diff options
Diffstat (limited to 'docs')
27 files changed, 4659 insertions, 197 deletions
diff --git a/docs/_ext/releasenotes.py b/docs/_ext/releasenotes.py new file mode 100644 index 00000000..4db65c86 --- /dev/null +++ b/docs/_ext/releasenotes.py @@ -0,0 +1,108 @@ +from datetime import datetime +from phabricator import Phabricator +import argparse + +parser = argparse.ArgumentParser() +parser.add_argument("-t", "--token", type=str, help="API token", required=True) +parser.add_argument("-b", "--branch", nargs="+", help="List of github branches", required=True) + +args = parser.parse_args() + + +phab = Phabricator(host='https://phabricator.vyos.net/api/', token=args.token) + +''' +# code to find new PHIDs +# show project ids +projects = phab.project.query(limit=200) +for project in projects.response['data']: + print(projects.response['data'][project]['phid'], projects.response['data'][project]['name']) +''' + +projects = { + 'equuleus': { + 'phid': 'PHID-PROJ-zu26ui4vbmvykpjtepij', + 'name': '1.3 Equuleus', + 'filename': 'docs/changelog/1.3.rst', + 'tasks': [], + 'releasenotes': [] + }, + 'current': { + 'phid': 'PHID-PROJ-m4utvy456e2shcprpq3b', + 'name': '1.4 Sagitta', + 'filename': 'docs/changelog/1.4.rst', + 'tasks': [], + 'releasenotes': [] + } +} + +for b in args.branch: + if b not in projects.keys(): + raise Exception('given branch not defined') + +# get project tasks + +for project in projects: + if project not in args.branch: + continue + + _after = None + + # get tasks from API + while True: + #print(f'get {_after}') + _tasks = phab.maniphest.search( + constraints={ + 'projects': [projects[project]['phid']], + #'statuses': ['closed'], + }, + after=_after) + + projects[project]['tasks'].extend(_tasks.response['data']) + _after = _tasks.response['cursor']['after'] + if _after is None: + break + + # prepare tasks for release notes + for task in projects[project]['tasks']: + if task['fields']['status']['value'] in ['resolved']: + #_info = phab.maniphest.info(task_id=task['id']) + #_info = _info.response + releasenote = {} + releasenote['type'] = task['fields']['subtype'] + date = datetime.fromtimestamp(task['fields']['dateClosed']) + releasenote['closedate'] = date.strftime('%Y-%m-%d') + releasenote['name'] = task['fields']['name'] + releasenote['id'] = task['id'] + #print(f"{project}: {task['fields']['status']} {task['id']}") + projects[project]['releasenotes'].append(releasenote) + + projects[project]['releasenotes'] = sorted( + projects[project]['releasenotes'], key = lambda x: x['closedate'], + reverse=True + ) + + rst_text = "#" * len(projects[project]['name']) + rst_text += f"\n{projects[project]['name']}\n" + rst_text += "#" * len(projects[project]['name']) + rst_text += "\n" + + rst_text += "\n" + rst_text += "..\n" + rst_text += " Please don't add anything by hand.\n" + rst_text += " This file is managed by the script:\n" + rst_text += " _ext/releasenotes.py\n" + + date = None + for rn in projects[project]['releasenotes']: + if date != rn['closedate']: + rst_text += "\n\n" + rst_text += f"{rn['closedate']}\n" + underline = '=' * len(rn['closedate']) + rst_text += f"{underline}\n\n" + date = rn['closedate'] + rst_text += f"* :vytask:`T{rn['id']}` ({rn['type']}): {rn['name']}\n" + + f = open(projects[project]['filename'], "w") + f.write(rst_text) + f.close() diff --git a/docs/_include/interface-ip.txt b/docs/_include/interface-ip.txt index 89937806..abbed529 100644 --- a/docs/_include/interface-ip.txt +++ b/docs/_include/interface-ip.txt @@ -126,7 +126,7 @@ possible to allow these hosts to communicate through the upstream router by proxy_arp'ing. - .. note:: Don't need to be used together with proxy_arp. + .. note:: Does not need to be used together with proxy_arp. This technology is known by different names: diff --git a/docs/_include/interface-xdp.txt b/docs/_include/interface-xdp.txt index d87151fc..cee9933b 100644 --- a/docs/_include/interface-xdp.txt +++ b/docs/_include/interface-xdp.txt @@ -1,6 +1,6 @@ .. cfgcmd:: set interfaces {{ var0 }} <interface> xdp - Enable support for Linux :abbr:`XDP (eXpress Data Path)` on recent 1.3 rolling + Enable support for Linux :abbr:`XDP (eXpress Data Path)` on recent 1.4 rolling releases. You must enable it for every interface which should participate in the XDP forwarding. @@ -18,10 +18,15 @@ nftables. Enabling this feature will only load the XDP router code as described here: + + .. stop_vyoslinter + https://blog.apnic.net/2020/04/30/how-to-build-an-xdp-based-bgp-peering-router/ + .. start_vyoslinter + Example: .. code-block:: none - set interfaces {{ var0 }} {{ var1 }} xdp
\ No newline at end of file + set interfaces {{ var0 }} {{ var1 }} xdp diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 0dd41096f14771ffa476f52793308bffac51b59 +Subproject 49bc3f1e3ff8416908fc986bb60b444a75a1722 diff --git a/docs/automation/index.rst b/docs/automation/index.rst index e07dfecc..c19d819b 100644 --- a/docs/automation/index.rst +++ b/docs/automation/index.rst @@ -5,11 +5,11 @@ VyOS Automation * Ansible * Saltstack - * HTTP-API * startup scripts .. toctree:: :maxdepth: 1 - + + vyos-api command-scripting
\ No newline at end of file diff --git a/docs/automation/vyos-api.rst b/docs/automation/vyos-api.rst new file mode 100644 index 00000000..1504a05a --- /dev/null +++ b/docs/automation/vyos-api.rst @@ -0,0 +1,317 @@ +.. _vyosapi: + +######## +VyOS API +######## + +for configuration and enabling the API see :ref:`http-api` + +************** +Authentication +************** + +All Endpoint only listen on HTTP POST requests and the API KEY must set as +``key`` in the formdata. + +Below see one example or curl and one for python. +In the following, the documentation is reduced to curl. + +.. code-block:: none + + curl --location --request POST 'https://vyos/retrieve' \ + --form data='{"op": "showConfig", "path": []}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + +.. code-block:: python + + import requests + url = "https://vyos/retrieve" + payload={'data': '{"op": "showConfig", "path": []}', + 'key': 'MY-HTTPS-API-PLAINTEXT-KEY' + } + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +************* +API Endpoints +************* + +/retrieve +========= + +With the ``retrieve`` endpoint you get parts or the whole configuration. + +To get the whole configuration, pass an empty list to the ``path`` field + +.. code-block:: none + + curl --location --request POST 'https://vyos/retrieve' \ + --form data='{"op": "showConfig", "path": []}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + + response (shorted) + { + "success": true, + "data": { + "interfaces": { + "ethernet": { + "eth0": { + "address": "dhcp", + "duplex": "auto", + "hw-id": "50:00:00:01:00:00", + "speed": "auto" + }, + "eth1": { + "duplex": "auto", + "hw-id": "50:00:00:01:00:01", + "speed": "auto" + ... + }, + "error": null + } + + +only get a part of the configuration, +for example ``system syslog``. + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/retrieve' \ + --form data='{"op": "showConfig", "path": ["system", "syslog"]}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + + response: + { + "success": true, + "data": { + "global": { + "facility": { + "all": { + "level": "info" + }, + "protocols": { + "level": "debug" + } + } + } + }, + "error": null + } + +if you just want the Value of a multi-valued node, use the ``returnValues`` +operation. + +for example get the addresses of a ``dum0`` interface + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/retrieve' \ + --form data='{"op": "returnValues", "path": ["interfaces","dummy","dum0","address"]}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + respone: + { + "success": true, + "data": [ + "10.10.10.10/24", + "10.10.10.11/24", + "10.10.10.12/24" + ], + "error": null + } + +/image +====== + +To add or delete an image, use the ``/image`` endpoint. + +add an image + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/image' \ + --form data='{"op": "add", "url": "https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso"}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + respone (shorted): + { + "success": true, + "data": "Trying to fetch ISO file from https://downloads.vyos.io/rolling-latest.iso\n + ... + Setting up grub configuration...\nDone.\n", + "error": null + } + +delete an image, for example ``1.3-rolling-202006070117`` + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/image' \ + --form data='{"op": "delete", "name": "1.3-rolling-202006070117"}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": "Deleting the \"1.3-rolling-202006070117\" image...\nDone\n", + "error": null + } + + +/show +===== + +The ``/show`` endpoint is to show everthing in operational mode + +for example which images are installed + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/show' \ + --form data='{"op": "show", "path": ["system", "image"]}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": "The system currently has the following image(s) installed:\n\n + 1: 1.4-rolling-202102280559 (default boot)\n + 2: 1.4-rolling-202102230218\n + 3: 1.3-beta-202102210443\n\n", + "error": null + } + + +/generate +========= + +to run a ``generate`` command use the + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/generate' \ + --form data='{"op": "generate", "path": ["wireguard", "default-keypair"]}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": "", + "error": null + } + + +/configure +========== + +You can pass a ``set``, ``delete`` or ``comment`` command to the +``/configure`` endpoint. + +``set`` a single command + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/configure' \ + --form data='{"op": "set", "path": ["interfaces", "dummy", "dum1", "address", "10.11.0.1/32"]}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": null, + "error": null + } + + +``delete`` a single command + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/configure' \ + --form data='{"op": "delete", "path": ["interfaces", "dummy", "dum1", "address", "10.11.0.1/32"]}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": null, + "error": null + } + +The API push every request to a session and commit it. +But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and +other tunnels require full configuration for commit. +The Endpoint will process multiple commands when you pass them as a list to +the ``data`` field. + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/configure' \ + --form data='[{"op": "set","path":["interfaces","vxlan","vxlan1","remote","203.0.113.99"]}, {"op": "set","path":["interfaces","vxlan","vxlan1","vni","1"]}]' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": null, + "error": null + } + + +/config-file +============ + +The endpoint ``/config-file`` is to save or load a configuration. + +Save a running configuration to the startup configuration. +When you don't specify the file when saving, it saves to +``/config/config.boot``. + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/config-file' \ + --form data='{"op": "save"}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": "Saving configuration to '/config/config.boot'...\nDone\n", + "error": null + } + + +Save a running configuration to a file. + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/config-file' \ + --form data='{"op": "save", "file": "/config/test.config"}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": "Saving configuration to '/config/test.config'...\nDone\n", + "error": null + } + + +To Load a configuration file. + +.. code-block:: none + + curl -k --location --request POST 'https://vyos/config-file' \ + --form data='{"op": "load", "file": "/config/test.config"}' \ + --form key='MY-HTTPS-API-PLAINTEXT-KEY' + + response: + { + "success": true, + "data": null, + "error": null + }
\ No newline at end of file diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst new file mode 100644 index 00000000..c819323f --- /dev/null +++ b/docs/changelog/1.3.rst @@ -0,0 +1,3720 @@ +############ +1.3 Equuleus +############ + +.. + Please don't add anything by hand. + This file is managed by the script: + _ext/releasenotes.py + + +2021-02-28 +========== + +* :vytask:`T3370` (bug): dhcp: Invalid domain name "private" +* :vytask:`T3369` (feature): VXLAN: add IPv6 underlay support + + +2021-02-27 +========== + +* :vytask:`T2291` (bug): Bad hostnames in /etc/hosts with static-mapping in dhcp server config +* :vytask:`T3364` (feature): tunnel: cleanup/rename CLI nodes +* :vytask:`T3211` (feature): ability to redistribute ISIS into other routing protocols +* :vytask:`T3368` (feature): macsec: add support for gcm-aes-256 cipher +* :vytask:`T3366` (bug): tunnel: can not change local / remote ip address for gre-bridge tunnel + + +2021-02-26 +========== + +* :vytask:`T3347` (default): vyos 1.3 beta fails to configure Xen HVM guest ethernet interfaces due to ethtool -g error +* :vytask:`T3357` (default): HTTP-API redirect from http correct https port + + +2021-02-24 +========== + +* :vytask:`T1774` (default): Add a show config operation to the HTTP API +* :vytask:`T3303` (feature): Change welcome message on boot + + +2021-02-21 +========== + +* :vytask:`T3163` (feature): ethernet ring-buffer can be set with an invalid value +* :vytask:`T2521` (bug): Need to restart pdns-recursor to check new entries in /etc/hosts + + +2021-02-20 +========== + +* :vytask:`T2647` (default): ipsec disableuniqreqids generate a wrong ipsec.conf + + +2021-02-19 +========== + +* :vytask:`T3326` (bug): OSPFv3: Cannot add L2TPv3 interface +* :vytask:`T2061` (bug): protocol logs not sent to remote syslog + + +2021-02-18 +========== + +* :vytask:`T3259` (default): many dnat rules makes the vyos http api crash, even showConfig op timeouts + + +2021-02-17 +========== + +* :vytask:`T3047` (bug): OSPF : virtual-link and passive-interface default parameters does not work together +* :vytask:`T3312` (feature): SolarFlare NICs support + + +2021-02-16 +========== + +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.101 / 5.10.19 + + +2021-02-14 +========== + +* :vytask:`T2152` (bug): ddclient has bug which prevents use_web from being used +* :vytask:`T3308` (feature): BGP: add gracefull shutdown support + + +2021-02-13 +========== + +* :vytask:`T3028` (feature): Create a default user when metadata is not available (for Cloud-init builds) +* :vytask:`T2867` (feature): Cleanup DataSourceOVF.py in the Cloud-init +* :vytask:`T2726` (feature): Allow to use all supported SSH key types in Cloud-init +* :vytask:`T2403` (feature): Full support for networking config in Cloud-init +* :vytask:`T2387` (feature): Create XML scheme for [conf_mode] BGP +* :vytask:`T2174` (feature): Rewrite protocol BGP to new XML/Python style +* :vytask:`T1987` (bug): A default route can be deleted by dhclient-script in some cases +* :vytask:`T2310` (bug): vyos-cloud-init use global config to configure pass and ssh login +* :vytask:`T723` (feature): Add support for first boot or installation time saved config modification +* :vytask:`T1775` (bug): Cloud-init not running userdata runcmd +* :vytask:`T1389` (feature): Add support for NoCloud cloud-init datasource +* :vytask:`T1315` (feature): Allow BGP to use address-family l2vpn evpn + + +2021-02-12 +========== + +* :vytask:`T3301` (bug): Wrong format and valueHelp for policy as-path-list regex + + +2021-02-11 +========== + +* :vytask:`T2638` (default): FRR: New framework for configuring FRR +* :vytask:`T3035` (enhancment): Allow IPv4 over IPv6 IPsec and vice versa +* :vytask:`T1957` (feature): PPPoE server: maintenance mode +* :vytask:`T1773` (default): Make it possible to export config to JSON + + +2021-02-08 +========== + +* :vytask:`T3295` (feature): Update Linux Kernel to v5.4.96 / 5.10.14 +* :vytask:`T3292` (bug): RIPng: access-lists/prefix-list reference IPv4 and not IPv6 lists during verification + + +2021-02-07 +========== + +* :vytask:`T3293` (bug): RPKI migration script errors out after CLI rewrite + + +2021-02-06 +========== + +* :vytask:`T3285` (feature): Schedule reboots through systemd-shutdownd instead of atd +* :vytask:`T661` (feature): Show a warning if router going to reboot soon (due to "commit-confirm" command) + + +2021-02-05 +========== + +* :vytask:`T2450` (feature): Rewrite "protocols vrf" tree in XML and Python +* :vytask:`T208` (feature): Ability to ignore default-route from dhcpcd per interface + + +2021-02-04 +========== + +* :vytask:`T2834` (bug): Config rollback function is broken due lack access to the config.boot + + +2021-02-03 +========== + +* :vytask:`T3239` (default): XML: override 'defaultValue' for mtu of certain interfaces; remove workarounds +* :vytask:`T2910` (feature): XML: generator should support override of variables +* :vytask:`T2873` (bug): "show nat destination translation address" doesn't filter at all +* :vytask:`T627` (bug): IPSec configuration directive deletion fails, causes bad IPSec state on reboot. + + +2021-02-02 +========== + +* :vytask:`T3018` (bug): Unclear behaviour when configuring vif and vif-s interfaces +* :vytask:`T3255` (default): Rewrite protocol RPKI to new XML/Python style + + +2021-02-01 +========== + +* :vytask:`T3268` (feature): Add VRF support to VIF-S interfaces +* :vytask:`T3274` (default): ask_yes_no() doesn't handle EOFError + + +2021-01-31 +========== + +* :vytask:`T3276` (feature): Update Linux Kernel to v5.4.94 / 5.10.12 + + +2021-01-30 +========== + +* :vytask:`T3269` (bug): VIF-C interfaces don't verify configuration +* :vytask:`T3240` (feature): Support per-interface DHCPv6 DUIDs +* :vytask:`T3037` (bug): Bgp afi ipv6-unicast capability dynamic bug +* :vytask:`T3273` (default): PPPoE static default-routes deleted on interface down when not added by interface up + + +2021-01-29 +========== + +* :vytask:`T3262` (bug): DHCPv6 client runs when dhcpv6-options is configured without requesting an address or PD +* :vytask:`T3261` (bug): Does not possible to disable pppoe client interface. +* :vytask:`T3246` (bug): OSPFv3 router ID not configured in FRR +* :vytask:`T3126` (bug): unsuppress-map doesn't work for BGP IPv4 + + +2021-01-27 +========== + +* :vytask:`T3257` (feature): tcpdump supporting complete protocol +* :vytask:`T3194` (bug): OSPF redistribution metric issue +* :vytask:`T3110` (bug): Broken pipe in show interfaces +* :vytask:`T3085` (feature): IPv6 BGP Neighbor Weight +* :vytask:`T651` (enhancment): Split CI'ed, VyOS-specific packages and other packages into separate repos +* :vytask:`T597` (enhancment): Code testing on sonarcloud.com +* :vytask:`T516` (default): Make Python / XML code development more testable +* :vytask:`T625` (default): IKEv1 lifetime negotiation in VyOS 1.2.0 +* :vytask:`T613` (bug): Missing linux-kbuild +* :vytask:`T505` (bug): Hostapd cannot log + + +2021-01-26 +========== + +* :vytask:`T3251` (bug): PPPoE client trying to authorize with the wrong username +* :vytask:`T2859` (bug): show nat source translation - Errors out + + +2021-01-25 +========== + +* :vytask:`T3252` (bug): rpki: AttributeError: 'Config' object has no attribute 'return__value' +* :vytask:`T3249` (feature): Support operation mode forwarding table output + + +2021-01-24 +========== + +* :vytask:`T3230` (bug): RPKI can't be deleted +* :vytask:`T3243` (feature): Update Linux Kernel to v5.4.92 / 5.10.10 + + +2021-01-21 +========== + +* :vytask:`T3237` (bug): DHCP Server Static-Mapping Validation Error + + +2021-01-18 +========== + +* :vytask:`T2761` (feature): Extend "show vrrp" op-mode command with router priority +* :vytask:`T2679` (feature): VRRP with BFD Failure Detection +* :vytask:`T3212` (bug): SSH: configuration directory is not always created on boot +* :vytask:`T3231` (bug): "system option ctrl-alt-delete" has no effect + + +2021-01-17 +========== + +* :vytask:`T3222` (bug): BGP dampening description +* :vytask:`T2944` (bug): NTP by default listen on any address/interface +* :vytask:`T3226` (bug): Repair bridge smoke test damage +* :vytask:`T2442` (enhancment): Move application of STP settings for bridge members from interfaces-bridge.py to Interface.add_to_bridge() +* :vytask:`T2381` (bug): OpenVPN: openvpn-option parsed/rendered improperly + + +2021-01-16 +========== + +* :vytask:`T3215` (bug): show ipv6 route Broken on 1.4 Rolling +* :vytask:`T3172` (bug): Builds sometime after 2020-12-17 have broken routing after reboot +* :vytask:`T3157` (bug): salt-minion fails to start due to permission error accessing /root/.salt/minion.log +* :vytask:`T3167` (default): Recurring bugs in Intel NIC drivers +* :vytask:`T3151` (default): Decide on the final list of packages for 1.3 +* :vytask:`T3137` (feature): Let VLAN aware bridge approach the behavior of professional equipment +* :vytask:`T3223` (feature): Update Linux Kernel to v5.4.89 / 5.10.7 + + +2021-01-15 +========== + +* :vytask:`T3210` (feature): ISIS three-way-handshake +* :vytask:`T3184` (feature): Add correct desctiptions for BGP neighbors +* :vytask:`T2850` (feature): Add BGP template for FRR + + +2021-01-14 +========== + +* :vytask:`T3218` (feature): Replace Intel out-of-tree drivers with Linux Kernel stock drivers. + + +2021-01-13 +========== + +* :vytask:`T3186` (bug): NAT: bug with "!" invert character + + +2021-01-12 +========== + +* :vytask:`T3205` (bug): Does not possible to configure tunnel mode gre-bridge + + +2021-01-11 +========== + +* :vytask:`T3208` (bug): Does not possible to change user password +* :vytask:`T3198` (bug): OSPF database filtering issue +* :vytask:`T3206` (bug): Unable to delete destination NAT rule +* :vytask:`T3193` (bug): DHCPv6 PD verification issues +* :vytask:`T3201` (bug): show log all Not Working for RADIUS Users + + +2021-01-10 +========== + +* :vytask:`T3178` (feature): Migrate vyatta-op-quagga to vyos-1x + + +2021-01-09 +========== + +* :vytask:`T2467` (bug): Restarting Flow Accounting Fails +* :vytask:`T3199` (feature): Update Linux Kernel to v5.4.88 / 5.10.6 + + +2021-01-07 +========== + +* :vytask:`T3192` (feature): login: radius: add support for IPv6 RADIUS servers + + +2021-01-05 +========== + +* :vytask:`T3169` (enhancment): Reimplement smoke test of span (mirror) +* :vytask:`T3161` (default): Consider removing ConfigLoad.pm +* :vytask:`T1398` (default): Remove vyatta-config-migrate package +* :vytask:`T805` (enhancment): Drop config compatibility with Vyatta Core older than 6.5 + + +2021-01-04 +========== + +* :vytask:`T3185` (bug): [conf-mode] Wrong CompletionHelp for Tunnel local-ip +* :vytask:`T3152` (bug): wan-load-balance does not show connections +* :vytask:`T2601` (bug): pppoe-server: does not possible to disable ccp + + +2021-01-03 +========== + +* :vytask:`T3180` (bug): DHCP server raises NameError + + +2021-01-02 +========== + +* :vytask:`T3175` (bug): Dynamic DNS validations don't reflect supported protocols in ddclient +* :vytask:`T2321` (feature): VRF support for SSH, NTP, SNMP service +* :vytask:`T3177` (bug): Rolling Release no longer reports VMware UUID + + +2021-01-01 +========== + +* :vytask:`T3171` (feature): Add CLI option to enable RPS (Receive Packet Steering) + + +2020-12-31 +========== + +* :vytask:`T3162` (bug): PPPoE server pado-delay issue +* :vytask:`T3160` (bug): PPPoE server called-sid option does not work +* :vytask:`T3168` (feature): Update Linux Kernel to v5.4.86 + + +2020-12-29 +========== + +* :vytask:`T3082` (bug): multi_to_list must distinguish between values and defaults +* :vytask:`T1466` (feature): Add EAPOL login support + + +2020-12-28 +========== + +* :vytask:`T1732` (feature): Removing vyatta-webproxy module +* :vytask:`T2666` (feature): Packet Processing with eBPF and XDP +* :vytask:`T2581` (default): webproxy: implement proxy chaining +* :vytask:`T563` (feature): webproxy: migrate 'service webproxy' to get_config_dict() + + +2020-12-27 +========== + +* :vytask:`T3150` (bug): When configuring QoS, the setting procedure of port mirroring is wrong + + +2020-12-23 +========== + +* :vytask:`T3143` (bug): OpenVPN server: Push route does not work +* :vytask:`T3146` (feature): Upgrade FRR from 7.4 -> 7.5 version incl. new libyang +* :vytask:`T3145` (feature): Update Linux Kernel to v5.4.85 +* :vytask:`T3147` (feature): Upgrade to SaltStack version 3002.2 + + +2020-12-22 +========== + +* :vytask:`T3142` (bug): OpenVPN op-command completion issue +* :vytask:`T2940` (feature): Update FRR to 7.4 +* :vytask:`T2573` (bug): BFD opmode Commands are broken +* :vytask:`T2495` (feature): Add xml for ISIS [conf_mode] +* :vytask:`T1316` (feature): Support for IS-IS + + +2020-12-20 +========== + +* :vytask:`T3131` (bug): Typo in ipsec preshared-secret help +* :vytask:`T3134` (bug): DHCPv6 DUID configuration node missing +* :vytask:`T3140` (feature): Relax "ethernet offload-options" CLI definition + + +2020-12-17 +========== + +* :vytask:`T2810` (default): Docs for vpn anyconnect-server +* :vytask:`T2036` (default): Open Connect VPN Server () support + + +2020-12-14 +========== + +* :vytask:`T3128` (bug): pppoe smoke test failed +* :vytask:`T3129` (feature): Update Linux Kernel to v5.4.83 +* :vytask:`T3089` (feature): Migrate port mirroring to vyos-1x and support two-way traffic mirroring +* :vytask:`T3130` (feature): Replace vyos-netplug with upstream debian version + + +2020-12-13 +========== + +* :vytask:`T3114` (bug): When the bridge member is a non-ethernet interface, setting VLAN-aware bridge parameters fails + + +2020-12-11 +========== + +* :vytask:`T3123` (bug): Configuration of vti interface impossible + + +2020-12-10 +========== + +* :vytask:`T3117` (bug): OpenVPN config migration errors upgrading from 1.3-rolling-202010280217 to 1.3-rolling-202012060217 + + +2020-12-09 +========== + +* :vytask:`T3122` (feature): Update Linux Kernel to v4.19.162 +* :vytask:`T3121` (bug): get_config_dict() and key_mangling=('-', '_') Broke PowerDNS dns_forwarding config file + + +2020-12-08 +========== + +* :vytask:`T2562` (bug): VyOS can't be used as a DHCP server for a DHCP relay + + +2020-12-07 +========== + +* :vytask:`T3120` (bug): 1.3-rolling-202012070217 python error when deleting nat rule +* :vytask:`T3119` (feature): migrate "system ip" to get_config_dict() and provide smoketest + + +2020-12-05 +========== + +* :vytask:`T2744` (bug): igmp-proxy issue: Address already in use + + +2020-12-04 +========== + +* :vytask:`T3108` (bug): Section Config overlapped match with FRRConfig +* :vytask:`T3112` (feature): PPPoE IPv6: remove "enable" node +* :vytask:`T3100` (feature): Migrate DHCP/DHCPv6 server to get_config_dict() + + +2020-12-03 +========== + +* :vytask:`T3105` (bug): static-host-mapping writing in one line +* :vytask:`T3107` (feature): Update Linux Kernel to v4.19.161 +* :vytask:`T3104` (bug): LLDP Traceback error + + +2020-12-01 +========== + +* :vytask:`T3094` (bug): Can not specify multiple deny ports in FW rule +* :vytask:`T3102` (bug): Destination NAT fails to commit +* :vytask:`T2713` (bug): VyOS must not change permissions on files in /config/auth + + +2020-11-30 +========== + +* :vytask:`T3091` (feature): Add "tag" for static route +* :vytask:`T1207` (feature): DMVPN behind NAT + + +2020-11-29 +========== + +* :vytask:`T2297` (feature): NTP add support for pool configuration +* :vytask:`T3095` (feature): Migrate dhcp-relay and dhcpv6-relay to get_config_dict() + + +2020-11-28 +========== + +* :vytask:`T2890` (bug): NAT error adding translation address range +* :vytask:`T2868` (bug): Tcp-mss option in policy calls kernel-panic +* :vytask:`T3092` (feature): nat: migrate to get_config_dict() + + +2020-11-27 +========== + +* :vytask:`T2715` (feature): Duplicate address detection option supporting ARP +* :vytask:`T2714` (feature): A collection of utilities supporting IPv6 or ipv4 +* :vytask:`T3088` (feature): Migrate IGMP-Proxy over to get_config_dict() and add smoketests + + +2020-11-24 +========== + +* :vytask:`T3087` (feature): Update Linux Kernel to v4.19.160 + + +2020-11-23 +========== + +* :vytask:`T2177` (default): Commit fails on adding disabled interface to bridge +* :vytask:`T3066` (bug): reboot in - Invalid time +* :vytask:`T2802` (bug): Tunnel interface does not apply EUI-64 IPv6 Address +* :vytask:`T2359` (bug): Adding IPIP6 tun interface to bridge [conf_mode] errors +* :vytask:`T2357` (bug): GRE-bridge conf_mode errors +* :vytask:`T2259` (feature): Support for bind vif-c interfaces into VRFs +* :vytask:`T2205` (bug): "set interface ethernet" fails on Hyper-V +* :vytask:`T2182` (bug): Failure to commit an IPv6 address on a tunnel interface +* :vytask:`T2155` (bug): Cannot set anything on Intel 82599ES 10-Gigabit SFI/SFP+ +* :vytask:`T2153` (bug): traceroute circular reference +* :vytask:`T3081` (bug): get_config_dict() does not honor whitespaces in the CLI values field +* :vytask:`T3080` (bug): OpenVPN failing silently for a number of reasons in rolling post Nov/02 +* :vytask:`T3074` (bug): openvpn site-to-site dosn't work +* :vytask:`T2542` (bug): OpenVPN client tap interfaces not coming up +* :vytask:`T3084` (bug): wifi: TypeError on "show interfaces wireless info" + + +2020-11-21 +========== + +* :vytask:`T3079` (bug): Fix the problem that VLAN 1 will be deleted in VLAN-aware bridge +* :vytask:`T3060` (bug): OpenVPN not working in vyos-1.3-rolling-20201101 and after + + +2020-11-20 +========== + +* :vytask:`T3078` (feature): CLI cleanup: rename "system options" -> "system option" +* :vytask:`T2997` (feature): DHCP: disallow/do-not-request certain options when requesting IP address from server +* :vytask:`T3077` (feature): WireGuard: automatically create link-local IPv6 adresses +* :vytask:`T2550` (default): OpenVPN: IPv4 not working in client mode +* :vytask:`T3072` (feature): Migrate tunnel interfaces to new get_config_dict() approach +* :vytask:`T3065` (feature): Add "interfaces wirelessmodem" IPv6 support +* :vytask:`T3048` (feature): Drop static smp-affinity for a more dynamic way using tuned + + +2020-11-19 +========== + +* :vytask:`T3067` (bug): Wireless interface can no longer be added to the bridge after bridge VLAN support +* :vytask:`T3075` (feature): Update Linux Kernel to v4.19.158 + + +2020-11-16 +========== + +* :vytask:`T3003` (enhancment): Extend smoketest framework to allow loading an arbitrary config file + + +2020-11-15 +========== + +* :vytask:`T3069` (bug): openvpn - routed networks not available +* :vytask:`T3038` (feature): Supporting AZERTY keyboards +* :vytask:`T2993` (bug): op-mode: lldp: show lldp neighbors - AttributeError: 'str' object has no attribute 'items' +* :vytask:`T2564` (enhancment): Extend VyOS to support appliance LCDs + + +2020-11-14 +========== + +* :vytask:`T3041` (bug): Intel QAT: vyos-1.3-rolling-202011020217-amd64 kernel panic during configure + + +2020-11-13 +========== + +* :vytask:`T3063` (feature): Add support for Huawei LTE Module ME909s-120 +* :vytask:`T3059` (bug): L2TPv3 interface: Enforced to shutdown but no command to enable interface permanently + + +2020-11-12 +========== + +* :vytask:`T3064` (feature): Update Linux Kernel to v4.19.157 + + +2020-11-10 +========== + +* :vytask:`T2103` (bug): Abnormal interface names if VIF present + + +2020-11-08 +========== + +* :vytask:`T3050` (bug): Broken address/subnet validation on NAT configuration + + +2020-11-07 +========== + +* :vytask:`T2914` (bug): OpenVPN: Fix for IPv4 remote-host hostname in client mode: +* :vytask:`T2653` (feature): "set interfaces" Python handler code improvements - next iteration +* :vytask:`T311` (feature): DHCP: set client-hostname via CLI + + +2020-11-06 +========== + +* :vytask:`T3051` (bug): OpenVPN: multiple client routes do not work in server mode +* :vytask:`T3046` (bug): openvpn directory is not auto-created +* :vytask:`T3052` (feature): Update Linux firmware files to 20201022 version +* :vytask:`T2731` (bug): "show interfaces" returns invalid state when link is down + + +2020-11-05 +========== + +* :vytask:`T3049` (feature): Update Linux Kernel to v4.19.155 +* :vytask:`T2994` (feature): Migrate OpenVPN interfaces to get_config_dict() syntax + + +2020-11-03 +========== + +* :vytask:`T3043` (feature): Wireless: Refactor CLI +* :vytask:`T3034` (feature): Add WiFi WPA 3 support +* :vytask:`T2967` (bug): Duplicate IPv6 BFD Peers Created +* :vytask:`T2483` (bug): DHCP most likely not restarting pdns_recursor + + +2020-11-02 +========== + +* :vytask:`T3024` (bug): DHCPv6 PD configuration doesn't really render an expected behavior + + +2020-11-01 +========== + +* :vytask:`T3036` (feature): OpenVPN remote-address does not accept IPv6 address +* :vytask:`T3032` (feature): Ability to "set table" in the policy route-map +* :vytask:`T2193` (feature): Display disabled VRRP instances in a `show vrrp` output + + +2020-10-30 +========== + +* :vytask:`T2790` (feature): Add ability to set ipv6 protocol route-map for OSPFv3 +* :vytask:`T3033` (feature): Update Linux Kernel to v4.19.154 +* :vytask:`T2969` (bug): OpenVPN: command_set on interface is not applied, if interface doesn't come up in commit + + +2020-10-28 +========== + +* :vytask:`T2631` (default): l2tp, sstp, pptp add option to disable radius accounting +* :vytask:`T2630` (feature): Allow Interface MTU over 9000 +* :vytask:`T3027` (bug): Unable to update system Signature check FAILED +* :vytask:`T2995` (bug): Enhancements/bugfixes for vyos_dict_search() +* :vytask:`T2968` (feature): Add support for Intel Atom C2000 series QAT + + +2020-10-27 +========== + +* :vytask:`T3026` (default): qemu: update script for deprecated ssh_host_port_min/max +* :vytask:`T2938` (feature): Adding remote Syslog RFC5424 compatibility +* :vytask:`T2924` (bug): Using 'set src' in a route-map invalidates it as part of a subsequent boot-up +* :vytask:`T2587` (bug): Cannot enable the interface when the MTU is set to less than 1280 +* :vytask:`T2885` (default): configd: print commit errors to config session terminal +* :vytask:`T2808` (default): Add smoketest to ensure script consistency with config daemon +* :vytask:`T2582` (default): Script daemon to offload processing during commit +* :vytask:`T1721` (bug): Recursive Next Hop not updated for static routes + + +2020-10-26 +========== + +* :vytask:`T3016` (feature): dhcp-server: use better constraint error message on invalid subnet + + +2020-10-24 +========== + +* :vytask:`T3007` (default): HTTP-API should use config load script, not backend config load +* :vytask:`T2984` (bug): (igb, ixgbe) HW queues applied only for the first 2 interfaces +* :vytask:`T3009` (bug): vpn l2tp remoteaccess require option broken +* :vytask:`T3010` (bug): ttl option of gre-bridge +* :vytask:`T3005` (bug): Intel: update out-of-tree drivers, i40e driver warning +* :vytask:`T3004` (feature): ConfigSession should (optionally) use config load script +* :vytask:`T2723` (feature): Support tcptraceroute + + +2020-10-22 +========== + +* :vytask:`T2978` (bug): IPoE service does not work on shared mode. +* :vytask:`T2906` (bug): OpenVPN: tls-auth missing key direction + + +2020-10-21 +========== + +* :vytask:`T2828` (bug): BGP conf_mode error enforce-first-as +* :vytask:`T2749` (bug): Setting ethx configuration issue. +* :vytask:`T2138` (default): Can't load archived configs as they are gzipped + + +2020-10-20 +========== + +* :vytask:`T2987` (bug): VxLAN not working properly after upgrading to latest October build (also with newinstallation) +* :vytask:`T2989` (default): MPLS documentation expansion + + +2020-10-19 +========== + +* :vytask:`T1588` (bug): VRRP failed to start if any of its interaces not exist +* :vytask:`T1385` (feature): Allow bonding interfaces to have pseudo-ethernet interfaces +* :vytask:`T3000` (bug): Mismatch between "prefix-length" and "preference" in dhcp6-server syntax +* :vytask:`T2992` (feature): Automatically verify sha256 checksum on ISO download +* :vytask:`T752` (feature): Disable IPv4 forwarding on specific interface only + + +2020-10-18 +========== + +* :vytask:`T2965` (feature): Brief BFD Peer Info +* :vytask:`T2907` (feature): OpenVPN: Option to disable encryption +* :vytask:`T2985` (feature): Add glue code to create bridge interface on demand + + +2020-10-17 +========== + +* :vytask:`T2980` (bug): FRR bfdd crash due to invalid length +* :vytask:`T2991` (feature): Update WireGuard to 1.0.20200908 +* :vytask:`T2990` (feature): Update Linux Kernel to v4.19.152 +* :vytask:`T2981` (feature): MPLS LDP neighbor session clear capability +* :vytask:`T2792` (default): Failed to run `sudo make qemu` with vyos-build container due to the change of packer + + +2020-10-14 +========== + +* :vytask:`T2972` (bug): PPPoE server rate limiter allows max 65535 kbps to be set + + +2020-10-13 +========== + +* :vytask:`T2976` (bug): Client IP pool does not work for PPPoE local users + + +2020-10-12 +========== + +* :vytask:`T2951` (bug): monitor nat not working +* :vytask:`T2782` (bug): Changing timezone, does not restart rsyslog + + +2020-10-11 +========== + +* :vytask:`T2973` (bug): tftp-server cannot listen on IPv6 address + + +2020-10-08 +========== + +* :vytask:`T2891` (feature): Support to change ring-buffers from CLI + + +2020-10-06 +========== + +* :vytask:`T2957` (bug): show openvpn not returning anything + + +2020-10-05 +========== + +* :vytask:`T2963` (bug): Wireless: WIFI is not password protected when security wpa mode is not defined but passphrase is + + +2020-10-04 +========== + +* :vytask:`T2953` (feature): Accel-PPP services CLI config cleanup (SSTP, L2TP, PPPoE, IPoE) +* :vytask:`T2829` (bug): PPPoE server: mppe setting is implemented as node instead of leafNode +* :vytask:`T2960` (feature): sstp: migrate to get_config_dict() + + +2020-10-03 +========== + +* :vytask:`T2956` (feature): Add support for list of defaultValues +* :vytask:`T2955` (feature): Update Linux Kernel to v4.19.149 + + +2020-10-02 +========== + +* :vytask:`T2952` (bug): configd: timeout breaks synchronization of messages, causing freeze + + +2020-10-01 +========== + +* :vytask:`T2945` (bug): Interface removed from BRIDGE on setting changed +* :vytask:`T2948` (bug): NAT: OSError when configuring translation address range +* :vytask:`T2936` (feature): Migrate PPPoE server to get_config_dict() do reduce boilerplate code + + +2020-09-30 +========== + +* :vytask:`T2939` (bug): Wireguard Remove Peer Fails +* :vytask:`T2932` (bug): The second QAT device does not start + + +2020-09-29 +========== + +* :vytask:`T2919` (feature): PPPoE server: Called-Station-Id attribute +* :vytask:`T2918` (feature): Accounting interim jitter for pppoe, l2tp, pptp, ipoe +* :vytask:`T2917` (feature): PPPoE server: Preallocate NAS-Port-Id +* :vytask:`T2937` (feature): Update Linux Kernel to v4.19.148 + + +2020-09-27 +========== + +* :vytask:`T2930` (feature): Support configuration of MAC address for VXLAN and GENEVE tunnel + + +2020-09-26 +========== + +* :vytask:`T2902` (bug): "add system image" fails when appending XX to image name +* :vytask:`T2856` (bug): equuleus: `show version all` throws broken pipe exception on abort +* :vytask:`T2482` (enhancment): Update PowerDNS recursor to 4.3.1 for CVE-2020-10995 +* :vytask:`T2929` (bug): Upgrading from 1.2 (crux) to 1.3 rolling causes vyos.configtree.ConfigTreeError for RADIUS settings +* :vytask:`T2928` (bug): MTU less then 1280 bytes and IPv6 will raise FileNotFoundError +* :vytask:`T2926` (bug): snmp.py missing an import +* :vytask:`T2912` (feature): When setting MTU check for hardware maximum supported MTU size + + +2020-09-25 +========== + +* :vytask:`T2915` (bug): Lost "proxy-arp-pvlan" option for vlan +* :vytask:`T2925` (feature): Update Linux Kernel to v4.19.147 +* :vytask:`T2921` (feature): Migrate "service dns forwarding" to get_config_dict() for ease of source maintenance + + +2020-09-24 +========== + +* :vytask:`T2896` (bug): set ip route 0.0.0.0/0 dhcp-interface eth0 +* :vytask:`T2923` (bug): Configuring DHCPv6-PD without a interface to delegate to raises TypeError + + +2020-09-23 +========== + +* :vytask:`T2846` (bug): ip route doesn't show longer-prefixes + + +2020-09-20 +========== + +* :vytask:`T2904` (feature): 802.1ad / Q-in-Q ethertype default not utilized +* :vytask:`T2905` (feature): Sync CLI nodes between PPPoE and WWAN interface +* :vytask:`T2903` (feature): Q-in-Q (802.1.ad) ethertype should be defined explicitly and not via its raw value + + +2020-09-19 +========== + +* :vytask:`T2894` (bug): bond: lacp: member interfaces get removed once bond interface has vlans configured +* :vytask:`T2901` (feature): Update Linux Kernel to v4.19.146 +* :vytask:`T2900` (bug): DNS forwarding: invalid warning is shown for "system name-server" or "system name-servers-dhcp" even if present + + +2020-09-18 +========== + +* :vytask:`T945` (bug): Unable to change configuration after changing it from script (vbash + script-template) + + +2020-09-16 +========== + +* :vytask:`T2886` (bug): RADIUS authentication broken only returns operator level +* :vytask:`T2887` (bug): WiFi ht40+ channel width is not set in hostaptd.conf + + +2020-09-15 +========== + +* :vytask:`T2515` (bug): Ethernet interface is automatically disabled when removing it from bond + + +2020-09-14 +========== + +* :vytask:`T2872` (bug): "Show log" for nat and openvpn got inter-mixed +* :vytask:`T2301` (bug): Delete PBR vyatta_policy_ref +* :vytask:`T2880` (feature): Update Linux Kernel to v4.19.145 +* :vytask:`T2879` (feature): Cleanup 4.19.144 kernel configuration + + +2020-09-13 +========== + +* :vytask:`T2878` (feature): LACP / bonding: new op-mode command: show interfaces bonding bond0 detail +* :vytask:`T2858` (feature): Rewrite dynamic dns client to get_config_dict() +* :vytask:`T2857` (feature): Cleanup Intel QAT configuration script +* :vytask:`T2841` (bug): "monitor bandwidth-test initiate" does not accept IPv6 address as option +* :vytask:`T2877` (feature): LACP / bonding: support configuration of minimum number of links + + +2020-09-12 +========== + +* :vytask:`T2863` (default): Wireguard IPv6 Link-Local Addresses Are Not Unique +* :vytask:`T2876` (feature): Update Linux Kernel to v4.19.144 + + +2020-09-10 +========== + +* :vytask:`T2870` (feature): Update Linux Kernel to v5.8.8 + + +2020-09-09 +========== + +* :vytask:`T2728` (bug): Protocol option ignored for IPSec peers in transport mode +* :vytask:`T1934` (default): Change default hostname when deploy from OVA without params. +* :vytask:`T1953` (bug): DDNS service name validation rejects valid service names + + +2020-09-07 +========== + +* :vytask:`T1729` (default): PIM (Protocol Independent Multicast) implementation + + +2020-09-06 +========== + +* :vytask:`T2860` (bug): Update Accel-PPP to fix l2tp CVE + + +2020-09-02 +========== + +* :vytask:`T2833` (bug): vyos 1.3-rolling-202008200357 RIP outgoing update filter list no longer operational +* :vytask:`T2849` (bug): vyos.xml.defaults should return a list on multi nodes, by default + + +2020-08-31 +========== + +* :vytask:`T2636` (bug): get_config_dict() shall always return a list on <multi/> nodes + + +2020-08-30 +========== + +* :vytask:`T2843` (feature): Upgrade Linux Kernel to 5.8 series +* :vytask:`T2814` (default): kernel 5.1+ : NAT : module `nft_chain_nat_ipv4` renamed +* :vytask:`T2839` (feature): Upgrade WireGuard user-space tools and Kernel module +* :vytask:`T2842` (feature): Replace custom "wireguard, wireguard-tools" package with debian-backports version +* :vytask:`T1205` (bug): module pcspkr missing + + +2020-08-29 +========== + +* :vytask:`T2836` (default): show system integrity broken in 1.3 + + +2020-08-28 +========== + +* :vytask:`T2126` (bug): show vpn ipsec sa IPSec - Process NOT Running +* :vytask:`T2813` (bug): NAT: possible to commit illegal source nat without translation +* :vytask:`T1463` (bug): Missing command `show ip bgp scan` appears in command completion + + +2020-08-27 +========== + +* :vytask:`T2832` (feature): Migrate vyos-smoketest content into vyos-1x + + +2020-08-26 +========== + +* :vytask:`T2830` (default): Migrate "service https" to use get_config_dict() +* :vytask:`T2831` (feature): Update Linux Kernel to v4.19.142 + + +2020-08-25 +========== + +* :vytask:`T2826` (bug): frr: frr python lib error in replace_section + + +2020-08-24 +========== + +* :vytask:`T2423` (bug): Loadkey scp ssh key errors + + +2020-08-23 +========== + +* :vytask:`T2811` (bug): Does not possible to delete vpn anyconnect +* :vytask:`T2823` (bug): VXLAN has state A/D after configuration +* :vytask:`T2812` (default): Add basic smoketest for anyconnect + + +2020-08-22 +========== + +* :vytask:`T2822` (feature): Update Linux Kernel to v4.19.141 +* :vytask:`T2821` (feature): Support DHCPv6-PD without "address dhcpv6" +* :vytask:`T2677` (feature): Proposal for clearer DHCPv6-PD configuration options + + +2020-08-20 +========== + +* :vytask:`T2209` (bug): Documentation has reference to the old 'user x level admin' option +* :vytask:`T1665` (default): prefix-list and prefix-list6 rules incorrectly accept a host address where prefix is required +* :vytask:`T2815` (default): Move certbot config directory under /config/auth + + +2020-08-19 +========== + +* :vytask:`T2794` (bug): op-mode: lldp: "show lldp neighbors" IndexError: list index out of range +* :vytask:`T2791` (feature): "monitor traceroute" has no explicit IPv4/IPv6 support +* :vytask:`T1515` (bug): FRR ospf6d crashes when performing: "show ipv6 ospfv3 database" + + +2020-08-16 +========== + +* :vytask:`T2277` (bug): dhclient-script-vyos does not support VRFs +* :vytask:`T2090` (default): Deleting 'service salt-minion' causes python TypeError + + +2020-08-15 +========== + +* :vytask:`T2797` (feature): Update Linux Kernel to v4.19.139 +* :vytask:`T2796` (bug): PPPoE-Server: listen interface is mandatory but validation check is missing + + +2020-08-14 +========== + +* :vytask:`T2795` (bug): console server fails to commit + + +2020-08-12 +========== + +* :vytask:`T2786` (bug): OSPF Interface Cost +* :vytask:`T2325` (bug): NHRP op-mode errors +* :vytask:`T2227` (feature): MPLS documentation +* :vytask:`T2767` (bug): The interface cannot be disabled for network enabled configuration +* :vytask:`T2316` (bug): DHCP-server op-mode errors + + +2020-08-11 +========== + +* :vytask:`T2779` (bug): LLDP: "show lldp neighbors interface" does not yield any result +* :vytask:`T2379` (bug): But when I get DHCPv6 address for interface deletion, script execution error occurs +* :vytask:`T2784` (default): Remove unused arg from host_name.py functions verify and get_config + + +2020-08-10 +========== + +* :vytask:`T2780` (feature): Update Linux Kernel to v4.19.138 + + +2020-08-08 +========== + +* :vytask:`T2716` (bug): Shaper-HFSC shapes but does not control latency correctly +* :vytask:`T2497` (default): Cache config string during commit +* :vytask:`T2501` (bug): Cannot recover from failed boot config load +* :vytask:`T1974` (feature): Allow route-map to set administrative distance +* :vytask:`T1949` (bug): Multihop IPv6 BFD is unconfigurable + + +2020-08-04 +========== + +* :vytask:`T2758` (bug): router-advert: 'infinity' is not a valid integer number +* :vytask:`T2637` (bug): Vlan is not removed from the system +* :vytask:`T1194` (bug): cronjob is being setup even if not saved +* :vytask:`T1287` (bug): No DHCPv6 leases reported for "show dhcpv6 client leases" + + +2020-08-03 +========== + +* :vytask:`T2241` (default): Changing settings on an interface causes it to fall out of bridge +* :vytask:`T2757` (bug): "show system image version" contains additional new-line character breaking output +* :vytask:`T1826` (bug): Misleading message on "reboot at" command +* :vytask:`T1511` (default): Rewrite ethernet setup scripts to python +* :vytask:`T1600` (default): Convert 'ping' operation from vyatta-op to new syntax +* :vytask:`T1486` (bug): Unknown LLDP version reported to peers +* :vytask:`T1414` (enhancment): equuleus: buster: 10-unmountfs.chroot fail under apply +* :vytask:`T1076` (bug): SSH: make configuration (sshd_config) volatile and store it to /run +* :vytask:`T770` (bug): Bonded interfaces get updated with incorrect hw-id in config. +* :vytask:`T2724` (feature): Support for IPv6 Toolset +* :vytask:`T2323` (bug): LLDP: "show lldp neighbors detail" returns warnings when service is not configured +* :vytask:`T1754` (bug): DHCPv6 client is impossible to restart + + +2020-08-02 +========== + +* :vytask:`T2756` (feature): Accel-PPP: make RADIUS accounting port configurable + + +2020-08-01 +========== + +* :vytask:`T2752` (bug): Exception when configuring unavailable ethernet interface +* :vytask:`T2751` (feature): Update Linux Kernel to v4.19.136 +* :vytask:`T2753` (feature): Rewrite "add system image" op mode commands in XML +* :vytask:`T2690` (feature): Add VRF support to the add system image command + + +2020-07-30 +========== + +* :vytask:`T2746` (feature): IPv6 link-local addresses not configured +* :vytask:`T2678` (bug): High RAM usage on SSH logins with lots of IPv6 routes in the routing table. +* :vytask:`T2701` (bug): `vpn ipsec pfs enable` doesn't work with IKE groups +* :vytask:`T2745` (feature): router-advert: migrate to get_config_dict() + + +2020-07-29 +========== + +* :vytask:`T2743` (feature): WireGuard: move key migration from config script to migration script +* :vytask:`T1241` (bug): Remove of policy route throws CLI error +* :vytask:`T2742` (feature): mDNS repeater: migrate to get_config_dict() + + +2020-07-28 +========== + +* :vytask:`T1117` (feature): 'show ipv6 bgp route-map' missing +* :vytask:`T928` (feature): pimd support + + +2020-07-27 +========== + +* :vytask:`T2729` (feature): Pseudo-ethernet replace fail message. +* :vytask:`T1249` (feature): multiply PBR rules can set to a single interface +* :vytask:`T1956` (feature): PPPoE server: support PADO-delay +* :vytask:`T1295` (feature): FRR: update documentation +* :vytask:`T1222` (bug): OSPF routing problem - route looping +* :vytask:`T1158` (bug): Route-Map configuration dropped updating rc11 to epa2 +* :vytask:`T1130` (bug): Deleting BGP communities from prefix does not work +* :vytask:`T1086` (bug): Configs not saving +* :vytask:`T2067` (feature): pppoe-server: Add possibility set multiple service-name + + +2020-07-26 +========== + +* :vytask:`T2734` (feature): WireGuard: fwmark CLI definition is inconsistent +* :vytask:`T2733` (feature): Support MTU configuration on pseudo ethernet devices +* :vytask:`T2644` (default): Disabling Bonded Interfaces Broken +* :vytask:`T2476` (bug): Bond member description change leads to network outage +* :vytask:`T2443` (feature): NHRP: Add debugging information to syslog +* :vytask:`T2021` (bug): OSPFv3 doesn't support decimal area syntax +* :vytask:`T1901` (bug): Semicolon in values is interpreted as a part of the shell command by validators +* :vytask:`T2000` (bug): strongSwan does not install routes to table 220 in certain cases +* :vytask:`T2091` (bug): swanctl.conf file is not generated properly is more than one IPsec profile is used +* :vytask:`T1983` (feature): Expose route-map when BGP routes are programmed in to FIB +* :vytask:`T1973` (feature): Allow route-map to match on BGP local preference value +* :vytask:`T1853` (bug): wireguard - disable peer doesn't work +* :vytask:`T832` (bug): `show monitoring protocols bgp` doesn't work with frr +* :vytask:`T1985` (feature): pppoe: Enable ipv6 modules without configured ipv6 pools + + +2020-07-25 +========== + +* :vytask:`T2730` (feature): Update Linux Kernel to v4.19.134 +* :vytask:`T2106` (bug): Wrong interface states after reboot +* :vytask:`T1507` (default): cli: logical redundancy with boolean type + + +2020-07-24 +========== + +* :vytask:`T2097` (bug): Problems when using <path> as completion helper in op-mode +* :vytask:`T2092` (bug): dhcp-server rfc3442 static route sould add default route +* :vytask:`T1817` (bug): BGP next-hop-self not working. +* :vytask:`T1462` (bug): Upgrade path errors 1.1.8 to 1.2.1-S2 +* :vytask:`T1372` (bug): Diff functionality behaves incorrectly in some cases +* :vytask:`T2073` (feature): ipoe-server: reset op-mode command for sessions +* :vytask:`T1715` (bug): System DNS Server Order Incorrect + + +2020-07-23 +========== + +* :vytask:`T2673` (bug): After the bridge is configured with Mac, bridge is automatically disabled +* :vytask:`T2626` (bug): Changing pseudo-ethernet mode, throws CLI error +* :vytask:`T2608` (bug): delete pseudo-ethernet failed (another error type) +* :vytask:`T2527` (bug): bonding: the last slave interface is not deleted +* :vytask:`T2358` (bug): ip6ip6 bridge conf_mode errors +* :vytask:`T2346` (bug): Setting Hostname Returns Error +* :vytask:`T2330` (bug): Vpn op-mode syntax +* :vytask:`T2188` (default): NTP op-mode commands don't work + + +2020-07-22 +========== + +* :vytask:`T2718` (bug): ntp.conf updated incorrectly. +* :vytask:`T2658` (bug): Interface description comment display error +* :vytask:`T2643` (bug): Show Interface Command Issues +* :vytask:`T2725` (bug): Recent 1.3 rolling (since May) fail to load config if user has no password - KeyError: 'password_encrypted' +* :vytask:`T2707` (default): Allow alternative initialization data for Config + + +2020-07-20 +========== + +* :vytask:`T2709` (bug): Destination NAT translation port without address fails to commit +* :vytask:`T2519` (bug): Broadcast address does not add automatically + + +2020-07-19 +========== + +* :vytask:`T2708` (bug): "show flow-accounting" should not display script's "usage" help +* :vytask:`T2592` (default): dhcp-relay discarding packets on valid interfaces +* :vytask:`T2712` (feature): udp-broadcast-relay: serivce no longer starts +* :vytask:`T2706` (feature): Support NDP protocol monitoring + + +2020-07-18 +========== + +* :vytask:`T2704` (bug): connect/disconnect Missing newline in op-mode tab completion helper +* :vytask:`T2689` (feature): Add helper functions to query changes between session and effective configs +* :vytask:`T2585` (bug): Unable to access the Internet after opening PPPoE on-demand dialing + + +2020-07-15 +========== + +* :vytask:`T2675` (bug): DNS service failed to start +* :vytask:`T2596` (feature): Allow specifying source IP for 'add system image' + + +2020-07-12 +========== + +* :vytask:`T1575` (default): `show snmp mib ifmib` crashes with IndexError +* :vytask:`T2696` (bug): Some bugfixes of vyatta-wanloadbalance + + +2020-07-11 +========== + +* :vytask:`T2687` (feature): SNMP: change logic on v3 password encryption +* :vytask:`T2693` (bug): Dhcp6c cannot be restarted after PPPoE link is reset + + +2020-07-08 +========== + +* :vytask:`T2692` (bug): Evaluate Setting Default Hash Policy to L3+L4 +* :vytask:`T2646` (bug): Sysctl for IPv4 ECMP Hash Policy Not Set + + +2020-07-07 +========== + +* :vytask:`T2691` (bug): Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch +* :vytask:`T2389` (bug): BGP community-list unknown command +* :vytask:`T2686` (bug): FRR: BGP: large-community configuration is not applied properly after upgrading FRR to 7.3.x series + + +2020-07-06 +========== + +* :vytask:`T2680` (bug): Dhcp6c service can not recover when it fails. + + +2020-07-05 +========== + +* :vytask:`T2684` (feature): Update Linux Kernel to v4.19.131 +* :vytask:`T2685` (feature): Update Accel-PPP to fix SSTP client issues +* :vytask:`T2681` (bug): PPPoE stops negotiating IPv6 + + +2020-07-04 +========== + +* :vytask:`T2682` (bug): VRF aware services - connection no longer possible after system reboot + + +2020-07-03 +========== + +* :vytask:`T2670` (default): Remove dependency on show_config from get_config_dict +* :vytask:`T2676` (feature): NTP: migrate to get_config_dict() implementation + + +2020-07-02 +========== + +* :vytask:`T2668` (default): get_config_dict: add get_first_key arg to utility function get_sub_dict + + +2020-07-01 +========== + +* :vytask:`T2662` (default): get_config_dict includes node name as key only for tag and leaf nodes +* :vytask:`T2667` (feature): get_config_dict: Use utility function for non-empty path argument + + +2020-06-28 +========== + +* :vytask:`T2660` (bug): XML: Python default dictionary does not obey underscore (_) when flat is False + + +2020-06-27 +========== + +* :vytask:`T2656` (bug): XML: Python default dictionary returns wrong dictionary level(s) + + +2020-06-26 +========== + +* :vytask:`T2642` (bug): sshd Broken on Latest Rolling Release +* :vytask:`T2588` (default): Add support for default values to the interface-definition format +* :vytask:`T2622` (bug): An issue with config migration (interface pseudo ethernet) +* :vytask:`T2057` (feature): Generalised Interface configuration +* :vytask:`T2625` (feature): Provide generic Library for package builds + + +2020-06-25 +========== + +* :vytask:`T2487` (bug): VRRP does not display info when group disabled +* :vytask:`T2329` (bug): Show remote config openvpn +* :vytask:`T2165` (bug): When trying to add route to ripng it complains that ip address should be IPv4 format. +* :vytask:`T2159` (default): webproxy log read from wrong file +* :vytask:`T2101` (feature): Fix VXLAN config option parsing +* :vytask:`T2062` (bug): Wrong dhcp-server static route subnet bytes +* :vytask:`T1986` (bug): Python configuration manipulation library leaks open files +* :vytask:`T1762` (bug): VLAN interface configuration fails after internal representation of edit level was switched from a string to a list +* :vytask:`T1538` (bug): Update conntrack-sync packages to fix VRRP issues +* :vytask:`T1808` (feature): add package nftables + + +2020-06-24 +========== + +* :vytask:`T2634` (feature): remove autogeneration of interface "ip section" from vyatta-cfg-system +* :vytask:`T2633` (bug): Error with arp_accept on tun interface +* :vytask:`T2595` (feature): Update Linux Kernel to v4.19.128 +* :vytask:`T1938` (bug): syslog doesn't start automatically + + +2020-06-23 +========== + +* :vytask:`T2632` (bug): WireGuard: Can not use only one preshared-key for one peer +* :vytask:`T1829` (bug): Install Image script does not respect size of partition greater than 2G but less than disk size +* :vytask:`T2635` (feature): SSH: migrate to get_config_dict() + + +2020-06-22 +========== + +* :vytask:`T2486` (bug): DNS records set via 'system static-host-mapping' return NXDOMAIN from 'service dns forwarding' after a request to a forwarded zone +* :vytask:`T2463` (bug): DHCP-received nameserver not added to vyos-hostsd +* :vytask:`T2534` (bug): pdns-recursor override.conf error +* :vytask:`T2054` (bug): Changing "system name-server" doesn't update dns forwarding config, neither does "restart dns forwarding" +* :vytask:`T2225` (default): PIM/IGMP documentation + + +2020-06-21 +========== + +* :vytask:`T2624` (feature): Serial Console: fix migration script for configured powersave and no console +* :vytask:`T2610` (bug): default-lifetime is not reflected in the RA message +* :vytask:`T2299` (feature): login radius-server priority +* :vytask:`T1739` (bug): Serial interface seems not to be deleted properly +* :vytask:`T480` (bug): Error if no serial interface is present (/dev/ttyS0: not a tty) + + +2020-06-20 +========== + +* :vytask:`T2621` (bug): show interfaces repeats interface description if it is longer then an arbitrary number of characters +* :vytask:`T2618` (default): Conversion from 1.2 to 1.3 lost RADVD prefix autonomous-flag setting + + +2020-06-19 +========== + +* :vytask:`T2589` (bug): delete pseudo-ethernet failed +* :vytask:`T2490` (feature): Add serial (rs232) to ssh bridge service + + +2020-06-18 +========== + +* :vytask:`T2614` (default): Add an option to mangle dict keys to vyos.config.get_config_dict() +* :vytask:`T2026` (default): Make cli-shell-api correctly exit with non-zero code on failures +* :vytask:`T1868` (default): Add opportunity to get current values from API + + +2020-06-17 +========== + +* :vytask:`T2478` (feature): login radius: use NAS-IP-Address if defined source address +* :vytask:`T2141` (bug): Static ARP is not applied on boot +* :vytask:`T2609` (bug): router-advert: radvd does not start when lifetime is improperly configured +* :vytask:`T1720` (feature): support for more 'show ip route' commands + + +2020-06-16 +========== + +* :vytask:`T2604` (default): Remove use of is_tag in system-syslog.py +* :vytask:`T2605` (bug): SNMP service is not disabled by default +* :vytask:`T2568` (bug): Add some missing checks in config +* :vytask:`T2156` (default): PIM op-mode commands + + +2020-06-15 +========== + +* :vytask:`T2600` (bug): RADIUS system login configuration rendered wrongly +* :vytask:`T2599` (bug): "show interfaces" does not list VIF interfaces in ascending order +* :vytask:`T2591` (bug): show command has wrong interfaces ordering +* :vytask:`T2576` (bug): "show interfaces" does not return VTI + + +2020-06-14 +========== + +* :vytask:`T2354` (bug): Wireless conf_mode errors +* :vytask:`T2593` (bug): source NAT translation port can not be set when translation address is set to masquerade +* :vytask:`T2594` (default): Missing firmware for iwlwifi + + +2020-06-11 +========== + +* :vytask:`T2578` (bug): ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses +* :vytask:`T2571` (bug): NAT destination port with ! results in error +* :vytask:`T2570` (feature): Drop support