############ 1.3 Eqquleus ############ .. Please don't add anything by hand. This file is managed by the script: _ext/releasenotes.py 1.3.9 (future release) ====================== **Bug fixes** * :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed`` **Other resolved issues** * :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled`` 1.3.8 (25th June 2024) ====================== **Bug fixes** * :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address`` * :vytask:`T6337` ``Upgrade from 1.3.5 fails if ssh public key name has a space in it`` * :vytask:`T6359` ``Multicast does not forward after reboot`` 1.3.7 (13th May 2024) ===================== **Security** * :vytask:`T6324` ``CVE-2024-2961`` **New features and improvements** * :vytask:`T1244` ``Add support for StartupResync in conntrack-sync`` * :vytask:`T5364` ``Make it possible to set the PADO delay to 0`` * :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools`` * :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP`` * :vytask:`T6057` ``Add ability to disable syslog for conntrackd`` **Bug fixes** * :vytask:`T1751` ``DNS server addresses from DHCPv6 are not added to resolv.conf`` * :vytask:`T1976` ``deleting address-family under neighbor will disable neighbor`` * :vytask:`T2044` ``RPKI doesn't boot properly`` * :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` * :vytask:`T2279` ``Router resolves as 127.0.1.1 when using Router's Recursive DNS`` * :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` * :vytask:`T2612` ``HTTPS API, changing API key fails but goes through`` * :vytask:`T2801` ``conntrack-tools flooding logs`` * :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work`` * :vytask:`T3437` ``BGP Confederation Addition Causes Error`` * :vytask:`T3992` ``Unhandled exception when trying to add an interface with an assigned address to a bridge`` * :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service`` * :vytask:`T4453` ``dhclient fails to renew DHCP lease with VRF`` * :vytask:`T5239` ``Host name and domain name missing from the FRR configuration`` * :vytask:`T5982` ``Isolated interfaces smoketest fail`` * :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading`` * :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart`` * :vytask:`T6088` ``Configuration corrupted after saving and powercut or force reboot`` * :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` * :vytask:`T6110` ``Insufficient validation of range option with failover in DHCP server`` * :vytask:`T6124` ``Docker equuleus build image doesn't build due to fpm`` * :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure`` * :vytask:`T6150` ``Impossible to set a static IP address via RADIUS in IPoE`` * :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` * :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time`` * :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory`` **Other resolved issues** * :vytask:`T1198` ``Extra hyphen in suggested image name on upgrade`` * :vytask:`T3584` ``Migrate NTP server addresses from *.pool.ntp.org to our own`` * :vytask:`T6261` ``Typo in the operational mode connect and disconnect command output`` 1.3.6 (14th February 2024) ========================== **Security** * :vytask:`T5318` ``Security Vulnerabilities for VyOS 1.3.3`` **Configuration syntax changes (automatically migrated)** * :vytask:`T2060` ``source-validation will be configured at different locations and could lead to massive confusion`` * :vytask:`T2289` ``Denest cerbot certificate configuration from service https`` **New features and improvements** * :vytask:`T1929` ``ipset in firewall`` * :vytask:`T2060` ``source-validation will be configured at different locations and could lead to massive confusion`` * :vytask:`T2116` ``Processing configuration via Cloud-init User-Data`` * :vytask:`T2191` ``Using tallow to block sshd probes`` * :vytask:`T2289` ``Denest cerbot certificate configuration from service https`` * :vytask:`T3039` ``Resize a root partition and filesystem automatically during deployment in virtual environments`` * :vytask:`T4039` ``Rsyslog to use 'protocol23format' for protocol UDP`` * :vytask:`T4078` ``A hybrid of "network-group" and "address-group".`` * :vytask:`T5182` ``Update Intel ice driver`` * :vytask:`T5187` ``Update Realtek r8152 driver`` * :vytask:`T5275` ``Add op mode commands for exporting certificates to PEM files with correct headers`` * :vytask:`T5796` ``Openconnect - HTTPS security headers are missing`` **Bug fixes** * :vytask:`T117` ``Cannot install from ISO via serial console on ttyS1`` * :vytask:`T1925` ``DMVPN is always listed as down in "show vpn ipsec sa"`` * :vytask:`T2085` ``Building some packages with vyos-build no longer works for Equuleus/current`` * :vytask:`T2163` ``Disabled vif interface with "address dhcp" requests DHCP address`` * :vytask:`T2404` ``Cannot change MTU`` * :vytask:`T2509` ``No inotify notifications from /`` * :vytask:`T2574` ``wan-load-balance snat bug and route problem`` * :vytask:`T2793` ``compare + TAB completion does not show proper username if user contains _`` * :vytask:`T2837` ``make-version-file executed too early during build process`` * :vytask:`T3154` ``route-map CLI allows 32-bit ASNs in community options even though FRR doesn't`` * :vytask:`T3980` ``vrrp transition-script validator makes warning fatal and also causes a python NameError exception`` * :vytask:`T4062` ``VRRP IPSEC-AH : sequence number xxxxxxx already processed. Packet dropped. Local(xxxxxxx)`` * :vytask:`T4566` ``Cannot log in on serial console on Equuleus v1.3.1`` * :vytask:`T4752` ``ICMP redirects not working / not properly configured`` * :vytask:`T4760` ``VyOS does not support running multiple instances of DHCPv6 clients`` * :vytask:`T4990` ``Commit results may not be properly saved if power is cut immediately after a successful commit`` * :vytask:`T5180` ``initramfs-tools ignores firmware from updates directory`` * :vytask:`T5543` ``Fix source address handling in static joins`` * :vytask:`T5625` ``"restart vpn" does not work if ipsec-interfaces is not set`` * :vytask:`T5739` ``Password recovery does not work if public keys are configured`` * :vytask:`T5800` ``HTTPS API unavailable after delete VRF`` * :vytask:`T5852` ``Reboots fail with eapol WAN interface`` * :vytask:`T5914` ``CVE-2023-48795 - Terrapin vulnerability`` * :vytask:`T5924` ``Build cannot pass the smoketest dialup-router-medium-vpn`` * :vytask:`T5967` ``Multi-hop BFD connections can't be established; please add minimum-ttl option.