########### 1.4 Sagitta ########### .. Please don't add anything by hand. This file is managed by the script: _ext/releasenotes.py 1.4.1 (future release) ====================== **Configuration syntax changes (automatically migrated)** * :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI`` **New features and improvements** * :vytask:`T5878` ``Make the list of SSH server ciphers configurable`` * :vytask:`T5949` ``Disable USB autosuspend`` * :vytask:`T6320` ``WiFi: Enable support for 6GHz AccesPoints`` * :vytask:`T6423` ``Require command definition nodes that have an owner to also have a priority`` * :vytask:`T6424` ``ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate`` * :vytask:`T6454` ``Explicitly set the default reverse proxy mode to HTTP`` * :vytask:`T6462` ``wireless: add op-mode command for hostapd and wpa_supplicant logs`` * :vytask:`T6473` ``bgp: missing completion helper for peer-groups inside a VRF`` * :vytask:`T6477` ``Adding Loki plugin to Telegraf`` * :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI`` * :vytask:`T6538` ``Allow adding a geneve interface to the vrf.`` * :vytask:`T6539` ``Add logging options to load-balancer reverse-proxy`` * :vytask:`T6566` ``op-mode: "monitor bandwidth" add support for listing all interfaces concurrently`` * :vytask:`T6576` ``op-mode: ntp: add support for NTP service restart via CLI`` * :vytask:`T6614` ``Initial support for smoketesting op-mode commands`` **Bug fixes** * :vytask:`T2145` ``openvpn: server default topology net30 is incompatible with static client IPs for Windows clients`` * :vytask:`T4287` ``wireless: cannot set regulatory domain`` * :vytask:`T5514` ``Improve error handling when/if config.boot is deleted or missing`` * :vytask:`T5552` ``'set system option performance throughput' enables IPv6 forwarding even if it's explicitly disabled with 'set system ipv6 disable-forwarding'`` * :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address`` * :vytask:`T5947` ``[1.3.2 -> 1.4.0-RC1 Migration] Static ipv6 routes dropped`` * :vytask:`T6148` ``Reset vpn ipsec command breaks tunnel and does not reset SAs that are down`` * :vytask:`T6332` ``IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr`` * :vytask:`T6401` ``Attempts to delete vlan-to-vni option causes an unhandled exception`` * :vytask:`T6429` ``bug - isis metric-style not applied configuration`` * :vytask:`T6431` ``monitor traceroute broken VRF support`` * :vytask:`T6453` ``GRUB variables with `=` in a value are parsed improperly`` * :vytask:`T6460` ``Showing DHCPv6 leases can fail due to DUID parsing issues`` * :vytask:`T6463` ``reverse-proxy: service not reloaded when updating SSL certificate via PKI`` * :vytask:`T6464` ``sstpc: interface not restarted when updating SSL certificate via PKI`` * :vytask:`T6480` ``PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/..../cert.pem`` * :vytask:`T6484` ``Smoketest fails: fastnetmon killed due to OOM`` * :vytask:`T6503` ``Command 'restart ssh' not working`` * :vytask:`T6519` ``interfaces: 20-to-21 -> migration fails if new system has less ethernet interfaces`` * :vytask:`T6523` ``Error: "nft table ip vyos_filter not found" when commiting prometheus-client`` * :vytask:`T6559` ``vyos-configd should return commit error on config dependency error`` * :vytask:`T6584` ``Revert addition of Linux Kernel MT7921 driver`` * :vytask:`T6593` ``Release DHCP interface does not work`` * :vytask:`T6600` ``ospf: smoketest "router ospf' not found in" for ldp sync`` * :vytask:`T6602` ``interfaces: verify supplied VRF name on all interface types`` * :vytask:`T6603` ``vrf: nftables conntrack ct_iface_map contains multiple identical entries`` * :vytask:`T6605` ```ConfigError()` behavior is wrong with running `vyos-configd``` * :vytask:`T6610` ``Missing minisign pub key from image`` **Other resolved issues** * :vytask:`T4026` ``PKI: generate pki certificate sign is not working`` * :vytask:`T5570` ``PAM config RADIUS ignore for default and success`` * :vytask:`T6290` ``SNMPD show logs systemstats_linux: unexpected header length`` * :vytask:`T6379` ``"generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients`` * :vytask:`T6446` ``Display the support URL