run successfully in this virtual machine.`` -* :vytask:`T1991` ``(feature): Rework time services`` -* :vytask:`T5711` ``(default): Put the version data file inside the ISO image`` -* :vytask:`T5672` ``(default): Remove the old-style command definition importer`` -* :vytask:`T5639` ``(default): Group vyos-1x dependencies by their VyOS components and specify their purpose`` -* :vytask:`T5638` ``(default): Add support for requiring numeric values to be ranges rather than single numbers`` -* :vytask:`T5634` ``(default): Remove support for Blowfish and DES from OpenVPN`` -* :vytask:`T5605` ``(default): Do not generate keysize option in OpenVPN configs`` -* :vytask:`T5582` ``(default): Add a command to force NTP sync`` -* :vytask:`T5449` ``(default): Add options for TCP MSS probing`` -* :vytask:`T4440` ``(default): Add OCI compliant image labels to vyos-build and vyos containers`` -* :vytask:`T671` ``(enhancment): Identify and remove dead code`` -* :vytask:`T5109` ``(feature): Improve OCaml XML validator`` -* :vytask:`T1449` ``(feature): Add opportunity to include custom default configs (few) at building`` - - -2024-04-03 -========== - -* :vytask:`T6198` ``(feature): configverify: add common helper for PKI certificate validation`` -* :vytask:`T6192` ``(feature): Multi VRF support for SSH`` - - -2024-04-02 -========== - -* :vytask:`T6167` ``(bug): VNI not set on VRF after reboot`` -* :vytask:`T6151` ``(default): BGP VRF - Route-leaking not work when the next-hop is a recursive route.`` -* :vytask:`T6033` ``(bug): hsflowd fails to start when using a tunnel interface`` - - -2024-04-01 -========== - -* :vytask:`T6195` ``(feature): dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1`` -* :vytask:`T6193` ``(bug): dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` -* :vytask:`T6178` ``(bug): Reverse-proxy should check that certificate exists during commit`` - - -2024-03-31 -========== - -* :vytask:`T6186` ``(bug): Fix regression in 'set system image default-boot'`` -* :vytask:`T5832` ``(feature): Keepalived: Allow using the 'dev' statement on excluded-addresses`` - - -2024-03-28 -========== - -* :vytask:`T6147` ``(bug): Conntrack not working as expected with global state-policy`` -* :vytask:`T6175` ``(bug): op-mode: "renew dhcp interface <name>" does not check if it's an actual DHCP interface`` - - -2024-03-26 -========== - -* :vytask:`T6066` ``(bug): Setting same network in different ospf area will raise exception`` - - -2024-03-25 -========== - -* :vytask:`T6145` ``(bug): Service config-sync does not rely on priorities but must`` - - -2024-03-24 -========== - -* :vytask:`T6161` ``(feature): Output container images as JSON`` -* :vytask:`T6165` ``(bug): grub: vyos-grub-update failed to start on "slow" systems`` -* :vytask:`T6085` ``(bug): VTI interfaces are in UP state by default`` -* :vytask:`T6152` ``(bug): Kernel panic for ZimaBoard 232`` - - -2024-03-23 -========== - -* :vytask:`T6160` ``(bug): isis: NameError: name 'process' is not defined`` -* :vytask:`T6131` ``(bug): Disabling openvpn interface(s) causes OSPF to fail to load on reboot`` -* :vytask:`T4022` ``(feature): Add package nat-rtsp-dkms`` - - -2024-03-22 -========== - -* :vytask:`T6136` ``(bug): Configuring a dynamic address group, config script did not check whether the group was created`` -* :vytask:`T6130` ``(bug): [1.3.6->1.4.0-epa2 Migration] BGP "set community" missing`` -* :vytask:`T6090` ``(bug): [1.3.6->1.4.0-epa1 Migration] policy route fails due tcp flag case sensitivity`` -* :vytask:`T6155` ``(default): ixgbe: failed to initialize because an unsupported SFP+ module type was detected.`` -* :vytask:`T6125` ``(feature): Support 802.1ad (0x88a8) vlan filtering for bridge`` -* :vytask:`T5624` ``(default): Remove /etc/debian_version from the image`` - - -2024-03-21 -========== - -* :vytask:`T6143` ``(feature): Increase configuration timeout range for service config-sync`` - - -2024-03-20 -========== - -* :vytask:`T6133` ``(feature): Add domain-name to commit-archive`` -* :vytask:`T6129` ``(feature): bgp: add route-map option "as-path exclude all"`` - - -2024-03-19 -========== - -* :vytask:`T6127` ``(bug): Ability to view logs for rules with Offload not functional`` -* :vytask:`T6138` ``(bug): Conntrack table op-mode fails with flowtable offload entries`` - - -2024-03-15 -========== - -* :vytask:`T6118` ``(feature): radvd: RFC8781: add nat64prefix support`` - - -2024-03-12 -========== - -* :vytask:`T6020` ``(bug): VRRP health-check script is not applied correctly in keepalived.conf`` -* :vytask:`T5646` ``(bug): QoS policy limiter broken if class without match`` -* :vytask:`T2433` ``(feature): Improve CLI value validator performance`` -* :vytask:`T1436` ``(bug): Config entries with default values do not correctly show as changed`` - - -2024-03-11 -========== - -* :vytask:`T6098` ``(bug): Description doesnt seem to allow for non international characters`` -* :vytask:`T6070` ``(bug): bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading`` -* :vytask:`T2998` ``(bug): SNMP v3 oid "exclude" option doesn't work`` -* :vytask:`T6107` ``(bug): Nginx does not allow big config queries for configure endpoint API`` -* :vytask:`T6096` ``(bug): Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` -* :vytask:`T6093` ``(bug): Incorrect dhcp-options vendor-class-id regex`` -* :vytask:`T6083` ``(feature): ethtool: move string parsing to JSON parsing`` -* :vytask:`T6069` ``(bug): HTTP API segfault during concurrent configuration requests`` -* :vytask:`T6057` ``(feature): Add ability to disable syslog for conntrackd`` -* :vytask:`T5504` ``(feature): Keepalived VRRP ability to set more than one peer-address`` -* :vytask:`T5717` ``(feature): ospfv3 - add allow to set metric-type to ospf redistribution while frr docs says its possible.`` -* :vytask:`T6071` ``(bug): firewall: CLI description limit of 256 characters cause config upgrade issues`` - - -2024-03-08 -========== - -* :vytask:`T6086` ``(bug): NAT does not work with network-groups`` -* :vytask:`T6094` ``(bug): Destination Nat not Making Firewall Rules`` -* :vytask:`T6061` ``(bug): connection-status nat destination firewall filter not working in 1.4.0-epa1`` -* :vytask:`T6075` ``(bug): Applying firewall rules with a non-existent interface group`` - - -2024-03-07 -========== - -* :vytask:`T6104` ``(bug): Regression in commit-archive for non-interactive configuration`` -* :vytask:`T6084` ``(bug): OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration`` -* :vytask:`T5348` ``(bug): Service config-sync can freeze the secondary router if it has commit-archive location`` -* :vytask:`T6073` ``(bug): Conntrack/NAT not being disabled when VRFs are defined`` -* :vytask:`T6095` ``(default): Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"`` - - -2024-03-06 -========== - -* :vytask:`T6079` ``(bug): dhcp: migration fails for duplicate static-mapping`` - - -2024-03-05 -========== - -* :vytask:`T5903` ``(bug): NHRP don´t start on reboot from version 1.5-rolling-202401010026`` -* :vytask:`T2447` ``(feature): Additional Boot Argument Configuration to limit CPU C-States`` - - -2024-03-04 -========== - -* :vytask:`T6054` ``(bug): load-balancing wan - doesn't configure a list of ports`` -* :vytask:`T6087` ``(feature): ospfv3: add support to redistribute IS-IS routes`` - - -2024-03-02 -========== - -* :vytask:`T6081` ``(bug): QoS policy shaper target and interval wrong calcuations`` - - -2024-02-29 -========== - -* :vytask:`T6078` ``(feature): Update ethtool to 6.6`` -* :vytask:`T6077` ``(feature): banner: implement ASCII contest winner default logo`` -* :vytask:`T6074` ``(feature): container: do not allow deleting images which have a container running`` - - -2024-02-28 -========== - -* :vytask:`T6055` ``(bug): PKI error: "failed to install x value" when executed the command from conf mode`` -* :vytask:`T4270` ``(bug): dns forwarding - When "ignore-hosts-file" is unset, local hostname of router resolves to 127.0.1.1`` - - -2024-02-27 -========== - -* :vytask:`T6065` ``(bug): Duplicate lines in build-vyos-image script cause sagitta build to fail`` -* :vytask:`T5080` ``(bug): Conntrack enabled by default`` - - -2024-02-26 -========== - -* :vytask:`T6064` ``(bug): Can not build VyOS if repository it not cloned to a branch`` -* :vytask:`T5754` ``(default): Update to StrongSwan 5.9.11`` - - -2024-02-25 -========== - -* :vytask:`T6060` ``(feature): op-mode: container: support removing all container images at once`` - - -2024-02-24 -========== - -* :vytask:`T5909` ``(bug): Container registry with authentication prevents config load (section container) after reboot`` - - -2024-02-23 -========== - -* :vytask:`T5376` ``(bug): Conntrack FTP helper does not work properly`` -* :vytask:`T970` ``(feature): Hostname Support in NAT and Firewall Rules`` -* :vytask:`T4940` ``(feature): Interface debugging`` - - -2024-02-22 -========== - -* :vytask:`T6048` ``(bug): Exception in event handler script`` -* :vytask:`T3902` ``(bug): Firewall does not load on boot, address-group not found, even though it exists`` - - -2024-02-21 -========== - -* :vytask:`T6050` ``(bug): Wrong scripting commands descriptions in accel-ppp services`` - - -2024-02-19 -========== - -* :vytask:`T5971` ``(default): Create the same view of ppp section for all accel-ppp services`` -* :vytask:`T6029` ``(default): Rewrite Accel-PPP services to an identical feature set`` -* :vytask:`T3722` ``(bug): op-mode IPSec show vpn ike sa always shows L-TIME 0`` - - -2024-02-18 -========== - -* :vytask:`T6043` ``(bug): VxLAN and bridge error bug`` -* :vytask:`T6041` ``(bug): image-tools: install fails from PXE boot into live iso due to restrictive logic`` - - -2024-02-17 -========== - -* :vytask:`T5972` ``(feature): login: add possibility to disable individual local user accounts`` - - -2024-02-16 -========== - -* :vytask:`T6009` ``(bug): Firewall - Time not working properly when not using UTC`` -* :vytask:`T6005` ``(bug): Error on adding a wireguard interface to OSPFv3`` -* :vytask:`T2113` ``(bug): OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` -* :vytask:`T6019` ``(feature): Bump nftables and libnftnl version`` -* :vytask:`T3471` ``(bug): DHCP hook is not able to detect all running DHCP instances`` -* :vytask:`T6015` ``(default): "journalctl_charon" file does not contain data in the generated "ipsec debug-archive" file`` -* :vytask:`T6001` ``(default): Add option to enable resolve-via-default`` -* :vytask:`T5965` ``(bug): WWAN modems using raw-ip do not work with dhclient/dhcp6c`` -* :vytask:`T5418` ``(bug): PPPoE-Server Client IP pool Subnet`` -* :vytask:`T5245` ``(bug): Wireless interfaces do not get IPv6 link-local address assigned`` - - -2024-02-15 -========== - -* :vytask:`T5977` ``(bug): nftables: Operation not supported when using match-ipsec in outbound firewall`` -* :vytask:`T2612` ``(bug): HTTPS API, changing API key fails but goes through`` -* :vytask:`T5989` ``(bug): IP subnets not usable in UPnP ACLs`` -* :vytask:`T5890` ``(default): OTP key generation is broken`` -* :vytask:`T5719` ``(default): mdns repeater: Add op-mode commands`` -* :vytask:`T4839` ``(feature): Dynamic Firewall groups`` -* :vytask:`T4801` ``(feature): Support for building AWS-ready ISO`` -* :vytask:`T3993` ``(enhancment): Extend HTTP API GraphQL support`` -* :vytask:`T3991` ``(bug): PKI operational command return traceback`` -* :vytask:`T3780` ``(bug): VTI not being brought down when tunnel is down`` -* :vytask:`T3001` ``(feature): Disable spectre mitigation patches from CLI`` -* :vytask:`T562` ``(feature): PDNS: Add support for authoritative dns server`` -* :vytask:`T71` ``(feature): Add virtual IP and route installation policy options for IPsec`` -* :vytask:`T5496` ``(default): `show firewall` error`` -* :vytask:`T4038` ``(default): Rewrite `vyatta-image-tools.pl` in Python`` -* :vytask:`T4997` ``(default): Add DHCP client user hooks dir`` -* :vytask:`T775` ``(feature): Config Sync between two VyOS routers`` -* :vytask:`T381` ``(feature): config nodes for EasyRSA CAs`` -* :vytask:`T118` ``(feature): Native Zabbix Support`` - - -2024-02-14 -========== - -* :vytask:`T6034` ``(feature): rpki: move file based SSH keys for authentication to PKI subsystem`` -* :vytask:`T5981` ``(bug): IPsec site-to-site migrated PKI ca certificates are created with an '@'`` -* :vytask:`T5930` ``(bug): vrf - route-leak not work using route-target both command.`` -* :vytask:`T5709` ``(bug): IPoE-server fails if next pool mentioned but not defined`` -* :vytask:`T4119` ``(bug): Issue with l2tp remote-access ipv6 configuration`` -* :vytask:`T2044` ``(bug): RPKI doesn't boot properly`` -* :vytask:`T6032` ``(feature): bgp: add EVPN MAC-VRF Site-of-Origin support`` -* :vytask:`T5960` ``(default): Rewriting authentication section in accel-ppp services`` - - -2024-02-13 -========== - -* :vytask:`T5928` ``(bug): Configuration fails to load on boot if offloading has VLAN interfaces defined`` -* :vytask:`T5482` ``(bug): Chrony NTP Server Fails To Sync Time`` -* :vytask:`T5064` ``(bug): Value validation for domain-groups seems to be broken`` - - -2024-02-12 -========== - -* :vytask:`T6010` ``(bug): Support setting multiple values in BGP path-attribute`` -* :vytask:`T6004` ``(bug): RPKI is not configured`` -* :vytask:`T5952` ``(default): DHCP allow same MAC Address on same subnet`` -* :vytask:`T5849` ``(feature): Add SRv6 route commands`` - - -2024-02-10 -========== - -* :vytask:`T6023` ``(bug): rpki: add support for CLI knobs expire-interval and retry-interval`` -* :vytask:`T1090` ``(default): Webproxy overhaul`` - - -2024-02-09 -========== - -* :vytask:`T6028` ``(bug): QoS policy shaper wrong class_id_max and default_minor_id`` -* :vytask:`T6026` ``(bug): QoS hide attempts to delete qdisc from devices`` -* :vytask:`T5788` ``(feature): frr: update to 9.1 release`` -* :vytask:`T5703` ``(bug): QoS config on pppoe interface resets back to fq_codel after tunnel reboots`` -* :vytask:`T5685` ``(feature): Keepalived VRRP prefix is not necessary for the virtual address`` - - -2024-02-08 -========== - -* :vytask:`T6014` ``(feature): Bump keepalived version`` -* :vytask:`T5910` ``(bug): Grub problem(?) Serial Console no longer working`` -* :vytask:`T6021` ``(bug): QoS r2q wrong calculation`` - - -2024-02-07 -========== - -* :vytask:`T6017` ``(bug): Update vyos-http-api-tools for security advisory`` -* :vytask:`T6016` ``(bug): Resolve intermittent failures in cleanup function after failed image install`` -* :vytask:`T6024` ``(feature): bgp: add additional missing FRR features`` -* :vytask:`T6011` ``(feature): rpki: known-hosts-file is no longer supported by FRR CLI - remove VyOS CLI node`` -* :vytask:`T5998` ``(feature): replay_window setting under vpn in config`` - - -2024-02-06 -========== - -* :vytask:`T6018` ``(default): smoketest: updating http-api framework requires a pause before test`` -* :vytask:`T5921` ``(bug): Trying to commit an OpenConnect configuration without any local users results in an exception`` -* :vytask:`T5687` ``(feature): Implement ECS settings for PowerDNS recursor`` - - -2024-02-05 -========== - -* :vytask:`T5974` ``(bug): QoS policy shaper is currently miscalculating bandwidth and ceil values for the default class`` -* :vytask:`T5865` ``(feature): Rewrite ipv6 pool section to ipv6 named pools in Accel-ppp services`` - - -2024-02-02 -========== - -* :vytask:`T5739` ``(bug): Password recovery does not work if public keys are configured`` -* :vytask:`T5955` ``(feature): Rootless containers/set uid/gid for container`` -* :vytask:`T5941` ``(bug): [1.3.5 -> 1.4.0-RC1 Migration] Orphaned Configuration Nodes Cause Issues`` -* :vytask:`T6003` ``(feature): Add 'show rpki as-number' and 'show rpki prefix'`` -* :vytask:`T5848` ``(feature): Add triple-isolate flow isolation option to CAKE QoS policy`` - - -2024-02-01 -========== - -* :vytask:`T5995` ``(bug): Kernel NIC-drivers for Huawei NICs are not properly enabled`` -* :vytask:`T5978` ``(bug): ethernet: hw-tc-offload does not actually get enabled on the NIC`` -* :vytask:`T5979` ``(enhancment): Add configurable kernel boot parameters`` -* :vytask:`T5973` ``(bug): vrf: RTNETLINK answers: File exists`` -* :vytask:`T5967` ``(bug): Multi-hop BFD connections can't be established; please add minimum-ttl option.`` -* :vytask:`T5619` ``(default): Update the Intel ixgbe driver due to issues with Intel X533`` - - -2024-01-31 -========== - -* :vytask:`T6000` ``(bug): [1.3.x -> 1.5.x] migrating threw exception in /opt/vyatta/etc/config-migrate/migrate/https/5-to-6, performed workaround`` -* :vytask:`T5999` ``(bug): load-balancing reverse-proxy can't configure root as a redirect`` - - -2024-01-30 -========== - -* :vytask:`T5980` ``(feature): Add image-tools support for configurable kernel boot options`` - - -2024-01-29 -========== - -* :vytask:`T5988` ``(bug): image-tools: a check of valid image name is missing from 'add image'`` -* :vytask:`T5994` ``(bug): Fix typo in 'remote' module preventing 'add system image' via ftp`` - - -2024-01-26 -========== - -* :vytask:`T5957` ``(bug): Firewall fails to delete inbound-interface name`` -* :vytask:`T5779` ``(bug): custom conntrack timeout rule not applicable`` -* :vytask:`T5984` ``(feature): Add user util numactl`` - - -2024-01-25 -========== - -* :vytask:`T5983` ``(bug): image-tools: minor regression in pruning version files in compatibility mode`` -* :vytask:`T5927` ``(bug): QoS policy shaper-hfsc class does not have a `bandwidth` node but requires one in the check`` -* :vytask:`T5834` ``(bug): Rename 'enable-default-log' to 'default-log'`` - - -2024-01-22 -========== - -* :vytask:`T5968` ``(feature): hsflowd: add VRF support`` -* :vytask:`T5975` ``(bug): GraphQL expects script otp.py that does not exists in 1.4`` -* :vytask:`T5961` ``(bug): QoS policy shaper vif with ceiling fails on commit`` -* :vytask:`T5958` ``(bug): QoS policy shaper-hfsc is not implemented`` -* :vytask:`T5160` ``(feature): Firewall refactor`` -* :vytask:`T5969` ``(feature): op-mode: list multicast group membership`` - - -2024-01-21 -========== - -* :vytask:`T5799` ``(bug): vyos unbootable after 1.4-rolling-202308240020 to 1.5-rolling-202312010026 upgrade`` -* :vytask:`T5787` ``(bug): dhcp-server allows duplicate static-mapping for the same IP address`` -* :vytask:`T5692` ``(enhancment): NTP leap smear`` -* :vytask:`T5954` ``(feature): Enable nvme_hwmon and drivetemp in KERNEL`` - - -2024-01-20 -========== - -* :vytask:`T5915` ``(bug): Firewall zone - Re add op-mode commands`` -* :vytask:`T5805` ``(bug): Missed per-interface statistic in telegraf`` -* :vytask:`T5724` ``(feature): About dhcp client hooks`` -* :vytask:`T5577` ``(bug): Optimize PAM configs for RADIUS/TACACS+`` -* :vytask:`T5550` ``(bug): Source validation on interface does not work properly`` -* :vytask:`T5267` ``(bug): Another corruption on upgrade`` -* :vytask:`T5239` ``(bug): frr 'hostname' missing or incorrect, and domain-name missing totally`` -* :vytask:`T5219` ``(bug): ddclient: Cloudflare doesn't require login`` -* :vytask:`T5217` ``(feature): Add firewall SYNPROXY`` -* :vytask:`T5203` ``(feature): load-balancing wan add systemd unit instead of old vyatta-wanloadbalance.init`` -* :vytask:`T5199` ``(bug): Salt-minion cannot connect to server in python 3.10 and up`` -* :vytask:`T5138` ``(feature): Add patch to accel-ppp build L2TP LNS use Calling-Number as RADIUS Calling-Station-ID`` -* :vytask:`T5054` ``(bug): ipsec: "show vpn ipsec remote-access" does not list active connections`` -* :vytask:`T5053` ``(bug): Vyatta-cfg Post-Removal Hook Tries to Disable Deleted Service`` -* :vytask:`T5035` ``(feature): Add more actions to policy route rule`` -* :vytask:`T4990` ``(bug): Commit results may not be properly saved if power is cut immediately after a successful commit`` -* :vytask:`T4988` ``(default): Expose time and size conversion functions as Jinja2 filters`` -* :vytask:`T4986` ``(feature): Ability to filter traffic originating from the router itself via firewall`` -* :vytask:`T4963` ``(default): vyos.ethtool: improve/fix driver name detection`` -* :vytask:`T4935` ``(bug): ospfv3: "not-advertise" and "advertise" conflict`` -* :vytask:`T4897` ``(bug): Setting 'source-address' or `source-interface` on existing vxlan interface doesn't work`` -* :vytask:`T4888` ``(default): Rewrite the conntrack sync script using vyos.opmode`` -* :vytask:`T4863` ``(feature): need an option for route policy to apply to dynamic interfaces l2tp*/ipoe*/pppoe* (for TCP MSS setting)`` -* :vytask:`T4817` ``(feature): Please add support for RFC 9234`` -* :vytask:`T4765` ``(default): Normalize field names in op mode JSON outputs`` -* :vytask:`T4751` ``(enhancment): Feature Request: system login: 2FA OTP key generator in VyOS CLI`` -* :vytask:`T4726` ``(default): Add completion and validation for the accel-ppp RADIUS vendor option`` -* :vytask:`T4722` ``(default): Improve abbreviation/acronym consistency`` -* :vytask:`T4172` ``(feature): Patch ndppd to not read route table if there are no auto prefixes`` -* :vytask:`T4085` ``(feature): Rewrite L2TP/PPTP/SSTP/PPPoE services to get_config_dict`` -* :vytask:`T4031` ``(feature): Ability to configure DMVPN in vrf`` -* :vytask:`T4030` ``(bug): SR-IOV and interface renaming bug`` -* :vytask:`T4014` ``(feature): Add “command” and “arg” configuration options for containers`` -* :vytask:`T3965` ``(default): arm: Extend configure scripts to allow for arm builds`` -* :vytask:`T3813` ``(bug): Some custom sysctl parameters can't be applied bug`` -* :vytask:`T3778` ``(bug): Abnormal network communication and settings`` -* :vytask:`T3591` ``(bug): OpenVPN with/without VRF not working (NordVPN)`` -* :vytask:`T3372` ``(feature): Support public HTTPS repos in live-build`` -* :vytask:`T5963` ``(bug): QoS policy shaper rate calculations could be wrong for some ethernet devices`` -* :vytask:`T5962` ``(feature): QoS policy set default speed to 100mbit or 1gbit instead of 10mbit`` -* :vytask:`T5697` ``(bug): event-handler keep failing`` -* :vytask:`T4779` ``(default): Make raw op mode command outputs use bytes for data amount values`` - - -2024-01-19 -========== - -* :vytask:`T5897` ``(bug): VyOS with Cloud-init and VRF stucks at reboot/shutdown process`` -* :vytask:`T5554` ``(bug): Disable sudo for PAM RADIUS`` -* :vytask:`T4754` ``(default): Improvement: system login: show configured 2FA OTP key`` -* :vytask:`T5857` ``(bug): show interfaces wireless info`` -* :vytask:`T5841` ``(default): Remove old ssh-session-cleanup.service`` -* :vytask:`T5543` ``(bug): Fix source address handling in static joins`` -* :vytask:`T5884` ``(default): Minor description fix (op-mode: generate wireguard)`` -* :vytask:`T5781` ``(default): Add ability to add additional minisign keys`` - - -2024-01-18 -========== - -* :vytask:`T5863` ``(bug): Failure to Load Config on Recent 1.5 Versions`` -* :vytask:`T4638` ``(bug): Deleting a parent interface does not delete its underlying VLAN interfaces`` -* :vytask:`T5953` ``(default): Rename 'close_action' value from `hold` to `trap` in IPSEC IKE`` -* :vytask:`T905` ``(bug): The command show remote-config does not work for remote-platform openvpn`` - - -2024-01-17 -========== - -* :vytask:`T5923` ``(bug): Config mode system_console.py is not aware of revised GRUB file structure`` -* :vytask:`T4658` ``(feature): Rename DPD action `hold` to `trap``` -* :vytask:`T5932` ``(bug): 1.4-rolling-202304120317 to 1.4.0-rc1: dynamic dns migration fail`` - - -2024-01-16 -========== - -* :vytask:`T5951` ``(bug): [1.4.0-RC2] show hardware dmi Operational Mode Command Broken`` -* :vytask:`T5937` ``(bug): [1.3.5 -> 1.4.0-RC1 Migration] IPv6 BGP Neighbor Peer Groups Missing / Not Migrated`` -* :vytask:`T5889` ``(bug): Migration NAT 5-to-6 bug`` -* :vytask:`T5859` ``(bug): Invalid format of pool range in accel-ppp services`` -* :vytask:`T5842` ``(feature): Rewrite PPTP service to get_config_dict`` -* :vytask:`T5801` ``(feature): Rewrite L2TP service to get_config_dict`` -* :vytask:`T5688` ``(default): Create the same view of pool configuration for all accel-ppp services`` - - -2024-01-15 -========== - -* :vytask:`T5944` ``(bug): "reboot in 1" not working`` -* :vytask:`T5936` ``(bug): [1.3.5 -> 1.4.0-RC1 Migration] OSPF Passive Interface Configuration Not Working Correctly`` -* :vytask:`T5247` ``(bug): the bug of the command "show interfaces system"`` -* :vytask:`T5901` ``(bug): Cloud-init and DHCP exit hook errors`` -* :vytask:`T4856` ``(bug): DHCP-client exit hook for IPsec is incorrect`` -* :vytask:`T2556` ``(bug): "show interfaces vrrp" does not return any interface`` - - -2024-01-14 -========== - -* :vytask:`T4428` ``(feature): Update ddclient to newer version`` - - -2024-01-12 -========== - -* :vytask:`T5925` ``(feature): Containers change systemd KillMode`` -* :vytask:`T5920` ``(bug): Quick Start documentation contains error`` -* :vytask:`T5919` ``(bug): Firewall - opmode for ipv6`` -* :vytask:`T5306` ``(default): bgp config migration failed with v6only option configured with peer-group`` -* :vytask:`T3429` ``(bug): Hyper-V integration services not working on VyOS 1.4 (sagitta/current)`` - - -2024-01-11 -========== - -* :vytask:`T5896` ``(bug): Config Error on Boot with Podman and Firewall`` -* :vytask:`T5532` ``(bug): After add system image the boot stuck and works again after the second reboot`` -* :vytask:`T5512` ``(bug): build linux-firmware script cannot expand asterisks if firmware name is a glob string`` -* :vytask:`T5379` ``(bug): show system updates doesnt seem to be working`` -* :vytask:`T5275` ``(default): Add op mode commands for exporting certificates to PEM files with correct headers`` -* :vytask:`T5274` ``(default): Add a deprecation warning for OpenVPN site-to-site with pre-shared secret`` -* :vytask:`T5262` ``(default): Warn the user about unsaved config on reboot/shutdown attempts`` -* :vytask:`T5257` ``(feature): Cannont assign netflow source ip to ip in non default VRF`` -* :vytask:`T5026` ``(feature): Python3 modules crypt and spwd are deprecated`` -* :vytask:`T5814` ``(bug): VyOS 1.3 to 1.4 LTS Firewall ruleset migration script breaks configuration`` -* :vytask:`T4610` ``(bug): Firewall with 20K entries cannot load after reboot`` -* :vytask:`T3191` ``(bug): PAM RADIUS freezing when accounting does not configured on RADIUS server`` -* :vytask:`T5917` ``(feature): Restore annotations of (running)/(default boot) in select image list`` -* :vytask:`T5916` ``(default): Added segment routing check for index size and SRGB size`` -* :vytask:`T5913` ``(feature): Allow for Peer-Groups in ipv4-labeled-unicast SAFI`` - - -2024-01-10 -========== - -* :vytask:`T5918` ``(bug): Verification problem for `set vpn ipsec interface``` -* :vytask:`T5911` ``(bug): pki: service update ignored if certificate name contains a hyphen (-)`` -* :vytask:`T5886` ``(feature): Add