for "system console device <device> modem" +* :vytask:`T2586` (bug): WWAN default route is not installed into VRF +* :vytask:`T2561` (feature): Drop support for "system console netconsole" +* :vytask:`T2569` (feature): Migrate "set system console" to XML and Python representation + + +2020-06-10 +========== + +* :vytask:`T2575` (bug): pppoe-server: does not possibly assign IP address +* :vytask:`T2565` (bug): Does not possible connect to l2tp server with radius auth +* :vytask:`T2553` (bug): Regression: set interface ethN vif-s nnnn does not commit on 1.3-rolling-202006050621 + + +2020-06-08 +========== + +* :vytask:`T2559` (feature): Add operational mode command to retrieve hardware sensor data + + +2020-06-07 +========== + +* :vytask:`T2529` (feature): WWAN: migrate from ttyUSB device to new device in /dev/serial/by-bus +* :vytask:`T2560` (feature): New op-mode command to display information about USB interfaces + + +2020-06-05 +========== + +* :vytask:`T2548` (bug): Interfaces allowing inappropriate network addresses to be assigned +* :vytask:`T1958` (default): Include only firmware we actually need + + +2020-06-04 +========== + +* :vytask:`T2514` (enhancment): "mac" setting for bond members + + +2020-06-02 +========== + +* :vytask:`T2129` (feature): XML schema: tagNode not allowed on first level in new XML op-mode definition +* :vytask:`T2545` (feature): Show physical device offloading capabilities for specified ethernet interface +* :vytask:`T2544` (feature): Enable Kernel KONFIG_KALLSYMS +* :vytask:`T2543` (feature): Kernel: always build perf binary but ship as additional deb package to not bloat the image +* :vytask:`T1096` (bug): BGP process memory leak + + +2020-06-01 +========== + +* :vytask:`T2535` (feature): Update Intel QAT drivers to 1.7.l.4.9.0-00008 +* :vytask:`T2537` (feature): Migrate "show log dns" from vyatta-op to vyos-1x +* :vytask:`T2536` (bug): "show log dns forwarding" still refers to dnsmasq +* :vytask:`T2538` (feature): Update Intel NIC drivers to recent release (preparation for Kernel >=5.4) +* :vytask:`T2526` (feature): Wake-On-Lan CLI implementation + + +2020-05-31 +========== + +* :vytask:`T2532` (feature): VRF aware OpenVPN + + +2020-05-30 +========== + +* :vytask:`T2388` (feature): template rendering should create folder and set permission +* :vytask:`T2531` (feature): Update Linux Kernel to v4.19.125 +* :vytask:`T2530` (bug): Error creating VRF with a name of exactly 16 characters +* :vytask:`T2460` (default): Migrate vyatta-nat-translations.pl to Python + + +2020-05-29 +========== + +* :vytask:`T2528` (bug): "update dns dynamic" throws FileNotFoundError excepton + + +2020-05-28 +========== + +* :vytask:`T1291` (default): Under certain conditions the VTI will stay forever down + + +2020-05-27 +========== + +* :vytask:`T2395` (feature): HTTP API move to flask/flask-restx as microframework +* :vytask:`T1121` (bug): Can't search for prefixes by community: Community malformed: AA:NN + + +2020-05-26 +========== + +* :vytask:`T2520` (bug): Show conntrack fail +* :vytask:`T2502` (bug): PPPoE default route not installed for IPv6 when "default-route auto" +* :vytask:`T2458` (feature): Update FRR to 7.3.1 +* :vytask:`T2506` (feature): DHCPv6-PD add prefix hint CLI option + + +2020-05-25 +========== + +* :vytask:`T2391` (bug): pppoe-server session-control does not work +* :vytask:`T2269` (feature): SSTP specify tunnels names +* :vytask:`T1137` (bug): 'sh ip bgp sum' being truncated + + +2020-05-22 +========== + +* :vytask:`T2491` (feature): MACsec: create CLI for replay protection +* :vytask:`T2489` (feature): Add MACsec interfaces to "show interfaces" output +* :vytask:`T2201` (feature): Rewrite protocol BGP [op-mode] to new XML/Python style +* :vytask:`T2492` (feature): Do not set encrypted user password when it is not changed +* :vytask:`T2496` (feature): Set default to new syntax for config file component versions +* :vytask:`T2493` (feature): Update Linux Kernel to v4.19.124 +* :vytask:`T2380` (bug): After PPPoE 0 is restarted, the default static route is lost + + +2020-05-21 +========== + +* :vytask:`T1876` (bug): IPSec VTI tunnels are deleted after rekey and dangling around as A/D +* :vytask:`T2488` (feature): Remove logfile for dialup interfaces like pppoe and wwan +* :vytask:`T2475` (bug): linting +* :vytask:`T1820` (bug): VRRP transition scripts for sync-groups are not supported in VyOS (anymore) +* :vytask:`T2364` (default): Add CLI command for mroute +* :vytask:`T2023` (feature): Add support for 802.1ae MACsec + + +2020-05-20 +========== + +* :vytask:`T2480` (bug): NAT: after rewrite commit tells that dnat IP address is not locally connected +* :vytask:`T103` (bug): DHCP server prepends shared network name to hostnames + + +2020-05-19 +========== + +* :vytask:`T2481` (feature): WireGuard: support tunnel via IPv6 underlay +* :vytask:`T421` (bug): VyOS lacks DHCPv6-PD (Prefix delegation) length / IA_PD support +* :vytask:`T815` (feature): Add DHCPv6 prefix-delegation support + + +2020-05-17 +========== + +* :vytask:`T2471` (feature): PPPoE server: always add AdvAutonomousFlag when IPv6 is configured +* :vytask:`T2409` (default): At boot, effective config should not be equal to current config + + +2020-05-16 +========== + +* :vytask:`T2466` (bug): live-build encounters apt dependency problem when building with local packages +* :vytask:`T2470` (feature): Update to PowerDNS recursor 4.3 +* :vytask:`T2469` (feature): Update Linux Kernel to v4.19.123 +* :vytask:`T2198` (default): Rewrite NAT in new XML/Python style + + +2020-05-15 +========== + +* :vytask:`T2449` (bug): 'ipv6 address autoconf' and 'address dhcpv6' don't work because interfaces have accept_ra=1 (they should have accept_ra=2 when forwarding=1) + + +2020-05-14 +========== + +* :vytask:`T2456` (bug): netflow source-ip cannot be configured + + +2020-05-13 +========== + +* :vytask:`T2435` (bug): Pseudo-ethernet Interfaces Broken +* :vytask:`T2294` (bug): ipoe-server broken (jinja2 template issue) + + +2020-05-12 +========== + +* :vytask:`T2454` (feature): Update Linux Kernel to v4.19.122 +* :vytask:`T2392` (bug): SSTP with ipv6 + + +2020-05-10 +========== + +* :vytask:`T2445` (bug): VRF route leaking for ipv4 not working +* :vytask:`T2372` (bug): VLAN: error on commit if main interface is disabled +* :vytask:`T2439` (bug): Configuration dependency problem, unable to load complex configuration after reboot + + +2020-05-09 +========== + +* :vytask:`T2427` (default): Interface addressing broken since fix for T2372 was merged +* :vytask:`T2438` (default): isc-dhcp-server(6).service reports startup success immediately even if dhcpd fails to start up +* :vytask:`T2432` (default): dhcpd: Can't create new lease file: Permission denied +* :vytask:`T2367` (default): Flush addresses from bridge members + + +2020-05-08 +========== + +* :vytask:`T2441` (bug): TZ validator has a parse error +* :vytask:`T2429` (bug): Vyos cannot apply VLAN sub interface to bridge + + +2020-05-06 +========== + +* :vytask:`T2402` (bug): Live ISO should warn when configuring that changes won't persist + + +2020-05-05 +========== + +* :vytask:`T1899` (bug): Unionfs metadata folder is copied to the active configuration directory + + +2020-05-04 +========== + +* :vytask:`T2412` (bug): ping flood does not work +* :vytask:`T701` (bug): LTE interface dosen't come up +* :vytask:`T951` (bug): command 'isolate-stations true/false' does not make any changes in the hostapd.conf + + +2020-05-03 +========== + +* :vytask:`T2420` (feature): Update Linux Kernel to v4.19.120 +* :vytask:`T2406` (feature): DHCPv6 CLI improvements +* :vytask:`T2421` (feature): Update WireGuard to Debian release 1.0.20200429-2_bpo10+1 + + +2020-05-02 +========== + +* :vytask:`T2414` (feature): Improve runtime from Python numeric validator +* :vytask:`T2413` (feature): Update Linux Kernel to v4.19.119 + + +2020-05-01 +========== + +* :vytask:`T2411` (feature): op-mode: make "monitor traceroute" VRF aware +* :vytask:`T2347` (bug): During commit, any script output directed to stdout will contain path +* :vytask:`T2239` (default): build-vmware-image script ignores the predefined file path, uses the environment variable unconditionally. + + +2020-04-29 +========== + +* :vytask:`T2399` (bug): op-mode "dhcp client leases" does not return leases +* :vytask:`T2398` (bug): op-mode "dhcp client leases interface" completion helper misses interfaces +* :vytask:`T2394` (feature): dhcpv6 client does not start +* :vytask:`T2393` (feature): dhclient: migrate from SysVinit to systemd +* :vytask:`T2268` (bug): DHCPv6 is broken + + +2020-04-28 +========== + +* :vytask:`T1227` (bug): rip PW can't be set at interface config + + +2020-04-27 +========== + +* :vytask:`T2373` (feature): Required auth options for pppoe-server +* :vytask:`T1381` (feature): Enable DHCP option 121 processing +* :vytask:`T2010` (bug): Reboot at reports wrong time or missing timezone + + +2020-04-26 +========== + +* :vytask:`T2386` (bug): salt: upgrade to 2019.2 packages +* :vytask:`T2385` (bug): salt-minion: improve completion helpers +* :vytask:`T2384` (bug): salt-minion: log to syslog and remove custom logging option +* :vytask:`T2383` (feature): Update Linux Kernel to v4.19.118 +* :vytask:`T2382` (bug): salt-minion: Throws KeyError on commit +* :vytask:`T2350` (bug): Interface geneve conf-mode error + + +2020-04-25 +========== + +* :vytask:`T2304` (feature): "system login" add RADIUS VRF support +* :vytask:`T1842` (bug): Equuleus: "reboot at 04:00" command not working + + +2020-04-24 +========== + +* :vytask:`T2375` (feature): WireGuard: throw exception if address and port are not given as both are mandatory +* :vytask:`T2348` (bug): On IPv6 address distribution and DHCPv6 bugs + + +2020-04-23 +========== + +* :vytask:`T2369` (feature): VRF: can not leak interface route from default VRf to any other VRF +* :vytask:`T2368` (bug): VRF: missing completion helper when leaking to default table +* :vytask:`T2374` (bug): Tunnel interface can not be disabled +* :vytask:`T2362` (default): IPv6 link-local addresses missing due to EUI64 address code, causing router-advert not to work +* :vytask:`T2345` (default): IPv6 router-advert not working + + +2020-04-22 +========== + +* :vytask:`T2361` (bug): Unable to delete VLAN vif interface +* :vytask:`T2339` (bug): OpenVPN: IPv4 no longer working after adding IPv6 support +* :vytask:`T2331` (bug): VRRP op-mode errors +* :vytask:`T2320` (bug): Wireguard creates non-existing interfaces in [op-mode]. +* :vytask:`T2096` (feature): Provide "generate" and "show" commands via the http API +* :vytask:`T2351` (feature): Cleanup PPTP server implementation and CLI commands + + +2020-04-21 +========== + +* :vytask:`T2341` (bug): Pseudo-ethernet Interfaces Not Loaded on Boot +* :vytask:`T2270` (bug): using load with scp/sftp and a username and password does not work +* :vytask:`T2255` (bug): DNS forwarding op-mode error +* :vytask:`T1907` (bug): Traceback on a non-existent interface. +* :vytask:`T2204` (feature): Support tunnel source-interface + + +2020-04-20 +========== + +* :vytask:`T2335` (bug): Unable to assign IPv6 from ISP +* :vytask:`T2317` (bug): l2tp overwriting ipsec config files +* :vytask:`T2292` (bug): Ensure graceful shutdown of vyos-http-api +* :vytask:`T2344` (bug): PPPoE server client static IP assignment silently fails + + +2020-04-19 +========== + +* :vytask:`T2337` (default): hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028 +* :vytask:`T2340` (feature): Remove informational "sg" messages from syslog +* :vytask:`T2338` (bug): Can't delete static IPv6 route on vrf +* :vytask:`T2336` (bug): OpenVPN service fails to start +* :vytask:`T2308` (default): openvpn op-mode scripts broken after migrating to systemd service +* :vytask:`T2185` (default): Start daemons with systemd units instead of with start-stop-daemon + + +2020-04-18 +========== + +* :vytask:`T2318` (bug): dns-forwarding migrationscript broken +* :vytask:`T2319` (feature): Update Linux Kernel to v4.19.116 +* :vytask:`T2314` (feature): Cleanup PPPoE server implementation and CLI commands +* :vytask:`T2313` (bug): Accel-PPP / PPPoEserver raises "Floating point exception" when not all limits are defined +* :vytask:`T2312` (feature): Use LED modules to enable more visible feedback on VyOS hardware chassis +* :vytask:`T2306` (feature): Add new cipher suites to the WiFi configuration +* :vytask:`T2286` (default): IPoE server vulnerability +* :vytask:`T2224` (feature): Update Linux Kernel to v4.19.114 +* :vytask:`T2110` (feature): RADIUS: supply include file for radius config to have a uniform CLI +* :vytask:`T1874` (bug): FRR crashing triggered by RPKI +* :vytask:`T2324` (feature): Cleanup IPoE server implementation and CLI commands + + +2020-04-17 +========== + +* :vytask:`T2275` (bug): flow-accounting broken in rolling +* :vytask:`T2256` (feature): Accel-ppp op-mode syntax + + +2020-04-16 +========== + +* :vytask:`T2295` (bug): Passwords with Special Characters Broken +* :vytask:`T2305` (feature): Add release name to "show version" command +* :vytask:`T2235` (default): OpenVPN server client IP doesn't reserve that IP in the pool +* :vytask:`T149` (feature): IPv6 support in OpenVPN tunnel + + +2020-04-15 +========== + +* :vytask:`T2293` (bug): OpenVPN: UnboundLocalError after merging server_network PullRequest +* :vytask:`T2298` (bug): Errors PDNS with name-server set + + +2020-04-14 +========== + +* :vytask:`T2213` (bug): vyos-1x: WiFi mode ieee80211ac should also activate ieee80211n + + +2020-04-13 +========== + +* :vytask:`T2283` (default): openvpn not starting: ccd path in template not moved to /run/openvpn/ccd +* :vytask:`T2236` (bug): DMVPN broken after tunnel rewrite to XML/Python +* :vytask:`T2284` (default): Upgrade ddclient to 3.9.1 which also brings systemd files +* :vytask:`T2282` (feature): Clarify hw-id in ethernet and wireless interface nodes +* :vytask:`T611` (feature): Static route syntax should reflect `ip` command routing capabilities, if possible. + + +2020-04-12 +========== + +* :vytask:`T2273` (default): OpenVPN no longer starts in latest rolling, migrate to systemd +* :vytask:`T2263` (feature): Reset feature for SSTP sessions +* :vytask:`T2262` (bug): Broken reset commands for pptp and l2tp +* :vytask:`T2059` (default): Set source-validation on bond vif don't work +* :vytask:`T2276` (default): PPPoE server vulnerability +* :vytask:`T1490` (bug): BGP configuration (is lost|not applied) when updating 1.1.8 -> 1.2.1 +* :vytask:`T1828` (bug): Missing completion helper for "set system syslog host 192.0.2.1 facility all protocol" +* :vytask:`T2031` (bug): pseudo-ethernet link interface can not be changed + + +2020-04-11 +========== + +* :vytask:`T2264` (feature): l2tp: cleanup CLI definition +* :vytask:`T2233` (bug): Typos in wlanX.cfg +* :vytask:`T2238` (bug): After re-writing list_interfaces.py to use Interfaces() pseudo-ethernet is missing + + +2020-04-10 +========== + +* :vytask:`T2265` (feature): DHCP to be an attribute of the class instead of a inheritance +* :vytask:`T2261` (bug): "client-config-dir" not being set for openvpn in 1.3-rolling-202004090909 +* :vytask:`T2248` (bug): PPPoE Broken in Latest 1.3 Rolling (1.3-rolling-202004070629) +* :vytask:`T1629` (bug): IP addresses configured on vif-s interfaces are not added to the system +* :vytask:`T2266` (default): openvpn bridged client-server doesn't work (validation error) +* :vytask:`T2253` (default): Fix use of cmd in merge config and remote function helpers + + +2020-04-09 +========== + +* :vytask:`T2260` (feature): vxlan, pseudo-ethernet: convert link nodes to source-interface +* :vytask:`T2252` (bug): HTTP API add system image can return '504 Gateway Time-out' +* :vytask:`T2172` (feature): Enable conf VXLAN without remote address +* :vytask:`T2237` (bug): l2tp, pptp, pppoe wrong chap-secrets file + + +2020-04-08 +========== + +* :vytask:`T2244` (feature): WireGuard: cleanup Python implementation and reduce amount of boilerplate code +* :vytask:`T2186` (feature): Provide more information to the user when a traceback is reported to the user +* :vytask:`T2246` (bug): LLDP op-mode error +* :vytask:`T2240` (feature): Support for bind vif-c interfaces into VRFs +* :vytask:`T2160` (feature): Allow restricting HTTP API to specific virtual hosts +* :vytask:`T2247` (feature): WireGuard: add VRF support + + +2020-04-05 +========== + +* :vytask:`T2228` (bug): WireGuard does not allow ports < 1024 to be used +* :vytask:`T2212` (bug): vyos-1x: WiFi card antenna count not set accordingly +* :vytask:`T2230` (feature): Split out inlined Jina2 template to data/templates folder +* :vytask:`T2206` (feature): Split WireGuard endpoint into proper host and port nodes +* :vytask:`T2032` (bug): Monitor bandwidth bits + + +2020-04-04 +========== + +* :vytask:`T2158` (bug): Commit fails if ethernet interface doesn't support flow control (pause) +* :vytask:`T2221` (bug): Ability to remove a VRF that has a next-hop-vrf as target +* :vytask:`T2211` (bug): vyos-1x: VHT channel width not set accordingly +* :vytask:`T2208` (bug): vyos-1x: commit on interfaces wireless wlanX capabilities vht link-adaptation (both|unsolicited) fails +* :vytask:`T2183` (bug): Number of bugs with wireguard script due to interface rearrangement. +* :vytask:`T2104` (default): ifconfig.py size +* :vytask:`T2028` (feature): Convert "interfaces tunnel" to new XML/Python representation +* :vytask:`T2219` (bug): VRF default route of PPPoE and WWAN interfaces do not get added into proper routing table +* :vytask:`T2222` (default): openvpn: requires "multihome" option to listen on all addresses with udp protocol + + +2020-04-02 +========== + +* :vytask:`T2072` (bug): Shell autocomplete of option (config node) with quoted value doesn't work +* :vytask:`T1823` (feature): l2tpv3 interface migration fails +* :vytask:`T2202` (feature): Update PowerDNS recursor to 4.2 series +* :vytask:`T2200` (feature): Add VRF support on wirelessmodem interfaces + + +2020-03-31 +========== + +* :vytask:`T2166` (bug): Broken proxy-arp on vif +* :vytask:`T2069` (bug): PPPoE-client does not works with service-name option +* :vytask:`T2180` (bug): get_config_dict should be independent of CLI edit level +* :vytask:`T2053` (default): Update vyos-load-config.py for version string syntax change +* :vytask:`T2052` (default): Update vyos-merge-config.py for version string syntax change +* :vytask:`T2144` (default): vyos-build: docker: selection of text in the terminal still selects it in vim (mouse isn't completely disabled) + + +2020-03-30 +========== + +* :vytask:`T2176` (default): 'WiFiIf' object has no attribute 'set_state' +* :vytask:`T2029` (feature): Switch to new syntax for config file component versions + + +2020-03-29 +========== + +* :vytask:`T2178` (bug): VRF interface don't get removed when VRF is deleted +* :vytask:`T2170` (feature): Add ability to create static route from default to VRF +* :vytask:`T1831` (feature): Denest IPv6 router-advert from Interfaces to general service + + +2020-03-28 +========== + +* :vytask:`T2167` (bug): vyos.ifconfig.get_mac() broken +* :vytask:`T2151` (default): wireless: can't delete interface present in config but not present in system +* :vytask:`T1988` (feature): Migrate wirelessmodem to new XML/Python style interface + + +2020-03-27 +========== + +* :vytask:`T2164` (bug): Package libstrongswan-standard-plugins missing from image +* :vytask:`T2105` (bug): wireless: not possible to disabled wlan0 +* :vytask:`T2169` (default): Remove redundant use of show_config in vyos-merge-config + + +2020-03-26 +========== + +* :vytask:`T2162` (default): migration script for router-advert sets link-mtu 0 on bridge interfaces +* :vytask:`T1735` (bug): Issue in "show vpn ipsec/ike sa" output with ipsec encryption algorithm aes128gcm128/aes256gcm128/chacha etc + + +2020-03-25 +========== + +* :vytask:`T2148` (default): openvpn: setting "server client" config without "server client ip" results in ValueError: '' does not appear to be an IPv4 or IPv6 address +* :vytask:`T2146` (default): openvpn: "delete server client" doesn't delete the corresponding ccd configs + + +2020-03-24 +========== + +* :vytask:`T2157` (default): Organize service https listen-address/listen-port/server-name under 'virtual-host' node +* :vytask:`T1845` (bug): syslog host no longer accepts