from image build data in LTS builds`` * :vytask:`T6486` ``Generate openvpn client-config ignores configured protocol type`` * :vytask:`T6500` ``openconnect: add support for new multi ca-certificate CLI node`` * :vytask:`T6524` ``Rewrite "release dhcp interface " to Python to drop remaining Perl dependencies`` * :vytask:`T6592` ``Changing VRF on interface fails`` * :vytask:`T6594` ``IPoE-server extended-scripts do not work`` * :vytask:`T6597` ``wireless: hostapd occationly gets deactivated via systemd and causes loss in connectivity`` * :vytask:`T6598` ``Unexpected podman version 4.3.1`` 1.4.0 (4th June 2024) ===================== **New features and improvements** * :vytask:`T3202` ``Enable wireguard debug messages by default`` * :vytask:`T4022` ``Add package nat-rtsp-dkms`` * :vytask:`T4393` ``sstp: add support for configuring host-name (SNI)`` * :vytask:`T5386` ``Execute VRRP transition script when `set high-availability disable` is commited`` * :vytask:`T5752` ``Check compatibility of new image tools with XCP-NG images`` * :vytask:`T6293` ``add Mediatek MT7921 to defconfig`` * :vytask:`T6339` ``Display the flavor name and build comment in "show version"`` * :vytask:`T6395` ``Enable VFIO No-IOMMU support in kernel config`` **Bug fixes** * :vytask:`T4576` ``vpn l2tp logging level configuration`` * :vytask:`T5527` ``Adjust for change in coreutils behavior on overlayfs`` * :vytask:`T5939` ``[1.3.5 -> 1.4.0-RC1 Migration] as-path-list Entries Get Messed Up`` * :vytask:`T5940` ``[1.3.5 -> 1.4.0-RC1 Migration] commit-archive Fails to Migrate`` * :vytask:`T6038` ``Losing default route after first reboot (cloud-init & DHCP)`` * :vytask:`T6094` ``Destination Nat not Making Firewall Rules`` * :vytask:`T6225` ``Unhandled exception when configuring random-detect QoS policy`` * :vytask:`T6348` ``SNAT op-mode fails with flowtable offload entries`` * :vytask:`T6356` ``Correct the syntax of config.boot.default [..., 'ntp', 'server'] from leaf node with value to tag node`` * :vytask:`T6365` ``Negating interface names in NAT configuration causes invalid warnings`` * :vytask:`T6377` ``PermissionError on /config/auth/letsencrypt/live/ when running show pki`` * :vytask:`T6400` ``pki: unable to generate fingerprint for ACME issued certificates`` * :vytask:`T6402` ``Invalid variables referenced in reverse proxy validation`` * :vytask:`T6404` ``Include constraintGroup element in reference tree`` * :vytask:`T6407` ``Generate ipsec profile error`` * :vytask:`T6419` ``reverse-proxy: full CA chain is not build when verifying backend server`` * :vytask:`T6421` ``host-name has no explicit priority to be set on system boot`` **Other resolved issues** * :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6`` * :vytask:`T3493` ``DHCPv6 does not have prefix range validation`` * :vytask:`T4519` ``DHCPv6: "set show dhcpv6 server leases" should show DUID instead of IAID_DUID`` * :vytask:`T4909` ``Rewrite the NTP op mode in the new format`` * :vytask:`T5351` ``VyOS deployed with cloud-init improperly saves config.boot`` * :vytask:`T6022` ``set system image default-boot`` * :vytask:`T6048` ``Exception in event handler script`` * :vytask:`T6328` ``Add a warning message about deprecation of web proxy URL filtering`` * :vytask:`T6333` ``non-free-firmware to trixie`` * :vytask:`T6345` ``Source NAT Port Mapping setting of Fully-Random is superfluous in Kernels 5.0 onwards`` * :vytask:`T6346` ``Boot to multi-user.target instead of graphical.target`` * :vytask:`T6358` ``Container config option to enable host pid`` * :vytask:`T6367` ``op-mode: commit-archive: TypeError: attribute name must be string, not 'NoneType'`` * :vytask:`T6383` ``Incorrect completion for rollback-soft`` * :vytask:`T6384` ``rollback-soft should tell the user to compare and commit`` * :vytask:`T6391` ``load-balancing reverse-proxy: typo in timeout help`` * :vytask:`T6396` ``MINOR Typo: set system conntrack timeout custom ipv4 rule X`` * :vytask:`T6409` ``Remove unused parameter node from reverse-proxy backend`` 1.4.0-epa3 (14th May 2024) ========================== **Security** * :vytask:`T6324` ``CVE-2024-2961`` **Configuration syntax changes (automatically