support for ACME protocol (LetsEncrypt)`` -* :vytask:`T5766` ``(bug): http: rewrite conf-mode script to get_config_dict()`` -* :vytask:`T5144` ``(default): Modernize dynamic dns operation`` -* :vytask:`T4689` ``(feature): Support RFS(Receive Flow Steering)`` -* :vytask:`T4659` ``(feature): Use vtysh to display bridge and some interface parameter information`` -* :vytask:`T4646` ``(bug): USB serial output console does not work`` -* :vytask:`T4577` ``(bug): WWAN commit failed which simple config`` -* :vytask:`T4502` ``(feature): Consider implementing (NAT/other) flow table offload`` -* :vytask:`T4446` ``(default): Unified CLI for displaying neithbors (ARP, IP, and NDP)`` -* :vytask:`T4427` ``(default): Remove the vyos-utils package list from vyos-build`` -* :vytask:`T4300` ``(feature): Extend list of supported interfaces for Cloud-init Network Configuration`` -* :vytask:`T4250` ``(bug): Organize logrotate settings to avoid duplicates`` -* :vytask:`T4236` ``(feature): Generate ovpn openvpn client configuration files`` -* :vytask:`T4222` ``(feature): Support for TWAMP as round-trip metric`` -* :vytask:`T3833` ``(bug): Cloud-init not finding data source in OpenStack`` -* :vytask:`T5902` ``(bug): http: remove virtual-host configuration in webserver`` -* :vytask:`T3499` ``(bug): Podman is not compatible with nat rules`` -* :vytask:`T3430` ``(bug): Cloud-init failing with “Unable to render networking” on VyOS 1.3`` -* :vytask:`T3011` ``(bug): router becomes unreachable for few minutes when vti interfaces goes down`` -* :vytask:`T5791` ``(default): Update dynamic dns configuration path to be consistent with other areas of VyOS`` -* :vytask:`T5708` ``(default): Additional dynamic dns improvements to align with ddclient 3.11.1 release`` -* :vytask:`T5573` ``(bug): Fix ddclient cache entries`` -* :vytask:`T5012` ``(feature): Control network configuration from Cloud-Init config`` -* :vytask:`T3116` ``(feature): Support back-end L4 level load balancing`` -* :vytask:`T5614` ``(default): Add conntrack helper matching on firewall`` -* :vytask:`T4782` ``(enhancment): Allow multiple CA certificates (on e.g. EAPoL)`` -* :vytask:`T2199` ``(default): Rewrite firewall in new XML/Python style`` - - -2024-01-09 -========== - -* :vytask:`T5898` ``(bug): Replace partprobe with partx due to unable to install VyOS`` -* :vytask:`T5838` ``(feature): Add Infiniband kernel modules`` -* :vytask:`T5785` ``(bug): API output of show container image broken`` -* :vytask:`T5410` ``(feature): Improve `utils.convert.convert_data()` to process all stdtypes`` -* :vytask:`T5269` ``(default): OpenVPN non-TLS site-to-site mode deprecation`` -* :vytask:`T5249` ``(feature): Add rollback-soft feature to rollback without a reboot`` -* :vytask:`T4944` ``(default): Prevent op mode functions from returning bare literals in raw output`` -* :vytask:`T4910` ``(default): Rewrite the remote access VPN op mode in the new style`` -* :vytask:`T4470` ``(feature): Rewrite load-balancing wan to XML/Python`` -* :vytask:`T3763` ``(bug): wireguard checks if port already binding`` -* :vytask:`T3489` ``(bug): NUMA has been disabled for the past few years and no-one has noticed`` -* :vytask:`T3476` ``(feature): Update availability check`` -* :vytask:`T2845` ``(bug): BGP conf_mode unable to delete configuration with peer-group`` -* :vytask:`T2844` ``(bug): BGP conf_mode errors disable-send-community`` -* :vytask:`T2755` ``(default): Requirements for partial interface setup`` -* :vytask:`T2721` ``(enhancment): Set FQ-CoDel as the default queueing mechanism for every class in Shaper`` -* :vytask:`T2511` ``(feature): Migrate vyatta-op-quagga to new XML format`` -* :vytask:`T2302` ``(default): Convert configuration scripts from executables to modules and use a script runner`` -* :vytask:`T2281` ``(feature): DHCP and Static IPs on Same Interface`` -* :vytask:`T2216` ``(default): Containerized third-party applications for VyOS`` -* :vytask:`T2171` ``(feature): Unify creation and manipulation of interfaces`` -* :vytask:`T1759` ``(feature): Replacing Vyatta::Interface perl`` -* :vytask:`T2408` ``(enhancment): DHCP Relay upstream and downstream interfaces`` -* :vytask:`T1297` ``(feature): Add GARP settings to VRRP/keepalived`` - - -2024-01-08 -========== - -* :vytask:`T5888` ``(bug): Firewall upgrade fails because of icmpv6`` -* :vytask:`T5844` ``(bug): HTTPS API doesn't start without configured keys even when GraphQL authentication type is set to token`` -* :vytask:`T5664` ``(bug): 1.4 user has no permissions?`` -* :vytask:`T5215` ``(default): Add a built-in ICMP health check for VRRP groups`` -* :vytask:`T5045` ``(bug): BFD is not starting after upgrade to 1.4-rolling-202302150317`` -* :vytask:`T4193` ``(default): Add support for transparent firewall`` -* :vytask:`T3754` ``(default): Make config scripts more testable`` -* :vytask:`T3663` ``(default): Use inotify file watching where applicable`` -* :vytask:`T3480` ``(bug): Does not possible to change console baud-rate`` -* :vytask:`T2897` ``(default): Remove cluster command`` -* :vytask:`T5904` ``(feature): op-mode: add "show ipv6 route vrf <name> <prefix>" command`` - - -2024-01-07 -========== - -* :vytask:`T5891` ``(bug): OpenVPN IPv6 config issue with 1.4-rc1`` -* :vytask:`T5887` ``(feature): Upgrade Linux Kernel to 6.6.y (2023 LTS edition)`` - - -2024-01-06 -========== - -* :vytask:`T3670` ``(feature): Option to disable HTTP port 80 redirect`` - - -2024-01-05 -========== - -* :vytask:`T3642` ``(feature): PKI configuration`` -* :vytask:`T5894` ``(feature): Extend get_config_dict() with additional parameter with_pki that defaults to False`` - - -2024-01-04 -========== - -* :vytask:`T4072` ``(feature): Feature Request: Firewall on bridge interfaces`` -* :vytask:`T3459` ``(default): Inform the user when unable to install outdated image`` - - -2024-01-03 -========== - -* :vytask:`T5880` ``(bug): verify_source_interface should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces`` -* :vytask:`T5879` ``(bug): tunnel: sourceing from dynamic pppoe0 interface will fail on reboots`` -* :vytask:`T4500` ``(bug): Missing firewall logs`` - - -2024-01-02 -========== - -* :vytask:`T5885` ``(default): image-tools: relax restriction on image-name length from 32 to 64`` - - -2024-01-01 -========== - -* :vytask:`T5883` ``(bug): Preserve file ownership in /config subdirs on add system image`` -* :vytask:`T5474` ``(feature): Establish common file name pattern for XML conf mode commands`` - - -2023-12-30 -========== - -* :vytask:`T5875` ``(bug): login: removing and re-adding a user keeps the home directory but UID will change, thus SSH keys no longer work`` -* :vytask:`T5653` ``(feature): Command to display fingerprint`` - - -2023-12-29 -========== - -* :vytask:`T5829` ``(bug): Can't Add IPv6 Address to Containers`` -* :vytask:`T5852` ``(bug): Reboots fail with eapol WAN interface`` -* :vytask:`T5869` ``(bug): vyos.template.first_host_address() does not honor RFC4291 section 2.6.1`` - - -2023-12-28 -========== - -* :vytask:`T4163` ``(feature): [BMP-BGP] Routing monitoring feature`` -* :vytask:`T5867` ``(feature): Upgrade podman to Debian Trixie version 4.7.x`` -* :vytask:`T5866` ``(feature): Add op-mode command to restart IPv6 RA daemon`` -* :vytask:`T5861` ``(bug): Flavor build system fails with third-party packages`` -* :vytask:`T5854` ``(feature): Extend override-default script to allow embedded defaultValue settings`` -* :vytask:`T5792` ``(default): Upgrade ddclient 3.11.2 release`` - - -2023-12-25 -========== - -* :vytask:`T5855` ``(feature): Migrate "set service lldp snmp enable" -> `set service lldp snmp"`` -* :vytask:`T5837` ``(bug): vyos.configdict.node_changed does not return keys per adding`` -* :vytask:`T5856` ``(bug): SNMP service removal fails`` - - -2023-12-24 -========== - -* :vytask:`T5853` ``(default): Typo interfaces-virtual-ethernet.xml.in`` - - -2023-12-22 -========== - -* :vytask:`T5804` ``(bug): SNAT "any" interface error`` -* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients`` - - -2023-12-21 -========== - -* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected`` -* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config`` -* :vytask:`T5637` ``(bug): Firewall default-action log`` -* :vytask:`T5796` ``(bug): Openconnect - HTTPS security headers are missing`` -* :vytask:`T3580` ``(feature): Refactoring firewall ipv6 rule icmpv6`` -* :vytask:`T2898` ``(feature): Support NDP proxy`` -* :vytask:`T2229` ``(feature): PPPOE Default Queue type selection`` - - -2023-12-20 -========== - -* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary`` -* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend`` - - -2023-12-19 -========== - -* :vytask:`T5828` ``(default): Fix GRUB installation on arm64`` - - -2023-12-18 -========== - -* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use`` -* :vytask:`T5831` ``(feature): show system image should reverse order by addition date`` -* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'`` -* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'`` -* :vytask:`T5819` ``(bug): Don't echo password on install image`` -* :vytask:`T5806` ``(bug): Clear old raid data on new install image`` -* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update`` -* :vytask:`T5758` ``(default): Restore scanning configs when live installing`` - - -2023-12-15 -========== - -* :vytask:`T5824` ``(bug): busybox cannot connect some websites from initramfs`` -* :vytask:`T5803` ``(default): git/github: Adjust configuration for safe and baseline defaults`` - - -2023-12-14 -========== - -* :vytask:`T5773` ``(bug): Unable to load config via HTTP`` -* :vytask:`T5816` ``(bug): BGP Large Community List Validation Broken`` -* :vytask:`T5812` ``(bug): rollback check max revision number does not work`` -* :vytask:`T5749` ``(feature): Show MAC address VRF and MTU by default for "show interfaces"`` -* :vytask:`T5774` ``(bug): commit-archive to FTP server broken after update (VyOS 1.5-rolling)`` -* :vytask:`T5826` ``(default): Add dmicode as an explicit dependency`` -* :vytask:`T5793` ``(default): mdns-repeater: Cleanup avahi-daemon configuration in /etc`` - - -2023-12-13 -========== - -* :vytask:`T591` ``(feature): Support SRv6`` - - -2023-12-12 -========== - -* :vytask:`T4704` ``(feature): Allow to set metric (MED) to rtt with rtt,+rtt or -rtt`` -* :vytask:`T5815` ``(enhancment): Add load_config module`` -* :vytask:`T5413` ``(default): Deny the opportunity to use one public/private key pair on both wireguard peers.`` - - -2023-12-11 -========== - -* :vytask:`T5741` ``(bug): WAN Load Balancing failover route tables aren't created`` - - -2023-12-10 -========== - -* :vytask:`T5658` ``(default): Add VRF support for mtr`` - - -2023-12-09 -========== - -* :vytask:`T5808` ``(bug): op-mode: ipv6 ospfv3 graceful-restart description contains incorrect info`` -* :vytask:`T5802` ``(bug): ping (ip or hostname) interface <tab> produces error`` -* :vytask:`T5747` ``(feature): op-mode add MAC VRF and MTU for show interfaces summary`` -* :vytask:`T3983` ``(bug): show pki certificate Doesnt show x509 certificates`` - - -2023-12-08 -========== - -* :vytask:`T5782` ``(enhancment): Use a single config mode script for https and http-api`` -* :vytask:`T5768` ``(enhancment): Remove auxiliary http-api.conf for simplification of http-api config mode script`` -* :vytask:`T5809` ``(default): Enable GRUB support for gzip compressed kernels`` - - -2023-12-04 -========== - -* :vytask:`T5769` ``(bug): VTI tunnels lose their v6 Link Local addresses when set down/up`` - - -2023-12-03 -========== - -* :vytask:`T5753` ``(feature): Add VXLAN vnifilter support`` -* :vytask:`T5759` ``(feature): Change VXLAN default MTU to 1500 bytes`` - - -2023-11-30 -========== - -* :vytask:`T4601` ``(bug): dhcp : relay agent IP address issue.`` - - -2023-11-28 -========== - -* :vytask:`T4276` ``(bug): IPsec peers dh-group negotiation issue with pfs enabled and multiple proposals configured with IKEv1`` - - -2023-11-27 -========== - -* :vytask:`T5763` ``(bug): Fix imprecise check for remote file name in vyos-load-config.py`` -* :vytask:`T5783` ``(feature): frr: smoketests must notice any daemon crash`` - - -2023-11-26 -========== - -* :vytask:`T5760` ``(feature): DHCP client custom dhcp-options`` -* :vytask:`T2405` ``(feature): archive to GIT or other platform`` - - -2023-11-25 -========== - -* :vytask:`T5655` ``(bug): commit-archive: Ctrl+C should not eror out with stack trace, signal should be cought`` -* :vytask:`T4946` ``(default): Rewrite "add system image" in the new op-mode`` -* :vytask:`T4454` ``(default): `install-image` should check free storage`` - - -2023-11-24 -========== - -* :vytask:`T5776` ``(feature): Enable VFIO support`` -* :vytask:`T5402` ``(bug): VRRP router with rfc3768-compatibility sends multiple ARP replies`` -* :vytask:`T3895` ``(default): VYOS firewall rules do not adhere to time schedule unless placed in UTC mode.`` - - -2023-11-23 -========== - -* :vytask:`T4891` ``(bug): BFD flapping loop`` -* :vytask:`T4867` ``(bug): "show bgp neighbors ... advertised-routes" and some other commands fail for IPv4 neighbors`` - - -2023-11-22 -========== - -* :vytask:`T5767` ``(feature): Add reboot and poweroff the system via API`` -* :vytask:`T5729` ``(bug): Firewall, nat and policy route - Switch to valueless`` -* :vytask:`T5681` ``(feature): Interface match - Simplified and unified cli`` -* :vytask:`T4877` ``(bug): Need verification in using import vrf and import vpn, export vpn commands`` -* :vytask:`T4021` ``(bug): Long commit time on bridge interface with 1-4094 allowed VLAN tags`` -* :vytask:`T5338` ``(feature): Add 'mpls bgp forwarding' feature`` -* :vytask:`T3818` ``(bug): BGP export route-map only works after bgpd restart`` -* :vytask:`T5590` ``(default): Firewall "log enable" logs every packet`` -* :vytask:`T5426` ``(default): Add exceptions in vici functions calls`` - - -2023-11-21 -========== - -* :vytask:`T5762` ``(bug): http: api: smoketests fail as they can not establish IPv6 connection to uvicorn backend server`` - - -2023-11-20 -========== - -* :vytask:`T2816` ``(default): Rewrite IPsec scripts with the new XML/Python approach`` - - -2023-11-18 -========== - -* :vytask:`T1354` ``(feature): Add support for VLAN-Aware bridges`` - - -2023-11-16 -========== - -* :vytask:`T5726` ``(bug): HTTPS API image cannot be updated`` -* :vytask:`T5738` ``(feature): Extend XML building blocks`` -* :vytask:`T5736` ``(feature): igmp: migrate "protocols igmp" to "protocols pim"`` -* :vytask:`T5733` ``(feature): pim(6): rewrite FRR PIM daemon configuration to get_config_dict() and add missing IGMP features`` -* :vytask:`T5689` ``(default): FRR 9.0.1 in VyOS current segfaults on show rpki prefix $prefix`` -* :vytask:`T5595` ``(feature): Multicast - PIM bfd feature enable`` -* :vytask:`T3638` ``(bug): Passwords With Dollar Sign Set Incorrectly`` - - -2023-11-15 -========== - -* :vytask:`T5695` ``(feature): Build FRR with LUA scripts --enable-scripting option`` -* :vytask:`T5665` ``(bug): radius user not working`` -* :vytask:`T5728` ``(bug): Improve compatibility between OpenVPN on VyOS 1.5 and OpenVPN Connect Client`` -* :vytask:`T5732` ``(bug): generate firewall rule-resequence drops geoip country-code from output`` -* :vytask:`T5661` ``(enhancment): Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection`` -* :vytask:`T1276` ``(bug): dhcp relay + VLAN fails`` - - -2023-11-13 -========== - -* :vytask:`T5698` ``(feature): EVPN ESI Multihoming`` -* :vytask:`T5563` ``(bug): container: Container environment variable cannot be set`` -* :vytask:`T5706` ``(bug): Systemd-udevd high CPU utilization for multiple dynamic ppp/l2tp/ipoe interfaces`` - - -2023-11-10 -========== - -* :vytask:`T5727` ``(bug): validator: Use native URL validator instead of regex-based validator`` - - -2023-11-08 -========== - -* :vytask:`T5720` ``(bug): PPPoE-server adding new interface does not work`` -* :vytask:`T5716` ``(bug): PPPoE-server shaper template bug down-limiter option does not rely on fwmark`` -* :vytask:`T5702` ``(feature): Add ability to set include_ifmib_iface_prefix and ifmib_max_num_ifaces for SNMP`` -* :vytask:`T5648` ``(bug): ldpd neighbour template errors`` -* :vytask:`T5564` ``(bug): Both show firewall group and show firewall summary fails`` -* :vytask:`T5559` ``(feature): Selective proxy-arp/proxy-ndp when doing SNAT/DNAT`` -* :vytask:`T5541` ``(bug): Zone-Based Firewalling in VyOS Sagitta 1.4`` -* :vytask:`T5513` ``(bug): Anomalies in show firewall command after refactoring`` -* :vytask:`T4864` ``(bug): `show firewall` command errors`` - - -2023-11-07 -========== - -* :vytask:`T5586` ``(feature): Disable by default SNMP for Keepalived VRRP`` - - -2023-11-06 -========== - -* :vytask:`T5705` ``(bug): rsyslog - Not working when using facility=all`` -* :vytask:`T5704` ``(feature): PPPoE-server add max-starting option`` -* :vytask:`T5707` ``(bug): Wireguard peer public key update leaves redundant peers and breaks connectivity`` -* :vytask:`T4269` ``(feature): node.def generator should automatically add default values`` - - -2023-11-05 -========== - -* :vytask:`T4020` ``(feature): Add ability to control FRR daemons options`` - - -2023-11-03 -========== - -* :vytask:`T5700` ``(bug): Monitoring telegraf deprecated plugins inputs outputs`` -* :vytask:`T5018` ``(bug): Redirect to IFB removed after change in qos policy`` - - -2023-11-02 -========== - -* :vytask:`T5701` ``(feature): Update telegraf package`` - - -2023-11-01 -========== - -* :vytask:`T5690` ``(bug): Change to definition of environment variable 'vyos_rootfs_dir' is incorrect`` - - -2023-10-31 -========== - -* :vytask:`T5699` ``(feature): vxlan: migrate "external" CLI know to "parameters external"`` -* :vytask:`T5668` ``(feature): Disable VXLAN bridge learning and enable neigh_suppress when using EVPN`` - - -2023-10-27 -========== - -* :vytask:`T5652` ``(bug): Config migrate to image upgrade does not properly generate home directory`` -* :vytask:`T4057` ``(bug): Commit time for deleting sflow configuration ~1.5 min`` - - -2023-10-26 -========== - -* :vytask:`T5683` ``(bug): reverse-proxy pki filenames mismatch`` -* :vytask:`T4903` ``(bug): conntrack ignore does not suppotr IPv6 addresses`` -* :vytask:`T4309` ``(feature): Support network/address-groups and ipv6-network/ipv6-address-groups in conntrack ignore`` -* :vytask:`T5606` ``(feature): IPSec VPN: Allow multiple CAs certificates`` -* :vytask:`T5650` ``(default): Progressbars suffer from staircasing effect`` -* :vytask:`T5568` ``(default): Install image from live ISO always defaults boot to KVM entry`` -* :vytask:`T3509` ``(default): No BCP38 for IPv6 on VyOS`` - - -2023-10-23 -========== - -* :vytask:`T5299` ``(bug): QoS shaper ceiling does not work`` -* :vytask:`T5667` ``(feature): BGP label-unicast - enable ecmp`` -* :vytask:`T5337` ``(bug): MPLS/BGP: Route leak does not happen from the VPNv4 table to specific vrf`` - - -2023-10-22 -========== - -* :vytask:`T5254` ``(bug): Modification of any interface setting sets MTU back to default when MTU has been inherited from a bond`` -* :vytask:`T5671` ``(feature): vxlan: change port to IANA assigned default port`` - - -2023-10-21 -========== - -* :vytask:`T5670` ``(bug): bridge: missing member interface validator`` -* :vytask:`T5617` ``(feature): Add an option to exclude single values to the numeric validator`` -* :vytask:`T5414` ``(bug): dhcp-server does not allow valid bootfile-names`` -* :vytask:`T5261` ``(feature): Add AWS gateway load-balanceing tunnel handler (gwlbtun)`` -* :vytask:`T5260` ``(bug): Python3 module crypt is deprecated`` -* :vytask:`T5191` ``(default): Replace underscores with hyphens in command-line options generated by vyos.opmode`` -* :vytask:`T5172` ``(default): Set Python3 version dependency for vyos-1x to 3.10`` -* :vytask:`T4956` ``(default): 'show hardware cpu' issue on arm64`` -* :vytask:`T4837` ``(default): Expose "show ip route summary" in the op mode API`` -* :vytask:`T4770` ``(feature): Rewrite OpenVPN op-mode to vyos.opmode format`` -* :vytask:`T4657` ``(bug): op-mode scripts with type hints in `return` do not work`` -* :vytask:`T4604` ``(bug): bgpd eats huge amount of memory (about 500Megs a day)`` -* :vytask:`T4432` ``(default): Display load average normalized according to the number of CPU cores`` -* :vytask:`T4416` ``(default): Convert 'traceroute' operation to the new syntax and expand available options using python`` -* :vytask:`T4402` ``(bug): OpenVPN client-ip-pool option is broken`` -* :vytask:`T3433` ``(default): A review of the use of racist language in VyOS`` -* :vytask:`T2719` ``(feature): Standardized op mode script structure`` - - -2023-10-20 -========== - -* :vytask:`T5233` ``(bug): Op-mode flow-accounting netflow with disable-imt errors`` -* :vytask:`T5232` ``(bug): Flow-accounting uacctd.service cannot restart correctly`` - - -2023-10-19 -========== - -* :vytask:`T4913` ``(default): Rewrite the wireless op mode in the new style`` - - -2023-10-18 -========== - -* :vytask:`T5642` ``(bug): op cmd: generate tech-support archive: does not work`` -* :vytask:`T5521` ``(bug): Home owner directory changed to vyos for the user after reboot`` - - -2023-10-17 -========== - -* :vytask:`T5662` ``(bug): Fix indexing error in configdep script organization`` -* :vytask:`T5235` ``(bug): SSH keys with special characters cannot be applied via Cloud-init`` - - -2023-10-16 -========== - -* :vytask:`T5165` ``(feature): Policy local-route ability set protocol and port`` - - -2023-10-14 -========== - -* :vytask:`T5629` ``(bug): Policy local-route bug after migration to destination node address`` - - -2023-10-13 -========== - -* :vytask:`T5227` ``(feature): mDNS reflector should allow additional domains to browse and allow filtering services`` -* :vytask:`T5166` ``(feature): Remove local minisign package from build repo for 1.4`` -* :vytask:`T5118` ``(bug): Cleanup vestigial ntp completion script`` -* :vytask:`T5115` ``(default): Support custom port for name servers for forwarding zones`` -* :vytask:`T5113` ``(default): PDNS: Support custom port for DNS forwarders`` -* :vytask:`T5112` ``(feature): Enable support for Network Time Security (NTS) for chrony`` -* :vytask:`T5143` ``(enhancment): Apply constraint on powerdns forward-zones configuration`` - - -2023-10-12 -========== - -* :vytask:`T5649` ``(bug): vyos-1x should generate XML cache after building command templates for less cryptic error on typo`` - - -2023-10-10 -========== - -* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option`` -* :vytask:`T5479` ``(bug): Helper leftovers found in nftables (firewall) even with all helpers disabled`` -* :vytask:`T5436` ``(bug): vyos-preconfig-bootup.script is missing`` -* :vytask:`T5014` ``(feature): Destination NAT - Add Load Balancing capabilities`` - - -2023-10-08 -========== - -* :vytask:`T5630` ``(feature): pppoe: allow to specify MRU in addition to already configurable MTU`` - - -2023-10-06 -========== - -* :vytask:`T5096` ``(feature): Change 'accept' firewall rule action from 'return' to 'accept'`` -* :vytask:`T5576` ``(feature): Add bgp remove-private-as all option`` -* :vytask:`T3506` ``(default): Migrate loadkey command to op-mode`` - - -2023-10-05 -========== - -* :vytask:`T4320` ``(default): Remove legacy version files in vyatta-cfg-system/cfg-version`` - - -2023-10-04 -========== - -* :vytask:`T5632` ``(feature): Add jq package to parse JSON files`` -* :vytask:`T3655` ``(bug): NAT Problem with VRF`` -* :vytask:`T5585` ``(bug): Fix file access mode for dynamic dns configuration`` - - -2023-10-03 -========== - -* :vytask:`T5618` ``(bug): Flow-accounting crushes when IMT is enabled`` -* :vytask:`T5561` ``(feature): NAT - Inbound or outbound interface should not be mandatory`` -* :vytask:`T5553` ``(feature): Firewall - Add action continue`` -* :vytask:`T5250` ``(bug): Firewall - show firewall group`` -* :vytask:`T4383` ``(bug): Flow Accounting returns permission error and fails to start`` -* :vytask:`T5626` ``(feature): Only select required Kernel CGROUP controllers`` -* :vytask:`T5628` ``(feature): op-mode: login: DeprecationWarning: 'spwd'`` - - -2023-10-01 -========== - -* :vytask:`T936` ``(feature): Reimplementation of tech-support diagnostic file generation`` - - -2023-09-30 -========== - -* :vytask:`T5048` ``(bug): QoS doesn't work correctly root task`` -* :vytask:`T4989` ``(bug): QoS Policy Limiter - classes for marked traffic do not work`` - - -2023-09-28 -========== - -* :vytask:`T5596` ``(feature): bgp: add new features from FRR 9`` -* :vytask:`T5412` ``(feature): Add support for extending config-mode dependencies in supplemental package`` - - -2023-09-26 -========== - -* :vytask:`T5480` ``(bug): Ability to disable SNMP for VRRP keepalived service`` - - -2023-09-25 -========== - -* :vytask:`T5533` ``(bug): Keepalived VRRP IPv6 group enters in FAULT state`` - - -2023-09-24 -========== - -* :vytask:`T5511` ``(feature): Cleanup of unused directories (and files) in order to shrink image-size`` - - -2023-09-23 -========== - -* :vytask:`T5518` ``(default): Add MLD protocol support`` - - -2023-09-22 -========== - -* :vytask:`T5602` ``(feature): For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration`` -* :vytask:`T5609` ``(enhancment): Add util to get drive device name from id`` -* :vytask:`T5608` ``(enhancment): Rewrite add/delete raid member to Python and remove from vyatta-op`` -* :vytask:`T5607` ``(bug): Adjust RAID smoketest for non-deterministic SCSI device probing`` - - -2023-09-20 -========== - -* :vytask:`T5588` ``(bug): Add kernel conntrack_bridge module`` -* :vytask:`T5271` ``(default): Add support for peer-fingerprint to OpenVPN`` -* :vytask:`T5241` ``(feature): Support veth interfaces to working with netns`` -* :vytask:`T5238` ``(default): interface virtual-etherne - error when it doesn't use a peer`` -* :vytask:`T5592` ``(feature): salt: upgrade minion to 3005.2`` - - -2023-09-19 -========== - -* :vytask:`T5597` ``(feature): isis: add new features from FRR 9.`` -* :vytask:`T4284` ``(feature): QoS: rewrite to XML and Python`` - - -2023-09-18 -========== - -* :vytask:`T5419` ``(feature): Software/Hardware fastpath with nftables flowtable`` - - -2023-09-15 -========== - -* :vytask:`T5581` ``(feature): Add "show ip nht" op-mode command (IPv4 nexthop tracking table)`` - - -2023-09-11 -========== - -* :vytask:`T5567` ``(bug): vyos-1x: webproxy: maximum-object-size allowed ranges not in sync with Equuleus`` -* :vytask:`T5551` ``(bug): Missing check for boot_configuration_complete raises error in vyos-save-config.py`` -* :vytask:`T5353` ``(bug): config-mgmt: normalize archive updates and commit log entries`` -* :vytask:`T3424` ``(default): PPPoE IA-PD doesn't work in VRF`` -* :vytask:`T2773` ``(feature): EIGRP support for VRF`` - - -2023-09-10 -========== - -* :vytask:`T5565` ``(bug): Builds as vyos-999-timestamp instead of vyos-1.4-rolling-timestamp`` -* :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)`` -* :vytask:`T5529` ``(bug): Missing symbolic link in linux-firmware package.