`` * :vytask:`T6017` ``Update vyos-http-api-tools for security advisory`` **Other resolved issues** * :vytask:`T922` ``OSPF - Process Crash after peer reboot`` * :vytask:`T1297` ``Add GARP settings to VRRP/keepalived`` * :vytask:`T1369` ``GCP Networking Failure`` * :vytask:`T1500` ``Slow boot/load and CLI response times`` * :vytask:`T1667` ``Add a tool for automatically importing old style command definitions into XML`` * :vytask:`T1671` ``rewrite udev script logic /lib/udev/vyatta_net_name`` * :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6`` * :vytask:`T2223` ``convert operational show interfaces to python/XML`` * :vytask:`T2353` ``Interface [conf_mode] errors parent task`` * :vytask:`T2431` ``Python validators are slow`` * :vytask:`T2452` ``Serial console related issues`` * :vytask:`T2546` ``The root task for rewriting [op-mode] to XML`` * :vytask:`T2579` ``The root task for VRF features`` * :vytask:`T2655` ``ConfigError formatting issue`` * :vytask:`T2720` ``Rework vyos.template Python module to make future extension easier`` * :vytask:`T2755` ``Requirements for partial interface setup`` * :vytask:`T2799` ``VyOS Certificates Manager`` * :vytask:`T3191` ``PAM RADIUS freezing when accounting does not configured on RADIUS server`` * :vytask:`T3348` ``dhcpd: Can't create new lease file: Permission denied`` * :vytask:`T3403` ``Error on interrupting list of pppoe sessions`` * :vytask:`T3513` ``Attempting to remove firewall rule results in error`` * :vytask:`T3688` ``Fail to save configuration via scp/sftp`` * :vytask:`T3737` ``openvpn-option needs to be able to support quotes as since openvpn 2.4.`` * :vytask:`T3813` ``Some custom sysctl parameters can't be applied bug`` * :vytask:`T4222` ``Support for TWAMP as round-trip metric`` * :vytask:`T4646` ``USB serial output console does not work`` * :vytask:`T5274` ``Add a deprecation warning for OpenVPN site-to-site with pre-shared secret`` * :vytask:`T5714` ``IPSec VPN: op-mode: "show log vpn" does not show results`` * :vytask:`T5715` ``IPSec VPN: restart vpn is not working`` * :vytask:`T6014` ``Bump keepalived version`` * :vytask:`T6249` ``ISO builder fails because of changed buster-backport repository`` 1.3.5 (15th December 2023) ========================== **Configuration syntax changes (automatically migrated)** * :vytask:`T2139` ``openvpn: allow "dh-file none" to disable DH for ECDH keys`` **New features and improvements** * :vytask:`T1118` ``Obsolete "utc" option in time selector in firewall`` * :vytask:`T2014` ``Use vendor specific NTP Pool hostname`` * :vytask:`T2139` ``openvpn: allow "dh-file none" to disable DH for ECDH keys`` * :vytask:`T4269` ``node.def generator should automatically add default values`` * :vytask:`T5213` ``Accel-ppp sending accounting interim updates acct-interim-interval option`` * :vytask:`T5270` ``Make OpenVPN `tls dh-params` optional`` * :vytask:`T5271` ``Add support for peer-fingerprint to OpenVPN`` * :vytask:`T5273` ``Add op mode commands for displaying certificate details and fingerprints`` * :vytask:`T5387` ``dhcp6c: add a no release option`` * :vytask:`T5576` ``Add bgp remove-private-as all option`` * :vytask:`T5586` ``Disable by default SNMP for Keepalived VRRP`` * :vytask:`T5630` ``pppoe: allow to specify MRU in addition to already configurable MTU`` * :vytask:`T5661` ``Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection`` **Bug fixes** * :vytask:`T305` ``loadbalancing does not work with one pppoe connection and another connection of either dhcp or static`` * :vytask:`T971` ``authentication public-keys options quoting issue`` * :vytask:`T1012` ``vyos-build configure script should check /etc/issue to avoid confusion`` * :vytask:`T2051` ``Throughput anomalies`` * :vytask:`T2250` ``vyos-build "make iso" error if configure was ran outside of the docker container`` * :vytask:`T3020` ``The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location"`` * :vytask:`T3045` ``Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP)`` * :vytask:`T3940` ``DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook`` * :vytask:`T4146` ``Nginx should not listen on port 80`` * :vytask:`T4328` ``Large MTU on 1.3.1-S1`` * :vytask:`T4402` ``OpenVPN client-ip-pool option is broken`` * :vytask:`T4601` ``dhcp : relay agent IP address issue.`` * :vytask:`T4776` ``NVME storage is not detected properly during installation`` * :vytask:`T5223` ``tunnel key doesn't clear`` * :vytask:`T5235` ``SSH keys with special characters cannot be applied via Cloud-init`` * :vytask:`T5402` ``VRRP router with rfc3768-compatibility sends multiple ARP replies`` * :vytask:`T5413` ``Deny the opportunity to use one public/private key pair on both wireguard peers.`` * :vytask:`T5486` ``Service dns dynamic cannot pass the smoketest`` * :vytask:`T5669` ``VXLAN interface changing port does not work`` * :vytask:`T5670` ``bridge: missing member interface validator`` * :vytask:`T5763` ``Fix imprecise check for remote file name in vyos-load-config.py`` * :vytask:`T5777` ``frr: backport and upstream recent bgpd daemon crashes`` **Other resolved issues** * :vytask:`T1276` ``dhcp relay + VLAN fails`` * :vytask:`T2719` ``Standardized op mode script structure`` * :vytask:`T3536` ``Unable to list all available routes`` * :vytask:`T3702` ``Policy: Allow routing by fwmark`` * :vytask:`T5191` ``Replace underscores with hyphens in command-line options generated by vyos.opmode`` * :vytask:`T5268` ``OpenVPN: upgrade package to 2.6 series`` * :vytask:`T5280` ``Update Expired keys (2023-06-08) for PowerDNS`` * :vytask:`T5578` ``"ikev2-reauth" description contains outdated information`` * :vytask:`T5624` ``Remove /etc/debian_version from the image`` * :vytask:`T5632` ``Add jq package to parse JSON files`` * :vytask:`T5817` ``Show openvpn server fails in some cases`` 1.3.4 (17th October 2023) ========================= **New features and improvements** * :vytask:`T738` ``Add local-port and resolver port options for powerdns in CLI configuration tree`` * :vytask:`T2123` ``Configure 3 NTP servers`` * :vytask:`T2424` ``Ability to choose the direction of Mirroring`` * :vytask:`T3144` ``Support op-mode command to release DHCP leases`` * :vytask:`T3546` ``Add support for running scripts on PPPoE server session events`` * :vytask:`T4151` ``IPV6 local PBR Support`` * :vytask:`T4426` ``Add arpwatch to the image`` * :vytask:`T4475` ``route-map does not support ipv6 peer`` * :vytask:`T4825` ``interfaces veth/veth-pairs -standalone used`` * :vytask:`T5190` ``Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0`` * :vytask:`T5265` ``WAN