migrated)** * :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options`` * :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"`` * :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"`` * :vytask:`T6216` ``Firewall group names that contain the '+' character break the config`` * :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta`` **New features and improvements** * :vytask:`T4309` ``Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore"`` * :vytask:`T4903` ``Support IPv6 addresses in "set system conntrack ignore"`` * :vytask:`T5364` ``Make it possible to set the PADO delay to 0`` * :vytask:`T6127` ``Ability to view logs for rules with Offload not functional`` * :vytask:`T6133` ``Add domain-name to commit-archive`` * :vytask:`T6143` ``Increase configuration timeout range for service config-sync`` * :vytask:`T6154` ``Installer should ask for password twice`` * :vytask:`T6161` ``Add support for displaying container image data in JSON`` * :vytask:`T6162` ``ixgbe: Add 1000BASE-BX support`` * :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"`` * :vytask:`T6176` ``image-tools: rationalize setting of console type`` * :vytask:`T6184` ``image-tools: add op-mode command to set default boot console type`` * :vytask:`T6192` ``Support running SSH server in more than one VRF`` * :vytask:`T6226` ``Add "tcp-requece inspect-delay" to reverse proxy`` * :vytask:`T6257` ``Add op mode commands for dynamic firewall address groups`` * :vytask:`T6258` ``Add IPv6 base-reachable-time option to interfaces`` * :vytask:`T6260` ``image-tools: remove the image directory if it fails to install due to insufficient drive space`` * :vytask:`T6267` ``Improve commit failure messages for wireless interface configuration`` * :vytask:`T6278` ``Attempt hint for console type during image install`` * :vytask:`T6291` ``Add op mode commands for displaying LACP information for bonding interfaces`` * :vytask:`T6306` ``EVPN-MH - missing options in uplink ports`` **Bug fixes** * :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c`` * :vytask:`T3655` ``NAT doesn't work correctly with VRF`` * :vytask:`T4718` ``DHCP server listen-address doesn't take effect if the interface is in a VRF`` * :vytask:`T5164` ``op cmd: "show dhcp server leases state" with available options does not show any result`` * :vytask:`T5862` ``Default MTU is not acceptable in some environments`` * :vytask:`T5875` ``login: removing and re-adding a user keeps the home directory but changes the UID, thus SSH keys no longer work`` * :vytask:`T5996` ``Incorrect behavior for backslash escapes in config save and compare commands`` * :vytask:`T6082` ``BGP doesn't allow the same local AS and remote AS in peer groups`` * :vytask:`T6085` ``VTI interfaces are in UP state by default`` * :vytask:`T6089` ``[1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added`` * :vytask:`T6090` ``Migration of "policy route" configs fails due to TCP flag case sensitivity`` * :vytask:`T6100` ``NAT config migration error in 1.4.0-epa1 if invalid address/network defined in 1.3.6 version`` * :vytask:`T6106` ``Improve the commit error message for the case when route-reflector-client option is defined in a peer-group`` * :vytask:`T6119` ``Use a compliant TOML parser`` * :vytask:`T6130` ``[1.3.6->1.4.0-epa2 Migration] BGP "set community" missing`` * :vytask:`T6131` ``Disabling openvpn interface(s) causes OSPF to fail to load on reboot`` * :vytask:`T6136` ``Configuring a dynamic address group, config script did not check whether the group was created`` * :vytask:`T6138` ``Conntrack table op-mode fails with flowtable offload entries`` * :vytask:`T6145` ``Service config-sync does not rely on priorities`` * :vytask:`T6147` ``Conntrack not working as expected with global state-policy`` * :vytask:`T6149` ``Update node_data when merging nodes in reference tree generation`` * :vytask:`T6152` ``Kernel panic for ZimaBoard 232`` * :vytask:`T6160` ``Unhandled exception when configuring IS-IS`` * :vytask:`T6165` ``grub: vyos-grub-update failed to start on "slow" systems`` * :vytask:`T6167` ``VNI not set on VRF after reboot`` * :vytask:`T6168` ``"add system image" does not set the default boot image to the current console type in compatibility