`` - - -2023-09-09 -========== - -* :vytask:`T5540` ``(bug): vyos-1x: Wrong VHT configuration for WiFi 802.11ac`` -* :vytask:`T5423` ``(bug): ipsec: no output for op-cmd "show vpn ike secrets"`` -* :vytask:`T3700` ``(feature): Support VLAN tunnel mapping of VLAN aware bridges`` - - -2023-09-08 -========== - -* :vytask:`T5502` ``(bug): Firewall - wrong parser for inbound and/or outbound interface`` -* :vytask:`T5460` ``(feature): Firewall - remove config-trap`` -* :vytask:`T5450` ``(feature): Firewall interface group - Allow inverted matcher`` -* :vytask:`T4426` ``(default): Add arpwatch to the image`` -* :vytask:`T4356` ``(bug): DHCP v6 client only supports single interface configuration`` - - -2023-09-07 -========== - -* :vytask:`T5510` ``(feature): Shrink imagesize and improve read performance by changing mksquashfs syntax`` - - -2023-09-06 -========== - -* :vytask:`T5542` ``(bug): ipoe-server: external-dhcp(dhcp-relay) not woking / not implemented`` -* :vytask:`T5548` ``(bug): HAProxy renders timeouts incorrectly`` -* :vytask:`T5544` ``(feature): Allow CAP_SYS_MODULE to be set on containers`` - - -2023-09-05 -========== - -* :vytask:`T5524` ``(feature): Add config directory to liveCD`` -* :vytask:`T5519` ``(bug): Function `call` sometimes hangs`` -* :vytask:`T5508` ``(bug): Configuration Migration Fails to New Netfilter Firewall Syntax`` -* :vytask:`T5495` ``(feature): Enable snmp module also for frr/ldpd`` -* :vytask:`T2958` ``(bug): DHCP server doesn't work from a live CD`` -* :vytask:`T5428` ``(bug): dhcp: client renewal fails when running inside VRF`` - - -2023-09-04 -========== - -* :vytask:`T5536` ``(bug): show dhcp client leases caues No module named 'vyos.validate'`` -* :vytask:`T5506` ``(bug): Container bridge interfaces do not have a link-local address`` - - -2023-09-03 -========== - -* :vytask:`T5538` ``(bug): Change order within variable lb_config_tmpl to fit order of manpage and fix some typos`` -* :vytask:`T4612` ``(feature): Support arbitrary netmasks in firewall rules`` - - -2023-08-31 -========== - -* :vytask:`T5190` ``(feature): Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0`` -* :vytask:`T4895` ``(bug): Tag nodes are overwritten when configured by Cloud-Init from User-Data`` -* :vytask:`T4776` ``(bug): NVME storage is not detected properly during installation`` -* :vytask:`T5531` ``(feature): Containers add label option`` -* :vytask:`T5525` ``(default): Change dev.packages.vyos.net repo to rolling-packages.vyos.net vyos-build:current uses`` - - -2023-08-30 -========== - -* :vytask:`T4933` ``(default): Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error`` -* :vytask:`T4790` ``(bug): RADIUS login does not work if sum of timeouts more than 50s`` -* :vytask:`T4113` ``(bug): Incorrect GRUB configuration parsing`` -* :vytask:`T5520` ``(bug): Likely source of corruption on system update exposed by change in coreutils for Bookworm`` -* :vytask:`T4151` ``(feature): IPV6 local PBR Support`` -* :vytask:`T4485` ``(default): OpenVPN: Allow multiple CAs certificates`` - - -2023-08-29 -========== - -* :vytask:`T3940` ``(bug): DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook`` -* :vytask:`T3713` ``(default): Create a meta-package for user utilities`` -* :vytask:`T3339` ``(bug): Cloud-Init domain search setting not applied`` -* :vytask:`T3577` ``(bug): Generating vpn x509 key pair fails with command not found`` - - -2023-08-28 -========== - -* :vytask:`T4745` ``(bug): CLI TAB issue with values with '-' at the beginning in conf mode`` -* :vytask:`T5472` ``(bug): NAT redirect should not require port`` - - -2023-08-27 -========== - -* :vytask:`T4759` ``(bug): domain-group on policy route not working`` -* :vytask:`T1097` ``(feature): Make firewall groups work everywhere that's appropropriate`` - - -2023-08-26 -========== - -* :vytask:`T5039` ``(bug): Can't add new local user`` -* :vytask:`T5023` ``(bug): PKI commit fails to update dependents`` -* :vytask:`T4512` ``(feature): enable-default-log on zone-policy`` -* :vytask:`T5003` ``(default): Upgrade base system to Debian 12 "Bookworm"`` - - -2023-08-25 -========== - -* :vytask:`T5468` ``(feature): Remove unused manpages to free up space`` -* :vytask:`T5463` ``(feature): Containers allow publish IPv6 address port`` -* :vytask:`T4412` ``(bug): commit archive: reboot not working with sftp`` -* :vytask:`T3702` ``(feature): Policy: Allow routing by fwmark`` -* :vytask:`T3536` ``(default): Unable to list all available routes`` - - -2023-08-24 -========== - -* :vytask:`T5448` ``(feature): Add service zabbix-agent`` -* :vytask:`T5006` ``(bug): Http api segfault with concurrent requests`` -* :vytask:`T5505` ``(feature): system: zebra route-map is not removed from FRR`` -* :vytask:`T5305` ``(bug): REST API configure operation should not be defined as async`` -* :vytask:`T4292` ``(feature): Rewrite vyatta-save-config.pl to Python`` - - -2023-08-23 -========== - -* :vytask:`T5478` ``(bug): Cannot configure resolver-cache options for firewall`` -* :vytask:`T5466` ``(feature): L3VPN - label allocation mode`` -* :vytask:`T5453` ``(bug): Fix nat66 - broken after load-balance was introduced in nat`` -* :vytask:`T5446` ``(bug): bgp: validity check for bestpath med option`` -* :vytask:`T5500` ``(feature): Minor fixes to configtree render`` -* :vytask:`T5469` ``(default): Incorrect dependency set in the openvpn-dco package when building VyOS for arm64`` -* :vytask:`T5387` ``(feature): dhcp6c: add a no release option`` -* :vytask:`T5491` ``(feature): Hostapd - AP-Mode - allow white-/blacklisting of Clients`` -* :vytask:`T4889` ``(default): Add nftables NAT REDIRECT [to localhost] to CLI`` - - -2023-08-22 -========== - -* :vytask:`T5407` ``(bug): Static routes pointed to container networks fail to persist after reboot`` - - -2023-08-20 -========== - -* :vytask:`T5470` ``(bug): wlan: can not disable interface if SSID is not configured`` - - -2023-08-18 -========== - -* :vytask:`T5488` ``(bug): System conntrack ignore does not take any effect`` - - -2023-08-17 -========== - -* :vytask:`T4202` ``(bug): NFT: Zone policies fail to apply when "l2tp+" is in the interface list`` -* :vytask:`T5409` ``(feature): Add 'set interfaces wireguard wgX threaded'`` -* :vytask:`T5476` ``(feature): netplug: replace Perl helper scripts with a Python equivalent`` -* :vytask:`T5223` ``(bug): tunnel key doesn't clear`` -* :vytask:`T5490` ``(feature): login: add missing regex for home direcotry and radius server key`` - - -2023-08-16 -========== - -* :vytask:`T5483` ``(bug): Residual dhcp-server test file causing zabbix-agent smoketest to fail`` - - -2023-08-15 -========== - -* :vytask:`T5293` ``(feature): Support for Floating Rules (Global Firewall-Rules that are automatically applied before all other Zone Rules)`` -* :vytask:`T5273` ``(default): Add op mode commands for displaying certificate details and fingerprints`` -* :vytask:`T5270` ``(default): Make OpenVPN `tls dh-params` optional`` - - -2023-08-14 -========== - -* :vytask:`T5477` ``(bug): op-mode pki.py should use Config for defaults`` -* :vytask:`T5461` ``(feature): Improve rootfs directory variable`` -* :vytask:`T5457` ``(feature): Add environmental variable pointing to current rootfs directory`` -* :vytask:`T5440` ``(bug): Restore pre/postconfig scripts if user deleted them`` - - -2023-08-12 -========== - -* :vytask:`T5467` ``(bug): ospf(v3): removing an interface from the OSPF process does not clear FRR configuration`` - - -2023-08-11 -========== - -* :vytask:`T5465` ``(feature): adjust-mss: config migration fails if applied to a VLAN or Q-in-Q interface`` -* :vytask:`T2665` ``(bug): vyos.xml.defaults for tag nodes`` -* :vytask:`T5434` ``(enhancment): Replace remaining calls of vyos.xml library`` -* :vytask:`T5319` ``(enhancment): Remove remaining workarounds for incorrect defaults`` -* :vytask:`T5464` ``(feature): ipv6: add support for per-interface dad (duplicate address detection) setting`` - - -2023-08-10 -========== - -* :vytask:`T5416` ``(bug): Ignoring "ipsec match-none" for firewall`` -* :vytask:`T5329` ``(bug): Wireguard interface as GRE tunnel source causes configuration error on boot`` - - -2023-08-09 -========== - -* :vytask:`T5452` ``(bug): Uncaught error in generate_cache during vyos-1x build`` -* :vytask:`T5443` ``(enhancment): Add merge_defaults as Config method`` -* :vytask:`T5435` ``(enhancment): Expose utility function for default values at path`` - - -2023-08-07 -========== - -* :vytask:`T5406` ``(bug): "update webproxy blacklists" fails when vrf is being configured`` -* :vytask:`T5302` ``(bug): QoS class with multiple matches generates one filter rule but expects several rules`` -* :vytask:`T5266` ``(bug): QoS- HTB error when match with a dscp parameter for queue-type 'priority'`` -* :vytask:`T5071` ``(bug): QOS-Rewrite: DSCP match missing`` - - -2023-08-06 -========== - -* :vytask:`T5420` ``(feature): nftables - upgrade to latest 1.0.8`` -* :vytask:`T5445` ``(feature): dyndns: add possibility to specify update interval (timeout)`` - - -2023-08-05 -========== - -* :vytask:`T5291` ``(bug): vyatta-cfg-cmd-wrapper missing ${vyos_libexec_dir} variable`` -* :vytask:`T5290` ``(bug): Failing commits for SR-IOV interfaces using ixgbevf driver due to change speed/duplex settings`` -* :vytask:`T5439` ``(bug): Upgrade to FRR version 9.0 added new daemons which must be adjusted`` - - -2023-08-04 -========== - -* :vytask:`T5427` ``(bug): Change migration script len arguments checking`` - - -2023-08-03 -========== - -* :vytask:`T5301` ``(bug): NTP: chrony only allows one bind address`` -* :vytask:`T5154` ``(bug): Chrony - multiple listen addresses`` - - -2023-08-02 -========== - -* :vytask:`T5374` ``(feature): Ability to set 24-hour time format`` -* :vytask:`T5350` ``(bug): Confusing warning message when committing VRRP config`` -* :vytask:`T5430` ``(bug): bridge: vxlan interfaces are not listed as bridgable in completion helpers`` -* :vytask:`T5429` ``(bug): vxlan: source-interface is not honored and throws config error`` -* :vytask:`T5415` ``(feature): Upgrade FRR to version 9.0`` -* :vytask:`T5422` ``(feature): Support LXD Agent`` - - -2023-08-01 -========== - -* :vytask:`T5399` ``(bug): "show ntp" fails when vrf is being configured`` -* :vytask:`T5346` ``(bug): MPLS sysctl not persistent for L2TP interfaces`` -* :vytask:`T5343` ``(feature): BGP peer group VPNv4 & VPNv6 Address Family Support`` -* :vytask:`T5339` ``(feature): Geneve interface - option to use IPv4 as inner protocol`` -* :vytask:`T5335` ``(bug): ISIS: error when loading config from file`` - - -2023-07-31 -========== - -* :vytask:`T5421` ``(feature): Add arg to completion helper 'list_interfaces' to filter out vlan subinterfaces`` - - -2023-07-29 -========== - -* :vytask:`T5403` ``(feature): Add support for extending xml cache`` - - -2023-07-28 -========== - -* :vytask:`T4602` ``(bug): DHCP `ping-check` enabled by default`` -* :vytask:`T5411` ``(feature): Remove old background monitoring implementation`` -* :vytask:`T5317` ``(enhancment): configtree: remove mutable references`` -* :vytask:`T5316` ``(enhancment): configtree: use a single pass of the diff algorithm`` - - -2023-07-27 -========== - -* :vytask:`T5368` ``(feature): FastNetmon service ids ddos-protection add support sflow mode`` - - -2023-07-26 -========== - -* :vytask:`T5398` ``(bug): FRR mangles container network interface names`` -* :vytask:`T5365` ``(bug): Container systemd units require authentication`` -* :vytask:`T4974` ``(feature): OpenVPN- Data Channel Offload(DCO)`` - - -2023-07-25 -========== - -* :vytask:`T5377` ``(feature): ospf: add graceful restart FRR feature (RFC 3623)`` - - -2023-07-21 -========== - -* :vytask:`T5373` ``(bug): LLDP seems to be running even if its disabled on all interfaces`` -* :vytask:`T5328` ``(default): bgp: Incorrect warning showed for address-family configured with neighbor as interface`` -* :vytask:`T5363` ``(bug): Bash history file does not exists after reboot and ony other file in home directory`` -* :vytask:`T5385` ``(bug): reference_tree: catch parse error on non-transcluded files`` -* :vytask:`T5361` ``(bug): "monitor log" behaves like "show log"`` - - -2023-07-20 -========== - -* :vytask:`T5362` ``(bug): `set high-availability vrrp global-parameters version 3` seems to have no effect`` -* :vytask:`T5355` ``(bug): IPSec: OP cmd : "show vpn ike sa" does not show output`` -* :vytask:`T5330` ``(enhancment): Keep track of source of config dict value when merging defaults`` -* :vytask:`T4497` ``(feature): ping cannot force ipv4 or ipv6`` -* :vytask:`T4288` ``(bug): IPsec tunnel will break when ESP timeout`` - - -2023-07-19 -========== - -* :vytask:`T5340` ``(bug): SNMP and VRF`` -* :vytask:`T5059` ``(feature): add 'disable' option to DHCP relay config`` - - -2023-07-17 -========== - -* :vytask:`T2051` ``(bug): Throughput anomalies`` - - -2023-07-16 -========== - -* :vytask:`T141` ``(feature): TACACS+ Support`` - - -2023-07-15 -========== - -* :vytask:`T5341` ``(feature): Improve CLI for high-availability virtual-server to work with multiple ports`` - - -2023-07-14 -========== - -* :vytask:`T5358` ``(bug): 99-ipsec-dhclient-hook prevents DHCP stateless routes from being installed in VRF table`` -* :vytask:`T4376` ``(bug): DNAT with multiwan and policy routing, incoming connections only work on primary interface`` -* :vytask:`T305` ``(default): loadbalancing does not work with one pppoe connection and another connection of either dhcp or static`` - - -2023-07-13 -========== - -* :vytask:`T4713` ``(bug): vyos@vyos:~$ show nat destination rules | doesn't work`` -* :vytask:`T2315` ``(feature): Ability to have right address-family for BGP peers.`` - - -2023-07-12 -========== - -* :vytask:`T5347` ``(bug): Compare commit revision bug`` -* :vytask:`T5161` ``(default): BFD Static Route Monitoring`` -* :vytask:`T5105` ``(bug): DHCP Server - Wrong error message`` -* :vytask:`T4927` ``(bug): Need to change restart to reload-or-restart in Webproxy module`` -* :vytask:`T3835` ``(bug): vyos router 1.2.7 snmp Dos bug`` -* :vytask:`T5352` ``(default): Fix missing dependency for netavark`` -* :vytask:`T4959` ``(feature): Add container registry authentication config for containers`` - - -2023-07-11 -========== - -* :vytask:`T5314` ``(bug): QOS Default classes are not configured with correct qdisc`` -* :vytask:`T4862` ``(bug): webproxy domain-block does not work`` -* :vytask:`T4844` ``(bug): Incorrect permissions of the safeguard DB directory`` -* :vytask:`T4815` ``(bug): Fix various name server config issues`` -* :vytask:`T4810` ``(bug): Op-mode show/monitor log pppoe interface does not show any logs`` -* :vytask:`T4758` ``(feature): Rewrite show dhcp server to vyos.opmode format`` -* :vytask:`T4262` ``(bug): install image doesn't respect chosen root partition size`` -* :vytask:`T3810` ``(bug): webproxy squidguard rules don't work properly after rewriting to python.`` -* :vytask:`T1928` ``(bug): Is the 'Welcome to VyOS' message when using SSH an information leak?`` -* :vytask:`T1877` ``(default): Feature Request: Allow NAT to use network and address groups`` -* :vytask:`T4813` ``(feature): L3VPN over GRE Tunnels`` -* :vytask:`T4943` ``(bug): Radius SSH login displays "permission denied" on 1.4 rolling release`` -* :vytask:`T4542` ``(default): route-map: "match prefix-len" incorrect behavior`` -* :vytask:`T4392` ``(default): Multiline login banner text reports error on commit`` - - -2023-07-10 -========== - -* :vytask:`T5345` ``(bug): Error incorrectly raised in revised multi_to_list when tag node value name == tag node name`` -* :vytask:`T3578` ``(bug): Prefix-List(6) update cause empty prefix-list(6)`` -* :vytask:`T762` ``(feature): Include rulseset in firewall`` - - -2023-07-06 -========== - -* :vytask:`T5336` ``(feature): Add Swedish keyboard-layout`` - - -2023-07-04 -========== - -* :vytask:`T5333` ``(bug): Policy base routing PBR generetes incorrect rules with name POSTROUTING`` -* :vytask:`T5081` ``(feature): ISIS and OSPF syncronization with IGP-LDP sync`` - - -2023-07-03 -========== - -* :vytask:`T5295` ``(bug): QoS shaper incorrect rate limit the traffic`` -* :vytask:`T5334` ``(feature): ospf: add support for External Route Summarisation Type-5 and Type-7`` - - -2023-07-02 -========== - -* :vytask:`T5332` ``(bug): Show policy route not working when no interface is configured`` - - -2023-07-01 -========== - -* :vytask:`T5304` ``(feature): Containers add bind-propagation option rshared`` -* :vytask:`T5296` ``(bug): QoS class cannot calculate correctly the default bandwidth auto`` -* :vytask:`T5210` ``(bug): IPSec cosmetic bug for Warning vti inrerface`` -* :vytask:`T5277` ``(bug): Dhcpv6-relay does not start on boot`` - - -2023-06-30 -========== - -* :vytask:`T5315` ``(feature): vrrp: add support for version 3`` -* :vytask:`T5283` ``(bug): IPoE server assigns network address`` -* :vytask:`T5313` ``(bug): UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned`` - - -2023-06-29 -========== - -* :vytask:`T5320` ``(enhancment): Add warning when entering config mode after a boot configuration error`` - - -2023-06-28 -========== - -* :vytask:`T1237` ``(feature): Static Route Path Monitoring, failover`` - - -2023-06-26 -========== - -* :vytask:`T5159` ``(bug): DHCPv6-server leases op-command shows warning message even if configured`` - - -2023-06-25 -========== - -* :vytask:`T5240` ``(bug): Service router-advert failed to start radvd with more then 3 name-servers`` -* :vytask:`T5312` ``(bug): Nonescaped special character in help text`` - - -2023-06-24 -========== - -* :vytask:`T5303` ``(bug): Rsyslog.service is not working`` -* :vytask:`T5298` ``(bug): Add RFKILL support into kernel.`` -* :vytask:`T5308` ``(enhancment): Remove workarounds for incorrect defaults in get_interface_dict`` -* :vytask:`T5228` ``(enhancment): Simplify get_config_dict and add argument with_defaults`` -* :vytask:`T5310` ``(bug): Need some help troubleshooting NIC detection.`` - - -2023-06-22 -========== - -* :vytask:`T5297` ``(default): Utility function to check if config under node has been changed between revisions`` - - -2023-06-20 -========== - -* :vytask:`T5300` ``(bug): verification of port availability can return false negative on boot`` -* :vytask:`T5248` ``(feature): Ability to load config via API in JSON format`` - - -2023-06-19 -========== - -* :vytask:`T5281` ``(feature): Add kernel options for vhost-net`` -* :vytask:`T5072` ``(default): QOS-Rewrite: protocol name used literally`` -* :vytask:`T4969` ``(bug): QoS Policy - Unable to set class match mark number`` - - -2023-06-18 -========== - -* :vytask:`T5256` ``(bug): QoS expects protocol number but not protocol name`` - - -2023-06-13 -========== - -* :vytask:`T5258` ``(bug): git Actions use ubuntu-22.04 instead of deprecated ubuntu-18.04 for PR conflicts checker`` -* :vytask:`T5222` ``(feature): Add load-balancing reverse-proxy based on haproxy`` -* :vytask:`T5213` ``(feature): Accel-ppp sending accounting interim updates acct-interim-interval option`` -* :vytask:`T5171` ``(feature): Use XML for conf-mode "load-balancing wan" instead of legacy templates`` - - -2023-06-12 -========== - -* :vytask:`T5282` ``(bug): Poweroff now does not work`` -* :vytask:`T5264` ``(feature): Add Mellanox Technologies firmware flash module mlxfw to kernel`` -* :vytask:`T5286` ``(feature): Remove XDP support`` - - -2023-06-10 -========== - -* :vytask:`T5231` ``(feature): Add op-mode for load-balancing reverse-proxy`` - - -2023-06-09 -========== - -* :vytask:`T5253` ``(bug): MPLS config removed at boot when wireguard interfaces present`` - - -2023-06-05 -========== - -* :vytask:`T5259` ``(bug): Openconnect cannot pass migration 1-to-2`` - - -2023-06-02 -========== - -* :vytask:`T5252` ``(bug): Route distinguisher and route targets changing upon adding interface to new VRF`` -* :vytask:`T5251` ``(bug): Uncaught errors for functions delete/delete_value in Python module configtree.py`` - - -2023-06-01 -========== - -* :vytask:`T5127` ``(bug): VPNv4/VPNv6 routes are not reinstalled following link flap`` - - -2023-05-28 -========== - -* :vytask:`T5244` ``(feature): dropbear: update to 2022.83`` -* :vytask:`T5242` ``(feature): interfaces: smoketest: automatically detect "capabilities"`` -* :vytask:`T5234` ``(feature): Add bash identifier for given VRF instance`` - - -2023-05-25 -========== - -* :vytask:`T5237` ``(feature): interfaces virtual-ethernet - Extend capabilitys of Vlans/QinQ`` -* :vytask:`T4686` ``(feature): Provides support for veth`` - - -2023-05-24 -========== - -* :vytask:`T4605` ``(feature): Firewall change default table names`` -* :vytask:`T4550` ``(feature): router-advert: Add deprecate-prefix & decrement-lifetimes options`` - - -2023-05-23 -========== - -* :vytask:`T4916` ``(feature): Rewrite IPsec authentication`` - - -2023-05-22 -========== - -* :vytask:`T5214` ``(bug): PPPoE-server incorrect warning if a named pool is defined`` -* :vytask:`T4977` ``(feature): Babel routing protocol support`` - - -2023-05-21 -========== - -* :vytask:`T4733` ``(default): Feature Request: dhcp server: add VRF support`` -* :vytask:`T5218` ``(enhancment): Revise vyos xml lib for bug fixes and extensions`` - - -2023-05-17 -========== - -* :vytask:`T5226` ``(default): Deduplicate and standardize validators and constraints for hostname and IP address`` -* :vytask:`T5225` ``(bug): BGP allowas-in unusable`` -* :vytask:`T5208` ``(bug): Failed to start nvmf-autoconnect.service during the boot`` - - -2023-05-16 -========== - -* :vytask:`T5194` ``(default): Add reference tree to vyos1x-config`` - - -2023-05-15 -========== - -* :vytask:`T3896` ``(feature): Extend ocserv support to allow for per-group configs`` - - -2023-05-12 -========== - -* :vytask:`T2778` ``(feature): Migrate "system syslog" to get_config_dict() to support new features`` -* :vytask:`T2769` ``(feature): Add VRF support for syslog`` - - -2023-05-10 -========== - -* :vytask:`T5209` ``(bug): dhclient load-balancing exit hook 04-dhcp-wanlb returned non-zero exit status`` -* :vytask:`T5065` ``(bug): Mixing `destination port xxx` and `destination group port-group yyy` in firewall rules doesn't work, but can be commited`` -* :vytask:`T5060` ``(feature): add a VRRP 'maintenance mode'`` - - -2023-05-09 -========== - -* :vytask:`T5202` ``(bug): After removal load-balancing a pid remained which used in dhclient-exit-hooks`` - - -2023-05-06 -========== - -* :vytask:`T5206` ``(bug): ethtool.py:Ethtool.__init__ has always true conditional due to typo`` - - -2023-05-05 -========== - -* :vytask:`T5082` ``(feature): container: switch to netavark network stack`` - - -2023-05-04 -========== - -* :vytask:`T5193` ``(feature): Ability to specify NS records to specify NS servers for subdomains`` -* :vytask:`T3891` ``(bug): X550-T2/Possibly other X550/X540 cards no link on VyOS`` -* :vytask:`T5010` ``(bug): bgp: EVPN route-target not honored`` -* :vytask:`T5196` ``(feature): wwan: op-mode should inform user if there is no WWAN interface`` - - -2023-05-03 -========== - -* :vytask:`T5163` ``(feature): Policy route-map add match source-protocol`` - - -2023-05-02 -========== - -* :vytask:`T5042` ``(bug): Command 'show vpn ipsec remote-access' does not work`` - - -2023-04-27 -========== - -* :vytask:`T5185` ``(bug): Static IPv6 route with blackhole fails`` -* :vytask:`T5175` ``(bug): http-api: error in MultiPart parser for FastAPI version >= 0.91.0`` -* :vytask:`T5183` ``(bug): IPv6 route6 problem`` -* :vytask:`T5181` ``(bug): Wrong dependencies or priorities for zebra vni vrf interfaces and bgpd`` -* :vytask:`T5128` ``(feature): Policy route - Allow wildcard interfaces`` -* :vytask:`T5055` ``(feature): Firewall - Add packet type matcher (pkttype)`` -* :vytask:`T5050` ``(feature): Firewall - Add options for logging packets`` -* :vytask:`T5037` ``(feature): Firewall - Add queue action`` -* :vytask:`T5176` ``(bug): http-api: update vyos-http-api-tools for FastAPI security vulnerability`` -* :vytask:`T5174` ``(bug): vrf: ensure no duplicate VNIs can be created`` -* :vytask:`T5123` ``(default): Display route originator in show ospf table command`` - - -2023-04-25 -========== - -* :vytask:`T5179` ``(bug): multi nodes defined in XML are not properly represented as list in get_config_dict()`` - - -2023-04-17 -========== - -* :vytask:`T5052` ``(bug): Error displaying dhcpv6 prefix delegation leases`` -* :vytask:`T5150` ``(feature): Rework CLI definitions to apply route-maps between routing daemons and zebra/kernel`` -* :vytask:`T3734` ``(bug): Move EVPN VRF up in FRR config`` - - -2023-04-13 -========== - -* :vytask:`T5152` ``(bug): Telegraf agent hostname isn't qualified`` -* :vytask:`T4727` ``(feature): Add RADIUS rate limit support to PPTP server`` -* :vytask:`T4939` ``(bug): VRRP command no-preempt not work as expected`` -* :vytask:`T4791` ``(default): Consistent normalization of 'raw' output of op-mode scripts for CLI and API`` -* :vytask:`T3608` ``(default): Standardize warnings from configure scripts`` - - -2023-04-11 -========== - -* :vytask:`T4924` ``(bug): Systemctl strongswan.service for some reason is not disabled`` -* :vytask:`T4197` ``(bug): Vyos arm64-latest build issue with telegraf pkg`` -* :vytask:`T4051` ``(bug): Connected routes strange / not working`` - - -2023-04-10 -========== - -* :vytask:`T5151` ``(bug): EAP-TLS TLSv1.0/1.1 regression after T5003`` -* :vytask:`T5148` ``(bug): OpenVPN cannot start due to could not load plugin shared object /openvpn-otp.so`` -* :vytask:`T5110` ``(bug): Show frr op-mode vtysh_pam: Failed in account validation`` -* :vytask:`T5078` ``(feature): VyOS BGP does not support 'show bgp neighbors $NB filtered-routes'`` -* :vytask:`T5070` ``(feature): show bgp nexthop unavailable in VRF`` -* :vytask:`T5061` ``(bug): All containers restart on config change`` - - -2023-04-07 -========== - -* :vytask:`T5149` ``(bug): op-mode openvpn should not raise error in case interface is disabled`` - - -2023-04-06 -========== - -* :vytask:`T5147` ``(bug): Can't Commit with Container Network`` -* :vytask:`T5142` ``(feature): One of the requirements is to use a system auditing tool to monitor and log all security-relevant events.