load-balancing: missing completion helpers`` * :vytask:`T5315` ``vrrp: add support for version 3`` * :vytask:`T5354` ``Add sshguard to protect against brut-forces for 1.3`` **Bug fixes** * :vytask:`T2611` ``Prefix list names are shared between ipv4 and ipv6`` * :vytask:`T2908` ``VRF and bridge membership isn’t mutually exclusive`` * :vytask:`T2958` ``DHCP server doesn't work from a live CD`` * :vytask:`T3070` ``Firewall going OOM, possible related to nftables migration`` * :vytask:`T3098` ``Cannot talk to rtnetlink: Message too long Command failed -:1`` * :vytask:`T3339` ``Cloud-Init domain search setting not applied`` * :vytask:`T4113` ``Incorrect GRUB configuration parsing`` * :vytask:`T4121` ``Nameservers from DHCP client cannot be used in specific cases`` * :vytask:`T4407` ``Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3`` * :vytask:`T4412` ``commit archive: reboot not working with sftp`` * :vytask:`T4459` ``API service with VRF doesn't work in 1.3.1`` * :vytask:`T4745` ``CLI TAB issue with values with '-' at the beginning in conf mode`` * :vytask:`T4790` ``RADIUS login does not work if sum of timeouts more than 50s`` * :vytask:`T4855` ``Trying to create more than one tunnel of the same type to the same address causes unhandled exception`` * :vytask:`T4869` ``A network with `/32` or `/128` mask cannot be removed from a network-group`` * :vytask:`T4895` ``Tag nodes are overwritten when configured by Cloud-Init from User-Data`` * :vytask:`T5006` ``Http api segfault with concurrent requests`` * :vytask:`T5140` ``Firewall network-group problems`` * :vytask:`T5221` ``BGP as-override behavior differs from new FRR and other vendors`` * :vytask:`T5240` ``Service router-advert failed to start radvd with more then 3 name-servers`` * :vytask:`T5305` ``REST API configure operation should not be defined as async`` * :vytask:`T5313` ``UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned`` * :vytask:`T5329` ``Wireguard interface as GRE tunnel source causes configuration error on boot`` * :vytask:`T5428` ``dhcp: client renewal fails when running inside VRF`` * :vytask:`T5506` ``Container bridge interfaces do not have a link-local address`` * :vytask:`T5524` ``Add config directory to liveCD`` * :vytask:`T5533` ``Keepalived VRRP IPv6 group enters in FAULT state`` * :vytask:`T5545` ``sflow is not working`` * :vytask:`T5555` ``Fix timezone migrator (system 13-to-14)`` * :vytask:`T5594` ``VRRP - Error if using IPv6 Link Local as hello source address`` **Other resolved issues** * :vytask:`T469` ``Problem after commit with errors`` * :vytask:`T2296` ``Upgrade WALinux to 2.2.41`` * :vytask:`T3424` ``PPPoE IA-PD doesn't work in VRF`` * :vytask:`T3577` ``Generating vpn x509 key pair fails with command not found`` * :vytask:`T3713` ``Create a meta-package for user utilities`` * :vytask:`T4306` ``Do not check for ditry repository when building release images`` * :vytask:`T4874` ``Add Warning message to Equuleus`` * :vytask:`T4933` ``Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error`` * :vytask:`T5272` ``Upgrade OpenVPN to 2.6 in Equuleus`` * :vytask:`T5470` ``wlan: can not disable interface if SSID is not configured`` * :vytask:`T5557` ``bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802`` 1.3.3 (22th June 2023) ====================== **Security** * :vytask:`T3835` ``vyos router 1.2.7 snmp Dos bug`` * :vytask:`T4970` ``pin OCaml pcre package to avoid JIT support`` **Configuration syntax changes (automatically migrated)** * :vytask:`T4628` ``ConfigTree() throws ValueError() if tagNode contains whitespaces`` **New features and improvements** * :vytask:`T1024` ``Policy Based Routing by DSCP`` * :vytask:`T1928` ``Is the 'Welcome to VyOS' message when using SSH an information leak?`` * :vytask:`T1993` ``Extended pppoe rate-limiter`` * :vytask:`T2603` ``pppoe-server: reduce min MTU`` * :vytask:`T2640` ``Running VyOS inside Docker containers`` * :vytask:`T2769` ``Add VRF support for syslog`` * :vytask:`T3937` ``Rewrite "show system memory" in Python to make it usable as a library function`` * :vytask:`T4219` ``support incoming-interface (iif) in local PBR`` * :vytask:`T4575` ``vyos.utill add new wrapper "rc_cmd" to get the return code and output`` * :vytask:`T4683` ``Add kitty-terminfo package to build`` * :vytask:`T4727` ``Add RADIUS rate limit support to PPTP server`` * :vytask:`T4743` ``Enable IPv6 address for Dynamic DNS`` * :vytask:`T4785` ``snmp: Allow !, @, * and # in community name`` * :vytask:`T4812` ``IPsec ability to show all configured connections`` * :vytask:`T4898` ``Add mtu config option for dummy interfaces`` * :vytask:`T4922` ``Add ssh-client source-interface CLI option`` * :vytask:`T4947` ``Support mounting container volumes as ro or rw`` * :vytask:`T4948` ``pppoe: add CLI option to allow definition of host-uniq flag`` * :vytask:`T4949` ``Backport "monitor log" and "show log" op-mode definitions from current to equuleus`` * :vytask:`T4959` ``Add container registry authentication config for containers`` * :vytask:`T4971` ``Radius attribute "Framed-Pool" for PPPoE`` * :vytask:`T5033` ``generate-public-key command fails for address with multiple public keys like GitHub`` * :vytask:`T5098` ``PPPoE client holdoff configuration`` **Bug fixes** * :vytask:`T2118` ``Failure to boot after power outage due to dirty filesystem and no fsck in initramfs`` * :vytask:`T2189` ``Adding a large port-range will take ~ 20 minutes to commit`` * :vytask:`T2516` ``vyos-container: cannot configure ethernet interface`` * :vytask:`T2838` ``Ethernet device names changing, multiple hw-id being added`` * :vytask:`T3852` ``DHCP client issue - interface has two dhclient processes when link is unpluged and then plug again`` * :vytask:`T4117` ``Does not possible to configure PoD/CoA for L2TP vpn`` * :vytask:`T4153` ``Monitor bandwidth-test initiate not working`` * :vytask:`T4177` ``Strip-private doesn't work for service monitoring`` * :vytask:`T4312` ``Telegraf configuration doesn't accept IPs for URL`` * :vytask:`T4533` ``Radius clients don’t have simple permissions`` * :vytask:`T4582` ``Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs`` * :vytask:`T4628` ``ConfigTree() throws ValueError() if tagNode contains whitespaces`` * :vytask:`T4630` ``Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time`` * :vytask:`T4642` ``proxy: hyphen not allowed in proxy URL`` * :vytask:`T4648` ``PPPoE: Ignore default router from RA when PPPoE default-route is set to none`` * :vytask:`T4664` ``Add validation to reject