a port + + +2020-03-22 +========== + +* :vytask:`T2150` (feature): SSTP ssl certificates can only be stored in /config/user-data/sstp +* :vytask:`T2149` (feature): Update Linux Kernel to v4.19.112 +* :vytask:`T1884` (default): Keeping VRRP transition-script native behaviour and adding stop-script +* :vytask:`T1020` (bug): OSPF Stops distributing default route after a while +* :vytask:`T476` (enhancment): Start builds for Debian 10 (Buster) + + +2020-03-21 +========== + +* :vytask:`T2142` (bug): vyos-build: Add required packages and step to build-GCE-image script +* :vytask:`T1870` (feature): Extend Pipeline scripts to support PullRequests +* :vytask:`T1936` (feature): pppoe-server CLI control features + + +2020-03-20 +========== + +* :vytask:`T2006` (bug): SSTP RADIUS CLI accepts invalid values +* :vytask:`T2140` (default): openvpn: tls file check function checkCertHeader returns True even when no match is found +* :vytask:`T2007` (feature): SSTP accepts client MTU up to 16384 bytes +* :vytask:`T2008` (feature): Adjustment of SSTP CLI to be more consistent to the rest of VyOS + + +2020-03-19 +========== + +* :vytask:`T2135` (bug): Login banner missing spacing now +* :vytask:`T2132` (feature): Document kernel boot parameter 'vyos-config-debug' +* :vytask:`T1744` (default): Config load fails in ConfigTree with ValueError: Failed to parse config: lexing: empty token +* :vytask:`T1301` (default): bgp peer-groups don't work when "no-ipv4-unicast" is enabled. + + +2020-03-17 +========== + +* :vytask:`T2134` (bug): VXLAN: `NameError: name 'config' is not defined` + + +2020-03-16 +========== + +* :vytask:`T1803` (bug): Unbind NTP while it's not requested... +* :vytask:`T2131` (feature): Improve syslog remote host CLI definition + + +2020-03-15 +========== + +* :vytask:`T2122` (feature): Update Intel out-of-tree drivers to latest version(s) +* :vytask:`T2121` (feature): Update Linux Kernel to v4.19.109 +* :vytask:`T2119` (bug): Error on boot when removing ethernet interface from VM +* :vytask:`T1970` (bug): Correct adding interfaces on boot +* :vytask:`T1967` (bug): BGP parameter "enforce-first-as" does not work anymore +* :vytask:`T1432` (enhancment): Implement config write API for Python +* :vytask:`T1431` (feature): Implement an HTTP API for config reading and modification +* :vytask:`T2120` (bug): "reset vpn ipsec-peer" doesn't work with named peers +* :vytask:`T2001` (bug): Error when router reboot +* :vytask:`T1891` (bug): Router announcements broken on boot +* :vytask:`T1832` (feature): radvd adding feature DNSSL branch.example.com example.com to existing package + + +2020-03-14 +========== + +* :vytask:`T834` (feature): accel-ppp: l2tp implementation + + +2020-03-13 +========== + +* :vytask:`T1935` (bug): NIC identification and usage problem in Hyper-V environments +* :vytask:`T1821` (bug): "authentication mode radius" has no effect for PPPoE server +* :vytask:`T1622` (default): Add failsafe and back trace to boot config loader + + +2020-03-11 +========== + +* :vytask:`T1961` (bug): VXLAN - fails to commit due to non-existent variable, broken MTU +* :vytask:`T2084` (default): conntrack-tools package build error for current/equuleus + + +2020-03-10 +========== + +* :vytask:`T1331` (bug): DNS stops working + + +2020-03-09 +========== + +* :vytask:`T2111` (feature): VRF add route leaking support +* :vytask:`T2109` (bug): Ping by name broken in VyOS 1.3-rolling-202003080217 +* :vytask:`T1416` (default): 2 dhcp server run in failover mode can't sync hostname with each other +* :vytask:`T2065` (bug): VyOS 1.3 Don't set daemon in openvpn-{intf}.conf file +* :vytask:`T31` (feature): Add VRF support + + +2020-03-08 +========== + +* :vytask:`T1954` (bug): Having `system login radius` configured causes exponentially long boot times +* :vytask:`T1760` (bug): RADIUS shared secret is not redacted from "show configuration" op mode command + + +2020-03-07 +========== + +* :vytask:`T2107` (bug): Wireless interfaces do not work in station mode without security + + +2020-03-05 +========== + +* :vytask:`T2074` (bug): VyOS docker container: Does not possible to configure ethernet interface + + +2020-03-04 +========== + +* :vytask:`T2098` (bug): Wrong call to cli-shell-api in generated op-mode templates for path completion helper + + +2020-03-03 +========== + +* :vytask:`T2095` (bug): Copy command errors out + + +2020-03-01 +========== + +* :vytask:`T2082` (bug): WireGuard broken after merging T2057 +* :vytask:`T2089` (feature): RADIUS: do not query servers when commit is running started from a non RADIUS user +* :vytask:`T2087` (feature): Add maxfail 0 option to pppoe configuration. +* :vytask:`T2086` (feature): Move sudo session open/close log entries to auth.log + + +2020-02-29 +========== + +* :vytask:`T2046` (feature): allowing sub-classes of Interface to redefine how the interface is created +* :vytask:`T2077` (bug): ISO build from crux branch is failing + + +2020-02-28 +========== + +* :vytask:`T2083` (default): vyos-build: build-packages fails at mdns-repeater due to wrong branch +* :vytask:`T2080` (default): traffic-policy shaper error when setting bandwidth + + +2020-02-27 +========== + +* :vytask:`T2075` (feature): Add support for OpenVPN tls-crypt file option +* :vytask:`T2079` (feature): Update Linux Kernel to v4.19.106 +* :vytask:`T2068` (feature): Update Linux Kernel to v4.19.105 +* :vytask:`T1703` (default): Macvlan PPPoE support +* :vytask:`T2078` (feature): Kernel: remove unused RAID functions 5,6,10,jbod,dm + + +2020-02-25 +========== + +* :vytask:`T1971` (bug): Missing modules in initrd.img for PXE boot +* :vytask:`T2070` (feature): Rewrite (dis-)connect op-mode commands in XML and Python +* :vytask:`T2071` (feature): Add possibility to temporary disable a RADIUS server used for system login + + +2020-02-23 +========== + +* :vytask:`T2055` (feature): Remove IPv6 router-advert options for PPPoE +* :vytask:`T1998` (feature): Update FRR to 7.3 +* :vytask:`T1318` (feature): PPPoE client CLI redesign + + +2020-02-22 +========== + +* :vytask:`T2063` (feature): vyos-salt-minion package is missing from vyos-world + + +2020-02-20 +========== + +* :vytask:`T1969` (default): OSPF with WireGuard cause Route Inactive + + +2020-02-18 +========== + +* :vytask:`T2034` (default): Removal of interfaces loopback lo removed 127.0.0.1 and ::1 + + +2020-02-17 +========== + +* :vytask:`T2047` (feature): Update Linux Kernel to v4.19.104 +* :vytask:`T2048` (bug): ISO boot failes when wireleass adapter is present + + +2020-02-16 +========== + +* :vytask:`T2043` (bug): Bond VLANs can't be extended on the fly +* :vytask:`T2030` (bug): Bond doesn't survive reboot +* :vytask:`T1992` (bug): Adding vlan on a bond resets all BGP connections on same bond +* :vytask:`T1908` (feature): Add zone option for Cloudflare DDNS +* :vytask:`T1246` (bug): VyOS 1.2.0 "openvpn-options" configuration does not allow quotes in values + + +2020-02-15 +========== + +* :vytask:`T2042` (bug): Error on reboot after deleting "service snmp" and not "service lldp snmp enable" +* :vytask:`T2041` (bug): Adding non existent bond interface raises exception + + +2020-02-14 +========== + +* :vytask:`T2039` (bug): Wrong system type displayed. +* :vytask:`T2040` (bug): vyos-http-api-server should reload Config in all routes + + +2020-02-13 +========== + +* :vytask:`T2033` (feature): Drop vyos-replace package +* :vytask:`T1635` (feature): Rewrite interface pseudo-ethernet in new XML/Python style + + +2020-02-10 +========== + +* :vytask:`T2024` (feature): Migrate "system login banner" to XML/Python + + +2020-02-09 +========== + +* :vytask:`T2022` (feature): When RADIUS config is active, local logins won't work +* :vytask:`T2020` (default): Unable to log in after upgrade to 1.3-rolling-202002080217 +* :vytask:`T1931` (bug): Enabling SNMP commit error + + +2020-02-08 +========== + +* :vytask:`T1851` (bug): wireguard - changing the pubkey on an existing peer seems to destroy the running config. + + +2020-02-05 +========== + +* :vytask:`T1948` (bug): RADIUS login broken in 1.3 +* :vytask:`T1990` (feature): Migrate "system login" to XML/Python representation +* :vytask:`T1585` (default): Add letsencrypt/certbot support for 'service https' + + +2020-02-04 +========== + +* :vytask:`T1965` (bug): VyOS-1.3: ping no longer supports specifying interface or source + + +2020-02-02 +========== + +* :vytask:`T2011` (feature): Update Linux Kernel to v4.19.101 +* :vytask:`T640` (bug): Images no longer work when built without "recommended" packages + + +2020-02-01 +========== + +* :vytask:`T2009` (bug): Ethernet Interface always stays down +* :vytask:`T1989` (bug): conf.get_config_dict() throws exception + + +2020-01-31 +========== + +* :vytask:`T1768` (bug): PPtP - vyos.config rewrite +* :vytask:`T2002` (bug): VLAN interfaces try to be enabled even if parent interface is A/D + + +2020-01-30 +========== + +* :vytask:`T1994` (default): lldpd not bound to specified interfaces - Fix jinja template +* :vytask:`T1896` (enhancment): Remove LLDP-MED civic_based location information +* :vytask:`T1724` (feature): wireguard - add endpoint check in verify() + + +2020-01-29 +========== + +* :vytask:`T1392` (bug): Large firewall rulesets cause the system to lose configuration and crash at startup +* :vytask:`T1996` (feature): Update Linux Kernel to 4.19.99 +* :vytask:`T1950` (default): Store VyOS configuration syntax version data in JSON file +* :vytask:`T1862` (default): Use regex pattern \s+ to split strings on whitespace in Python 3.7 +* :vytask:`T1780` (feature): Adding ipsec ike closeaction +* :vytask:`T1755` (bug): Python KeyError exceptions raised with 'show vpn ipsec sa' command under use of certain IPSEC cipher suites. +* :vytask:`T1747` (bug): L2TP breaks after upgrading to VyOS 1.2-rolling-201910180117 [issue report and proposed solution] +* :vytask:`T1664` (bug): Ipoe with bond per vlan don't work +* :vytask:`T1452` (feature): accel-pppoe - add vendor option to shaper +* :vytask:`T1376` (feature): Incorrect DHCP lease counting +* :vytask:`T1341` (default): Adding rate-limiter for pppoe server users +* :vytask:`T1895` (feature): There is not restriction on selection of syslog facility +* :vytask:`T1670` (feature): OpenVPN option for tls-auth + + +2020-01-26 +========== + +* :vytask:`T1937` (bug): snmpd throwing a tremendous amount of errors +* :vytask:`T1767` (bug): IPoE - vyos.config rewrite +* :vytask:`T1765` (bug): wireguard - vyos.config rewrite +* :vytask:`T1964` (default): SNMP Script-extensions allows names with spaces, but commit fails + + +2020-01-25 +========== + +* :vytask:`T1902` (feature): Add redistribute non main table in bgp +* :vytask:`T1900` (default): Enable SNMP for VRRP. + + +2020-01-24 +========== + +* :vytask:`T1975` (bug): OpenVPN tap devices won't come up automatically + + +2020-01-23 +========== + +* :vytask:`T1766` (bug): service-pppoe - vyos.config rewrite + + +2020-01-21 +========== + +* :vytask:`T1784` (bug): DMVPN with IPSec does not work in HUB mode +* :vytask:`T1977` (bug): webproxy error on fresh install + + +2020-01-18 +========== + +* :vytask:`T1830` (feature): 1.3-rolling boots to GRUB prompt post-install on UEFI systems +* :vytask:`T1940` (bug): EFI Fresh Install fails to boot, 4K Sector Drives Fail to boot EFI + + +2020-01-16 +========== + +* :vytask:`T1880` (default): "A stop job is running for live-tools - System Support Scripts" hangs, times out when shutting down equuleus live iso + + +2020-01-15 +========== + +* :vytask:`T1959` (bug): Error message when adding IPSec VPN +* :vytask:`T1827` (feature): Increase default gc_thresh + + +2020-01-13 +========== + +* :vytask:`T1909` (bug): Incorrect behaviour of static routes with overlapping networks + + +2020-01-09 +========== + +* :vytask:`T1955` (feature): snmp - cli config val_help missing +* :vytask:`T1813` (bug): error in generated /etc/hosts file + + +2020-01-08 +========== + +* :vytask:`T1946` (bug): Recovery ifname for PPtP remote-access + + +2020-01-03 +========== + +* :vytask:`T1939` (feature): Provide abstraction for interface "ip" options + + +2020-01-01 +========== + +* :vytask:`T1903` (default): Implementation udev predefined interface naming +* :vytask:`T1825` (feature): Improve DHCP configuration error message +* :vytask:`T1779` (bug): Tunnel interfaces aren't suggested as being available for bridging +* :vytask:`T1430` (default): Add options for custom DHCP client-id and hostname + + +2019-12-31 +========== + +* :vytask:`T1654` (bug): sFlow: multiple "sflow server" not work, and "disable-imt" could break configuration +* :vytask:`T1923` (feature): Migrate L2TPv3 interface to XML/Python + + +2019-12-30 +========== + +* :vytask:`T1920` (bug): beep: Error: Running under sudo, which is not supported for security reasons. +* :vytask:`T1918` (bug): l2tp / ipsec config broken in latest daily +* :vytask:`T1897` (bug): IPSec - 1.2 to 1.3 migration failed +* :vytask:`T1921` (bug): snmp: VyOS options no longer recognized +* :vytask:`T1922` (feature): Add VXLAN IPv6 support +* :vytask:`T1858` (default): l2tp: Delete depricated outside-nexthop and add gateway-address +* :vytask:`T1919` (feature): Migrate "system options" to XML/Python representation + + +2019-12-28 +========== + +* :vytask:`T1917` (feature): Update WireGuard to Debian release 0.0.20191219-1 +* :vytask:`T1916` (feature): Update Linux Kernel to v4.19.91 +* :vytask:`T1915` (bug): Remove "system ipv6 blacklist" option +* :vytask:`T1912` (feature): Migrate "system (ip|ipv6)" to XML/Python representation + + +2019-12-27 +========== + +* :vytask:`T1910` (bug): Invalid parmissions on latest 1.3 rolling ISO images + + +2019-12-26 +========== + +* :vytask:`T1794` (bug): Interface description can't contain a colon +* :vytask:`T1906` (feature): Migrate "system time-zone" configuration to XML/Python + + +2019-12-23 +========== + +* :vytask:`T1898` (enhancment): Support multiple IPv4/IPv6 LLDP management addresses +* :vytask:`T1878` (bug): accel-ppp: pppoe single-session option implementation +* :vytask:`T258` (default): Can not configure wan load-balancing on vyos-1.2 + + +2019-12-22 +========== + +* :vytask:`T393` (enhancment): Migrate vyatta-lldpd to vyos-1x + + +2019-12-20 +========== + +* :vytask:`T1892` (default): vyos-build: Do not install recommends in docker image [enhancement] +* :vytask:`T1893` (bug): igmp-proxy: Do not allow adding unknown interface +* :vytask:`T1411` (enhancment): equuleus: buster: vyatta-ravpn: libfreeradius-client2 is missing in buster + + +2019-12-19 +========== + +* :vytask:`T1873` (default): DHCP server fails to start due to a change in isc-dhcp-server init scripts +* :vytask:`T1881` (bug): Execute permissions are removed from custom SNMP scripts at commit time + + +2019-12-18 +========== + +* :vytask:`T1889` (bug): Error building docker build image +* :vytask:`T1132` (default): Build on Debian Buster + + +2019-12-17 +========== + +* :vytask:`T1886` (feature): Update Linux Kernel to v4.19.89 +* :vytask:`T1887` (feature): Update WireGuard to Debian release 0.0.20191212-1 + + +2019-12-15 +========== + +* :vytask:`T1879` (bug): Extend Dynamic DNS XML definition value help strings and validators + + +2019-12-13 +========== + +* :vytask:`T1861` (default): hosts lost after modified static-host-mapping + + +2019-12-12 +========== + +* :vytask:`T1864` (feature): Lower IPSec DPD timeout lower limit from 10s -> 2s + + +2019-12-10 +========== + +* :vytask:`T1843` (feature): Add GCC preprocessor support for XML files +* :vytask:`T1017` (bug): 1.2.0-rc7 duplex auto (autogenerated config) setting not accepted + + +2019-12-08 +========== + +* :vytask:`T1566` (feature): Extend L2TP/IPSec server with IPv6 + + +2019-12-07 +========== + +* :vytask:`T1714` (bug): Disable DHCP Nameservers Not Working + + +2019-12-06 +========== + +* :vytask:`T1860` (feature): Update WireGuard to Debian release 0.0.20191127-2 +* :vytask:`T1859` (feature): Update Linux Kernel to v4.19.88 +* :vytask:`T1854` (bug): Dynamic DNS configuration cannot be deleted +* :vytask:`T1568` (default): strip-private command improvement for additional masking of IPv6 and MAC address +* :vytask:`T1849` (bug): DHCPv6 client does not start +* :vytask:`T1169` (bug): LLDP potentially broken +* :vytask:`T586` (bug): Cannot add ethernet vif-s vif-c interface to bridge-group + + +2019-12-05 +========== + +* :vytask:`T1847` (bug): set_level incorrectly handles path given as empty string + + +2019-12-04 +========== + +* :vytask:`T1787` (default): Failed config migration from V1.2.3 to 1.2-rolling-201911030217 +* :vytask:`T1212` (bug): IPSec Tunnel to Cisco ASA drops reliably after 4.2GB transferred +* :vytask:`T1704` (feature): OpenVPN - Add support for ncp-ciphers + + +2019-12-03 +========== + +* :vytask:`T1782` (bug): pppoe0: showing as "Coming up" +* :vytask:`T1801` (bug): Unescaped backslashes in config values cause configuration failure + + +2019-12-02 +========== + +* :vytask:`T1841` (bug): PPP ipv6-up.d direcotry missing +* :vytask:`T1840` (bug): PPPoE doesn't not rename pppX to pppoeX + + +2019-11-28 +========== + +* :vytask:`T1299` (feature): Allow SNMPd to be extended with custom scripts + + +2019-11-25 +========== + +* :vytask:`T1824` (bug): Permission denied: '/opt/vyatta/etc/config/vyos-migrate.log' + + +2019-11-24 +========== + +* :vytask:`T1673` (bug): vif bridge-group not migrated to bridge member interface +* :vytask:`T1799` (feature): Add support for GENEVE (Generic Network Virtualization Encapsulation) + + +2019-11-23 +========== + +* :vytask:`T1812` (bug): DHCP: hostnames of clients not resolving after update v1.2.3 -> 1.2-rolling +* :vytask:`T1627` (feature): Rewrite wireless interface in new style XML syntax +* :vytask:`T1811` (bug): Upgrade from 1.1.8: Config file migration failed: module=l2tp + + +2019-11-22 +========== + +* :vytask:`T1786` (bug): disable-dhcp-nameservers is missed in current host_name.py implementation +* :vytask:`T1749` (bug): numeric validator doesn't support multiple ranges +* :vytask:`T1701` (bug): Delete domain-name and domain-search won't work +* :vytask:`T1694` (default): NTPd: Do not listen on all interfaces by default +* :vytask:`T1678` (bug): hostfile-update missing line feed +* :vytask:`T1593` (feature): Support ip6gre +* :vytask:`T1391` (feature): In route-map set community additive +* :vytask:`T1772` (bug): <regex> constraints in XML are partially broken +* :vytask:`T1597` (bug): /usr/sbin/rsyslogd after deleting "system syslog" + + +2019-11-21 +========== + +* :vytask:`T1818` (default): Print name of migration script on failure +* :vytask:`T1814` (default): Add log of migration scripts run during config migration + + +2019-11-19 +========== + +* :vytask:`T1705` (default): High CPU usage by bgpd when snmp is active + + +2019-11-17 +========== + +* :vytask:`T1742` (default): NHRP unable to commit. +* :vytask:`T1740` (default): Broken OSPFv2 virtual-link authentication +* :vytask:`T1485` (bug): Enable 'AdvIntervalOpt' option in for radvd.conf +* :vytask:`T1470` (enhancment): improve output of "show dhcpv6 server leases" +* :vytask:`T1421` (bug): OpenVPN client push-route stopped working, needs added quotes to fix +* :vytask:`T1183` (feature): BFD Support via FRR +* :vytask:`T1578` (bug): completion offers "show table", but show table does not exist +* :vytask:`T1401` (bug): Copying files with the FTP protocol fails if the password contains special characters +* :vytask:`T1351` (feature): accel-pppoe adding CIDR based IP pool option + + +2019-11-16 +========== + +* :vytask:`T1788` (feature): Intel QAT (QuickAssist Technology ) implementation + + +2019-11-14 +========== + +* :vytask:`T1710` (default): [equuleus] buster: add patch to fix live-build missing key error +* :vytask:`T1804` (default): Add python3-psutil to docker image +* :vytask:`T1736` (default): Decide on best practice for patching live-team packages for VyOS build system +* :vytask:`T1424` (default): Rewrite the config load script + + +2019-11-12 +========== + +* :vytask:`T1800` (feature): Update Linux Kernel to v4.19.84 + + +2019-11-11 +========== + +* :vytask:`T1793` (feature): Editing description on an interface causes BGP sessions to reset on commit + + +2019-11-10 +========== + +* :vytask:`T1598` (default): New implementation of the resolv.conf and hosts update mechanism +* :vytask:`T1792` (feature): Update