`` -* :vytask:`T5125` ``(feature): Add op-mode commands for hsflowd based sflow`` - - -2023-04-05 -========== - -* :vytask:`T5145` ``(feature): Add maxsyslogins maximum number of all logins on system`` -* :vytask:`T5135` ``(default): Rewrite opennhrp script using vyos.ipsec library`` -* :vytask:`T4975` ``(bug): CLI does not work after cutting off the power or reset`` -* :vytask:`T5136` ``(bug): Possible config corruption on upgrade`` - - -2023-04-04 -========== - -* :vytask:`T5141` ``(feature): Add numbers for dhclient-exit-hooks.d to enforce script order execution`` -* :vytask:`T5093` ``(bug): Command 'reset vpn ipsec-profile' doesn't work`` -* :vytask:`T4362` ``(bug): Wan Load Balancing - Can't create routing tables`` - - -2023-04-03 -========== - -* :vytask:`T5139` ``(feature): IKE life-time should start from 0 for disable rekey`` -* :vytask:`T4173` ``(bug): Wan Load Balancing - Error on firewall NAT rules`` - - -2023-04-02 -========== - -* :vytask:`T5134` ``(feature): Try if netavark networks can be moved to a VRF instance`` - - -2023-04-01 -========== - -* :vytask:`T5047` ``(bug): Recreate only a specific container`` -* :vytask:`T5132` ``(default): Operational command "show isis vrf XXX route | neighbord" aren't working`` - - -2023-03-31 -========== - -* :vytask:`T5129` ``(feature): Add AWS build flavour`` -* :vytask:`T5126` ``(feature): http-api: add 'allow-client' to restrict IP address of client connections`` - - -2023-03-30 -========== - -* :vytask:`T5130` ``(bug): op-mode: drop remaining reference to obsoleted 'show_interfaces.py'`` -* :vytask:`T4866` ``(feature): Rewrite show_interfaces to standardized form`` -* :vytask:`T366` ``(bug): SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only`` - - -2023-03-29 -========== - -* :vytask:`T5100` ``(feature): Update FRR to 8.5`` -* :vytask:`T5094` ``(bug): FRR systemd logs unknow key LimitNOFILESoft`` -* :vytask:`T5085` ``(bug): ospfv3 route-map not applied in FRR configuration`` -* :vytask:`T5056` ``(bug): IPoE server vlan-mon is not working`` -* :vytask:`T5033` ``(bug): generate-public-key command fails for address with multiple public keys like GitHub`` -* :vytask:`T4876` ``(bug): mpls - LSP broken on FRR 8.4.1`` -* :vytask:`T5097` ``(bug): the operational command "show interfaces ethernet ethx" doesn't reflect a call to 'clear counters'`` -* :vytask:`T5089` ``(enhancment): Add unit test of config_diff`` -* :vytask:`T5088` ``(enhancment): Add lexicographical-numeric compare function for vytree/configtree`` -* :vytask:`T5087` ``(enhancment): Add support for lexical ordering of nodes in config_tree`` -* :vytask:`T4885` ``(feature): Rewrite 'clear interfaces counters' from Perl to Python`` -* :vytask:`T4846` ``(bug): L3VPN- network command doesn't install direct connected prefix`` - - -2023-03-28 -========== - -* :vytask:`T5043` ``(feature): Need to create reset command for IKEv2 remote-access vpn connections`` - - -2023-03-27 -========== - -* :vytask:`T5099` ``(feature): IPoE server add option 'next-pool' for named ip pools`` -* :vytask:`T5106` ``(feature): Extend generation of API client requests to configsession native functions and composite requests`` -* :vytask:`T5104` ``(bug): DHCP default route issues with static routes in VRFs`` -* :vytask:`T5079` ``(feature): xml: schema extension to support defaultValues on tagNodes`` -* :vytask:`T5114` ``(feature): bgp: implement new CLI commands introduced in FRR 8.5`` - - -2023-03-23 -========== - -* :vytask:`T5108` ``(feature): Get rate limit for L2TP/PPTP/SSTP/IPoE in raw format`` -* :vytask:`T5086` ``(feature): Integrate hsflowd for sflow accounting`` -* :vytask:`T5107` ``(bug): Raise error in op-mode dns.py instead of calling exit`` - - -2023-03-22 -========== - -* :vytask:`T5068` ``(feature): Generate op-mode API client requests along with schema generation`` - - -2023-03-21 -========== - -* :vytask:`T5098` ``(feature): PPPoE client holdoff configuration`` -* :vytask:`T3694` ``(bug): Static routes not installed into kernel nor frr`` -* :vytask:`T5102` ``(feature): ospf: "redistribute babel" is always set`` - - -2023-03-20 -========== - -* :vytask:`T5057` ``(bug): IPoE server incorrect interface regex`` -* :vytask:`T5095` ``(feature): Return list instead of dict for 'raw' output of op-mode openvpn`` - - -2023-03-19 -========== - -* :vytask:`T4925` ``(feature): Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2`` - - -2023-03-17 -========== - -* :vytask:`T5092` ``(bug): IPoE-server named pool must not rely on the authentication type`` -* :vytask:`T5091` ``(bug): IPoE server with RADIUS authentication does not verify radius configuration`` - - -2023-03-16 -========== - -* :vytask:`T5073` ``(bug): IPoE-server interface option failed to parse`` -* :vytask:`T5063` ``(bug): IPoE-server ethX vlan must not be used with client-subnet`` -* :vytask:`T5058` ``(feature): Extend template filter range_to_regex`` -* :vytask:`T3083` ``(feature): Add feature event-handler`` -* :vytask:`T2516` ``(bug): vyos-container: cannot configure ethernet interface`` - - -2023-03-13 -========== - -* :vytask:`T5074` ``(bug): Show IPSEC SA failed if remote access IKEv2 vpn is used.`` -* :vytask:`T4973` ``(bug): show dhcp server leases error for lease time 4294967295`` - - -2023-03-11 -========== - -* :vytask:`T5076` ``(feature): CI/CD: Docker container is bloated by legacy and conflicting dependencies`` - - -2023-03-09 -========== - -* :vytask:`T5066` ``(bug): Different GRE tunnel but same tunnel keys error`` -* :vytask:`T4952` ``(feature): Improve interface completion helper CLI experience`` - - -2023-03-08 -========== - -* :vytask:`T4381` ``(default): OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command`` -* :vytask:`T4872` ``(bug): Op-mode show openvpn misses a case when parsing for tunnel IP`` - - -2023-03-07 -========== - -* :vytask:`T2838` ``(bug): Ethernet device names changing, multiple hw-id being added`` -* :vytask:`T5051` ``(feature): Use Literal types to provide op-mode CLI choices and API enums`` -* :vytask:`T4900` ``(default): Cache intermediary results of get_config_diff in Config instance`` - - -2023-03-05 -========== - -* :vytask:`T5040` ``(default): Generate API GraphQL schema on installation, rather than dynamically`` - - -2023-03-03 -========== - -* :vytask:`T4625` ``(enhancment): Update ocserv to current revision (1.1.6)`` - - -2023-03-02 -========== - -* :vytask:`T4967` ``(feature): Ability to set hostname for the container`` - - -2023-03-01 -========== - -* :vytask:`T5015` ``(bug): Invalid format character error at hfsc class settings help text`` - - -2023-02-28 -========== - -* :vytask:`T5029` ``(feature): Nginx change default root directory and fix regex`` -* :vytask:`T5025` ``(bug): Time-zone validation failed`` -* :vytask:`T4955` ``(bug): Openconnect radiusclient.conf generating with extra authserver`` -* :vytask:`T4843` ``(feature): Command-line arguments in container config`` -* :vytask:`T4219` ``(feature): support incoming-interface (iif) in local PBR`` -* :vytask:`T3903` ``(bug): Containers: after command "reboot" the host system will reboot after 1.5 minutes`` - - -2023-02-27 -========== - -* :vytask:`T5028` ``(feature): Add package exfatprogs to VyOS`` -* :vytask:`T4985` ``(bug): reset vpn ipsec-peer command with peer name does not work`` - - -2023-02-26 -========== - -* :vytask:`T4979` ``(feature): Add API request 'show_user_info' for UI`` - - -2023-02-25 -========== - -* :vytask:`T5008` ``(bug): MACsec CKN of 32 chars is not allowed in CLI, but works fine`` -* :vytask:`T5007` ``(bug): Interface multicast setting is invalid`` -* :vytask:`T5027` ``(bug): OpenVPN options and site-to-site cannot pass smoketest`` -* :vytask:`T4978` ``(bug): KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536`` -* :vytask:`T5034` ``(bug): Migrate multicast CLI node to valueLess`` -* :vytask:`T4948` ``(feature): pppoe: add CLI option to allow definition of host-uniq flag`` - - -2023-02-24 -========== - -* :vytask:`T5030` ``(bug): HTTPS-API delete key without id error`` - - -2023-02-23 -========== - -* :vytask:`T5013` ``(feature): Extend accelppp.py op-mode to get subnet start stop info from config`` -* :vytask:`T5002` ``(feature): Add uk (United Kingdom) keymap`` - - -2023-02-22 -========== - -* :vytask:`T5024` ``(bug): check-qemu-install VM is not shutdown the first time`` -* :vytask:`T5011` ``(bug): Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped`` - - -2023-02-21 -========== - -* :vytask:`T5021` ``(bug): IPsec SA is closed before negotiating a new one or it is negotiated on every second if big life-time is set in swanctl.conf`` -* :vytask:`T5020` ``(feature): Extend openvpn.py op-mode to get a list of configured clients`` - - -2023-02-20 -========== - -* :vytask:`T5005` ``(feature): Skip user authentication for PPPoE Server with noauth option`` - - -2023-02-16 -========== - -* :vytask:`T4971` ``(feature): Radius attribute "Framed-Pool" for PPPoE`` - - -2023-02-15 -========== - -* :vytask:`T4991` ``(bug): Restore path level information to compare output`` - - -2023-02-14 -========== - -* :vytask:`T4968` ``(bug): VPN IPsec check dpd and close action for empty values`` -* :vytask:`T1993` ``(feature): Extended pppoe rate-limiter`` - - -2023-02-13 -========== - -* :vytask:`T4905` ``(feature): Convert show nhrp tunnel to tabulate format`` -* :vytask:`T4153` ``(bug): Monitor bandwidth-test initiate not working`` - - -2023-02-12 -========== - -* :vytask:`T4998` ``(bug): pppoe username validation too restrictive (regression)`` - - -2023-02-11 -========== - -* :vytask:`T2603` ``(feature): pppoe-server: reduce min MTU`` - - -2023-02-10 -========== - -* :vytask:`T4857` ``(feature): SNMP - Implement FRR SNMP recommendations`` -* :vytask:`T4995` ``(feature): pppoe, wwan and sstp-client - rename user -> username on authentication`` - - -2023-02-07 -========== - -* :vytask:`T4980` ``(bug): chrony not listening as a server`` -* :vytask:`T4868` ``(bug): L2TP ppp-options ipv6 does not work without ipv6 pool but should`` -* :vytask:`T4117` ``(bug): Does not possible to configure PoD/CoA for L2TP vpn`` - - -2023-02-01 -========== - -* :vytask:`T4970` ``(default): pin OCaml pcre package to avoid JIT support`` - - -2023-01-31 -========== - -* :vytask:`T4964` ``(bug): FRR bgp address-family l2vpn-evpn route-target export/import not working`` -* :vytask:`T4780` ``(feature): Firewall - Add interface group`` -* :vytask:`T4157` ``(default): Add jinja2 to pip test requirements`` - - -2023-01-30 -========== - -* :vytask:`T4958` ``(feature): Add OpenConnect RADIUS Accounting support`` -* :vytask:`T4954` ``(bug): DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init`` -* :vytask:`T4118` ``(default): IPsec syntax overhaul`` - - -2023-01-29 -========== - -* :vytask:`T4965` ``(default): empty description in firewall group causes configuration error on migration`` - - -2023-01-28 -========== - -* :vytask:`T4961` ``(bug): Uncaught configtree error allows ntp migration 1-to-2 to fail silentlly on config.boot.default`` - - -2023-01-27 -========== - -* :vytask:`T4960` ``(bug): Bugs in `cc_vyos.py` code (Cloud-Init)`` - - -2023-01-26 -========== - -* :vytask:`T4886` ``(feature): Firewall and Policy - Add connection mark`` -* :vytask:`T4957` ``(bug): config-mgmt should not attempt to archive config at boot`` -* :vytask:`T4962` ``(bug): Fix typo in regex in vyos.config_mgmt compare function`` -* :vytask:`T4912` ``(default): Rewrite the IGMP op mode in the new style`` - - -2023-01-25 -========== - -* :vytask:`T4941` ``(bug): Accel-ppp IPoE incompatibility with kernel 6.1`` - - -2023-01-24 -========== - -* :vytask:`T4947` ``(feature): Support mounting container volumes as ro or rw`` - - -2023-01-23 -========== - -* :vytask:`T4798` ``(default): Migrate the file-exists validator away from Python`` -* :vytask:`T4683` ``(enhancment): Add kitty-terminfo package to build`` -* :vytask:`T4953` ``(bug): Remove convert_kwargs_to_snake_case decorator in dynamic generation of GraphQL resolvers`` -* :vytask:`T4875` ``(default): Replace Python validator 'interface-name' to avoid Python startup cost`` -* :vytask:`T4664` ``(bug): Add validation to reject whitespace in tag node value names`` - - -2023-01-22 -========== - -* :vytask:`T4906` ``(bug): ipsec connections shows only one connection as up`` - - -2023-01-21 -========== - -* :vytask:`T4799` ``(bug): PowerDNS >= 4.7 does not get reloaded by vyos-hostsd`` -* :vytask:`T4878` ``(bug): Any interface bonding changes cause interface flapping`` -* :vytask:`T4387` ``(default): Create additional smoketests for multiwan PBR & load-balanced configurations`` - - -2023-01-20 -========== - -* :vytask:`T4551` ``(bug): IPsec rekeying collisions bug`` -* :vytask:`T4942` ``(feature): Rewrite vyatta-config-mgmt to Python/XML`` - - -2023-01-17 -========== - -* :vytask:`T4938` ``(bug): Interface input ifb does not work`` -* :vytask:`T4902` ``(bug): snmpd: exclude container storage from monitoring`` -* :vytask:`T4140` ``(bug): Lack of SNMP IANA mibs`` - - -2023-01-15 -========== - -* :vytask:`T4832` ``(feature): dhcp: Add IPv6-only dhcp option support (RFC 8925)`` -* :vytask:`T4937` ``(feature): ocserv: upgrade package to version 1.1.6`` -* :vytask:`T4918` ``(bug): Odd show interface behavior`` -* :vytask:`T3008` ``(feature): Migrate from ntpd to chronyd`` - - -2023-01-13 -========== - -* :vytask:`T4911` ``(default): Rewrite the LLDP op mode in the new format`` -* :vytask:`T4928` ``(feature): Upgrade Linux Kernel to 6.1.y (2022 LTS edition)`` - - -2023-01-12 -========== - -* :vytask:`T4934` ``(bug): ospf: Fix inter-area route summarization`` -* :vytask:`T4929` ``(feature): Update Intel QAT drivers to 4.20.0-00001`` - - -2023-01-10 -========== - -* :vytask:`T4880` ``(feature): Expose 'add/delete container image' in HTTP-API`` - - -2023-01-09 -========== - -* :vytask:`T4922` ``(feature): Add ssh-client source-interface CLI option`` -* :vytask:`T4524` ``(bug): Squid webproxy not working properly`` - - -2023-01-08 -========== - -* :vytask:`T4920` ``(bug): ospf: Fix `passive-interface default` option`` - - -2023-01-07 -========== - -* :vytask:`T4884` ``(bug): Missing a community6 in snmpd config`` - - -2023-01-05 -========== - -* :vytask:`T4904` ``(feature): Allow multiple ports for high-availability virtual-server`` -* :vytask:`T4789` ``(feature): Ability to get L2TP/PPTP/SSTP sessions info in a machine readable format`` -* :vytask:`T3937` ``(default): Rewrite "show system memory" in Python to make it usable as a library function`` - - -2023-01-04 -========== - -* :vytask:`T4848` ``(bug): Minor bug in OpenConnect server with default route`` -* :vytask:`T4656` ``(feature): Support the listen-host config field of openconnect server`` - - -2023-01-03 -========== - -* :vytask:`T4907` ``(bug): nat source translations couldn't show metrics`` - - -2023-01-02 -========== - -* :vytask:`T4893` ``(feature): l2tp add ppp-options IPv6 interface identifier`` -* :vytask:`T4717` ``(feature): Connect to console server by name`` -* :vytask:`T725` ``(feature): Cake and FQ-PIE`` - - -2022-12-31 -========== - -* :vytask:`T4898` ``(feature): Add mtu config option for dummy interfaces`` - - -2022-12-30 -========== - -* :vytask:`T4834` ``(bug): Limit container network name to 15 characters`` -* :vytask:`T4901` ``(bug): Update Podman to v4.3.1`` -* :vytask:`T4899` ``(bug): Podman systemd services not being installed correctly`` - - -2022-12-28 -========== - -* :vytask:`T4593` ``(feature): Upgrade strongswan to 5.9.8`` - - -2022-12-26 -========== - -* :vytask:`T4511` ``(bug): IPv6 DNS lookup`` -* :vytask:`T4809` ``(feature): radvd: Allow use of AdvRASrcAddress`` - - -2022-12-25 -========== - -* :vytask:`T3579` ``(feature): Rewrite vyatta-conntrack in new XML and Python flavour`` - - -2022-12-24 -========== - -* :vytask:`T4890` ``(bug): show conntrack table ipv4 fail`` -* :vytask:`T4879` ``(bug): IPSec migration failed with missing remote-id`` -* :vytask:`T4870` ``(feature): Containers switch to using overlay driver for podman storage`` - - -2022-12-23 -========== - -* :vytask:`T4792` ``(feature): Add SSTP VPN client`` - - -2022-12-21 -========== - -* :vytask:`T4887` ``(bug): Schema generation from op-mode functions should set default 'false' on boolean arguments`` - - -2022-12-18 -========== - -* :vytask:`T4882` ``(bug): Missing ICMPv6 type names in firewall configuration`` - - -2022-12-15 -========== - -* :vytask:`T4671` ``(bug): linux-firmware package is missing symlinks defined in WHENCE file`` - - -2022-12-14 -========== - -* :vytask:`T4881` ``(bug): Return opmode.Error on openconnect.py show_sessions`` - - -2022-12-12 -========== - -* :vytask:`T4861` ``(feature): Openconnect restart on adding users - Aborts all active connections`` - - -2022-12-09 -========== - -* :vytask:`T4865` ``(bug): container impossible to generate local image from a file if it requires install some pkgs`` - - -2022-12-05 -========== - -* :vytask:`T4860` ``(bug): Openconnect server incorrect unconfigured check`` -* :vytask:`T4804` ``(bug): PPPoE server incorrect unconfigured check`` -* :vytask:`T4854` ``(feature): BGP-route reflector allows to apply route-maps`` - - -2022-12-04 -========== - -* :vytask:`T4825` ``(feature): interfaces veth/veth-pairs -standalone used`` -* :vytask:`T4805` ``(bug): PPPoE server does not restart service if pool was changed`` - - -2022-12-02 -========== - -* :vytask:`T4830` ``(bug): nat66 - Error in port translation rules`` -* :vytask:`T4859` ``(bug): Correct calling of config mode script dependencies from http-api.py`` -* :vytask:`T4820` ``(enhancment): Support for inter-config-mode script dependencies`` -* :vytask:`T4858` ``(bug): L3VPN- Route Distinguisher notations`` -* :vytask:`T1024` ``(feature): Policy Based Routing by DSCP`` - - -2022-12-01 -========== - -* :vytask:`T4841` ``(feature): add fan control`` -* :vytask:`T4847` ``(bug): Correct calling of config mode script dependencies from pki.py`` - - -2022-11-29 -========== - -* :vytask:`T4842` ``(bug): Routing config broken if mpls config exists`` -* :vytask:`T4845` ``(default): Add smoketest to detect cycles in config-mode script dependency calls`` - - -2022-11-27 -========== - -* :vytask:`T4739` ``(feature): ISIS and OSPF segment routing being refactored`` - - -2022-11-24 -========== - -* :vytask:`T4794` ``(bug): show firewall name <name> - Can't use .items() on a list`` -* :vytask:`T4714` ``(feature): Delete unused ipset from the filecaps`` -* :vytask:`T3541` ``(bug): Route Map large community set additive is missing`` - - -2022-11-23 -========== - -* :vytask:`T4836` ``(feature): Kernel: enable new features like switchdev, ESP in TCP and HSR`` -* :vytask:`T4835` ``(bug): SNMPD configuration incorrect for IPv6`` -* :vytask:`T4819` ``(feature): Allow printing Warning messages in multiple lines with \n`` -* :vytask:`T4807` ``(feature): Need to fix traceroute help completion`` -* :vytask:`T4660` ``(feature): Reorganize route map set community CLI`` -* :vytask:`T4526` ``(bug): keepalived-fifo.py unable to load config`` -* :vytask:`T4793` ``(feature): Create warning message about disable-route-autoinstall when ipsec vti is used`` -* :vytask:`T4492` ``(bug): Incorrect list of neighbors in help for "show bgp vrf VRF neighbors"`` -* :vytask:`T4496` ``(feature): ping vrf help does not list VRFs`` - - -2022-11-22 -========== - -* :vytask:`T4823` ``(bug): swanctl.conf is broken when ipsec site-to-site peer set.`` -* :vytask:`T4706` ``(bug): NAT and NAT66 issues`` -* :vytask:`T4670` ``(feature): policy route - Update matching criteria`` - - -2022-11-21 -========== - -* :vytask:`T4812` ``(feature): IPsec ability to show all configured connections`` -* :vytask:`T4829` ``(default): Tunnel argument to 'reset_peer' in ipsec.py should have type hint Optional`` - - -2022-11-20 -========== - -* :vytask:`T4827` ``(bug): route-map issues , not load configuration FRR`` - - -2022-11-19 -========== - -* :vytask:`T4826` ``(bug): Wrong key type is used for SSH SK public keys`` -* :vytask:`T4720` ``(feature): Ability to configure SSH HostKeyAlgorithms`` -* :vytask:`T4828` ``(default): Raise appropriate op-mode errors in ipsec.py 'reset_peer'`` - - -2022-11-18 -========== - -* :vytask:`T4821` ``(bug): Correct calling of config mode script dependencies from firewall.py`` - - -2022-11-17 -========== - -* :vytask:`T4750` ``(feature): Support of higher level SSH keys (sk-ssh-ed25519)`` - - -2022-11-15 -========== - -* :vytask:`T4808` ``(feature): Add details of configtree operations to migration log`` - - -2022-11-12 -========== - -* :vytask:`T4814` ``(bug): Regression in bundled powerdns version`` - - -2022-11-09 -========== - -* :vytask:`T4800` ``(bug): undefined var includes_chroot_dir in build-vyos-image`` - - -2022-11-08 -========== - -* :vytask:`T4771` ``(feature): Rewrite protocol BGP op-mode to vyos.opmode format`` -* :vytask:`T4806` ``(default): Update FRR to 8.4 in 1.4 version`` - - -2022-11-06 -========== - -* :vytask:`T4803` ``(bug): The header 'Authorization' needs to be explictly allowed in http-api CORS middleware`` - - -2022-11-05 -========== - -* :vytask:`T4802` ``(feature): Ability to define per container shared-memory size`` - - -2022-11-01 -========== - -* :vytask:`T4764` ``(bug): NAT tables vyos_nat and vyos_static_nat not deleting after deleting nat`` -* :vytask:`T4177` ``(bug): Strip-private doesn't work for service monitoring`` - - -2022-10-31 -========== - -* :vytask:`T4786` ``(feature): Add package python3-pyhumps`` -* :vytask:`T1875` ``(feature): Add the ability to use network address as BGP neighbor (bgp listen range)`` -* :vytask:`T4785` ``(feature): snmp: Allow !, @, * and # in community name`` -* :vytask:`T4787` ``(feature): ipsec: add support for road-warrior/remote-access RADIUS timeout`` - - -2022-10-29 -========== - -* :vytask:`T4783` ``(default): Add support for stunnel`` -* :vytask:`T4784` ``(feature): Add description node for static route/route6 tagNodes`` - - -2022-10-28 -========== - -* :vytask:`T4291` ``(default): Consolidate component version read/write functions`` - - -2022-10-27 -========== - -* :vytask:`T4763` ``(feature): Change XML for Show nat destination statistics`` -* :vytask:`T4762` ``(bug): Show nat rules with empty rules incorrect error`` -* :vytask:`T4778` ``(bug): Raise error UnconfiguredSubsystem if op-mode ipsec.py fails initialization`` - - -2022-10-26 -========== - -* :vytask:`T4773` ``(default): Add camel_case to snake_case conversion utility`` - - -2022-10-25 -========== - -* :vytask:`T4574` ``(default): Add token based authentication to GraphQL API`` - - -2022-10-24 -========== - -* :vytask:`T4772` ``(default): Return list of dicts in 'raw' output of route.py instead of dict with redundant information`` - - -2022-10-23 -========== - -* :vytask:`T3723` ``(bug): op-mode IPSec show vpn ipsec sa output with underscores`` - - -2022-10-21 -========== - -* :vytask:`T4768` ``(default): Change name of api child node from 'gql' to 'graphql'`` - - -2022-10-18 -========== - -* :vytask:`T4684` ``(feature): Rewrite show ip route by protocol to vyos.opmode format`` -* :vytask:`T4533` ``(bug): Radius clients don’t have simple permissions`` -* :vytask:`T4753` ``(enhancment): Extend automatic generation of schema to query SystemStatus`` - - -2022-10-17 -========== - -* :vytask:`T4725` ``(bug): Unable to reset vpn IPsec peer`` - - -2022-10-14 -========== - -* :vytask:`T4672` ``(bug): RADIUS server disable does not work`` -* :vytask:`T4749` ``(enhancment): Use config_dict for conf_mode http-api.py`` - - -2022-10-13 -========== - -* :vytask:`T4746` ``(bug): Monitoring nft. table vyos_filter by default does not exist but telegraf checks this table`` -* :vytask:`T4744` ``(bug): BGP directly connected neighbors don't compatible with ebgp-multihop`` -* :vytask:`T4716` ``(feature): SSH ability to configure RekeyLimit`` -* :vytask:`T4343` ``(default): Expose powerdns network-timeout for service dns forwarding`` -* :vytask:`T4312` ``(bug): Telegraf configuration doesn't accept IPs for URL`` -* :vytask:`T4274` ``(default): Extend OpenConnect RADIUS Timeout to Permit 2FA Entry`` - - -2022-10-12 -========== - -* :vytask:`T4747` ``(bug): Monitoring influxdb template input exec plugin does not work`` -* :vytask:`T4740` ``(bug): Show conntrack table ipv6 fail`` -* :vytask:`T4730` ``(bug): Conntrack-sync error - listen-address is not the correct type in config as it should be`` - - -2022-10-11 -========== - -* :vytask:`T4742` ``(bug): Autocomplete in policy route rule x set table / does not show the tables created in the static protocols`` -* :vytask:`T4741` ``(bug): set firewall zone Local local-zone failed`` -* :vytask:`T4680` ``(bug): Telegraf prometheus-client listen-address invalid format`` - - -2022-10-10 -========== - -* :vytask:`T538` ``(feature): Support for network mapping in NAT`` - - -2022-10-09 -========== - -* :vytask:`T4738` ``(enhancment): Extend automatic generation of schema definition files to native configsession functions; use single resolver/directive`` - - -2022-10-08 -========== - -* :vytask:`T4707` ``(feature): Enable OSPF segment routing`` - - -2022-10-07 -========== - -* :vytask:`T4736` ``(bug): Error on JSON output of API query ShowConfig`` - - -2022-10-04 -========== - -* :vytask:`T4708` ``(bug): 'show nat destination rules' throwing an error`` -* :vytask:`T4700` ``(feature): Firewall - Add interface match criteria`` -* :vytask:`T4699` ``(feature): Firewall - Add jump action - Add return action`` -* :vytask:`T4651` ``(feature): Firewall - Add options to match packet size`` -* :vytask:`T4702` ``(bug): Wireguard peers configuration is not synchronized with CLI`` -* :vytask:`T4685` ``(bug): Interface does not exist on boot when used as inbound-interface for local policy route`` -* :vytask:`T4652` ``(feature): Upgrade PowerDNS recursor to 4.7 series`` -* :vytask:`T4582` ``(default): Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs`` - - -2022-09-29 -========== - -* :vytask:`T4715` ``(feature): Auto logout user after a period of inactivity`` -* :vytask:`T4697` ``(bug): policy route: Generating ConfigError failes when tcp flag is missing on set tcp-mss rule commit`` - - -2022-09-27 -========== - -* :vytask:`T4711` ``(feature): Ability to terminate user TTY and PTS sessions`` -* :vytask:`T4557` ``(feature): fastnetmon: allow configure limits per protocol (tcp, udp, icmp)`` - - -2022-09-21 -========== - -* :vytask:`T4678` ``(feature): Rewrite service ipoe-server to get_config_dict`` -* :vytask:`T4703` ``(feature): accel-ppp: combine vlan-id and vlan-range into single CLI node`` - - -2022-09-20 -========== - -* :vytask:`T4693` ``(bug): ISIS segment routing was broken...