whitespace in tag node value names`` * :vytask:`T4668` ``Adding/removing members from bond doesn't work/results in incorrect interface state`` * :vytask:`T4671` ``linux-firmware package is missing symlinks defined in WHENCE file`` * :vytask:`T4679` ``OpenVPN site-to-site incorrect check for IPv6 local and remote address`` * :vytask:`T4680` ``Telegraf prometheus-client listen-address invalid format`` * :vytask:`T4702` ``Wireguard peers configuration is not synchronized with CLI`` * :vytask:`T4709` ``TCP MSS clamping broken in equuleus`` * :vytask:`T4730` ``Conntrack-sync error - listen-address is not the correct type in config as it should be`` * :vytask:`T4737` ``FRRouting/zebra 7.5.1 does not redistribute routes to other protocols`` * :vytask:`T4799` ``PowerDNS >= 4.7 does not get reloaded by vyos-hostsd`` * :vytask:`T4872` ``Op-mode show openvpn misses a case when parsing for tunnel IP`` * :vytask:`T4884` ``Missing a community6 in snmpd config`` * :vytask:`T4896` ``ospfv3: Fix broken not-advertise option`` * :vytask:`T4902` ``snmpd: exclude container storage from monitoring`` * :vytask:`T4918` ``Odd show interface behavior`` * :vytask:`T4939` ``VRRP command no-preempt not work as expected`` * :vytask:`T4955` ``Openconnect radiusclient.conf generating with extra authserver`` * :vytask:`T4975` ``CLI does not work after cutting off the power or reset`` * :vytask:`T4978` ``KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536`` * :vytask:`T4992` ``Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set`` * :vytask:`T4993` ``Can't delete conntrack ignore rule`` * :vytask:`T5009` ``op-mode command: restart dhcp relay-agent not working`` * :vytask:`T5011` ``Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped`` * :vytask:`T5017` ``Bug with validator interface-name`` * :vytask:`T5047` ``Recreate only a specific container`` * :vytask:`T5066` ``Different GRE tunnel but same tunnel keys error`` * :vytask:`T5136` ``Possible config corruption on upgrade`` * :vytask:`T5152` ``Telegraf agent hostname isn't qualified`` * :vytask:`T5175` ``http-api: error in MultiPart parser for FastAPI version >= 0.91.0`` * :vytask:`T5176` ``http-api: update vyos-http-api-tools for FastAPI security vulnerability`` * :vytask:`T5186` ``QoS test cannot pass for 1.3`` **Other resolved issues** * :vytask:`T1288` ``FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)`` * :vytask:`T1875` ``Add the ability to use network address as BGP neighbor (bgp listen range)`` * :vytask:`T2913` ``Failure to install fpm while building builder docker image`` * :vytask:`T3083` ``Add feature event-handler`` * :vytask:`T3608` ``Standardize warnings from configure scripts`` * :vytask:`T3810` ``webproxy squidguard rules don't work properly after rewriting to python.`` * :vytask:`T4122` ``interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)`` * :vytask:`T4262` ``install image doesn't respect chosen root partition size`` * :vytask:`T4381` ``OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command`` * :vytask:`T4511` ``IPv6 DNS lookup`` * :vytask:`T4625` ``Update ocserv to current revision (1.1.6)`` * :vytask:`T4652` ``Upgrade PowerDNS recursor to 4.7 series`` * :vytask:`T4798` ``Migrate the file-exists validator away from Python`` * :vytask:`T4832` ``dhcp: Add IPv6-only dhcp option support (RFC 8925)`` * :vytask:`T4875` ``Replace Python validator 'interface-name' to avoid Python startup cost`` * :vytask:`T4900` ``Cache intermediary results of get_config_diff in Config instance`` * :vytask:`T4906` ``ipsec connections shows only one connection as up`` * :vytask:`T4925` ``Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2`` * :vytask:`T4999` ``vyos.util backport dict_search_recursive`` * :vytask:`T5007` ``Interface multicast setting is invalid`` * :vytask:`T5008` ``MACsec CKN of 32 chars is not allowed in CLI, but works fine`` * :vytask:`T5111` ``pppd-dns.service startup failed`` * :vytask:`T5243` ``Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus`` 1.3.2 (7th November 2022) ========================= **New features and improvements** * :vytask:`T1375` ``Add clear dhcp server lease function`` * :vytask:`T2580` ``Support for ip pools for ippoe`` * :vytask:`T2683` ``no dual stack in system static-host-mapping host-name`` * :vytask:`T2763` ``New SNMP resource request - SNMP over TCP`` * :vytask:`T3318` ``Update Linux Kernel to v5.4.208 / 5.10.142`` * :vytask:`T3785` ``Add unicode support to configtree backend`` * :vytask:`T4260` ``Extend vyos.configdict.node_changed() to support recursiveness`` * :vytask:`T4315` ``Telegraf - Output to prometheus`` * :vytask:`T4336` ``isis: add support for MD5 authentication password on a circuit`` * :vytask:`T4346` ``Deprecate "system ipv6 disable" option to disable address family within OS kernel`` * :vytask:`T4373` ``PPPoE-server add multiplier option for shaper`` * :vytask:`T4395` ``Extend show vpn debug`` * :vytask:`T4421` ``Add support for floating point numbers in the numeric validator`` * :vytask:`T4442` ``HTTP API add action "reset"`` * :vytask:`T4456` ``NTP client in VRF tries to bind to interfaces outside VRF, logs many messages`` * :vytask:`T4489` ``MPLS sysctl not persistent for tunnel interfaces`` * :vytask:`T4507` ``IPoE-server add multiplier option for shaper`` * :vytask:`T4509` ``Feature Request: DNS64`` * :vytask:`T4515` ``Reduce telegraf binary size`` * :vytask:`T4522` ``bond: add ability to specify mii monitor interval via CLI`` * :vytask:`T4584` ``hostap: create custom package build`` * :vytask:`T4614` ``OpenConnect split-dns directive`` * :vytask:`T4647` ``Add Google Virtual NIC (gVNIC) support`` **Bug fixes** * :vytask:`T2194` ``"show firewall" garbled output`` * :vytask:`T2654` ``Multiple names unable to be assigned to the same static mapping`` * :vytask:`T3507` ``Bond with mode LACP show u/u in show interfaces even if peer is not configured`` * :vytask:`T3714` ``Some sysctl custom parameters disappear after reboot`` * :vytask:`T4206` ``Policy Based Routing with DHCP Interface Issue`` * :vytask:`T4230` ``OpenVPN server configuration deleted after reboot when using a VRRP virtual-address`` * :vytask:`T4294` ``Adding a new openvpn-option does not restart the OpenVPN process`` * :vytask:`T4313` ``"generate public-key-command" throws unhandled exceptions when it cannot retrieve the key`` * :vytask:`T4319` ``The command "set system ipv6 disable" doesn't work as expected.