WireGuard to Debian release 0.0.20191012-1 +* :vytask:`T1791` (feature): Update Linux Kernel to 4.19.82 + + +2019-11-09 +========== + +* :vytask:`T1030` (bug): Upgrade ddclient from 3.8.2 to 3.9.0 (support Cloudflare API v4) + + +2019-11-08 +========== + +* :vytask:`T1789` (bug): ddclient not working with generated RFC2136 / nsupdate config + + +2019-11-03 +========== + +* :vytask:`T1777` (bug): Bonding interface MAC address missmatch after reboot +* :vytask:`T1752` (bug): PPPoE does not automatically start on boot + + +2019-11-02 +========== + +* :vytask:`T1783` (bug): Interface can't unpin from bridge + + +2019-10-30 +========== + +* :vytask:`T1778` (bug): Kilobits/Megabits difference in configuration Vyos/FRR + + +2019-10-28 +========== + +* :vytask:`T1769` (feature): Remove complex SNMPv3 Transport Security Model (TSM) +* :vytask:`T1738` (bug): Copy SNMP configuration from node to node raises exception +* :vytask:`T818` (feature): SNMP v3 - remove required engineid from user node + + +2019-10-26 +========== + +* :vytask:`T1560` (default): "set load-balancing wan rule 0" causes segfault and prevents load balancing from starting + + +2019-10-22 +========== + +* :vytask:`T1756` (feature): Modify output to be more useful - Wireguard + + +2019-10-21 +========== + +* :vytask:`T1741` (feature): Add system wide proxy setting + + +2019-10-19 +========== + +* :vytask:`T1746` (bug): 201910180117 fails startup with 'Permission Denied' errors +* :vytask:`T1745` (default): dhcp-server commit fails with "DHCP range stop address x must be greater or equal to the range start address y!" when static mapping has same IP as range stop +* :vytask:`T1743` (default): equuleus: remove references to SSH key type "rsa1" deprecated in Debian Buster + + +2019-10-18 +========== + +* :vytask:`T1712` (default): DHCP client sometimes doesn't start +* :vytask:`T1684` (bug): Unable to enable IPv6 autoconf on PPPoE +* :vytask:`T1604` (enhancment): equuleus: buster: vbash: tab completion breaks + + +2019-10-17 +========== + +* :vytask:`T1737` (bug): SNMP tab completion missing + + +2019-10-14 +========== + +* :vytask:`T1726` (bug): Update Linux Firmware binaries to a more recent version 2019-03-14 -> 2019-10-07 +* :vytask:`T1716` (feature): Update Intel NIC drivers to recent versions + + +2019-10-13 +========== + +* :vytask:`T1728` (feature): Update Linux Kernel to 4.19.79 + + +2019-10-11 +========== + +* :vytask:`T1723` (bug): wireguard - Interface wg01 could not be brought up in time + + +2019-10-09 +========== + +* :vytask:`T1719` (feature): ssh deprecated options +* :vytask:`T1718` (bug): ISO check in /opt/vyatta/sbin/install-image faulty +* :vytask:`T1682` (feature): Migrate to new Jenkins Pipeline script + + +2019-10-08 +========== + +* :vytask:`T1717` (bug): disable multiple daemons to autostart at boot + + +2019-10-06 +========== + +* :vytask:`T1713` (feature): Remove deprecated packages no longer required after migration to Accel-PPP +* :vytask:`T1709` (bug): Update WireGuard to 0.0.20190913 +* :vytask:`T1708` (bug): Update Rolling Release Kernel to 4.19.76 + + +2019-10-04 +========== + +* :vytask:`T1707` (bug): DHCP static mapping and exclude address not working +* :vytask:`T1496` (bug): Separate rolling release and LTS kernel builds + + +2019-10-03 +========== + +* :vytask:`T1689` (feature): "reset openvpn" op-mode command should terminate and restart OpenVPN process + + +2019-10-01 +========== + +* :vytask:`T1706` (bug): wireguard broken in latest rolling + + +2019-09-30 +========== + +* :vytask:`T1642` (bug): BGP configuration error when using remove-private-as +* :vytask:`T1688` (feature): OpenVPN - Add new cipher aes-(128|192|256)-gcm + + +2019-09-28 +========== + +* :vytask:`T1696` (bug): NTP - Tests fail when building vyos-1x +* :vytask:`T1512` (bug): vyos 1.2 openvpn client names with spaces created incorrectly + + +2019-09-27 +========== + +* :vytask:`T1681` (feature): cleanup wireguard code since tagnodes are now visible +* :vytask:`T1695` (bug): Syntax error in interface-dummy.py + + +2019-09-26 +========== + +* :vytask:`T1692` (bug): ipoe-server verify function error +* :vytask:`T1691` (bug): OpenVPN - Commiting config when OpenVPN peer/server not available makes commit hang +* :vytask:`T1690` (feature): restart op-mode commands for 'service (pppoe|ipoe)-server' + + +2019-09-25 +========== + +* :vytask:`T1672` (bug): Wireguard keys not automatically moved + + +2019-09-23 +========== + +* :vytask:`T1679` (bug): during bootup: invalid literal for int() with base 10 +* :vytask:`T1680` (feature): DHCP client does not release IP address on exit/deletion + + +2019-09-21 +========== + +* :vytask:`T1676` (default): [equuleus] buster: update GRUB boot parameters during upgrade +* :vytask:`T1637` (feature): Rewrite ethernet interface in new style XML syntax +* :vytask:`T1675` (feature): OpenVPN - Specify minimum TLS version + + +2019-09-20 +========== + +* :vytask:`T1602` (default): equuleus: buster: add live build apt options for choosing vyos packages + + +2019-09-19 +========== + +* :vytask:`T1666` (feature): Deleting a bond will place member interfaces into A/D state + + +2019-09-17 +========== + +* :vytask:`T239` (bug): firewall all-ping setting is confusing + + +2019-09-16 +========== + +* :vytask:`T1040` (default): rc.local is executed too early + + +2019-09-15 +========== + +* :vytask:`T1662` (default): openvpn: 'show openvpn client' error +* :vytask:`T1661` (default): openvpn: wrong checking for existence cert files +* :vytask:`T1630` (bug): OpenVPN after changing it from root to nobody (unprivileged user) cant add routes + + +2019-09-13 +========== + +* :vytask:`T1660` (bug): Bonding dont’t work on VyOS 1.2-rolling-201909120338 +* :vytask:`T1655` (enhancment): equuleus: buster: arm: vyos-accel-ppp build failes because of filename hardcoded as x86_64 in debian/rules + + +2019-09-12 +========== + +* :vytask:`T1572` (feature): Wireguard keyPair per interface +* :vytask:`T1545` (bug): IPSEC vti issue + + +2019-09-10 +========== + +* :vytask:`T1650` (feature): implement wireguard default key removal +* :vytask:`T1649` (feature): feature documentation different keypairs per interface +* :vytask:`T1648` (feature): add cli command 'delete wireguard named-key <key>' + + +2019-09-09 +========== + +* :vytask:`T1639` (bug): wireguard pubkey change error + + +2019-09-07 +========== + +* :vytask:`T1640` (feature): Update Linux Kernel to v4.19.70 + + +2019-09-06 +========== + +* :vytask:`T1624` (bug): Failed to set up config session +* :vytask:`T1636` (feature): Rewrite VXLAN in new style XML/Python +* :vytask:`T1623` (default): Systemd reports dependency cycle during boot +* :vytask:`T1479` (bug): libvyosconfig error reporting doesn't include line numbers +* :vytask:`T808` (feature): replace lighthttpd with nginx +* :vytask:`T1616` (bug): 'renew dhcpv6 interface <interfaceName>' command fails, but work within config session +* :vytask:`T1478` (bug): libvyosconfig parser does not support escaped quotes inside single-quoted strings +* :vytask:`T1360` (bug): DNS nameservers from dhcp not set + + +2019-09-05 +========== + +* :vytask:`T1443` (default): New "service https" implementation + + +2019-09-04 +========== + +* :vytask:`T1632` (bug): OpenVPN 'push' options with quotes +* :vytask:`T1631` (bug): Multiple push-route options cause error generating openvpn configuration +* :vytask:`T1605` (bug): L2tp over IPsec not working in Crux +* :vytask:`T1557` (feature): Create generic abstraction for configuring interfaces e.g. IP address +* :vytask:`T1439` (bug): DHCPv6 static-mappings not working due to excess quotes around dhcp6.client-id +* :vytask:`T1628` (feature): Adopt WireGuard configuration script to new vyos.ifconfig class +* :vytask:`T1543` (enhancment): Add a source address/interface option for commit archive connections +* :vytask:`T1614` (feature): Rewrite bonding interface in new style XML syntax + + +2019-09-02 +========== + +* :vytask:`T1621` (default): Rewrite the rest of trivial vyatta-op commands to new syntax + + +2019-08-31 +========== + +* :vytask:`T1559` (default): webproxy (squidguard) doesn't work +* :vytask:`T1531` (bug): Several bugs in cluster configuration +* :vytask:`T1530` (bug): vyos 1.2.1 "set system syslog global archive file" don't work +* :vytask:`T1529` (bug): BGP unnumbered is not working with a vif interface +* :vytask:`T1472` (bug): Impossible to recreate group in rfc3768-compatibility mode +* :vytask:`T1468` (bug): BGP route-reflector-client config erroneously claims remote-as is incorrect +* :vytask:`T1460` (bug): "show firewall ...." doesn't support counters with more than eight digits +* :vytask:`T1456` (bug): Port group cannot be configured if the same port is configured as standalone and inside a range +* :vytask:`T1450` (default): crux: ping * flood is not working +* :vytask:`T1428` (default): Wireguard: fwmark setting is not honored +* :vytask:`T1420` (bug): logrotate permission errors on vyatta logfiles +* :vytask:`T1362` (bug): Incorrect handling of special characters in VRRP passwords + + +2019-08-30 +========== + +* :vytask:`T1587` (bug): New implementation of "monitor interface" + + +2019-08-29 +========== + +* :vytask:`T1571` (bug): `show log vpn ipsec` produces no output + + +2019-08-28 +========== + +* :vytask:`T1615` (feature): After migration to pyroute2 the address DHCP statement is no longer covered + + +2019-08-27 +========== + +* :vytask:`T1613` (bug): IPv6 traffic is not captured by NetFlow sensor (pmacct/NFLOG) +* :vytask:`T1617` (default): OpenVPN push route failure +* :vytask:`T1250` (bug): FRR not setting default gateway from dhcp + + +2019-08-26 +========== + +* :vytask:`T1591` (bug): OpenVPN "run show openvpn client status" does not work +* :vytask:`T1608` (feature): bridge: Bridge adding non existing interfaces is allowed but does not work +* :vytask:`T1548` (feature): Rewrite OpenVPN interface/op-commands in new style XML/Python +* :vytask:`T1607` (default): Convert 'reset conntrack' and 'reset ip[v6] cache' operations from vyatta-op to new syntax + + +2019-08-25 +========== + +* :vytask:`T1611` (default): Migration to latest rolling fails with vyos.configtree.ConfigTreeError: Path [b'interfaces bridge br0 igmp-snooping querier'] doesn't exist +* :vytask:`T1333` (bug): pdns_recursor does not perform recursive lookups on domain specific forwarders +* :vytask:`T1524` (feature): Add support to set allow-from network in DNS forwarding + + +2019-08-23 +========== + +* :vytask:`T1606` (bug): Rolling release no longer boots after adding hostname daemon + + +2019-08-22 +========== + +* :vytask:`T1131` (bug): open-vm-tools causing 100% CPU load + + +2019-08-21 +========== + +* :vytask:`T1601` (feature): Rewrite loopback interface type with new style XML/Python interface +* :vytask:`T1596` (default): Convert 'telnet' and 'traceroute' vyatta-op commands to new syntax + + +2019-08-20 +========== + +* :vytask:`T1595` (feature): Migrate deprecated "service dns forwarding listen-on" to listen-address + + +2019-08-19 +========== + +* :vytask:`T1580` (feature): Rewrite dummy interface type with new style XML/Python interface +* :vytask:`T1590` (default): Convert 'show system' operations from vyatta-op to python/xml syntax +* :vytask:`T1377` (default): BGP Weight Not properly applying + + +2019-08-17 +========== + +* :vytask:`T1592` (feature): Update Linux Kernel to v4.19.67 +* :vytask:`T1551` (default): Error when creating QinQ interface without earlier sets firewall name, if it used + + +2019-08-15 +========== + +* :vytask:`T1584` (default): equuleus: buster: add consistent grub options for predictable interface names + + +2019-08-13 +========== + +* :vytask:`T1556` (feature): Rewrite Bridge in new style XML syntax + + +2019-08-09 +========== + +* :vytask:`T1569` (feature): interfaceconfig class documetation + + +2019-08-05 +========== + +* :vytask:`T1562` (feature): Change version scheme on current branch used for rolling releases + + +2019-08-04 +========== + +* :vytask:`T1561` (bug): VyOS rolling ISO cluttered with vyatta-ravpn Git Repo + + +2019-08-03 +========== + +* :vytask:`T1554` (bug): Enable RSS (Receive Side Scaling) and Multiqueue for Intel drivers + + +2019-08-02 +========== + +* :vytask:`T853` (feature): accel-ppp: SSTP implementation +* :vytask:`T742` (feature): Implement accel-ppp in VyOS + + +2019-08-01 +========== + +* :vytask:`T1544` (feature): L2TP documentation + + +2019-07-31 +========== + +* :vytask:`T1552` (feature): accel-ppp: SSTP documentation +* :vytask:`T1553` (default): equuleus: buster: add 'noautologin' to boot parameters + + +2019-07-29 +========== + +* :vytask:`T1532` (default): [equuleus] buster: GPG error on vyos package repository + + +2019-07-28 +========== + +* :vytask:`T1547` (feature): accel-ppp/L2TP restructure CLI +* :vytask:`T1546` (bug): accel-ppp/L2TP radius-source address is not honored + + +2019-07-23 +========== + +* :vytask:`T1533` (bug): Rolling builds broken! +* :vytask:`T1489` (feature): Add vlan_mon usage at Accel + + +2019-07-22 +========== + +* :vytask:`T1435` (enhancment): Make ip-address [OPTIONAL] (in dhcp-server -> static-mapping) to cope with "unfriendly" client-hostnames of IoT-Devices + + +2019-07-21 +========== + +* :vytask:`T823` (feature): Rewrite DHCP op mode in the new style + + +2019-07-18 +========== + +* :vytask:`T1497` (bug): "set system name-server" generates invalid/incorrect resolv.conf +* :vytask:`T533` (feature): PPPoE MTU graeter than 1492 + + +2019-07-15 +========== + +* :vytask:`T1526` (feature): [SNMP] write documentation for snmp script extension +* :vytask:`T1516` (bug): [wireguard] config changes cause an error + + +2019-07-14 +========== + +* :vytask:`T1066` (bug): Missing NICs + + +2019-07-10 +========== + +* :vytask:`T1505` (bug): vyos.config return_effective_values does not convert the output to a list +* :vytask:`T1503` (feature): Add functions for commit lock checking +* :vytask:`T1504` (bug): DHCP-provided DNS servers are not propagated to resolv.conf +* :vytask:`T1400` (bug): iBGP: remote-as and router AS can't be the same value + + +2019-07-08 +========== + +* :vytask:`T1465` (bug): Priority inversion in "interfaces vti vtiX ip" +* :vytask:`T1510` (feature): [IPoE] vlan-mon option implementation +* :vytask:`T1508` (feature): [pppoe] migration script for service pppoe-server interface +* :vytask:`T1494` (feature): accel-ppp: IPoE update documentation +* :vytask:`T989` (feature): accel-ppp: IPoE implementation + + +2019-07-03 +========== + +* :vytask:`T1502` (feature): Add build sanity checking tools to the dev builds +* :vytask:`T1469` (enhancment): Create forward-zones-recurse entry instead of forward-zones when setting service dns forwarding + + +2019-07-02 +========== + +* :vytask:`T1099` (default): Openvpn: use config files instead of one long command. +* :vytask:`T1495` (feature): accel-ppp: IPoE implement IPv6 PD + + +2019-07-01 +========== + +* :vytask:`T1498` (bug): Nameservers are not propagated into resolv.conf + + +2019-06-24 +========== + +* :vytask:`T1482` (feature): Add OpenVPN SHA384 hashing algorithm +* :vytask:`T1484` (bug): OSPF md5 key not removed in strip-private + + +2019-06-23 +========== + +* :vytask:`T1477` (feature): Intel i40evf fails to load - unknown symbol +* :vytask:`T1474` (feature): Update WireGuard to 0.0.20190601 +* :vytask:`T1473` (feature): Update Kernel from 4.19.52 to 4.19.54 +* :vytask:`T1476` (bug): Update PowerDNS recursor to 4.2 series +* :vytask:`T1475` (feature): Enable Kernel Data Center Bridging (CONFIG_DCB) support +* :vytask:`T1471` (bug): Wireguard interfaces have no firewall subtree +* :vytask:`T1455` (feature): Update Intel i40e driver to 2.9.21 +* :vytask:`T1464` (feature): FRR: Set explicit OSPFv3 network type for specified interface + + +2019-06-22 +========== + +* :vytask:`T1371` (bug): Arguments of VRRP health check scripts are ignored +* :vytask:`T1313` (feature): Add support for reusable build flavours +* :vytask:`T1202` (bug): Add `hvinfo` to the packages directory +* :vytask:`T1433` (bug): "show dhcpv6 server leases" shows leases from wrong file + + +2019-06-20 +========== + +* :vytask:`T1461` (bug): Deleting 'firewall options' causes Python TypeError +* :vytask:`T1413` (enhancment): equuleus: buster: vyos-xe-guest-utilities is not installable and breaks live-build +* :vytask:`T1412` (enhancment): equuleus: buster: vyos-netplug is not installable and breaks live-build + + +2019-06-19 +========== + +* :vytask:`T1453` (bug): Warning: nss-myhostname is not installed +* :vytask:`T1447` (bug): Python subprocess called without import in host_name.py +* :vytask:`T1334` (feature): Migration script runner rewrite +* :vytask:`T1327` (bug): Set the serial console speed to 115200 by default +* :vytask:`T1454` (bug): Reading deprecated /etc/frr/daemons.conf + + +2019-06-18 +========== + +* :vytask:`T1451` (bug): Intel e1000e driver missing in lates rolling release +* :vytask:`T1446` (default): Raid install with efi can generate some warning output. +* :vytask:`T1444` (feature): Update Linux Kernel to v4.19.52 + + +2019-06-17 +========== + +* :vytask:`T1394` (bug): syslog systemd and host_name.py race condition +* :vytask:`T1408` (feature): pppoe-server - implement local-ipv6 for pure IPv6 based deployments +* :vytask:`T1390` (default): Extend bgp config for bestpath as-path multipath-relax + + +2019-06-16 +========== + +* :vytask:`T1438` (bug): DMI board/product serial can't be read + + +2019-06-12 +========== + +* :vytask:`T1397` (default): Rewrite the config merge script + + +2019-06-05 +========== + +* :vytask:`T1426` (default): Update the script that checks conntrack hash-size on reboot + + +2019-06-04 +========== + +* :vytask:`T1379` (bug): Deprecated functions in /sbin/dhclient-script + + +2019-06-03 +========== + +* :vytask:`T1423` (default): When merging remote config files, create known_hosts file if not present. + + +2019-06-01 +========== + +* :vytask:`T1422` (feature): Add a utility for querying values in config files +* :vytask:`T1309` (bug): allow duplicate ip adresses on different interfaces + + +2019-05-30 +========== + +* :vytask:`T1419` (bug): Can't delete multiple OSPF passive-interfaces in single commit + + +2019-05-28 +========== + +* :vytask:`T1410` (feature): Upgrade Linux Kernel to 4.19.46 + + +2019-05-26 +========== + +* :vytask:`T1388` (bug): OpenVPN client connections with password and certificate authentication don't work +* :vytask:`T1387` (bug): Disabling a DHCP interface with no address displays an error +* :vytask:`T1404` (feature): Update iproute2 package to 4.19 + + +2019-05-24 +========== + +* :vytask:`T1407` (bug): pppoe IPv6 PD documention by practical example + + +2019-05-23 +========== + +* :vytask:`T1402` (feature): Update Linux Kernel to 4.19.45 + + +2019-05-22 +========== + +* :vytask:`T1399` (bug): accel-ppp kernel modules missing in rolling build 20190522 +* :vytask:`T1393` (bug): pppoe IPv6 pool doesn't work + + +2019-05-21 +========== + +* :vytask:`T592` (bug): lldpcli: unknown command from argument 1: `#` + + +2019-05-20 +========== + +* :vytask:`T1384` (bug): vxlan remote-port + + +2019-05-16 +========== + +* :vytask:`T1267` (feature): FRR: Add interface name for static routes +* :vytask:`T1148` (bug): epa2 BGP peers initiate before config is fully loaded, routes leak. + + +2019-05-13 +========== + +* :vytask:`T1378` (feature): Embed Git commit ID of vyos-build repo in resulting image + + +2019-05-12 +========== + +* :vytask:`T1370` (bug): Webproxy with ldap authentication don't start + + +2019-05-09 +========== + +* :vytask:`T1367` (bug): VIF deletion fails inconsistently + + +2019-05-06 +========== + +* :vytask:`T1368` (feature): Enable MPLS support in Linux Kernel + + +2019-05-05 +========== + +* :vytask:`T1366` (feature): Update Linux Kernel to v4.19.40 + + +2019-05-04 +========== + +* :vytask:`T1365` (bug): Cannot configure syslog on 1.2.0-rolling+201904260337 + + +2019-04-29 +========== + +* :vytask:`T1359` (bug): Changing VLAN interface address from DHCP to static is not handeled in vyatta-address script +* :vytask:`T1352` (feature): vyos-documentaion: accel-pppoe adding CIDR based IP pool option + + +2019-04-26 +========== + +* :vytask:`T1357` (feature): Wrong exit code produced by dhcp-server migration script + + +2019-04-25 +========== + +* :vytask:`T1355` (bug): rsyslog stopped after reboot or clean start + + +2019-04-23 +========== + +* :vytask:`T1242` (bug): Error when setting 'pppoe 0 ipv6 address autoconf' +* :vytask:`T1345` (feature): Specify RADIUS source IP for system login command +* :vytask:`T41` (feature): Feature Request: Include bgpq3 for BGP policy creation + + +2019-04-21 +========== + +* :vytask:`T314` (default): Unable to apply MSS Clamp with VyOS configuration +* :vytask:`T1348` (feature): Upgrade WireGuard to 0.0.20190406-1 +* :vytask:`T1347` (feature): Upgrade Linux Kernel to 4.19.36 +* :vytask:`T1343` (default): do not remove trailing zeroes from subnets in DHCP static route config +* :vytask:`T1332` (bug): Upgrade ethtool from 3.16 to 4.19 + + +2019-04-20 +========== + +* :vytask:`T1335` (default): Configuration migration issue from 1.1.8 to latest 1.2.0 regarding DHCP `authoritative enable` statement +* :vytask:`T1336` (default): `system domain-name` statement doesn't allow domain names ending in a dot on latest 1.2.0 +* :vytask:`T1344` (feature): Unclutter "system login radius" configuration nodes +* :vytask:`T1245` (default): Cannot Clamp MSS on Transient Bridge Interfaces - Turn On br_netfilter +* :vytask:`T1310` (feature): Replace system prompt with FQDN + + +2019-04-19 +========== + +* :vytask:`T1325` (default): GRE tunnel to Cisco router fails in 1.2.0 - works in 1.1.8 + + +2019-04-17 +========== + +* :vytask:`T14` (enhancment): Provide VMware OVF and OVA + + +2019-04-16 +========== + +* :vytask:`T1274` (feature): Update QLogic firmware files +* :vytask:`T1184` (feature): wireguard - extend documentation with the show interface wireguard commands + + +2019-04-15 +========== + +* :vytask:`T1260` (feature): VICI-based implementation of "run show vpn ipsec sa" +* :vytask:`T1273` (default): Add script profiling functionality to the config backend +* :vytask:`T1248` (default): Add a function for copying nodes to the vyos.configtree library + + +2019-04-10 +========== + +* :vytask:`T1329` (default): support installation on SD cards fix + + +2019-04-07 +========== + +* :vytask:`T1296` (default): Image install can't install to SD cards (mmcblk...) + + +2019-04-05 +========== + +* :vytask:`T1324` (feature): update documtation for 'set system login user level' +* :vytask:`T1322` (bug): Wrong configuration generated for DHCPv6 Relay + + +2019-04-04 +========== + +* :vytask:`T1323` (feature): migrate operator accounts to admin accounts and remove the option to setup an operator account + + +2019-03-26 +========== + +* :vytask:`T1312` (feature): Allow many to many NAT rules with networks of different size +* :vytask:`T1305` (bug): libvyosconfig parser doesn't work when config lacks a version comment and ends at a leaf node + + +2019-03-22 +========== + +* :vytask:`T1308` (bug): Use of '<' in PPPoE password fails +* :vytask:`T1279` (bug): ACPI power event don't work + + +2019-03-20 +========== + +* :vytask:`T1282` (feature): Configure VyOS to send syslog messages to remote syslog using fully-qualified domain name +* :vytask:`T1004` (feature): ISO + System Boot with Serial Console for APU2 and Embedded Devices +* :vytask:`T405` (feature): Add binaries for lcdproc + + +2019-03-17 +========== + +* :vytask:`T1218` (bug): Static routes not being applied in 1.2 Release +* :vytask:`T1067` (feature): VXLAN support improvements +* :vytask:`T1285` (bug): Kernel issues with 1.2.0 & 1.2.0-rolling+201903060337 causing lockup +* :vytask:`T1252` (feature): Extend vyos-ci Kernel Pipeline to build Intel native drivers +* :vytask:`T1240` (feature): Wireguard module update to 0.0.20190123 +* :vytask:`T484` (bug): Rules can't be deleted from firewall rule sets used in zone policies +* :vytask:`T986` (feature): Please update the i40e driver + + +2019-03-16 +========== + +* :vytask:`T1272` (bug): VRRP is using physical rather than virtual MAC in RFC-compliant mode + + +2019-03-12 +========== + +* :vytask:`T1284` (feature): accel-ppp: pptp implementation documention +* :vytask:`T833` (feature): accel-ppp: pptp implementation + + +2019-03-08 +========== + +* :vytask:`T1277` (bug): Source build of VyOS 1.2.0 (crux) FileNotFound exception in show_dhcp.py + + +2019-03-02 +========== + +* :vytask:`T929` (bug): Replace Debian firmware packages with upstream Kernel + + +2019-02-25 +========== + +* :vytask:`T1261` (default): TFTP-Server only listen on 127.0.0.1 +* :vytask:`T1211` (default): Blank hostnames from dhcpd are able to bring down DNS +* :vytask:`T1247` (bug): WAN load-balancing fail when !<x.x.x.x/x> configured in rules +* :vytask:`T1234` (bug): DHCP relay relay-agents-packets is dysfunctional + + +2019-02-22 +========== + +* :vytask:`T1257` (bug): implement 'set system static-host-mapping' in host_name.py and remove old function calls + + +2019-02-21 +========== + +* :vytask:`T1214` (bug): Add `ipaddrcheck` to the packages directory +* :vytask:`T1255` (bug): /usr/libexec/vyos/conf_mode/host_name.py needs to add an additional newline char + + +2019-02-19 +========== + +* :vytask:`T1051` (default): Update openvpn to support TLS 1.2 + + +2019-02-16 +========== + +* :vytask:`T1174` (bug): "system domain-name" is not reflected in /etc/resolv.conf + + +2019-02-10 +========== + +* :vytask:`T1154` (default): use of local cache to build iso + + +2019-02-09 +========== + +* :vytask:`T1239` (feature): make module build for vyos-accel-ppp dynamic +* :vytask:`T1236` (feature): Update Linux Kernel to 4.19.20 +* :vytask:`T1238` (bug): Wireguard allows invalid IP's +* :vytask:`T1010` (bug): improper pid file handling of webgui + + +2019-02-08 +========== + +* :vytask:`T173` (bug): Static routes ignored with DHCP received gateway + + +2019-02-05 +========== + +* :vytask:`T1231` (feature): Remove “service dns dynamic“ cache file on node change/delete + + +2019-01-29 +========== + +* :vytask:`T166` (bug): NPTv6 is broken + + +2018-12-07 +========== + +* :vytask:`T1060` (default): Add an option to exclude addresses from transparent wev proxying + + +2018-04-03 +========== + +* :vytask:`T477` (bug): Strongswan issue #1220 (packet loss on AWS) diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst new file mode 100644 index 00000000..618664f8 --- /dev/null +++ b/docs/changelog/1.4.rst @@ -0,0 +1,240 @@ +########### +1.4 Sagitta +########### + +.. + Please don't add anything by hand. + This file is managed by the script: + _ext/releasenotes.py + + +2021-02-28 +========== + +* :vytask:`T3370` (bug): dhcp: Invalid domain name "private" +* :vytask:`T3369` (feature): VXLAN: add IPv6 underlay support +* :vytask:`T3363` (bug): VyOS-Build interactive prompt when using Podman +* :vytask:`T3320` (bug): Bgp neighbor peer-group without peer-group fail + + +2021-02-27 +========== + +* :vytask:`T3365` (bug): Bgp neighbor interface ordering for remote-as +* :vytask:`T3225` (bug): Adding a BGP neighbor with an address on a local interface throws a vyos.frr.CommitError: Configuration FRR failed while committing code: '' +* :vytask:`T3211` (feature): ability to redistribute ISIS into other routing protocols +* :vytask:`T3368` (feature): macsec: add support for gcm-aes-256 cipher +* :vytask:`T3173` (feature): Need 'nopmtudisc' option for tunnel interface + + +2021-02-26 +========== + +* :vytask:`T3324` (bug): Bgp space in the password +* :vytask:`T3357` (default): HTTP-API redirect from http correct https port +* :vytask:`T3323` (bug): Bgp ttl-security and ebgp-multihop fail + + +2021-02-24 +========== + +* :vytask:`T3303` (feature): Change welcome message on boot + + +2021-02-22 +========== + +* :vytask:`T3322` (bug): Bgp neighbor timers not applyed to FRR config +* :vytask:`T3327` (bug): OSPFv3: Cannot add dummy interface + + +2021-02-21 +========== + +* :vytask:`T3331` (bug): Bgp unsuppress-map should be as "value leafNode" +* :vytask:`T3330` (bug): Bgp capability orf prefix-list fail +* :vytask:`T3163` (feature): ethernet ring-buffer can be set with an invalid value + + +2021-02-19 +========== + +* :vytask:`T3326` (bug): OSPFv3: Cannot add L2TPv3 interface +* :vytask:`T3332` (bug): BGP unnumbered - UnboundLocalError: local variable 'peer_group' referenced before assignment + + +2021-02-18 +========== + +* :vytask:`T3259` (default): many dnat rules makes the vyos http api crash, even showConfig op timeouts + + +2021-02-17 +========== + +* :vytask:`T3312` (feature): SolarFlare NICs support + + +2021-02-16 +========== + +* :vytask:`T3313` (bug): ospfv3 interface missing options +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.101 / 5.10.19 + + +2021-02-15 +========== + +* :vytask:`T3311` (bug): BGP Error: Remote AS must be set for neighbor or peer-group + + +2021-02-14 +========== + +* :vytask:`T2848` (feature): bgp-add-path configuration options +* :vytask:`T1875` (feature): Add the ability to use network address as BGP neighbor (bgp listen range) + + +2021-02-12 +========== + +* :vytask:`T3301` (bug): Wrong format and valueHelp for policy as-path-list regex + + +2021-02-11 +========== + +* :vytask:`T3281` (default): Rewrite protocol RIPng [conf-mode] to new XML/Python style +* :vytask:`T3282` (default): Add XML for [conf-mode] RIPng +* :vytask:`T3279` (default): Rewrite protocol STATIC [op-mode] to new XML/Python style +* :vytask:`T3297` (bug): Optimize irrelevant error stack hints + + +2021-02-08 +========== + +* :vytask:`T3295` (feature): Update Linux Kernel to v5.4.96 / 5.10.14 + + +2021-02-05 +========== + +* :vytask:`T3030` (feature): Support ERSPAN Tunnel Protocol + + +2021-02-04 +========== + +* :vytask:`T3283` (feature): Support for IPv4 neigh tables +* :vytask:`T3280` (default): Add XML for [conf-mode] STATIC + + +2021-02-03 +========== + +* :vytask:`T3278` (feature): Add XML for "protocols vrf" [conf-mode] +* :vytask:`T3239` (default): XML: override 'defaultValue' for mtu of certain interfaces; remove workarounds +* :vytask:`T2910` (feature): XML: generator should support override of variables + + +2021-02-02 +========== + +* :vytask:`T3018` (bug): Unclear behaviour when configuring vif and vif-s interfaces +* :vytask:`T3255` (default): Rewrite protocol RPKI to new XML/Python style +* :vytask:`T3263` (feature): OSPF Hello subsecond timer + + +2021-01-31 +========== + +* :vytask:`T3276` (feature): Update Linux Kernel to v5.4.94 / 5.10.12 + + +2021-01-30 +========== + +* :vytask:`T3240` (feature): Support per-interface DHCPv6 DUIDs +* :vytask:`T3273` (default): PPPoE static default-routes deleted on interface down when not added by interface up + + +2021-01-29 +========== + +* :vytask:`T3261` (bug): Does not possible to disable pppoe client interface. +* :vytask:`T3272` (default): OSPF: interface config is not removed + + +2021-01-27 +========== + +* :vytask:`T3257` (feature): tcpdump supporting complete protocol +* :vytask:`T3244` (default): Rewrite protocol OSPFv3 to new XML/Python style + + +2021-01-26 +========== + +* :vytask:`T3251` (bug): PPPoE client trying to authorize with the wrong username +* :vytask:`T3256` (default): Add XML for protocol RPKI [conf-mode] + + +2021-01-25 +========== + +* :vytask:`T3249` (feature): Support operation mode forwarding table output + + +2021-01-24 +========== + +* :vytask:`T3227` (bug): Latest releases don't work with RPKI (crash) +* :vytask:`T3230` (bug): RPKI can't be deleted +* :vytask:`T3221` (bug): FRR config +* :vytask:`T3245` (default): Add XML for protocol ospfv3 [conf-mode] + + +2021-01-23 +========== + +* :vytask:`T3236` (default): Add XML for [conf-mode] OSPF + + +2021-01-17 +========== + +* :vytask:`T3222` (bug): BGP dampening description +* :vytask:`T3226` (bug): Repair bridge smoke test damage + + +2021-01-16 +========== + +* :vytask:`T3215` (bug): show ipv6 route Broken on 1.4 Rolling +* :vytask:`T3157` (bug): salt-minion fails to start due to permission error accessing /root/.salt/minion.log +* :vytask:`T3137` (feature): Let VLAN aware bridge approach the behavior of professional equipment + + +2021-01-15 +========== + +* :vytask:`T3210` (feature): ISIS three-way-handshake +* :vytask:`T3184` (feature): Add correct desctiptions for BGP neighbors + + +2021-01-14 +========== + +* :vytask:`T3213` (bug): show interface command python error + + +2021-01-12 +========== + +* :vytask:`T3205` (bug): Does not possible to configure tunnel mode gre-bridge + + +2020-12-20 +========== + +* :vytask:`T3132` (feature): Enable egress flow accounting diff --git a/docs/changelog/index.rst b/docs/changelog/index.rst index ae964145..c5af65ef 100644 --- a/docs/changelog/index.rst +++ b/docs/changelog/index.rst @@ -10,6 +10,8 @@ Changelog :maxdepth: 1 :includehidden: + 1.4 + 1.3 1.2.6 1.2.5 1.2.4 diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 04800b91..909d77e8 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -127,7 +127,7 @@ Some firewall settings are global and have a affect on the whole system. .. cfgcmd:: set firewall state-policy established log enable - Set the global setting for a astablished connections. + Set the global setting for a established connections. .. cfgcmd:: set firewall state-policy invalid action [accept | drop | reject] diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst index a223c283..c3965aa2 100644 --- a/docs/configuration/highavailability/index.rst +++ b/docs/configuration/highavailability/index.rst @@ -189,3 +189,5 @@ and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master: set high-availability vrrp group Foo transition-script backup "/config/scripts/vrrp-fail.sh Foo" set high-availability vrrp group Foo transition-script fault "/config/scripts/vrrp-fail.sh Foo" set high-availability vrrp group Foo transition-script master "/config/scripts/vrrp-master.sh Foo" + +To know more about scripting, check the :ref:`command-scripting` section. diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index 2bf643aa..9a20c425 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -27,14 +27,11 @@ Common interface configuration MACsec options ============== -.. cfgcmd:: set interfaces macsec <interface> security cipher [gcm-aes-128] +.. cfgcmd:: set interfaces macsec <interface> security cipher <gcm-aes-128|gcm-aes-256> Select cipher suite used for cryptographic operations. This setting is mandatory. - .. note:: gcm-aes-256 support planned once iproute2 package is updated to - version >=5.2. - .. cfgcmd:: set interfaces macsec <interface> security encrypt MACsec only provides authentication by default, encryption is optional. This diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index d2d63ce2..36b1d70b 100644 --- a/docs/configuration/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -32,8 +32,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 203.0.113.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 203.0.113.20 set interfaces tunnel tun0 address 192.168.100.200/24 IP6IP6 @@ -50,8 +50,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ip6ip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 2001:db8:bb::1/64 IPIP6 @@ -67,8 +67,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 192.168.70.80/24 6in4 (SIT) @@ -89,8 +89,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation sit - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 2001:db8:bb::1/64 A full example of a Tunnelbroker.net config can be found at @@ -112,8 +112,8 @@ over either IPv4 (gre) or IPv6 (ip6gre). Configuration ^^^^^^^^^^^^^ -A basic configuration requires a tunnel source (local-ip), a tunnel destination -(remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a +A basic configuration requires a tunnel source (source-address), a tunnel destination +(remote), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router @@ -125,8 +125,8 @@ defaults to gre ip otherwise it would have to be configured as well. set interfaces tunnel tun100 address '10.0.0.1/30' set interfaces tunnel tun100 encapsulation 'gre' - set interfaces tunnel tun100 local-ip '198.51.100.2' - set interfaces tunnel tun100 remote-ip '203.0.113.10' + set interfaces tunnel tun100 source-address '198.51.100.2' + set interfaces tunnel tun100 remote '203.0.113.10' **Cisco IOS Router:** @@ -147,8 +147,8 @@ and a Linux host using systemd-networkd. set interfaces tunnel tun101 address '2001:db8:feed:beef::1/126' set interfaces tunnel tun101 address '192.168.5.1/30' set interfaces tunnel tun101 encapsulation 'ip6gre' - set interfaces tunnel tun101 local-ip '2001:db8:babe:face::3afe:3' - set interfaces tunnel tun101 remote-ip '2001:db8:9bb:3ce::5' + set interfaces tunnel tun101 source-address '2001:db8:babe:face::3afe:3' + set interfaces tunnel tun101 remote '2001:db8:9bb:3ce::5' **Linux systemd-networkd:** @@ -189,15 +189,15 @@ An example: .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 10.40.50.60/24 set interfaces tunnel tun0 parameters ip key 10 - + .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 172.16.17.18/24 set interfaces tunnel tun0 parameters ip key 20 @@ -211,7 +211,7 @@ to make sure the configuration performs as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall configurations that are discarding IP protocol 47 or blocking your source/desintation traffic. -**1. Confirm IP connectivity between tunnel local-ip and remote-ip:** +**1. Confirm IP connectivity between tunnel source-address and remote:** .. code-block:: none diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 6b6605a6..bd5a75e1 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -530,8 +530,8 @@ Redistribution Configuration General Configuration --------------------- -Common parametrs -^^^^^^^^^^^^^^^^ +Common parameters +^^^^^^^^^^^^^^^^^ .. cfgcmd:: set protocols bgp <asn> parameters router-id <id> @@ -585,7 +585,17 @@ Common parametrs This command goes hand in hand with the listen range command to limit the amount of BGP neighbors that are allowed to connect to the local router. The limit range is 1 to 5000. - + +.. cfgcmd:: set protocols bgp <asn> parameters ebgp-requires-policy + + This command changes the eBGP behavior of FRR. By default FRR enables + :rfc:`8212` functionality which affects how eBGP routes are advertised, + namely no routes are advertised across eBGP sessions without some + sort of egress route-map/policy in place. In VyOS however we have this + RFC functionality disabled by default so that we can preserve backwards + compatibility with older versions of VyOS. With this option one can + enable :rfc:`8212` functionality to operate. + Administrative Distance ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index b9c691da..1f1e2aa9 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -4,178 +4,88 @@ HTTP-API ######## -Enabling HTTP-API ------------------ +VyOS provide a HTTP API. You can use it to execute op-mode commands, +update VyOS, set or delete config. -VyOS HTTP API can be enabled through the ``set service https api`` command. - -.. code-block:: none - - set service https api debug - set service https api keys id MY-HTTP-API-ID key MY-HTTP-API-PLAINTEXT-KEY - -The local API process listens on localhost:8080, and nginx exposes it on all -virtual servers, by default. For the purpose of illustration below, we will -assume nginx is running at https://192.168.122.127. - -One can limit proxying to specific listen addresses/ports/server-names by -defining a ``service https virtual-host <id>``, and setting ``service https -api-restrict virtual-host <id>``. - -.. code-block:: none - - set service https virtual-host example listen-address 192.168.122.127 - set service https virtual-host example listen-port 44302 - set service https virtual-host example server-name example.net - - set service https api-restrict virtual-host example - -In this example, nginx will proxy only those requests to -192.168.122.127:44302 or example.net:44302 (assuming the DNS record is -viable). Omitting any of listen-address, listen-port, or server-name, will -leave appropriate defaults in the nginx directive. Multiple instances of -``service https api-restrict virtual-host`` may be set. - -Configuration mode requests ---------------------------- - -In our example, we are creating a dummy interface and assigning an address to -it: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "set", "path": ["interfaces", "dummy", "dum1", "address"], "value": "203.0.113.76/32"}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/configure - -The ``/configure`` endpoint takes a request serialized in