`` - - -2022-09-17 -========== - -* :vytask:`T4666` ``(bug): EAP-TLS no longer allows TLSv1.0 after T4537, T4584`` -* :vytask:`T4665` ``(bug): Keepalived cannot use same VRID for VRRPv2 and VRRPv3`` - - -2022-09-16 -========== - -* :vytask:`T4698` ``(enhancment): Drop validator name="range" and replace it with numeric`` -* :vytask:`T4695` ``(feature): Add 'es' and 'jp106' keymap option keyboard-layout`` -* :vytask:`T4669` ``(enhancment): Extend numeric.ml for inversion of values and range values`` - - -2022-09-15 -========== - -* :vytask:`T4679` ``(bug): OpenVPN site-to-site incorrect check for IPv6 local and remote address`` -* :vytask:`T4691` ``(feature): Upgrade Linux Kernel to latest 5.15.y train`` -* :vytask:`T4630` ``(bug): Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time`` -* :vytask:`T4696` ``(default): Extend bgp parameters for bgp bestpath peer-type multipath-relax`` - - -2022-09-12 -========== - -* :vytask:`T4617` ``(feature): VRF specification is needed for telegraf prometheus-client listen-address <address>`` -* :vytask:`T4690` ``(bug): Update GraphQL resolver for 'SystemStatus' following changes to 'show_uptime' op-mode script`` -* :vytask:`T4647` ``(feature): Add Google Virtual NIC (gVNIC) support`` -* :vytask:`T4170` ``(feature): Rename "policy ipv6-route" -> "policy route6"`` - - -2022-09-09 -========== - -* :vytask:`T4682` ``(feature): Rewrite 'show system storage' in standardized format`` -* :vytask:`T4681` ``(feature): Complete standardization of show_uptime.py`` - - -2022-09-06 -========== - -* :vytask:`T4640` ``(enhancment): Integrate op-mode exception hierarchy into API`` -* :vytask:`T4597` ``(bug): Check bind port before assign service HTTPS API and openconnect`` -* :vytask:`T4674` ``(bug): API should show op-mode error message, if present`` -* :vytask:`T4673` ``(bug): op-mode bridge.py should raise error on show_fdb for nonexistent bridge interface`` - - -2022-09-05 -========== - -* :vytask:`T4668` ``(bug): Adding/removing members from bond doesn't work/results in incorrect interface state`` -* :vytask:`T4663` ``(bug): Interface pseudo-ethernet does not change mode`` -* :vytask:`T4655` ``(bug): Firewall in 1.4 sets the default action 'accept' instead of 'drop'`` -* :vytask:`T4628` ``(bug): ConfigTree() throws ValueError() if tagNode contains whitespaces`` - - -2022-09-01 -========== - -* :vytask:`T4606` ``(bug): monitor nat destination translation shows missing script`` -* :vytask:`T4435` ``(bug): Policy route and firewall - error when using undefined group`` -* :vytask:`T4147` ``(bug): New Firewall Implementation - proposed changes on group implementation`` - - -2022-08-31 -========== - -* :vytask:`T4650` ``(feature): Rewire show nat translation to vyos.opmode format`` -* :vytask:`T4644` ``(bug): Check bind port before assign vpn sstp`` -* :vytask:`T4643` ``(bug): Smoketest exclude either sstp or openconnect from pki-misc default listen port`` -* :vytask:`T4569` ``(feature): Rewrite show bridge to new format`` -* :vytask:`T4547` ``(bug): Show vpn ipsec sa show unexpected prefix 'B' in packets`` -* :vytask:`T4367` ``(bug): NAT - Config tmp file not available`` - - -2022-08-29 -========== - -* :vytask:`T4645` ``(bug): show nat source statistics lack argument --family`` -* :vytask:`T4634` ``(bug): Bgp neighbor disable-connected-check does not work`` -* :vytask:`T4631` ``(feature): Add port and protocol to nat66`` -* :vytask:`T4623` ``(feature): Add show conntrack statistics`` -* :vytask:`T4595` ``(bug): DPD interval and timeout do not work in DMVPN`` -* :vytask:`T4594` ``(feature): Rewrite op-mode IPsec to vyos.opmode format`` -* :vytask:`T4508` ``(bug): Problem with values of the same environment in different event handlers`` -* :vytask:`T4653` ``(bug): Interface offload options are not applied correctly`` -* :vytask:`T4546` ``(bug): Does not connect Cisco spoke to VyOS hub.`` -* :vytask:`T4061` ``(default): Add util function to check for completion of boot config`` -* :vytask:`T4654` ``(bug): RPKI cache incorrect description`` -* :vytask:`T4572` ``(bug): Add an option to force interface MTU to the value received from DHCP`` - - -2022-08-26 -========== - -* :vytask:`T4642` ``(bug): proxy: hyphen not allowed in proxy URL`` - - -2022-08-25 -========== - -* :vytask:`T4626` ``(bug): Error showing nat66 source and destination`` -* :vytask:`T4622` ``(feature): Firewall allow drop packets by TCP MSS size`` - - -2022-08-24 -========== - -* :vytask:`T4641` ``(bug): prefix-list allows ipv6 prefix as input`` -* :vytask:`T4633` ``(feature): Change keepalived to v2.2.7`` - - -2022-08-23 -========== - -* :vytask:`T4618` ``(bug): Traffic policy not set on virtual interfaces`` -* :vytask:`T4538` ``(bug): Macsec does not work correctly when the interface status changes.`` - - -2022-08-22 -========== - -* :vytask:`T4089` ``(bug): Show nat destination rules shows ip address instead of interface 'any'`` -* :vytask:`T4632` ``(bug): VLAN-aware bridge not working`` -* :vytask:`T4637` ``(feature): Upgrade to podman 4.2.0`` - - -2022-08-20 -========== - -* :vytask:`T4596` ``(bug): "show openconnect-server sessions" command does not work in the openconnect module`` - - -2022-08-19 -========== - -* :vytask:`T4620` ``(bug): UPnP does not work due to incorrect template`` -* :vytask:`T4619` ``(bug): Static arp is not set if another entry is present`` -* :vytask:`T4611` ``(bug): UPnP rule IP should be a prefix instead of an address`` -* :vytask:`T4614` ``(feature): OpenConnect split-dns directive`` - - -2022-08-18 -========== - -* :vytask:`T4613` ``(bug): UPnP configuration without listen option fail`` -* :vytask:`T4570` ``(bug): Exception when trying to set up VXLAN over Wireguard`` - - -2022-08-17 -========== - -* :vytask:`T4598` ``(feature): nat66 - Add exclude options`` -* :vytask:`T4480` ``(default): add an ability to configure squid acl safe ports and acl ssl safe ports`` - - -2022-08-16 -========== - -* :vytask:`T4592` ``(bug): macsec: can not create two interfaces using the same source-interface`` -* :vytask:`T4584` ``(bug): hostap: create custom package build`` -* :vytask:`T4413` ``(default): Add an API endpoint with basic system stats`` -* :vytask:`T4537` ``(bug): MACsec not working with cipher gcm-aes-256`` - - -2022-08-15 -========== - -* :vytask:`T4609` ``(bug): Unable to Restart Container VyOS 1.4`` -* :vytask:`T4565` ``(bug): vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249`` -* :vytask:`T3988` ``(default): Feature Request: IPsec Multiple local/remote prefix for the tunnel`` -* :vytask:`T2763` ``(feature): New SNMP resource request - SNMP over TCP`` - - -2022-08-14 -========== - -* :vytask:`T4579` ``(bug): bridge: can not delete member interface CLI option when VLAN is enabled`` -* :vytask:`T4421` ``(default): Add support for floating point numbers in the numeric validator`` -* :vytask:`T3507` ``(bug): Bond with mode LACP show u/u in show interfaces even if peer is not configured`` - - -2022-08-12 -========== - -* :vytask:`T4603` ``(feature): Need a config option to specify NAS-IP-Address for vpn l2tp`` - - -2022-08-10 -========== - -* :vytask:`T4408` ``(feature): Add sshguard to protect against brut-forces`` - - -2022-08-08 -========== - -* :vytask:`T4586` ``(feature): Add to NAT66: SNAT destination address and DNAT source address.`` - - -2022-08-04 -========== - -* :vytask:`T4257` ``(feature): Discussion on changing BGP autonomous system number syntax`` - - -2022-08-02 -========== - -* :vytask:`T4585` ``(feature): Rewrite op-mode containers to vyos.opmode`` -* :vytask:`T4515` ``(default): Reduce telegraf binary size`` - - -2022-08-01 -========== - -* :vytask:`T4581` ``(bug): 'show system cpu' not working`` -* :vytask:`T4578` ``(feature): Rewrite show dns forwarding statistics to new format`` - - -2022-07-31 -========== - -* :vytask:`T4580` ``(bug): Handle the case of op-mode file names with hyphens in GraphQL schema/resolver generation`` - - -2022-07-30 -========== - -* :vytask:`T4575` ``(feature): vyos.utill add new wrapper "rc_cmd" to get the return code and output`` -* :vytask:`T4562` ``(feature): Rewrite show vrf to new format`` -* :vytask:`T4545` ``(feature): Rewrite show nat source rules`` -* :vytask:`T4543` ``(bug): Show source nat statistics shows incorrect interface`` -* :vytask:`T4503` ``(default): Prevent op mode scripts from restarting services if there's a commit in progress`` -* :vytask:`T4411` ``(feature): Add migration for service monitoring telegraf influxdb`` - - -2022-07-29 -========== - -* :vytask:`T4554` ``(enhancment): Implement GraphQL resolvers for standardized op-mode scripts`` -* :vytask:`T4518` ``(feature): Add XML for CLI conf mode load-balancing wan`` -* :vytask:`T4544` ``(enhancment): Generate schema definitions from standardized op-mode scripts`` - - -2022-07-28 -========== - -* :vytask:`T4531` ``(bug): NAT op-mode errors with exclude rules`` -* :vytask:`T3435` ``(bug): NAT rules show corruption`` - - -2022-07-27 -========== - -* :vytask:`T4571` ``(bug): Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces`` -* :vytask:`T4552` ``(bug): Unable to reset IPsec IPv6 peer`` - - -2022-07-26 -========== - -* :vytask:`T4568` ``(bug): show vpn debug peer doesn't work`` -* :vytask:`T4556` ``(feature): fastnetmon: Allow configure white_list_path and populate with hosts/networks that should be ignored.`` -* :vytask:`T4495` ``(feature): Combine BGP reset op commands`` - - -2022-07-25 -========== - -* :vytask:`T4567` ``(default): Merge experimental branch of GraphQL development`` -* :vytask:`T4560` ``(bug): VRF and BGP neighbor local-as error`` -* :vytask:`T4493` ``(bug): Incorrect help for "show bgp neighbors"`` -* :vytask:`T1233` ``(bug): ipsec vpn sa showing down`` - - -2022-07-22 -========== - -* :vytask:`T4145` ``(bug): Conntrack table not showing after firewall rewriting`` - - -2022-07-21 -========== - -* :vytask:`T4555` ``(feature): fastnetmon: add IPv6 support`` -* :vytask:`T4553` ``(default): Allow to set ban time on ddos-protection configuration`` - - -2022-07-20 -========== - -* :vytask:`T4056` ``(bug): Traffic policy not set in live configuration`` - - -2022-07-18 -========== - -* :vytask:`T4523` ``(feature): OP-mode Extend conntrack output to get marks, zones and directions`` -* :vytask:`T4228` ``(bug): bond: OS error thrown when two bonds use the same member`` -* :vytask:`T4539` ``(feature): qat: update Intel QuickAssist release version 1.7.L.4.16.0-00017`` -* :vytask:`T4534` ``(bug): bond: bridge: error out if member interface is assigned to a VRF instance`` -* :vytask:`T4525` ``(bug): Delete interface from VRF and add it to bonding error`` -* :vytask:`T4522` ``(feature): bond: add ability to specify mii monitor interval via CLI`` -* :vytask:`T4535` ``(feature): FRR: upgrade to stable/8.3 version`` -* :vytask:`T4521` ``(bug): bond: ARP monitor interval is not configured despite set via CLI`` -* :vytask:`T4540` ``(feature): firmware: update to Linux release 20220708`` - - -2022-07-17 -========== - -* :vytask:`T4028` ``(bug): FRR 8.1 routes not being applied to routing table after reboot if an interface has 2 ip addresses`` - - -2022-07-15 -========== - -* :vytask:`T4494` ``(bug): Cannot reset BGP peer within VRF`` -* :vytask:`T4536` ``(feature): FRR: move to systemd for daemon control`` - - -2022-07-14 -========== - -* :vytask:`T4491` ``(bug): Use empty string for internal name of root node of config_tree`` - - -2022-07-13 -========== - -* :vytask:`T1375` ``(feature): Add clear dhcp server lease function`` - - -2022-07-12 -========== - -* :vytask:`T4527` ``(bug): Prevent to create VRF name default`` -* :vytask:`T4084` ``(default): Dehardcode the default login banner`` -* :vytask:`T3948` ``(feature): IPSec VPN: Add a new option "none" for the connection-type`` -* :vytask:`T235` ``(feature): Ability to configure manual IP Rules`` - - -2022-07-10 -========== - -* :vytask:`T3836` ``(bug): Setting a default IPv6 route while getting IPv4 gateway via DHCP removes the IPv4 gateway`` - - -2022-07-09 -========== - -* :vytask:`T4507` ``(feature): IPoE-server add multiplier option for shaper`` -* :vytask:`T4499` ``(bug): NAT source translation not showing a single output`` -* :vytask:`T4468` ``(bug): web-proxy source group cannot start with a number bug`` -* :vytask:`T4373` ``(feature): PPPoE-server add multiplier option for shaper`` -* :vytask:`T3353` ``(bug): PPPoE server wrong vlan-range generating config`` -* :vytask:`T3648` ``(bug): op-mode: nat rules broken`` -* :vytask:`T4517` ``(feature): ip: Add options to enable directed broadcast forwarding`` - - -2022-07-07 -========== - -* :vytask:`T4456` ``(bug): NTP client in VRF tries to bind to interfaces outside VRF, logs many messages`` -* :vytask:`T4509` ``(feature): Feature Request: DNS64`` - - -2022-07-06 -========== - -* :vytask:`T4513` ``(bug): Webproxy monitor commands do not work`` -* :vytask:`T4299` ``(feature): Firewall - GeoIP filtering`` - - -2022-07-05 -========== - -* :vytask:`T4378` ``(bug): Unable to submit wildcard ("*.example.com") A or AAAA records in dns forwarder`` -* :vytask:`T2683` ``(default): no dual stack in system static-host-mapping host-name`` -* :vytask:`T478` ``(feature): Firewall address group (multi and nesting)`` - - -2022-07-04 -========== - -* :vytask:`T4501` ``(bug): Syslog-identifier does not work in event handler`` -* :vytask:`T3600` ``(bug): DHCP Interface static route breaks PBR`` -* :vytask:`T4498` ``(feature): bridge: Add option to enable/disable IGMP/MLD snooping`` - - -2022-07-01 -========== - -* :vytask:`T2455` ``(bug): No support for the IPv6 VTI`` -* :vytask:`T4490` ``(feature): BGP- warning message that AFI/SAFI is needed to establish the neighborship`` -* :vytask:`T4489` ``(bug): MPLS sysctl not persistent for tunnel interfaces`` - - -2022-06-29 -========== - -* :vytask:`T4477` ``(feature): router-advert: support RDNSS lifetime option`` - - -2022-06-28 -========== - -* :vytask:`T4486` ``(bug): Container can't be deleted`` -* :vytask:`T4473` ``(bug): Use container network without network declaration error`` -* :vytask:`T4458` ``(feature): Firewall - add support for matching ip ttl in firewall rules`` -* :vytask:`T3907` ``(feature): Firewall - Set log levels`` - - -2022-06-27 -========== - -* :vytask:`T4484` ``(default): Firewall op-mode summary doesn't correctly handle address group containing ranges`` - - -2022-06-25 -========== - -* :vytask:`T4482` ``(bug): dhcp: toggle of "dhcp-options no-default-route" has no effect`` -* :vytask:`T4483` ``(feature): Upgrade fastnetmon to v1.2.2 community edition`` - - -2022-06-22 -========== - -* :vytask:`T1748` ``(feature): vbash: beautify tab completion output/line breaks`` - - -2022-06-20 -========== - -* :vytask:`T1856` ``(feature): Support configuring IPSec SA bytes`` - - -2022-06-18 -========== - -* :vytask:`T4467` ``(bug): Validator Does Not Accept Signed Numbers`` - - -2022-06-17 -========== - -* :vytask:`T4209` ``(bug): Firewall incorrect handler for recent count and time`` - - -2022-06-16 -========== - -* :vytask:`T4352` ``(bug): wan-load balance - priority traffic rule doesn't work`` - - -2022-06-15 -========== - -* :vytask:`T4450` ``(feature): Route-map - Extend options for ip|ipv6 address match`` -* :vytask:`T4449` ``(feature): Route-map - Extend options for ip next-hop match`` -* :vytask:`T990` ``(feature): Make DNAT/SNAT a valid state in firewall rules.`` - - -2022-06-12 -========== - -* :vytask:`T4420` ``(feature): Feature Request: ocserv: show configured 2FA OTP key`` -* :vytask:`T4380` ``(default): Feature Request: ocserv: 2FA OTP key generator in VyOS CLI`` - - -2022-06-10 -========== - -* :vytask:`T4365` ``(bug): NAT - Error on setting up tables`` -* :vytask:`T4465` ``(feature): node.def generation misses whitespace on multiple use of <path>`` - - -2022-06-09 -========== - -* :vytask:`T4444` ``(default): sstp: Feature request. Port number changing support`` -* :vytask:`T2580` ``(feature): Support for ip pools for ippoe`` - - -2022-06-08 -========== - -* :vytask:`T4447` ``(bug): DHCPv6 prefix delegation `sla-id` limited to 128`` - - -2022-05-31 -========== - -* :vytask:`T4212` ``(default): PermissionError when generating/installing server Certificate (generate pki certificate sign ...)`` -* :vytask:`T4199` ``(bug): Commit failed when setting icmpv6 type any`` -* :vytask:`T4148` ``(bug): Firewall - Error messages not that clear as it were in old firewall`` -* :vytask:`T3659` ``(bug): Configuration won't accept IPv6 addresses for site-to-site VPN tunnel prefixes/traffic selectors`` - - -2022-05-30 -========== - -* :vytask:`T4315` ``(feature): Telegraf - Output to prometheus`` - - -2022-05-29 -========== - -* :vytask:`T2473` ``(feature): Xml for EIGRP [conf_mode]`` - - -2022-05-28 -========== - -* :vytask:`T4448` ``(feature): rip: add support for explicit version selection`` - - -2022-05-26 -========== - -* :vytask:`T4442` ``(feature): HTTP API add action "reset"`` - - -2022-05-25 -========== - -* :vytask:`T4410` ``(feature): Telegraf - Output to Splunk`` -* :vytask:`T4382` ``(bug): Replacing legacy loadFile exposes missing steps in migration scripts and other errors`` - - -2022-05-21 -========== - -* :vytask:`T4437` ``(bug): flow-accounting: support IPv6 flow collectors`` - - -2022-05-20 -========== - -* :vytask:`T4418` ``(feature): Telegraf - output Plugin azure-data-explorer`` - - -2022-05-19 -========== - -* :vytask:`T4434` ``(bug): DMVPN: cisco-authentication password length is 8 characters`` -* :vytask:`T3938` ``(default): Rewrite the uptime script in Python to allow using it as a library`` -* :vytask:`T4334` ``(default): Make the config lexer reentrant`` - - -2022-05-17 -========== - -* :vytask:`T4424` ``(bug): policy local-route6 shows ipv4 format`` - - -2022-05-16 -========== - -* :vytask:`T4377` ``(default): generate tech-support archive includes previous archives`` - - -2022-05-12 -========== - -* :vytask:`T4417` ``(bug): VRRP doesn't start with conntrack-sync`` -* :vytask:`T4100` ``(feature): Firewall increase maximum number of rules`` - - -2022-05-11 -========== - -* :vytask:`T4405` ``(bug): DHCP client sometimes ignores `no-default-route` option of an interface`` - - -2022-05-10 -========== - -* :vytask:`T4156` ``(default): Adding DHCP Option 13 (bootfile-size)`` -* :vytask:`T1972` ``(feature): Allow setting interface name for virtual_ipaddress in VRRP VRID`` - - -2022-05-07 -========== - -* :vytask:`T4361` ``(bug): `vyos.config.exists()` does not work for nodes with multiple values`` -* :vytask:`T4354` ``(bug): Slave interfaces fall out from bonding during configuration change`` -* :vytask:`T4419` ``(feature): vrf: support to disable IP forwarding within a given VRF`` - - -2022-05-06 -========== - -* :vytask:`T4385` ``(bug): bgp: peer-group member cannot override remote-as of peer-group`` - - -2022-05-05 -========== - -* :vytask:`T4414` ``(feature): Add route-map "as-path prepend last-as x" option`` - - -2022-05-03 -========== - -* :vytask:`T4395` ``(feature): Extend show vpn debug`` - - -2022-05-01 -========== - -* :vytask:`T4369` ``(bug): OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node`` -* :vytask:`T4363` ``(bug): salt-minion: default mine_interval option is not set`` -* :vytask:`T4353` ``(feature): Add Jinja2 linter to vyos-1x build process`` - - -2022-04-29 -========== - -* :vytask:`T4388` ``(bug): dhcp-server: missing constraint on tftp-server-name option`` -* :vytask:`T4366` ``(bug): geneve: interface is removed on changes to e.g. description`` - - -2022-04-28 -========== - -* :vytask:`T4400` ``(bug): Container OP mode has delete where show and update should be`` - - -2022-04-27 -========== - -* :vytask:`T4398` ``(bug): IPSec site-to-site generates unexpected passthrough option`` -* :vytask:`T4397` ``(feature): arp: migrate static ARP entry configuration to get_config_dict() and make it VRF aware`` -* :vytask:`T4357` ``(feature): Allow free-form setting of DHCPv6 server options`` - - -2022-04-26 -========== - -* :vytask:`T4210` ``(bug): NAT source/destination negated ports throws an error`` -* :vytask:`T4235` ``(default): Add config tree diff algorithm`` - - -2022-04-25 -========== - -* :vytask:`T4390` ``(feature): op-mode: extend "show log" and "monitor log" with additional daemons/subsystems to read journalctl logs`` -* :vytask:`T4391` ``(bug): PPPoE: IPv6 not working after system boot`` - - -2022-04-24 -========== - -* :vytask:`T4342` ``(bug): "show ip ospf neighbor address x.x.x.x" gives "unknown command" error`` - - -2022-04-23 -========== - -* :vytask:`T4386` ``(default): Applying limiter on traffic-policy "in" fails, incorrectly reports mirror or redirect policy in use`` - - -2022-04-22 -========== - -* :vytask:`T4389` ``(feature): dhcp: add vendor option support for Ubiquity Unifi controller`` - - -2022-04-21 -========== - -* :vytask:`T4384` ``(feature): pppoe: replace default-route CLI option with common CLI nodes already present for DHCP`` - - -2022-04-20 -========== - -* :vytask:`T4345` ``(bug): New firewall code does not accept "rate/time interval" syntax used in old config`` -* :vytask:`T4231` ``(feature): Feature Request: ocserv: 2FA (password+OTP) support in Openconnect`` - - -2022-04-19 -========== - -* :vytask:`T4379` ``(bug): PPPoE: default-route lost after applying additional static routes`` -* :vytask:`T4344` ``(bug): DHCP statistics not matching, conf-mode generates incorrect pool name with dash`` -* :vytask:`T4268` ``(bug): Elevated LA while using VyOS monitoring feature`` - - -2022-04-18 -========== - -* :vytask:`T4351` ``(bug): Openvpn conf-mode "openvpn-option" is not respected`` -* :vytask:`T4278` ``(default): vyos-vm-images: fix vagrant libvirt box`` -* :vytask:`T4368` ``(bug): bgp: AS specified for local as is the same as the remote as and this is not allowed.`` -* :vytask:`T4370` ``(feature): vxlan: geneve: support configuration of df bit option`` - - -2022-04-15 -========== - -* :vytask:`T4327` ``(default): Ethernet interface configuration fails on Hyper-V due to speed/duplex/autoneg ethtool command error`` -* :vytask:`T4364` ``(feature): salt-minion: Upgrade to 3004 and migrate to get_config_dict()`` - - -2022-04-13 -========== - -* :vytask:`T4333` ``(feature): Jinja2: add plugin to test if a variable is defined and not none to reduce template complexity`` - - -2022-04-08 -========== - -* :vytask:`T4331` ``(bug): IPv6 link local addresses are not configured when an interface is in a VRF`` -* :vytask:`T4347` ``(default): Return complete and consistent error codes from HTTP API`` -* :vytask:`T4339` ``(bug): wwan: tab-completion results in "No such file or directory" if there is no WWAN interface`` -* :vytask:`T4338` ``(bug): wwan: changing interface description should not trigger reconnect`` -* :vytask:`T4324` ``(bug): wwan: check alive script should only be run via cron if a wwan interface is configured at all`` - - -2022-04-07 -========== - -* :vytask:`T4330` ``(bug): MTU settings cannot be applied when IPv6 is disabled`` -* :vytask:`T4346` ``(feature): Deprecate "system ipv6 disable" option to disable address family within OS kernel`` -* :vytask:`T4319` ``(bug): The command "set system ipv6 disable" doesn't work as expected.`` -* :vytask:`T4341` ``(feature): login: disable user-account prior to deletion and wait until deletion is complete`` -* :vytask:`T4336` ``(feature): isis: add support for MD5 authentication password on a circuit`` - - -2022-04-06 -========== - -* :vytask:`T4308` ``(feature): Op-comm "Show log frr" to view specific protocol logs`` - - -2022-04-04 -========== - -* :vytask:`T4329` ``(bug): Bgp policy route-map bug with set several extcommunity rt`` - - -2022-04-02 -========== - -* :vytask:`T4335` ``(bug): open-vmdk fails to build under gcc-10.