`` * :vytask:`T4324` ``wwan: check alive script should only be run via cron if a wwan interface is configured at all`` * :vytask:`T4330` ``MTU settings cannot be applied when IPv6 is disabled`` * :vytask:`T4331` ``IPv6 link local addresses are not configured when an interface is in a VRF`` * :vytask:`T4337` ``isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError`` * :vytask:`T4338` ``wwan: changing interface description should not trigger reconnect`` * :vytask:`T4339` ``wwan: tab-completion results in "No such file or directory" if there is no WWAN interface`` * :vytask:`T4341` ``login: disable user-account prior to deletion and wait until deletion is complete`` * :vytask:`T4350` ``DMVPN opennhrp spokes dont work behind NAT`` * :vytask:`T4354` ``Slave interfaces fall out from bonding during configuration change`` * :vytask:`T4361` ```vyos.config.exists()` does not work for nodes with multiple values`` * :vytask:`T4363` ``salt-minion: default mine_interval option is not set`` * :vytask:`T4366` ``geneve: interface is removed on changes to e.g. description`` * :vytask:`T4369` ``OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node`` * :vytask:`T4388` ``dhcp-server: missing constraint on tftp-server-name option`` * :vytask:`T4405` ``DHCP client sometimes ignores `no-default-route` option of an interface`` * :vytask:`T4441` ``wwan: connection not possible after a change added after 1.3.1-S1 release`` * :vytask:`T4447` ``DHCPv6 prefix delegation `sla-id` limited to 128`` * :vytask:`T4468` ``web-proxy source group cannot start with a number bug`` * :vytask:`T4510` ``set system static-host-mapping doesn't allow IPv4 and IPv6 for same name.`` * :vytask:`T4513` ``Webproxy monitor commands do not work`` * :vytask:`T4521` ``bond: ARP monitor interval is not configured despite set via CLI`` * :vytask:`T4525` ``Delete interface from VRF and add it to bonding error`` * :vytask:`T4527` ``Prevent to create VRF name default`` * :vytask:`T4532` ``Flow-accounting IPv6 server/receiver bug`` * :vytask:`T4534` ``bond: bridge: error out if member interface is assigned to a VRF instance`` * :vytask:`T4537` ``MACsec not working with cipher gcm-aes-256`` * :vytask:`T4538` ``Macsec does not work correctly when the interface status changes.`` * :vytask:`T4565` ``vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249`` * :vytask:`T4572` ``Add an option to force interface MTU to the value received from DHCP`` * :vytask:`T4579` ``bridge: can not delete member interface CLI option when VLAN is enabled`` * :vytask:`T4592` ``macsec: can not create two interfaces using the same source-interface`` * :vytask:`T4616` ``openconnect: KeyError: 'local_users'`` * :vytask:`T4618` ``Traffic policy not set on virtual interfaces`` * :vytask:`T4632` ``VLAN-aware bridge not working`` * :vytask:`T4653` ``Interface offload options are not applied correctly`` * :vytask:`T4666` ``EAP-TLS no longer allows TLSv1.0 after T4537, T4584`` **Other resolved issues** * :vytask:`T4415` ``Include license/copyright files in the image but remove user documentation from /usr/share/doc to reduce its size`` * :vytask:`T4430` ``Show firewall output with visual shift default rule`` * :vytask:`T4629` ``Raised ConfigErrors contain dict instead of only the dict key`` * :vytask:`T4654` ``RPKI cache incorrect description`` 1.3.1 (21th March 2022) ======================= **Security** * :vytask:`T4204` ``Update Accel-PPP to a newer revision`` * :vytask:`T4310` ``CVE-2022-0778: infinite loop in OpenSSL certificate parsing`` * :vytask:`T4311` ``CVE-2021-4034: local privilege escalation in PolKit`` **Configuration syntax changes (automatically migrated)** * :vytask:`T1972` ``Allow setting interface name for virtual_ipaddress in VRRP VRID`` * :vytask:`T4273` ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config`` **New features and improvements** * :vytask:`T1972` ``Allow setting interface name for virtual_ipaddress in VRRP VRID`` * :vytask:`T2400` ``OpenVPN: dont restart server if no need`` * :vytask:`T2764` ``Increase maximum number of NAT rules`` * :vytask:`T3164` ``console-server ssh does not work with RADIUS PAM auth`` * :vytask:`T3299` ``Allow the web proxy service to listen on all IP addresses`` * :vytask:`T3854` ``Missing op-mode commands for conntrack-sync`` * :vytask:`T3872` ``Add configurable telegraf monitoring service`` * :vytask:`T4055` ``Add VRF support for HTTP(S) API service`` * :vytask:`T4100` ``Firewall increase maximum number of rules`` * :vytask:`T4120` ``[VXLAN] add ability to set multiple unicast-remotes`` * :vytask:`T4128` ``keepalived: Upgrade package to add VRF support`` * :vytask:`T4261` ``MACsec: add DHCP client support`` **Bug fixes** * :vytask:`T2922` ``The `vpn ipsec logging log-modes` miss the IPSec daemons state check`` * :vytask:`T3380` ``"show vpn ike sa" does not display IPv6 peers`` * :vytask:`T3686` ``Bridging OpenVPN tap with no local-address breaks`` * :vytask:`T3914` ``VRRP rfc3768-compatibility doesn't work with unicast peers`` * :vytask:`T3924` ``VRRP stops working with VRF`` * :vytask:`T4002` ``firewall group network-group long names restriction incorrect behavior`` * :vytask:`T4081` ``VRRP health-check script stops working when setting up a sync group`` * :vytask:`T4087` ``IPsec IKE-group proposals limit of 10 pieces`` * :vytask:`T4092` ``IKEv2 mobike commit failed with DMVPN nhrp`` * :vytask:`T4093` ``SNMPv3 snmpd.conf generation bug`` * :vytask:`T4101` ``commit-archive: Use of uninitialized value $source_address in concatenation`` * :vytask:`T4104` ``RAID1: "add raid md0 member sda1" does not restore boot sector`` * :vytask:`T4110` ``[IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0`` * :vytask:`T4141` ``Set high-availability vrrp sync-group without members error`` * :vytask:`T4142` ``Input ifbX interfaces not displayed in op-mode`` * :vytask:`T4152` ``NHRP shortcut-target holding-time does not work`` * :vytask:`T4154` ``Error add second gre tunnel with the same source interface`` * :vytask:`T4165` ``Custom conntrack rules cannot be deleted`` * :vytask:`T4168` ``IPsec VPN is impossible to restart when DMVPN is configured`` * :vytask:`T4183` ``IPv6 link-local address not accepted as wireguard peer`` * :vytask:`T4184` ``NTP allow-clients address doesn't work it allows to use ntp server for all addresses`` * :vytask:`T4191` ``Lost access to host after VRF re-creating`` * :vytask:`T4196` ``DHCP server client-prefix-length parameter results in non-functional leases`` * :vytask:`T4203` ``Reconfigure DHCP client interface causes brief outages`` * :vytask:`T4226` ``VRRP transition-script does not work for groups name which contains -(minus) sign`` * :vytask:`T4228` ``bond: OS error thrown when two bonds use the same member`` * :vytask:`T4233` ``ssh: sync regex for allow/deny usernames to "system login"`` * :vytask:`T4234` ``Show firewall partly broken in 1.3.x`` * :vytask:`T4237` ``Conntrack-sync error - error adding listen-address command`` * :vytask:`T4240` ``Cannot add wlan0 to bridge via configure`` * :vytask:`T4241` ``ocserv openconnect looks broken in recent bulds of 1.3 Equuleus`` * :vytask:`T4242` ``ethernet speed/duplex can never be switched back to auto/auto`` * :vytask:`T4258` ``[DHCP-SERVER] error parameter on Failover`` * :vytask:`T4259` ``The conntrackd daemon can be started wrongly`` * :vytask:`T4263` ``vyos.util.leaf_node_changed() dos not honor valueLess nodes`` * :vytask:`T4264` ``vxlan: interface is destroyed and rebuild on description change`` * :vytask:`T4267` ``Error - Missing required "ip key" parameter`` * :vytask:`T4273` ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config`` * :vytask:`T4297` ``Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings`` * :vytask:`T4377` ``generate tech-support archive includes previous archives`` **Other resolved issues** * :vytask:`T4227` ``Typo in help completion of hello-time option of bridge interface`` * :vytask:`T4255` ``Unexpected print of dict bridge on delete`` * :vytask:`T4476` ``Next steps after installation is not communicated properly to new users`` 1.3.0 (21th December 2021) ========================== **Breaking changes** * :vytask:`T3350` ``OpenVPN config file generation broken`` * :vytask:`T3866` ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax`` **Configuration syntax changes (automatically migrated)** * :vytask:`T2162` ``migration script for router-advert sets link-mtu 0 on bridge interfaces`` * :vytask:`T2691` ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch`` * :vytask:`T3293` ``RPKI migration script errors out after CLI rewrite`` **New features and improvements** * :vytask:`T3704` ``Add ability to interact with Areca RAID adapers`` * :vytask:`T3745` ``op-mode IPSec show vpn ipse sa sorting`` * :vytask:`T3912` ``Use a more informative default post-login banner`` * :vytask:`T3945` ``Add route-map for bgp aggregate-address`` * :vytask:`T3971` ``Ability to build ISO images for XCP-NG hypervisor`` * :vytask:`T4012` ``Add VRF support for TFTP`` * :vytask:`T4013` ``Add pkg cloudwatch for AWS images`` * :vytask:`T4046` ``Sflow - Add Source address parameter`` * :vytask:`T4049` ``support command-style output with compare command`` * :vytask:`T4082` ``Add op mode command to restart ldpd`` * :vytask:`T4084` ``Dehardcode the default login banner`` **Bug fixes** * :vytask:`T1624` ``Failed to set up config session`` * :vytask:`T1710` ``[equuleus] buster: add patch to fix live-build missing key error`` * :vytask:`T1847` ``set_level incorrectly handles path given as empty string`` * :vytask:`T1876` ``IPSec VTI tunnels are deleted after rekey and dangling around as A/D`` * :vytask:`T2009` ``Ethernet Interface always stays down`` * :vytask:`T2022` ``When RADIUS config is active, local logins won't work`` * :vytask:`T2082` ``WireGuard broken after merging T2057`` * :vytask:`T2158` ``Commit fails if ethernet interface doesn't support flow control (pause)`` * :vytask:`T2162` ``migration script for router-advert sets link-mtu 0 on bridge interfaces`` * :vytask:`T2164` ``Package libstrongswan-standard-plugins missing from image`` * :vytask:`T2167` ``vyos.ifconfig.get_mac() broken`` * :vytask:`T2176` ``'WiFiIf' object has no attribute 'set_state'`` * :vytask:`T2177` ``Commit fails on adding disabled interface to bridge`` * :vytask:`T2241` ``Changing settings on an interface causes it to fall out of bridge`` * :vytask:`T2273` ``OpenVPN no longer starts in latest rolling, migrate to systemd`` * :vytask:`T2283` ``openvpn not starting: ccd path in template not moved to /run/openvpn/ccd`` * :vytask:`T2293` ``OpenVPN: UnboundLocalError after merging server_network PullRequest`` * :vytask:`T2318` ``dns-forwarding migration script breaks with invalid interface name`` * :vytask:`T2337` ``hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028`` * :vytask:`T2427` ``Interface addressing broken since fix for T2372 was merged`` * :vytask:`T2466` ``live-build encounters apt dependency problem when building with local packages`` * :vytask:`T2578` ``ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses`` * :vytask:`T2600` ``RADIUS system login configuration rendered wrongly`` * :vytask:`T2624` ``Serial Console: fix migration script for configured powersave and no console`` * :vytask:`T2642` ``sshd fails to start due to configuration error`` * :vytask:`T2678` ``High RAM usage on SSH logins with lots of IPv6 routes in the routing table.`` * :vytask:`T2682` ``VRF aware services - connection no longer possible after system reboot`` * :vytask:`T2691` ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch`` * :vytask:`T2746` ``IPv6 link-local addresses not configured`` * :vytask:`T2758` ``router-advert: 'infinity' is not a valid integer number`` * :vytask:`T2886` ``RADIUS authentication broken only returns operator level`` * :vytask:`T2894` ``bond: lacp: member interfaces get removed once bond interface has vlans configured`` * :vytask:`T2952` ``configd: timeout breaks synchronization of messages, causing freeze`` * :vytask:`T3208` ``Does not possible to change user password`` * :vytask:`T3350` ``OpenVPN config file generation broken`` * :vytask:`T3370` ``dhcp: Invalid domain name "private"`` * :vytask:`T3699` ``login: verify selected "system login user" name is not already used by the base system.