mode`` * :vytask:`T6169` ``DNS forwarding configuration rejects underscores in SRV records`` * :vytask:`T6173` ``Build Causes Errors When "--version" Contains Slashes ("/")`` * :vytask:`T6175` ``op-mode: "renew dhcp interface " does not check if it's an actual DHCP interface`` * :vytask:`T6178` ``reverse-proxy doesn't check that a certificate exists at set time`` * :vytask:`T6179` ``Incorrect HAProxy config generated for reverse-proxy rules with url-path`` * :vytask:`T6186` ``'set system image default-boot' fails to find images that actually do exist in the system`` * :vytask:`T6189` ``BGP L3VPN connectivity is broken after re-enabling VRF`` * :vytask:`T6191` ``Policy route set-mss option is not working correctly`` * :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces`` * :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time`` * :vytask:`T6197` ``Validation error in the IPoE server interface client-subnet option`` * :vytask:`T6202` ``Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1`` * :vytask:`T6205` ``ipoe: error in migration script logic while renaming mac-address to mac`` * :vytask:`T6206` ``L2tp smoketest fails if vyos-configd is running`` * :vytask:`T6207` ``image-tools: restore ability to copy config.boot.default on image install`` * :vytask:`T6213` ``Validations in firewall groups mistakenly reject correct configurations`` * :vytask:`T6216` ``Firewall group names that contain the '+' character break the config`` * :vytask:`T6218` ``Container network interface in VRF fails to generate IPv6 link-local address`` * :vytask:`T6221` ``Enabling VRF breaks connectivity`` * :vytask:`T6222` ``VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters`` * :vytask:`T6241` ``Updating CRL in "pki" config does not update OpenVPN`` * :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory`` * :vytask:`T6250` ``"policy route-map set table" cannot be deleted from the rule`` * :vytask:`T6252` ``GRE tunnels don't allow configuring MTU larger than 8024`` * :vytask:`T6255` ``Static table description should not contain white-space`` * :vytask:`T6263` ``Commit failures when trying to set an IGMP group with source address on an interface`` * :vytask:`T6269` ``Polixy route "set table" option is not working correctly`` * :vytask:`T6272` ``PPPoE configuration does not load after deleting a PPPoE interface from the system`` * :vytask:`T6276` ``Do not call config dependencies on script error`` * :vytask:`T6283` ``Cannot delete as-path prepend from policy when it contains more than one AS`` * :vytask:`T6284` ``IPoE server op mode commands do not show IPv6 addresses`` * :vytask:`T6299` ``Building VyOS (Dockerized) current ISO fails dues to unmet dependencies podman : Depends: libgpgme11t64 (>= 1.4.1) but it is not installable`` * :vytask:`T6305` ``IPoE interface wildcard validation error in firewall rules`` * :vytask:`T6307` ``procps is missing from vyos-1x build dependencies`` * :vytask:`T6317` ``VLAN doesn't work on a bridge with a wireless interface member`` * :vytask:`T6329` ``Firewall - Error while printing groups`` **Other resolved issues** * :vytask:`T4516` ``Rewrite system image manipulation tools in Python`` * :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options`` * :vytask:`T6146` ``Add python script to get all priorities of service or section from XML`` * :vytask:`T6159` ``"show openvpn server" prints a superfluous "OpenVPN status on vtunx" message for every client connection`` * :vytask:`T6180` ``Add application of mask to configtree`` * :vytask:`T6185` ``Simplify marshalling of section and config data for config-sync`` * :vytask:`T6187` ``Use correct CPU counts adjusted for SMT when necessary`` * :vytask:`T6195` ``dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1`` * :vytask:`T6198` ``configverify: add common helper for PKI certificate validation`` * :vytask:`T6203` ``Remove references to the obsolete vyos.xml module (superseded by vyos.xml_ref)`` * :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"`` * :vytask:`T6234` ``PPPoE-server pado-delay refactoring`` * :vytask:`T6245` ``Unhandled exception in "show openvpn server"`` * :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta`` * :vytask:`T6327` ``Drop