+`` - - -2022-04-01 -========== - -* :vytask:`T4332` ``(bug): bgp: deterministic-med cannot be disabled while addpath-tx-bestpath-per-AS is in use`` - - -2022-03-31 -========== - -* :vytask:`T4326` ``(feature): Add bgp option no-suppress-duplicates`` -* :vytask:`T4323` ``(default): ospf6d crashes on latest vyos nightly`` - - -2022-03-29 -========== - -* :vytask:`T3686` ``(bug): Bridging OpenVPN tap with no local-address breaks`` -* :vytask:`T3635` ``(default): Add ability to use mDNS repeater with VRRP`` - - -2022-03-26 -========== - -* :vytask:`T4321` ``(default): Allow BGP neighbors between different VIFs on the same VyOS`` - - -2022-03-24 -========== - -* :vytask:`T4301` ``(bug): The "arp-monitor" option in bonding interface settings does not work`` -* :vytask:`T4294` ``(bug): Adding a new openvpn-option does not restart the OpenVPN process`` -* :vytask:`T4290` ``(bug): BGP source-interface fails to commit`` -* :vytask:`T4230` ``(bug): OpenVPN server configuration deleted after reboot when using a VRRP virtual-address`` - - -2022-03-23 -========== - -* :vytask:`T4314` ``(bug): Latest 1.4 Rolling release config migration error`` - - -2022-03-21 -========== - -* :vytask:`T4304` ``(feature): [OSPF]import/export filter inter-area prefix`` - - -2022-03-20 -========== - -* :vytask:`T4298` ``(default): vyos-vm-images: fix ansible group name and remove obsolete empty command`` - - -2022-03-18 -========== - -* :vytask:`T4286` ``(bug): Fix for firewall ipv6 name address validator`` - - -2022-03-15 -========== - -* :vytask:`T4302` ``(feature): FRRouting upgrade to release 8.2.2`` -* :vytask:`T4293` ``(default): Add "set ip-next-hop unchanged" in route-map`` - - -2022-03-14 -========== - -* :vytask:`T4275` ``(default): Incorrect val_help for local/remote prefix in ipsec vpn`` - - -2022-03-12 -========== - -* :vytask:`T4296` ``(bug): Interface config injected by Cloud-Init may interfere with VyOS native`` -* :vytask:`T4265` ``(feature): Add op-mode for bgp flowspec state and routes`` - - -2022-03-11 -========== - -* :vytask:`T4297` ``(bug): Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings`` - - -2022-03-09 -========== - -* :vytask:`T3981` ``(feature): VRF support for flow-accounting`` - - -2022-03-05 -========== - -* :vytask:`T4259` ``(bug): The conntrackd daemon can be started wrongly`` - - -2022-03-03 -========== - -* :vytask:`T4283` ``(feature): Add support to "reject" routes - emit an ICMP unreachable when matched`` - - -2022-03-01 -========== - -* :vytask:`T4277` ``(feature): flow-accounting: support sending flow-data via VRF interface`` - - -2022-02-28 -========== - -* :vytask:`T4273` ``(bug): ssh: Upgrade from 1.2.X to 1.3.0 breaks config`` -* :vytask:`T4115` ``(bug): reboot in <x> not working as expected`` -* :vytask:`T3656` ``(bug): IPSec 1.4 : "show vpn ike sa" does not show the correct default ike version`` - - -2022-02-26 -========== - -* :vytask:`T4272` ``(feature): lldp: migrate Python script to use get_config_dict()`` - - -2022-02-24 -========== - -* :vytask:`T4267` ``(bug): Error - Missing required "ip key" parameter`` - - -2022-02-23 -========== - -* :vytask:`T4194` ``(bug): prefix-list no check for duplicate entries`` -* :vytask:`T4264` ``(bug): vxlan: interface is destroyed and rebuild on description change`` -* :vytask:`T4263` ``(bug): vyos.util.leaf_node_changed() dos not honor valueLess nodes`` - - -2022-02-21 -========== - -* :vytask:`T4120` ``(feature): [VXLAN] add ability to set multiple unicast-remotes`` - - -2022-02-20 -========== - -* :vytask:`T4254` ``(feature): VPN IPSec charon add options cisco_flexvpn and install_virtual_ip_on`` -* :vytask:`T4249` ``(feature): Add support for device mapping in containers`` -* :vytask:`T3617` ``(bug): IPSec 1.4 generate invalid configuration`` -* :vytask:`T4261` ``(feature): MACsec: add DHCP client support`` -* :vytask:`T4203` ``(bug): Reconfigure DHCP client interface causes brief outages`` - - -2022-02-19 -========== - -* :vytask:`T4258` ``(bug): [DHCP-SERVER] error parameter on Failover`` - - -2022-02-17 -========== - -* :vytask:`T4255` ``(bug): Unexpected print of dict bridge on delete`` -* :vytask:`T4240` ``(bug): Cannot add wlan0 to bridge via configure`` -* :vytask:`T4154` ``(bug): Error add second gre tunnel with the same source interface`` - - -2022-02-16 -========== - -* :vytask:`T4237` ``(bug): Conntrack-sync error - error adding listen-address command`` - - -2022-02-15 -========== - -* :vytask:`T4160` ``(bug): Firewall - Error in rules that matches everything except something`` -* :vytask:`T3006` ``(bug): Accel-PPP & vlan-mon config get invalid VLAN`` -* :vytask:`T3494` ``(bug): DHCPv6 leases traceback when PD using`` -* :vytask:`T1292` ``(bug): Issues while deleting all rules from a firewall`` - - -2022-02-13 -========== - -* :vytask:`T4242` ``(bug): ethernet speed/duplex can never be switched back to auto/auto`` -* :vytask:`T4191` ``(bug): Lost access to host after VRF re-creating`` - - -2022-02-11 -========== - -* :vytask:`T3872` ``(feature): Add configurable telegraf monitoring service`` - - -2022-02-08 -========== - -* :vytask:`T4227` ``(bug): Typo in help completion of hello-time option of bridge interface`` - - -2022-02-07 -========== - -* :vytask:`T4233` ``(bug): ssh: sync regex for allow/deny usernames to "system login"`` - - -2022-02-06 -========== - -* :vytask:`T4223` ``(bug): policy route cannot have several entries with the same table`` -* :vytask:`T4216` ``(bug): Firewall: can't use negated groups in firewall rules`` -* :vytask:`T4178` ``(bug): policy based routing tcp flags issue`` -* :vytask:`T4164` ``(bug): PBR: network groups (as well as address and port groups) don't resolve in `nftables_policy.conf``` -* :vytask:`T3970` ``(feature): Add support for op-mode PKI direct install into an active config session`` -* :vytask:`T3828` ``(bug): ipsec: Subtle change in "pfs enable" behavior from equuleus -> sagitta`` - - -2022-02-05 -========== - -* :vytask:`T4226` ``(bug): VRRP transition-script does not work for groups name which contains -(minus) sign`` - - -2022-02-04 -========== - -* :vytask:`T4196` ``(bug): DHCP server client-prefix-length parameter results in non-functional leases`` - - -2022-02-03 -========== - -* :vytask:`T4218` ``(bug): firewall: rule name is not allowed to start with a number`` -* :vytask:`T3643` ``(bug): show vpn ipsec sa doesn't show tunnels in "down" state`` - - -2022-02-01 -========== - -* :vytask:`T4224` ``(bug): Ethernet interfaces configured for DHCP not working on latest rolling snapshot (vyos-1.4-rolling-202201291849-amd64.iso)`` -* :vytask:`T4225` ``(bug): Performance degration with latest rolling release`` -* :vytask:`T4220` ``(bug): Commit broke dhclient 78b247b724f74bdabab0706aaa7f5b00e5809bc1`` -* :vytask:`T4138` ``(bug): NAT configuration allows to set incorrect port range and invalid port`` - - -2022-01-28 -========== - -* :vytask:`T4184` ``(bug): NTP allow-clients address doesn't work it allows to use ntp server for all addresses`` -* :vytask:`T4217` ``(bug): firewall: port-group requires protocol to be set - but not in VyOS 1.3`` - - -2022-01-27 -========== - -* :vytask:`T4213` ``(default): ipv6 policy routing not working anymore`` -* :vytask:`T4188` ``(bug): Firewall does not correctly handle conntracking`` -* :vytask:`T3762` ``(feature): Support network and address groups for policy ipv6-route`` -* :vytask:`T3560` ``(feature): Ability to create groups of MAC addresses`` -* :vytask:`T3495` ``(feature): Modernising port/protocol definitions`` - - -2022-01-25 -========== - -* :vytask:`T4205` ``(feature): Disable Debian Version in SSH (DebianBanner->no)`` -* :vytask:`T4131` ``(bug): Show firewall group incorrect format members`` - - -2022-01-24 -========== - -* :vytask:`T4204` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T1795` ``(default): Commit rollback by timeout`` - - -2022-01-23 -========== - -* :vytask:`T4186` ``(bug): Firewall icmp type - Offered options not supported`` -* :vytask:`T4181` ``(bug): Firewall ipv6-network-group - incorrect description on helper`` - - -2022-01-21 -========== - -* :vytask:`T4200` ``(bug): Assigning ipv6-name to interface is not generating nftables rules`` -* :vytask:`T4144` ``(bug): Firewall address-group - Improve error messages`` -* :vytask:`T4137` ``(bug): Firewall group configuration allows to set incorrect port range and invalid port`` -* :vytask:`T4133` ``(bug): Firewall network group error with zone-based firewall rules`` - - -2022-01-20 -========== - -* :vytask:`T4171` ``(bug): Interface config migration error on 1.2.8 -> 1.4 upgrade`` - - -2022-01-19 -========== - -* :vytask:`T4195` ``(feature): [OSPF-ECMP]enable set maximun-path`` - - -2022-01-18 -========== - -* :vytask:`T4159` ``(bug): Empty firewall group (address, network & port) generates invalid nftables config, commit fails`` -* :vytask:`T4155` ``(bug): PBR: `set table main` fails in `firewall.py` with newer rolling releases`` -* :vytask:`T3873` ``(feature): Zone based Firewall - Filter traffic in same zone`` -* :vytask:`T3286` ``(feature): Switch the firewall from iptables to nftables`` -* :vytask:`T292` ``(feature): [ZBF] Allow filtering intra zone traffic`` - - -2022-01-17 -========== - -* :vytask:`T3164` ``(bug): console-server ssh does not work with RADIUS PAM auth`` - - -2022-01-15 -========== - -* :vytask:`T4183` ``(feature): IPv6 link-local address not accepted as wireguard peer`` -* :vytask:`T4150` ``(bug): VRRP with conntrack-sync does not work`` -* :vytask:`T4110` ``(feature): [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0`` - - -2022-01-14 -========== - -* :vytask:`T4182` ``(bug): Show vrrp if vrrp not configured bug`` -* :vytask:`T4179` ``(feature): Add op-mode CLI for show high-availability virtual-server`` - - -2022-01-13 -========== - -* :vytask:`T4175` ``(bug): BGP configuration failed`` -* :vytask:`T4109` ``(feature): Extend high-availability/keepalived for support virtual-server lb`` - - -2022-01-12 -========== - -* :vytask:`T4174` ``(bug): Validation fails when entering port range with upper port 65535`` -* :vytask:`T4162` ``(bug): VPN ipsec ike-group - Incorrect value help for ikev2-reauth`` -* :vytask:`T4161` ``(bug): Policy route-map - Incorrect value help for local preference`` -* :vytask:`T4152` ``(bug): NHRP shortcut-target holding-time does not work`` - - -2022-01-11 -========== - -* :vytask:`T4149` ``(bug): [Firewall-IPV6] Error delete Fw rules on VIF/INT`` -* :vytask:`T3950` ``(bug): CLI backtrace on update if DNS not defined`` -* :vytask:`T4166` ``(bug): Debug output missing when frr.py called under vyos-configd`` - - -2022-01-10 -========== - -* :vytask:`T3299` ``(bug): Allow the web proxy service to listen on all IP addresses`` -* :vytask:`T3115` ``(feature): Add support for firewall on L3 VIF bridge interface`` - - -2022-01-09 -========== - -* :vytask:`T4142` ``(bug): Input ifbX interfaces not displayed in op-mode`` -* :vytask:`T3914` ``(bug): VRRP rfc3768-compatibility doesn't work with unicast peers`` - - -2022-01-08 -========== - -* :vytask:`T4116` ``(bug): Webproxy/Squid not working with IPv6 listen-address`` - - -2022-01-07 -========== - -* :vytask:`T3924` ``(bug): VRRP stops working with VRF`` - - -2022-01-06 -========== - -* :vytask:`T4135` ``(bug): Declare zone policy firewall without local zone errors`` -* :vytask:`T4130` ``(bug): Firewall state policy errors chain`` -* :vytask:`T4141` ``(bug): Set high-availability vrrp sync-group without members error`` - - -2022-01-04 -========== - -* :vytask:`T4134` ``(bug): Incorrect firewall protocol completion help uppercase and duplicates`` -* :vytask:`T4132` ``(bug): Impossible to show a specific firewall group`` - - -2022-01-03 -========== - -* :vytask:`T4126` ``(feature): Ability to set priority to site to site IPSec vpn tunnels`` -* :vytask:`T4052` ``(bug): Validator return traceback on VRRP configuration with the script path not in config dir`` -* :vytask:`T4128` ``(bug): keepalived: Upgrade package to add VRF support`` - - -2021-12-31 -========== - -* :vytask:`T4081` ``(bug): VRRP health-check script stops working when setting up a sync group`` - - -2021-12-30 -========== - -* :vytask:`T4124` ``(feature): snmp: migrate to get_config_dict()`` - - -2021-12-29 -========== - -* :vytask:`T4111` ``(bug): IPSec generates wrong configuration colons for IPv6 peers`` -* :vytask:`T4023` ``(feature): Add grepcidr or similar functionality`` -* :vytask:`T4086` ``(default): system login banner is not removed on deletion.`` - - -2021-12-28 -========== - -* :vytask:`T3380` ``(bug): "show vpn ike sa" does not display IPv6 peers`` - - -2021-12-27 -========== - -* :vytask:`T3979` ``(bug): vyos-hostd unable to hostfile-update`` -* :vytask:`T2566` ``(bug): sstp not able to run tunnels ipv6 only`` -* :vytask:`T4093` ``(bug): SNMPv3 snmpd.conf generation bug`` -* :vytask:`T2764` ``(enhancment): Increase maximum number of NAT rules`` - - -2021-12-26 -========== - -* :vytask:`T4104` ``(bug): RAID1: "add raid md0 member sda1" does not restore boot sector`` -* :vytask:`T4108` ``(default): OSPFv3: add support for auto-cost parameter`` -* :vytask:`T4107` ``(default): OSPFv3: add support for "default-information originate"`` - - -2021-12-25 -========== - -* :vytask:`T4101` ``(bug): commit-archive: Use of uninitialized value $source_address in concatenation`` -* :vytask:`T4099` ``(feature): flow-accounting: sync "source-ip" and "source-address" between netflow and sflow ion CLI`` -* :vytask:`T4097` ``(feature): flow-accounting: migrate implementation to get_config_dict()`` -* :vytask:`T4105` ``(feature): flow-accounting: drop "sflow agent-address auto"`` -* :vytask:`T4106` ``(feature): flow-accounting: support specification of capture packet lenght`` -* :vytask:`T4102` ``(feature): OSPFv3: add support for NSSA area-type`` -* :vytask:`T4055` ``(feature): Add VRF support for HTTP(S) API service`` - - -2021-12-24 -========== - -* :vytask:`T3854` ``(bug): Missing op-mode commands for conntrack-sync`` - - -2021-12-23 -========== - -* :vytask:`T3354` ``(default): Convert strip-private script from Perl to Python`` - - -2021-12-22 -========== - -* :vytask:`T3678` ``(bug): VyOS 1.4: Invalid error message while deleting ipsec vpn configuration`` -* :vytask:`T3356` ``(feature): Script for remote file transfers`` - - -2021-12-21 -========== - -* :vytask:`T4083` ``(bug): Cluster heartbeat doesn't start b.c lack of directory /run/heartbeat/`` -* :vytask:`T4070` ``(bug): NATv4 : inbound-interface type "any" is missing.`` -* :vytask:`T4053` ``(bug): VRRP impossible to set scripts out of the /config directory`` -* :vytask:`T3931` ``(bug): SSTP doesn't work after rewriting to PKI`` - - -2021-12-20 -========== - -* :vytask:`T4088` ``(default): Fix typo in login banner`` - - -2021-12-19 -========== - -* :vytask:`T3912` ``(default): Use a more informative default post-login banner`` - - -2021-12-17 -========== - -* :vytask:`T4059` ``(bug): VRRP sync-group transition script does not persist after reboot`` - - -2021-12-16 -========== - -* :vytask:`T4046` ``(feature): Sflow - Add Source address parameter`` -* :vytask:`T3556` ``(bug): Commit-archive via scp causes 100% CPU on boot`` -* :vytask:`T4076` ``(enhancment): Allow setting CORS options in HTTP API`` -* :vytask:`T4037` ``(default): HTTP transfers do not follow redirects`` -* :vytask:`T4029` ``(default): Broken SFTP uploads`` - - -2021-12-15 -========== - -* :vytask:`T4077` ``(bug): op-mode: bfd: drop "show protocols bfd" in favour of "show bfd"`` -* :vytask:`T4073` ``(bug): "show protocols bfd peer <>" shows incorrect peer information.`` - - -2021-12-14 -========== - -* :vytask:`T4071` ``(feature): Allow HTTP API to bind to unix domain socket`` - - -2021-12-12 -========== - -* :vytask:`T4069` ``(feature): BGP: add additional available parameters to VyOS CLI`` -* :vytask:`T4036` ``(bug): VXLAN incorrect raiseError if set multicast network instead of singe address`` - - -2021-12-10 -========== - -* :vytask:`T4068` ``(feature): Python: ConfigError should insert line breaks into the error message`` - - -2021-12-09 -========== - -* :vytask:`T4033` ``(bug): VRRP - Error security when setting scripts`` -* :vytask:`T4064` ``(bug): IP address for vif is not removed from the system when deleted in configuration`` -* :vytask:`T4060` ``(enhancment): Extend configquery for use before boot configuration is complete`` -* :vytask:`T4058` ``(bug): BFD: add BGP and OSPF "bfd profile" support`` -* :vytask:`T4054` ``(bug): BFD profiles configuration incorrect behavior.`` - - -2021-12-07 -========== - -* :vytask:`T4041` ``(servicerequest): "transition-script" doesn't work on "sync-group"`` - - -2021-12-06 -========== - -* :vytask:`T4012` ``(feature): Add VRF support for TFTP`` - - -2021-12-04 -========== - -* :vytask:`T4049` ``(feature): support command-style output with compare command`` -* :vytask:`T4047` ``(bug): Wrong regex validation in XML definitions`` -* :vytask:`T4042` ``(bug): BGP L2VPN / EVPN and RD type 0 set`` -* :vytask:`T4048` ``(bug): BGP: L2VPN/EVPN and individual RD and RT settings for each VNI`` -* :vytask:`T4045` ``(bug): Unable to "format disk <new> like <old>"`` -* :vytask:`T4044` ``(feature): BFD: add vrf support`` -* :vytask:`T4043` ``(feature): BFD: add support for passive mode`` - - -2021-12-02 -========== - -* :vytask:`T4035` ``(bug): Geneve interfaces aren't displayed by operational mode commands`` - - -2021-12-01 -========== - -* :vytask:`T3695` ``(bug): OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues`` - - -2021-11-30 -========== - -* :vytask:`T4010` ``(bug): DMVPN generates incorrect configuration life_time for swanctl.conf`` -* :vytask:`T3725` ``(feature): show configuration in json format`` - - -2021-11-29 -========== - -* :vytask:`T3946` ``(enhancment): Automatically resize the root partition if the drive has extra space`` - - -2021-11-28 -========== - -* :vytask:`T3999` ``(bug): show lldp neighbor Traceback error`` -* :vytask:`T3928` ``(feature): Add OSPFv3 VRF support`` - - -2021-11-27 -========== - -* :vytask:`T3755` ``(feature): ospf: adjust to new FRR 8 syntax where "no passive-interface " moved to interface section`` -* :vytask:`T3753` ``(feature): frr: upgrade to stable/8.1 release train`` - - -2021-11-26 -========== - -* :vytask:`T3978` ``(bug): containers add network without declaring prefix raise ConfigError`` - - -2021-11-25 -========== - -* :vytask:`T4006` ``(default): Add additional Linux capabilities to container configuration`` -* :vytask:`T3986` ``(bug): Incorrect description for vpn ipsec site-to-site authentication and connection`` - - -2021-11-24 -========== - -* :vytask:`T4015` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T3865` ``(bug): loadkey command help text missing escape sequence`` -* :vytask:`T1083` ``(feature): Implement persistent/random address and port mapping options for NAT rules`` - - -2021-11-23 -========== - -* :vytask:`T3990` ``(bug): WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)`` - - -2021-11-20 -========== - -* :vytask:`T3998` ``(bug): route-target completion incorrect description`` - - -2021-11-19 -========== - -* :vytask:`T4003` ``(bug): API for "show interfaces ethernet" does not include the interface description`` -* :vytask:`T4011` ``(bug): ethernet: deleting interface should place interface in admin down state`` - - -2021-11-18 -========== - -* :vytask:`T3612` ``(bug): IPoE Server address pool issues.`` -* :vytask:`T3995` ``(feature): OpenVPN: do not stop/start service on configuration change`` -* :vytask:`T4008` ``(feature): dhcp: change client retry interval form 300 -> 60 seconds`` -* :vytask:`T3795` ``(bug): WWAN: issues with non connected interface / no signal`` -* :vytask:`T3510` ``(bug): RADIUS usersname is not shown on CLI`` - - -2021-11-17 -========== - -* :vytask:`T3350` ``(bug): OpenVPN config file generation broken`` -* :vytask:`T3996` ``(bug): SNMP service error in log`` - - -2021-11-15 -========== - -* :vytask:`T3994` ``(bug): VRF: unable to delete vrf when name contains numbers, hyphen or underscore`` -* :vytask:`T3960` ``(bug): FRR Misconfig when using multiple VRF VNI`` -* :vytask:`T3724` ``(feature): Allow setting host-name in l2tp section of accel-ppp`` -* :vytask:`T645` ``(feature): Allow multiple prefixes in ipsec tunnel`` - - -2021-11-10 -========== - -* :vytask:`T3966` ``(default): OpenVPN fix the smoketests`` -* :vytask:`T3834` ``(default): [OPENVPN] Support for Two Factor Authentication totp.`` -* :vytask:`T3982` ``(bug): DHCP server commit fails if static-mapping contains + or .`` - - -2021-11-09 -========== - -* :vytask:`T3962` ``(bug): Image cannot be built without open-vm-tools`` - - -2021-11-07 -========== - -* :vytask:`T3626` ``(bug): Configuring and disabling DHCP Server`` - - -2021-11-06 -========== - -* :vytask:`T3514` ``(bug): NIC flap at any interface change`` - - -2021-11-05 -========== - -* :vytask:`T3972` ``(bug): Removing vif-c interface raises KeyError`` - - -2021-11-04 -========== - -* :vytask:`T3969` ``(bug): Container incorrect raiseError format if network doesn't exist`` -* :vytask:`T3662` ``(bug): Container configuration upgrade destroys system`` -* :vytask:`T3964` ``(bug): SSTP: local-user static-ip CLI node accepts invalid IPv4 addresses`` - - -2021-11-03 -========== - -* :vytask:`T3952` ``(default): Add sh bgp ipv4/ipv6 vpn command`` -* :vytask:`T3610` ``(bug): DHCP-Server creation for not primary IP address fails`` - - -2021-11-01 -========== - -* :vytask:`T3958` ``(default): OpenVPN breaks the smoketests`` -* :vytask:`T3956` ``(bug): GRE tunnel - unable to move from source-interface to source-address, commit error`` - - -2021-10-31 -========== - -* :vytask:`T3945` ``(feature): Add route-map for bgp aggregate-address`` -* :vytask:`T3954` ``(bug): FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error`` -* :vytask:`T3943` ``(bug): "netflow source-ip" prevents image upgrades if IP address does not exist locally`` - - -2021-10-29 -========== - -* :vytask:`T3942` ``(feature): Generate IPSec debug archive from op-mode`` - - -2021-10-28 -========== - -* :vytask:`T3951` ``(bug): After resetting vti ipsec tunnel old child SA still active`` -* :vytask:`T3941` ``(bug): "show vpn ipsec sa" shows established time of parent SA not child SA's`` -* :vytask:`T3916` ``(feature): Add additional Linux capabilities to container configuration`` - - -2021-10-27 -========== - -* :vytask:`T3944` ``(bug): VRRP fails over when adding new group to master`` - - -2021-10-22 -========== - -* :vytask:`T3897` ``(feature): Dynamic DNS doesn't work with IPv6 addresses`` -* :vytask:`T3832` ``(feature): Allow to set DHCP client-id in hexadecimal format`` -* :vytask:`T3188` ``(bug): Tunnel local-ip to dhcp-interface Change Fails to Update`` -* :vytask:`T3917` ``(default): Use Avahi as mDNS repeater for IPv6 support`` - - -2021-10-21 -========== - -* :vytask:`T3926` ``(bug): strip-private does not sanitize "cisco-authentication" from NHRP configuration`` -* :vytask:`T3925` ``(feature): Tunnel: dhcp-interface not implemented - use source-interface instead`` -* :vytask:`T3923` ``(feature): Kernel: Enable TLS/IPSec offload support for Mellanox ConnectX NICs`` -* :vytask:`T3927` ``(feature): Kernel: Enable kernel support for HW offload of the TLS protocol`` - - -2021-10-20 -========== - -* :vytask:`T3918` ``(bug): DHCPv6 prefix delegation incorrect verify error`` -* :vytask:`T3921` ``(bug): tunnel: KeyError when using dhcp-interface`` - - -2021-10-19 -========== - -* :vytask:`T3396` ``(bug): syslog can't be configured with an ipv6 literal destination in 1.2.x`` - - -2021-10-18 -========== - -* :vytask:`T3002` ``(default): VRRP change on IPSec interface causes packet routing issues`` - - -2021-10-17 -========== - -* :vytask:`T3786` ``(bug): GRE tunnel source address 0.0.0.0 error`` -* :vytask:`T3217` ``(default): Save FRR configuration on each commit`` -* :vytask:`T3381` ``(bug): Change GRE tunnel failed`` -* :vytask:`T3254` ``(bug): Dynamic DNS status shows incorrect last update time`` -* :vytask:`T1243` ``(bug): BGP local-as accept wrong values`` -* :vytask:`T697` ``(bug): Clean up and sanitize package dependencies`` -* :vytask:`T578` ``(feature): Support Linux Container`` - - -2021-10-16 -========== - -* :vytask:`T3879` ``(bug): GPG key verification fails when upgrading from a 1.3 beta version`` - - -2021-10-15 -========== - -* :vytask:`T3748` ``(bug): Container deletion bug`` -* :vytask:`T3693` ``(feature): ISIS Route redistribution ipv6 support missing`` -* :vytask:`T3676` ``(feature): Container option to add Linux capabilities`` -* :vytask:`T3613` ``(feature): Selectors for route-based IPsec tunnel (vti)`` -* :vytask:`T3692` ``(bug): VyOS build failing due to repo.saltstack.com`` -* :vytask:`T3673` ``(feature): BGP large-community del operation missing`` - - -2021-10-14 -========== - -* :vytask:`T3811` ``(bug): NAT (op_mode): NAT op_mode command fails.`` -* :vytask:`T3801` ``(feature): containers: do not use podman CLI to create container networks`` - - -2021-10-13 -========== - -* :vytask:`T3904` ``(bug): NTP pool associations silently fail`` -* :vytask:`T3277` ``(feature): DNS Forwarding - reverse zones`` - - -2021-10-12 -========== - -* :vytask:`T3216` ``(bug): Removal of restricted-shell broke configure mode for RADIUS users`` -* :vytask:`T3881` ``(bug): Wrong description for container section restart`` -* :vytask:`T3868` ``(bug): Regex and/or wildcard not accepted with large-community-list`` -* :vytask:`T3701` ``(bug): ipoe server fails to start when configuring radius dynamic-author on ipoe`` - - -2021-10-10 -========== - -* :vytask:`T3750` ``(bug): pdns-recursor 4.4 issue with dont-query and private DNS servers`` -* :vytask:`T3885` ``(default): dhcpv6-pd: randomly generated DUID is not persisted`` -* :vytask:`T3899` ``(enhancment): Add support for hd44780 LCD displays`` - - -2021-10-09 -========== - -* :vytask:`T3894` ``(bug): Tunnel Commit Failed if system does not have `eth0``` - - -2021-10-08 -========== - -* :vytask:`T3893` ``(bug): MGRE Tunnel commit crash If sit tunnel available`` - - -2021-10-05 -========== - -* :vytask:`T3741` ``(feature): [BGP] default no-ipv4-unicast - by default`` - - -2021-10-04 -========== - -* :vytask:`T3888` ``(bug): Incorrect warning when poweroff command executed from configure mode.`` -* :vytask:`T3890` ``(feature): dhcp(v6): provide op-mode commands to retrieve both server and client logfiles`` -* :vytask:`T3889` ``(feature): Migrate to journalctl when reading daemon logs`` - - -2021-10-03 -========== - -* :vytask:`T3880` ``(bug): EFI boot shows error on display`` - - -2021-10-02 -========== - -* :vytask:`T3882` ``(feature): Upgrade PowerDNs recursor to 4.5 series`` -* :vytask:`T3883` ``(bug): VRF - Delette vrf config on interface`` - - -2021-09-30 -========== - -* :vytask:`T3874` ``(bug): D-Link Ethernet Interface not working.`` -* :vytask:`T3869` ``(default): Rewrite vyatta_net_name/vyatta_interface_rescan in Python`` - - -2021-09-28 -========== - -* :vytask:`T3853` ``(default): nat66 rules gets deleted on reboot in 1.4-rolling-202109240217`` - - -2021-09-27 -========== - -* :vytask:`T3863` ``(default): nat66: commit fails/hangs on non existing interface`` - - -2021-09-26 -========== - -* :vytask:`T3860` ``(bug): Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses`` -* :vytask:`T3857` ``(feature): reboot: send wall message to all users for information`` -* :vytask:`T3867` ``(bug): vxlan: multicast group address is not validated`` -* :vytask:`T3859` ``(bug): Add "log-adjacency-changes" to ospfv3 process`` -* :vytask:`T3826` ``(bug): PKI: op-mode - do input validation when listing certificates`` - - -2021-09-25 -========== - -* :vytask:`T3657` ``(default): BGP neighbors ipv6 not able to establish with IPv6 link-local addresses`` - - -2021-09-23 -========== - -* :vytask:`T3850` ``(bug): Dots are no longer allowed in SSH public key names`` - - -2021-09-21 -========== - -* :vytask:`T3847` ``(feature): keepalived/vrrp: migrate to get_config_dict() - cleanup`` - - -2021-09-20 -========== - -* :vytask:`T3823` ``(bug): strip-private does not filter public IPv6 addresses`` - - -2021-09-19 -========== - -* :vytask:`T3841` ``(feature): dhcp-server: add ping-check option to CLI`` -* :vytask:`T2738` ``(bug): Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization`` -* :vytask:`T3840` ``(feature): dns forwarding: Cache size should allow values > 10k`` -* :vytask:`T3672` ``(bug): DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output`` - - -2021-09-18 -========== - -* :vytask:`T3831` ``(bug): External traffic stops routing when IPSEC tunnel comes up with interface vti0`` -* :vytask:`T1968` ``(default): Allow multiple static routes in dhcp-server`` -* :vytask:`T3838` ``(feature): dhcp-server - sync cli for name-servers to other subsystems`` -* :vytask:`T3839` ``(feature): dhcp-server: Allow configuration of a DNS server and domain name on the shared-network level`` - - -2021-09-17 -========== - -* :vytask:`T3830` ``(bug): ipsec: remote-id no longer included in IKE AUTH if not explicitly specified`` - - -2021-09-11 -========== - -* :vytask:`T3402` ``(feature): Add VyOS programming library for operational level commands`` - - -2021-09-10 -========== - -* :vytask:`T3802` ``(bug): Commit fails if ethernet interface doesn't support flow control`` -* :vytask:`T3819` ``(bug): Upgrade Salt Stack 3002.3 -> 3003 release train`` -* :vytask:`T915` ``(feature): MPLS Support`` - - -2021-09-09 -========== - -* :vytask:`T3812` ``(bug): Vyos and frr route-map config out of sync`` -* :vytask:`T3814` ``(bug): wireguard: commit error showing incorrect peer name from the configured name`` -* :vytask:`T3805` ``(bug): OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface`` -* :vytask:`T3815` ``(bug): pki : the file command 'generate pki wireguard key-pair file' is not working`` - - -2021-09-07 -========== - -* :vytask:`T1894` ``(bug): FRR config not loaded after daemons segfault or restart`` -* :vytask:`T3807` ``(bug): Op Command "show interfaces wireguard" does not show the output`` - - -2021-09-06 -========== - -* :vytask:`T3806` ``(bug): Don't set link local ipv6 address if MTU less then 1280`` -* :vytask:`T3803` ``(default): Add source-address option to the ping CLI`` -* :vytask:`T3431` ``(bug): Show version all bug`` -* :vytask:`T2920` ``(bug): Commit crash when adding the second mGRE tunnel with the same key`` - - -2021-09-05 -========== - -* :vytask:`T3804` ``(feature): cli: Migrate and merge "system name-servers-dhcp" into "system name-server"`` - - -2021-09-04 -========== - -* :vytask:`T3619` ``(bug): Performance Degradation 1.2 --> 1.3 | High ksoftirqd CPU usage`` - - -2021-09-03 -========== - -* :vytask:`T3788` ``(bug): Keys are not allowed with ipip and sit tunnels`` -* :vytask:`T3634` ``(feature): Add op command option for ping for do not fragment bit to be set`` -* :vytask:`T3798` ``(feature): bgp: add support for "neighbor <X> local-as replace-as" option`` - - -2021-09-02 -========== - -* :vytask:`T3792` ``(bug): login: A hypen present in a username from "system login user" is replaced by an underscore`` -* :vytask:`T3790` ``(bug): Does not possible to configure PPTP static ip-address to users`` -* :vytask:`T2947` ``(bug): Nat translation many-many with prefix does not map 1-1.