`` * :vytask:`T3707` ``Ping incorrect ip host checks`` * :vytask:`T3822` ``OpenVPN processes do not have permission to read key files generated with `run generate openvpn key``` * :vytask:`T3866` ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax`` * :vytask:`T3886` ``DHCP server can not start`` * :vytask:`T3887` ``Removal of IPv6 BGP-peer with peer-group may trigger problems`` * :vytask:`T3913` ``VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2`` * :vytask:`T3934` ``Openconnect VPN broken: ocserv-worker general protection fault on client connect`` * :vytask:`T3962` ``Image cannot be built without open-vm-tools`` * :vytask:`T3972` ``Removing vif-c interface raises KeyError`` * :vytask:`T4015` ``Update Accel-PPP to a newer revision`` * :vytask:`T4019` ``Smoketests for SSTP and openconnect fails`` * :vytask:`T4033` ``VRRP - Error security when setting scripts`` * :vytask:`T4035` ``Geneve interfaces aren't displayed by operational mode commands`` * :vytask:`T4052` ``Validator return traceback on VRRP configuration with the script path not in config dir`` * :vytask:`T4053` ``VRRP impossible to set scripts out of the /config directory`` * :vytask:`T4167` ``DMVPN apply wrong param on the first configuration`` * :vytask:`T4201` ``Firewall - ICMPv6 matches not working as expected on 1.3.0`` * :vytask:`T4268` ``Elevated LA while using VyOS monitoring feature`` * :vytask:`T4296` ``Interface config injected by Cloud-Init may interfere with VyOS native`` * :vytask:`T4344` ``DHCP statistics not matching, conf-mode generates incorrect pool name with dash`` * :vytask:`T4571` ``Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces`` **Other resolved issues** * :vytask:`T1497` ``"set system name-server" generates invalid/incorrect resolv.conf`` * :vytask:`T1606` ``Rolling release no longer boots after adding hostname daemon`` * :vytask:`T1676` ``[equuleus] buster: update GRUB boot parameters during upgrade`` * :vytask:`T2129` ``XML schema: tagNode not allowed on first level in new XML op-mode definition`` * :vytask:`T2389` ``BGP community-list unknown command`` * :vytask:`T2722` ``get_config_dict() and key_mangling=('-', '_') will alter CLI data for tagNodes`` * :vytask:`T3182` ``Main blocker Task for FRR 7.4/7.5 series update`` * :vytask:`T3293` ``RPKI migration script errors out after CLI rewrite`` * :vytask:`T3302` ``Make vyos-configd relay stdout from scripts to the user's console`` * :vytask:`T3687` ``IS-IS is missing IPv6 support`` * :vytask:`T3689` ``static ipv6 route doesn't deleted in some cases`` * :vytask:`T3695` ``OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues`` * :vytask:`T3697` ``Impossible to delete IPsec completely`` * :vytask:`T3711` ``service router-advert interface dnssl option has no effects`` * :vytask:`T3725` ``show configuration in json format`` * :vytask:`T3735` ``Configuration with multiple network addresses of firewall network-group via colud-init fails`` * :vytask:`T4065` ``IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory`` * :vytask:`T4088` ``Fix typo in login banner`` * :vytask:`T4115` ``reboot in not working as expected`` * :vytask:`T4198` ``Error shown on commit`` 1.3.0-epa3 (5th November 2021) ============================== **Configuration syntax changes (automatically migrated)** * :vytask:`T3925` ``Tunnel: dhcp-interface not implemented - use source-interface instead`` **New features and improvements** * :vytask:`T3927` ``Kernel: Enable kernel support for HW offload of the TLS protocol`` * :vytask:`T3942` ``Generate IPSec debug archive from op-mode`` **Bug fixes** * :vytask:`T3610` ``DHCP-Server creation for not primary IP address fails`` * :vytask:`T3846` ``dmvpn configuration not reapllied after "restart vpn"`` * :vytask:`T3921` ``tunnel: KeyError when using dhcp-interface`` * :vytask:`T3922` ``NHRP: delete fails`` * :vytask:`T3925` ``Tunnel: dhcp-interface not implemented - use source-interface instead`` * :vytask:`T3926` ``strip-private does not sanitize "cisco-authentication" from NHRP configuration`` * :vytask:`T3941` ``"show vpn ipsec sa" shows established time of parent SA not child SA's`` * :vytask:`T3943` ``"netflow source-ip" prevents image upgrades if IP address does not exist locally`` * :vytask:`T3944` ``VRRP fails over when adding new group to master`` * :vytask:`T3954` ``FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error`` * :vytask:`T3956` ``GRE tunnel - unable to move from source-interface to source-address, commit error`` * :vytask:`T4004` ``IPsec ike-group parameters are not saved correctly (after reboot)`` * :vytask:`T4034` ``"make xcp-ng-iso" still includes vyos-xe-guest-utilities`` **Other resolved issues** * :vytask:`T3188` ``Tunnel local-ip to dhcp-interface Change Fails to Update`` * :vytask:`T3341` ``Wrong behavior of the "reset vpn ipsec-peer XXX tunnel XXX" command`` * :vytask:`T3626` ``Configuring and disabling DHCP Server`` * :vytask:`T3918` ``DHCPv6 prefix delegation incorrect verify error`` * :vytask:`T3920` ``dhclient exit hook script 01-vyos-cleanup causes too many arguments error`` * :vytask:`T3990` ``WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)`` * :vytask:`T4005` ``Feature Request: IPsec IKEv1 + IKEv2 for one peer`` 1.3.0-epa2 (18th October 2021) ============================== **New features and improvements** * :vytask:`T3277` ``DNS Forwarding - reverse zones`` * :vytask:`T3885` ``dhcpv6-pd: randomly generated DUID is not persisted`` * :vytask:`T3890` ``dhcp(v6): provide op-mode commands to retrieve both server and client logfiles`` * :vytask:`T3899` ``Add support for hd44780 LCD displays`` **Bug fixes** * :vytask:`T3750` ``pdns-recursor 4.4 issue with dont-query and private DNS servers`` * :vytask:`T3874` ``D-Link Ethernet Interface not working.`` * :vytask:`T3877` ``VRRP always enabled rfc3768-compatibility even when not specified`` * :vytask:`T3878` ``get_config_dict() no_tag_node_value_mangle has no effect`` * :vytask:`T3879` ``GPG key verification fails when upgrading from a 1.3 beta version`` * :vytask:`T3883` ``VRF - Delette vrf config on interface`` * :vytask:`T3893` ``MGRE Tunnel commit crash If sit tunnel available`` * :vytask:`T3894` ``Tunnel Commit Failed if system does not have `eth0``` * :vytask:`T3904` ``NTP pool associations silently fail`` **Other resolved issues** * :vytask:`T3422` ``Dynamic DNS doesn't allow zone field with cloudflare protocol`` * :vytask:`T3425` ``Scripts from the /config/scripts/ folder do not run on live system`` * :vytask:`T3880` ``EFI boot shows error on display`` * :vytask:`T3882` ``Upgrade PowerDNs recursor to 4.5 series`` * :vytask:`T3888` ``Incorrect warning when poweroff command executed from configure mode.`` * :vytask:`T3889` ``Migrate to journalctl when reading daemon logs`` 1.3.0-epa1 (30th September 2021) ================================ **Configuration syntax changes (automatically migrated)** * :vytask:`T3672` ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output`` * :vytask:`T3779` ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF`` * :vytask:`T3804` ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"`` * :vytask:`T3842` ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus`` **New features and improvements** * :vytask:`T1099` ``Openvpn: use config files instead of one long command.