boot console type ttyUSB (USB serial)`` * :vytask:`T6330` ``release.pref.chroot indentation broken`` 1.4.0-epa2 (15th March 2024) ============================ **Configuration syntax changes (automatically migrated)** * :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping`` **New features and improvements** * :vytask:`T4977` ``Babel routing protocol support`` * :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP`` * :vytask:`T5530` ``Add LFA to IS-IS`` * :vytask:`T5631` ``Ability to export the current configuration in JSON format`` * :vytask:`T5717` ``ospfv3 - add allow to set metric-type to ospf redistribution while frr docs says its possible.`` * :vytask:`T5772` ``Require HTTPS API server configurations to include at least one key if key-based auth is used`` * :vytask:`T5781` ``Add ability to add additional minisign keys`` * :vytask:`T6057` ``Add ability to disable syslog for conntrackd`` * :vytask:`T6060` ``op-mode: container: support removing all container images at once`` * :vytask:`T6087` ``ospfv3: add support to redistribute IS-IS routes`` **Bug fixes** * :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work`` * :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service`` * :vytask:`T5121` ``Incorrect "architecture" config loaded`` * :vytask:`T5646` ``QoS policy limiter broken if class without match`` * :vytask:`T5909` ``Container registry with authentication prevents config load (section container) after reboot`` * :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading`` * :vytask:`T6020` ``VRRP health-check script is not applied correctly in keepalived.conf`` * :vytask:`T6054` ``load-balancing wan - doesn't configure a list of ports`` * :vytask:`T6055` ``PKI error: "failed to install x value" when executed the command from conf mode`` * :vytask:`T6061` ``connection-status nat destination firewall filter not working in 1.4.0-epa1`` * :vytask:`T6069` ``HTTP API segfault during concurrent configuration requests`` * :vytask:`T6070` ``bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading`` * :vytask:`T6073` ``Conntrack/NAT not being disabled when VRFs are defined`` * :vytask:`T6074` ``container: do not allow deleting images which have a container running`` * :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping`` * :vytask:`T6081` ``QoS policy shaper target and interval wrong calcuations`` * :vytask:`T6084` ``OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration`` * :vytask:`T6086` ``NAT does not work with network-groups`` * :vytask:`T6093` ``Incorrect dhcp-options vendor-class-id regex`` * :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router`` * :vytask:`T6098` ``Description doesnt seem to allow for non international characters`` * :vytask:`T6104` ``Regression in commit-archive for non-interactive configuration`` * :vytask:`T6107` ``Nginx does not allow big config queries for configure endpoint API`` * :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure`` **Other resolved issues** * :vytask:`T2199` ``Rewrite firewall in new XML/Python style`` * :vytask:`T5738` ``Extend XML building blocks`` * :vytask:`T5870` ``ipsec remote access VPN: add x509 ("pubkey") authentication`` * :vytask:`T5959` ``Streamline dns forwarding service`` * :vytask:`T6071` ``firewall: CLI description limit of 256 characters cause config upgrade issues`` * :vytask:`T6075` ``Applying firewall rules with a non-existent interface group`` * :vytask:`T6077` ``banner: implement ASCII contest winner default logo`` * :vytask:`T6083` ``ethtool: move string parsing to JSON parsing`` * :vytask:`T6095` ``Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"`` * :vytask:`T6214` ``Error when using some constraints`` 1.4.0-epa1 (22th February 2024) =============================== **Security** * :vytask:`T4915` ``Minisign verification failure == pass??