JSON. The only HTTP -method it uses is POST. Request data is passed in the ``data=`` field and the -API key is passed in the ``key=`` field. Key identifiers from the config are -purely informational and the application doesn't need to know them, they only -appear in the server logs to avoid exposing keys in log files, you only need -the key itself. - -Since internally there is no distinction between a path and a value, you can -omit the value field and include the value in the path like it's done in the -shell commands: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "set", "path": ["interfaces", "dummy", "dum10", "address", "203.0.113.99/32"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/configure - -Separate value field make the semantics more clear though, and also makes it -easier to create a command template once and update it with different values -as needed. - -You can pass the ``set``, ``delete`` or ``comment`` command to it. -The API will push the command to the session and commit. - -To retrieve a value: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "returnValue", "path": ["interfaces", "dummy", "dum1", "address"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/retrieve - -Use ``returnValues`` for multi-valued nodes. +Please take a look at the :ref:`vyosapi` page for an detailed how-to. +************* +Configuration +************* -Show config -""""""""""" +.. cfgcmd:: set service https api keys id <name> key <apikey> -To retrieve the full config under a path: + Set an named api key, every key have the same, full permissions + on the system. -.. code-block:: none - - # curl -k -X POST -F data='{"op": "showConfig", "path": ["interfaces", "dummy"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/retrieve +.. cfgcmd:: set service https api debug -It will return: - -.. code-block:: none + To enable debug messages. Available via :opcmd:`show log` or + :opcmd:`monitor log` - {"success": true, "data": {"dummy": {"dum1": {"address": "203.0.113.76/32"}}}, "error": null} - -Passing an empty path will return the full config: - -.. code-block:: none +.. cfgcmd:: set service https api port - # curl -k -X POST -F data='{"op": "showConfig", "path": []}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/retrieve + Set the listen port of the local API, this have non effect of the + webserver. The default is port 8080 +.. cfgcmd:: set service https api strict -Configuration management requests ---------------------------------- + Enforce strict path checking -When saving or loading a configuration, the endpoint is ``/config-file`` and -you can pass the ``save`` or ``load`` command. +.. cfgcmd:: set service https virtual-host <vhost> listen-address -If you don't specify the file when saving, it saves to ``/config/config.boot``. -Here's an example: + Address to listen for HTTPS requests -.. code-block:: none +.. cfgcmd:: set service https virtual-host <vhost> listen-port <1-65535> - # curl -k -X POST -F key=MY-HTTP-API-PLAINTEXT-KEY -Fdata='{"op": "save", "file": "/config/config.boot"}' https://192.168.122.127/config-file + Port to listen for HTTPS requests; default 443 -Image management requests -------------------------- +.. cfgcmd:: set service https virtual-host <vhost> server-name <text> -One may ``add`` or ``delete`` a system image using the endpoint ``/image``. -Here are the respective examples: + Server names for virtual hosts it ca be exact, wildcard or regex. -``add`` from ``url``. Here we use the URL of the latest rolling release: +.. cfgcmd:: set service https api-restrict virtual-host <vhost> -.. code-block:: none + Nginx exposes the local API on all virtual servers, by default + Use this to restrict nginx to one or more virtual hosts. - # curl -k -X POST -F data='{"op": "add", "url": "https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso"}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/image +.. cfgcmd:: set service https certificates certbot domain-name <text> -``delete`` by image ``name``. For example: + Domain name(s) for which to obtain certificate -.. code-block:: none +.. cfgcmd:: set service https certificates certbot email - # curl -k -X POST -F data='{"op": "delete", "name": "1.3-rolling-202006070117"}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/image + Email address to associate with certificate -To list the available system images by name, one may use the operational mode -request ``show`` discussed in the next section; in this setting it would be: +.. cfgcmd:: set service https certificates system-generated-certificate -.. code-block:: none + Use an automatically generated self-signed certificate - # curl -k -X POST -F data='{"op": "show", "path": ["system", "image"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/show +.. cfgcmd:: set service https certificates system-generated-certificate + lifetime <days> -Operational mode requests -------------------------- + Lifetime in days; default is 365 -It is possible to run ``show`` and ``generate`` commands: +********************* +Example Configuration +********************* -Request: +Set an API-KEY is the minimal configuration to get a working API Endpoint. .. code-block:: none - curl -k -X POST -F data='{"op": "generate", "path": ["wireguard", "default-keypair"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/generate - -Response: - -.. code-block:: none + set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY - {"success": true, "data": "", "error": null} -Request: +To use this full configuration we asume a publice accessable hostname. .. code-block:: none - curl -k -X POST -F data='{"op": "show", "path": ["wireguard", "keypairs", "pubkey", "default"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/show - -Response: - -.. code-block:: none - - {"success": true, "data": "<some pubkey>=\n", "error": null} - -Request: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "show", "path": ["ip", "route"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/show - -Response: - -.. code-block:: none - - {"success": true, "data": "Codes: K - kernel route, C - connected, S - static, R - RIP,\n O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,\n T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,\n F - PBR, f - OpenFabric,\n > - selected route, * - FIB route, q - queued route, r - rejected route\n\nS>* 0.0.0.0/0 [210/0] via 192.168.100.1, eth0, 01:41:05\nC>* 192.168.0.0/24 is directly connected, eth1, 01:41:09\nC>* 192.168.100.0/24 is directly connected, eth0, 01:41:05\nC>* 203.0.113.76/32 is directly connected, dum1, 01:38:40\n", "error": null} - + set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY + set service https certificates certbot domain-name rtr01.example.com + set service https certificates certbot email mail@example.com + set service https virtual-host rtr01 listen-address 198.51.100.2 + set service https virtual-host rtr01 listen-port 11443 + set service https virtual-host rtr01 server-name rtr01.example.com + set service https api-restrict virtual-host rtr01.example.com
\ No newline at end of file diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst index fb194239..96660e91 100644 --- a/docs/configuration/service/index.rst +++ b/docs/configuration/service/index.rst @@ -19,6 +19,7 @@ Service mdns pppoe-server router-advert + salt-minion snmp ssh tftp-server diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 7858ff19..eea9517d 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -72,11 +72,11 @@ IPv6 DNS addresses are optional. set service ipoe-server authentication interface eth3 mac-address 08:00:27:2F:D8:06 set service ipoe-server authentication mode 'local' - set service ipoe-server client-ipv6-pool delegate-prefix '2001:db8:1::/48,56' - set service ipoe-server client-ipv6-pool prefix '2001:db8::/48,64' - set service ipoe-server dnsv6-server server-1 '2001:db8::' - set service ipoe-server dnsv6-server server-2 '2001:db8:aaa::' - set service ipoe-server dnsv6-server server-3 '2001:db8:bbb::' + set service ipoe-server client-ipv6-pool delegate '2001:db8:1::/48' delegation-prefix '56' + set service ipoe-server client-ipv6-pool prefix '2001:db8::/48' mask '64' + set service ipoe-server name-server '2001:db8::' + set service ipoe-server name-server '2001:db8:aaa::' + set service ipoe-server name-server '2001:db8:bbb::' set service ipoe-server interface eth3 client-subnet '192.168.1.0/24' .. code-block:: none @@ -116,7 +116,7 @@ example configuration can be used. .. code-block:: none set service ipoe-server authentication mode 'radius' - set service ipoe-server authentication radius-server 10.100.100.1 secret 'password' + set service ipoe-server authentication radius server 10.100.100.1 key 'password' Bandwidth Shaping ================= @@ -134,8 +134,8 @@ The rate-limit is set in kbit/sec. set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit download '500' set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit upload '500' set service ipoe-server authentication mode 'local' - set service ipoe-server dns-server server-1 '10.10.1.1' - set service ipoe-server dns-server server-2 '10.10.1.2' + set service ipoe-server name-server '10.10.1.1' + set service ipoe-server name-server '10.10.1.2' set service ipoe-server interface eth2 client-subnet '192.168.0.0/24' .. code-block:: none diff --git a/docs/configuration/service/salt-minion.disable b/docs/configuration/service/salt-minion.disable deleted file mode 100644 index 63df57a4..00000000 --- a/docs/configuration/service/salt-minion.disable +++ /dev/null @@ -1,2 +0,0 @@ -salt-minion -###########
\ No newline at end of file diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst new file mode 100644 index 00000000..aa747c36 --- /dev/null +++ b/docs/configuration/service/salt-minion.rst @@ -0,0 +1,53 @@ +.. _saltminion: + +########### +Salt-Minion +########### + +SaltStack_ is Python-based, open-source +software for event-driven IT automation, remote task execution, and +configuration management. Supporting the "infrastructure as code" +approach to data center system and network deployment and management, +configuration automation, SecOps orchestration, vulnerability remediation, +and hybrid cloud control. + + +************ +Requirements +************ + +To use the Salt-Minion, a running Salt-Master is required. You can find more +in the `Salt Poject Documentaion +<https://docs.saltproject.io/en/latest/contents.html>`_ + +************* +Configuration +************* + +.. cfgcmd:: set service salt-minion hash <type> + + The hash type used when discovering file on master server (default: sha256) + +.. cfgcmd:: set service salt-minion id <id> + + Explicitly declare ID for this minion to use (default: hostname) + +.. cfgcmd:: set service salt-minion interval <1-1440> + + Interval in minutes between updates (default: 60) + +.. cfgcmd:: set service salt-minion master <hostname | IP> + + The hostname or IP address of the master + +.. cfgcmd:: set service salt-minion master-key <key> + + URL with signature of master for auth reply verification + + +Please take a look in the Automation section to find some usefull +Examples. + + + +.. _SaltStack: https://saltproject.io/
\ No newline at end of file diff --git a/docs/configuration/service/snmp.rst b/docs/configuration/service/snmp.rst index e962c1c5..4a5a2780 100644 --- a/docs/configuration/service/snmp.rst +++ b/docs/configuration/service/snmp.rst @@ -201,7 +201,8 @@ VyOS MIBs All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/mibs/`` -you are be able to download the files with the a activate ssh service like this +You are be able to download the files using SCP, once the SSH service +has been activated like so .. code-block:: none @@ -270,4 +271,4 @@ following content: .. _SNMPv2: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_2 .. _SNMPv3: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3 -.. start_vyoslinter
\ No newline at end of file +.. start_vyoslinter diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index 94249766..6b09d40d 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -127,8 +127,8 @@ Operation .. opcmd:: generate ssh client-key /path/to/private_key - Re-generated a known pub/private keyfile which can e.g. used to connect to - other services (RPKI cache). + Re-generated a known pub/private keyfile which can be used to connect to + other services (e.g. RPKI cache). Example: @@ -153,5 +153,6 @@ Operation | =.. o=.oo| +----[SHA256]-----+ - Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` + Two new files ``/config/auth/id_rsa_rpki`` and + ``/config/auth/id_rsa_rpki.pub`` will be created. diff --git a/docs/configuration/service/tftp-server.rst b/docs/configuration/service/tftp-server.rst index 276ce5fb..d220d789 100644 --- a/docs/configuration/service/tftp-server.rst +++ b/docs/configuration/service/tftp-server.rst @@ -32,15 +32,15 @@ on each IP address. .. cfgcmd:: set service tftp-server allow-upload -Optional, if you want to enable uploads, else TFTP server will act as read-only -server. +Optional, if you want to enable uploads, else TFTP server will act as a +read-only server. Example ------- Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via -TFTP to this server is not allowed! +TFTP to this server is disabled. The resulting configuration will look like: diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index e029ec96..a4e08245 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -28,8 +28,8 @@ HTTP client .. cfgcmd:: set system option http-client source-address <address> - Several commands utilize curl to initiate transfers. Configure the local - source IPv4/IPv6 address used for all CURL operations. + Several commands utilize cURL to initiate transfers. Configure the local + source IPv4/IPv6 address used for all cURL operations. .. cfgcmd:: set system option http-client source-interface <interface> @@ -54,7 +54,7 @@ the used keyboard layout on the system console. Defaults to ``us``. .. note:: Changing the keymap only has an effect on the system console, using - SSH oder Serial remote access to the device is not affected as the keyboard + SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system. .. _system_options_performance: diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index d331ce2c..0df5080c 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -72,8 +72,8 @@ parameter to the client. .. code-block:: none - set vpn l2tp remote-access dns-servers server-1 '198.51.100.8' - set vpn l2tp remote-access dns-servers server-2 '198.51.100.4' + set vpn l2tp remote-access name-server '198.51.100.8' + set vpn l2tp remote-access name-server '198.51.100.4' Established sessions can be viewed using the **show vpn remote-access** operational command, or **show l2tp-server sessions** diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index cb97e418..453edd30 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -257,6 +257,88 @@ The full and current list can be generated with ``./configure --help``: --custom-package CUSTOM_PACKAGE Custom package to install from repositories +.. _iso_build_issues: + +ISO Build Issues +---------------- + +There are (rare) situations where building an ISO image is not possible at all +due to a broken package feed in the background. APT is not very good at +reporting the root cause of the issue. Your ISO build will likely fail with a +more or less similar looking error message: + +.. code-block:: none + + The following packages have unmet dependencies: + vyos-1x : Depends: accel-ppp but it is not installable + E: Unable to correct problems, you have held broken packages. + P: Begin unmounting filesystems... + P: Saving caches... + Reading package lists... + Building dependency tree... + Reading state information... + Del frr-pythontools 7.5-20210215-00-g8a5d3b7cd-0 [38.9 kB] + Del accel-ppp 1.12.0-95-g59f8e1b [475 kB] + Del frr 7.5-20210215-00-g8a5d3b7cd-0 [2671 kB] + Del frr-snmp 7.5-20210215-00-g8a5d3b7cd-0 [55.1 kB] + Del frr-rpki-rtrlib 7.5-20210215-00-g8a5d3b7cd-0 [37.3 kB] + make: *** [Makefile:30: iso] Error 1 + (10:13) vyos_bld ece068908a5b:/vyos [current] # + +To debug the build process and gain additional information of what could be the +root cause wou need to `chroot` into the build directry. This is explained in +the following step by step procedure: + +.. code-block:: none + + vyos_bld ece068908a5b:/vyos [current] # sudo chroot build/chroot /bin/bash + +We now need to mount some required, volatile filesystems + +.. code-block:: none + + (live)root@ece068908a5b:/# mount -t proc none /proc + (live)root@ece068908a5b:/# mount -t sysfs none /sys + (live)root@ece068908a5b:/# mount -t devtmpfs none /dev + +We now are free to run any command we would like to use for debugging, e.g. +re-installing the failed package after updating the repository. + +.. code-block:: none + + (live)root@ece068908a5b:/# apt-get update; apt-get install vyos-1x + Get:1 file:/root/packages ./ InRelease + Ign:1 file:/root/packages ./ InRelease + Get:2 file:/root/packages ./ Release [1235 B] + Get:2 file:/root/packages ./ Release [1235 B] + Get:3 file:/root/packages ./ Release.gpg + Ign:3 file:/root/packages ./ Release.gpg + Hit:4 http://repo.powerdns.com/debian buster-rec-43 InRelease + Hit:5 http://repo.saltstack.com/py3/debian/10/amd64/archive/3002.2 buster InRelease + Hit:6 http://deb.debian.org/debian bullseye InRelease + Hit:7 http://deb.debian.org/debian buster InRelease + Hit:8 http://deb.debian.org/debian-security buster/updates InRelease + Hit:9 http://deb.debian.org/debian buster-updates InRelease + Hit:10 http://deb.debian.org/debian buster-backports InRelease + Hit:11 http://dev.packages.vyos.net/repositories/current current InRelease + Reading package lists... Done + N: Download is performed unsandboxed as root as file '/root/packages/./InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) + Reading package lists... Done + Building dependency tree + Reading state information... Done + Some packages could not be installed. This may mean that you have + requested an impossible situation or if you are using the unstable + distribution that some required packages have not yet been created + or been moved out of Incoming. + The following information may help to resolve the situation: + + The following packages have unmet dependencies: + vyos-1x : Depends: accel-ppp but it is not installable + E: Unable to correct problems, you have held broken packages. + +Now it's time to fix the package mirror and rerun the last step until the +package installation succeeds again! + .. _build_custom_packages: Linux Kernel diff --git a/docs/copyright.rst b/docs/copyright.rst index beebc2a2..2093ee80 100644 --- a/docs/copyright.rst +++ b/docs/copyright.rst @@ -2,7 +2,7 @@ Copyright Notice ################ -Copyright (C) 2018-2020 VyOS maintainers and contributors +Copyright (C) 2018-2021 VyOS maintainers and contributors Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all @@ -16,4 +16,4 @@ to this one. Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the VyOS -maintainers.
\ No newline at end of file +maintainers. diff --git a/docs/debugging.rst b/docs/debugging.rst index 6150ff60..fec73257 100644 --- a/docs/debugging.rst +++ b/docs/debugging.rst @@ -8,6 +8,12 @@ There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters. +ISO image build +=============== + +When having trouble compiling your own ISO image or debugging Jenkins issues +you can follow the steps at :ref:`iso_build_issues`. + System Startup ============== @@ -77,6 +83,15 @@ will have the same effect as ``touch /tmp/vyos.ifconfig.debug``. calling ``sudo systemctl stop vyos-configd`` or make this reboot-safe by calling ``sudo systemctl disable vyos-configd``. +FRR +--- + +Recent versions use the ``vyos.frr`` framework. The Python class is located +inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ +(print style) debugger as vyos.ifconfig does. + +To enable debugging just run: ``$ touch /tmp/vyos.frr.debug`` + Debugging Python Code with PDB ------------------------------ @@ -188,4 +203,4 @@ the execution order of the scripts. .. _bootchart.conf: https://github.com/vyos/vyos-build/blob/current/data/live-build-config/includes.chroot/etc/systemd/bootchart.conf .. include:: /_include/common-references.txt -.. start_vyoslinter
\ No newline at end of file +.. start_vyoslinter |