`` * :vytask:`T1154` ``use of local cache to build iso`` * :vytask:`T1176` ``FRR - BGP replicating routes`` * :vytask:`T1350` ``VRRP transition script will be executed once only`` * :vytask:`T3716` ``Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections`` * :vytask:`T3779` ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF`` * :vytask:`T3789` ``Add custom validator for base64 encoded CLI data`` * :vytask:`T3803` ``Add source-address option to the ping CLI`` * :vytask:`T3804` ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"`` * :vytask:`T3840` ``dns forwarding: Cache size should allow values > 10k`` * :vytask:`T3841` ``dhcp-server: add ping-check option to CLI`` * :vytask:`T3842` ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus`` * :vytask:`T3857` ``reboot: send wall message to all users for information`` * :vytask:`T3859` ``Add "log-adjacency-changes" to ospfv3 process`` **Bug fixes** * :vytask:`T945` ``Unable to change configuration after changing it from script (vbash + script-template)`` * :vytask:`T1148` ``epa2 BGP peers initiate before config is fully loaded, routes leak.`` * :vytask:`T1249` ``multiple PBR rules can set to a single interface`` * :vytask:`T1894` ``FRR config not loaded after daemons segfault or restart`` * :vytask:`T2019` ``LLDP wrong config generation for interface 'all'`` * :vytask:`T2127` ``restart dhcp server reports a failure`` * :vytask:`T2161` ``snmpd cannot start if ipv6 disabled`` * :vytask:`T2328` ``dhcpv6 server not starting (disable check reversed?)`` * :vytask:`T2430` ``cannot delete specific route static next-hop`` * :vytask:`T2432` ``dhcpd: Can't create new lease file: Permission denied`` * :vytask:`T2434` ``Duplicate Address Detection Breaks Interfaces`` * :vytask:`T2525` ``OSPFv3 missing route map, not establishing`` * :vytask:`T2623` ``Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”`` * :vytask:`T2738` ``Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization`` * :vytask:`T2759` ``validate-value prints error messages from validators that fail even if overall validation succeeds`` * :vytask:`T2800` ``Pseudo-Ethernet: source-interface must not be member of a bridge`` * :vytask:`T2895` ``VPN IPsec "leftsubnet" declared 2 times`` * :vytask:`T2920` ``Commit crash when adding the second mGRE tunnel with the same key`` * :vytask:`T2931` ``Unicode decode error causes vyos.configd service to restart`` * :vytask:`T2941` ``Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py`` * :vytask:`T3076` ``Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration`` * :vytask:`T3196` ``No NAT translations showing up`` * :vytask:`T3219` ``Typo in openvpn server client config for IPv6 iroute`` * :vytask:`T3601` ``Error in ssh keys for vmware cloud-init if ssh keys is left empty.`` * :vytask:`T3637` ``vrf: bind-to-all didn't work properly`` * :vytask:`T3672` ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output`` * :vytask:`T3708` ``isisd and gre-bridge commit error`` * :vytask:`T3731` ``verify_accel_ppp_base_service return wrong config error for SSP`` * :vytask:`T3738` ``openvpn fails if server and authentication are configured`` * :vytask:`T3740` ``HTTPs API breaks when the address is IPv6`` * :vytask:`T3756` ``VyOS generates invalid QR code for wireguard clients`` * :vytask:`T3772` ``VRRP virtual interfaces are not shown in show interfaces`` * :vytask:`T3773` ``Delete the "show system integrity" command (to prepare for a re-implementation)`` * :vytask:`T3777` ``adding IPv6 EUI64 address fails commit in 1.3.0-rc6`` * :vytask:`T3781` ``Revert the NAT implementation in 1.3 back to iptables`` * :vytask:`T3782` ``Ingress Shaping with IFB No Longer Functional with 1.3`` * :vytask:`T3783` ``"set protocols isis spf-delay-ietf" is not working`` * :vytask:`T3786` ``GRE tunnel source address 0.0.0.0 error`` * :vytask:`T3788` ``Keys are not allowed with ipip and sit tunnels`` * :vytask:`T3790` ``Does not possible to configure PPTP static ip-address to users`` * :vytask:`T3792` ``login: A hypen present in a username from "system login user" is replaced by an underscore`` * :vytask:`T3797` ``show interface errors with vrrp configuration`` * :vytask:`T3802` ``Commit fails if ethernet interface doesn't support flow control`` * :vytask:`T3805` ``OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface`` * :vytask:`T3806` ``Don't set link local ipv6 address if MTU less then 1280`` * :vytask:`T3807` ``Op Command "show interfaces wireguard" does not show the output`` * :vytask:`T3808` ``ipsec is mistakenly restarted after delete`` * :vytask:`T3816` ``Error after entering outbound-interface command in NAT`` * :vytask:`T3850` ``Dots are no longer allowed in SSH public key names`` * :vytask:`T3860` ``Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses`` * :vytask:`T3867` ``vxlan: multicast group address is not validated`` **Other resolved issues** * :vytask:`T1202` ``Add `hvinfo` to the packages directory`` * :vytask:`T1214` ``Add `ipaddrcheck` to the packages directory`` * :vytask:`T1236` ``Update Linux Kernel`` * :vytask:`T2027` ``get_config_dict is failing when the configuration section is empty/missing`` * :vytask:`T2555` ``XML op-mode generation scripts silently discard XML nodes`` * :vytask:`T2727` ``Add a dotted decimal value validator`` * :vytask:`T2927` ``isc-dhcpd release and expiry events never execute`` * :vytask:`T3217` ``Save FRR configuration on each commit`` * :vytask:`T3234` ``multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions`` * :vytask:`T3254` ``Dynamic DNS status shows incorrect last update time`` * :vytask:`T3291` ``Fault on setting offload RPS with single-core CPU`` * :vytask:`T3362` ``1.3 - RC1 ifb redirect failing to commit`` * :vytask:`T3381` ``Change GRE tunnel failed`` * :vytask:`T3396` ``syslog can't be configured with an ipv6 literal destination in 1.2.x`` * :vytask:`T3431` ``Show version all bug`` * :vytask:`T3537` ``Unable to override the default OSPFv3 link cost for wireguard interface`` * :vytask:`T3634` ``Add op command option for ping for do not fragment bit to be set`` * :vytask:`T3683` ``VXLAN not accept ipv6 and source-interface options and mtu bug`` * :vytask:`T3730` ``op-mode conntrack-sync miss some functions`` * :vytask:`T3732` ``override-default helper should support adding defaultValues to default less nodes`` * :vytask:`T3768` ``Remove early syntaxVersion implementation`` * :vytask:`T3776` ``Rename FRR daemon restart op-mode commands`` * :vytask:`T3814` ``wireguard: commit error showing incorrect peer name from the configured name`` * :vytask:`T3819` ``Upgrade Salt Stack 3002.3 -> 3003 release train`` * :vytask:`T3820` ``PowerDNS recursor - update from 4.3 -> 4.4 to sync with current``