`` **Breaking changes** * :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs`` **Configuration syntax changes (automatically migrated)** * :vytask:`T1991` ``Rework time services`` * :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest`` **New features and improvements** * :vytask:`T160` ``Support NAT64`` * :vytask:`T1991` ``Rework time services`` * :vytask:`T4221` ``Add a template filter for converting scalars to single-item lists`` * :vytask:`T4883` ``Add a description field for routing tables`` * :vytask:`T4940` ``Interface debugging`` * :vytask:`T5122` ``Move "archive-areas" to defaults.toml to support "non-free-firmware" repository`` * :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools`` * :vytask:`T5449` ``Add options for TCP MSS probing`` * :vytask:`T5497` ``Add ability to resequence rule numbers for firewall`` * :vytask:`T5615` ``Narrow down spurious name conflict with mdns`` * :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest`` * :vytask:`T5965` ``WWAN modems using raw-ip do not work with dhclient/dhcp6c`` * :vytask:`T5972` ``login: add possibility to disable individual local user accounts`` **Bug fixes** * :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping`` * :vytask:`T2700` ``Redirecting traffic from PPPoE interface to IFB fails`` * :vytask:`T2801` ``conntrack-tools flooding logs`` * :vytask:`T3681` ``The VMware Tools resume script did not run successfully in this virtual machine.`` * :vytask:`T3774` ``atop logs are not limited in size`` * :vytask:`T3902` ``Firewall does not load on boot, address-group not found, even though it exists`` * :vytask:`T4796` ``build-vyos-image ignores multiple options`` * :vytask:`T5239` ``Host name and domain name missing from the FRR configuration`` * :vytask:`T5245` ``Wireless interfaces do not get IPv6 link-local address assigned`` * :vytask:`T5376` ``Conntrack FTP helper does not work properly`` * :vytask:`T5890` ``OTP key generation is broken`` * :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed`` * :vytask:`T5977` ``nftables: Operation not supported when using match-ipsec in outbound firewall`` * :vytask:`T6005` ``Error on adding a wireguard interface to OSPFv3`` * :vytask:`T6043` ``VxLAN and bridge error bug`` * :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart`` * :vytask:`T6064` ``Can not build VyOS if repository it not cloned to a branch`` **Other resolved issues** * :vytask:`T671` ``Identify and remove dead code`` * :vytask:`T874` ``Support for Two Factor Authentication for CLI access via Google Authenticator/OTP`` * :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled`` * :vytask:`T1436` ``Config entries with default values do not correctly show as changed`` * :vytask:`T1487` ``DNS (pdns_recursor) stats logs not saved to disk`` * :vytask:`T2433` ``Improve CLI value validator performance`` * :vytask:`T3337` ``Add possibility to serve static DNS zones from the router`` * :vytask:`T3471` ``DHCP hook is not able to detect all running DHCP instances`` * :vytask:`T3474` ``Revisit storing syntax version of interface definitions in XML file`` * :vytask:`T3522` ``policy based routing not working`` * :vytask:`T3574` ``Add constraintGroup for combining validators with logical AND`` * :vytask:`T3642` ``PKI configuration`` * :vytask:`T3722` ``op-mode IPSec show vpn ike sa always shows L-TIME 0`` * :vytask:`T3766` ``containers: Expanding options for networking and building containers`` * :vytask:`T4723` ``Error when issuing 'show flow-accounting interface pppoe0'`` * :vytask:`T4761` ``Add a generic URL validator`` * :vytask:`T4795` ``Cleanup custom python validators`` * :vytask:`T4951` ``Add an op mode exception for cases when operations fail due to insufficient system resources`` * :vytask:`T5109` ``Improve OCaml XML validator`` * :vytask:`T5195` ``Break up the vyos.util module`` * :vytask:`T5348` ``Service config-sync can freeze the secondary router if it has commit-archive location`` * :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs`` * :vytask:`T5754` ``Update to StrongSwan 5.9.11`` * :vytask:`T5846` ``Refactor and simplify DUID definition in conf-mode`` * :vytask:`T5903` ``NHRP donĀ“t start on reboot from version 1.5-rolling-202401010026`` * :vytask:`T6001` ``Add option to enable resolve-via-default`` * :vytask:`T6015` ``"journalctl_charon" file does not contain data in the generated "ipsec debug-archive" file`` * :vytask:`T6050` ``Wrong scripting commands descriptions in accel-ppp services`` * :vytask:`T6078` ``Update ethtool to 6.6``