`` - - -2021-08-31 -========== - -* :vytask:`T3789` ``(feature): Add custom validator for base64 encoded CLI data`` -* :vytask:`T3782` ``(default): Ingress Shaping with IFB No Longer Functional with 1.3`` - - -2021-08-30 -========== - -* :vytask:`T3768` ``(default): Remove early syntaxVersion implementation`` -* :vytask:`T2941` ``(default): Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py`` -* :vytask:`T3787` ``(bug): Remove deprecated UDP fragmentation offloading option`` - - -2021-08-29 -========== - -* :vytask:`T3708` ``(bug): isisd and gre-bridge commit error`` -* :vytask:`T3783` ``(bug): "set protocols isis spf-delay-ietf" is not working`` -* :vytask:`T2750` ``(default): Use m4 as a template processor`` - - -2021-08-28 -========== - -* :vytask:`T3743` ``(bug): l2tp doesn't work after reboot if outside-address not 0.0.0.0`` - - -2021-08-27 -========== - -* :vytask:`T3182` ``(bug): Main blocker Task for FRR 7.4/7.5 series update`` -* :vytask:`T3568` ``(feature): Add XML for firewall conf-mode`` -* :vytask:`T2108` ``(default): Use minisign/signify instead of GPG for release signing`` - - -2021-08-26 -========== - -* :vytask:`T3776` ``(default): Rename FRR daemon restart op-mode commands`` -* :vytask:`T3739` ``(feature): policy: route-map: add EVPN match support`` - - -2021-08-25 -========== - -* :vytask:`T3773` ``(bug): Delete the "show system integrity" command (to prepare for a re-implementation)`` -* :vytask:`T3775` ``(bug): Typo in generated Strongswan VPN-config`` - - -2021-08-24 -========== - -* :vytask:`T3772` ``(bug): VRRP virtual interfaces are not shown in show interfaces`` - - -2021-08-23 -========== - -* :vytask:`T3769` ``(feature): Containers: Network Bridging`` - - -2021-08-22 -========== - -* :vytask:`T3090` ``(feature): Move 'adjust-mss' firewall options to the interface section.`` -* :vytask:`T3765` ``(default): container: additional op-mode commands`` - - -2021-08-20 -========== - -* :vytask:`T1950` ``(default): Store VyOS configuration syntax version data in JSON file`` - - -2021-08-19 -========== - -* :vytask:`T3751` ``(bug): pki generate ca add new line after passphrase`` -* :vytask:`T3764` ``(bug): Unconfigurable IKE and ESP lifetime`` -* :vytask:`T3234` ``(bug): multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions`` -* :vytask:`T3732` ``(feature): override-default helper should support adding defaultValues to default less nodes`` -* :vytask:`T3759` ``(default): [L3VPN] VPNv4/VPNv6 add commands`` - - -2021-08-18 -========== - -* :vytask:`T3752` ``(bug): generate pki certificate file xxx doesn't touch file`` - - -2021-08-16 -========== - -* :vytask:`T3738` ``(default): openvpn fails if server and authentication are configured`` -* :vytask:`T1594` ``(bug): l2tpv3 error on IPv6 local-ip`` - - -2021-08-15 -========== - -* :vytask:`T3756` ``(default): VyOS generates invalid QR code for wireguard clients`` -* :vytask:`T3757` ``(default): OSPF: add support to configure the area at an interface level`` - - -2021-08-14 -========== - -* :vytask:`T3745` ``(feature): op-mode IPSec show vpn ipse sa sorting`` - - -2021-08-13 -========== - -* :vytask:`T3749` ``(bug): V4/V6 Counters in network container validation aren't being reset`` -* :vytask:`T3728` ``(bug): FRR not respect configured RD and RT for L3VNI`` -* :vytask:`T3727` ``(bug): VPN IPsec ESP proposal and ESP presented in config missmatch`` -* :vytask:`T3740` ``(bug): HTTPs API breaks when the address is IPv6`` - - -2021-08-12 -========== - -* :vytask:`T3731` ``(bug): verify_accel_ppp_base_service return wrong config error for SSP`` -* :vytask:`T3405` ``(feature): PPPoE server unit-cache`` -* :vytask:`T2432` ``(default): dhcpd: Can't create new lease file: Permission denied`` -* :vytask:`T3746` ``(feature): Inform users logging into the system about a pending reboot`` -* :vytask:`T3744` ``(default): Dns forwarding statistics formatting missing a new line`` - - -2021-08-11 -========== - -* :vytask:`T3709` ``(feature): Snmp: Allow enable MIDs/OIDs ipCidrRouteTable`` - - -2021-08-09 -========== - -* :vytask:`T3720` ``(bug): IPSec set vti secondary address cause interface disable`` - - -2021-08-08 -========== - -* :vytask:`T3705` ``(bug): IPSec: VTI interface does not honor default-esp-group`` -* :vytask:`T2027` ``(bug): get_config_dict is failing when the configuration section is empty/missing`` - - -2021-08-05 -========== - -* :vytask:`T3719` ``(bug): Restart vpn shows some missed files`` - - -2021-08-04 -========== - -* :vytask:`T3704` ``(feature): Add ability to interact with Areca RAID adapers`` -* :vytask:`T3718` ``(bug): VPN IPsec IKE group by default not use DH-group 2`` - - -2021-08-02 -========== - -* :vytask:`T3601` ``(default): Error in ssh keys for vmware cloud-init if ssh keys is left empty.`` - - -2021-08-01 -========== - -* :vytask:`T3707` ``(bug): Ping incorrect ip host checks`` - - -2021-07-31 -========== - -* :vytask:`T3716` ``(feature): Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections`` - - -2021-07-30 -========== - -* :vytask:`T1176` ``(default): FRR - BGP replicating routes`` -* :vytask:`T1210` ``(feature): About IKEv2 IPSec VPN remote access`` - - -2021-07-23 -========== - -* :vytask:`T3699` ``(bug): login: verify selected "system login user" name is not already used by the base system.`` -* :vytask:`T3698` ``(default): Support bridge monitoring`` - - -2021-07-13 -========== - -* :vytask:`T3679` ``(default): Point the unexpected exception message link to the new rolling release location`` - - -2021-07-11 -========== - -* :vytask:`T3665` ``(bug): Missing VRF support for VxLAN but already documented`` - - -2021-07-10 -========== - -* :vytask:`T3636` ``(feature): SSTP / L2TP ipv6 support broken`` - - -2021-07-09 -========== - -* :vytask:`T3667` ``(bug): brctl is damaged`` - - -2021-07-06 -========== - -* :vytask:`T3660` ``(feature): Conntrack-Sync configuration command to specify destination udp port for peer`` - - -2021-07-03 -========== - -* :vytask:`T57` ``(enhancment): Make it possible to disable the entire IPsec peer`` - - -2021-07-01 -========== - -* :vytask:`T3658` ``(feature): Add support for dhcpdv6 fixed-prefix6`` -* :vytask:`T2035` ``(bug): Executing vyos-smoketest multiple times makes ssh test fail on execution`` - - -2021-06-29 -========== - -* :vytask:`T3593` ``(bug): PPPoE server called-sid format does not work`` -* :vytask:`T1441` ``(feature): Add support for IPSec XFRM interfaces`` - - -2021-06-25 -========== - -* :vytask:`T3641` ``(feature): Upgrade base system from Debian Buster -> Debian Bullseye`` -* :vytask:`T3649` ``(feature): Add bonding additional hash-policy`` - - -2021-06-23 -========== - -* :vytask:`T3647` ``(feature): Bullseye: gcc defaults to passing --as-needed to linker`` - - -2021-06-22 -========== - -* :vytask:`T3629` ``(bug): IPoE server shifting address in the range`` -* :vytask:`T3645` ``(feature): Bullseye: ethtool changed output for ring-buffer information`` - - -2021-06-21 -========== - -* :vytask:`T3563` ``(default): commit-archive breaks with IPv6 source addresses`` - - -2021-06-20 -========== - -* :vytask:`T3637` ``(bug): vrf: bind-to-all didn't work properly`` -* :vytask:`T3639` ``(default): GCC preprocessor clobbers C comments`` - - -2021-06-19 -========== - -* :vytask:`T3633` ``(feature): Add LRO offload for interface ethernet`` - - -2021-06-18 -========== - -* :vytask:`T3599` ``(default): Migrate NHRP to XML/Python`` - - -2021-06-17 -========== - -* :vytask:`T3624` ``(feature): BGP: add support for extended community bandwidth definition`` - - -2021-06-16 -========== - -* :vytask:`T3623` ``(default): Fix for dummy interface option in the operational command "clear interfaces dummy"`` -* :vytask:`T3630` ``(feature): op-mode: add "show version kernel" command`` - - -2021-06-13 -========== - -* :vytask:`T3620` ``(feature): Rename WWAN interface from wirelessmodem to wwan to use QMI interface`` -* :vytask:`T2173` ``(feature): Add the ability to use VRF on VTI interfaces`` -* :vytask:`T3622` ``(feature): WWAN: add support for APN authentication`` -* :vytask:`T3606` ``(bug): SNMP unknown notification OID`` -* :vytask:`T3621` ``(bug): PPPoE interface does not validate if password is supplied when username is set`` - - -2021-06-12 -========== - -* :vytask:`T3611` ``(bug): WWAN interface (MC7710) no longer works on Kernel 5.10`` -* :vytask:`T1534` ``(bug): IPSec w/ IKEv2 Invalid local-address "any"`` -* :vytask:`T3616` ``(bug): Update to FastAPI causes regression in vyos-http-api-server`` - - -2021-06-11 -========== - -* :vytask:`T3614` ``(bug): Container network name with hyphen fail`` - - -2021-06-10 -========== - -* :vytask:`T3250` ``(bug): PPPoE server: wrong local usernames`` -* :vytask:`T3138` ``(bug): ddclient improperly updated when apply rfc2136 config`` -* :vytask:`T2645` ``(default): Editing route-map action requires adding a new rule`` - - -2021-06-08 -========== - -* :vytask:`T3605` ``(default): Allow to set prefer-global for ipv6-next-hop`` -* :vytask:`T3607` ``(feature): [route-map] set ipv6 next-hop prefer-global`` -* :vytask:`T3289` ``(bug): No description for node "service" conf-mode`` - - -2021-06-07 -========== - -* :vytask:`T3461` ``(bug): OpenConnect Server redundancy check`` -* :vytask:`T3455` ``(bug): system users can not be added in "edit"`` -* :vytask:`T3588` ``(default): IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan`` - - -2021-06-06 -========== - -* :vytask:`T842` ``(feature): Adopt VyOS CLI to latest StrongSwan options and deprecated Keywords`` - - -2021-06-04 -========== - -* :vytask:`T3595` ``(default): Cannot create new VTI interface`` -* :vytask:`T3592` ``(feature): Set default TTL 64 for tunnels`` - - -2021-06-03 -========== - -* :vytask:`T3384` ``(feature): Support UDP bandwidth testing`` - - -2021-06-02 -========== - -* :vytask:`T3233` ``(bug): Interface redirect to dum0`` - - -2021-06-01 -========== - -* :vytask:`T3585` ``(default): Fix NHRP module for updated interfaces tunnel syntax`` -* :vytask:`T3594` ``(bug): Disable by default service strongswan-starter`` - - -2021-05-30 -========== - -* :vytask:`T3518` ``(bug): Warning messages when using SCP commit-archive`` -* :vytask:`T3093` ``(default): Add xml for vpn ipsec`` -* :vytask:`T1866` ``(bug): Commit archive over SFTP doesn't work with non-standard ports`` -* :vytask:`T3590` ``(feature): bgp: add option for limiting maximum number of prefixes to be sent to a peer`` -* :vytask:`T3589` ``(feature): op-mode: support clearing out logfiles from CLI`` -* :vytask:`T2641` ``(feature): Rewrite vpn ipsec OP commands in new style XML syntax`` -* :vytask:`T3351` ``(feature): Installer checking MD5 checksums on the ISO image`` - - -2021-05-29 -========== - -* :vytask:`T1944` ``(bug): FRR: Invalid route in BGP causes update storm, memory leak, and failure of Zebra`` -* :vytask:`T1888` ``(feature): Update to StrongSwan 5.9.1`` - - -2021-05-27 -========== - -* :vytask:`T3561` ``(feature): router-advert: support advertising specific routes`` -* :vytask:`T2669` ``(bug): DHCP-server overlapping ranges.`` - - -2021-05-26 -========== - -* :vytask:`T3540` ``(bug): Keepalived memory utilisation issue when constantly getting its state in JSON format`` - - -2021-05-24 -========== - -* :vytask:`T3575` ``(bug): pseudo-ethernet: must check source-interface MTU`` -* :vytask:`T3571` ``(bug): Broken Show Tab Complete`` -* :vytask:`T3555` ``(bug): GRE TAP tunnel does not silent fragment packets / kernel fix available`` -* :vytask:`T3576` ``(bug): ISIS does not support IPV6`` - - -2021-05-23 -========== - -* :vytask:`T3570` ``(default): Prevent setting of a larger MTU on child interfaces`` -* :vytask:`T3573` ``(bug): as-path-prepend Description Invalid`` -* :vytask:`T3572` ``(feature): Basic Drive Diagnostic Tools`` - - -2021-05-22 -========== - -* :vytask:`T3564` ``(default): Multiple BGP Confederation Peers Not Allowed`` - - -2021-05-21 -========== - -* :vytask:`T3551` ``(bug): QoS control failure of VLAN sub interface`` - - -2021-05-20 -========== - -* :vytask:`T3554` ``(feature): Add area-type stub for ospfv3`` -* :vytask:`T3565` ``(feature): sysctl: rewrite in XML and Python and drop from vyatta-cfg-system`` - - -2021-05-19 -========== - -* :vytask:`T3562` ``(feature): Update Accel-PPP to a newer revision`` -* :vytask:`T3559` ``(feature): Add restart op-command for OpenConnect Server`` - - -2021-05-18 -========== - -* :vytask:`T3525` ``(default): VMWare resume script syntax errors`` - - -2021-05-15 -========== - -* :vytask:`T3549` ``(bug): DHCPv6 "service dhcpv6-server global-parameters name-server" is not correctly exported to dhcpdv6.conf when multiple name-server entries are present`` -* :vytask:`T3532` ``(bug): Not possible to change ethertype after interface creation`` -* :vytask:`T3550` ``(bug): Router-advert completion typo`` -* :vytask:`T3547` ``(feature): conntrackd: remove deprecated config options`` -* :vytask:`T3535` ``(feature): Rewrite vyatta-conntrack-sync in new XML and Python flavor`` - - -2021-05-14 -========== - -* :vytask:`T3346` ``(bug): nat 4-to-5 migration script fails when a 'source' or 'destination' node exists but there are no rules`` -* :vytask:`T3248` ``(default): Deal with VRRP mode-force command that exists in 1.2 but not in 1.3`` -* :vytask:`T3426` ``(default): add support for script arguments to vyos-configd`` - - -2021-05-13 -========== - -* :vytask:`T3539` ``(bug): Typo in RPKI interface definition`` -* :vytask:`T439` ``(feature): local PBR support`` -* :vytask:`T3544` ``(feature): DHCP server should validate configuration before applying it`` -* :vytask:`T3543` ``(feature): Support for setting lacp_rate on LACP bonded interfaces`` - - -2021-05-12 -========== - -* :vytask:`T3302` ``(default): Make vyos-configd relay stdout from scripts to the user's console`` -* :vytask:`T3542` ``(bug): udev net.rules not installed in image since may 2nd`` - - -2021-05-10 -========== - -* :vytask:`T3374` ``(bug): IPv6 GRE Tunnel issues`` - - -2021-05-09 -========== - -* :vytask:`T3530` ``(bug): BGP peer-group can't contain a hyphen`` - - -2021-05-06 -========== - -* :vytask:`T3523` ``(bug): VRF BGP daemon route-map command missing`` -* :vytask:`T3519` ``(bug): Cannot add / assign L2TPv3 to vrf`` - - -2021-05-05 -========== - -* :vytask:`T3520` ``(bug): Cannot add tunnel interface to isis within vrf`` -* :vytask:`T3335` ``(bug): Some OSPFv3 show commands do not work`` - - -2021-05-04 -========== - -* :vytask:`T3504` ``(feature): BGP Per Peer Graceful Restart`` - - -2021-05-02 -========== - -* :vytask:`T3511` ``(bug): Update libnss-mapuser and libpam-radius packages from CUMULUS Linux`` - - -2021-05-01 -========== - -* :vytask:`T3379` ``(feature): Add global-parameters name-server for dhcpv6-server`` -* :vytask:`T3491` ``(default): Change Kernel HZ to 1000`` - - -2021-04-29 -========== - -* :vytask:`T3503` ``(bug): "route-reflector-client" fails when "remote-as" is "internal"`` -* :vytask:`T3502` ``(bug): "system ip multipath layer4-hashing" doesn't work`` - - -2021-04-28 -========== - -* :vytask:`T3473` ``(bug): IPSec op-mode show sa error`` - - -2021-04-27 -========== - -* :vytask:`T2946` ``(bug): Calling 'stty_size' causes show interfaces API to fail`` - - -2021-04-25 -========== - -* :vytask:`T3490` ``(bug): priority inversion on PBR "policy route" create, breaks default route from dhcp (live iso)`` -* :vytask:`T3468` ``(bug): Tunnel interfaces aren't suggested as being available for bridging (regression)`` -* :vytask:`T3497` ``(bug): Prefix list with rule containing only action is not detected as error during parse`` -* :vytask:`T3492` ``(bug): BGP Configuration Migration failed (badly!) from rolling 202102240218 to rolling 202104221210`` -* :vytask:`T1802` ``(feature): Wireguard QR code in cli for mobile devices`` - - -2021-04-24 -========== - -* :vytask:`T3472` ``(bug): commit-confirm script not found`` -* :vytask:`T3439` ``(bug): Commit-archive location not working for scp`` - - -2021-04-23 -========== - -* :vytask:`T3395` ``(bug): WAN load-balancing fails with nexthop dhcp`` -* :vytask:`T3290` ``(bug): Disabling GRE conntrack module fails`` - - -2021-04-20 -========== - -* :vytask:`T3488` ``(bug): Specifying an invalid "interface address" like dhcph leads to commit error`` - - -2021-04-18 -========== - -* :vytask:`T3481` ``(default): Exclude tag node values from key mangling`` -* :vytask:`T3475` ``(bug): XML dictionary cache unable to process syntaxVersion elements`` - - -2021-04-17 -========== - -* :vytask:`T3470` ``(bug): as-override isn't applied to frr`` - - -2021-04-15 -========== - -* :vytask:`T3386` ``(bug): PPPoE-server don't start with local authentication`` -* :vytask:`T3190` ``(feature): Unable to subtract value from local-preference in route-map`` - - -2021-04-14 -========== - -* :vytask:`T3398` ``(bug): Can't commit`` -* :vytask:`T3055` ``(bug): op-mode incorrect naming for ipsec policy-based tunnels`` - - -2021-04-13 -========== - -* :vytask:`T3436` ``(feature): Refactoring ospf op-mode for support vrf`` -* :vytask:`T3434` ``(feature): Refactoring bgp op-mode for support vrf`` - - -2021-04-12 -========== - -* :vytask:`T3454` ``(enhancment): dhclient reject option`` -* :vytask:`T3328` ``(bug): Bgp not possible to delete bgp route-map`` - - -2021-04-10 -========== - -* :vytask:`T3460` ``(bug): bgp, Configuration FRR failed while commiting code`` - - -2021-04-09 -========== - -* :vytask:`T3464` ``(bug): OSPF: route-map names containing a hypen are not "found"`` - - -2021-04-08 -========== - -* :vytask:`T3462` ``(default): show ipv6 bgp -- missing`` -* :vytask:`T3463` ``(bug): Prevent IPv4 Route exchange with IPv6 neighbors`` - - -2021-04-05 -========== - -* :vytask:`T3438` ``(bug): VRF: removing vif which belongs to a vrf, will delete the entire vrf from the operating system`` -* :vytask:`T3418` ``(bug): BGP: system wide known interface can not be used as neighbor`` - - -2021-04-04 -========== - -* :vytask:`T3457` ``(feature): Output the "monitor log" command in a colorful way`` - - -2021-03-31 -========== - -* :vytask:`T3445` ``(bug): vyos-1x build include not all nodes`` - - -2021-03-30 -========== - -* :vytask:`T3448` ``(bug): Loading vyos on a system without xdp installed fails`` - - -2021-03-29 -========== - -* :vytask:`T3415` ``(feature): bridge: add support for isolated interfaces (private-vlan)`` -* :vytask:`T1711` ``(feature): BGP - migrate from tagNode to node (remove ASN from tagNode)`` - - -2021-03-28 -========== - -* :vytask:`T3440` ``(bug): HTTP API: give uvicorn time to initialize before restarting Nginx proxy`` - - -2021-03-27 -========== - -* :vytask:`T3423` ``(bug): Cannot create ipv4 static route for default gateway in vrf`` - - -2021-03-26 -========== - -* :vytask:`T3412` ``(default): HTTP API: move to FastAPI as web framework`` -* :vytask:`T2397` ``(feature): HTTP API: export OpenAPI definition`` - - -2021-03-24 -========== - -* :vytask:`T3419` ``(bug): show interfaces | strip-private fails`` - - -2021-03-22 -========== - -* :vytask:`T3284` ``(bug): merge/load fail silently if unable to resolve host`` - - -2021-03-21 -========== - -* :vytask:`T3417` ``(default): ISIS: provide per VRF instance support`` -* :vytask:`T3416` ``(bug): NTP: when running inside a VRF op-mode commands do not work`` - - -2021-03-20 -========== - -* :vytask:`T3392` ``(bug): vrrp over dhcp default route bug (unexpected vrf)`` -* :vytask:`T3373` ``(feature): Upgrade to SaltStack version 3002.5`` -* :vytask:`T3329` ``(default): "system conntrack ignore" rules can no longer be created due to an iptables syntax change`` -* :vytask:`T3300` ``(feature): Add DHCP default route distance`` -* :vytask:`T3306` ``(feature): Extend set route-map aggregator as to 4 Bytes`` - - -2021-03-18 -========== - -* :vytask:`T3411` ``(default): Extend the redirect_stdout context manager in vyos-configd to redirect stdout from subprocesses`` -* :vytask:`T3271` ``(bug): qemu-kvm grub issue`` - - -2021-03-17 -========== - -* :vytask:`T3413` ``(bug): Configuring invalid IPv6 EUI64 address results in "OSError: illegal IP address string passed to inet_pton"`` - - -2021-03-14 -========== - -* :vytask:`T3345` ``(default): BGP: add per VRF instance support`` -* :vytask:`T3344` ``(default): Per VRF dynamic routing support`` -* :vytask:`T3325` ``(bug): Bgp listen-range wrong commit message`` -* :vytask:`T1513` ``(default): Move OSPF and RIP interface configuration under protocols`` - - -2021-03-13 -========== - -* :vytask:`T3406` ``(bug): tunnel: interface no longer supports specifying encaplimit none - or migrator is missing`` -* :vytask:`T3407` ``(bug): console-server: do not allow to spawn a console-server session on serial port used by "system console"`` - - -2021-03-11 -========== - -* :vytask:`T3305` ``(bug): Ingress qdisc does not work anymore in 1.3-rolling-202101 snapshot`` -* :vytask:`T2927` ``(bug): isc-dhcpd release and expiry events never execute`` - - -2021-03-09 -========== - -* :vytask:`T3382` ``(bug): Error creating Console Server`` - - -2021-03-08 -========== - -* :vytask:`T3387` ``(bug): Command "Monitor vpn ipsec" is not working`` - - -2021-03-07 -========== - -* :vytask:`T3388` ``(bug): show interfaces doesn't display pppoeX`` -* :vytask:`T3211` ``(feature): ability to redistribute ISIS into other routing protocols`` - - -2021-03-04 -========== - -* :vytask:`T3377` ``(bug): show interfaces throws error`` - - -2021-03-02 -========== - -* :vytask:`T3375` ``(bug): Interface becomes up at boot even when disabled`` - - -2021-02-28 -========== - -* :vytask:`T3370` ``(bug): dhcp: Invalid domain name "private"`` -* :vytask:`T3369` ``(feature): VXLAN: add IPv6 underlay support`` -* :vytask:`T3363` ``(bug): VyOS-Build interactive prompt when using Podman`` -* :vytask:`T3320` ``(bug): Bgp neighbor peer-group without peer-group fail`` - - -2021-02-27 -========== - -* :vytask:`T3365` ``(bug): Bgp neighbor interface ordering for remote-as`` -* :vytask:`T3225` ``(bug): Adding a BGP neighbor with an address on a local interface throws a vyos.frr.CommitError: Configuration FRR failed while committing code: ''`` -* :vytask:`T3368` ``(feature): macsec: add support for gcm-aes-256 cipher`` -* :vytask:`T3173` ``(feature): Need 'nopmtudisc' option for tunnel interface`` - - -2021-02-26 -========== - -* :vytask:`T3324` ``(bug): Bgp space in the password`` -* :vytask:`T3357` ``(default): HTTP-API redirect from http correct https port`` -* :vytask:`T3323` ``(bug): Bgp ttl-security and ebgp-multihop fail`` - - -2021-02-24 -========== - -* :vytask:`T3303` ``(feature): Change welcome message on boot`` - - -2021-02-22 -========== - -* :vytask:`T3322` ``(bug): Bgp neighbor timers not applyed to FRR config`` -* :vytask:`T3327` ``(bug): OSPFv3: Cannot add dummy interface`` - - -2021-02-21 -========== - -* :vytask:`T3331` ``(bug): Bgp unsuppress-map should be as "value leafNode"`` -* :vytask:`T3330` ``(bug): Bgp capability orf prefix-list fail`` -* :vytask:`T3163` ``(feature): ethernet ring-buffer can be set with an invalid value`` - - -2021-02-19 -========== - -* :vytask:`T3326` ``(bug): OSPFv3: Cannot add L2TPv3 interface`` -* :vytask:`T3332` ``(bug): BGP unnumbered - UnboundLocalError: local variable 'peer_group' referenced before assignment`` - - -2021-02-18 -========== - -* :vytask:`T3259` ``(default): many dnat rules makes the vyos http api crash, even showConfig op timeouts`` - - -2021-02-17 -========== - -* :vytask:`T3312` ``(feature): SolarFlare NICs support`` - - -2021-02-16 -========== - -* :vytask:`T3313` ``(bug): ospfv3 interface missing options`` -* :vytask:`T3318` ``(feature): Update Linux Kernel to v5.4.208 / 5.10.142`` - - -2021-02-15 -========== - -* :vytask:`T3311` ``(bug): BGP Error: Remote AS must be set for neighbor or peer-group`` - - -2021-02-14 -========== - -* :vytask:`T2848` ``(feature): bgp-add-path configuration options`` - - -2021-02-12 -========== - -* :vytask:`T3301` ``(bug): Wrong format and valueHelp for policy as-path-list regex`` - - -2021-02-11 -========== - -* :vytask:`T3281` ``(default): Rewrite protocol RIPng [conf-mode] to new XML/Python style`` -* :vytask:`T3282` ``(default): Add XML for [conf-mode] RIPng`` -* :vytask:`T3279` ``(default): Rewrite protocol STATIC [op-mode] to new XML/Python style`` -* :vytask:`T3297` ``(bug): Optimize irrelevant error stack hints`` - - -2021-02-08 -========== - -* :vytask:`T3295` ``(feature): Update Linux Kernel to v5.4.96 / 5.10.14`` - - -2021-02-05 -========== - -* :vytask:`T3030` ``(feature): Support ERSPAN Tunnel Protocol`` - - -2021-02-04 -========== - -* :vytask:`T3283` ``(feature): Support for IPv4 neigh tables`` -* :vytask:`T3280` ``(default): Add XML for [conf-mode] STATIC`` - - -2021-02-03 -========== - -* :vytask:`T3278` ``(feature): Add XML for "protocols vrf" [conf-mode]`` -* :vytask:`T3239` ``(default): XML: override 'defaultValue' for mtu of certain interfaces; remove workarounds`` -* :vytask:`T2910` ``(feature): XML: generator should support override of variables`` - - -2021-02-02 -========== - -* :vytask:`T3018` ``(bug): Unclear behaviour when configuring vif and vif-s interfaces`` -* :vytask:`T3255` ``(default): Rewrite protocol RPKI to new XML/Python style`` -* :vytask:`T3263` ``(feature): OSPF Hello subsecond timer`` - - -2021-01-31 -========== - -* :vytask:`T3276` ``(feature): Update Linux Kernel to v5.4.94 / 5.10.12`` - - -2021-01-30 -========== - -* :vytask:`T3240` ``(feature): Support per-interface DHCPv6 DUIDs`` -* :vytask:`T3273` ``(default): PPPoE static default-routes deleted on interface down when not added by interface up`` - - -2021-01-29 -========== - -* :vytask:`T3261` ``(bug): Does not possible to disable pppoe client interface.`` -* :vytask:`T3272` ``(default): OSPF: interface config is not removed`` - - -2021-01-27 -========== - -* :vytask:`T3257` ``(feature): tcpdump supporting complete protocol`` -* :vytask:`T3244` ``(default): Rewrite protocol OSPFv3 to new XML/Python style`` - - -2021-01-26 -========== - -* :vytask:`T3251` ``(bug): PPPoE client trying to authorize with the wrong username`` -* :vytask:`T3256` ``(default): Add XML for protocol RPKI [conf-mode]`` - - -2021-01-25 -========== - -* :vytask:`T3249` ``(feature): Support operation mode forwarding table output`` - - -2021-01-24 -========== - -* :vytask:`T3227` ``(bug): Latest releases don't work with RPKI (crash)`` -* :vytask:`T3230` ``(bug): RPKI can't be deleted`` -* :vytask:`T3221` ``(bug): FRR config`` -* :vytask:`T3245` ``(default): Add XML for protocol ospfv3 [conf-mode]`` - - -2021-01-23 -========== - -* :vytask:`T3236` ``(default): Add XML for [conf-mode] OSPF`` - - -2021-01-17 -========== - -* :vytask:`T3222` ``(bug): Typo in BGP dampening description`` -* :vytask:`T3226` ``(bug): Repair bridge smoke test damage`` - - -2021-01-16 -========== - -* :vytask:`T3215` ``(bug): Operational command "show ipv6 route" is broken`` -* :vytask:`T3157` ``(bug): salt-minion fails to start due to permission error accessing /root/.salt/minion.log`` -* :vytask:`T3137` ``(feature): Let VLAN aware bridge approach the behavior of professional equipment`` - - -2021-01-15 -========== - -* :vytask:`T3210` ``(feature): ISIS three-way-handshake`` -* :vytask:`T3184` ``(feature): Add correct desctiptions for BGP neighbors`` - - -2021-01-14 -========== - -* :vytask:`T3213` ``(bug): show interface command python error`` - - -2021-01-12 -========== - -* :vytask:`T3205` ``(bug): Does not possible to configure tunnel mode gre-bridge`` - - -2020-12-20 -========== +1.4.1 (future release) +====================== -* :vytask:`T3132` ``(feature): Enable egress flow accounting`` -2020-11-29 -========== +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI`` + +**New features and improvements** + + +* :vytask:`T5878` ``Make the list of SSH server ciphers configurable`` +* :vytask:`T5949` ``Disable USB autosuspend`` +* :vytask:`T6320` ``WiFi: Enable support for 6GHz AccesPoints`` +* :vytask:`T6423` ``Require command definition nodes that have an owner to also have a priority`` +* :vytask:`T6424` ``ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate`` +* :vytask:`T6454` ``Explicitly set the default reverse proxy mode to HTTP`` +* :vytask:`T6462` ``wireless: add op-mode command for hostapd and wpa_supplicant logs`` +* :vytask:`T6473` ``bgp: missing completion helper for peer-groups inside a VRF`` +* :vytask:`T6477` ``Adding Loki plugin to Telegraf`` +* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI`` +* :vytask:`T6538` ``Allow adding a geneve interface to the vrf.`` +* :vytask:`T6539` ``Add logging options to load-balancer reverse-proxy`` +* :vytask:`T6566` ``op-mode: "monitor bandwidth" add support for listing all interfaces concurrently`` +* :vytask:`T6576` ``op-mode: ntp: add support for NTP service restart via CLI`` +* :vytask:`T6614` ``Initial support for smoketesting op-mode commands`` + +**Bug fixes** + + +* :vytask:`T2145` ``openvpn: server default topology net30 is incompatible with static client IPs for Windows clients`` +* :vytask:`T4287` ``wireless: cannot set regulatory domain`` +* :vytask:`T5514` ``Improve error handling when/if config.boot is deleted or missing`` +* :vytask:`T5552` ``'set system option performance throughput' enables IPv6 forwarding even if it's explicitly disabled with 'set system ipv6 disable-forwarding'`` +* :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address`` +* :vytask:`T5947` ``[1.3.2 -> 1.4.0-RC1 Migration] Static ipv6 routes dropped`` +* :vytask:`T6148` ``Reset vpn ipsec command breaks tunnel and does not reset SAs that are down`` +* :vytask:`T6332` ``IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr`` +* :vytask:`T6401` ``Attempts to delete vlan-to-vni option causes an unhandled exception`` +* :vytask:`T6429` ``bug - isis metric-style not applied configuration`` +* :vytask:`T6431` ``monitor traceroute broken VRF support`` +* :vytask:`T6453` ``GRUB variables with `=` in a value are parsed improperly`` +* :vytask:`T6460` ``Showing DHCPv6 leases can fail due to DUID parsing issues`` +* :vytask:`T6463` ``reverse-proxy: service not reloaded when updating SSL certificate via PKI`` +* :vytask:`T6464` ``sstpc: interface not restarted when updating SSL certificate via PKI`` +* :vytask:`T6480` ``PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/..../cert.pem`` +* :vytask:`T6484` ``Smoketest fails: fastnetmon killed due to OOM`` +* :vytask:`T6503` ``Command 'restart ssh' not working`` +* :vytask:`T6519` ``interfaces: 20-to-21 -> migration fails if new system has less ethernet interfaces`` +* :vytask:`T6523` ``Error: "nft table ip vyos_filter not found" when commiting prometheus-client`` +* :vytask:`T6559` ``vyos-configd should return commit error on config dependency error`` +* :vytask:`T6584` ``Revert addition of Linux Kernel MT7921 driver`` +* :vytask:`T6593` ``Release DHCP interface does not work`` +* :vytask:`T6600` ``ospf: smoketest "router ospf' not found in" for ldp sync`` +* :vytask:`T6602` ``interfaces: verify supplied VRF name on all interface types`` +* :vytask:`T6603` ``vrf: nftables conntrack ct_iface_map contains multiple identical entries`` +* :vytask:`T6605` ```ConfigError()` behavior is wrong with running `vyos-configd``` +* :vytask:`T6610` ``Missing minisign pub key from image`` -* :vytask:`T2297` ``(feature): NTP add support for pool configuration`` +**Other resolved issues** + + +* :vytask:`T4026` ``PKI: generate pki certificate sign <ca-name> is not working`` +* :vytask:`T5570` ``PAM config RADIUS ignore for default and success`` +* :vytask:`T6290` ``SNMPD show logs systemstats_linux: unexpected header length`` +* :vytask:`T6379` ``"generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients`` +* :vytask:`T6446` ``Display the support URL from image build data in LTS builds`` +* :vytask:`T6486` ``Generate openvpn client-config ignores configured protocol type`` +* :vytask:`T6500` ``openconnect: add support for new multi ca-certificate CLI node`` +* :vytask:`T6524` ``Rewrite "release dhcp interface <interface>" to Python to drop remaining Perl dependencies`` +* :vytask:`T6592` ``Changing VRF on interface fails`` +* :vytask:`T6594` ``IPoE-server extended-scripts do not work`` +* :vytask:`T6597` ``wireless: hostapd occationly gets deactivated via systemd and causes loss in connectivity`` +* :vytask:`T6598` ``Unexpected podman version 4.3.1`` + +1.4.0 (4th June 2024) +===================== + + + + +**New features and improvements** + + +* :vytask:`T3202` ``Enable wireguard debug messages by default`` +* :vytask:`T4022` ``Add package nat-rtsp-dkms`` +* :vytask:`T4393` ``sstp: add support for configuring host-name (SNI)`` +* :vytask:`T5386` ``Execute VRRP transition script when `set high-availability disable` is commited`` +* :vytask:`T5752` ``Check compatibility of new image tools with XCP-NG images`` +* :vytask:`T6293` ``add Mediatek MT7921 to defconfig`` +* :vytask:`T6339` ``Display the flavor name and build comment in "show version"`` +* :vytask:`T6395` ``Enable VFIO No-IOMMU support in kernel config`` + +**Bug fixes** + + +* :vytask:`T4576` ``vpn l2tp logging level configuration`` +* :vytask:`T5527` ``Adjust for change in coreutils behavior on overlayfs`` +* :vytask:`T5939` ``[1.3.5 -> 1.4.0-RC1 Migration] as-path-list Entries Get Messed Up`` +* :vytask:`T5940` ``[1.3.5 -> 1.4.0-RC1 Migration] commit-archive Fails to Migrate`` +* :vytask:`T6038` ``Losing default route after first reboot (cloud-init & DHCP)`` +* :vytask:`T6094` ``Destination Nat not Making Firewall Rules`` +* :vytask:`T6225` ``Unhandled exception when configuring random-detect QoS policy`` +* :vytask:`T6348` ``SNAT op-mode fails with flowtable offload entries`` +* :vytask:`T6356` ``Correct the syntax of config.boot.default [..., 'ntp', 'server'] from leaf node with value to tag node`` +* :vytask:`T6365` ``Negating interface names in NAT configuration causes invalid warnings`` +* :vytask:`T6377` ``PermissionError on /config/auth/letsencrypt/live/ when running show pki`` +* :vytask:`T6400` ``pki: unable to generate fingerprint for ACME issued certificates`` +* :vytask:`T6402` ``Invalid variables referenced in reverse proxy validation`` +* :vytask:`T6404` ``Include constraintGroup element in reference tree`` +* :vytask:`T6407` ``Generate ipsec profile error`` +* :vytask:`T6419` ``reverse-proxy: full CA chain is not build when verifying backend server`` +* :vytask:`T6421` ``host-name has no explicit priority to be set on system boot`` + +**Other resolved issues** + + +* :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6`` +* :vytask:`T3493` ``DHCPv6 does not have prefix range validation`` +* :vytask:`T4519` ``DHCPv6: "set show dhcpv6 server leases" should show DUID instead of IAID_DUID`` +* :vytask:`T4909` ``Rewrite the NTP op mode in the new format`` +* :vytask:`T5351` ``VyOS deployed with cloud-init improperly saves config.boot`` +* :vytask:`T6022` ``set system image default-boot`` +* :vytask:`T6048` ``Exception in event handler script`` +* :vytask:`T6328` ``Add a warning message about deprecation of web proxy URL filtering`` +* :vytask:`T6333` ``non-free-firmware to trixie`` +* :vytask:`T6345` ``Source NAT Port Mapping setting of Fully-Random is superfluous in Kernels 5.0 onwards`` +* :vytask:`T6346` ``Boot to multi-user.target instead of graphical.target`` +* :vytask:`T6358` ``Container config option to enable host pid`` +* :vytask:`T6367` ``op-mode: commit-archive: TypeError: attribute name must be string, not 'NoneType'`` +* :vytask:`T6383` ``Incorrect completion for rollback-soft`` +* :vytask:`T6384` ``rollback-soft should tell the user to compare and commit`` +* :vytask:`T6391` ``load-balancing reverse-proxy: typo in timeout help`` +* :vytask:`T6396` ``MINOR Typo: set system conntrack timeout custom ipv4 rule X`` +* :vytask:`T6409` ``Remove unused parameter node from reverse-proxy backend`` + +1.4.0-epa3 (14th May 2024) +========================== + +**Security** + + +* :vytask:`T6324` ``CVE-2024-2961`` + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options`` +* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"`` +* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"`` +* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config`` +* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta`` + +**New features and improvements** + + +* :vytask:`T4309` ``Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore"`` +* :vytask:`T4903` ``Support IPv6 addresses in "set system conntrack ignore"`` +* :vytask:`T5364` ``Make it possible to set the PADO delay to 0`` +* :vytask:`T6127` ``Ability to view logs for rules with Offload not functional`` +* :vytask:`T6133` ``Add domain-name to commit-archive`` +* :vytask:`T6143` ``Increase configuration timeout range for service config-sync`` +* :vytask:`T6154` ``Installer should ask for password twice`` +* :vytask:`T6161` ``Add support for displaying container image data in JSON`` +* :vytask:`T6162` ``ixgbe: Add 1000BASE-BX support`` +* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"`` +* :vytask:`T6176` ``image-tools: rationalize setting of console type`` +* :vytask:`T6184` ``image-tools: add op-mode command to set default boot console type`` +* :vytask:`T6192` ``Support running SSH server in more than one VRF`` +* :vytask:`T6226` ``Add "tcp-requece inspect-delay" to reverse proxy`` +* :vytask:`T6257` ``Add op mode commands for dynamic firewall address groups`` +* :vytask:`T6258` ``Add IPv6 base-reachable-time option to interfaces`` +* :vytask:`T6260` ``image-tools: remove the image directory if it fails to install due to insufficient drive space`` +* :vytask:`T6267` ``Improve commit failure messages for wireless interface configuration`` +* :vytask:`T6278` ``Attempt hint for console type during image install`` +* :vytask:`T6291` ``Add op mode commands for displaying LACP information for bonding interfaces`` +* :vytask:`T6306` ``EVPN-MH - missing options in uplink ports`` + +**Bug fixes** + + +* :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` +* :vytask:`T3655` ``NAT doesn't work correctly with VRF`` +* :vytask:`T4718` ``DHCP server listen-address doesn't take effect if the interface is in a VRF`` +* :vytask:`T5164` ``op cmd: "show dhcp server leases state" with available options does not show any result`` +* :vytask:`T5862` ``Default MTU is not acceptable in some environments`` +* :vytask:`T5875` ``login: removing and re-adding a user keeps the home directory but changes the UID, thus SSH keys no longer work`` +* :vytask:`T5996` ``Incorrect behavior for backslash escapes in config save and compare commands`` +* :vytask:`T6082` ``BGP doesn't allow the same local AS and remote AS in peer groups`` +* :vytask:`T6085` ``VTI interfaces are in UP state by default`` +* :vytask:`T6089` ``[1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added`` +* :vytask:`T6090` ``Migration of "policy route" configs fails due to TCP flag case sensitivity`` +* :vytask:`T6100` ``NAT config migration error in 1.4.0-epa1 if invalid address/network defined in 1.3.6 version`` +* :vytask:`T6106` ``Improve the commit error message for the case when route-reflector-client option is defined in a peer-group`` +* :vytask:`T6119` ``Use a compliant TOML parser`` +* :vytask:`T6130` ``[1.3.6->1.4.0-epa2 Migration] BGP "set community" missing`` +* :vytask:`T6131` ``Disabling openvpn interface(s) causes OSPF to fail to load on reboot`` +* :vytask:`T6136` ``Configuring a dynamic address group, config script did not check whether the group was created`` +* :vytask:`T6138` ``Conntrack table op-mode fails with flowtable offload entries`` +* :vytask:`T6145` ``Service config-sync does not rely on priorities`` +* :vytask:`T6147` ``Conntrack not working as expected with global state-policy`` +* :vytask:`T6149` ``Update node_data when merging nodes in reference tree generation`` +* :vytask:`T6152` ``Kernel panic for ZimaBoard 232`` +* :vytask:`T6160` ``Unhandled exception when configuring IS-IS`` +* :vytask:`T6165` ``grub: vyos-grub-update failed to start on "slow" systems`` +* :vytask:`T6167` ``VNI not set on VRF after reboot`` +* :vytask:`T6168` ``"add system image" does not set the default boot image to the current console type in compatibility mode`` +* :vytask:`T6169` ``DNS forwarding configuration rejects underscores in SRV records`` +* :vytask:`T6173` ``Build Causes Errors When "--version" Contains Slashes ("/")`` +* :vytask:`T6175` ``op-mode: "renew dhcp interface <name>" does not check if it's an actual DHCP interface`` +* :vytask:`T6178` ``reverse-proxy doesn't check that a certificate exists at set time`` +* :vytask:`T6179` ``Incorrect HAProxy config generated for reverse-proxy rules with url-path`` +* :vytask:`T6186` ``'set system image default-boot' fails to find images that actually do exist in the system`` +* :vytask:`T6189` ``BGP L3VPN connectivity is broken after re-enabling VRF`` +* :vytask:`T6191` ``Policy route set-mss option is not working correctly`` +* :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` +* :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time`` +* :vytask:`T6197` ``Validation error in the IPoE server interface client-subnet option`` +* :vytask:`T6202` ``Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1`` +* :vytask:`T6205` ``ipoe: error in migration script logic while renaming mac-address to mac`` +* :vytask:`T6206` ``L2tp smoketest fails if vyos-configd is running`` +* :vytask:`T6207` ``image-tools: restore ability to copy config.boot.default on image install`` +* :vytask:`T6213` ``Validations in firewall groups mistakenly reject correct configurations`` +* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config`` +* :vytask:`T6218` ``Container network interface in VRF fails to generate IPv6 link-local address`` +* :vytask:`T6221` ``Enabling VRF breaks connectivity`` +* :vytask:`T6222` ``VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters`` +* :vytask:`T6241` ``Updating CRL in "pki" config does not update OpenVPN`` +* :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory`` +* :vytask:`T6250` ``"policy route-map set table" cannot be deleted from the rule`` +* :vytask:`T6252` ``GRE tunnels don't allow configuring MTU larger than 8024`` +* :vytask:`T6255` ``Static table description should not contain white-space`` +* :vytask:`T6263` ``Commit failures when trying to set an IGMP group with source address on an interface`` +* :vytask:`T6269` ``Polixy route "set table" option is not working correctly`` +* :vytask:`T6272` ``PPPoE configuration does not load after deleting a PPPoE interface from the system`` +* :vytask:`T6276` ``Do not call config dependencies on script error`` +* :vytask:`T6283` ``Cannot delete as-path prepend from policy when it contains more than one AS`` +* :vytask:`T6284` ``IPoE server op mode commands do not show IPv6 addresses`` +* :vytask:`T6299` ``Building VyOS (Dockerized) current ISO fails dues to unmet dependencies podman : Depends: libgpgme11t64 (>= 1.4.1) but it is not installable`` +* :vytask:`T6305` ``IPoE interface wildcard validation error in firewall rules`` +* :vytask:`T6307` ``procps is missing from vyos-1x build dependencies`` +* :vytask:`T6317` ``VLAN doesn't work on a bridge with a wireless interface member`` +* :vytask:`T6329` ``Firewall - Error while printing groups`` + +**Other resolved issues** + + +* :vytask:`T4516` ``Rewrite system image manipulation tools in Python`` +* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options`` +* :vytask:`T6146` ``Add python script to get all priorities of service or section from XML`` +* :vytask:`T6159` ``"show openvpn server" prints a superfluous "OpenVPN status on vtunx" message for every client connection`` +* :vytask:`T6180` ``Add application of mask to configtree`` +* :vytask:`T6185` ``Simplify marshalling of section and config data for config-sync`` +* :vytask:`T6187` ``Use correct CPU counts adjusted for SMT when necessary`` +* :vytask:`T6195` ``dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1`` +* :vytask:`T6198` ``configverify: add common helper for PKI certificate validation`` +* :vytask:`T6203` ``Remove references to the obsolete vyos.xml module (superseded by vyos.xml_ref)`` +* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"`` +* :vytask:`T6234` ``PPPoE-server pado-delay refactoring`` +* :vytask:`T6245` ``Unhandled exception in "show openvpn server"`` +* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta`` +* :vytask:`T6327` ``Drop boot console type ttyUSB (USB serial)`` +* :vytask:`T6330` ``release.pref.chroot indentation broken`` + +1.4.0-epa2 (15th March 2024) +============================ + + + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping`` + +**New features and improvements** + + +* :vytask:`T4977` ``Babel routing protocol support`` +* :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP`` +* :vytask:`T5530` ``Add LFA to IS-IS`` +* :vytask:`T5631` ``Ability to export the current configuration in JSON format`` +* :vytask:`T5717` ``ospfv3 - add allow to set metric-type to ospf redistribution while frr docs says its possible.`` +* :vytask:`T5772` ``Require HTTPS API server configurations to include at least one key if key-based auth is used`` +* :vytask:`T5781` ``Add ability to add additional minisign keys`` +* :vytask:`T6057` ``Add ability to disable syslog for conntrackd`` +* :vytask:`T6060` ``op-mode: container: support removing all container images at once`` +* :vytask:`T6087` ``ospfv3: add support to redistribute IS-IS routes`` + +**Bug fixes** + + +* :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work`` +* :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service`` +* :vytask:`T5121` ``Incorrect "architecture" config loaded`` +* :vytask:`T5646` ``QoS policy limiter broken if class without match`` +* :vytask:`T5909` ``Container registry with authentication prevents config load (section container) after reboot`` +* :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading`` +* :vytask:`T6020` ``VRRP health-check script is not applied correctly in keepalived.conf`` +* :vytask:`T6054` ``load-balancing wan - doesn't configure a list of ports`` +* :vytask:`T6055` ``PKI error: "failed to install x value" when executed the command from conf mode`` +* :vytask:`T6061` ``connection-status nat destination firewall filter not working in 1.4.0-epa1`` +* :vytask:`T6069` ``HTTP API segfault during concurrent configuration requests`` +* :vytask:`T6070` ``bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading`` +* :vytask:`T6073` ``Conntrack/NAT not being disabled when VRFs are defined`` +* :vytask:`T6074` ``container: do not allow deleting images which have a container running`` +* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping`` +* :vytask:`T6081` ``QoS policy shaper target and interval wrong calcuations`` +* :vytask:`T6084` ``OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration`` +* :vytask:`T6086` ``NAT does not work with network-groups`` +* :vytask:`T6093` ``Incorrect dhcp-options vendor-class-id regex`` +* :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` +* :vytask:`T6098` ``Description doesnt seem to allow for non international characters`` +* :vytask:`T6104` ``Regression in commit-archive for non-interactive configuration`` +* :vytask:`T6107` ``Nginx does not allow big config queries for configure endpoint API`` +* :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure`` + +**Other resolved issues** + + +* :vytask:`T2199` ``Rewrite firewall in new XML/Python style`` +* :vytask:`T5738` ``Extend XML building blocks`` +* :vytask:`T5870` ``ipsec remote access VPN: add x509 ("pubkey") authentication`` +* :vytask:`T5959` ``Streamline dns forwarding service`` +* :vytask:`T6071` ``firewall: CLI description limit of 256 characters cause config upgrade issues`` +* :vytask:`T6075` ``Applying firewall rules with a non-existent interface group`` +* :vytask:`T6077` ``banner: implement ASCII contest winner default logo`` +* :vytask:`T6083` ``ethtool: move string parsing to JSON parsing`` +* :vytask:`T6095` ``Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"`` +* :vytask:`T6214` ``Error when using some constraints`` + +1.4.0-epa1 (22th February 2024) +=============================== + +**Security** + + +* :vytask:`T4915` ``Minisign verification failure == pass??`` + +**Breaking changes** + + +* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs`` + +**Configuration syntax changes (automatically migrated)** + + +* :vytask:`T1991` ``Rework time services`` +* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest`` + +**New features and improvements** + + +* :vytask:`T160` ``Support NAT64`` +* :vytask:`T1991` ``Rework time services`` +* :vytask:`T4221` ``Add a template filter for converting scalars to single-item lists`` +* :vytask:`T4883` ``Add a description field for routing tables`` +* :vytask:`T4940` ``Interface debugging`` +* :vytask:`T5122` ``Move "archive-areas" to defaults.toml to support "non-free-firmware" repository`` +* :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools`` +* :vytask:`T5449` ``Add options for TCP MSS probing`` +* :vytask:`T5497` ``Add ability to resequence rule numbers for firewall`` +* :vytask:`T5615` ``Narrow down spurious name conflict with mdns`` +* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest`` +* :vytask:`T5965` ``WWAN modems using raw-ip do not work with dhclient/dhcp6c`` +* :vytask:`T5972` ``login: add possibility to disable individual local user accounts`` + +**Bug fixes** + + +* :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` +* :vytask:`T2700` ``Redirecting traffic from PPPoE interface to IFB fails`` +* :vytask:`T2801` ``conntrack-tools flooding logs`` +* :vytask:`T3681` ``The VMware Tools resume script did not run successfully in this virtual machine.`` +* :vytask:`T3774` ``atop logs are not limited in size`` +* :vytask:`T3902` ``Firewall does not load on boot, address-group not found, even though it exists`` +* :vytask:`T4796` ``build-vyos-image ignores multiple options`` +* :vytask:`T5239` ``Host name and domain name missing from the FRR configuration`` +* :vytask:`T5245` ``Wireless interfaces do not get IPv6 link-local address assigned`` +* :vytask:`T5376` ``Conntrack FTP helper does not work properly`` +* :vytask:`T5890` ``OTP key generation is broken`` +* :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed`` +* :vytask:`T5977` ``nftables: Operation not supported when using match-ipsec in outbound firewall`` +* :vytask:`T6005` ``Error on adding a wireguard interface to OSPFv3`` +* :vytask:`T6043` ``VxLAN and bridge error bug`` +* :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart`` +* :vytask:`T6064` ``Can not build VyOS if repository it not cloned to a branch`` + +**Other resolved issues** + + +* :vytask:`T671` ``Identify and remove dead code`` +* :vytask:`T874` ``Support for Two Factor Authentication for CLI access via Google Authenticator/OTP`` +* :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled`` +* :vytask:`T1436` ``Config entries with default values do not correctly show as changed`` +* :vytask:`T1487` ``DNS (pdns_recursor) stats logs not saved to disk`` +* :vytask:`T2433` ``Improve CLI value validator performance`` +* :vytask:`T3337` ``Add possibility to serve static DNS zones from the router`` +* :vytask:`T3471` ``DHCP hook is not able to detect all running DHCP instances`` +* :vytask:`T3474` ``Revisit storing syntax version of interface definitions in XML file`` +* :vytask:`T3522` ``policy based routing not working`` +* :vytask:`T3574` ``Add constraintGroup for combining validators with logical AND`` +* :vytask:`T3642` ``PKI configuration`` +* :vytask:`T3722` ``op-mode IPSec show vpn ike sa always shows L-TIME 0`` +* :vytask:`T3766` ``containers: Expanding options for networking and building containers`` +* :vytask:`T4723` ``Error when issuing 'show flow-accounting interface pppoe0'`` +* :vytask:`T4761` ``Add a generic URL validator`` +* :vytask:`T4795` ``Cleanup custom python validators`` +* :vytask:`T4951` ``Add an op mode exception for cases when operations fail due to insufficient system resources`` +* :vytask:`T5109` ``Improve OCaml XML validator`` +* :vytask:`T5195` ``Break up the vyos.util module`` +* :vytask:`T5348` ``Service config-sync can freeze the secondary router if it has commit-archive location`` +* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs`` +* :vytask:`T5754` ``Update to StrongSwan 5.9.11`` +* :vytask:`T5846` ``Refactor and simplify DUID definition in conf-mode`` +* :vytask:`T5903` ``NHRP don´t start on reboot from version 1.5-rolling-202401010026`` +* :vytask:`T6001` ``Add option to enable resolve-via-default`` +* :vytask:`T6015` ``"journalctl_charon" file does not contain data in the generated "ipsec debug-archive" file`` +* :vytask:`T6050` ``Wrong scripting commands descriptions in accel-ppp services`` +* :vytask:`T6078` ``Update ethtool to 6.6`` |